[LINK] Can NPP legally conduct secret pen tests on banks?

Roger Clarke Roger.Clarke at xamax.com.au
Tue Sep 3 10:07:32 AEST 2019

Secret penetration tests, fines for banks under PayID security crackdown
NPP deploys ‘unilateral’ protections to harden network.
Julian Bajkowski
Sep 3 2019

Australian banks and credit unions will have their transactional systems 
secretly penetration tested to arrest deficiencies and stop fraud and 
abuse of institutional infrastructure plugged into to the New Payments 
Platform after two PayID look-up attacks.

[I wonder how this squares up with the computer offences provision in 
s.476 of the what we called (for over a century?) the Crimes Act, but is 
now the Schedule to the Criminal Code Act:
(then search for 476)

[The mixture of incompetence and obstructiveness of the AGD's 
legislative draftsdonkeys is on full display in this area.  Critical law 
isn't in sections of a principal statute, but is buried deep down in a 
Schedule.  And of course it's expressed in the most excruciatingly messy 
structure and text imaginable.]

[Does anyone know whether:
1.  s.476 has the effect of criminalising pen testing?
2.  NPP has a dispensation to ignore it?
3.  consent is a sufficient defence against s.476?

Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list