Contemporary consumer law : the role and effectiveness of regulation in consumer protection

This issue of the Griffith Law Review focuses on consumer law, and the pervasive nature of this area of law. We are all consumers, but do not necessarily identify as such, nor are we a homogeneous group. The boundaries of

Secure communication protocol for preserving E-tendering integrity.

This paper presents a secure communication protocol which can be used as the framework for an e-tendering scheme. This protocol is focused on securing the integrity of tendering documents and ensuring that a secure record of document generation is kept. Our protocol provides a mechanism to manage e-tendering contract evidence as a legal record in a unique and effective manner. It is the starting point of reliable record keeping. To a certain extent, it also addresses existing security problems in the traditional tendering processes.

Faster group operations on elliptic curves

This paper improves implementation techniques of Elliptic Curve Cryptography. We introduce new formulae and algorithms for the group law on Jacobi quartic, Jacobi intersection, Edwards, and Hessian curves. The proposed formulae and algorithms can save time in suitable point representations. To support our claims, a cost comparison is made with classic scalar multiplication algorithms using previous and current operation counts. Most notably, the best speeds are obtained from Jacobi quartic curves which provide the fastest timings for most scalar multiplication strategies benefiting from the proposed 12M + 5S + 1D point doubling and 7M + 3S + 1D point addition algorithms. Furthermore, the new addition algorithm provides an efficient way to protect against side channel attacks which are based on simple power analysis (SPA). Keywords: Efficient elliptic curve arithmetic,unified addition, side channel attack.

Security metrics for object-oriented class designs

Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.

Termination of a minor’s pregnancy : critical issues for consent and the criminal law

The recent Supreme Court decision of Queensland v B [2008] 2 Qd R 562 has significant implications for the law that governs consent and abortions. The judgment purports to extend the ratio of Secretary, Department of Health and Community Services (NT) v JWB and SMB (1991) 175 CLR 218 (Marion’s Case) and impose a requirement of court approval for terminations of pregnancy for minors who are not Gillick-competent. This article argues against the imposition of this requirement on the ground that such an approach is an unjustifiable extension of the reasoning in Marion’s Case. The decision, which is the first judicial consideration in Queensland of the position of medical terminations, also reveals systemic problems with the criminal law in that State. In concluding that the traditional legal excuse for abortions will not apply to those which are performed medically, Queensland v B provides further support for calls to reform this area of law.

Privacy and security in open and trusted health information systems

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector’s privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products.

Legal Issues Relating to the Notification of Australian Data Breaches

Advances in information and communications technologies during the last two decades have allowed organisations to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other international jurisdictions. Following the Australian Law Reform Commission’s review of privacy, data breach notification will soon be addressed in Australia. This article provides a review of US and Australian legal initiatives regarding the notification of data breaches. The authors highlight areas of concern based on the extant US literature that require specific consideration in Australia regarding the development of an Australian legal framework for the notification of data breaches.

Power law distributions in pattern dynamics of attacker-defender dyads in the team sport of Rugby Union : phenomena in a region of self-organized criticality?

In the region of self-organized criticality (SOC) interdependency between multi-agent system components exists and slight changes in near-neighbor interactions can break the balance of equally poised options leading to transitions in system order. In this region, frequency of events of differing magnitudes exhibits a power law distribution. The aim of this paper was to investigate whether a power law distribution characterized attacker-defender interactions in team sports. For this purpose we observed attacker and defender in a dyadic sub-phase of rugby union near the try line. Videogrammetry was used to capture players’ motion over time as player locations were digitized. Power laws were calculated for the rate of change of players’ relative position. Data revealed that three emergent patterns from dyadic system interactions (i.e., try; unsuccessful tackle; effective tackle) displayed a power law distribution. Results suggested that pattern forming dynamics dyads in rugby union exhibited SOC. It was concluded that rugby union dyads evolve in SOC regions suggesting that players’ decisions and actions are governed by local interactions rules.

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

Information security culture : a behaviour compliance conceptual framework

Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.

The susceptibility of digital signatures to fraud in the National Electronic Conveyancing System : an analysis

Public key cryptography, and with it,the ability to compute digital signatures, have made it possible for electronic commerce to flourish. It is thus unsurprising that the proposed Australian NECS will also utilise digital signatures in its system so as to provide a fully automated process from the creation of electronic land title instrument to the digital signing, and electronic lodgment of these instruments. This necessitates an analysis of the fraud risks raised by the usage of digital signatures because a compromise of the integrity of digital signatures will lead to a compromise of the Torrens system itself. This article will show that digital signatures may in fact offer greater security against fraud than handwritten signatures; but to achieve this, digital signatures require an infrastructure whereby each component is properly implemented and managed.

Evidence-based decision making to strengthen local governance : nutritional health interventions in Bantul and Gunungkidul

Since 2001, district governments have had the main responsibility for providing public health care in Indonesia. One of the main public health challenges facing many district governments is improving nutritional standards, particularly among poorer segments of the population. Developing effective policies and strategies for improving nutrition requires a multi-sectoral approach encompassing agricultural development policy, access to markets, food security (storage) programs, provision of public health facilities, and promotion of public awareness of nutritional health. This implies a strong need for a coordinated approach involving multiple government agencies at the district level. Due to diverse economic, agricultural, and infrastructure conditions across the country, district governments’ ought to be better placed than central government both to identify areas of greatest need for public nutrition interventions, and devise policies that reflect local characteristics. However, in the two districts observed in this study—Bantul and Gunungkidul—it was clear that local government capacity to generate, obtain and integrate evidence about local conditions into the policy-making process was still limited. In both districts, decision-makers tended to rely more on intuition,anecdote, and precedent in formulating policy. The potential for evidence-based decision making was also severely constrained by a lack of coordination and communication between agencies, and current arrangements related to central government fiscal transfers, which compel local governments to allocate funding to centrally determined programs and priorities.

Evidence based decision making to strenghten local governance : nutritional health interventions

Since 2001, district governments have had the main responsibility for providing public health care in Indonesia. One of the main public health challenges facing many district governments is improving nutritional standards, particularly among poorer segments of the population. Developing effective policies and strategies for improving nutrition requires a multi-sectoral approach encompassing agricultural development policy, access to markets, food security (storage) programs, provision of public health facilities, and promotion of public awareness of nutritional health. This implies a strong need for a coordinated approach involving multiple government agencies at the district level. Due to diverse economic, agricultural,and infrastructure conditions across the country, district governments’ ought to be better placed than central government both to identify areas of greatest need for public nutrition interventions, and devise policies that reflect local characteristics. However, in the two districts observed in this study—Bantul and Gunungkidul—it was clear that local government capacity to generate, obtain and integrate evidence about local conditions into the policy-making process was still limited. In both districts, decision-makers tended to rely more on intuition,anecdote, and precedent in formulating policy. The potential for evidence-based decision making was also severely constrained by a lack of coordination and communication between agencies, and current arrangements related to central government fiscal transfers, which compel local governments to allocate funding to centrally determined programs and priorities.