Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

The constitutional power to make war: domestic legal issues raised by Australia's action in Iraq

The legal power to declare war has traditionally been a part of a prerogative to be exercised solely on advice that passed from the King to the Governor-General no later than 1942. In 2003, the Governor- General was not involved in the decision by the Prime Minister and Cabinet to commit Australian troops to the invasion of Iraq. The authors explore the alternative legal means by which Australia can go to war - means the government in fact used in 2003 - and the constitutional basis of those means. While the prerogative power can be regulated and/or devolved by legislation, and just possibly by practice, there does not seem to be a sound legal basis to assert that the power has been devolved to any other person. It appears that in 2003 the Defence Minister used his legal powers under the Defence Act 1903 (Cth) (as amended in 1975) to give instructions to the service head(s). A powerful argument could be made that the relevant sections of the Defence Act were not intended to be used for the decision to go to war, and that such instructions are for peacetime or in bello decisions. If so, the power to make war remains within the prerogative to be exercised on advice. Interviews with the then Governor-General indicate that Prime Minister Howard had planned to take the matter to the Federal Executive Council 'for noting', but did not do so after the Governor-General sought the views of the then Attorney-General about relevant issues of international law. The exchange raises many issues, but those of interest concern the kinds of questions the Governor-General could and should ask about proposed international action and whether they in any way mirror the assurances that are uncontroversially required for domestic action. In 2003, the Governor-General's scrutiny was the only independent scrutiny available because the legality of the decision to go to war was not a matter that could be determined in the High Court, and the federal government had taken action in March 2002 that effectively prevented the matter coming before the International Court of Justice

Student perceptions of the quality of property education in Australia : 1994 – 2009

Using the Graduate Careers Australia’s Course Experience Questionnaire (CEQ), the students’ perceptions of the quality of property education in Australia is assessed over 1994-2009. Analyses are presented for the major property universities in Australia regarding good teaching and overall satisfaction, as well as the property discipline benchmarked against the property-related disciplines of accounting, building, business, economics, law and planning. The link between good teaching and overall satisfaction, and the delivery of added value by property programs are also assessed. Changes over this 16-year period are highlighted in terms of student perceptions of the quality of property education in Australia.

Faculty and employee ownership of inventions in Australia

A recent decision by the Australian High Court means that, unless faculty are bound by an assignment or intellectual property (IP) policy, they may own inventions resulting from their research. Thirty years after its introduction, the US Bayh-Dole Act, which vests ownership of employee inventions in the employer university or research organization, has become a model for commercialization around the world. In Australia, despite recommendations that a Bayh-Dole style regime be adopted, the recent decision in University of Western Australia (UWA) v Gray1 has moved the default legal position in a diametrically opposite direction. A key focus of the debate was whether faculty’s duty to carry out research also encompasses a duty to invent. Late last year, the Full Federal Court confirmed a lower court ruling that it does not, and this year the High Court refused leave to appeal (denied certiorari). Thus, Gray stands as Australia’s most faculty-friendly authority to date.

CC & Government Guide: Using Creative Commons 3.0 Australia Licences on Government Copyright Materials

This guide explains how copyright law applies to Australian government material, how copyright can be managed to facilitate beneficial open access practices by government, how CC licenses can be used to achieve open access to government material, and provides practical step-by-step guidance for agencies and their officers on licensing and use of government copyright materials under CC 3.0 Australia licences.

Notification of data breaches under the continuous disclosure regime

Consumer personal information is now a valuable commodity for most corporations. Concomitant with increased value is the expansion of new legal obligations to protect personal information. Mandatory data breach notification laws are an important new development in this regard. Such laws require a corporation that has suffered a data breach, which involves personal information, such as a computer hacking incident, to notify those persons who may have been affected by the breach. Regulators may also need to be notified. Australia currently does not have a mandatory data breach notification law but this may be about to change. The Australian Law Reform Commission has suggested that a data breach notification scheme be implemented through the Privacy Act 1988 (Cth). However, the notification of data breaches may already be required under the continuous disclosure regime stipulated by the Corporations Act 2001 (Cth) and the Australian Stock Exchange (ASX) Listing Rules. Accordingly, this article examines whether the notification of data breaches is a statutory requirement of the existing continuous disclosure regime and whether the ASX should therefore be notified of such incidents.

Toothless tiger, sleeping dragon : implied freedoms, internet filters and the growing culture of internet censorship in Australia

The internet by its very nature challenges an individual’s notions of propriety, moral acuity and social correctness. A tension will always exist between the censorship of obscene and sensitive information and the freedom to publish and/or access such information. Freedom of expression and communication on the internet is not a static concept: ‘Its continual regeneration is the product of particular combinations of political, legal, cultural and philosophical conditions’.

Charity law reforms : overview of progress since 2001

In the UK, Singapore, Canada, New Zealand and Australia, as in many other jurisdictions, charity law is rooted in the common law and anchored on the Statute of Charitable Uses 1601. The Pemsel classification of charitable purposes was uniformly accepted, and together with a shared and growing pool of judicial precedents, aided by the ‘spirit and intendment’ rule, has subsequently allowed the law to develop along much the same lines. In recent years, all the above jurisdictions have embarked on law reform processes designed to strengthen regulatory processes and to statutorily define and encode common law concepts. The reform outcomes are now to be found in a batch of national charity statutes which reflect interesting differences in the extent to which their respective governments have been prepared to balance the modernising of charitable purposes and other common law concepts alongside the customary concern to tighten the regulatory framework.

Law autonomy and advance directives

The principle of autonomy underpins legal regulation of advance directives that refuse life-sustaining medical treatment. The primacy of autonomy in this domain is recognised expressly in the case law, through judicial pronouncement, and implicitly in most Australian jurisdictions, through enactment into statute of the right to make an advance directive. This article seeks to justify autonomy as an appropriate principle for regulating advance directives and relies on three arguments: the necessity of autonomy in a liberal democracy; the primacy of autonomy in medical ethics discourse; and the uncontested importance of autonomy in the law on contemporaneous refusal of medical treatment. This article also responds to key criticisms that autonomy is not an appropriate organising principle to underpin legal regulation of advance directives.

Carbon capture and storage laws in Australia : project facilitation or a precautionary approach?

Carbon capture and storage (CCS) is considered to be an integral transitionary measure in the mitigation of the global greenhouse gas emissions from our continued use of fossil fuels. Regulatory frameworks have been developed around the world and pilot projects have been commenced. However, CCS processes are largely untested at commercial scales and there are many unknowns associated with the long terms risks from these storage projects. Governments, including Australia, are struggling to develop appropriate, yet commercially viable, regulatory approaches to manage the uncertain long term risks of CCS activities. There have been numerous CCS regimes passed at the Federal, State and Territory levels in Australia. All adopt a different approach to the delicate balance facilitating projects and managing risk. This paper will examine the relatively new onshore and offshore regimes for CCS in Australia and the legal issues arising in relation to the implementation of CCS projects. Comparisons will be made with the EU CCS Directive where appropriate.

Peer-to-Patent Australia: First Anniversary Report, December 2010

Peer-to-Patent Australia will initially run as a 12 month pilot project designed to test whether an open community of reviewers can effectively locate prior art that might not otherwise be located by the patent office during a typical examination. Patent applications will be made available for peer review for a period of 6 months and there will follow a 6 month period of joint qualitative and quantitative assessment of the pilot project by IP Australia and QUT. The objective of Peer-to-Patent Australia is to improve the patent examination process and the quality of issued patents by utilising the knowledge and skills of experts in the broader community. It is a way of linking the scientific and technical expertise of anyone with an Internet connection with the expertise of a patent examiner. That community participation consists of members of the public reviewing patent applications and contributing relevant prior art references and comments within a web-based forum. The aim is to bring to light prior art, particularly non-patent prior art, that might otherwise not be identified by patent examiners. The better the prior art resources a patent examiner has at his or her disposal, the more likely a patent application will be assessed properly in terms of novelty and inventive step. The role of Peer-to-Patent Australia in this regard is to act as both a facilitator of discussion and a collector of prior art submissions. Peer-to-Patent Australia collects relevant prior art references on behalf of the reviewing community and forwards that prior art to IP Australia. Section 27 of the Patents Act 1990 (Cth) allows for the Commissioner of Patents to receive submissions of prior art by third parties relevant to the novelty and inventiveness of a particular patent application.

Review of 'Laying Down the Criminal Law : A Handbook for Youth Workers'

This third edition of Laying down the criminal law: A handbook for youth workers is essential to understanding young people’s experiences with criminal justice in Queensland. The text comprises detailed scenarios of situations where a young person would have contact with the system, and young people ‘in trouble’ (for example, being excluded from school). The text discusses how workers support the young person in talking to police, going to court, or being a victim of crime. One scenario notes how a youth worker responds to 15 year old Stephen staying at a youth shelter after leaving home and having contact with police. Scenarios are supplemented with information about confidentiality and negligence, and how workers consider these concepts supporting young people...