Since our last report the ACS has attempted with some success to increase membership by leveraging its recent election to the Australian Council of Professions. Allied with this has been a concerted effort to improve the Society’s position in regard to influencing government policy and more effort is being spent in this area as the next Australian Federal Government election approaches.

The Australian Computer Society for many years has worked to encourage more people to undertake IT studies and to make IT studies more accessible to those who currently have limited options when it comes to pursuing a tertiary degree, either because of financial constraints or because they may be disadvantaged in some way. In support of this goal the ACS has established the ACS Foundation to provide funding both for scholarships and research in the field of IT, increasing the opportunities available to students and researchers.

The Society has continued its concerted efforts to establish strategic alliances with other professional bodies and in 2001 the leading representative bodies in the Australian information industry have come together in an unprecedented manner to form the Information Communications and Telecommunications (ICT) Alliance. The purpose of this informal alliance is to ensure the industry and its people play a key role in shaping national information policy. The organisations represented in the alliance include:

Asia Pacific Smart Card Forum
Australian Computer Society
Australian Electrical and Electronic Manufacturers' Association Ltd
Australian Information Industry Association
Australian Interactive Multimedia Industry Association
Australian Telecommunications User Group
Internet Industry Association
Internet Society of Australia
Service Providers Industry Association
Software Engineering Australia

The Society continues to be forthright in expressing the opinions of its members on IT matters to the general community and the ACS fortnightly ACS column in the information technology section of the major national newspaper frequently is referred to by industry and government leaders.

The ACS continues to promote the International Computer Driving Licence (ICDL) in Australia and is confident of its eventual success, though the start up phase is expensive and reasonably prolonged. Recently, several government bodies have adopted the ICDL for their staff. Noteably, in response to the NSW ICT Skills Action Plan, the NSW Board of Vocational Education and Training (BVET) has established the Basic Information Technology Skills Development (BITSD) Program. The Program’s focus is on the delivery of training and assessment of competencies which support the acquisition of the ICDL. BVET has allocated $6.5 million to the BITSD Program over the next twelve months and particular priority is being given to the mature-aged, long-term unemployed, people from regional and remote areas and other equity groups within the general community.

The ACS Management Committee consists of :

Mr John Ridge , President [and IFIP representative]< jridge@acslink.net.au>
Mr Peter Kalkman Vice President < kalkman@acslink.net.au>
Mr Philip Argy Vice President <philip.argy@msj.com.au>
Mr Prins Ralston, Immediate Past President < prins@ebmconsult.com.au>
Mr Glen Heinrich, National Treasurer < glenh@acslink.net.au>

Mr Dennis Furini < dennis.furini@acs.org.au > is the ACS Executive Director.

TC3

Australia's TC3 representative, Associate Professor Anne McDougall, is the Secretary of TC3 and attends all meetings. Anne is also Deputy Director of the ACS Community Affairs Board, Chair of the ACS National Computer Education Committee, and the ACS representative on the Australian Council for Computers in Education. A major focus of activity during the last year has been WCCE2001 in Copenhagen. The number of attendees from Australia (89, many of whom presented papers) was second only to that from Denmark. The ACS provided a travel grant of $200 to each presenter at the conference, and is supporting the publication of a collection of topic papers not included in the post-conference book. Australian members are making significant contributions to the work of almost all of the Working Groups of TC3.

The TC8 representative Professor Bernard Glasson convened and chaired a half-day workshop in Bled Slovenia in June 2000, which led to the TC8 Working Conference on Electronic Commerce Saltzberg, Austria in June 2001. The working conference in turn led to the establishment of a new working group within IFIP on Electronic Commerce. Australian Professor Steve Elliot of Newcastle University is the foundation working group chair. The TC8 representative Co-chaired the 21^st International Conference on Information Systems (ICIS) with Professor Ron Weber of Queensland University. ICIS was held in Brisbane in December 2000. This was the first time the conference had been held in the Southern Hemisphere and it drew some 700 delegates. The ACS sponsored ACIS conference was held immediately prior to ICIS, as was a one-day TC8 WG 8.2 conference workshop. The TC8 representative attended both meetings. He also attended and chaired the IFIP TC8 AGM in Hong Kong and the IFIP General Assembly meeting in August 2000, and the IFIP Council meeting in Italy in March 2001, and the TC8 AGM in Austria June 2001. The 2001 AGM approved an IFIP WG 8.6 conference on Technology Diffusion for Sydney in August 2002.

The TC9 position is vacant at present, though Assoc Prof J Weckert did act as the ACS representative at the recent TC9 meeting. It is expected that the TC9 vacancy will be filled commencing January 2002.

Prof Vijay Varadharajan is the TC11 representative. His report follows:

1. Some of the important developments that have taken place in Australia in security and privacy in 2000/2001 are outlined below.

(a) Privacy Amendment Act 2000

The Privacy Amendment Act 2000 will come into effect on 21 Dec 2001 in Australia. This establishes minimum standards for the protection and handling of personal information in the private sector. It will apply in both the conventional and electronic environments.

It will require website operators that collect personal information online to take reasonable steps to ensure that Internet users know who is collecting their information and how it is used, stored and disclosed. It will allow people to access their records and to correct those records if they are wrong. Organizations will have to protect personal information they hold from unauthorized access and disclosure. The legislation also requires organizations to make public their policy on privacy. This means that in practice websites will have to include a clearly identified privacy statement. The legislation lays down benchmarks but private sector organizations can adopt higher standards. For more information see http://law.gov.au/privacy/newfacts/electronic.htm

(b) Guidelines on Workplace Email, Web Browsing and Privacy

The purpose of these guidelines is to recommend steps that organizations can take to ensure that their staff understand the organization’s position on this issue through the development of clear policies. It is directed to organizations in both public and private sectors.

Some of the technical issues that the staff should be made aware of include the following:

• Most emails are insecure
• Emails are not destroyed when the user deletes them from their email inbox as they are usually backed up and are recoverable
• Most software used to operate networks including web server, mail servers and gateways log transactions and communications

Some of the jurisdiction and legal issues are:

• There is no general constitutional or common law right to privacy in Australia. See the Privacy Amendment to be introduced in Dec. 2001 (above)
• The Information Privacy Principles Section in the Privacy Act apply only to Commonwealth and ACT Government Agencies

Some guidelines are provided to assist organizations to develop polices or improve their existing policies

• Policies should be promulgated to staff and management should ensure that it is known and understood by staff.
• Policy should be explicit as to what activities are permitted and forbidden
• Policy should set out what information is logged and who in the organization has rights to access the logs and content of staff email and browsing activities
• Policy should refer to organization’s computer security policy. Improper use of email may pose a threat to system security, the privacy of staff and others and the legal liability of the organization
• Policy should outline how the organization intends to monitor or audit staff compliance with its rules relating to acceptable usage of email and web browsing
• Policy should be reviewed on a regular basis.

For more detail, refer to http://www.privacy.gov.au/issues/p7.4.html

(c) Internet Gambling

For more detail, refer to http://www.noie.gov.au/projects/consumer/gambling/index.htm

(d) Gatekeeper and Project Angus

The Australian Government has announced that digital signature certificates issued by Australian banks to businesses will be accepted by government agencies.

Gatekeeper is the Commonwealth Governments’ strategy for the issue and management of digital certificates. It incorporates a rigorous accreditation process, which ensures that service providers comply with and maintain appropriate Commonwealth policies and practices. Accreditation criteria include privacy and security, and it ensures interoperability between accredited service providers. To date, the Australian Taxation Office, Baltimore Certificates Australia Pty Ltd, the Health eSignature Authority and eSign Australia have achieved full Gatekeeper accreditation. Currently, some seventeen other organizations are seeking accreditation. The strategy also allows for cross recognition with other accredited digital certificate schemes.

The four major Australian banks have been investigating ways to develop effective electronic trust and payment services in Australia for business e-commerce. The working name for this project is ‘Angus’. The digital certificate schemes being implemented by the banks will exist within the global Identrus electronic trust and payments scheme. Angus will be globally interoperable and will be open to broad participation by financial entities that meet objective criteria. Any financial institution, operating in Australia, that complies with the Identrus terms of eligibility is able to become an Angus member. The Gatekeeper strategy will only cross recognise with the Australian banks’ (Project Angus) component of the Identrus digital certificate scheme.

For more detail, refer to http://www.govonline.gov.au/projects/publickey/abn-dsc-angus.htm

(e) Net Alert

In 1999 Australian Govt. passed legislation concerning illegal and offensive material on the Internet. The legislation has resulted in a number of government and industry initiatives: From 1 January 2000, community members have been able to make complaints to the ABA about online material they think may be illegal; the Internet Industry Association (IIA) has introduced codes of practice for the treatment of online content; and a community advisory body called NetAlert has been set up to engage in education and awareness-raising activities.

NetAlert is a new community advisory body on Internet content recently established by the Australian Government. Our role is an advisory one - we're here to educate parents about the online world, advise young people on safe surfing, and provide a link to the industry. http://www.netalert.net.au

2. Related International Conferences on Information Security

The following Information Security related conferences were held in Australia and in the Asia Pacific region that are of significance to TC-11.

• Australasian Conference on Information Security and Privacy ACISP’2001 will be held at Sydney, Australia, from 11 –13 July 2001. General Chair and Program Co-Chair: Prof.Vijay Varadharajan (vijay@ics.mq.edu.au) (http://www.ics.mq.edu.au/~acisp01)
• International Conference on Information and Communication Security 2001, ICICS’2001, Xian, China. Professor Sihan Qing (qsihan@yahoo.com)
• ISec Security Conference and Exhibition, Darling Harbour, Sydney Australia, August 2001

ACISP2001 had some 80 delegates with over 40 international delegates from US, UK, Singapore, Japan, Europe and China. We had two invited speakers, one from industry (Microsoft Research, USA) and the other from academia (University of Southern California, USA). The conference was very successful.

The TC12 representative Prof John Debenham attended the TC12 meeting in Seattle and was involved in a subsequent meeting which discussed the formation of an International Artificial Intelligence Society.

The Australian TC13 representative, Ms Judy Hammond, is the TC13 Chair, and as such attends and chairs all TC13 meetings, as well as regularly attending Council and General Assembly meetings. This year, has been a very busy year with the staging of the eighth IFIP TC13 INTERACT conference in Tokyo, Japan in July. INTERACT is the TC13 flagship Human-Computer Interaction international conference series that is held biennially in different countries in the world. Five Australians were among those who presented papers selected for this conference. Two Australian Ph.D. students were fortunate to be chosen to attend the Doctoral Consortium that accompanies each INTERACT conference.

Within the ACS, Judy is a Member of the ACS Information Systems Board through her role as TC13 representative. She continues to promote Human-Computer Interaction as an essential part of ACS activities in the new millenium and especially in its new role in the Australian Institute of Professions. This year, she was Guest Editor for the first ever Special Issue on Human-Computer Interaction in the ACS scientific Journal of Research and Practice in Information Technology. This has been well received by academics, researchers and practitioners alike. In the broader Australian HCI community, she continues to assist in the annual OZCHI conference in various ways and so ensure that HCI scientists and practitioners are supported in their work and studies.

Prins Ralston
ACS IFIP Representative