Adrian McCullagh

On a taxonomy of delegation

Delegation, from a technical point of view, is widely considered as a potential approach in addressing the problem of providing dynamic access control decisions in activities with a high level of collaboration, either within a single security domain or across multiple security domains. Although delegation continues to attract significant attention from the research community, presently, there is no published work that presents a taxonomy of delegation concepts and models. This article intends to address this gap by presenting a set of taxonomic criteria relevant to the concept of delegation. This article also applies the taxonomy to a selection of significant delegation models published in the literature.

Who goes there? internet banking: a matter of risk and reward

There are now more than 7 million internet banking users in Australia. Despite this substantial uptake in Australia, Australian banks continue to concentrate their respective security efforts upon internal mechanisms. Education of bank customers has not for the most part solved the fundamental flaws existent in internet banking. It is widely accepted that the weakest link in internet banking facilities is not with the banks’ internal mechanisms but with customer PC. This paper analyses the research opportunities available to improve internet banking in Australia, which research could be exported to other jurisdictions where internet banking is available.

A Comparative Analysis of the Extent of Money Laundering in Australia, UAE, UK and the USA

The IMF has estimated that the extent of money laundering globally is between 2 to 5 percent of the world’s gross domestic product. This figure is larger than the GDP of all but a handful of countries and represents correspondingly huge risks to global financial stability and to the financial well-being and stability of many countries. This paper provides a comparative analysis of the extent of Money Laundering over the last decade across four countries which represent a spectrum of economic development and culture: Australia, the UAE, the UK and the USA. We do so with a view to understanding their anti-money laundering systems and their recent efforts to improve the effectiveness of those systems. In the case of the UAE, we examine also the cultural influences which differentiate it from the other three countries and which have necessarily been a factor in shaping those efforts and their current system. Money laundering and related statistics including the number of Suspicious Activity Reports (SARs) received from 1999 to 2008 are analyzed. The paper consolidates and analyses information made available by the government websites of these countries and information made available through other sources, both academic and non-academic. It is clear that international efforts to combat money laundering have achieved considerable success over the decade. It is also clear that there is more to be done, by policy makers, by regulators, and by evaluators, and in particular that success in combating money laundering globally must more precisely address cultural and historical differences amongst the international community.

Designing Copyright TPM : A Mutant Digital Copyright

In recent times, copyright law globally has undergone radical changes to take account of the advancement of technology. This paper will argue that in Australia some of the legislative changes regarding technological protection measures (‘TPM’) have a number of unintended consequences. It will be argued that the legislators have over stepped the mark by creating a sui generis protection in favour of copyright owners, which can best be described as a mutant digital copyright.

Strengthening SMS-Based Authentication through Usability

Current state-of-the art solutions for online banking authentication and identity management include methods for re-authenticating users via out-of-band channels for each transaction. SMS-based schemes belong to this category, and can provide strong authentication to protect against security attacks. Poor usability of these schemes is still a problem, which makes them vulnerable to other obvious attacks. This paper describes a method for improving the usability of typical SMS-based authentication schemes which thereby will improve their overall security.

Money Laundering and FATF Compliance by the International Community

This paper examines the anti-money laundering systems of Australia, the United Arab Emirates (UAE), the United Kingdom (UK) and the United States of America (USA), the extent to which they have implemented the Financial Action Task Force (FATF) recommendations, and how compliance with these recommendations is affected by local cultural and economic factors. The paper makes use of FATF evaluation reports to compare the countries’ compliance; it examines some of the underlying cultural considerations and culture-specific ethical issues that affect the extent of compliance, and how cultural and ethical considerations may affect good governance. The findings indicate that the UK and the USA are the most advanced with regards to their compliance with the FATF recommendations and Australia and the UAE less so. The UAE is in particular found to be least compliant. We relate this finding to previous work on how a country’s legal and financial systems develop in line with its religion, culture and socio-economic situation, and examine how such local factors have affected the UAE’s financial and anti-money laundering and combating the financing of terrorism (AML/CFT) systems. This research will be of interest to policy-makers and government agencies involved in addressing money laundering and its successful detection and prosecution.

Management Responsibility in Protecting Information Assets: An Australian Perspective

Information is a vital and valuable asset of all modern businesses. The law has treated information, in most common law jurisdictions, as not being property. Consequently, it is not possible at common law to steal information. In Australia, the Federal Government has recently brought into force a suite of legislation that has the purpose of deterring hackers who unlawfully try to gain access to a computers located in Australia. Further there have been a number of recent judicial determinations that now impose a positive duty upon management (Directors and Officers of a corporation) to implement reasonable steps to prevent a crime from being effected against the corporation. This positive duty includes the protection of information assets of the corporation from hacker attacks and loss of information and its value. Hence computer security is now a board issue in Australia and not just an IT issue.