Spies Like Us – ASIC glitch adds to CommBank and cabinet leaks

Illo by Michael Mucci

‘Tis the season of glitches. Spellbound, we have witnessed the unfolding of the magnificent saga of the filing-cabinet glitch,  a glitch which followed the glitch of the millennium, the Commonwealth Bank’s mega-glitch. But let us not forget the glitch in the corporate regulator’s computer system, a lovely little glitch which has allowed intruders to spy on investigative journalists (such as yours truly) going about their corporate searches.

It must be said that this Australian Securities & Investments Commission’s (ASIC) glitch is by no means in the same league as the Commonwealth Bank, a super-glitch which gave rise to 53,700 breaches of Australia’s money-laundering and terrorist-financing laws.

Nor can ASIC boast that its spy glitch has quite the élan, the je ne sais quoi if you likeof last week’s cabinet files imbroglio where thousands of top secret documents found their way to the ABC because a mysterious unnamed person had put a government filing cabinet up for sale in a second-hand furniture store in Canberra.

Yet it is a nice glitch nonetheless, a glitch with all the quaint hallmarks of ASIC at its best; a spot of butt-covering and the laying of the foundations for appearing to do something while actually doing nothing.

It should be put in perspective. When you consider that whistleblowers and journalists may be plonked in jail for 20 years thanks to the passage of the government’s National Security Legislation Amendment (Espionage and Foreign Interference) Bill 2017 for doing their jobs, perhaps journalists ought to adopt the “glass half full” approach and take comfort in knowing there may be somebody looking over their shoulder while they are doing their company searches on the ASIC database.

In fairness, we declare a personal interest. This website spends a lot of time and money scouring this database – the world’s most expensive corporate database – often investigating multinational tax dodgers; and it is quite likely that this very writer has been spied on during this very security breach. We have not asked ASIC because it is London-to-a-brick that they would strive valiantly to protect the confidentiality of the people who broke into their system.

Much in the same vein as they spent an entire decade and untold resources stonewalling a Freedom of Information Request, an FOI in the public interest but an FOI which would have made a bank look bad, a bank which ASIC should have been investigating rather than protecting. Check out the epic story here.

ASIC’s death by a thousand cuts

Further, we should declare that, in two decades of dealing with ASIC, we have said some horrible things about them, fully deserved and mostly facetious but horrible nonetheless. And they in turn once set up a webpage campaign called Counterpunch – “ASIC responds to wayward journalism”. The three founding members of this exclusive club,  The Wayward Journalists, were myself, Thomson Reuters gun reporter Nathan Lynch and Fairfax’s renowned Adele Ferguson.

Naturally, we were overjoyed to have been conferred with this deep honour of the ASIC Counterpunch. It was an ennobling of sorts, until they expanded the membership of Wayward Journalists to include any old riff-raff who wrote a critical story. It ended up like the Qantas Lounge – they just let anybody in to our club.

So here is how it all unfolded. Last Tuesday, ABC News reported a glitch on ASIC’s website that resulted in the search histories of at least 770 individuals being accessed by third parties. Apparently, the document searches of investigative journalists were in high demand.

Worse than the breach of privacy however is the shocking fact that the documents purchased by investigative journalists had become freely available to the persons impersonating them on ASIC’s website and spying on their searches.

This is particularly galling as we did an investigation of ASIC’s corporate search fees and found they were probably the highest in the world (ASIC is a cash cow for Canberra, tipping huge dividends into the Federal coffers every year).

We use the word “probably” because information about fees in the African nation of Chad were not available, and in Thailand – where the political landscape remains in turmoil in the wake of two army coups – the military junta is battling land-rights campaigners by shutting down access to corporate information.

Moreover, detail about access to public information in the absolute monarchies of Brunei and Swaziland was not available either. Same deal for the single party states of Cuba and Laos. So, it may be that the fees for accessing information in these counties are higher than Australia; but the information is simply not available.

In any case, lest one digress, the glitch and its ramifications were recently raised in a parliamentary inquiry. ASIC executive, John Price, reportedly said, “We do not view this as being okay”.

It is comforting that John doesn’t think this is okay. No doubt John has the email addresses of the interlopers and can pursue them if he choses.

This would run counter to ASIC culture however, a culture which protects the Big End of Town and sees journalists as the enemy, or at best as fodder for manipulation. That does not mean the corporate regulator is incapable of fast and decisive action. When it comes to acting on the instructions of insolvency mates chasing favours – see this “Dear Team” email – they kick into gear like Delta Force One.

More fuel for the ASIC fire

ASIC’s “not okay” view about its website glitch appears to have crystallised late in the piece, around the time there was a prospect of it becoming generally known and discussed in parliament.

Apparently, ASIC was made aware of the glitch in August 2017 but did not take a complaint from a member of the public at that time seriously. On October 9, 2017, an anonymous industry figure brought the glitch to ASIC’s attention for a second time and used crayons to assist the regulators in understanding how the glitch could be exploited for insider trading.

On November 9, 2017, the glitch was silently shut down by ASIC. The occurred on the same day that the Australian edition of The Guardian published an expose about the privacy breach.

Then, late last month, ASIC finally got around to letting the rest of us know that we may have been spied on when using its website to purchase documents.

Attention also turned to whether the ASIC website glitch has facilitated insider trading. The Parliament and the Australian Government Solicitors Office are taking a keen interest. It is a fair question given the importance of integrity in Australian markets.

ABC reported Associate Professor Juliette Overland, an expert in insider trading at Sydney University, saying: “I would suspect there would be some level of awkwardness in ASIC wanting to bring proceedings against a company or person for insider trading based on information that could only be accessed due to its own glitch.”

Don’t count it out, Professor. If you can lose your star expert witness in a court case, the sky is the limit.

Where’s Woolley? Star witness for the Crown is hard to find

There have been the usual soothing statements such as: “ASIC is reviewing this incident to identify any affected persons. To the extent ASIC is able to identify affected persons ASIC will contact those persons. The Office of the Australian Information Commissioner has been made aware of this issue.”

“ASIC is reviewing”. Readers should bear in mind that a “reviewing” is the next enforcement level down from a “crackdown” and not much ever comes from crackdowns. They are, as one writer put it, like cicadas on a summer evening. You can hear them but you never see them.

For dark pools, just wade into the ASX

But what was interesting in this ASIC call to arms was the mention of the OAIC: “The Office of the Australian Information Commissioner has been made aware of this issue.”

That will surely strike fear into the hearts of these dastardly ASIC database spies. The OAIC has been made aware.

We once contacted the OAIC to inquire about large amounts of public information being purged from the RBA and Treasury websites, without explanation; information relating to sovereign guarantees for wholesale bank funding.

The information commission responded with no information. The information commission could not even summons two words of information – no comment – to respond to a story about information.

Free and open information? The gag is on us

Don’t pay so you can read it.
Pay so everyone can.

Become a supporter

Subscribe to Newsletter

Get Our Weekly Newsletter. Unsubscribe anytime.

Thank you! We'll also confirm via email.

Pin It on Pinterest

Share This