Category: Data security

Article

Facebook, AMD, Nvidia Join Confidential Computing Consortium | SDx Central

AMD, Facebook et Nvidia rejoignent une initiative qui veut protéger la mémoire vive de nos équipements  (AMD, NVIDIA and Facebook join an initiatiative to protect the live memory of our equipment) | O1Net.com (France – French language / Langue française)

From the horse’s mouth

Confidential Computing Consortium

Web site

My Comments

Some of online life’s household names are becoming part of the Confidential Computing Consortium. Here, AMD, Facebook, NVIDIA are part of this consortium which is a driver towards secure computing which is becoming more of a requirement these days.

What is the Confidential Computing Consortium

This is an industry consortium driven by the Linux Foundation to provide open standards for secure computing in all use cases.

It is about creating a standard software-development kits that are about secure software execution. This is to allow software to run in a hardware-based Trusted Execution Environment that is completely secure. It is also about writing this code to work independent of the system’s silicon manufacturer and to work across the common microarchitectures like ARM, RISC-V and x86.

This is becoming of importance nowadays with malware being written to take advantage of data being held within a computing device’s volatile random-access memory. One example of this include RAM-scraping malware targeted at point-of-sale / property-management systems that steal customers’ payment-card data while a transaction is in progress. Another example are the recent discoveries by Apple that a significant number of familiar iOS apps are snooping on the user’s iPhone or iPad Clipboard with their iPhones without the knowledge and consent of the user.

As well, in this day and age, most software implements various forms of “memory-to-memory” data transfer for many common activities like cutting and pasting. There is also the fact that an increasing number of apps are implementing context-sensitive functionality like conversion or translation for content that a user selects or even for something a user has loaded in to their device.

In most secure-computing setups, data is encrypted “in-transit” while it moves between computer systems and “at rest” while it exists on non-volatile secondary storage like mechanical hard disks or solid-state storage. But it isn’t encrypted while it is in use by a piece of computer software to fulfil that program’s purposes. This is leading to these kind of exploits like RAM-scraping malware.

The Confidential Computing Consortium is about encrypting the data that is held within RAM and allowing the user to grant software that they trust access to that encrypted data. Primarily it will be about consent-driven relevance-focused secure data use for the end-users.

But the idea is to assure not just the security and privacy of a user’s data but allow multiple applications on a server-class computer to run in a secure manner. This is increasingly important with the use of online services and cloud computing where data belonging to multiple users is being processed concurrently on the same physical computer.

This is even relevant to home and personal computing, including the use of online services and the Internet of Things. It is highly relevant with authenticating with online services or facilitating online transactions; as well as assuring end-users and consumers of data privacy. As well, most of us are heading towards telehealth and at-home care which involves the handling of more personally-sensitive information relating to our health through the use of common personal-computing devices.

The fact that Facebook is on board is due to the fact the social network’s users make use of social sign-on by that platform to sign up with or log in to various online services. In this case, it would be about protecting user-authentication tokens that move between Facebook and the online service during the sign-up or log-in phase.

As well,  Facebook has two fingers in the consumer online messaging space in the form of Facebook Messenger and WhatsApp products and both these services feature end-to-end encryption with WhatsApp having this feature enabled by default. Here, they want users to be sure that the messages during, say, a WhatsApp session stay encrypted even in the device’s RAM rather than just between devices and within the device’s non-volatile storage.

I see the Confidential Computing Consortium as underscoring a new vector within the data security concept with this vector representing the data that is in the computer’s memory while it is being processed. Here, it could be about establishing secure consent-driven access to data worked on during a computing session, including increased protection of highly-sensitive business and personal data.

The coronavirus plague is having us at home, inside and online more….
(iStock by Getty Images)

The Covid-19 coronavirus plague is changing our habits more and more as we stay at home to avoid the virus or avoid spreading it onwards. Now we are strongly relying on our home networks and the Internet to perform our work, continue studying and connect with others in our social circles.

But this state of affairs is drawing out its own cyber-security risks, with computing devices being vulnerable to malware and the existence of hastily-written software being preferred of tasks like videoconferencing. Not to mention the risk of an increasing flow of fake news and disinformation about this disease.

What can we do?

General IT security

But we need to be extra vigilant about our data security and personal privacy

The general IT security measures are very important even in this coronavirus age. Here, you need to make sure that all the software on your computing devices, including their operating systems are up-to-date and have the latest patches. It also applies to your network, TV set-top and Internet-of-Things hardware where you need to make sure the firmware is up-to-date. The best way to achieve this is to have the devices automatically download and install the revised software themselves.

As well, managing the passwords for our online services and our devices properly prevents the risk of data and identity theft. It may even be a good idea to use a password vault program to manage our passwords which may prevent us from reusing them across services.  Similarly using a word processor to keep a list of your passwords which is saved on removeable media and printed out, with both the hard and electronic copy kept in a secure location may also work wonders here.

Make sure that your computer is running a desktop / endpoint security program, even if it is the one that is part of the operating system. Similarly, using an on-demand scanning tool like Malwarebytes can work as a way to check for questionable software. As well, you may have to check the software that is installed on all of the computing devices is what you are using and even verify with multiple knowledgeable people if that program that is the “talk of the town” should be on your computer.

If you are signing up with new online services, it may even be a better idea to implement social sign-on with established credential pools like Google, Facebook or Microsoft. These setups implement a token between the credential pool and the online service as the authentication factor rather than a separate username and password that you create.

As well, you will be using the Webcam more frequently on your computing devices. The security issue with the Webcam and microphone is more important with computing setups that have the Webcam integrated in the computer or monitor, like with portable computing devices, “all-in-one” computers or monitors equipped with Webcams.

Here, you need to be careful of which programs are having access to the Webcam and microphone on your device. Here, if newly-installed software asks for use of your camera or microphone and it is out of touch with the way the software works, deny access to the camera or microphone when it asks for their use.

If you install a health-department-supplied tracking app as part of your government’s contact-tracing and disease-management efforts, remember to remove this app as soon as the coronavirus crisis is over. Doing this will protect your privacy once there is no real need to manage the disease.

Email and messaging security

Your email and messaging platforms will become an increased security risk at this time thanks to phishing including business email compromise. I have covered this issue in a previous article after helping someone reclaim their email service account after a successful phishing attempt.

An email or message would be a phishing attempt if the email isn’t commensurate with proper business writing standards for your country, has a sense of urgency about it and is too good to be true. Once you receive these emails, it is prudent to report them then delete them forthwith.

In the case of email addresses from official organisations, make sure that the domain name represents the organisation’s proper domain name. This is something that is exactly like the domain name they would use for their Web presence, although email addresses may have the domain name part of the address following the “ @ “ symbol prepended with a server identifier like “mail” or “email”. As well, there should be nothing appended to the domain name.

Also, be familiar with particular domain-name structures for official organisation clusters like the civil / public service, international organisations and academia when you open email or surf the Web. These will typically use protected high-level domain name suffixes like “.gov”, “.int” or “.edu” and won’t use common domain name suffixes like “ .com “. This will help with identifying whether a site or a sender is the proper authority or not.

Messaging and video-conferencing

Increasingly as we stay home due to the risk of catching or spreading the coronavirus plague, we are relying on messaging and video-conferencing software more frequently to communicate with each other. For example, families and communities are using video-conferencing software like Zoom or Skype to make a virtual “get-together” with each other thanks to these platforms’ support for many-to-many videocalls.

But as we rely on this software more, we need to make sure that our privacy, business confidentiality and data security is protected. This is becoming more important as we engage with our doctors, whether they be general practitioners or specialists, “over the wire” and reveal our medical issues to them that way.

If you value privacy, look towards using an online communications platform that implements end-to-end encryption. Infact, most of the respected “over-the-top” communications platforms like WhatsApp, Viber, Skype and iMessage offer this feature for 1:1 conversations between users on the same platform. Some, like WhatsApp and Viber offer this same feature for group conversations between users on that same platform.

Video-conferencing software like Zoom and Skype

When you are hosting a video-conference using Zoom, Skype or similar platforms, be familiar with any meeting-setup and meeting-management features that the platform offers. If the platform uses a Weblink to join a video-conference that you can share, use email or a messaging platform to share that link with potential participants. Avoid posting this on the Social Web so you keep gatecrashers from your meeting or class.

As well, if the platform supports password-protected meeting entry, use this feature to limit who can join the meeting. Here, it is also a good idea to send the password as a separate message from the meeting’s Weblink.

Some platforms like Zoom offer a waiting-room function which requires potential participants to wait and be vetted by the conference’s moderator before they can participate. As well these platforms may have a meeting-lockout so no more people can participate in the video-conference. Here, you use this function when all the participants that you expect are present in the meeting.

You need to regulate the screen sharing feature that your platform offers which allows meeting participants to share currently-running app or desktop user interfaces. Here, you may have the ability to limit this function to the moderator’s computer or a specified participant’s computer. Here this will prevent people from showing offensive imagery or videos to all the meeting’s participants. As well, you may also need to regulate access to any file-sharing functionality that the platform offers in order to prevent the video conference becoming a vector for spreading malware or offensive material.

Fake news and disinformation

Just like with the elections that count, the coronavirus issue has brought about its fair share of fake news and disinformation.

Here, I would recommend that you use trusted news sources like the respected public-service broadcasters for information about this plague. As well, I would recommend that you visit respected health-information sites including those offered “from the horse’s mouth” by local, regional or national government agencies for the latest information.

As well, trust your “gut reaction” when it comes to material that is posted online about the coronavirus plague, including the availability of necessary food or medical supplies. Here, he careful of content that is “out of reality” or plays on your emotions. The same attitude should also apply when it comes to buying essential supplies online and you are concerned about the availability and price of these supplies.

Conclusion

As we spend more time indoors and online thanks to the coronavirus, we need to keep our computing equipment including our tablets and smartphones running securely to protect our data and our privacy.

Article

Europe to have one or more public cloud services that respect European sovereignty and values

France, Germany want more homegrown clouds to pick from | ITNews (Premium)

My Comments

Germany is instigating a European-wide project to create a public cloud-computing service.  As well, France is registering intent in this same idea but of creating another of these services.

Both countries’ intention is to rival what USA and Asia are offering regarding public-cloud data-processing solutions. But, as I have said before, it is about having public data infrastructure that is sovereign to European laws and values. This also includes the management and dissemination of such data in a broad and secure manner.

… which could also facilitate European software and data services like what is offered through the Freebox Delta

The issue of data sovereignty has become of concern in Europe due to the USA and China pushing legislation to enable their governments to gain access to data held by data service providers that are based in those countries. This is even if the data is held on behalf of a third-party company or hosted on servers that are installed in other countries. The situation has been underscored by a variety of geopolitical tensions involving especially those countries such as the recent USA-China trade spat.

It is also driven by some European countries being dissatisfied with Silicon Valley’s dominance in the world of “as-a-service” computing. This is more so with France where there are goals to detach from and tax “GAFA” (Google, Apple, Facebook and Amazon) due to their inordinate influence in consumer and business computing worlds.

or BMW’s voice-driven assistant for in-car infotainment

Let’s not forget that Qarnot in France has designed computers that put their waste heat to use for heating rooms or creating hot water in buildings. This will appeal to a widely-distributed data-processing setup that could be part of public cloud-computing efforts.

Questions that will crop up with the Brexit agenda when Europe establishes this public cloud service will include British data sovereignty if data is held on the European public cloud or whether Britain will have any access or input into this public cloud.

… just like this Airbus A380 superjumbo jet shows European prowess in aerospace

Personally I could see this as facilitating the wider creation of online services by European companies especially with the view to respecting European personal and business values. It could encompass ideas like voice-driven assistant services, search engines, mapping and similar services for consumers or to encourage European IT development.

Could this effort that Germany and France put forward be the Airbus or Arianespace of public-cloud data services?

HP LaserJet Pro CM1415fnw colour laser multifunction printer – an example of a fax-capable multifunction that implements flash memory and fax-vault functionality

Nearly every multifunction printer that is pitched towards small businesses and SOHO operations is equipped with basic Group 3 fax functionality at least. Most will have the high-speed Super Group 3 functionality while most multifunctions that print colour will support colour faxing.

This is a feature still considered of value by people who work in the legal, medical and allied professions because they see it as the preferred way to exchange documents “over the wire”, especially in the context of requiring other parties to sign and send the documents.

But inbound documents that arrive via these machines can be seen by people other than the intended recipients which is something that can betray the required confidentiality that most of these documents require. This is an important issue as far as client confidentiality and privacy are concerned when it comes to legal, medical or similar issues; but can also be of concern with the intellectual property that most organisations accrue such as customer / member lists or financial reports.

This can be of concern in traditional workplace environments like clinics where you have people like late-night workers or contract cleaners existing in the office beyond normal business hours. It can also be exacerbated for small-time professionals who share or sub-let office space or use serviced offices.

It can also extend to people who maintain a home office, something that is an increasing trend for small-time practitioners or people who maintain a small public storefront at other premises. In this case, even though the business operator’s household respects the business’s confidentiality requirements, there is the issue of houses being occupied by house-sitters, couch-surfers and the like who may not respect that level of confidentiality even though you trust them. It includes tradespeople who come in to your home to perform work that you require.

What is a “fax vault” and how could this feature answer these situations?

Brother MFC-J5730CDW fax-equipped multifunction which can be set up to forward incoming faxes to Dropbox or OneDrive

A “fax vault” function stores all incoming fax documents to a digital storage medium of some sort rather than printing them out. Then the user enters a code and selects a “print stored faxes” function to print out the documents. Such setups could allow functions like printing out selected faxes such as those that relate to the work they are dealing with, or forwarding the documents to another fax machine like the one installed at a convenience store or newsagent to be collected there. Some machines also provide a “forward to email” function where they send the received fax document via email as a TIFF-FAX file or a PDF file.

Some of these setups may provide PIN-protected dial-in access to allow users to enable or disable this function or forward documents to a nominated fax machine from the nearest telephone like their home phone. The functionality could also be facilitated through a Web page or mobile-platform app for a granular operating experience.

The most basic form of this kind of storage is in RAM memory in the machine, but a power failure can have you lose all the documents you have received. Better implementations of this storage can be in the form of non-volatile storage like a hard disk or solid-state storage device including an SD card or flash memory installed in the machine, or the data is held on a network storage like a NAS.

For example, HP implemented integrated flash memory within the LaserJet Pro CM1415fnw that I reviewed. This was in lieu of using RAM which is vulnerable to power failure, also leading to that printer implementing a comprehensive “fax vault” function,

Brother have come close to this ideal by equipping some of their printers with “Fax Forward To Cloud” functionality provided as a machine app where documents can be held in a Dropbox or similar online-storage account. But this feature still requires the user to have documents printed out as they come in.

As I review a fax-capable multifunction printer, I applaud manufacturers who offer this function in the proper manner in their products especially if it is feasible not to print documents that are held on the storage. As well, I applaud manufacturers who implement non-volatile memory technology, preferably user-upgradeable technology or use of external, network or common cloud-based storage for incoming faxes.

The feature is important to prevent others from seeing confidential faxes which come in through the machine thus assuring client confidentiality and privacy along with intellectual-property protection for professionals.

How to achieve this better

The manufacturers could implement flash memory in their fax-capable MFCs to avoid risk of document loss during power failures.

This can be taken further with the ability for the user to install standard-form storage devices like SDXC cards, M.2 or 2.5” SATA storage devices within the machine to allow the user to install higher-capacity storage devices at a later time; or a USB port to allow the connection of USB Mass-Storage devices like memory keys or external hard disks. SD-based cards or M.2 SSD sticks can work well with the manufacturer’s desire to maintain a compact design for their desktop multifunction printer devices.

Similarly, simplified resource-discovery protocols for NAS devices could make these devices discoverable by equipment other than regular computers. This could be facilitated through a Samba (open-source SMB implementation) client on the multifunction that implements the SMB protocol most of the NAS units use.

To protect the data on the mon-volatile storage device against further snooping should the non-volatile media unit be stolen, the fax-enabled multifunction printer could implement encrypted storage or simply encrypt the files associated with fax operation. File-based encryption can also work with data stored on a NAS unit.

The large capacities offered by newer cost-effective storage media would cater to businesses in the legal profession who are having to deal with large legal documents as a matter of course, or doctors who receive graphically-rich documents like medical imaging.

It also encourages the use of the non-volatile storage medium in these machines for storing fax documents yet to be transmitted such as with scheduled faxing or attempting to transmit a document to a machine that is busy or not answering. The benefit also applies when your machine is busy printing large documents and wants to keep itself available for other incoming faxes.

For regular printing from a network, the non-volatile storage option can allow for enqueued printing where each job waits on the storage medium until it is printed out. This can also work well with secure print-job release where you enter a code that you predetermine to collect your job before the job is turned out. It can also allow manufacturers to implement remote printing, public-printing facilities and the like as part of a multifunction’s feature set.

Let’s not forget scanning, where an efficient workflow can be created. Here, a user could scan many originals at the machine then go to their computer or mobile device to take them further by “picking them up” from the machine’s storage. A multifunction with advanced abilities could even have the ability to, for example, recognise many small originals like snapshot photos, business cards or till receipts that are scanned at once and create separate files for each original.

Conclusion

Having a digital fax vault as part of a small-business or SOHO-grade fax-capable multifunction’s feature set can be of value to professionals who place high value on client confidentiality.

You will be able to use your voice to delete instructions you said to your Amazon Echo

Articles

How to See and Delete Alexa’s Recordings of You | Tom’s Guide

You Can Now Tell Alexa To Delete Your Conversations | Lifehacker

My Comments

An issue that anyone with a voice-driven home assistant device will be wanting to have control of is what the device’s platform has recorded when they spoke to that device. It also includes the risk of your device being accidentally triggered by situations such as an utterance of the wake word in a recording or broadcast. A previous article that I have written describes how to achieve this kind of control with your Amazon Echo or similar Alexa-based device.

But Amazon have taken this further for the Alexa platform by allowing you to speak to your Alexa-based device to delete recordings left on the platform during particular time ranges.

How to enable this function

You have to use the Amazon Alexa app or Website to enable this feature but you don’t have to install another Alexa Skill in to your account for this purpose. Once you are logged in to your Amazon Alexa app or Website, enter the Settings section which would be brought up under a hamburger-shape “advanced-operations” menu.

Then you go to your “Alexa Account” option in that section and bring up the “Alexa Privacy” menu. Go to the “Review Voice History” screen and you will see the  “Enable Deletion By Voice” option that you can toggle on or off. Having this feature on will allow you to use the voice commands that will be listed below. When you enable it, you will see a warning that anyone with access to your Alexa-based devices will be able to delete what was said to the Alexa ecosystem.

Commands

“Alexa, delete everything I said today” will cause your Alexa-based device to delete anything you said to it from midnight (0:00) of the current day to the time you gave that instruction.

For greater control, Amazon will roll out this other command: “Amazon, delete what I just said”. This will delete what was last said to your Alexa device and can be of use when handling a nuisance-trigger situation for example.

Conclusion

I would see the other voice-driven assistant platforms provide the ability to delete what you said under your voice control as a user-enabled option. This will be more so as the light shines brightly on what the Silicon Valley establishment are up to with end-user data privacy amongst other issues like corporate governance.

Articles

UK mulls security warnings for smart home devices | Engadget

New UK Laws to Make Broadband Routers and IoT Kit More Secure | ISP Review

From the horse’s mouth

UK Government – Department of Digital, Culture, Media and Sport

Plans announced to introduce new laws for internet connected devices (Press Release}

My Comments

A common issue that is being continually raised through the IT security circles is the lack of security associated with network-infrastructure devices and dedicated-function devices. This is more so with devices that are targeted at households or small businesses.

Typical issues include use of simple default user credentials which are rarely changed by the end-user once the device is commissioned and the ability to slip malware on to this class of device. This led to situations like the Mirai botnet used for distributed denial-of-service attacks along with a recent Russia-sponsored malware attack involving home-network routers.

Various government bodies aren’t letting industry handle this issue themselves and are using secondary legislation or mandated standards to enforce the availability of devices that are “secure by design”. This is in addition to technology standards bodies like Z-Wave who stand behind logo-driven standards using their clout to enforce a secure-by-design approach.

Home-network routers will soon be required to have a cybersecurity-compliance label to be sold in the UK

The German federal government took a step towards having home-network routers “secure by design”. This is by having the BSI who are the country’s federal office for information security determine the TR-03148 secure-design standard for this class of device.  This addresses minimum standards for Wi-Fi network segments, the device management account and user experience, along with software quality control for the device’s firmware.

Similarly, the European Union have started on the legal framework for a “secure-by-design” certification approach, perhaps with what the press describe as an analogy to the “traffic-light” labelling on food and drink packaging to indicate nutritional value. It is based on their GDPR data-security and user-privacy efforts and both the German and European efforts are underscoring the European concern about data security and user privacy thanks to the existence of police states within Europe through the 20th century.

… as will smart-home devices like the Amazon Echo

But the UK government have taken their own steps towards mandating home-network devices be designed for security. It will use their consumer-protection and trading-standards laws to have a security-rating label on these devices, with a long-term view of making these labels mandatory. It is in a similar vein to various product-labelling requirements for other consumer goods to denote factors like energy or water consumption or functionality abilities.

Here, the device will be have requirements like proper credential management for user and management credentials; proper software quality and integrity control including update and end-of-support policies; simplified setup and maintenance procedures; and the ability to remove personal data from the device or reset it to a known state such as when the customer relinquishes the device.

Other countries may use their trading-standards laws in this same vein to enforce a secure-by-design approach for dedicated-function devices sold to consumers and small businesses. It may also be part of various data-security and user-privacy remits that various jurisdictions will be pursuing.

The emphasis on having proper software quality and integrity requirements as part of a secure-by-design approach for modem routers, smart TVs and “smart-home” devices is something I value. This is due to the fact that a bug in the device’s firmware could make it vulnerable to a security exploit. As well, it will also encourage the ability to have these devices work with highly-optimised firmware and implement newer requirements effectively.

At least more countries are taking a step towards proper cybersecurity requirements for devices sold to households and small businesses by using labels and trading-standards requirements for this purpose.

Article

Are you sure you are casting your vote or able to cast your vote without undue influence?

Australian Electoral Commission boots online blitz to counter fake news | ITNews

Previous coverage

Being cautious about fake news and misinformation in Australia

From the horse’s mouth

Australian Electoral Commission

Awareness Page

Press Release

My Comments

I regularly cover the issue of fake news and misinformation especially when this happens around election cycles. This is because it can be used as a way to effectively distort what makes up a democratically-elected government.

When the Victorian state government went to the polls last year, I ran an article about the issue of fake news and how we can defend ourselves against it during election time. This was because of Australia hosting a run of elections that are ripe for a concerted fake-news campaign – state elections for the two most-populous states in the country and a federal election.

It is being seen as of importance due to fact that the IT systems maintained by the Australian Parliament House and the main Australian political parties fell victim to a cyber attack close to February 2019 with this hack being attributed to a nation-state. This can lead to the discovered information being weaponised against the candidates or their political parties similar to the email attack against the Democrat party in the USA during early 2016 which skewed the US election towards Donald Trump and America towards a highly-divided nation.

The issue of fake news, misinformation and propaganda has been on our lips over the last few years due to us switching away from traditional news-media sources to social media and online search and news-aggregation sites. Similarly, the size of well-respected newsrooms is becoming smaller due to reduced circulation and ratings for newspapers and TV/radio stations driven by our use of online resources. This leads to poorer-quality news reporting that is a similar standard to entertainment-focused media like music radio.

A simplified low-cost no-questions-asked path has been facilitated by personal computing and the Internet to create and present material, some of which can be questionable. It is now augmented by the ability to create deepfake image and audio-visual content that uses still images, audio or video clips to represent a very convincing falsehood thanks to artificial-intelligence. Then this content can be easily promoted through popular social-media platforms or paid positioning in search engines.

Such content takes advantage of the border-free nature of the Internet to allow for an actor in one jurisdiction to target others in another jurisdiction without oversight of the various election-oversight or other authorities in either jurisdiction.

I mentioned what Silicon Valley’s online platforms are doing in relation to this problem such as restricting access to online advertising networks; interlinking with fact-check organisations to identify fake news; maintaining a strong feedback loop with end-users; and operating robust user-account-management and system-security policies, procedures and protocols. Extant newsrooms are even offering fact-check services to end-users, online services and election-oversight authorities to build up a defence against misinformation.

But the Australian Electoral Commission is taking action through a public-education campaign regarding fake news and misinformation during the Federal election. They outlined that their legal remit doesn’t cover the truthfulness of news content but it outlines whether the information comes from a reliable or recognised source, how current it is and whether it could be a scam. Of course there is the issue of cross-border jurisdictional issues especially where material comes in from overseas sources.

They outlined that their remit covers the “authorisation” or provenance of the electoral communications that appear through advertising platforms. As well, they underscore the role of other Australian government agencies like the Australian Competition and Consumer Commission who oversee advertising issues and the Australian Communications And Media Authority who oversee broadcast media. They also have provided links to the feedback and terms-and-conditions pages of the main online services in relationship to this issue.

These Federal agencies are also working on the issue of electoral integrity in the context of advertising and other communication to the voters by candidates, political parties or other entities; along with the “elephant in the room” that is foreign interference; and security of these polls including cyber-security.

But what I have outlined in the previous coverage is to look for information that qualifies the kind of story being published especially if you use a search engine or aggregated news view; to trust your “gut reaction” to the information being shared especially if it is out-of-touch with reality or is sensationalist or lurid; checking the facts against established media that you trust or other trusted resources; or even checking for facts “from the horse’s mouth” such as official press releases.

Inspecting the URL in your Web browser’s address bar before the first “/” to see if there is more that what is expected for a news source’s Web site can also pay dividends. But this can be a difficult task if you are using your smartphone or a similarly-difficult user interface.

I also even encourage making more use of established trusted news sources including their online presence as a primary news source during these critical times. Even the simple act of picking up and reading that newspaper or turning on the radio or telly can be a step towards authoritative news sources.

As well, I also encourage the use of the reporting functionality or feedback loop offered by social media platforms, search engines or other online services to draw attention to contravening content This was an action I took as a publisher regarding an ad that appeared on this site which had the kind of sensationalist headline that is associated with fake news.

The issue of online misinformation especially during general elections is still a valid concern. This is more so where the online space is not subject to the kinds of regulation associated with traditional media in one’s home country and it becomes easy for foreign operators to launch campaigns to target other countries. What needs to happen is a strong information-sharing protocol in order to place public and private stakeholders on alert about potential election manipulation.