Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Selected Media Interviews

"What do the Census changes mean?", ABC TV "730", August 9, 2016

Interviewed about the privacy compromises and government missteps leading up to the disastrous 2016 Census. See clip.

"All your security and privacy questions around the census answered" August 9, 2016

Interviewed at length by Sky News Business Australia, about function creep, big data, de-identification, and evidence based policy. Video clip available on twitter.

"Google faces accusations of privacy violations", ABC TV "730", September 4, 2013

Interviewed about Google's business model and their exploitation of personal information. See transcript.

"Investors told to verify info after fake press release hits Whitehaven", ABC Radio "AM", January 8, 2013

On the counterfeit press release used by an activist to damage a bank's share price. See transcript.

"ANZ glitch sends statements to wrong people", Ch 9 News, January 12, 2011

The Nine Network TV news bulletin of 12 January 2012 led with this story about online bank statements being sent to the wrong customers.

See news story clip.

"False sense of security", Sydney Morning Herald, April 22, 2009

Stephen Wilson, the managing director of Lockstep Consulting, an authentication technology consultancy, says the banking industry can no longer have a credit card system that is based on the consumer having a card with a single number that is used repeatedly.
At a conference in March, Wilson said: "We have to use chip technology to make the number unique for each transaction and until we do that we will not stop stolen IDs being replayed."
See article online.

"Credit card security doesn't travel well", The Australian, 26 February 2008

Stephen Wilson says card skimming at autotellers is only the tip of the iceberg. Organised crime gangs use matchbox-sized portable devices - bought online in bulk - to collect information from hundreds of magstripe cards at a time.
"It's so much easier for a criminal to bribe someone than try to tamper with an autoteller," Wilson says. "Typically, they give a device to an attendant at a late-night service station or convenience store and get him to swipe customer cards for a while."
See article on line.

"ID theft brings tech to law", The Australian, 18 September 2007

POLICY makers will have to abandon their technology-neutral approach to privacy laws in order to tackle the epidemic of identity theft, a leading technology industry body warns.
"To date, ministers and bureaucrats have avoided getting into the risky area of picking winners in technology," said Stephen Wilson, chair of the Australian Electrical and Electronic Manufacturer's Association (AEEMA) information security forum.
"This is why we've traditionally had a light-touch regime, but the things we're grappling with now around privacy, identity theft and cybercrime are so difficult we're going to have to take a greater interest in technology. That means someone needs to be acknowledging the strengths and weaknesses of different and competing technologies. We're seeing a change of climate around that."
The concept of technology neutrality was past its use-by date, Mr Wilson said.
"It's a good legal philosophy, but when it comes down to codes of practice and standards for government and banking services, indifference to the technology at the coalface is really dangerous".
See article on line.

Access Card, Canberra Times, 16 July 2007

Stephen Wilson, Managing Director of identity management company Lockstep Consulting, said last week that [dropping the proposed owner-controlled part of the Access Card chip] will eliminate a potentially vital source of privacy protection and online safety.
"Scrapping the voluntary area has been advocated by some privacy lobbyists but it really is a very blunt and cynical response to the problem of function creep," he said. "It totally shuts the door on a rich and untapped vein of privacy enhancements.
"It cripples the card and makes it much too difficult to upgrade cards with functional enhancements or even bug fixes."
He said the public debate has been "pretty simplistic".
"Why do we think that advances in smartcard technology necessarily make it more threatening to privacy? I argue it's exactly the opposite.
"Unlike magnetic stripe cards, a smartcard can tell what’s going on around it. This makes smartcards largely immune to card skimming, and can stop lost cards being snooped on with a $20 reader."
He said the Access Card could also be applied to a range of public health benefits such as detecting 'prescription shopping' without data-mining chemist transactions, and providing card owners with secure remote access to their medical records.

"House of cards", BRW 28 June 2007

Stephen said: "If [the Access Card bill] is passed, it will open the door. It will encourage the use of smartcards and smartcard readers. The person in the street will become more familiar with how to use these things.
"It will be hugely important because it will create economies of scale for the market. Within three or four years, you'd see the market go from 1 million cards to closer to 20 million. It will provide business for a lot of interesting Australian technology companies as well as multinationals."
See link to BRW article.

The Anti-Australia Card, AAP 5 June 2007

Australia is missing out on a "rich vein" of privacy protection by not embracing smartcards. Stephen Wilson, the deputy chair of Smartcard and Information Security Australia, said privacy and security should not be seen as mutually exclusive concepts with the smartcard.

Speaking at the Australian Smartcards Summit in Sydney on Tuesday, he distanced the smartcard from the unpopular Australia Card, the national identification card proposed by a Labor government in 1985. "This would be the opposite of an Australia Card - the anti-Australia Card," Mr Wilson said. "The smartcard, unlike any other thing, will allow you to have multiple relationships with multiple providers, and you get to control who knows what about you."

Mr Wilson said Australians were missing out on a sophisticated technology to protect their privacy by not embracing smartcards. "Government and business have been taking a cautious approach to the new technology, but in doing so overlook this rich vein of privacy and protection," Mr Wilson told the conference. "It defies me why smartcards should remain so controversial."

He said the smartcards would provide a far greater level of protection than the magnetic stripe cards still employed by most Australian financial institutions, which can be read with simple equipment costing less than $200. "Magnetic stripe cards are completely passive, it's just like a strip of video tape and whatever goes on just comes off," he said.

"A smartcard can make smart decisions about what sort of machine it's talking to. It can tell the difference between a cheap Dick Smith reader or a sophisticated human services reader, or a reader that a police officer might have."

link to The West Australian articlelink to SMH articlelink to The Age article

"Backgound Briefing", ABC Radio National, 15 December 2006

Steve Wilson: "It's terrific to have some spare real estate and some spare capacity these cards made available for public use. But I'd like a more sophisticated vision that says this isn't just an extra 20 kilobytes of memory that I can play with; I'd like to see card function that was made available for third party use. I'd like to see memory made available with memory protections; I'd like protected memory that could be used to hold health identifiers and personal credentials. I'd like to see this technology used for electronic voting and electronic census collection, by using the spare capacity in the card."

link to podcast

"Smartcard pressure", The Australian, 7 February 2006

Stephen Wilson, director of Lockstep Consulting, says the banks are missing a golden opportunity. "The beauty of the EMV program is that it provides the technological platform on which we can do internet banking as well," he says. ... "Nowadays, the story is internet authentication, and I don't think the banks have grasped that. Because there's a computer chip in the smartcard, it can check the identity of a web server before the server checks it."

article on line

"The eyes have it", The Australian, 15 November 2005

"Biometrics are so sexy and seem so intuitive that people are a bit mesmerised by them. You tend to think they're perfect: your fingerprint is unique, your iris is unique so in theory using these as identifiers sounds great. The problem is, the systems are run by computers and measurement software and hardware such as cameras and readers. Even if your iris is unique, by the time a camera measures it, the computer number-crunches it and adjusts for poor lighting conditions and for the fact you might have glasses, they wind up being really fallible."

article on line

"Online doc can issue script", The Australian, 9 September 2003

"SecureNet chief security specialist Stephen Wilson said Ozdocsonline was the first private medical provider to move to a managed service"

"Security: giving an outsider the keys", Sydney Morning Herald, 2 September 2003

"Stephen Wilson, chief security specialist at SecureNet, claims users can reap between 100 per cent and 200 per cent return on investment a year by outsourcing security".
http://www.smh.com.au/articles/2003/09/01/1062383513549.html?

"Race for safe online business", The Age, 4 September 2001

"PKI needed to be embedded in browsers 'like a magnetic strip on a credit card' [Wilson said]".

"Gatekeeper asks for 'too much' private info", The Australian, 3 July 2001

"'The problem is that [the digital passport metaphor] doesn't actually reflect the way we do business in the real world' [said Wilson]".

"Keyholder sees digital barrier as parochial", Australian Financial Review 22 August 2001

"The regional head of cryptography at PwC, Mr Stephen Wilson, has labelled as parochial the Government's reluctance to extend cross-recognition of Identrus, the global certificate standard for the banking and finance industry"

"US Trails Local PKI Initiatives", The Australian, 27 March 2001

"Australia is about three years ahead of the United States in delivering [PKI] applications, according to expert Stephen Wilson".
http://www.ucol.mx/acerca/coordinaciones/cgic/cueicp/APEC2001/28mar2001.pdf

"GST forces giant Australian PKI project", The Australian, 18 January 2000

"Certification Forum of Australia chairman Stephen Wilson welcomed last week's release of a draft specification for the ABN-DSC plan"