Vale the Hon John (Jack) Winneke AC RFD QC
Australia, and our Bar, is much the poorer for the passing of the Hon John (Jack) Winneke AC RFD QC, who died yesterday morning. Jack was 81 (born 19 March 1938).
Jack was the foundation President of the Victorian Court of Appeal from its establishment in June 1995 until his retirement in July 2005. He signed the Bar Roll in 1962 and was appointed silk in 1976. He was made an Officer of the Order of Australia (AO) in 1999, and a Companion of the Order of Australia (AC) in 2004, both for significant services to the judiciary in Victoria.
On behalf of the Bar, I extend deepest sympathies to Jack’s family. The Bar’s more detailed tribute to Jack can be read here.
Vale Richard Forsyth
The Bar mourns the passing of Richard Forsyth, who died this week at the age of 78 (born 30 January 1941).
Richard was admitted to practice in 1967 and came to the Bar in 1975, where he read with Judge John Hanlon. At the Bar, Richard practised in personal injuries, workers’ compensation, insurance law and the matters in the jurisdiction of the Administrative Appeals Tribunal.
Deepest sympathies are extended to Richard’s family, including Jane and Annabel, both respected members of the Victorian Bar. The Bar’s tribute to Richard can be read here.
Cyberattacks and new password policy
With the support of the Bar Council, BCL will shortly introduce a new password policy for Vicbar emails that will affect almost all of us.
I understand how inconvenient it is to have to change, and remember new, passwords. The decision to introduce a new policy has not been taken lightly. It has been the subject of considerable analysis, research and debate.
I ask for a few minutes of your time to enable me to explain why this decision has been taken and what it means for every user of Vicbar emails.
Almost all of us rely daily upon email to conduct our practices, and almost all of us have email services administered by BCL with vicbar.com.au suffixes.
It is, obviously, critical that we, our instructors, our clients and all others with whom we come into contact professionally have confidence in the security of the messages we send and receive.
Like many organisations worldwide, we are at constant risk of cyberattacks. Over time, such attacks have increased in both number and sophistication. The risks are particularly heightened where people use short or easy to guess passwords, or the same passwords for multiple services. It is not uncommon, for example, for networking services used by many of us to suffer breaches that compromise the security of the personal information of their users. Where that occurs, it can have flow-on consequences for Vicbar services.
We are fortunate that BCL has, appropriately, invested in industry leading cyber protection for the benefit of users of Vicbar email addresses.
Every year, our system processes some 83.2 million emails, about 75%, or 64.2 million, of which are spam. Every week, BCL quarantines some 75,000 suspicious attachments and 25,000 links. A measure of the success of BCL’s efforts is that, at the user level, we are rarely troubled by spam or suspicious messages.
Our current password policy is, however, out of step with industry standards. Because of the sensitivity of the information we handle, and our obligation to protect information entrusted to us by our clients, the Bar Council and BCL believe that we must adopt a policy that is consistent with best industry practice.
The current industry standard calls for passwords with a minimum of 10 characters comprising a combination of uppercase letters, lowercase letters, numbers and special characters (such as ‘!@#$%’), which are required to be changed periodically. The Commonwealth government standard, for instance, requires passwords with those characteristics to be changed every 90 days, with users not permitted to reuse any of their eight most recent passwords.
Next week, all members will receive an email setting out the new policy and an implementation plan. BCL will provide technical support (where required) for members to make the change and set up your devices afterwards.
The new policy will be introduced on a staggered basis over coming months. You will receive an email from BCL advising you when your own email account will become subject to the new requirements. IT support will be available to assist in changing passwords and setting up devices after password changes.
The new policy will require members to transition to a password with a minimum of 10 characters, including characters from at least three of the following categories:
Users will be required to change their password every 180 days, and will not be permitted to reuse any of their five previous passwords.
Again, I know how inconvenient this will be. Personally, I hate having to keep track of different passwords. While I use a password management app which should all make this simple (called 1Password), the reality is I sometimes forget to ensure that it is up-to-date, with the result that I have to press the ‘Forgot your password?’ link on different websites to reset them. I am also guilty of using the same password on multiple sites. But, as I hope you will agree, the degree of inconvenience cannot be allowed to prevail over the risk to the integrity of our clients’ confidential information. Fortunately, there are technological solutions to assist in generating and storing impossible to guess passwords. BCL support staff will be able to assist in this critical transition to a more secure email service.
A busy week
As always, a lot of work went on behind the scenes this week. Bar Council met last night and, among other things, adopted a comprehensive new Risk Management and Policy Framework, and its 2019 Risk Schedule. The framework is aligned to the Australia and New Zealand ISO Standard on Risk Management. It identifies the risks the Bar faces, sets out lines of defence and mitigation strategies, specifies our risk appetite by reference to the inherent likelihood and impact of risks materialising, and allocates roles and responsibilities for the management of risk. A huge amount of effort goes into this kind of work by both the Bar Office and Bar Council. While lacking in glamour, it is fundamental to good governance.
Also this week, the Executive of Bar Council met separately. I participated in meetings of the Constitutional Reform Working Group, the working group responsible for preparing the Bar’s submission in relation to defamation law reform, and convened the first meeting of the Bar’s website content review working group. On Thursday, I met with the Legal Services Commissioner and others in relation to health and wellbeing in the legal profession. This morning I met with the Dean of the Melbourne Law School. I was also actively involved in discussions relating to the Australian Bar Association, and met with its President, Jennifer Batrouney QC.
Congratulations to Stewart Anderson QC, who has been appointed as a Judge of the Federal Court of Australia, based in the Melbourne Registry, from 6 May 2019. Details of his welcome will be advised when known.
Congratulations also to Dr Ben Gauntlett on his appointment as national Disability Discrimination Commissioner. Ben commences in the role on 7 May 2019, for a term of 5 years.
The profession will extend a welcome to the Honourable Justice Norah Hartnett as a judge of the Family Court of Australia on Wednesday 10 April 2019 at 4:30 pm. Justice Hartnett commenced in the Melbourne registry of the court last week.
The profession will extend welcomes at ceremonial sittings of the Full Court of the Federal Court of Australia as follows:
Details of the ceremonial welcome for the Hon Justice McEvoy in the Family Court of Australia will be advised when they become known.