Australian public opinion was changing on the subject of US-Australia relations before this latest Trump Regime move against digital privacy - it began to shift after Donald Trump was elected US president......
Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts
Sunday 8 April 2018
Is the U.S. becoming a country hostile to Australian tourists?
According to
the Australian Bureau of
Statistics there were 13.7 million internet subscribers in Australia at
the end of June 2017 and a 2016
Deloitte survey found that 84% of Australians had a smart phone.
An est. 20
million Australians use
a social media platform like Facebook,
Instragram or Twitter
via a desktop computer or mobile phone.
Because we
are one of the most digitally connected populations in the world the United
States is about to pose an additional risk to our personal Internet privacy and
safety if we seek any form of visa entry into that country.
ABC
News, 31
March 2018:
A US federal government
proposal to collect social media identities of nearly everyone who seeks entry
into the country has been described as a "chilling" encroachment on
freedom of speech and association.
The State Department
filed a proposal which would require most immigrant and non-immigrant visa
applicants to list all social media identities they have used in the past five
years, as well as previously used telephone numbers, email addresses and their
international travel history over the same period.
The information would be
used to vet and identify them, which would affect about 14.7 million people
annually.
The proposal goes
further than rules instituted last May. Those changes instructed consular
officials to collect social media identities only when they determined
"that such information is required to confirm identity or conduct more
rigorous national security vetting," a State Department official said at
the time.
The proposal requires
approval from the Office of Management and Budget (OMB) but it supports
President Donald Trump's campaign promise to institute "extreme
vetting" of foreigners entering the US to prevent terrorism.
The American Civil
Liberties Union expressed concern, saying the move would have a
"chilling" effect on freedom of speech and association.
"People will now
have to wonder if what they say online will be misconstrued or misunderstood by
a government official," Hina Shamsi, director of ACLU's National Security
Project, said in a statement.
"We're also
concerned about how the Trump administration defines the vague and over-broad
term a 'terrorist activities' because it is inherently political and can be
used to discriminate against immigrants who have done nothing wrong.
Australian public opinion was changing on the subject of US-Australia relations before this latest Trump Regime move against digital privacy - it began to shift after Donald Trump was elected US president......
Australian public opinion was changing on the subject of US-Australia relations before this latest Trump Regime move against digital privacy - it began to shift after Donald Trump was elected US president......
ABC
News, January
2018:
Recent polling by the United States Studies Centre
(USSC) and YouGov — surveying both Australians and Americans — gives
mixed grades on American strength after the first year of Mr Trump's
presidency. Perceptions of American strength and international security are
closely linked for large portions of the publics in both countries — with some
interesting exceptions. Our data suggest that many see the world as more
dangerous precisely because the United States is perceived to be weaker under
Mr Trump.
Almost half of Australians report that the United
States has grown weaker over the past 12 months.
Only 19 per cent of
Australians think America has grown stronger over the first year of the Trump
presidency.
Americans are less dour
in their assessments, with 36 per cent saying that the United States has become
weaker over the last year. "Weaker" leads "stronger"
by 27 points in the Australian data, but this difference is just six points
among Americans….
Does a stronger (or
weaker) America under Mr Trump affect assessments of Australia's security? It's
complicated. In the aggregate, Australians associate a stronger America with a
safer world and a safer United States, but this does not extend to assessments of
Australian security.
More than half of
Coalition voters say Australia faces more danger than a few years ago,
irrespective of assessments of American power under Mr Trump. Labor voters and
minor party supporters do associate a weaker America with a less secure
Australia.
For Greens voters — at
best sceptical about the US-Australia relationship — a weaker America makes for
a safer Australia. Most Greens voters report that America is weaker under Mr
Trump and just 32 per cent of those see heightened dangers for Australia over the
last few years; among Greens seeing America as stronger under Mr Trump, half
report things becoming more dangerous for Australia, although the small number
of Greens in our data prevent firm conclusions.
Historically, a robust,
bipartisan consensus has seen little partisanship in Australian public opinion
on the value of Australia's relationship with the United States. Our data
suggest that this equilibrium is under some stress. References to Mr Trump
activate partisan differences in Australian thinking about the United
States. While Australians (like Americans) associate increases in American
power with a safer world, a perceived link with enhanced Australian security is
weak at best (and probably inverted for Greens voters).
On the other hand,
despite large partisan divisions, Americans continue to associate American
strength with increased security for America's allies.
This proposition has
been the bedrock of Australian foreign policy and defence thinking for decades,
and remains so, Mr Trump notwithstanding. Accordingly, our data allows us to
restate the challenge for the current generation of Australian policy makers
and political leaders: articulating the value and relevance of the US
relationship to an Australian public at best unsure about the direction of the
United States under Mr Trump and the implications for Australia's security and
prosperity.
Wednesday 4 April 2018
Are those nasty digital chickens coming home to roost for Mark Zuckerberg and Facebook?
In 2014 rumours began to spread about the about Strategic Communication Laboratries (SLC) Cambridge Analytica.
By 12 December 2015, after contacting Facebook's public relations representatives in London, The Guardian (UK) was reporting that:
"A little-known
data company, now embedded within Cruz’s campaign and indirectly financed by
his primary billionaire benefactor, paid researchers at Cambridge University to
gather detailed psychological profiles about the US electorate using a massive
pool of mainly unwitting US Facebook users built with an online survey.
As part of an aggressive
new voter-targeting operation, Cambridge Analytica – financially supported by
reclusive hedge fund magnate and leading Republican donor Robert Mercer – is
now using so-called “psychographic profiles” of US citizens in order to help
win Cruz votes, despite earlier concerns and red flags from potential
survey-takers.
Documents seen by the
Guardian have uncovered longstanding ethical and privacy issues about the way
academics hoovered up personal data by accessing a vast set of US Facebook
profiles, in order to build sophisticated models of users’ personalities.
By 6 January 2016 The Guardian was reporting on what was likely to turn up in Facebook feeds by way of political advertising:
If you lived in
north-east Iowa, the evangelical stronghold where the battle for the soul of
conservative American politics will play out in person on Monday, and happened
to have given Senator Ted Cruz’s campaign your email address sometime in the
last few months, you might find something especially appealing this weekend in
your Facebook feed.
Even the most obtuse member of Facebook Inc.'s board or senior management would have been aware that the company was fast becoming an active participant in the US presidential primaries campaign.
The Guardian, 26 March 2018:
In rejecting the media’s
characterisation of this large-scale privacy violation as a “data breach”,
Facebook claims “everyone involved” in the 2014 data-siphoning exercise had
given their consent. “People knowingly provided their information,” the company
claimed. As with its interpretation of the word “clear”, Facebook seems to have
a skewed understanding of what “knowingly” really means.
Facebook’s senior
executives may now be feeling apologetic, “outraged” even. But in January 2016,
as Trump surged in the polls, Facebook’s COO, Sheryl Sandberg, told investors the 2016 election was “a big
deal in terms of ad spend”. In other words, a major commercial opportunity. The
ability to target voters, she said, was key: “Using Facebook and Instagram
ads you can target by congressional district, you can target by interest,
you can target by demographics or any combination of those,” she boasted. “And
we’re seeing politicians at all levels really take advantage of that
targeting.”
It’s perhaps worth
remembering, then, that until recently Facebook was encouraging political
operatives to take full advantage of its garden of surveillance. And while
aspects of the Cambridge
Analytica affair may be surprising, and offer a disturbing glimpse
into the shadows, the routine exploitation of information about our lives –
about who we are – is what’s powering Facebook. It’s the behemoth’s lifeblood.
This was a statement from the U.K. Parliament House
of Commons Digital, Culture, Media and Sport Committee on 28 March
2018:
Christopher Wylie gave
evidence to the Committee on Tuesday 27th March 2018 during which he
referred to the evidence the Committee is publishing today. This session is
available to watch.
Please note the transcript will be published online shortly.
On
Tuesday 20th March, the Committee Chair Damian Collins MP wrote to Mark
Zuckerberg, CEO of Facebook, requesting oral evidence. Facebook have responded
offering two senior executives. The Committee has accepted evidence from Chris
Cox, Chief Product Officer, but has written today to Facebook to clarify
whether Mr. Zuckerberg will also appear himself, as requested. This
matter was also raised with The UK Prime Minister Theresa May, in her evidence
before the Liaison Committee on the evening of the 27th March. She said that
Facebook should be taking the matter seriously.
On
Thursday 22nd, the Committee wrote to Alexander Nix, the suspended CEO of
Cambridge Analytica, recalling him to Parliament to give further evidence. Mr.
Nix has agreed to come before the Committee again. You can watch the evidence
session that took place on 27th February 2018 where Mr. Nix gave evidence
on Parliamentlive.tv and
read the transcript.
Chris Wylie Background Papers - referring to the work of SCL elections, Cambridge Analytica, Global Science... by clarencegirl on Scribd
Labels:
data mining,
data retention,
elections,
Facebook,
information technology,
Internet,
privacy,
safety
Wednesday 28 March 2018
Turns out that Facebook Inc is the biggest baddie of all on the Internet
“The
FTC is firmly and fully committed to using all of its tools to protect the
privacy of consumers. Foremost among these tools is enforcement action against
companies that fail to honor their privacy promises, including to comply with
Privacy Shield, or that engage in unfair acts that cause substantial injury to
consumers in violation of the FTC Act. Companies who have settled previous FTC
actions must also comply with FTC order provisions imposing privacy and data
security requirements. Accordingly, the FTC takes very seriously recent press
reports raising substantial concerns about the privacy practices of Facebook.
Today, the FTC is confirming that it has an open non-public investigation into
these practices.” [US Federal Trade Commission (FTC), Statement,
26 March 2018]
It may have been the Cambridge Analytica-Facebook situation as first set out by Carole Cadwalladr at The Guardian & The Observer (UK) that recently alerted the average Internet user to the issue of digital privacy on social media and, it was certainly the situation which caught the eye of the US Federal Trade Commission which is now investigating.
The story of that data harvest so far.....
The
Guardian UK,
25 March 2018:
The story of how those
data made the journey from Facebook’s servers to Cambridge Analytica’s is now
widely known. But it is also widely misunderstood. (Many people were puzzled,
for example, by Facebook’s vehement insistence that the exfiltration of a huge
trove of users’ data was not a “breach”.) The shorthand
version of what happened – that “a slug of Facebook data on 50 million
Americans was sucked down by a UK academic named Aleksandr Kogan, and wrongly
sold to Cambridge Analytica” – misses an important point, which is that in
acquiring the data in the first place Kogan was acting with Facebook’s
full knowledge and approval.
In 2013, he wrote an app
called “Thisisyourdigitallife” which offered users an online personality test,
describing itself as “a research
app used by psychologists”.
Approximately 270,000 people downloaded it and
in doing so gave their consent for Kogan to access information such as the city
they set on their profile, or content they had liked, as well as more limited
information about friends who had their privacy settings set to allow it. This
drew more than 50 million unsuspecting Facebook users into Kogan’s net.
The key point is that
all of this was allowed by the terms and conditions under which he was
operating. Thousands of other Facebook apps were also operating under similar
T&Cs – and had been since 2007, when the company turned its social
networking service into an application platform.
So Kogan was only a bit
player in the data-hoovering game: apps such as the insanely popular Candy
Crush, for example, were
also able to collect players’ public profiles, friends lists and email
addresses. And Facebook seemed blissfully indifferent to this open door because
it was central to its commercial strategy: the more apps there were on its
platform the more powerful the network effects would be and the more personal
data there would be to monetise.
That’s why the bigger
story behind the current controversy is the fact that what Cambridge
Analytica claimed to have accomplished would not have been possible
without Facebook. Which means that, in the end, Facebook poses the problem that
democracies will have to solve. [my yellow highlighting]
Now we find out that Facebook Inc is scraping information from Android devices such as mobile phones and adding phone logs to its Big Brother database.
Global
News, 25
March 2018:
In the same week Facebook found itself in
the middle of a massive data scandal, recent reports indicate that the social
media giant has also scraped records of phone calls and SMS data from its users
with Android devices without explicit permission.
New Zealand-based
software developer Dylan McKay tweeted earlier this week that upon downloading
his Facebook data in zip file (which is
an option for all users) he claims to have discovered records of phone
calls and a historical data of every contact on his phone., including contacts
he no longer had, from a period between 2016 and 2017.
Downloaded my facebook data as a ZIP file— Dylan McKay (@dylanmckaynz) March 21, 2018
Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD
After he made the
discovery, McKay set up a Google poll to gather evidence from other users who’ve
been affected.
So far, just under 900
people have responded to the poll, and more than 20 per cent confirmed they
found call records and/or text metadata in their Facebook data archive. Another
74 people responded to the poll saying that MMS data was collected, 106 people
responded saying that SMS data was collected, and 104 responded saying that
cellular calls were collected.
The story was first
published by the tech news website Ars
Technica on Saturday, who interviewed several Facebook users, and had
a member of its staff download their Facebook data archive. Following, this,
the site could confirm that the data file downloaded by the staff member
contained call logs from a device that individual used between 2015 and 2016,
as well as SMS and MMS message data.
Several Global News
staff members also requested their data archives as well in the preparation of
this story and some found that the contact lists from their mobile devices were
recorded in the file. No one noted any text message or call logs in the data
files they downloaded.
Ars Technica reached out to Facebook for comment before the publication of its story, who said that the practice was a common one among social networking and messaging apps.
“The most important part
of apps and services that help you make connections is to make it easy to find
the people you want to connect with. So, the first time you sign in on your
phone to a messaging or social app, it’s a widely used practice to begin by
uploading your phone contacts.”
Following McKay’s
tweets, other users came out on social media expressing similar concerns about
what they discovered after downloading their data archives.
Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year- cool totally not creepy.— Mat Johnson (@mat_johnson) March 23, 2018
I’ve just looked at the data files I requested from Facebook and they had every single phone number in my contacts. They had every single social event I went to, a list of all my friends (and their birthdays) and a list of every text I’ve sent.— Emma Kennedy (@EmmaKennedy) March 25, 2018
…In recent years, the
company has updated this process to clarify that when requesting access to your
contact list, it intends to access all call logs and SMS text messages as well,
but Android users in the past may have unknowingly given Facebook access to
this data. [my yellow highlighting]
It is also wise to remember that even Internet users who do not have a Facebook account have their PC or other digital device scanned for information each time they click on a link to Facebook.
Facebook image via ZDNet, 3 January 2014
ZDNet on 3 January 2014: By "content"
Facebook means “anything you or other users post on Facebook”. By
"information" Facebook means “facts and other information about you,
including actions taken by users and non-users who interact with Facebook”. [my yellow highlighting]
Nor should we ignore this report about Facebook's surreptitious activities.......
Law360
(March 2, 2018, 7:02 PM EST) -- A California federal judge held Friday that
Facebook can’t shake a proposed class action over its allegedly unlawful
collection and storage of non-users’ facial scans, declining to toss the matter
for lack of standing, just as he recently did in a related suit involving users
of the site.
U.S. District Judge James Donato rejected Facebook Inc.’s renewed motion to dismiss litigation led by Frederick William Gullen for lack of subject-matter jurisdiction, pointing to his Feb. 26 decision in a related proposed class action accusing the social media... [my yellow highlighting]
Then there is the lobbying to discourage federal regulation of Facebook.......
U.S. District Judge James Donato rejected Facebook Inc.’s renewed motion to dismiss litigation led by Frederick William Gullen for lack of subject-matter jurisdiction, pointing to his Feb. 26 decision in a related proposed class action accusing the social media...
Then there is the lobbying to discourage federal regulation of Facebook.......
According to SOCIAL MEDIA CASEROUNDUP (selected cases) in April 2015, by 2013 Facebook Inc had spent more than US$1 million on lobbying efforts to water down the US Children's
Online Privacy Protection Act (COPPA). It was particularly concerned about any change of status of third party "add ons"/"plug-ins" which might by default make platforms like Facebook legally liable for any harm to a minor/s which occurred, as well asbeing resistant to any increase in general protections for minors or any expanded definition of protected "personal information" being included in the Act.
Quartz, 22 March 2018:
Facebook
CEO Mark Zuckerberg said yesterday that the
company welcomes more regulation, particularly to bring transparency
to political advertising online. But in recent months, Facebook has been
quietly fighting lawmakers to keep them from passing an act that does exactly
that, campaign transparency advocates and Congressional staff tell Quartz.
The Honest Ads Act was introduced
last October to close a loophole that has existed since politicians
started advertising on the internet, and was expected by many to sail through
Congress. Coming as Congress investigated how Russia used tech companies to
influence the 2016 election, it was considered by many in Washington DC to be
the bare minimum lawmakers could do to address the problem.
The act introduces
disclosure and disclaimer rules to online political advertising. Tech companies
would have to keep copies of election ads, and make them available to the
public. The ads would also have to contain disclaimers similar to those
included in TV or print political ads, informing voters who paid for the ad,
how much, and whom they targeted.
“The benefit of having
disclaimers on all political ads [is] the more suspicious ads would be more
identifiable,” said Brendan Fischer, the director of federal and Federal
Election Commission reform at theCampaign Legal
Center (CLC) in Washington.
In a vote of confidence
from bitterly-divided Washington, the act was rolled out by a bipartisan group
of senators—John McCain, the Republican from Arizona, and Democrats Amy
Klobuchar from Minnesota and Mark Warner of Virginia—and it currently
has the support of 18 senators. But it hasn’t moved from the committee on
“Rules and Administration” since was first introduced, thanks in part to
Facebook’s lobbying efforts.
Fischer, who is a
co-author of a CLC
report on US vulnerabilities online after the 2016 election, accuses
Facebook of “working behind the scenes using the levers of power to stop any
legislation from moving forward.”
Facebook’s lobbying
clout
Lobbyists for the
company have been trying to dissuade senators from moving the Honest Ads Act
forward, some Congressional aides say.
Facebook’s argument to
Congress behind the scenes has been that they are “voluntarily complying” with
most of what the Honest Ads Act asks, so why pass a law, said one Congressional
staffer working on the bill. Facebook also doesn’t want to be responsible for
maintaining the publicly accessible repository of political advertising,
including funding information, that the act demands, the staffer said.
Facebook spent nearly
$3.1 million lobbying Congress and other US federal government agencies in the
last quarter of 2017, on issues including the Honest Ads Act according to its latest
federal disclosure form. It also signed on Blue Mountain Strategies, a
lobbying firm founded by Warner’s former chief of staff, an
Oct. 30, 2017 filing shows.
It’s part of a massive
uptick in lobbying spending in recent years. [my yellow highlighting]
Despite all its lobbying Facebook Inc is not immune from official censure for its deceptive business practices.
Take this analysis of a 2011 binding agreement between the US Federal Trade Commission and Facebook Inc.....
FEDERAL TRADE COMMISSION [File No. 092 3184], 2 December 2011:
Despite all its lobbying Facebook Inc is not immune from official censure for its deceptive business practices.
Take this analysis of a 2011 binding agreement between the US Federal Trade Commission and Facebook Inc.....
FEDERAL TRADE COMMISSION [File No. 092 3184], 2 December 2011:
The Federal Trade
Commission has accepted, subject to final approval, a consent agreement from
Facebook, Inc. (‘‘Facebook’’)……
The Commission’s
complaint alleges eight violations of Section 5(a) of the FTC Act, which
prohibits deceptive and unfair acts or practices in or affecting commerce, by
Facebook:
*
Facebook’s Deceptive Privacy Settings: Facebook communicated
to users that they could restrict certain information they provided on the site
to a limited audience, such as ‘‘Friends Only.’’ In fact, selecting these
categories did not prevent users’ information from being shared with Apps that
their Friends used.
*
Facebook’s Deceptive and Unfair December 2009 Privacy Changes:
In December 2009, Facebook changed its site so that certain information that
users may have designated as private— such as a user’s Friend List —was made
public, without adequate disclosure to users. This conduct was also unfair to
users.
*
Facebook’s Deception Regarding App Access: Facebook represented
to users that whenever they authorized an App, the App would only access the
information of the user that it needed to operate. In fact, the App could
access nearly all of the user’s information, even if unrelated to the App’s
operations. For example, an App that provided horoscopes for users could access
the user’s photos or employment information, even though there is no need for a
horoscope App to access such information.
* Facebook’s Deception Regarding Sharing
with Advertisers: Facebook promised users that it would not share their
personal information with advertisers; in fact, Facebook did share this
information with advertisers when a user clicked on a Facebook ad.
*
Facebook’s Deception Regarding Its Verified Apps Program:
Facebook had a ‘‘Verified Apps’’ program through which it represented that it
had certified the security of certain Apps when, in fact, it had not.
*
Facebook’s Deception Regarding Photo and Video Deletion: Facebook stated to
users that, when they deactivate or delete their accounts, their photos and
videos would be inaccessible. In fact, Facebook continued to allow access to
this content even after a user deactivated or deleted his or her account.
*
Safe Harbor: Facebook deceptively stated that it
complied with the U.S.-EU Safe Harbor Framework, a mechanism by which U.S.
companies may transfer data from the European Union to the United States
consistent with European law.
The proposed order
contains provisions designed to prevent Facebook from engaging in practices in
the future that are the same or similar to those alleged in the complaint.
Part I of the proposed
order prohibits Facebook from misrepresenting the privacy or security of ‘‘covered
information,’’ as well as the company’s compliance with any privacy, security,
or other compliance program, including but not limited to the U.S.-EU Safe
Harbor Framework. ‘‘Covered information’’ is defined broadly as ‘‘information
from or about an individual consumer, including but not limited to:
(a) A first
or last name;
(b) a home or other physical address, including street name and
name of city or town; (c) an email address or other online contact information,
such as an instant messaging user identifier or a screen name;
(d) a mobile or
other telephone number;
(e) photos and videos; (f) Internet Protocol (‘‘IP’’)
address, User ID, or other persistent identifier; (g) physical location; or
(h)
any information combined with any of (a) through (g) above.’’
Part II of the proposed
order requires Facebook to give its users a clear and prominent notice and
obtain their affirmative express consent before sharing their
previously-collected information with third parties in any (a) through (g)
above.’’ Part II of the proposed order requires Facebook to give its users a
clear and prominent notice and obtain their affirmative express consent before
sharing their previously-collected information with third parties in any way
that materially exceeds the restrictions imposed by their privacy settings. A
‘‘material . . . practice is one which is likely to affect a consumer’s choice
of or conduct regarding a product.’’ FTC Policy Statement on Deception,
Appended to Cliffdale Associates, Inc.,
103 F.T.C. 110, 174 (1984).
Part III of the proposed
order requires Facebook to implement procedures reasonably designed to ensure
that a user’s covered information cannot be accessed from Facebook’s servers
after a reasonable period of time, not to exceed thirty (30) days, following a
user’s deletion of his or her account.
Part IV of the proposed
order requires Facebook to establish and maintain a comprehensive privacy
program that is reasonably designed to:
(1) Address privacy risks related to
the development and management of new and existing products and services, and
(2) protect the privacy and confidentiality of covered information. The privacy
program must be documented in writing and must contain controls and procedures
appropriate to Facebook’s size and complexity, the nature and scope of its
activities, and the sensitivity of covered information. Specifically, the order
requires Facebook to:
* Designate an employee
or employees to coordinate and be responsible for the privacy program;
* Identify
reasonably-foreseeable, material risks, both internal and external, that could
result in the unauthorized collection, use, or disclosure of covered
information and assess the sufficiency of any safeguards in place to control
these risks;
* Design and implement
reasonable controls and procedures to address the risks identified through the
privacy risk assessment and regularly test or monitor the effectiveness of these
controls and procedures;
* Develop and use
reasonable steps to select and retain service providers capable of appropriately
protecting the privacy of covered information they receive from respondent, and
require service providers by contract to implement and maintain appropriate
privacy protections; and
* Evaluate and adjust
its privacy program in light of the results of the testing and monitoring, any
material changes to its operations or business arrangements, or any other
circumstances that it knows or has reason to know may have a material impact on
the effectiveness of its privacy program.
Part V of the proposed
order requires that Facebook obtain within 180 days, and every other year
thereafter for twenty (20) years, an assessment and report from a qualified,
objective, independent third-party professional, certifying, among other
things, that it has in place a privacy program that provides protections that
meet or exceed the protections required by Part IV of the proposed order; and
its privacy controls are operating with sufficient effectiveness to provide
reasonable assurance that the privacy of covered information is protected.
Parts VI through X of the proposed order are reporting and compliance
provisions. Part VI requires that Facebook retain all ‘‘widely disseminated
statements’’ that describe the extent to which respondent maintains and
protects the privacy, security, and confidentiality of any covered information,
along with all materials relied upon in making such statements, for a period of
three (3) years. Part VI further requires Facebook to retain, for a period of
six (6) months from the date received, all consumer complaints directed at
Facebook, or forwarded to Facebook by a third party, that relate to the conduct
prohibited by the proposed order, and any responses to such complaints. Part VI
also requires Facebook to retain for a period of five (5) years from the date
received, documents, prepared by or on behalf of Facebook, that contradict,
qualify, or call into question its compliance with the proposed order. Part VI
additionally requires Facebook to retain for a period of three (3) years, each materially
different document relating to its attempt to obtain the affirmative express
consent of users referred to in Part II, along with documents and information
sufficient to show each user’s consent and documents sufficient to demonstrate,
on an aggregate basis, the number of users for whom each such privacy setting
was in effect at any time Facebook has attempted to obtain such consent.
Finally, Part VI requires that Facebook retain all materials relied upon to
prepare the third-party assessments for a period of three (3) years after the
date that each assessment is prepared.
Part VII requires dissemination of the
order now and in the future to principals, officers, directors, and managers,
and to all current and future employees, agents, and representatives having
supervisory responsibilities relating to the subject matter of the order. Part
VIII ensures notification to the FTC of changes in corporate status. Part IX
mandates that Facebook submit an initial compliance report to the FTC and make
available to the FTC subsequent reports. Part X is a provision ‘‘sunsetting’’
the order after twenty (20) years, with certain exceptions.
The purpose of the
analysis is to aid public comment on the proposed order. It is not intended to
constitute an official interpretation of the complaint or proposed order, or to
modify the proposed order’s terms in any way.
By direction of the Commission.
Donald S. Clark, Secretary. [FR Doc. 2011–31158 Filed 12–2–11; 8:45
am [my yellow highlighting]
Labels:
Big Brother,
big data,
ethics,
Facebook,
information technology,
Internet,
law,
privacy,
safety
Wednesday 17 January 2018
Things you should know if you are logging on to a website using your Facebook account
The Daily Telegraph, 5 January 2018:
Ian Cox of Supremo.tv said: “If you’ve ever pressed ‘Login with Facebook’ on a website, you’re giving Facebook permission to share sensitive data with the site you are visiting.
“This includes, for example, your personal email address, where you live, where you work, details about your relationship, places you have recently been and who you’re friends with.
“In today’s digital age, people are sharing just about everything on social media sites like Facebook. But most are unaware of just how much can be seen by brands, businesses and, in some cases, criminals.
“The best way to stay protected online is to only share what you would be happy with the whole world seeing.
“As tempting as it may be to rejoice about the fact that the whole family is going on a weekend away, keep in mind that you may be inadvertently letting criminals know that your house is empty during this time.”
WHAT INFORMATION CAN FACEBOOK SHARE ABOUT YOU?
* Your public profile (name, age, gender, location, profile picture, timezone)
* All your likes
* Your friends
* Where you are now
* Your email address
* Your photos
* Your “about me” section
* All your posts
* Your birthday
* Your relationship details
* Your education history
* Your religion/politics
* Events you’ve been to
* Your work history
* Where you are from
* Your phone number
Thursday 11 January 2018
NSW Auditor-General not impressed by government agencies cyber security risk management
“Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.” [NSW Auditor-General, Report on Internal Controls and Governance 2017, December 2017]
On 20 December 2017 the NSW Auditor-General released the Report on Internal Controls and Governance 2017.
Two-thirds of NSW government agencies are failing to properly safeguard their data, increasing the risk of improper access to confidential information about members of the public and identity fraud by cyber criminals.
The finding has emerged from an audit of dozens of government agencies, including those holding highly sensitive personal information collected from millions of citizens, such as NSW Health, the department of education, NSW Police Force, Roads and Maritime Services and the justice department.
While the report by auditor-general Margaret Crawford does not name the agencies failing to properly manage privileged access to their systems, it highlights the potential consequences.
"Personal information collected by public sector agencies about members of the public is of high value to cyber criminals, as it can be used to create false identities to commit other crimes," she says in the report.
"Despite these risks, we found that one agency had 37 privileged user accounts, including 33 that were dormant. The agency had no formal process to create, modify or deactivate privileged users."
Overall, Ms Crawford's report found 68 per cent of NSW government agencies "do not adequately manage privileged access to their systems".
In addition, she said, the audit determined that 61 per cent of agencies "do not regularly monitor the account activity of privileged users".
"This places those agencies at greater risk of not detecting compromised systems, data breaches and misuse," the report said.
The audit found 31 per cent of agencies "do not limit or restrict privileged access to appropriate personnel". Of those, just one-third monitor the account activity of privileged users.
It found that almost one-third of agencies breach their own security policies on user access.
The report warns that if agencies fail to implement proper controls "they may also breach NSW laws and policies and the international standards that they reference".
Read the full article here.
List of NSW Government Agencies Examined by NSW Auditor-General
Education
|
Department of Education
|
Family and Community Services
|
Department of Family and Community Services
|
New South Wales Land and Housing Corporation
|
Finance, Services and Innovation
|
Department of Finance, Services and Innovation * Specifically identified in report
|
Place Management NSW
|
Property NSW
|
Service NSW
|
Health
|
NSW Health
|
Industry
|
Department of Industry
|
Destination NSW
|
Forestry Corporation of New South Wales
|
Office of Sport
|
TAFE Commission
|
Water NSW
|
Justice
|
Department of Justice
|
Fire and Rescue NSW
|
Legal Aid Commission of New South Wales
|
NSW Police Force
|
Office of the NSW Rural Fire Service
|
Planning and Environment
|
Department of Planning and Environment
|
Essential Energy
|
Hunter Water Corporation
|
Landcom
|
Office of Environment and Heritage
|
Office of Local Government
|
Sydney Water Corporation
|
Premier and Cabinet
|
Department of Premier and Cabinet
|
Transport
|
NSW Trains
|
Rail Corporation New South Wales
|
Roads and Maritime Services
|
Sydney Trains
|
Transport for NSW
|
WCX M4 PTY Limited
|
WCX M5 PTY Limited
|
Treasury
|
Crown Finance Entity
|
Insurance and Care NSW
|
Lifetime Care and Support Authority
|
NSW Treasury Corporation
|
NSW Self Insurance Corporation
|
Excerpt from Report on Internal Controls and Governance 2017:
Some deficiencies were common across agencies
The most common internal control deficiencies were poor or absent IT controls related to:
user access management
password management
privileged access management
user acceptance testing.
The most common governance deficiencies related to:
management of cyber security risks
capital project governance
management of shared service arrangements
conflicts-of-interest management
gifts-and-benefits management
risk management maturity
ethical behaviour policies and statements.
Labels:
big data,
data retention,
information technology,
Internet,
NSW government,
privacy,
risk,
safety
Subscribe to:
Posts (Atom)