Former Murdoch journalist in charge of MyHealth records –what could possibly go wrong?

Former news editor of the notorious Newscorp publication The Sunday Times which was involved in the UK hacking scandal, former  Executive Director of Transparency and Open Data in the UK Cabinet Office and then National Director for Patients and Information and head of the toxic government Care.data project which stored patient medical information in a single database. before ending up as the commercial director of Telstra Health in Australia, Tim Kelsey, was appointed as CEO of the Australian Digital Health Agency by the Turnbull Coalition Government to progress the stalled My Health Record national database in 2016 with a salary worth $522,240 a year.

 A curriculum vitae which may go some way to explaining why reports are beginning to emerge of individuals seeking to opt-out of My Health Record finding out they have been registered by stealth in the Australian national database some years ago.

Crikey.com.au, 18 July 2018:

The bureaucrat overseeing My Health Record presided over a disaster-plagued national health record system in the UK, and has written passionately about the belief people have no right to opt out of health records or anonymity.

Tim Kelsey is a former British journalist who moved into the electronic health record business in the 2000s. In 2012, he was appointed to run the UK government’s national health record system, Care.data, which was brought to a shuddering halt in 2014 after widespread criticism over the sale of patients’ private data to drug and insurance companies, then scrapped altogether in 2016. By that stage, Kelsey had moved to Telstra in Australia, before later taking a government role. There was considerable criticism about the lack of information around Care.data, and over 700,000 UK people opted out of the system.

Kelsey vehemently opposed allowing people to opt out — the exact model he is presiding over in Australia. In a 2009 article, “Long Live The Database State”, for Prospect…..

For Kelsey, this was necessary for effective health services…….

Kelsey also expressed his opposition to the anonymisation of data, even of the most personal kind…... 

Kelsey’s vision was of a vast state apparatus collecting, consolidating and distributing private information to enable an interventionist state.

Moreover, he stated others should have access to data…..

ADHA, Kelsey is doing little to fix his reputation for controversy. On Saturday, ADHA released an extraordinary 1000-word attack on News Corp health journalist Sue Dunlevy who correctly pointed out the strong risk to privacy in the My Health Record system. The statement repeatedly criticised Dunlevy, accusing her of “dangerous fearmongering” and being “misleading and ignorant”.

Dunlevy had rightly noted the lack of any effective information campaign about My Health record (exactly the criticism made of Care.data), prompting ADHA to boast of its $114 million campaign at Australia Post shops, Department of Human Services “access points” and letters to health practitioners. It makes you wonder why even News Corp’s Janet Albrechtsen said she’d never heard of My Health Record until last week…. 

Turnbull and Keenan botching digital transformation policy

The Australian Minister for Human Services, Minister Assisting the Prime Minister for Digital Transformation and Liberal MP for Stirling, 46 year-old Michael Fayat Keenan, is all gung-ho for digital transformation.

The problem is that he is just not good at being transformative – rather like his prime minister.

One could almost see the trainwreck coming down the line from the moment of then Communications Minister Turnbull's initial joint announcement with then Prime Minister Tony Abbott in 2015.

Despite the obvious problems Michael Keenan will be commencing pre-rollout trials of a facial recognition program this year,

Yahoo News, 1 July 20118:

Welfare recipients will soon be asked to have their faces scanned before they can claim their benefits.

It is part of a new trial of biometric security measures the government will begin within months.

Similar to how SmartGates work at airports to check passports, government services will ask recipients to take a photo on a computer or phone to create a MyGov ID.

The photo will then be checked against passports and driver’s licences.

But there are questions as to whether this information could be misused.

Australian Privacy Foundation’s Bernard Robertson-Dunn said people needed to be assured “it works properly” and the government “doesn’t use the technology to do things it didn’t say it was going to do”.

Human Services Minister Michael Keenan said on May 1 the misuse of data which could be used to “impinge on people’s privacy” was “clearly” a concern for many Australians.

The 2016 Census is an example of a recent government technology fail….

Uses for the MyGov ID will trial from October – with an all-online way to get a tax file number.

Next year Centrelink services, including Newstart and Youth Allowance, will also be trialled.

Here is the organisational and technological mess that Keenan helped create…..

The Canberra Times, 29 June 2018, p.14:

The agency charged with guiding IT projects has been sidelined from major policies and is removed from the Coalition's thinking about digital reform, an inquiry into the government's $10 billion tech spend has found.

A report released on Wednesday has called for a central vision to guide the government in its IT reform and found changes to the Digital Transformation Agency had left it watching on as major tech projects hit disaster.

The inquiry found the DTA did not have the Australian Criminal Intelligence Commission's botched project to adopt biometric technology on its watchlist and that it had failed to involve itself in determining why the Education Department's Australian Apprenticeship Management System project was called off.

It was sidelined as the Department of Home Affairs took charge of cyber policy, the Prime Minister's department assumed control of data policy and the newly created Office of the Information Commissioner was created separate from the DTA, the report said.

"The evidence heard by this committee revealed an organisation that was not at the centre of government thinking about digital transformation, or responsible for the creation and enactment of a broader vision of what that transformation would look like," it said.

News.com.au, 12 June 2018:

Australians will be able to access government services with a single log-in under a plan to create a "single digital identity" by 2025.

Michael Keenan, the federal minister in charge of digital services, said face-to-face interactions with government services would be greatly reduced.

"Think of it as a 100-point digital ID check that will unlock access to almost any government agency through a single portal such as a myGov account," Mr Keenan said.

The minister wants Australia to be a world leader in digital government, with almost all services to be available online by 2025.

Mr Keenan said having 30 different log-ins for government services is not good enough.

"The old ways of doing things, like forcing our customers to do business with us over the counter, must be re-imagined and refined," he said.

People will need to establish their digital identity once before being able to use it across services.

The first of several pilot programs using a "beta" version of what will be known as myGovID will begin in October.

The initial pilot will enable 100,000 participants to apply for a tax file number online, which Mr Keenan says will reduce processing time to a day from up to a month currently.

In a pilot starting from March next year, services including student identification and Centrelink will be connected to the digital identity.

Also from March 2019, 100,000 people will be able to use their digital identity to create their My Health Record online.

Mr Keenan says one face-to-face or over-the-counter transaction costs on average about $17 to process, while an online transaction can cost less than 40 cents.

The Human Services department will operate as the gateway between service providers and people.

"This is key to protecting privacy, as the exchange will act as a double-blind - service providers will not see any of the user's ID information and identity providers will not know what services each user is accessing," Mr Keenan said.

Labor digital economy spokesman Ed Husic said the Turnbull government was responsible for a "dirty dozen" of failed digital transformation failures, including the census and tax office website crashes.

"The biggest challenge confronting the Turnbull government is to quit its addiction to glitzy digital announcements and get stuck into properly delivering these multimillion-dollar projects," Mr Husic said.

The Australian Crime Intelligence Commission has suspended the contract for its beleaguered biometric identification services project in order to renegotiate it after the contractor failed to meet the deadline for completion and the cost ran $40 million over budget.

It follows a recommendation from a scathing independent review late last year that the contract be overhauled, the project be simplified and the timeline for delivery changed.

In 2016 ACIC (then CrimTrac) contracted NEC Australia to deliver a program that would replace the national automated fingerprint identification system, adding in facial recognition, palm prints and foot prints and would be available for use by police forces around the country.

Industry news website InnovationAus reported on Wednesday that NEC contractors had been marched from ACIC's premises on Monday June 4, after being told that the project had been suspended at the start of June.

It is believed the project has been suspended until Friday, while the negotiations over the contract take place.

A PricewaterhouseCoopers report last November seen by Fairfax Media said "a chain of decisions involving all levels and stakeholders" had led to the project running behind schedule and over budget.

It recommended that the scope of the project be simplified and standardised, and called it "highly challenged" and presenting a "high risk" to the commission.

"There is low confidence in likelihood of delivery which requires focus to achieve turnaround."

Poor communication, operational silos, limited collaboration and a failure to estimate the project's complexity had blown it off-track, the report said.

The report also recommended that the existing fingerprint database contract with Morpho be extended for 12 months after its expiry last month. It is not clear whether this contract was extended as recommended……

NEC Australia was also the contractor for the failed Australian apprentice management system, which was dumped by the Department of Education and Training last month due to critical defects, also found by a report by PwC.

InnovationAus, 12 June 2018:

NEC Australia won a $52 million tender for the Biometric Identification Services project in early 2016. The project involved replacing the ACIC’s National Automated Fingerprint Identification System with a “multi-modal biometric identification” service, incorporating fingerprints, footprints and facial recognition.

But the project is running behind schedule and is understood to be returning a high amount of false positives.

ABC News, 28 May 2018:

A massive case of mistaken identity in the UK is prompting calls for a rethink on plans to use facial recognition technology to track down terrorists and traffic offenders.

"If you have technology that is not up to scratch and it is bringing back high returns of false positives then you really need to go back to the drawing board," president-elect of the Law Council of Australia Arthur Moses told AM.

The comments follow revelations a London police trial of facial recognition technology generated 104 "alerts", of which 102 were false.

The technology scanned CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in London in search of wanted criminals.

Only 39 days to go until concerned Australian citizens can opt out of the Turnbull Government's collection of personal health information for its national database

Apparently this email is currently being sent out to registered Australian citizens.

Australian Digital Health Agency, email, 5 June 2018:

Hello,

You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.

If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.

The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.

Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.

A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.

For further information about the My Health Record, please visit the My Health Record website.

Thank you,

The My Health Record System Operator
www.digitalhealth.gov.au

[my yellow highlighting]

An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook

Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered  the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".

Healthcare IT News, 4 May 2018:

Weeks before the anticipated announcement of the My Health Record opt out period, an insider’s leak has claimed the Australian Digital Health Agency has decided associated risks for consumers “will not be explicitly discussed on the website”.

As the ADHA heads towards the imminent announcement of the three-month window in which Australians will be able to opt out of My Health Record before being signed up to the online health information repository, the agency was caught by surprise today when details emerged in a blog post by GP and member of the steering group for the national expansion of MHR, Dr Edwin Kruys.

Kruys wrote that MHR offers “clear benefits” to healthcare through providing clinicians with greater access to discharge summaries, pathology and diagnostic reports, prescription records and more, but said “every digital solution has its pros and cons” and behind-the-scenes risk mitigation has been one of the priorities of the ADHA. However, he claimed Australians may not be made aware of the risks involved in allowing their private medical information to be shared via the Federal Government’s system.

“It has been decided that the risks associated with the MyHR will not be explicitly discussed on the website,” Kruys wrote.

“This obviously includes the risk of cyber attacks and public confidence in the security of the data.”

The most contentious contribution in the post related to the secondary use of Australians’ health information, the framework of which has yet to be announced by Health Minister Greg Hunt.

Contacted by HITNA, the agency moved swiftly to have Kruys delete the paragraph relating to secondary use.

In the comment that has since been removed, Kruys wrote, “Many consumers and clinicians regard secondary use of the MyHR data as a risk. The MyHR will contain a ‘toggle’, giving consumers the option to switch secondary use of their own data on or off.”

Under the My Health Records Act 2012, health information in MHR may be collected, used and disclosed “for any purpose” with the consent of the healthcare recipient. One of the functions of the system operator is “to prepare and provide de-identified data for research and public health purposes”. 

Before these provisions of the act will be implemented, a framework for secondary use of MHR systems data must be established. 

HealthConsult was engaged to assist the Federal Government in developing a draft framework and implementation plan for the process and within its public consultation process in 2017 received supportive submissions from the Australasian College of Health Informatics, the Australian Bureau of Statistics and numerous research institutes, universities, and clinicians’ groups.

Computerworld, 14 May 2018:

Use of both de-identified data and, in some circumstances, identifiable data will be permitted under a new government framework for so-called “secondary use” of data derived from the national eHealth record system. Linking data from the My Health Record system to other datasets is also allowed under some circumstances.

The Department of Health last year commissioned the development of the framework for using My Health Record data for purposes other than its primary purpose of providing healthcare to an individual.

Secondary use can include research, policy analysis and work on improving health services.

Under the new framework, individuals who don’t want their data used for secondary purposes will be required to opt-out. The opt-out process is separate from the procedure necessary for individuals who don’t want an eHealth record automatically created for them (the government last year decided to shift to an opt-out approach for My Health Record)……

Access to the data will be overseen by an MHR Secondary Use of Data Governance Board, which will approve applications to access the system.

Any Australian-based entity with the exception of insurance agencies will be permitted to apply for access the MHR data. Overseas-based applicants “must be working in collaboration with an Australian applicant” for a project and will not have direct access to MHR data.

The data drawn from the records may not leave Australia, but under the framework there is scope for data analyses and reports produced using the data to be shared internationally……

The Department of Health came under fire in 2016 after it released for download supposedly anonymised health data. Melbourne University researchers were able to successfully re-identify a range of data.

Last month the Office of the Australian Information Commissioner revealed that health service providers accounted for almost a quarter of the breaches reported in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.

The Sydney Morning Herald, 14 May 2018:

Australians who don't want a personal electronic health record will have from July 16 to October 15 to opt-out of the national scheme the federal government announced on Monday.

Every Australian will have a My Health Record unless they choose to opt-out during the three-month period, according to the Australian Digital Health Agency.

The announcement follows the release of the government’s secondary use of data rules earlier this month that inflamed concerns of patient privacy and data use.

Under the framework, medical information would be made available to third parties from 2020 - including some identifying data for public health and research purposes - unless individuals opted out.

In other news....... 

The Sydney Morning Herald, 14 May 2018:

A cyber attack on Family Planning NSW's website has exposed the personal information of up to 8000 clients, including women who have booked appointments or sought advice about abortion, contraception and other services.

Clients received an email from FPNSW on Monday alerting them that their website had been hacked on Anzac Day.

The compromised data contained information from roughly 8000 clients who had contacted FPNSW via its website in the past 2½ years to make appointments or give feedback.

It included the personal details clients entered via an online form, including names, contact details, dates of birth and the reason for their enquiries….

The website was secured by 10am on April 26, 2018 and all web database information has been secure since that time

SBS News, 14 May 2018:

Clients were told Family Planning NSW was one of several agencies targeted by cybercriminals who requested a bitcoin ransom on April 25…..

The not-for-profit has five clinics in NSW, with more than 28,000 people visiting every year.

The most recent Digital Rights Watch State of Digital Rights (May 2018) report can be found here.

The report’s 8 recommendations include:

Repeal of the mandatory metadata retention scheme

Introduction of a Commonwealth statutory civil cause of action for serious invasions of privacy

A complete cessation of commercial espionage conducted by the Australian Signals Directorate

Changes to copyright laws so they are flexible, transparent and provide due process to users

Support for nation states to uphold the United Nations Convention on the Rights of the Child in the digital age

Expand the definition of sensitive information under the Privacy Act to specifically include behavioural biometrics

Increase measures to educate private businesses and other entities of their responsibilities under the Privacy Act regarding behavioural biometrics, and the right to pseudonymity

Introduce a compulsory register of entities that collect static and behavioural biometric data, to provide the public with information about the entities that are collecting biometric data and for what purpose

The loopholes opened with the 2011 reform of the FOI laws should be closed by returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the FOI Act, with the interpretation of national security as a ground for refusal of FOI requests being reviewed and narrowed

Telecommunications providers and internet platforms must develop processes to increase transparency in content moderation and, make known what content was removed or triggered an account suspension.

File this under "Yet Another National Database" cross referenced wih "What Could Possibly Go Wrong?"

The Sydney Morning Herald, 6 May 2018:

A massive breach of Commonweath Bank data exposed last week has raised security fears around a new national database of Australian bank customers, as Labor pushes for a delay to part of the scheme's scheduled introduction in less than two months.

The database - set to go live on July 1 - will include the details of every person who has taken out a loan or a credit card, along with their repayment history.

The Mandatory Comprehensive Credit Reporting scheme was a recommendation of the 2014 financial system inquiry and is designed to give lenders access to a deeper, richer set of data to ensure loans are only being approved for people who can afford to repay them.

The new requirements will first apply to the Commonwealth Bank, ANZ Bank, Westpac and National Australia Bank, given they account for up to 80 per cent of lending to households.

But the collection of sensitive data by private companies has raised concerns in the wake of several high-profile data breaches, including the disappearance of 20 million customers records from the Commonwealth Bank.

The Financial Rights Legal Centre and the Consumer Action Law Centre claim the financial details of millions of Australians will be vulnerable under the new scheme - which includes positive and negative credit histories.

Financial Rights Legal Centre policy officer Julia Davis said the development "was a major intrusion into our financial privacy".

"I don’t think Australians realise this is about to happen," she said.

The legislation states all credit reporting bodies must store the information on a cloud service that has been assessed by the Australian Signals Directorate. It also contains a provision allowing banks to stop supplying customer data to credit providers should there be a major security breach.

Ms Davis said the oversight was welcome but the internal systems of credit reporting bodies remained "completely opaque."

"Once that data goes live in the one place you can't put the toothpaste back in the tube," she said.

Equifax, one of the companies which will have access to the data, had its systems in the US hacked last year, exposing the personal information of 143 million Americans and triggering to the resignation of its chief executive.

It is also being sued by consumer watchdog the Australian Competition and Consumer Commission over allegations it misrepresented its product to consumers by asking them to pay for their own credit histories which are usually available online for free.

The company's general manager of external relations, Matthew Strassberg, said Equifax had "only been a marquee above the door for six months," after the US giant took over the Australian operation formerly known as Veda.

He said the credit reporting business would provide "a 360 degree picture."

"A bank will have a very deep insight into what they know of you," he told Fairfax Media.

Mr Strassberg said he recognised that Australians were concerned about data security…..

Is Telstra selling customer location data? Did it ever specifically request permission from account holders?

https://www.telstra.com.au/content/dam/tcom/personal/privacy/pdf/sample-data-oct-2015.pdf

The Sydney Morning Herald, 4 May 2018:

Telstra is making money by on-selling location data from its customers' mobile phones in similar deals to a partnership with the Bureau of Statistics that caused a public backlash last week.

The Australian Bureau of Statistics came under fire for partnering with the telco for a study in 2016, which used mobile phone data showing how many people were in particular suburbs hour by hour.

Similar data is now available for a fee, after the Location Insights program was quietly launched by the telco in July 2016. The Australian Bureau of Statistics was the first licensee under the program, but has not used Telstra's Location Insights since then.

Data available to Telstra's clients can be broken down into 15 minute increments, and demographics broken down by age groups and gender. The smallest geographic areas available for analysis are the same as the Australian Bureau of Statistics' smallest statistical area, which have an average population of 400 people and could have as few as 200 people.

In a video used to spruik the service by Telstra, potential customers are listed as local governments and transport companies. It’s not clear how many organisations have used the service, or what the price tag is for such information.

“Imagine if you could know what is happening in your community, region, or city hub, every 15 minutes,” a voiceover in the Youtube video promoting the program said.

“Telstra Location Insights builds industry-specific metrics where data sets are used for modelling purposes and then extrapolated to estimate for the entire population,” a Telstra spokesman said.

“These metrics are aggregated spatially and temporally before differential privacy and k-anonymisation are both applied to completely anonymise the data.”

This explanation is not accepted by senior lecturer at the University of Melbourne Vanessa Teague.

“In order to know whether those things actually work, we need to see what the parameters are and how they're applied to the data in order to be assured that they’re applied correctly and they work,” Dr Teague said.

Dr Teague is chair of the Cybersecurity and Democracy Network and was part of a team of researchers who re-identified patient health records from Pharmaceutical Benefits Scheme data that was released by the government.

“It's possible that [anonymising the data] has been done correctly, it's also possible that they think it’s been done correctly but they’re wrong. And really the only way to assess that is to get a clear and detailed technical description of what they've done,” Dr Teague said.

“If they've done it right then there's no reason to be secretive about the details of what they’ve done, if they’ve done it wrong then they are better off getting a genuine open assessment of it so they can find out sooner rather than later.”

Telstra said the use of the information was in line with its privacy statement, which states that customers’ information could be shared with “our dealers, our related entities or our business or commercial partners and other businesses we work with”.

Dr Teague is sceptical about that explanation. “Just because a company holds highly sensitive information about you doesn’t mean that that data is their property that they should then be able to turnaround and sell without asking you,” she said.

Now when I read Telstra's privacy statement I do not recall that it mentioned that it would be selling mobile phone location information in SA1 statistical level data bundles captured at 15 minute intervals (as mentioned in the news article) and, that those bundles could be used to create data sets which track an individual's movements over time in relatively fine detail.

Yamba in the Clarence Valley NSW is a quiet little town with a population of approx. 6,076 persons living in 3,820 dwellings spread across est. 16 SLA1 statistical levels and in over 100 even smaller statistical Mesh Blocks.

http://stat.abs.gov.au/itt/r.jsp?ABSMaps 

I suspect that many Yamba residents will not be happy with the idea that Telstra Corporation Limited will alllow their movements to be tracked and their daily habits predicted if an individual, private company, government agency or political party pays them for the town's mobile phone location data.

In Febuary-March 2018 there were 63 Notifiable Data Breaches in Australia involving the personal information of up to 341,849 individuals

In the 2016–17 financial year, the Office of the Australian Information Commissioner (OAIC) reported that it received 114 data breach notifications on a voluntary basis.

On 22 February the Notifiable Data Breaches (NDB) scheme came into force.

Between 22 February and 31 March 2018 there were 63 mandatory notifiable data breaches reported involving the personal information of up to est. 341,849 individuals, with 55 of these breaches reported in March alone.

Of these breaches:

24 were the result of criminal or malicious attack;

32 were the result of human error;

2 were system fault; and

1 was classified as “Other”.

The type of personal information involved in the data breaches:

Three of these data breaches involved the personal information of between 10,000 and 999,999 people in each instance.

At least 15 of the 63 data breached involved personal information held by “health service providers”. Health service providers are considered to be any organisation that provides a health service and holds health information.

Every individual whose personal information was breached was supposed to be notified by the entity holding their information, however the OAIC Quarterly Statistics Report: January 2018 - March 2018 did not specifically state that this had occurred. 

Turns out that Facebook Inc is the biggest baddie of all on the Internet

“The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.”  [US Federal Trade Commission (FTC), Statement, 26 March 2018]

It may have been the Cambridge Analytica-Facebook situation as first set out by Carole Cadwalladr at The Guardian & The Observer (UK) that recently alerted the average Internet user to the issue of digital privacy on social media and, it was certainly the situation which caught the eye of the US Federal Trade Commission which is now investigating.

The story of that data harvest so far.....

The Guardian UK, 25 March 2018:

The story of how those data made the journey from Facebook’s servers to Cambridge Analytica’s is now widely known. But it is also widely misunderstood. (Many people were puzzled, for example, by Facebook’s vehement insistence that the exfiltration of a huge trove of users’ data was not a “breach”.) The shorthand version of what happened – that “a slug of Facebook data on 50 million Americans was sucked down by a UK academic named Aleksandr Kogan, and wrongly sold to Cambridge Analytica” – misses an important point, which is that in acquiring the data in the first place Kogan was acting with Facebook’s full knowledge and approval.

In 2013, he wrote an app called “Thisisyourdigitallife” which offered users an online personality test, describing itself as “a research app used by psychologists”. 

Approximately 270,000 people downloaded it and in doing so gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it. This drew more than 50 million unsuspecting Facebook users into Kogan’s net.

The key point is that all of this was allowed by the terms and conditions under which he was operating. Thousands of other Facebook apps were also operating under similar T&Cs – and had been since 2007, when the company turned its social networking service into an application platform.

So Kogan was only a bit player in the data-hoovering game: apps such as the insanely popular Candy Crush, for example, were also able to collect players’ public profiles, friends lists and email addresses. And Facebook seemed blissfully indifferent to this open door because it was central to its commercial strategy: the more apps there were on its platform the more powerful the network effects would be and the more personal data there would be to monetise.

That’s why the bigger story behind the current controversy is the fact that what Cambridge Analytica claimed to have accomplished would not have been possible without Facebook. Which means that, in the end, Facebook poses the problem that democracies will have to solve. [my yellow highlighting]

However, it is not the only way Facebook is collecting personal information to enrich Zuckerberg and his shareholders.

Now we find out that Facebook Inc is scraping information from Android devices such as mobile phones and adding phone logs to its Big Brother database.

Global News, 25 March 2018:

In the same week Facebook found itself in the middle of a massive data scandal, recent reports indicate that the social media giant has also scraped records of phone calls and SMS data from its users with Android devices without explicit permission.

New Zealand-based software developer Dylan McKay tweeted earlier this week that upon downloading his Facebook data in zip file (which is an option for all users) he claims to have discovered records of phone calls and a historical data of every contact on his phone., including contacts he no longer had, from a period between 2016 and 2017.

Downloaded my facebook data as a ZIP file

Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD

— Dylan McKay (@dylanmckaynz) March 21, 2018

After he made the discovery, McKay set up a Google poll to gather evidence from other users who’ve been affected.

So far, just under 900 people have responded to the poll, and more than 20 per cent confirmed they found call records and/or text metadata in their Facebook data archive. Another 74 people responded to the poll saying that MMS data was collected, 106 people responded saying that SMS data was collected, and 104 responded saying that cellular calls were collected.

READ MORE: Here’s who’s using your Facebook activity to get inside your head

The story was first published by the tech news website Ars Technica on Saturday, who interviewed several Facebook users, and had a member of its staff download their Facebook data archive. Following, this, the site could confirm that the data file downloaded by the staff member contained call logs from a device that individual used between 2015 and 2016, as well as SMS and MMS message data.

Several Global News staff members also requested their data archives as well in the preparation of this story and some found that the contact lists from their mobile devices were recorded in the file. No one noted any text message or call logs in the data files they downloaded.

Ars Technica reached out to Facebook for comment before the publication of its story, who said that the practice was a common one among social networking and messaging apps.

“The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

Following McKay’s tweets, other users came out on social media expressing similar concerns about what they discovered after downloading their data archives.

Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year- cool totally not creepy.

— Mat Johnson (@mat_johnson) March 23, 2018

I’ve just looked at the data files I requested from Facebook and they had every single phone number in my contacts. They had every single social event I went to, a list of all my friends (and their birthdays) and a list of every text I’ve sent.

— Emma Kennedy (@EmmaKennedy) March 25, 2018

…In recent years, the company has updated this process to clarify that when requesting access to your contact list, it intends to access all call logs and SMS text messages as well, but Android users in the past may have unknowingly given Facebook access to this data. [my yellow highlighting]

It is also wise to remember that even Internet users who do not have a Facebook account have their PC or other digital device scanned for information each time they click on a link to Facebook. 

Facebook image via ZDNet, 3 January 2014

ZDNet on 3 January 2014: By "content" Facebook means “anything you or other users post on Facebook”. By "information" Facebook means “facts and other information about you, including actions taken by users and non-users who interact with Facebook”. [my yellow highlighting]

Nor should we ignore this report about Facebook's surreptitious activities.......

Law360 (March 2, 2018, 7:02 PM EST) -- A California federal judge held Friday that Facebook can’t shake a proposed class action over its allegedly unlawful collection and storage of non-users’ facial scans, declining to toss the matter for lack of standing, just as he recently did in a related suit involving users of the site.

U.S. District Judge James Donato rejected Facebook Inc.’s renewed motion to dismiss litigation led by Frederick William Gullen for lack of subject-matter jurisdiction, pointing to his Feb. 26 decision in a related proposed class action accusing the social media... [my yellow highlighting]

Then there is the lobbying to discourage federal regulation of Facebook.......

According to SOCIAL MEDIA CASEROUNDUP (selected cases) in April 2015, by 2013 Facebook Inc had spent more than US$1 million on lobbying efforts to water down the US Children's Online Privacy Protection Act (COPPA). It was particularly concerned about any change of status of third party "add ons"/"plug-ins" which might by default make platforms like Facebook legally liable for any harm to a minor/s which occurred, as well asbeing resistant to any increase in general protections for minors or any expanded definition of protected "personal information" being included in the Act.

Quartz, 22 March 2018:

Facebook CEO Mark Zuckerberg said yesterday that the company welcomes more regulation, particularly to bring transparency to political advertising online. But in recent months, Facebook has been quietly fighting lawmakers to keep them from passing an act that does exactly that, campaign transparency advocates and Congressional staff tell Quartz.

The Honest Ads Act was introduced last October to close a loophole that has existed since politicians started advertising on the internet, and was expected by many to sail through Congress. Coming as Congress investigated how Russia used tech companies to influence the 2016 election, it was considered by many in Washington DC to be the bare minimum lawmakers could do to address the problem.

The act introduces disclosure and disclaimer rules to online political advertising. Tech companies would have to keep copies of election ads, and make them available to the public. The ads would also have to contain disclaimers similar to those included in TV or print political ads, informing voters who paid for the ad, how much, and whom they targeted.

“The benefit of having disclaimers on all political ads [is] the more suspicious ads would be more identifiable,” said Brendan Fischer, the director of federal and Federal Election Commission reform at theCampaign Legal Center (CLC) in Washington.

In a vote of confidence from bitterly-divided Washington, the act was rolled out by a bipartisan group of senators—John McCain, the Republican from Arizona, and Democrats Amy Klobuchar from Minnesota and Mark Warner of Virginia—and it currently has the support of 18 senators. But it hasn’t moved from the committee on “Rules and Administration” since was first introduced, thanks in part to Facebook’s lobbying efforts.

Fischer, who is a co-author of a CLC report on US vulnerabilities online after the 2016 election, accuses Facebook of “working behind the scenes using the levers of power to stop any legislation from moving forward.”

Facebook’s lobbying clout

Lobbyists for the company have been trying to dissuade senators from moving the Honest Ads Act forward, some Congressional aides say. 

Facebook’s argument to Congress behind the scenes has been that they are “voluntarily complying” with most of what the Honest Ads Act asks, so why pass a law, said one Congressional staffer working on the bill. Facebook also doesn’t want to be responsible for maintaining the publicly accessible repository of political advertising, including funding information, that the act demands, the staffer said.

Facebook spent nearly $3.1 million lobbying Congress and other US federal government agencies in the last quarter of 2017, on issues including the Honest Ads Act according to its latest federal disclosure form. It also signed on Blue Mountain Strategies, a lobbying firm founded by Warner’s former chief of staff, an Oct. 30, 2017 filing shows.

It’s part of a massive uptick in lobbying spending in recent years. [my yellow highlighting]

Despite all its lobbying Facebook Inc is not immune from official censure for its deceptive business practices.

Take this analysis of a 2011 binding agreement between the US Federal Trade Commission and Facebook Inc.....

Federal Register / Vol. 76, No. 233 / Monday, December 5, 2011 / Notices

FEDERAL TRADE COMMISSION [File No. 092 3184], 2 December 2011:

The Federal Trade Commission has accepted, subject to final approval, a consent agreement from Facebook, Inc. (‘‘Facebook’’)……

The Commission’s complaint alleges eight violations of Section 5(a) of the FTC Act, which prohibits deceptive and unfair acts or practices in or affecting commerce, by Facebook:

* Facebook’s Deceptive Privacy Settings: Facebook communicated to users that they could restrict certain information they provided on the site to a limited audience, such as ‘‘Friends Only.’’ In fact, selecting these categories did not prevent users’ information from being shared with Apps that their Friends used.

* Facebook’s Deceptive and Unfair December 2009 Privacy Changes: In December 2009, Facebook changed its site so that certain information that users may have designated as private— such as a user’s Friend List —was made public, without adequate disclosure to users. This conduct was also unfair to users.

* Facebook’s Deception Regarding App Access: Facebook represented to users that whenever they authorized an App, the App would only access the information of the user that it needed to operate. In fact, the App could access nearly all of the user’s information, even if unrelated to the App’s operations. For example, an App that provided horoscopes for users could access the user’s photos or employment information, even though there is no need for a horoscope App to access such information. 

* Facebook’s Deception Regarding Sharing with Advertisers: Facebook promised users that it would not share their personal information with advertisers; in fact, Facebook did share this information with advertisers when a user clicked on a Facebook ad.

* Facebook’s Deception Regarding Its Verified Apps Program: Facebook had a ‘‘Verified Apps’’ program through which it represented that it had certified the security of certain Apps when, in fact, it had not. 

* Facebook’s Deception Regarding Photo and Video Deletion: Facebook stated to users that, when they deactivate or delete their accounts, their photos and videos would be inaccessible. In fact, Facebook continued to allow access to this content even after a user deactivated or deleted his or her account.

* Safe Harbor: Facebook deceptively stated that it complied with the U.S.-EU Safe Harbor Framework, a mechanism by which U.S. companies may transfer data from the European Union to the United States consistent with European law.

The proposed order contains provisions designed to prevent Facebook from engaging in practices in the future that are the same or similar to those alleged in the complaint.

Part I of the proposed order prohibits Facebook from misrepresenting the privacy or security of ‘‘covered information,’’ as well as the company’s compliance with any privacy, security, or other compliance program, including but not limited to the U.S.-EU Safe Harbor Framework. ‘‘Covered information’’ is defined broadly as ‘‘information from or about an individual consumer, including but not limited to: 

(a) A first or last name; 

(b) a home or other physical address, including street name and name of city or town; (c) an email address or other online contact information, such as an instant messaging user identifier or a screen name; 

(d) a mobile or other telephone number; 

(e) photos and videos; (f) Internet Protocol (‘‘IP’’) address, User ID, or other persistent identifier; (g) physical location; or 

(h) any information combined with any of (a) through (g) above.’’

Part II of the proposed order requires Facebook to give its users a clear and prominent notice and obtain their affirmative express consent before sharing their previously-collected information with third parties in any (a) through (g) above.’’ Part II of the proposed order requires Facebook to give its users a clear and prominent notice and obtain their affirmative express consent before sharing their previously-collected information with third parties in any way that materially exceeds the restrictions imposed by their privacy settings. A ‘‘material . . . practice is one which is likely to affect a consumer’s choice of or conduct regarding a product.’’ FTC Policy Statement on Deception, Appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984).

Part III of the proposed order requires Facebook to implement procedures reasonably designed to ensure that a user’s covered information cannot be accessed from Facebook’s servers after a reasonable period of time, not to exceed thirty (30) days, following a user’s deletion of his or her account.

Part IV of the proposed order requires Facebook to establish and maintain a comprehensive privacy program that is reasonably designed to: 

(1) Address privacy risks related to the development and management of new and existing products and services, and 

(2) protect the privacy and confidentiality of covered information. The privacy program must be documented in writing and must contain controls and procedures appropriate to Facebook’s size and complexity, the nature and scope of its activities, and the sensitivity of covered information. Specifically, the order requires Facebook to:

* Designate an employee or employees to coordinate and be responsible for the privacy program;

* Identify reasonably-foreseeable, material risks, both internal and external, that could result in the unauthorized collection, use, or disclosure of covered information and assess the sufficiency of any safeguards in place to control these risks;

* Design and implement reasonable controls and procedures to address the risks identified through the privacy risk assessment and regularly test or monitor the effectiveness of these controls and procedures;

* Develop and use reasonable steps to select and retain service providers capable of appropriately protecting the privacy of covered information they receive from respondent, and require service providers by contract to implement and maintain appropriate privacy protections; and

* Evaluate and adjust its privacy program in light of the results of the testing and monitoring, any material changes to its operations or business arrangements, or any other circumstances that it knows or has reason to know may have a material impact on the effectiveness of its privacy program.

Part V of the proposed order requires that Facebook obtain within 180 days, and every other year thereafter for twenty (20) years, an assessment and report from a qualified, objective, independent third-party professional, certifying, among other things, that it has in place a privacy program that provides protections that meet or exceed the protections required by Part IV of the proposed order; and its privacy controls are operating with sufficient effectiveness to provide reasonable assurance that the privacy of covered information is protected. Parts VI through X of the proposed order are reporting and compliance provisions. Part VI requires that Facebook retain all ‘‘widely disseminated statements’’ that describe the extent to which respondent maintains and protects the privacy, security, and confidentiality of any covered information, along with all materials relied upon in making such statements, for a period of three (3) years. Part VI further requires Facebook to retain, for a period of six (6) months from the date received, all consumer complaints directed at Facebook, or forwarded to Facebook by a third party, that relate to the conduct prohibited by the proposed order, and any responses to such complaints. Part VI also requires Facebook to retain for a period of five (5) years from the date received, documents, prepared by or on behalf of Facebook, that contradict, qualify, or call into question its compliance with the proposed order. Part VI additionally requires Facebook to retain for a period of three (3) years, each materially different document relating to its attempt to obtain the affirmative express consent of users referred to in Part II, along with documents and information sufficient to show each user’s consent and documents sufficient to demonstrate, on an aggregate basis, the number of users for whom each such privacy setting was in effect at any time Facebook has attempted to obtain such consent. Finally, Part VI requires that Facebook retain all materials relied upon to prepare the third-party assessments for a period of three (3) years after the date that each assessment is prepared. 

Part VII requires dissemination of the order now and in the future to principals, officers, directors, and managers, and to all current and future employees, agents, and representatives having supervisory responsibilities relating to the subject matter of the order. Part VIII ensures notification to the FTC of changes in corporate status. Part IX mandates that Facebook submit an initial compliance report to the FTC and make available to the FTC subsequent reports. Part X is a provision ‘‘sunsetting’’ the order after twenty (20) years, with certain exceptions.

The purpose of the analysis is to aid public comment on the proposed order. It is not intended to constitute an official interpretation of the complaint or proposed order, or to modify the proposed order’s terms in any way. 

By direction of the Commission. 

Donald S. Clark, Secretary. [FR Doc. 2011–31158 Filed 12–2–11; 8:45 am [my yellow highlighting]