Showing posts with label information technology. Show all posts
Showing posts with label information technology. Show all posts

Wednesday, 1 May 2019

Facebook spends more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy – but refuses constructive action



“It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions. Facebook should not get to decide what Canadian privacy law does or does not require.[Canandian Privacy Commissioner  Daniel Therrien, 25 April 2019]

Facbook Inc. professes that it  has taken steps to ensure the intregrity of political discourse on its platform, but rather tellingly will not roll out transparency features in Australia that it has already rolled out in the US, UK, Eu, India, Israel and Ukraine.

The only measure it commits to taking during this federal election campaign is to temporarily ban people outside Australiabuying ads that Facebook determines are “political”.


So it should come as no surprise that Canada issued this three page news release…….

Office of the Privacy Commission of Canada, news release, 25 April 2019:

Facebook refuses to address serious privacy deficiencies despite public apologies for “breach of trust”

Joint investigation finds major shortcomings in the social media giant’s privacy practices, highlighting pressing need for legislative reform to adequately protect the rights of Canadians

OTTAWA, April 25, 2019 – Facebook committed serious contraventions of Canadian privacy laws and failed to take responsibility for protecting the personal information of Canadians, an investigation has found.

Despite its public acknowledgement of a “major breach of trust” in the Cambridge Analytica scandal, Facebook disputes the investigation findings of the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia. The company also refuses to implement recommendations to address deficiencies.

“Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company,” says Privacy Commissioner of Canada Daniel Therrien. “Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.

“The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning.”

“Facebook has spent more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy,” B.C. Information and Privacy Commissioner Michael McEvoy says, “but when it comes to taking concrete actions needed to fix transgressions they demonstrate disregard.”

Commissioner McEvoy says Facebook’s actions point to the need for giving provincial and federal privacy regulators stronger sanctioning power in order to protect the public’s interests. “The ability to levy meaningful fines would be an important starting point,” he says.

The findings and Facebook’s rejection of the report’s recommendations highlight critical weaknesses within the current Canadian privacy protection framework and underscore an urgent need for stronger privacy laws, according to both Commissioners.

“It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions,” says Commissioner Therrien.

In addition to the power to levy financial penalties on companies, both Commissioners say they should also be given broader authority to inspect the practices of organizations to independently confirm privacy laws are being respected. This measure would be in alignment with the powers that exist in the U.K. and several other countries.

Giving the federal Commissioner order-making powers would also ensure that his findings and remedial measures are binding on organizations that refuse to comply with the law. 

The complaint that initiated the investigation followed media reports that Facebook had allowed an organization to use an app to access users’ personal information and that some of the data was then shared with other organizations, including Cambridge Analytica, which was involved in U.S. political campaigns.

The app, at one point called “This is Your Digital Life,” encouraged users to complete a personality quiz. It collected information about users who installed the app as well as their Facebook “friends.” Some 300,000 Facebook users worldwide added the app, leading to the potential disclosure of the personal information of approximately 87 million others, including more than 600,000 Canadians.

The investigation revealed Facebook violated federal and B.C. privacy laws in a number of respects. The specific deficiencies include:

Unauthorized access

Facebook’s superficial and ineffective safeguards and consent mechanisms resulted in a third-party app’s unauthorized access to the information of millions of Facebook users. Some of that information was subsequently used for political purposes.

Lack of meaningful consent from “friends of friends”

Facebook failed to obtain meaningful consent from both the users who installed the app as well as those users’ “friends,” whose personal information Facebook also disclosed.

No proper oversight over privacy practices of apps

Facebook did not exercise proper oversight with respect to the privacy practices of apps on its platform.  It relied on contractual terms with apps to protect against unauthorized access to user information; however, its approach to monitoring compliance with those terms was wholly inadequate.

Overall lack of responsibility for personal information

A basic principle of privacy laws is that organizations are responsible for the personal information under their control. Instead, Facebook attempted to shift responsibility for protecting personal information to the apps on its platform, as well as to users themselves.

The failures identified in the investigation are particularly concerning given that a 2009 investigation of Facebook by the federal Commissioner’s office also found contraventions with respect to seeking overly broad, uninformed consent for disclosures of personal information to third-party apps, as well as inadequate monitoring to protect against unauthorized access by those apps.

If Facebook had implemented the 2009 investigation’s recommendations meaningfully, the risk of unauthorized access and use of Canadians’ personal information by third party apps could have been avoided or significantly mitigated.

Facebook’s refusal to accept the Commissioners’ recommendations means there is a high risk that the personal information of Canadians could be used in ways that they do not know or suspect, exposing them to potential harms.

Given the extent and severity of the issues identified, the Commissioners sought to implement measures to ensure the company respects its accountability and other privacy obligations in the future. However, Facebook refused to voluntarily submit to audits of its privacy policies and practices over the next five years.

The Office of the Privacy Commissioner of Canada plans to take the matter to Federal Court to seek an order to force the company to correct its privacy practices.

The Office of the Information and Privacy Commissioner for B.C. reserves its right under the Personal Information Protection Act to consider future actions against Facebook.  

Related documents:

* Note: my yellow highlighting

Nor should this alleged 'mistake' made by Facebook cause surprise.......

The New York Times, 25 April 2019:

SAN FRANCISCO — The New York State attorney general’s office plans to open an investigation into Facebook’s unauthorized collection of more than 1.5 million users’ email address books, according to two people briefed on the matter.

The inquiry concerns a practice unearthed in April in which Facebook harvested the email contact lists of a portion of new users who signed up for the network after 2016, according to the two people, who spoke on condition of anonymity because the inquiry had not been officially announced.

Those lists were then used to improve Facebook’s ad-targeting algorithms and other friend connections across the network.

The investigation was confirmed late Thursday afternoon by the attorney general’s office.

“Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data,” said Letitia James, the attorney general of New York, in a statement. “It is time Facebook is held accountable for how it handles consumers’ personal information.”…

Users were not notified that their contact lists were being harvested at the time. Facebook shuttered the contact list collection mechanism shortly after the issue was discovered by the press…..

Facebook Inc's rapacious business practices has been the death of online privacy and now threatens the democratic process.

Friday, 24 August 2018

Australian Attorney-General releases a draft bill which will allow the gaoling of Australian citizens for 10 years if they refuse to reveal passwords or encryption codes



According to Crikey.com.au on 15 August 2018:

In addition to its village idiot approach to undermining end-to-end encryption in new surveillance laws, the government is also seeking a blunt-force trauma approach: it wants to jail people for a decade if they refuse to give up the password to their devices.

Under the draft Assistance and Access Bill 2018 unveiled yesterday, the government is giving police, spy agencies and regulators like the ATO the power to demand that tech companies help them plant malware on computers and phones to help it defeat end-to-end encryption.


Wednesday, 22 August 2018

And the warnings continue about My Health Record.....


Financial Review, 13 August 2018:

One of the world's leading experts in cyber security policy has warned the manipulation of health data is one of his biggest concerns facing society, as debate continues to rage about the long-term viability of the government's controversial opt-out My Health Record.

Former Pentagon chief strategy officer for cyber policy and newly appointed head of cyber security strategy for data centre security company Illumio, Jonathan Reiber, told The Australian Financial Review the health data of MPs and business leaders would be of particular interest to cyber criminals.

"If I'm a malicious actor wanting to cause discontent, I would be interested in that," he said.

"If you get access to the health information of key leaders, you can understand what they like, who they are and what their problems are. [Cyber criminals] would want to look at a segment of 50 to 100 key leaders in the country, figure out data for intelligence purposes and then manipulate the data for the negative."

Earlier this month Health Minister Greg Hunt announced that the government would redraft the legislation surrounding My Health Record to restrict police access and allow records to be deleted permanently. 

He had previously copped criticism for saying the digital health database had "military-grade security", despite not having two-factor authentication protocols.


The Sydney Morning Herald, 14 August 2018:

Labor's health spokeswoman Catherine King said the government's decision to switch to an opt-out model, which Labor originally supported, gave rise to "a whole range of significant privacy and security issues that we don't think were thought of in the original enabling legislation".

"Are they then able to opt-out when they become adults? What's happening in terms of survivors of domestic violence and the capacity through the creation of a record by an abusing partner, of a record for their children or agreement to a record for their children, what security is in place to ensure that they are not traced?"

Legal experts have warned that the system provides a loophole for a violent person to create a record for their child without their ex-partner's consent, potentially allowing them to track down their estranged family's location, as revealed by Fairfax Media last month.

Ms King also highlighted concerns raised about access to medical records by health insurers, including in relation to worker’s compensation claims, which the government has said will not occur.


"We want to make sure that's not the case and we want to make sure that's not the case under the law," she said.


Some people may find their My Health Record places them at risk of stigma and discrimination or may cause safety issues.

You may wish to carefully consider whether you want your health records held or shared if you:

* have a criminal record or are affected by the criminal justice system
* use or have used drugs
* live with a lifelong transmissible condition such as HIV or hepatitis B
* have or had hepatitis C
* are not on treatment after it was recommended
* are sexually active and test regularly for STIs
* are or have been a sex worker
* are transgender or intersex
* are bisexual, lesbian or gay
* have lived with mental health issues
* have been pregnant or terminated a pregnancy
* are a health care worker.

Tuesday, 7 August 2018

Australian Digital Health Agency is considering adding DNA data to My Health Record


Crikey.com.au, 6 April 2018:

DNA DEBATE

The federal government’s controversial My Health Record program is capable of storing genomic data, such as cancer risks, using technology that both has huge research applications and highlights privacy and security concerns.

The Sydney Morning Herald reports that genome-sequencing company Genome.One, which can track genetic variations and therefore disease risks, has built “necessary infrastructure” for uploading sensitive genomic data into the opt-out system.

University of Canberra privacy expert Bruce Arnold has criticised the inherent risks of DNA-tracking technology and, just a week after the government backdown on police access to My Health Records, today’s news as again demonstrating a lack public consultation.

The Australian Digital Health Agency (ADHA) which is responsibe for My Health Record gave Genome.One, a wholly-owned subsidiary of The Garvan Institute, $40,000 in September 2017 to support the development of this software.

Its GoExplore™ software provides sequencing and analyses of patients’ DNA samples to assesses their risk of developing 52 hereditary conditions, including 31 cancers, 13 heart conditions, as well several other conditions where monitoring or intervention can be of benefit. 

In a change of focus, Genome.One and The Garvan Institute are reportedly no longer offering clinical reporting for genetic disease diagnosis or personal health genomics in Australia. This service was priced at $6,400 plus GST, with no Medicare rebate.

Staffing numbers in Genome.One have been severely cut, new capital is being sought and, Gavan has stated that it intends to spin off Genome.One software into a new company in which it will be a minority shareholder.

However, Genome.One still intends to pilot its genomics technology integrated into GP practice software and on !8 April 2018 its CEO stated; “We're working with some electronic medical record providers and we're hoping that we can get a trial underway at some point this year”.

Sunday, 5 August 2018

Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018?


It is not just ordinary health care consumers who have concerns about the My Health Record database, system design, privacy issues and ethical considerations.

It is not just the Turnbull Government which has not sufficiently prepared public and private health care organisations for the nationwide rollout of mass personal and health information collection - the organisations themselves are not ready.

Lewis Ryan (Academic GP Registrar)
* 91 % of GP Registrars have never used My Health Record in a clinical context

* 65% of GP Registrars have never discussed My Health Record with a patient

* 78%  of GP Registrars have never received training in how to use My Health Record

* 73% of GP Registrars say lack of training is a barrier to using My Health Record

* 71% of  GP Registrars who have used the My Health Record system say that the user interface is a barrier

* Only 21% of  GP Registrars believe privacy is well protected in the My Health Record system

In fact Australia-wide only 6,510 general practice organisations to date have registered to use My Health Record and these would only represent a fraction of the 35,982 GPs practicing across the country in 2016-17.


UPDATE

Healthcare IT News, 3 August 2018:
The Federal Government’s Health Care Homes is forcing patients to have a My Health Record to receive chronic care management through the program, raising ethical questions and concerns about discrimination.
The government’s Health Care Homes trial provides coordinated care for those with chronic and complex diseases through more than 200 GP practices and Aboriginal Community Controlled Health Services nationally, and enrolment in the program requires patients to have a My Health Record or be willing to get one.
But GP and former AMA president Dr Kerryn Phelps claimed the demand for patients to sign up to the national health database to access Health Care Homes support is unethical.
“I have massive ethical concerns about that, particularly given the concerns around privacy and security of My Health Record. It is discriminatory and it should be removed,” Phelps told Healthcare IT News Australia.
Under a two-year trial beginning in late 2017, up to 65,000 people are eligible to become Health Care Homes patients as part of a government-funded initiative to improve care for those with long-term conditions including diabetes, arthritis, and heart and lung diseases.
Patients in the program receive coordinated care from a team including their GP, specialists and allied health professionals and according to the Department of Health: “All Health Care Homes’ patients need to have a My Health Record. If you don’t have a My Health Record, your care team will sign you up.”
Phelps said as such patients who don’t want a My Health Record have been unable to access a health service they would otherwise be entitled to.
“When you speak to doctors who are in involved in the Heath Care Homes trial, their experience is that some patients are refusing to sign up because they don’t want a My Health Record. So it is a discriminatory requirement.”
It has also raised concerns about possible future government efforts to compel Australians to have My Health Records.
“The general feedback I’m getting is that the Health Care Homes trial is very disappointing to say the least but, nonetheless, what this shows is that signing up to My Health Record could just be made a prerequisite to sign up for other things like Centrelink payments or workers compensation.”
Human rights lawyer and Digital Rights Watch board member Lizzie O’Shea claims patients should have a right to choose whether they are signed up to the government’s online medical record without it affecting their healthcare.
“It is deeply concerning to see health services force their patients to use what has clearly been shown to be a flawed and invasive system. My Health Record has had sustained criticism from privacy advocates, academics and health professionals, and questions still remain to be answered on the privacy and security of how individual's data will be stored, accessed and protected,” O’Shea said. [my yellow highlighting]

Friday, 3 August 2018

NSW Roads & Maritime Services bungling and corrupt in 2018?


NSW Minister for Roads Maritime and Freight has a policy of sending IT jobs offshore?

With the national unemployment rate running at 5.4 per cent nationally in June 2018 and the New South Wales rate sitting at 4.8 per cent or 192,000 people, is the Minister for Roads Maritime and Freight & Nationals MP for Oxley Melinda Pavey secretly closing off employment opportunities for Australian information technology workers as a departmental cost-cutting measure?

These are not exactly the highest paying jobs in this country, averaging $46,000-$100,000 pa and, with the IT worker pool standing at est. 600,000+ nationally it is not as though there is an obvious scarcity of skilled workers available for hire.

So at first it was not easy to explain this...... 

The Daily Telegraph, 20 July 2018. P.2:

Leaked details of a meeting between Roads and Maritime­ Services and seven companies bidding for a $100 million IT contract contradict­ state government denials that it mandated a 30 per cent quota of cut-price overseas workers.

The February 13 meeting, convened by chief information officer Rob Putter, came six days after the RMS called for tenders to provide IT services, on the condition that a “minimum” of 20 per cent of jobs would be sent overseas in the first year and 30 per cent in the second year.

Three Indian firms, Tata Consultancy Services, Wipro, and Tech Mahindra, attended the meeting along with Fujitsu, Datacom, Accenture and Wollongong company itree, with 25 people in the room and 18 dialling in.

A source who attended the meeting said Mr Putter showed a PowerPoint slide titled RMS Pricing Principles which stated the RMS was “seeking to achieve the lowest­ possible cost” to provide­ the IT service.

The slide stated RMS’s “target offshore resource utilisation­” required 20 per cent of jobs offshore in year one, 30 per cent in year two and a “measured ongoing ­app­roach to increase offshore efforts” over the rest of the seven-year contract.

Photocopies of the slide were provided to attendees, who “discussed at length ... the need to offshore resources (jobs)”, the source said.

“The RMS personnel stated that it was mandated by the (Roads) Minister that to achieve the lowest price they need to seek offshore resources,” the source said. 

“This clearly makes a joke of the Minister’s denial that this tender mandated offshoring.” As The Daily Telegraph revealed last week, the RMS had called for companies to provide “development, testing, maintenance and service management for transport-related software applications and in-the-field hardware”.…..

The RMS announced Mr Putter’s resignation last week.

Despite NSW Government denials, the fact remains that it is highly likely that jobs were to be sourced overseas as the RMS IT operational budget blowout had reached $80 million in the 12 months to June 2018, following a $40 million blowout in the operational budget in the previous financial year.

It appears that Roads and Maritime Services has bungled its $1 billion IT systems upgrade with more bad news expected.

Dollars for mates?

Crikey.com.au, 2 August 2018:

New South Wales transport consultancy firm MU Group [MURPHY UDAYAN GROUP*] 
is under fire after six government contracts, none of which went to public tender, were awarded to the company after it hired former state roads minister 
Duncan Gay.

The Daily Telegraph ($) reports that the firm has been awarded contracts from the Roads and Maritime Services agency worth over $4.46 million after hiring the former department head as an “executive adviser” just weeks after Gay left parliament in late 2017. The firm has reportedly hired at least 11 former Roads and Maritime Services staff members, including two as directors, however Gay says he has “not been involved in any RMS contracts that MU have won”.

* Director and Founder of the MU Group Matthew Murphy is a former Roads and Maritime Service civil engineer in Project/Contract Management with extensive experience on infrastructure projects for urban roads, highways including Pacific Highway Upgrades.

Wednesday, 1 August 2018

Turnbull Government prepares an end run around the Australian electorate?


In 1986 the Federal Government couldn’t get the national electorate to accept the Australia Card, a national identity card to be carried by all citizens.

Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.

Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.

When after three and a half years the populace did not register in sufficient numbers for the so-called Personally Controlled Electronic Health Record (PCEHR), an intrusive opt-in data retention system, government changed tack.

It relabelled PCEHR as My Health Record (MHR) in 2016 and broadened the number of agencies which could access an individual’s personal/health information. Decreeing it would become a mandatory data collection system applied to the entire Australian population, with only a short an opt-out period prior to full program implementation1.

However, it seems that the Turnbull Federal Government expects around 1.9 million people to opt-out of or cancel their My Heath Record in the next two months. Possibly with more cancellations to occur in the future, as privacy and personal safety become issues due to the inevitable continuation of MHR data breaches and the occurrence of unanticipated software vulnerabilities/failures.

So Turnbull and his Liberal and Nationals cronies have a backup in place in 2018 called the Data Sharing and Release Bill, which Introduces legislation to improve the use and reuse of public sector data within government and with private corporations outside of government, as well as granting access to and the sharing of data on individuals and businesses that is currently otherwise prohibited.

The bill also allows for the sharing of transaction, usage and product data with service competitors and comparison services. An as yet unrealised  provision which is currently being wrapped up in a pretty bow and called a consumer right - but one that is likely to be abused by the banking, finance, insurance, electricity/gas industry sectors.

The bill appears to override the federal privacy act where provisions are incompatible.

This is a bill voters have yet to see, because the Turnbull Government has not seen fit to publish the bill’s full text. Only an issues paper is available at present.

Notes:

1. Federal Government may have succeeded in retaining the personal details of every person who filled in the 2016 Census by permanently retaining these details and linking this information to their future Census information in order to track people overtime for the rest of their lives, but this win for government as Big Brother was reliant on stealth in implementation and was limited in what it could achieve at the time. 

Because not everyone ended up with a genuine unique identification key as an unknown number of individual citizens and permanent residents (possibly well in excess of half a million souls) as acts of civil disobedience deliberately filled in the national survey forms with falsified information or managed to evade filling in a form altogether. 

Sunday, 29 July 2018

When it comes to My Heath Record the words horse, stable, door, spring to mind


In January 2016 the Australian Digital Health Agency (ADHA) became a corporate Commonwealth established under the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule.

It has a board appointed by the Minister for Health in whose portfolio it is situated and the board is the accountable body of the ADHA.

Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng,  Professor Johanna Westbrook and Michael Walsh sit on this board.

The executive team is headed by Tim Kelsey as CEO, with Professor Meredith Makeham as Chief Medical Adviser and Bettina McMahon, Ronan O’Connor, Terrance Seymour & Dr. Monica Trujillo as the four executive managers.

ADHA is also the designated Systems Operator for My Health Record which currently holds the personal health information of 5.98 million people across the country and will add the remaining 19 million after 15 October 2018 unless they opt out of being included in this national database.

Given the potential size of this database the question of cyber security springs to mind.

It seems that the Australian Digital Health Agency has not been independently audited for cyber resilience by the Australian National Audit Office (ANAO) ahead of beginning the mammoth task of collecting and collating the personal heath information of those19 million people.

Australian National Audit OfficePotential audit: 2018-19:

Management of cyber security risks in My Health Record

The audit would examine the effectiveness of the Australian Digital Health Agency’s management of cyber security risks associated with the implementation and ongoing maintenance of the My Health Record system.
My Health Record creates a record of Australians’ interactions with healthcare providers, and more than 5.5 million Australians have a My Health Record. The audit would focus on whether adequate controls are in place to protect the privacy and integrity of individual records.

It seems that the Australian general public still only has the honeypot's dubious word that it cannot be raided by unauthorised third parties.

Prime Minister Malcolm Turnbull has reacted to growing community concern about the number of agencies which can access My Health Records with a vague promise of "refinements" and with this outright lie; "The fact is that there have been no privacy complaints or breaches with My Health Record in six years and there are over 6 million people with My Health Records".

The Office of the Australian Information Commissioner has recorded complaints and at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare recipient’s My Health Record by a third party".

BACKGROUND

Intermedium, 8 May 2018:

Re-platforming options for the My Health Record (MHR) system will soon be up for consideration, with an Australian Digital Health Agency (ADHA) spokesperson confirming that a request for information will be released in the next few months to inform plans to modernise the infrastructure underpinning Australia’s mammoth patient health database.

An open-source, cloud-based environment has already been flagged as a possibility for the MHR by Department of Health (DoH) Special Adviser for Strategic trategic Health Systems and Information Management Paul Madden at Senate Estimates in May last year. He also said that the re-platforming decision was one of many “variables” that needed to be squared away to accurately gauge how much the MHR system will cost beyond 2019-20.
“The variables in there include the re-platforming of the system to an open source environment, using cloud technology… which will be something we will not know the cost of until we hit the market to get a view on that”, Madden said last year. “Our commitment is to come back to the budget in 2019 to paint out those costs for the four years beyond.”
ADHA is scoping out MHR re-platforming options early, with the existing contract with the Accenture-led consortium not set to expire until 2020. As the “National Infrastructure Operator”, Accenture is tasked with running and maintaining MHR’s infrastructure. The prime contractor works with Oracle and Orion Health to provide the core systems and portals behind MHR.
Accenture was awarded the contract to design, build, integrate and test the then-personally controlled electronic health record system (PCEHR) back in 2011, and has signed 13 contracts worth a total of $709.53 million with DoH in relation to the MHR in that time. With the original infrastructure now over seven years old, ADHA recognise the importance of modernising the environment supporting the MHR....

The Sydney Morning Herald, Letter to the Editor, 26 July 2018. p20:

What happens to medical records when opting out?

Dr Kerryn Phelps reminds us that, if people don't opt out, the My Health Records Act allows disclosure of patients' health information to police, courts and the ATO without a warrant ("My Health Record backlash builds", July 25). This would be in addition to "health information such as allergies, medicines and immunisations" available for emergency staff.

How can the access be restricted to emergency staff? How can only certain categories of information be released when allergies and medication are part of general medical notes? I was not reassured by "serious penalties relating to the misuse of information do not apply to accidental misuse" on the website. I opted out.

My GP has told me that, nonetheless, she will be obliged to upload my records - which sounds credible since I have formally opted out with the government, not with my doctor's practice. So what happens - does my health record get kicked off "the cloud"? What exactly did I opt out of?

Denise De Vreeze [my yellow highlighting]

Wednesday, 25 July 2018

The two very different faces Facebook Inc presents to potential advertisers and lawmakers



Australian Newspaper History Group Newsletter, No 98, July 2018, pp8-9:

98.2.3 Facebook described itself as a ‘publisher’ in 2013

Facebook described itself as a “publisher” as far back as 2013, leaked documents obtained by the Australian reveal. This contradicts the message that chief executive Mark Zuckerberg gave to US Congress, in interviews and in speeches (Australian, 9 July 2018). A 71-page PowerPoint presentation prepared by the then managing director of Facebook, Stephen Scheeler, outlines how the tech giant was the “second-highest reaching publisher in Australia” when compared with traditional media companies such as Nine and Seven. The internal sales document is partly based on data gathered by measurement firm Nielsen as well as confidential internal figures including quarterly revenue targets. There is no mention of Facebook being a publisher in Nielsen’s original report; it categorises Facebook as a “brand” in its Online Landscape Review published in May 2013. A slide in the presentation produced by Scheeler, the most senior executive at Facebook’s Australia and New Zealand business at the time, changed Nielsen’s description of Facebook from a brand to a “publisher”, showing that the social media giant views itself as such.

This is significant because Facebook has long argued it is a tech platform, not a publisher or a media company, when questioned about how it has generated vast profits by siphoning off billions of dollars from the news industry. The admission in the document contrasts with Facebook’s recent public contribution to a high-powered Australian inquiry into the local digital media market. The company repeatedly calls itself a “platform” in a 56-page written submission to the Australian Competition & Consumer Commission.

Zuckerberg has persistently rejected the suggestion that Facebook is a publisher, presenting the company as a neutral platform that does not have traditional journalistic responsibilities. In April, Zuckerberg was asked by US senators investigating the Cambridge Analytica data scandal to explain whether his company was a tech company or publisher. Dan Sullivan, a Republican Senator for Alaska, said: “That goes to an important question about what regulation or action, if any, we would take.” Asked by Senator Sullivan if Facebook was a “tech company or the world’s largest publisher” during his second day of testimony on Capitol Hill, the Facebook co-founder responded: “I view us as a tech company because the primary thing that we do is build technology and products.” Senator Sullivan pressed further: “You said you’re responsible for your content, which makes you kind of a publisher, right?” Zuckerberg did not admit Facebook was a media company or publisher, but did say it was responsible for what is posted on its platforms after it emerged that the company allowed Russia to spread disinformation in the US presidential election.

“I agree that we’re responsible for the content. But we don’t produce the content. I think that when people ask us if we’re a media company or a publisher, my understanding of what the heart of what they’re really getting at is: do we feel responsible for the content on our platform? The answer to that I think is clearly yes. But I don’t think that that’s incompatible with fundamentally at our core being a technology company where the main thing that we do is have engineers and build products.”