Showing posts with label information technology. Show all posts
Showing posts with label information technology. Show all posts

Sunday 22 July 2018

Former Murdoch journalist in charge of MyHealth records –what could possibly go wrong?



Former news editor of the notorious Newscorp publication The Sunday Times which was involved in the UK hacking scandal, former  Executive Director of Transparency and Open Data in the UK Cabinet Office and then National Director for Patients and Information and head of the toxic government Care.data project which stored patient medical information in a single database. before ending up as the commercial director of Telstra Health in Australia, Tim Kelsey, was appointed as CEO of the Australian Digital Health Agency by the Turnbull Coalition Government to progress the stalled My Health Record national database in 2016 with a salary worth $522,240 a year.

 A curriculum vitae which may go some way to explaining why reports are beginning to emerge of individuals seeking to opt-out of My Health Record finding out they have been registered by stealth in the Australian national database some years ago.

Crikey.com.au, 18 July 2018:

The bureaucrat overseeing My Health Record presided over a disaster-plagued national health record system in the UK, and has written passionately about the belief people have no right to opt out of health records or anonymity.

Tim Kelsey is a former British journalist who moved into the electronic health record business in the 2000s. In 2012, he was appointed to run the UK government’s national health record system, Care.data, which was brought to a shuddering halt in 2014 after widespread criticism over the sale of patients’ private data to drug and insurance companies, then scrapped altogether in 2016. By that stage, Kelsey had moved to Telstra in Australia, before later taking a government role. There was considerable criticism about the lack of information around Care.data, and over 700,000 UK people opted out of the system.

Kelsey vehemently opposed allowing people to opt out — the exact model he is presiding over in Australia. In a 2009 article, “Long Live The Database State”, for Prospect…..

For Kelsey, this was necessary for effective health services…….

Kelsey also expressed his opposition to the anonymisation of data, even of the most personal kind…... 

Kelsey’s vision was of a vast state apparatus collecting, consolidating and distributing private information to enable an interventionist state.

Moreover, he stated others should have access to data…..

ADHA, Kelsey is doing little to fix his reputation for controversy. On Saturday, ADHA released an extraordinary 1000-word attack on News Corp health journalist Sue Dunlevy who correctly pointed out the strong risk to privacy in the My Health Record system. The statement repeatedly criticised Dunlevy, accusing her of “dangerous fearmongering” and being “misleading and ignorant”.

Dunlevy had rightly noted the lack of any effective information campaign about My Health record (exactly the criticism made of Care.data), prompting ADHA to boast of its $114 million campaign at Australia Post shops, Department of Human Services “access points” and letters to health practitioners. It makes you wonder why even News Corp’s Janet Albrechtsen said she’d never heard of My Health Record until last week…. 

Friday 20 July 2018

Slowly but surely Russian connections between the UK Brexit referendum campaign and the US presidential campaign are beginning to emerge


“We have concluded that there are risks in relation to the processing of personal data by many political parties. Particular concerns include: the purchasing of marketing lists and lifestyle information from data brokers without sufficient due diligence, a lack of fair processing, and use of third party data analytics companies with insufficient checks around consent….We have looked closely at the role of those who buy and sell personal data-sets in the UK. Our existing investigation of the privacy issues raised by their work has been expanded to include their activities in political processes….The investigation has identified a total of 172 organisations of interest that required engagement, of which around 30 organisations have formed the main focus of our enquiries, including political parties, data analytics companies and major social media platforms…..Similarly, we have identified a total of 285 individuals relating to our investigation.” [UK Information Commissioner’s Office, Investigation into the use of data analytics in political campaigns: Investigation update, July 2018]

Slowly but surely the Russian connections between the UK Brexit referendum campaign and the US presidential campaign are beginning to emerge.

The Guardian, 15 July 2018:

A source familiar with the FBI investigation revealed that the commissioner and her deputy spent last week with law enforcement agencies in the US including the FBI. And Denham’s deputy, James Dipple-Johnstone, confirmed to the Observer that “some of the systems linked to the investigation were accessed from IP addresses that resolve to Russia and other areas of the CIS [Commonwealth of Independent States]”.

It was also reported that Senator Mark Warner, vice chair of US Senate Intel Committee and Damian Collins MP, chair of the Digital, Culture, Media and Sport select committee inquiry into “fake news”, met in Washington on or about 16 July 2018 to discuss Russian interference in both British and American democratic processes during an Atlantic Council meeting.

UK Information Commissioner’s Office (ICO), media release, 10 July 2018:

Information Commissioner Elizabeth Denham has today published a detailed update of her office’s investigation into the use of data analytics in political campaigns.
In March 2017, the ICO began looking into whether personal data had been misused by campaigns on both sides of the referendum on membership of the EU.

In May it launched an investigation that included political parties, data analytics companies and major social media platforms.

Today’s progress report gives details of some of the organisations and individuals under investigation, as well as enforcement actions so far.

This includes the ICO’s intention to fine Facebook a maximum £500,000 for two breaches of the Data Protection Act 1998.

Facebook, with Cambridge Analytica, has been the focus of the investigation since February when evidence emerged that an app had been used to harvest the data of 50 million Facebook users across the world. This is now estimated at 87 million.
The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others.
Facebook has a chance to respond to the Commissioner’s Notice of Intent, after which a final decision will be made.

Other regulatory action set out in the report comprises:

warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices;

an Enforcement Notice for SCL Elections Ltd to compel it to deal properly with a subject access request from Professor David Carroll;

a criminal prosecution for SCL Elections Ltd for failing to properly deal with the ICO’s Enforcement Notice;

an Enforcement Notice for Aggregate IQ to stop processing retained data belonging to UK citizens;

a Notice of Intent to take regulatory action against data broker Emma’s Diary (Lifecycle Marketing (Mother and Baby) Ltd); and
audits of the main credit reference companies and Cambridge University Psychometric Centre.

Information Commissioner Elizabeth Denham said:
“We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.

She added:
“Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”

A second, partner report, titled Democracy Disrupted? Personal information and political influence, sets out findings and recommendations arising out of the 14-month investigation.

Among the ten recommendations is a call for the Government to introduce a statutory Code of Practice for the use of personal data in political campaigns.

Ms Denham has also called for an ethical pause to allow Government, Parliament, regulators, political parties, online platforms and the public to reflect on their responsibilities in the era of big data before there is a greater expansion in the use of new technologies.

She said:
“People cannot have control over their own data if they don’t know or understand how it is being used. That’s why greater and genuine transparency about the use of data analytics is vital.”

In addition, the ICO commissioned research from the Centre for the Analysis of Social Media at the independent thinktank DEMOS. Its report, also published today, examines current and emerging trends in how data is used in political campaigns, how use of technology is changing and how it may evolve in the next two to five years. 

The investigation, one of the largest of its kind by a Data Protection Authority, remains ongoing. The 40-strong investigation team is pursuing active lines of enquiry and reviewing a considerable amount of material retrieved from servers and equipment.

The interim progress report has been produced to inform the work of the DCMS’s Select Committee into Fake News.

The next phase of the ICO’s work is expected to be concluded by the end of October 2018.

The Washington Post, 28 June 2018:

BRISTOL, England — On Aug. 19, 2016, Arron Banks, a wealthy British businessman, sat down at the palatial residence of the Russian ambassador to London for a lunch of wild halibut and Belevskaya pastila apple sweets accompanied by Russian white wine.

Banks had just scored a huge win. From relative obscurity, he had become the largest political donor in British history by pouring millions into Brexit, the campaign to disentangle the United Kingdom from the European Union that had earned a jaw-dropping victory at the polls two months earlier.

Now he had something else that bolstered his standing as he sat down with his new Russian friend, Ambassador Alexander Yakovenko: his team’s deepening ties to Donald Trump’s insurgent presidential bid in the United States. A major Brexit supporter, Stephen K. Bannon, had just been installed as chief executive of Trump’s campaign. And Banks and his fellow Brexiteers had been invited to attend a fundraiser with Trump in Mississippi.

Less than a week after the meeting with the Russian envoy, Banks and firebrand Brexit politician Nigel Farage — by then a cult hero among some anti-establishment Trump supporters — were huddling privately with the Republican nominee in Jackson, Miss., where Farage wowed a foot-stomping crowd at a Trump rally.
Banks’s journey from a lavish meal with a Russian diplomat in London to the raucous heart of Trump country was part of an unusual intercontinental charm offensive by the wealthy British donor and his associates, a hard-partying lot who dubbed themselves the “Bad Boys of Brexit.” Their efforts to simultaneously cultivate ties to Russian officials and Trump’s campaign have captured the interest of investigators in the United Kingdom and the United States, including special counsel Robert S. Mueller III.

Vice News, 11 June 2018:

Yakovenko is already on the radar of special counsel Robert Mueller, who is investigating Russian interference in the U.S. presidential election, after he was named in the indictment of ex-Trump campaign aide George Papadopoulos….

Banks, along with close friend and former Ukip leader Nigel Farage, was among the very first overseas political figures to meet Trump after his surprise victory in November 2016.

It also emerged over the weekend that Banks passed contact information for Trump’s transition team to the Russians.

Thursday 5 July 2018

Turnbull and Keenan botching digital transformation policy


The Australian Minister for Human Services, Minister Assisting the Prime Minister for Digital Transformation and Liberal MP for Stirling, 46 year-old Michael Fayat Keenan, is all gung-ho for digital transformation.

The problem is that he is just not good at being transformative – rather like his prime minister.

One could almost see the trainwreck coming down the line from the moment of then Communications Minister Turnbull's initial joint announcement with then Prime Minister Tony Abbott in 2015.

Despite the obvious problems Michael Keenan will be commencing pre-rollout trials of a facial recognition program this year,

Yahoo News, 1 July 20118:

Welfare recipients will soon be asked to have their faces scanned before they can claim their benefits.

It is part of a new trial of biometric security measures the government will begin within months.

Similar to how SmartGates work at airports to check passports, government services will ask recipients to take a photo on a computer or phone to create a MyGov ID.
The photo will then be checked against passports and driver’s licences.
But there are questions as to whether this information could be misused.

Australian Privacy Foundation’s Bernard Robertson-Dunn said people needed to be assured “it works properly” and the government “doesn’t use the technology to do things it didn’t say it was going to do”.

Human Services Minister Michael Keenan said on May 1 the misuse of data which could be used to “impinge on people’s privacy” was “clearly” a concern for many Australians.

The 2016 Census is an example of a recent government technology fail….

Uses for the MyGov ID will trial from October – with an all-online way to get a tax file number.

Next year Centrelink services, including Newstart and Youth Allowance, will also be trialled.

Here is the organisational and technological mess that Keenan helped create…..

The Canberra Times, 29 June 2018, p.14:

The agency charged with guiding IT projects has been sidelined from major policies and is removed from the Coalition's thinking about digital reform, an inquiry into the government's $10 billion tech spend has found.

A report released on Wednesday has called for a central vision to guide the government in its IT reform and found changes to the Digital Transformation Agency had left it watching on as major tech projects hit disaster.

The inquiry found the DTA did not have the Australian Criminal Intelligence Commission's botched project to adopt biometric technology on its watchlist and that it had failed to involve itself in determining why the Education Department's Australian Apprenticeship Management System project was called off.

It was sidelined as the Department of Home Affairs took charge of cyber policy, the Prime Minister's department assumed control of data policy and the newly created Office of the Information Commissioner was created separate from the DTA, the report said.

"The evidence heard by this committee revealed an organisation that was not at the centre of government thinking about digital transformation, or responsible for the creation and enactment of a broader vision of what that transformation would look like," it said.

News.com.au, 12 June 2018:

Australians will be able to access government services with a single log-in under a plan to create a "single digital identity" by 2025.

Michael Keenan, the federal minister in charge of digital services, said face-to-face interactions with government services would be greatly reduced.

"Think of it as a 100-point digital ID check that will unlock access to almost any government agency through a single portal such as a myGov account," Mr Keenan said.

The minister wants Australia to be a world leader in digital government, with almost all services to be available online by 2025.

Mr Keenan said having 30 different log-ins for government services is not good enough.

"The old ways of doing things, like forcing our customers to do business with us over the counter, must be re-imagined and refined," he said.

People will need to establish their digital identity once before being able to use it across services.

The first of several pilot programs using a "beta" version of what will be known as myGovID will begin in October.

The initial pilot will enable 100,000 participants to apply for a tax file number online, which Mr Keenan says will reduce processing time to a day from up to a month currently.

In a pilot starting from March next year, services including student identification and Centrelink will be connected to the digital identity.

Also from March 2019, 100,000 people will be able to use their digital identity to create their My Health Record online.

Mr Keenan says one face-to-face or over-the-counter transaction costs on average about $17 to process, while an online transaction can cost less than 40 cents.

The Human Services department will operate as the gateway between service providers and people.

"This is key to protecting privacy, as the exchange will act as a double-blind - service providers will not see any of the user's ID information and identity providers will not know what services each user is accessing," Mr Keenan said.

Labor digital economy spokesman Ed Husic said the Turnbull government was responsible for a "dirty dozen" of failed digital transformation failures, including the census and tax office website crashes.

"The biggest challenge confronting the Turnbull government is to quit its addiction to glitzy digital announcements and get stuck into properly delivering these multimillion-dollar projects," Mr Husic said.

The Australian Crime Intelligence Commission has suspended the contract for its beleaguered biometric identification services project in order to renegotiate it after the contractor failed to meet the deadline for completion and the cost ran $40 million over budget.

It follows a recommendation from a scathing independent review late last year that the contract be overhauled, the project be simplified and the timeline for delivery changed.

In 2016 ACIC (then CrimTrac) contracted NEC Australia to deliver a program that would replace the national automated fingerprint identification system, adding in facial recognition, palm prints and foot prints and would be available for use by police forces around the country.

Industry news website InnovationAus reported on Wednesday that NEC contractors had been marched from ACIC's premises on Monday June 4, after being told that the project had been suspended at the start of June.
It is believed the project has been suspended until Friday, while the negotiations over the contract take place.

A PricewaterhouseCoopers report last November seen by Fairfax Media said "a chain of decisions involving all levels and stakeholders" had led to the project running behind schedule and over budget.

It recommended that the scope of the project be simplified and standardised, and called it "highly challenged" and presenting a "high risk" to the commission.
"There is low confidence in likelihood of delivery which requires focus to achieve turnaround."

Poor communication, operational silos, limited collaboration and a failure to estimate the project's complexity had blown it off-track, the report said.

The report also recommended that the existing fingerprint database contract with Morpho be extended for 12 months after its expiry last month. It is not clear whether this contract was extended as recommended……

NEC Australia was also the contractor for the failed Australian apprentice management system, which was dumped by the Department of Education and Training last month due to critical defects, also found by a report by PwC.

InnovationAus, 12 June 2018:

NEC Australia won a $52 million tender for the Biometric Identification Services project in early 2016. The project involved replacing the ACIC’s National Automated Fingerprint Identification System with a “multi-modal biometric identification” service, incorporating fingerprints, footprints and facial recognition.

But the project is running behind schedule and is understood to be returning a high amount of false positives.

ABC News, 28 May 2018:

A massive case of mistaken identity in the UK is prompting calls for a rethink on plans to use facial recognition technology to track down terrorists and traffic offenders.

"If you have technology that is not up to scratch and it is bringing back high returns of false positives then you really need to go back to the drawing board," president-elect of the Law Council of Australia Arthur Moses told AM.

The comments follow revelations a London police trial of facial recognition technology generated 104 "alerts", of which 102 were false.

The technology scanned CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in London in search of wanted criminals.

Sunday 1 July 2018

Oi! Malcolm Bligh Turnbull and every dumb-witted member of his federal government as well as every premier and member of a state or territory government – when are you all going to wake up to the fact that digital is bloody dangerous?


For literally hundreds of years now, first in colonial, then in dominion and later in federation periods, Australia has relied on a 'paper and ink' processes to decide major political votes by its eligible citizens.

By and large this system has produced reliable results with regards to the people's will.

However, in the 21st Century government's blind infatuation with digital 'innovation' is now dangerously out-of-control.

This is evidence of just the latest red flag that Australian governments have ignored ……

The Mercury online, 30 June 2018:

The personal information of about 4000 Tasmanian voters has been leaked after a data breach on a third-party website linked to express votes, the state’s Electoral Commission has revealed.

Tasmanian Electoral Commissioner Andrew Hawkey said hackers had access to the names, dates of birth, emails and postal addresses of those who applied for an express vote at the recent state and Legislative Council elections.

“Early today, the Tasmanian Electoral Commission was informed by the Barcelona-based company Typeform, that an unknown third party had gained access to one of their servers and downloaded certain information,” he said.

“Typeform online forms have been used on the TEC website since 2015 for some of its election services. The breach involved an unknown attacker downloading a backup file.

“Typeform’s full investigation of the breach identified that data collected through five forms on the TEC website had been stolen.”


The breach was identified by Typeform on June 27 and shut down within half an hour of detection, Mr Hawkey said.

“The Electoral Commission will be contacting electors that used these services in the coming days to inform them of the breach,” Mr Hawkey said.

“The Electoral Commission apologises for the breach and will re-evaluate its collection procedures and internal security elements around its storage of electoral information for future events. The breach has no connection to the national or state electoral roll.”

Mr Hawkey said some of the stolen information had previously been made public, such as candidate statements for local government by-elections.

Typeform said it had responded immediately and had fixed the source of the breach to prevent further hacks.

“We have since been performing a full forensic investigation of the incident to be certain that this cannot happen again,” a statement on the Typeform website read.

“The results that were accessed are from a partial backup dated May 3, 2018. Results collected since May 3 are therefore safe and not compromised.’

Typeform reportedly provides services for some pretty big names, including Apple, Uber, Airbnb and Forbes.

The hack comes after up to 120,000 Tasmanian job seekers may have had their personal information compromised following a data breach reported by human resources company PageUp in early June.

That site was linked to the Tasmanian Government and the University of Tasmania.
The State Government is still waiting for a further response from PageUp but it is believed the breach was limited to names, addresses, emails and phone numbers.

Friday 15 June 2018

What I learnt about NBN Co this week


It is easy to lose track of what federal government-owned NBN Co is up to these days, so I did a quick search of mainstream media reports and the company website. This is what I found.

In the nine months up to 31 March 2018 NBN Co listed $1,413 million in revenue, up from $665 million for the same period last year. Nevertheless it appears the company is operating at a loss.
NBN Co’s CEO earns est. $3.62 million per annum — approximately six times more than Prime Minister Malcolm Turnbull.

Million-dollar salary packages are paid to another four top executives.

More than 480 of NBN Co’s staff are on $200,000-plus salaries and 120 earn more than $300,000.

NBN Co paid $66 million in bonuses to its staff last financial year.

In February and March 2018 the company’s  three top executives spent almost $40,000 on business-class flights and accommodation during a trip to Spain to attend a conference.

Although NBN plans are advertised with speeds such as 25Mbps or 50Mbps, performance on fixed wireless drops in the evening and the CEO has stated that "We don't have the money to invest in this to take it above 6Mbps” – which means that many customers cannot get a decent image when streaming videos or live entertainment.

NBN Co has fobbed off customers 80,000 times since July last year – nine per cent of all scheduled appointments.

There were at least 42,510 formal complaints made about NBN services from January to December 2017.

More than one third of NBN users wish it had never happened, according to new research by finder.com.au released on 8 June 2018. Only 43 per cent of respondents still on an ADSL or cable Internet connection said they were looking forward to switching to NBN.

The basic NBN service is being redefined and entry-level retail prices for NBN broadband are set to rise.

Thursday 7 June 2018

Only 39 days to go until concerned Australian citizens can opt out of the Turnbull Government's collection of personal health information for its national database


Apparently this email is currently being sent out to registered Australian citizens.

Australian Digital Health Agency, email, 5 June 2018:

Hello,

You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.

If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.

The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.

Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.

A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.

For further information about the My Health Record, please visit the My Health Record website.

Thank you,

The My Health Record System Operator
www.digitalhealth.gov.au

[my yellow highlighting]

Friday 11 May 2018

File this under "Yet Another National Database" cross referenced wih "What Could Possibly Go Wrong?"




A massive breach of Commonweath Bank data exposed last week has raised security fears around a new national database of Australian bank customers, as Labor pushes for a delay to part of the scheme's scheduled introduction in less than two months.
The database - set to go live on July 1 - will include the details of every person who has taken out a loan or a credit card, along with their repayment history.

The Mandatory Comprehensive Credit Reporting scheme was a recommendation of the 2014 financial system inquiry and is designed to give lenders access to a deeper, richer set of data to ensure loans are only being approved for people who can afford to repay them.

The new requirements will first apply to the Commonwealth Bank, ANZ Bank, Westpac and National Australia Bank, given they account for up to 80 per cent of lending to households.

But the collection of sensitive data by private companies has raised concerns in the wake of several high-profile data breaches, including the disappearance of 20 million customers records from the Commonwealth Bank.

The Financial Rights Legal Centre and the Consumer Action Law Centre claim the financial details of millions of Australians will be vulnerable under the new scheme - which includes positive and negative credit histories.

Financial Rights Legal Centre policy officer Julia Davis said the development "was a major intrusion into our financial privacy".

"I don’t think Australians realise this is about to happen," she said.

The legislation states all credit reporting bodies must store the information on a cloud service that has been assessed by the Australian Signals Directorate. It also contains a provision allowing banks to stop supplying customer data to credit providers should there be a major security breach.

Ms Davis said the oversight was welcome but the internal systems of credit reporting bodies remained "completely opaque."

"Once that data goes live in the one place you can't put the toothpaste back in the tube," she said.

Equifax, one of the companies which will have access to the data, had its systems in the US hacked last year, exposing the personal information of 143 million Americans and triggering to the resignation of its chief executive.

It is also being sued by consumer watchdog the Australian Competition and Consumer Commission over allegations it misrepresented its product to consumers by asking them to pay for their own credit histories which are usually available online for free.

The company's general manager of external relations, Matthew Strassberg, said Equifax had "only been a marquee above the door for six months," after the US giant took over the Australian operation formerly known as Veda.

He said the credit reporting business would provide "a 360 degree picture."
"A bank will have a very deep insight into what they know of you," he told Fairfax Media.

Mr Strassberg said he recognised that Australians were concerned about data security…..