Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Sunday 1 July 2018
Oi! Malcolm Bligh Turnbull and every dumb-witted member of his federal government as well as every premier and member of a state or territory government – when are you all going to wake up to the fact that digital is bloody dangerous?
For literally hundreds of years now, first in colonial, then in dominion and later in federation periods, Australia has relied on a 'paper and ink' processes to decide major political votes by its eligible citizens.
By and large this system has produced reliable results with regards to the people's will.
This is evidence of just the
latest red flag that Australian governments have ignored ……
The Mercury online, 30 June 2018:
The personal information
of about 4000 Tasmanian voters has been leaked after a data breach on a
third-party website linked to express votes, the state’s Electoral Commission
has revealed.
Tasmanian Electoral
Commissioner Andrew Hawkey said hackers had access to the names, dates of
birth, emails and postal addresses of those who applied for an express vote at
the recent state and Legislative Council elections.
“Early today, the
Tasmanian Electoral Commission was informed by the Barcelona-based company
Typeform, that an unknown third party had gained access to one of their servers
and downloaded certain information,” he said.
“Typeform online forms
have been used on the TEC website since 2015 for some of its election services.
The breach involved an unknown attacker downloading a backup file.
“Typeform’s full
investigation of the breach identified that data collected through five forms
on the TEC website had been stolen.”
The breach was
identified by Typeform on June 27 and shut down within half an hour of
detection, Mr Hawkey said.
“The Electoral
Commission will be contacting electors that used these services in the coming
days to inform them of the breach,” Mr Hawkey said.
“The Electoral
Commission apologises for the breach and will re-evaluate its collection
procedures and internal security elements around its storage of electoral
information for future events. The breach has no connection to the national or
state electoral roll.”
Mr Hawkey said some of
the stolen information had previously been made public, such as candidate
statements for local government by-elections.
Typeform said it had
responded immediately and had fixed the source of the breach to prevent further
hacks.
“We have since been
performing a full forensic investigation of the incident to be certain that
this cannot happen again,” a statement on the Typeform website read.
“The results that were
accessed are from a partial backup dated May 3, 2018. Results collected since
May 3 are therefore safe and not compromised.’
Typeform reportedly
provides services for some pretty big names, including Apple, Uber, Airbnb and
Forbes.
The hack comes after up
to 120,000 Tasmanian job seekers may have had their personal information
compromised following a data breach reported by human resources company PageUp
in early June.
That site was linked to
the Tasmanian Government and the University of Tasmania.
The State Government is
still waiting for a further response from PageUp but it is believed the breach
was limited to names, addresses, emails and phone numbers.
Thursday 7 June 2018
Only 39 days to go until concerned Australian citizens can opt out of the Turnbull Government's collection of personal health information for its national database
Apparently this email is currently being sent out to registered Australian citizens.
Australian Digital Health Agency, email, 5 June 2018:
Hello,
You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.
If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.
The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.
Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.
A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.
For further information about the My Health Record, please visit the My Health Record website.
Thank you,
The My Health Record System Operator
www.digitalhealth.gov.au
You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.
If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.
The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.
Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.
A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.
For further information about the My Health Record, please visit the My Health Record website.
Thank you,
The My Health Record System Operator
www.digitalhealth.gov.au
[my yellow highlighting]
Wednesday 16 May 2018
An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook
Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".
Healthcare IT News, 4 May 2018:
Weeks
before the anticipated announcement of the My Health Record opt out period, an
insider’s leak has claimed the Australian Digital Health Agency has decided associated
risks for consumers “will not be explicitly discussed on the website”.
As
the ADHA heads towards the imminent announcement of the three-month window in
which Australians will be able to opt out of My Health Record before being
signed up to the online health information repository, the agency was caught by
surprise today when details emerged in a blog post by GP and member of the
steering group for the national expansion of MHR, Dr Edwin Kruys.
Kruys wrote that MHR offers “clear benefits”
to healthcare through providing clinicians with greater access to discharge
summaries, pathology and diagnostic reports, prescription records and more, but
said “every digital solution has its pros and cons” and behind-the-scenes risk
mitigation has been one of the priorities of the ADHA. However, he claimed
Australians may not be made aware of the risks involved in allowing their
private medical information to be shared via the Federal Government’s system.
“It
has been decided that the risks associated with the MyHR will not be explicitly
discussed on the website,” Kruys wrote.
“This
obviously includes the risk of cyber attacks and public confidence in the
security of the data.”
The
most contentious contribution in the post related to the secondary use of
Australians’ health information, the framework of which has yet to be announced
by Health Minister Greg Hunt.
Contacted
by HITNA, the agency moved swiftly to have Kruys delete the paragraph
relating to secondary use.
In
the comment that has since been removed, Kruys wrote, “Many consumers and
clinicians regard secondary use of the MyHR data as a risk. The MyHR will
contain a ‘toggle’, giving consumers the option to switch secondary use of
their own data on or off.”
Under
the My Health Records Act 2012, health information in MHR may be
collected, used and disclosed “for any purpose” with the consent of the
healthcare recipient. One of the functions of the system operator is “to
prepare and provide de-identified data for research and public health
purposes”.
Before
these provisions of the act will be implemented, a framework for secondary use
of MHR systems data must be established.
HealthConsult
was engaged to assist the Federal Government in developing a draft framework
and implementation plan for the process and within its public consultation
process in 2017 received supportive submissions from the Australasian College
of Health Informatics, the Australian Bureau of Statistics and numerous
research institutes, universities, and clinicians’ groups.
Computerworld, 14 May 2018:
Use of both de-identified
data and, in some circumstances, identifiable data will be permitted under a
new government framework for so-called “secondary use” of data derived from the
national eHealth record system. Linking data from the My Health Record system
to other datasets is also allowed under some circumstances.
The Department of Health
last year commissioned
the development of the framework for using My Health Record data for
purposes other than its primary purpose of providing healthcare to an
individual.
Secondary use can
include research, policy analysis and work on improving health services.
Under the new framework,
individuals who don’t want their data used for secondary purposes will be
required to opt-out. The opt-out process is separate from the procedure
necessary for individuals who don’t want an eHealth
record automatically created for them (the government last year
decided to shift to an opt-out
approach for My Health Record)……
Access to the data will
be overseen by an MHR Secondary Use of Data Governance Board, which will
approve applications to access the system.
Any Australian-based
entity with the exception of insurance agencies will be permitted to apply for
access the MHR data. Overseas-based applicants “must be working in
collaboration with an Australian applicant” for a project and will not have
direct access to MHR data.
The data drawn from the
records may not leave Australia, but under the framework there is scope for
data analyses and reports produced using the data to be shared internationally……
The Department of Health
came under fire in 2016 after it released for download supposedly
anonymised health data. Melbourne University researchers were able to
successfully re-identify a range of data.
Last month the Office of
the Australian Information Commissioner revealed that health
service providers accounted for almost a quarter of the breaches reported
in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.
The Sydney Morning Herald,
14 May 2018:
Australians who don't
want a personal electronic health record will have from July 16 to October 15
to opt-out of the national scheme the federal government announced on Monday.
Every Australian will
have a My Health Record unless they choose to opt-out during the three-month
period, according to the Australian Digital Health Agency.
The
announcement follows the release of the government’s secondary use of data
rules earlier this month that inflamed concerns of patient privacy and data
use.
Under the framework,
medical information would be made available to third parties from 2020 -
including some identifying data for public health and research purposes -
unless individuals opted out.
In other news.......
The
Sydney Morning Herald,
14 May 2018:
A cyber attack on Family
Planning NSW's website has exposed the personal information of up to 8000
clients, including women who have booked appointments or sought advice
about abortion, contraception and other services.
Clients received an
email from FPNSW on Monday alerting them that their website had been hacked on
Anzac Day.
The compromised data
contained information from roughly 8000 clients who had contacted FPNSW via its
website in the past 2½ years to make appointments or give feedback.
It included the personal
details clients entered via an online form, including names, contact details,
dates of birth and the reason for their enquiries….
The website was secured
by 10am on April 26, 2018 and all web database information has been secure
since that time
SBS
News, 14 May
2018:
Clients were told Family
Planning NSW was one of several agencies targeted by cybercriminals who
requested a bitcoin ransom on April 25…..
The not-for-profit has
five clinics in NSW, with more than 28,000 people visiting every year.
The most recent Digital
Rights Watch State of Digital Rights (May 2018) report can be found here.
The report’s
8 recommendations include:
Repeal
of the mandatory metadata retention scheme
Introduction
of a Commonwealth statutory civil cause of action for serious invasions of
privacy
A
complete cessation of commercial espionage conducted by the Australian Signals
Directorate
Changes
to copyright laws so they are flexible, transparent and provide due process to
users
Support
for nation states to uphold the United Nations Convention on the Rights of the
Child in the digital age
Expand
the definition of sensitive information under the Privacy Act to specifically
include behavioural biometrics
Increase
measures to educate private businesses and other entities of their
responsibilities under the Privacy Act regarding behavioural biometrics, and
the right to pseudonymity
Introduce
a compulsory register of entities that collect static and behavioural biometric
data, to provide the public with information about the entities that are
collecting biometric data and for what purpose
The
loopholes opened with the 2011 reform of the FOI laws should be closed by
returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the
FOI Act, with the interpretation of national security as a ground for refusal
of FOI requests being reviewed and narrowed
Telecommunications
providers and internet platforms must develop processes to increase
transparency in content moderation and, make known what content was removed or triggered an account suspension.
Friday 11 May 2018
File this under "Yet Another National Database" cross referenced wih "What Could Possibly Go Wrong?"
The
Sydney Morning Herald,
6 May 2018:
A massive breach of
Commonweath Bank data exposed last week has raised security fears around a new
national database of Australian bank customers, as Labor pushes for a
delay to part of the scheme's scheduled introduction in less than two months.
The database - set to go
live on July 1 - will include the details of every person who has taken
out a loan or a credit card, along with their repayment history.
The Mandatory
Comprehensive Credit Reporting scheme was a recommendation of the 2014
financial system inquiry and is designed to give lenders access to a
deeper, richer set of data to ensure loans are only being approved for
people who can afford to repay them.
The new requirements
will first apply to the Commonwealth Bank, ANZ Bank, Westpac and National
Australia Bank, given they account for up to 80 per cent of lending to
households.
But the collection of
sensitive data by private companies has raised concerns in the wake of several
high-profile data breaches, including the disappearance of 20 million
customers records from the Commonwealth Bank.
The Financial Rights
Legal Centre and the Consumer Action Law Centre claim the financial
details of millions of Australians will be vulnerable under the new scheme -
which includes positive and negative credit histories.
Financial Rights Legal
Centre policy officer Julia Davis said the development "was a major
intrusion into our financial privacy".
"I don’t think
Australians realise this is about to happen," she said.
The legislation states
all credit reporting bodies must store the information on a cloud service that
has been assessed by the Australian Signals Directorate. It also contains a
provision allowing banks to stop supplying customer data to credit providers
should there be a major security breach.
Ms Davis said the
oversight was welcome but the internal systems of credit reporting bodies
remained "completely opaque."
"Once that data
goes live in the one place you can't put the toothpaste back in the tube,"
she said.
Equifax, one of the
companies which will have access to the data, had its systems in the US hacked
last year, exposing the personal information of 143 million Americans and
triggering to the resignation of its chief executive.
It is also being sued by
consumer watchdog the Australian Competition and Consumer Commission over
allegations it misrepresented its product to consumers by asking them to pay
for their own credit histories which are usually available online for free.
The company's general
manager of external relations, Matthew Strassberg, said Equifax had "only
been a marquee above the door for six months," after the US giant took
over the Australian operation formerly known as Veda.
He said the credit
reporting business would provide "a 360 degree picture."
"A bank will have a
very deep insight into what they know of you," he told Fairfax Media.
Mr Strassberg said he
recognised that Australians were concerned about data security…..
Wednesday 9 May 2018
Is Telstra selling customer location data? Did it ever specifically request permission from account holders?
The
Sydney Morning Herald,
4 May 2018:
Telstra is making money
by on-selling location data from its customers' mobile phones in similar deals
to a partnership with the Bureau of Statistics that caused a public backlash
last week.
The Australian Bureau of
Statistics came under fire for partnering with the telco for a study in 2016,
which used mobile phone data showing how many people were in particular suburbs
hour by hour.
Similar data is now
available for a fee, after the Location Insights program was quietly launched
by the telco in July 2016. The Australian Bureau of Statistics was the first
licensee under the program, but has not used Telstra's Location Insights since
then.
Data available to
Telstra's clients can be broken down into 15 minute increments, and
demographics broken down by age groups and gender. The smallest geographic
areas available for analysis are the same as the Australian Bureau of
Statistics' smallest statistical area, which have an average population of 400
people and could have as few as 200 people.
In a video used to
spruik the service by Telstra, potential customers are listed as local
governments and transport companies. It’s not clear how many organisations have
used the service, or what the price tag is for such information.
“Imagine if you could
know what is happening in your community, region, or city hub, every 15
minutes,” a voiceover in the Youtube video promoting the program said.
“Telstra Location
Insights builds industry-specific metrics where data sets are used for
modelling purposes and then extrapolated to estimate for the entire
population,” a Telstra spokesman said.
“These metrics are
aggregated spatially and temporally before differential privacy and
k-anonymisation are both applied to completely anonymise the data.”
This explanation is not
accepted by senior lecturer at the University of Melbourne Vanessa Teague.
“In order to know
whether those things actually work, we need to see what the parameters are and
how they're applied to the data in order to be assured that they’re applied
correctly and they work,” Dr Teague said.
Dr Teague is chair of
the Cybersecurity and Democracy Network and was part of a team of researchers
who re-identified patient health records from Pharmaceutical Benefits Scheme
data that was released by the government.
“It's possible that
[anonymising the data] has been done correctly, it's also possible that they
think it’s been done correctly but they’re wrong. And really the only way to
assess that is to get a clear and detailed technical description of what
they've done,” Dr Teague said.
“If they've done it
right then there's no reason to be secretive about the details of what they’ve
done, if they’ve done it wrong then they are better off getting a genuine open
assessment of it so they can find out sooner rather than later.”
Telstra said the use of
the information was in line with its privacy statement, which states that
customers’ information could be shared with “our dealers, our related entities
or our business or commercial partners and other businesses we work with”.
Dr Teague is sceptical about that explanation. “Just because a company holds highly sensitive information about you doesn’t mean that that data is their property that they should then be able to turnaround and sell without asking you,” she said.
Now when I read Telstra's privacy statement I do not recall that it mentioned that it would be selling mobile phone location information in SA1 statistical level data bundles captured at 15 minute intervals (as mentioned in the news article) and, that those bundles could be used to create data sets which track an individual's movements over time in relatively fine detail.
Yamba in the Clarence Valley NSW is a quiet little town with a population of approx. 6,076 persons living in 3,820 dwellings spread across est. 16 SLA1 statistical levels and in over 100 even smaller statistical Mesh Blocks.
I suspect that many Yamba residents will not be happy with the idea that Telstra Corporation Limited will alllow their movements to be tracked and their daily habits predicted if an individual, private company, government agency or political party pays them for the town's mobile phone location data.
Wednesday 2 May 2018
The man who would be prime minister
“In
terms of ministerial oversight, the portfolio has the following ministers: the
Minister for Home Affairs, who sits in the cabinet and who is also separately
sworn as the Minister for Immigration and Border Protection; the Minister for
Citizenship and Multicultural Affairs; the Minister for Law Enforcement and
Cybersecurity; and the Assistant Minister for Home Affairs. The core functions
of the department are policy, strategy, planning and coordination in relation
to the domestic security and law enforcement functions of the Commonwealth as
well as managed migration and the movement of goods across our borders…..four portfolio agencies that sit alongside the
department, which are statutorily independent, but they are within the
portfolio. They all, like me, report to the cabinet minister. The Australian
Federal Police, ACIC, AUSTRAC and Australian Border Force. That is four. Then,
with the passage of relevant legislation that is currently before the
parliament, ASIO will move across soon.” [Secretary Dept. of Home Affairs Michael
Pezullo at Senate Estimates
Hearing, Legal and Constitutional Affairs Legislation
Committee, 26 February 2018]
The
worry about concentration of political power per se and that power in inappropriate hands…….
The
Saturday Paper,
28 April 2018:
Peter
Dutton is arguably the most powerful person in the country. In his new ministry
he has oversight for national security, for the Federal Police, Border Force
and ASIO, for the law enforcement and emergency management functions of the
Attorney-General’s Department, the transport security functions of the
Department of Infrastructure, Regional Development and Cities, the
counterterrorism and cybersecurity functions of the Department of Prime
Minister and Cabinet, the multicultural affairs functions of the Department of
Social Services, and the entire Department of Immigration and Border
Protection.
It is hard to imagine any member of
federal parliament less suited to exercise the sort of powers now held by
Dutton. It is easy to argue that no minister should be entrusted with such vast
powers. But the fact that those powers are in Dutton’s hands is seriously
alarming.
Ministerial powers are subject to
limits. The rule of law means that the limits are subject to supervision by the
judicial system. Most ministers understand that. Dutton apparently does not…..
On
April 7, 2018, Dutton called for “like-minded” countries to come together and
review the relevance of the 1951 Refugee Convention.
So,
here it is: Australia’s most powerful minister is wilfully mistreating innocent
people at vast public expense. He is waging a propaganda war against refugees
and against the people who try to help them. And he is trying to persuade other
countries to back away from international human rights protection.
He
tries to make it seem tolerable by hiding it all away in other countries, so
that we can’t see the facts for ourselves. [my
yellow highlighting]
Evidence
that the community concern is justified…….
MSM
News, 29
April 2018:
Ministers
are planning to make it easier for the government to spy on its own citizens, a
leaked document has revealed.
As
it stands, the Australian Federal Police and Australian Security
Intelligence Organisation need a warrant from The Attorney-General
to access Australians' emails, bank records and text messages.
But ministers are reportedly planning
to amend the Intelligence Services Act of 2001 to allow Home Affairs Minister
Peter Dutton and Defence Minister Marise Payne to give the
orders without the country's top lawyer knowing.
The
intelligence - which could include financial transactions, health data and
phone records - would be collected by a government spy agency called the
Australian Signals Directorate.
The
plan was revealed by a leaked letter from Home Affairs Secretary Mike
Pezzullo to Defence Secretary Greg Moriarty.
The
top secret letter, written in February and seen by The Sunday Telegraph,
details a plan to 'hack into critical infrastructure' to 'proactively disrupt
and covertly remove' cyber-enabled criminals including child exploitation and
terror networks.
In
March, the plan was outlined in a ministerial submission signed by Mike
Burgess, the chief of the Australian Signals Directorate.
It
states: 'The Department of Home Affairs advises that it is briefing the
Minister for Home Affairs to write to you (Ms Payne) seeking your support for a
further tranche of legislative reform to enable ASD to better support a range
of Home Affairs priorities.'
But
a proposal to change the law has not yet been made.
A
spokesman for the Defence Minister Ms Payne said: 'There has been no request to
the Minister for Defence to allow ASD to counter or disrupt cyber-enabled
criminals onshore.'
An
intelligence source told The Sunday Telegraph that the proposals could
spell danger for Australians.
'It
would give the most powerful cyber spies the power to turn on their own
citizens,' the source said.
The
letter also outlines 'step-in' powers which could force companies to hand over
citizens' data, the source added.
The
submission says the powers would help keep Australian businesses and
individuals safe. [my yellow highlighting]
The inherent dishonesty
of the Dept. of Home Affairs…..
Secretary of Department of Home
Affairs Michael Pezullo,
Senate
Estimates, Legal and Constitutional Affairs Legislation Committee, 26
February 2018, denying the possibility of by-passing the judiciary and “the country's top lawyer”:
As I said at the last
estimates meeting of this committee, all executive power is subject to the
sovereignty of this parliament and to the supremacy of the law. In bringing the
security powers, capabilities and capacities of the Commonwealth together into
a single portfolio, these fundamentals will remain in place. All of them are
crucial attributes of liberty. I repeat what I said last year to this
committee: any contrary
suggestion that the establishment of Home Affairs will somehow create an extra
judicial apparatus of power bears no relationship to the facts or to how our
system of government works, and any suggestion that we in the portfolio are
somehow embarked on the secret deconstruction of the supervisory controls which
envelop and check executive power are nothing more than flights of
conspiratorial fancy that read into all relevant utterances the master
blueprint of a new ideology of undemocratic surveillance and social control.
[my
yellow highting]
Ministerial denial - of sorts....
When confronted by the mainstream media Dutton supported government spying on its citizens, saying he believes there is a case to be made for giving the Australian Signals Directorate more powers to investigate domestic cyber threats, with appropriate safeguards in place and "If we were to make any changes ... I would want to see judicial oversight or the first law officer (attorney-general) with the power to sign off on those warrants".
Hands up everyone in Australia who will sleep well knowing that the tsar has spoken. *crickets*
Ministerial denial - of sorts....
When confronted by the mainstream media Dutton supported government spying on its citizens, saying he believes there is a case to be made for giving the Australian Signals Directorate more powers to investigate domestic cyber threats, with appropriate safeguards in place and "If we were to make any changes ... I would want to see judicial oversight or the first law officer (attorney-general) with the power to sign off on those warrants".
Hands up everyone in Australia who will sleep well knowing that the tsar has spoken. *crickets*
Wednesday 25 April 2018
Did the Australian Bureau of Statistics spy on Telstra customers at one remove in 2016?
“…with
its near-complete coverage of the population, mobile device data is now seen as
a feasible way to estimate temporary populations” [Australian Bureau of Statistics Demographer Andrew
Howe, quoted in The
Australian Bureau of Statistics Tracked People By Their Mobile Device Data
at Medium, 23 April 2018]
Cryptoparty
founder. Amnesty Australia 'Humanitarian Media Award' recipient 2014
and activist Asher Wolf recently reported that in 2016 the Australian
Bureau of Statistics (ABS) without informing or seeking permission from
mobile phone users ran a secretive, publicly-funded tracking program via
signals emitted by the mobile phones of an unspecified number of people, in
order to find out where they travelled over the course of an unspecified number
of days and how long they stayed at each location.
A
presentation of the basic details of this pilot study was made by the ABS
researcher leading the pilot at a Spatial Information Day in
Adelaide on 11 August 2017.
A second
ABS researcher also made a presentation on the day.
Spatial
Information Day (which has the ABS as one of its sponsors) is
characterised by the organisers as
an annual educational and promotional event and was first held just on 18 years
ago.
The
Australian Bureau of Statistics was swift to reply to Asher Wolf's Medium article,
stating that it has only been supplied with hourly agregate data by the telco
(Telstra) which
did not identify individuals.
However, the aggregated data supplied to the ABS was at the second lowest SA2 Level and some of these statistcal areas have populations of well under 3,000 residents according to 2016 Census data. Which makes the task of matching names to some of the tracked population movements just that much easier for a demographer or determined hacker.
However, the aggregated data supplied to the ABS was at the second lowest SA2 Level and some of these statistcal areas have populations of well under 3,000 residents according to 2016 Census data. Which makes the task of matching names to some of the tracked population movements just that much easier for a demographer or determined hacker.
Given recent
less than transparent disclosures by data mining corporations concerning data
collection/retention practices, readers might forgive me for waiting to see if
the other shoe drops in this ABS-Telsta data mining and privacy matter.
One might say
that thanks to Ms. Wolf we are all being educated further about big data and
the ethics of data collection.
This is the
response Ms. Wolf received when she contacted privacy experts concerning the
pilot study:
“I
find this tracking of people using their telephone location data without their
knowledge and consent extremely concerning. The fact that the telecoms company
allowed this data to be handed to a third party, and then for that third party
to be a government agency compounds the breach of trust for the people whose
data was involved,” said Angela Daly, Vice Chancellor’s Senior Research Fellow
and Senior Lecturer in Queensland University of Technology’s Faculty of Law,
research associate in the Tilburg Institute for Law, Technology and Society and
Digital Rights Watch board member.
“After
the Cambridge Analytica/Facebook scandal this is yet another example of why we
need much tougher restrictions on what companies and the government can do with
our data.”
Electronic
Frontiers Australia board member Justin Warren also pointed out that while
there are beneficial uses for this kind of information, “…the ABS should be
treading much more carefully than it is. The ABS damaged its reputation with
its bungled management of the 2016 Census, and with its failure to properly
consult with civil society about its decision to retain names and addresses.
Now we discover that the ABS is running secret tracking experiments on the
population?”
“Even
if the ABS’ motives are benign, this behaviour — making ethically dubious
decisions without consulting the public it is experimenting on — continues to
damage the once stellar reputation of the ABS.”
“This
kind of population tracking has a dark history. During World War II, the US Census
Bureau used this kind of tracking information to round up Japanese-Americans
for internment. Census data was used extensively by Nazi Germany to target
specific groups of people. The ABS should be acutely aware of these historical
abuses, and the current tensions within society that mirror those earlier, dark
days all too closely.”
“The
ABS must work much harder to ensure that it is conducting itself with the broad
support of the Australian populace. Sadly, it appears that the ABS increasingly
considers itself above the mundane concerns of those outside its ivory tower.
This arrogance must end.”
“For
us to continue to trust the ABS with our most intimate details, the ABS must
maintain society’s trust. Conducting experiments on citizens without seeming to
care about our approval or consent undermines that trust.”
International
privacy advocates also raised concerns about the study.
“Data
the companies, like telcos, collect inevitably becomes very attractive to
government agencies looking to track, monitor, and survey people. Like here,
users are rarely informed, let alone consent to these uses. The impact on
privacy rights is severe: location information (especially combined with other
sensitive data) can reveal startlingly detailed information about your life
(where you live, work), connections (who you talk to or visit), preferences
(what you buy and when), and health (doctors and pharmacies frequented),”
stated Amie Stepanovich, U.S. Policy Manager for digital rights organisation
Access Now.
Read
Asher Wolf’s full article at https://medium.com/@Asher_Wolf/the-australian-bureau-of-statistics-tracked-people-by-their-mobile-device-data-and-didnt-tell-them-16df094de31
Labels:
Australian Bureau of Statistics,
data mining,
ethics,
privacy,
safety
Subscribe to:
Posts (Atom)