Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Sunday 22 July 2018
Former Murdoch journalist in charge of MyHealth records –what could possibly go wrong?
Former news editor of the notorious Newscorp
publication The Sunday Times which was involved
in the UK hacking scandal, former
Executive Director of Transparency and Open
Data
in the UK Cabinet Office and then National Director for Patients and
Information and head of the toxic
government Care.data project which
stored patient medical information in a
single database. before ending up as
the commercial director of Telstra
Health in Australia, Tim Kelsey, was appointed as CEO of
the Australian Digital
Health Agency by the Turnbull Coalition Government to progress the
stalled My Health Record national
database in 2016 with a salary worth $522,240 a year.
A curriculum vitae
which may go some way to explaining why
reports
are beginning to emerge of individuals seeking to opt-out of My Health Record
finding out they have been registered by stealth in the Australian national
database some years ago.
Crikey.com.au, 18 July 2018:
The
bureaucrat overseeing My Health Record presided over a disaster-plagued
national health record system in the UK, and has written passionately about the
belief people have no right to opt out of health records or anonymity.
Tim
Kelsey is a former British journalist who moved into the electronic health
record business in the 2000s. In 2012, he was appointed to run the UK
government’s national health record system, Care.data, which was brought
to a shuddering halt in 2014 after widespread criticism
over the sale of patients’ private data to drug and
insurance companies, then scrapped altogether in 2016. By that stage,
Kelsey had moved to Telstra in Australia, before later taking
a government role. There was considerable criticism about the lack of
information around Care.data, and over 700,000 UK people opted out of the system.
Kelsey
vehemently opposed allowing people to opt out — the exact model he is
presiding over in Australia. In a 2009 article, “Long Live The Database State”, for Prospect…..
For
Kelsey, this was necessary for effective health services…….
Kelsey
also expressed his opposition to the anonymisation of data, even of the most
personal kind…...
Kelsey’s
vision was of a vast state apparatus collecting, consolidating and distributing
private information to enable an interventionist state.
Moreover,
he stated others should have access to data…..
ADHA,
Kelsey is doing little to fix his reputation for controversy. On Saturday,
ADHA released an extraordinary 1000-word attack on News Corp health journalist Sue
Dunlevy who correctly pointed out the strong risk to privacy
in the My Health Record system. The statement repeatedly criticised Dunlevy,
accusing her of “dangerous fearmongering” and being “misleading and ignorant”.
Dunlevy
had rightly noted the lack of any effective information campaign about My
Health record (exactly the criticism made of Care.data), prompting ADHA to
boast of its $114 million campaign at Australia Post shops, Department of Human
Services “access points” and letters to health practitioners. It makes you
wonder why even News Corp’s Janet Albrechtsen said she’d never heard of My Health Record until last week….
Labels:
Big Brother,
big data,
information technology,
privacy,
safety
Sunday 15 July 2018
"Bad actor" Facebook Inc given £500,000 maximum fine - any future breach may cost up to £1.4bn
The
Guardian, 11
July 20018:
Facebook is to be fined
£500,000, the maximum amount possible, for its part in the
Cambridge Analytica scandal, the information commissioner has announced.
The fine is for two
breaches of the Data Protection Act. The Information Commissioner’s Office
(ICO) concluded that Facebook failed
to safeguard its users’ information and that it failed to be transparent about
how that data was harvested by others.
“Facebook has failed to provide the kind of
protections they are required to under the Data Protection Act,” said Elizabeth
Denham, the information commissioner. “Fines and prosecutions punish the bad
actors, but my real goal is to effect change and restore trust and confidence
in our democratic system.”
In the first quarter of
2018, Facebook took £500,000 in revenue every five and a half minutes. Because
of the timing of the breaches, the ICO said it was unable to levy the penalties
introduced by the European General Data Protection (GDPR), which caps fines at
the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case,
$1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.
As one of the IT whistleblowers described the situation...
Just to sum up. 1) Facebook broke the law. 2) Cambridge Analytica broke the law. 3) Vote Leave broke the law. 4) LeaveEU broke the law. 5) Brexit and Trump were both won through breaking the law. 6) Facebook let it all happen and covered it up. https://t.co/CAOrP5rKry— Christopher Wylie 🏳️🌈 (@chrisinsilico) July 11, 2018
Labels:
data breach,
Facebook,
law,
privacy,
safety
Thursday 5 July 2018
Turnbull and Keenan botching digital transformation policy
The
Australian Minister for Human Services, Minister Assisting the Prime Minister
for Digital Transformation and Liberal MP for Stirling, 46 year-old Michael Fayat Keenan, is
all gung-ho for digital transformation.
The problem
is that he is just not good at being transformative – rather like his prime
minister.
One could almost see the trainwreck coming down the line from the moment of then Communications Minister Turnbull's initial joint announcement with then Prime Minister Tony Abbott in 2015.
Despite the obvious problems Michael Keenan will be commencing pre-rollout trials of a facial recognition program this year,
Yahoo
News, 1 July
20118:
Welfare recipients will
soon be asked to have their faces scanned before they can claim their benefits.
It is part of a new
trial of biometric security measures the government will begin within months.
Similar to how
SmartGates work at airports to check passports, government services will ask
recipients to take a photo on a computer or phone to create a MyGov ID.
The photo will then be
checked against passports and driver’s licences.
But there are questions
as to whether this information could be misused.
Australian Privacy
Foundation’s Bernard Robertson-Dunn said people needed to be assured “it works
properly” and the government “doesn’t use the technology to do things it didn’t
say it was going to do”.
Human Services Minister
Michael Keenan said on May 1 the misuse of data which could be used to “impinge
on people’s privacy” was “clearly” a concern for many Australians.
The 2016 Census is an
example of a recent government technology fail….
Uses for the MyGov ID
will trial from October – with an all-online way to get a tax file number.
Next year Centrelink
services, including Newstart and Youth Allowance, will also be trialled.
Here is the organisational and technological mess that Keenan helped create…..
The Canberra Times, 29 June 2018, p.14:
The agency charged with
guiding IT projects has been sidelined from major policies and is removed from
the Coalition's thinking about digital reform, an inquiry into the
government's $10 billion tech spend has found.
A report released on
Wednesday has called for a central vision to guide the government in its IT
reform and found changes to the Digital Transformation Agency
had left it watching on as major tech projects hit disaster.
The inquiry found the
DTA did not have the Australian Criminal Intelligence Commission's botched
project to adopt biometric technology on its watchlist and that it had failed
to involve itself in determining why the Education Department's Australian Apprenticeship
Management System project was called off.
It was sidelined as the
Department of Home Affairs took charge of cyber policy, the Prime Minister's
department assumed control of data policy and the newly created Office of the
Information Commissioner was created separate from the DTA, the report said.
"The evidence heard
by this committee revealed an organisation that was not at the centre of government
thinking about digital transformation, or responsible for the
creation and enactment of a broader vision of what that transformation would
look like," it said.
News.com.au, 12 June 2018:
Australians will be able
to access government services with a single log-in under a plan to create a
"single digital identity" by 2025.
Michael Keenan, the
federal minister in charge of digital services, said face-to-face interactions
with government services would be greatly reduced.
"Think of it as a
100-point digital ID check that will unlock access to almost any government
agency through a single portal such as a myGov account," Mr Keenan said.
The minister wants
Australia to be a world leader in digital government, with almost all services
to be available online by 2025.
Mr Keenan said having 30
different log-ins for government services is not good enough.
"The old ways of
doing things, like forcing our customers to do business with us over the
counter, must be re-imagined and refined," he said.
People will need to
establish their digital identity once before being able to use it across
services.
The first of several
pilot programs using a "beta" version of what will be known as
myGovID will begin in October.
The initial pilot will
enable 100,000 participants to apply for a tax file number online, which Mr
Keenan says will reduce processing time to a day from up to a month currently.
In a pilot starting from
March next year, services including student identification and Centrelink will
be connected to the digital identity.
Also from March 2019,
100,000 people will be able to use their digital identity to create their My
Health Record online.
Mr Keenan says one
face-to-face or over-the-counter transaction costs on average about $17 to
process, while an online transaction can cost less than 40 cents.
The Human Services
department will operate as the gateway between service providers and people.
"This is key to
protecting privacy, as the exchange will act as a double-blind - service
providers will not see any of the user's ID information and identity providers
will not know what services each user is accessing," Mr Keenan said.
Labor digital economy
spokesman Ed Husic said the Turnbull government was responsible for a
"dirty dozen" of failed digital transformation failures, including
the census and tax office website crashes.
"The biggest challenge
confronting the Turnbull government is to quit its addiction to glitzy digital
announcements and get stuck into properly delivering these multimillion-dollar
projects," Mr Husic said.
The Australian Crime
Intelligence Commission has suspended the contract for its beleaguered biometric
identification services project in order to renegotiate it after the contractor
failed to meet the deadline for completion and the cost ran $40 million over
budget.
It follows a
recommendation from a scathing independent review late last year that the
contract be overhauled, the project be simplified and the timeline for delivery
changed.
In 2016 ACIC (then
CrimTrac) contracted NEC Australia to deliver a program that would replace the
national automated fingerprint identification system, adding in facial
recognition, palm prints and foot prints and would be available for use by
police forces around the country.
Industry news website
InnovationAus reported on Wednesday that NEC contractors had been marched from
ACIC's premises on Monday June 4, after being told that the project had been
suspended at the start of June.
It is believed the
project has been suspended until Friday, while the negotiations over the contract
take place.
A PricewaterhouseCoopers
report last November seen by Fairfax Media said "a chain of decisions
involving all levels and stakeholders" had led to the project running
behind schedule and over budget.
It recommended that the
scope of the project be simplified and standardised, and called it "highly
challenged" and presenting a "high risk" to the commission.
"There is low
confidence in likelihood of delivery which requires focus to achieve
turnaround."
Poor communication,
operational silos, limited collaboration and a failure to estimate the
project's complexity had blown it off-track, the report said.
The report also
recommended that the existing fingerprint database contract with Morpho be
extended for 12 months after its expiry last month. It is not clear whether
this contract was extended as recommended……
NEC Australia was also
the contractor for the failed Australian apprentice management system, which
was dumped by the Department of Education and Training last month due to
critical defects, also found by a report by PwC.
InnovationAus, 12 June 2018:
NEC Australia won a $52
million tender for the Biometric Identification Services project in early 2016.
The project involved replacing the ACIC’s National Automated Fingerprint
Identification System with a “multi-modal biometric identification” service,
incorporating fingerprints, footprints and facial recognition.
But the project is
running behind schedule and is understood to be returning a high amount of
false positives.
ABC
News, 28 May 2018:
A massive case of
mistaken identity in the UK is prompting calls for a rethink on plans to use
facial recognition technology to track down terrorists and traffic offenders.
"If you have
technology that is not up to scratch and it is bringing back high returns of
false positives then you really need to go back to the drawing board,"
president-elect of the Law Council of Australia Arthur Moses told AM.
The comments follow
revelations a London police trial of facial recognition technology generated
104 "alerts", of which 102 were false.
The technology scanned
CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in
London in search of wanted criminals.
Labels:
Australia Card,
big data,
information technology,
Internet,
privacy,
safety
Sunday 1 July 2018
Oi! Malcolm Bligh Turnbull and every dumb-witted member of his federal government as well as every premier and member of a state or territory government – when are you all going to wake up to the fact that digital is bloody dangerous?
For literally hundreds of years now, first in colonial, then in dominion and later in federation periods, Australia has relied on a 'paper and ink' processes to decide major political votes by its eligible citizens.
By and large this system has produced reliable results with regards to the people's will.
This is evidence of just the
latest red flag that Australian governments have ignored ……
The Mercury online, 30 June 2018:
The personal information
of about 4000 Tasmanian voters has been leaked after a data breach on a
third-party website linked to express votes, the state’s Electoral Commission
has revealed.
Tasmanian Electoral
Commissioner Andrew Hawkey said hackers had access to the names, dates of
birth, emails and postal addresses of those who applied for an express vote at
the recent state and Legislative Council elections.
“Early today, the
Tasmanian Electoral Commission was informed by the Barcelona-based company
Typeform, that an unknown third party had gained access to one of their servers
and downloaded certain information,” he said.
“Typeform online forms
have been used on the TEC website since 2015 for some of its election services.
The breach involved an unknown attacker downloading a backup file.
“Typeform’s full
investigation of the breach identified that data collected through five forms
on the TEC website had been stolen.”
The breach was
identified by Typeform on June 27 and shut down within half an hour of
detection, Mr Hawkey said.
“The Electoral
Commission will be contacting electors that used these services in the coming
days to inform them of the breach,” Mr Hawkey said.
“The Electoral
Commission apologises for the breach and will re-evaluate its collection
procedures and internal security elements around its storage of electoral
information for future events. The breach has no connection to the national or
state electoral roll.”
Mr Hawkey said some of
the stolen information had previously been made public, such as candidate
statements for local government by-elections.
Typeform said it had
responded immediately and had fixed the source of the breach to prevent further
hacks.
“We have since been
performing a full forensic investigation of the incident to be certain that
this cannot happen again,” a statement on the Typeform website read.
“The results that were
accessed are from a partial backup dated May 3, 2018. Results collected since
May 3 are therefore safe and not compromised.’
Typeform reportedly
provides services for some pretty big names, including Apple, Uber, Airbnb and
Forbes.
The hack comes after up
to 120,000 Tasmanian job seekers may have had their personal information
compromised following a data breach reported by human resources company PageUp
in early June.
That site was linked to
the Tasmanian Government and the University of Tasmania.
The State Government is
still waiting for a further response from PageUp but it is believed the breach
was limited to names, addresses, emails and phone numbers.
Thursday 7 June 2018
Only 39 days to go until concerned Australian citizens can opt out of the Turnbull Government's collection of personal health information for its national database
Apparently this email is currently being sent out to registered Australian citizens.
Australian Digital Health Agency, email, 5 June 2018:
Hello,
You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.
If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.
The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.
Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.
A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.
For further information about the My Health Record, please visit the My Health Record website.
Thank you,
The My Health Record System Operator
www.digitalhealth.gov.au
You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.
If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.
The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.
Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.
A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.
For further information about the My Health Record, please visit the My Health Record website.
Thank you,
The My Health Record System Operator
www.digitalhealth.gov.au
[my yellow highlighting]
Wednesday 16 May 2018
An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook
Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".
Healthcare IT News, 4 May 2018:
Weeks
before the anticipated announcement of the My Health Record opt out period, an
insider’s leak has claimed the Australian Digital Health Agency has decided associated
risks for consumers “will not be explicitly discussed on the website”.
As
the ADHA heads towards the imminent announcement of the three-month window in
which Australians will be able to opt out of My Health Record before being
signed up to the online health information repository, the agency was caught by
surprise today when details emerged in a blog post by GP and member of the
steering group for the national expansion of MHR, Dr Edwin Kruys.
Kruys wrote that MHR offers “clear benefits”
to healthcare through providing clinicians with greater access to discharge
summaries, pathology and diagnostic reports, prescription records and more, but
said “every digital solution has its pros and cons” and behind-the-scenes risk
mitigation has been one of the priorities of the ADHA. However, he claimed
Australians may not be made aware of the risks involved in allowing their
private medical information to be shared via the Federal Government’s system.
“It
has been decided that the risks associated with the MyHR will not be explicitly
discussed on the website,” Kruys wrote.
“This
obviously includes the risk of cyber attacks and public confidence in the
security of the data.”
The
most contentious contribution in the post related to the secondary use of
Australians’ health information, the framework of which has yet to be announced
by Health Minister Greg Hunt.
Contacted
by HITNA, the agency moved swiftly to have Kruys delete the paragraph
relating to secondary use.
In
the comment that has since been removed, Kruys wrote, “Many consumers and
clinicians regard secondary use of the MyHR data as a risk. The MyHR will
contain a ‘toggle’, giving consumers the option to switch secondary use of
their own data on or off.”
Under
the My Health Records Act 2012, health information in MHR may be
collected, used and disclosed “for any purpose” with the consent of the
healthcare recipient. One of the functions of the system operator is “to
prepare and provide de-identified data for research and public health
purposes”.
Before
these provisions of the act will be implemented, a framework for secondary use
of MHR systems data must be established.
HealthConsult
was engaged to assist the Federal Government in developing a draft framework
and implementation plan for the process and within its public consultation
process in 2017 received supportive submissions from the Australasian College
of Health Informatics, the Australian Bureau of Statistics and numerous
research institutes, universities, and clinicians’ groups.
Computerworld, 14 May 2018:
Use of both de-identified
data and, in some circumstances, identifiable data will be permitted under a
new government framework for so-called “secondary use” of data derived from the
national eHealth record system. Linking data from the My Health Record system
to other datasets is also allowed under some circumstances.
The Department of Health
last year commissioned
the development of the framework for using My Health Record data for
purposes other than its primary purpose of providing healthcare to an
individual.
Secondary use can
include research, policy analysis and work on improving health services.
Under the new framework,
individuals who don’t want their data used for secondary purposes will be
required to opt-out. The opt-out process is separate from the procedure
necessary for individuals who don’t want an eHealth
record automatically created for them (the government last year
decided to shift to an opt-out
approach for My Health Record)……
Access to the data will
be overseen by an MHR Secondary Use of Data Governance Board, which will
approve applications to access the system.
Any Australian-based
entity with the exception of insurance agencies will be permitted to apply for
access the MHR data. Overseas-based applicants “must be working in
collaboration with an Australian applicant” for a project and will not have
direct access to MHR data.
The data drawn from the
records may not leave Australia, but under the framework there is scope for
data analyses and reports produced using the data to be shared internationally……
The Department of Health
came under fire in 2016 after it released for download supposedly
anonymised health data. Melbourne University researchers were able to
successfully re-identify a range of data.
Last month the Office of
the Australian Information Commissioner revealed that health
service providers accounted for almost a quarter of the breaches reported
in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.
The Sydney Morning Herald,
14 May 2018:
Australians who don't
want a personal electronic health record will have from July 16 to October 15
to opt-out of the national scheme the federal government announced on Monday.
Every Australian will
have a My Health Record unless they choose to opt-out during the three-month
period, according to the Australian Digital Health Agency.
The
announcement follows the release of the government’s secondary use of data
rules earlier this month that inflamed concerns of patient privacy and data
use.
Under the framework,
medical information would be made available to third parties from 2020 -
including some identifying data for public health and research purposes -
unless individuals opted out.
In other news.......
The
Sydney Morning Herald,
14 May 2018:
A cyber attack on Family
Planning NSW's website has exposed the personal information of up to 8000
clients, including women who have booked appointments or sought advice
about abortion, contraception and other services.
Clients received an
email from FPNSW on Monday alerting them that their website had been hacked on
Anzac Day.
The compromised data
contained information from roughly 8000 clients who had contacted FPNSW via its
website in the past 2½ years to make appointments or give feedback.
It included the personal
details clients entered via an online form, including names, contact details,
dates of birth and the reason for their enquiries….
The website was secured
by 10am on April 26, 2018 and all web database information has been secure
since that time
SBS
News, 14 May
2018:
Clients were told Family
Planning NSW was one of several agencies targeted by cybercriminals who
requested a bitcoin ransom on April 25…..
The not-for-profit has
five clinics in NSW, with more than 28,000 people visiting every year.
The most recent Digital
Rights Watch State of Digital Rights (May 2018) report can be found here.
The report’s
8 recommendations include:
Repeal
of the mandatory metadata retention scheme
Introduction
of a Commonwealth statutory civil cause of action for serious invasions of
privacy
A
complete cessation of commercial espionage conducted by the Australian Signals
Directorate
Changes
to copyright laws so they are flexible, transparent and provide due process to
users
Support
for nation states to uphold the United Nations Convention on the Rights of the
Child in the digital age
Expand
the definition of sensitive information under the Privacy Act to specifically
include behavioural biometrics
Increase
measures to educate private businesses and other entities of their
responsibilities under the Privacy Act regarding behavioural biometrics, and
the right to pseudonymity
Introduce
a compulsory register of entities that collect static and behavioural biometric
data, to provide the public with information about the entities that are
collecting biometric data and for what purpose
The
loopholes opened with the 2011 reform of the FOI laws should be closed by
returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the
FOI Act, with the interpretation of national security as a ground for refusal
of FOI requests being reviewed and narrowed
Telecommunications
providers and internet platforms must develop processes to increase
transparency in content moderation and, make known what content was removed or triggered an account suspension.
Friday 11 May 2018
File this under "Yet Another National Database" cross referenced wih "What Could Possibly Go Wrong?"
The
Sydney Morning Herald,
6 May 2018:
A massive breach of
Commonweath Bank data exposed last week has raised security fears around a new
national database of Australian bank customers, as Labor pushes for a
delay to part of the scheme's scheduled introduction in less than two months.
The database - set to go
live on July 1 - will include the details of every person who has taken
out a loan or a credit card, along with their repayment history.
The Mandatory
Comprehensive Credit Reporting scheme was a recommendation of the 2014
financial system inquiry and is designed to give lenders access to a
deeper, richer set of data to ensure loans are only being approved for
people who can afford to repay them.
The new requirements
will first apply to the Commonwealth Bank, ANZ Bank, Westpac and National
Australia Bank, given they account for up to 80 per cent of lending to
households.
But the collection of
sensitive data by private companies has raised concerns in the wake of several
high-profile data breaches, including the disappearance of 20 million
customers records from the Commonwealth Bank.
The Financial Rights
Legal Centre and the Consumer Action Law Centre claim the financial
details of millions of Australians will be vulnerable under the new scheme -
which includes positive and negative credit histories.
Financial Rights Legal
Centre policy officer Julia Davis said the development "was a major
intrusion into our financial privacy".
"I don’t think
Australians realise this is about to happen," she said.
The legislation states
all credit reporting bodies must store the information on a cloud service that
has been assessed by the Australian Signals Directorate. It also contains a
provision allowing banks to stop supplying customer data to credit providers
should there be a major security breach.
Ms Davis said the
oversight was welcome but the internal systems of credit reporting bodies
remained "completely opaque."
"Once that data
goes live in the one place you can't put the toothpaste back in the tube,"
she said.
Equifax, one of the
companies which will have access to the data, had its systems in the US hacked
last year, exposing the personal information of 143 million Americans and
triggering to the resignation of its chief executive.
It is also being sued by
consumer watchdog the Australian Competition and Consumer Commission over
allegations it misrepresented its product to consumers by asking them to pay
for their own credit histories which are usually available online for free.
The company's general
manager of external relations, Matthew Strassberg, said Equifax had "only
been a marquee above the door for six months," after the US giant took
over the Australian operation formerly known as Veda.
He said the credit
reporting business would provide "a 360 degree picture."
"A bank will have a
very deep insight into what they know of you," he told Fairfax Media.
Mr Strassberg said he
recognised that Australians were concerned about data security…..
Wednesday 9 May 2018
Is Telstra selling customer location data? Did it ever specifically request permission from account holders?
The
Sydney Morning Herald,
4 May 2018:
Telstra is making money
by on-selling location data from its customers' mobile phones in similar deals
to a partnership with the Bureau of Statistics that caused a public backlash
last week.
The Australian Bureau of
Statistics came under fire for partnering with the telco for a study in 2016,
which used mobile phone data showing how many people were in particular suburbs
hour by hour.
Similar data is now
available for a fee, after the Location Insights program was quietly launched
by the telco in July 2016. The Australian Bureau of Statistics was the first
licensee under the program, but has not used Telstra's Location Insights since
then.
Data available to
Telstra's clients can be broken down into 15 minute increments, and
demographics broken down by age groups and gender. The smallest geographic
areas available for analysis are the same as the Australian Bureau of
Statistics' smallest statistical area, which have an average population of 400
people and could have as few as 200 people.
In a video used to
spruik the service by Telstra, potential customers are listed as local
governments and transport companies. It’s not clear how many organisations have
used the service, or what the price tag is for such information.
“Imagine if you could
know what is happening in your community, region, or city hub, every 15
minutes,” a voiceover in the Youtube video promoting the program said.
“Telstra Location
Insights builds industry-specific metrics where data sets are used for
modelling purposes and then extrapolated to estimate for the entire
population,” a Telstra spokesman said.
“These metrics are
aggregated spatially and temporally before differential privacy and
k-anonymisation are both applied to completely anonymise the data.”
This explanation is not
accepted by senior lecturer at the University of Melbourne Vanessa Teague.
“In order to know
whether those things actually work, we need to see what the parameters are and
how they're applied to the data in order to be assured that they’re applied
correctly and they work,” Dr Teague said.
Dr Teague is chair of
the Cybersecurity and Democracy Network and was part of a team of researchers
who re-identified patient health records from Pharmaceutical Benefits Scheme
data that was released by the government.
“It's possible that
[anonymising the data] has been done correctly, it's also possible that they
think it’s been done correctly but they’re wrong. And really the only way to
assess that is to get a clear and detailed technical description of what
they've done,” Dr Teague said.
“If they've done it
right then there's no reason to be secretive about the details of what they’ve
done, if they’ve done it wrong then they are better off getting a genuine open
assessment of it so they can find out sooner rather than later.”
Telstra said the use of
the information was in line with its privacy statement, which states that
customers’ information could be shared with “our dealers, our related entities
or our business or commercial partners and other businesses we work with”.
Dr Teague is sceptical about that explanation. “Just because a company holds highly sensitive information about you doesn’t mean that that data is their property that they should then be able to turnaround and sell without asking you,” she said.
Now when I read Telstra's privacy statement I do not recall that it mentioned that it would be selling mobile phone location information in SA1 statistical level data bundles captured at 15 minute intervals (as mentioned in the news article) and, that those bundles could be used to create data sets which track an individual's movements over time in relatively fine detail.
Yamba in the Clarence Valley NSW is a quiet little town with a population of approx. 6,076 persons living in 3,820 dwellings spread across est. 16 SLA1 statistical levels and in over 100 even smaller statistical Mesh Blocks.
I suspect that many Yamba residents will not be happy with the idea that Telstra Corporation Limited will alllow their movements to be tracked and their daily habits predicted if an individual, private company, government agency or political party pays them for the town's mobile phone location data.
Subscribe to:
Posts (Atom)