Australian FinTech companies collect your bank customer registration number and your password to access your bank accounts; and they keep that access even if you no longer use their services. Cyber security expert Manal al-Sharif explores privacy rorts.
Source: Optus Hack just tip of the iceberg. FinTechs harvest bank details and passwords, can sell them too
It is a stinker in terms of policy, and unconvincing in effect, but the wholesale, indiscriminate retention of telecommunications data continues to excite legislators and law enforcement.
In 2015, when the Data Retention Bill was introduced, advocates and those in the telecommunications industry had reason to be worried. In testimony to the Parliamentary Joint Committee on Intelligence and Security, Telstra Director of Government Relations, James Shaw, noted that the telco’s practice over peak times such as New Year’s Eve was to only retain some data for a few hours before being overwritten. This was markedly shorter than the Bill’s proposed two-year retention period.
Telstra’s Chief Information Security Officer Michael Burgess also issued a warning that such legislative requirements would embolden hackers. “We would have to put extra measures in place … to make sure that data was safe from those that should not have access to it.”
Electronic Frontiers Australia Executive Office Jon Lawrence was even more trenchant in explaining to the Joint Committee that such data retention requirements were an “unnecessary and disproportionate invasion of privacy” and would “literally be a honeypot to organised crime, to any sort of person who can potentially access it.”
Source: Data Retention and the Devotees of Mass Surveillance – » The Australian Independent Media Network
Does that mean “journalists” at Ch9 and Murdoch media who use anonimity to boost the LNP will need to reveal their sources or identify themselves? They are so often unidentified when smearing Dan Andrews or suggesting IBAC is the corrupt body? Will Peter Costello or Rupert Murdoch be declared a “publisher” and forced to reveal their hidden sources or be treated like Julian Assange. It seems Joyce and Morrison are trying to sleepwalk Australia to fascism. It wasn’t so long ago these assholes were defending Andrew Bolt’s right to to be a media racist to “free speech” and the abolition of the Racial Discrimination Act.
The RDA and the UNHCR were the rogue bodies not so long ago. Now it ICAC according to Morrison and Joyce and history teachers according to Tudge. All it takes is a language, flip turn reality into “alternative facts” or the ” big lie” Climate Science becomes a Religion according to Andrew Bolt, White Racism into Black Replacement, BLM turns White and Women’s Rights into male persecution. The do nothing LNP have merely imported Trump’s “alternative facts” when we hear Angus Taylor tell us “Net zero doesn’t mean no carbon emissions”
The federal government may try to force Facebook to gather more identification information on their users and hand it to authorities if asked, as part of Scott Morrison’s latest square-up to the social media giants. It potentially opens the door for the government to consider a controversial plan for Australians to provide 100 points of identification to keep their social media accounts – a suggestion that privacy advocates condemned. Prime Minister Scott Morrison and Deputy Prime Minister Barnaby Joyce last week suggested that Facebook and Twitter could be treated as publishers under Australian law.
Source: Government may try forcing Facebook to identify anonymous users
Law enforcement agencies have a cavalier attitude to the right to privacy and a “whatever it takes” attitude to raiding databases of personal information, writes Greg Barns. Given the treasure trove of information now available from all the Covid tracing apps, strong penalties and laws are needed to ensure evidence obtained from those apps cannot be used in legal proceedings.
Source: Privacy rights jeopardised with Covid apps tracking every move – Michael West
When the Coalition quietly changed the regulations to enable access to millions of unlisted mobile phone numbers for ‘political research’, the Liberal Party’s pollster Crosby Textor was quick out of the blocks with an application to access the database, writes Jommy Tee. Now, the lobby group closest to Scott Morrison has access to 27 million phone numbers heading into the next Federal election.
A salient point for other political parties wishing to access the database is don’t leave it too late because it may take several months to satisfy the approval conditions.
The long-suffering public may beg to differ on whether access should be granted.
A Pushy Number: Libs’ pollster Crosby Textor granted access to 27 million unlisted mobiles – Michael West
Microsoft is currently in talks with TikTok to buy out operations in the U.S., Canada, New Zealand and Australia. Considering Bill Gates and Microsoft’s massive failure with the Windows phone and in the battle with Android, they would be absolutely salivating at the prospect of owning a mobile app with over a hundred million young consumers. But will they protect private data? That prospect is highly doubtful. In early August, the Washington Post reported that Microsoft could use the data from TikTok for research and development in artificial intelligence. The only way forward is legislation that is both national and global in application and places democracy and the protection of privacy ahead of corporate interests and invasive security measures. Though with the governments of Trump, Scott Morrison and Xi Jinping, I don’t like our chances of that.
TikTok furore exposes data privacy hypocrisy in Australia and the U.S.
Unless, of course, government and regulators decide to take an active interest. On the current outlook, any such move will not be led by Australia, a country still trying to figure out an electric power policy and how to hook up a national broadband.
Unfortunately, here in the land of the Luddites, we are still struggling with the problems of the last century while Big Tech invisibly decides how we will live in the next. Alexa might know the answer, but “she’s” not telling.
“The use of biometrics projects risk on every person involved, for the rest of their lives,” said David Vaile, the chairman of the Australian Privacy Foundation. “If they’re compromised or hacked, you’re stuck with it. It’s potentially a lifelong liability for it being misused.”
With every court ruling that allows the government to operate above the rule of law, every piece of legislation that limits our freedoms, and every act of government wrongdoing that goes unpunished, we’re slowly being conditioned to a society in which we have little real control over our bodies or our lives.
Source: What Country is This?
What is privacy and what is an individual’s right to it?That is the question that renowned linguist and MIT professor Noam Chomsky, National Security Agency (NSA) whistleblower Edward Snowden, and Intercept co-founding editor Glenn Greenwald sought to answer on Friday evening as the three (virtually) shared a stage for a panel discussion at the University of Arizona in Tuscon.
Privately owned companies with revenues above $100 million should not have to publicly disclose how much tax they pay because the information could be “misused and misinterpreted” by the public.
Canadian eavesdroppers drew the line at sharing bulk metadata. Australian ones didn’t.
The latest Snowden document, revealed by Guardian Australia today, increases concern that the Defence Signals Directorate (DSD) is operating outside its legal mandate. The minutes of a policy meeting in Britain in 2008, with their US, Canadian, UK and New Zealand counterparts, reveal DSD representatives claiming that they were entitled to share the confidential data of Australians with these partners, and were even considering disclosing them to “non-intelligence agencies” without first obtaining a warrant.
This would be a breach of sections 8 and 12 of the Intelligence Services Act 2001. Snowden’s evidence that that DSD ignored this law (or was ignorant of its correct interpretation) raises the prospect that law-abiding Australians have had their personal data wrongfully collected and transmitted to bodies which may use it to damage them.
The Intelligence Services Act sets strict limits on any DSD (now ASD) activity “likely to have a direct effect on an Australian person or produce intelligence on an Australian person”. In such cases, ministerial authorisation is required (section 8) and before giving it, the minister must be satisfied that the Australian is “a person of interest” – ie involved in terrorism or espionage or serious crime. This is a vital safeguard and any unauthorised or unnecessary surveillance of an Australian is in breach of the Act (section 12).
The Snowden leak, however, suggests that in some circumstances DSD believes it can circumvent this safeguard and even offer up the fruit of its warrantless interceptions to foreign agencies.
The meeting of the five national electronic spying representatives was called in 2008 to consider whether and how to share the remarkably intimate intelligence that can be gathered from “metadata” – the log of electronic signals sent and received by individuals. “Metadata absolutely tells you everything about somebody’s life” says the NSA’s general counsel. It told, for example, that General Petraeus was having an affair with his biographer, so he could not, in puritan America, remain head of the CIA. There are doubtless quite a few Australians whom metadata tales might dob in (think Bob Hawke and Blanche d’Alpuget) without any suggestion that they have been involved in crime. It is this prospect that makes it important to ensure that DSD operates scrupulously within the law.
The minutes of the policy convention show DSD representatives insouciant about sharing metadata on Australians – so long as it had been hoovered up “unintentionally” they were happy to store and to disclose it without obtaining a warrant. This is a misinterpretation of section 8. If it has been collected unintentionally it must be destroyed. Significantly, the Canadian eavesdroppers drew the line at sharing this “bulk metadata” precisely because of Canada’s privacy laws.
There are other disquieting details in the minutes of this spooks’ convention. The parties all agreed that as a result of electronic spying breakthroughs they appear to be now collecting “medical, legal and religious, or restricted business information, which may be regarded as an intrusion of privacy (my italics)”. But there is no “may” about it – obtaining details of personal medical history counts as an invasion of privacy under every human rights treaty, whilst theft of professionally privileged legal advice is contrary to the common law. These minutes are further evidence we are slipping into an Orwellian world where the state can scoop up any electronic communication, and in which DSD thinks it can lawfully tittle-tattle on Australians to foreign agencies and is even considering disclosure to “non-intelligence agencies” – police, professional associations, employers and perhaps even to newspapers.
Snowden’s earlier revelations, in Guardian Australia and the ABC, that DSD had in 2009 targeted the mobile phones of top Indonesians, including the president’s wife, raise the question of whether it had exceeded its powers to gather information of relevance to national security, as distinct from gossip and intimate personal data. His latest revelations are more serious, raising the question of whether DSD has, since 2008, been exceeding its powers in relation to disclosing data collected on Australian citizens who are not suspected of crime. It calls for an answer to the Quis Custodiet question: who guards the guardians?
In Australia there is a parliamentary committee on intelligence and security. But it can only review matters referred by a minister or by the houses of parliament – it cannot act on its own initiative to ensure that DSD is operating within the law. There is however an inspector general of intelligence and security, a position established by special legislation in 1986 who may of her own initiative “inquire into any matter that relates to the compliance by (DSD) with the laws of the Commonwealth … or the propriety of particular activities of the agency… or a practice of that agency that is or may be inconsistent with or contrary to any human right”.
The guardian who must now guard the DSD is the current inspector general Dr Vivienne Thom, a legal academic. So far she has remained silent on the Snowden revelations and as far as the public is aware, she has not investigated the organisation for privacy invasion or excess of power in respect of those allegations. If she hasn’t, she must do so urgently and immediately, or her office will not live up to its statutory duty. The answer to the Quis Custodiet question, in Australia, will be Nemo – nobody.
• Geoffrey Robertson QC is the author of Dreaming too Loud – Reflections on a Race Apart, published this month by Random House
olddogthoughts 