Recently in privacy Category
After a seminar today run by Peter Black on the use of 'Web 2.0' in teaching, Peter and Jessica Coates tried to convince me that Facebook is not, in fact, crap, and is substantially better than Myspace; which is presumably, impliedly, crap. Unless you're a ditzy teenager whose life ambition is to be on Paris Hilton's friends list and thereby gain some kind of incredibly lame validation. But I digress...
Earlier in the seminar, I'd voiced my objection to the possibility that students might be compelled to become members of some of these 'Web 2.0' services to do mandatory assessment items in some subjects. This would, of course, require those students to enter into a contractual relationship with those service providers, with associated legal liability and privacy risks. It might also constitute third line forcing, which is per-se illegal in Australia, but that's a different issue.
The concerns I raised were largely dismissed as paranoia. So, I got to thinking, exactly what is in the applicable contracts for a service like Facebook? In this posting, I dissect the Facebook 'Terms of Use'... You know, that massively long (over 6000 words), complicated, contractual document that nobody ever reads when they sign up.
Earlier in the seminar, I'd voiced my objection to the possibility that students might be compelled to become members of some of these 'Web 2.0' services to do mandatory assessment items in some subjects. This would, of course, require those students to enter into a contractual relationship with those service providers, with associated legal liability and privacy risks. It might also constitute third line forcing, which is per-se illegal in Australia, but that's a different issue.
The concerns I raised were largely dismissed as paranoia. So, I got to thinking, exactly what is in the applicable contracts for a service like Facebook? In this posting, I dissect the Facebook 'Terms of Use'... You know, that massively long (over 6000 words), complicated, contractual document that nobody ever reads when they sign up.
Continue reading Dissecting the Facebook 'Terms of Use'.
EFA has tonight issued the following press release, in relation to a story which appeared in today's Australian IT online.
Electronic Frontiers Australia (EFA) today said that the latest in a long series of embarrassing data security breaches proves that the Commonwealth government can not be trusted to maintain the security of the proposed Health Services Access Card database.
"The government has dozens of databases containing sensitive and personal information about millions of every-day Australians," said EFA Chair Dale Clapperton. "Yet the government is unable to prevent its own
employees from illegally snooping through personal records that they have no business accessing."
An article in today's Australian IT online detailed dozens of cases of public servants inappropriately accessing confidential client records have occurred in recent years in government agencies including the Australian Taxation Office, Medicare Australia, the Child Support Agency, and Centrelink.
"If the government cannot maintain the privacy of information in its existing databases, it has no business establishing a new massive database which will contain sensitive information about each and every Australian," Clapperton continued.
"The Access Card database will inevitably be a target for computer hackers or busy-bodies in the public service that have no respect for other people's privacy."
The exposure draft of the Access Card legislation contains criminal offences that would apply to public servants who inappropriately access the Access Card database, but those offences are punishable only by imprisonment for 2 years, and/or a fine of $13,200. By comparison, most of the offences that would apply to ordinary people are punishable by imprisonment for 10 years and/or a fine of $110,000.
"This disparity in levels of punishment is further proof, if any were needed, that the Commonwealth government is not taking the problem of snooping public servants seriously," Clapperton said.
"Furthermore, the vast majority of public servants who are caught abusing their access to these confidential databases never face criminal charges. They are internally disciplined or allowed to resign as a face-saving measure for the government."
"The Howard government needs to take this problem seriously, and throw the book at public servants who abuse their positions of trust in this way."
CNN is carrying a story on the growing furore concerning the "Real ID" scheme, which, as a "essential weapon in the war on terror", will introduce a de-facto national ID card. Much like the proposed Australia Card, or much like the proposed Health Services Access Card could become. Having a "Real ID" card will not -- officially -- be mandatory (much like the Access Card), but people without one will be subject to significant inconvenience. In the US, you will be unable to fly, enter federal buildings or other federal areas without a passport. In Australia, you will be unable to access public health services that your taxes pay for.
MSNBC also reports on the latest "new level of absurdity" in the US: "behaviour detection officers". These specially trained officers scrutinise the facial expressions of passengers at airports, looking for signs of fear or disgust, which can indicate a potential terrorist. Those identified by these officers will not (yet) be denied boarding based on the adverse facial assessment, but will be subject to additional security measures. Whether this means a hand-inspection of their baggage or a date with a rubber glove, is unclear. The MSNBC article correctly identifies this as absurd and Orwellian, but I think there's a much better quote from Orwell's Nineteen Eighty-Four they could have used:
MSNBC also reports on the latest "new level of absurdity" in the US: "behaviour detection officers". These specially trained officers scrutinise the facial expressions of passengers at airports, looking for signs of fear or disgust, which can indicate a potential terrorist. Those identified by these officers will not (yet) be denied boarding based on the adverse facial assessment, but will be subject to additional security measures. Whether this means a hand-inspection of their baggage or a date with a rubber glove, is unclear. The MSNBC article correctly identifies this as absurd and Orwellian, but I think there's a much better quote from Orwell's Nineteen Eighty-Four they could have used:
It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself--anything that carried with it the suggestion of abnormality, of having something to hide. In any case, to wear an improper expression on your face (to look incredulous when a victory was announced, for example) was itself a punishable offence. There was even a word for it in Newspeak: FACECRIME, it was called.
ITnews.com.au reports that four journalists and one of their family members have sued Hewlett-Packard over the "pretexting" scandal that occurred nearly a year ago.
To briefly recap the scandal, HP suspected that a board member was leaking company secrets to the media. HP engaged private investigators to try and locate the leak, and as part of that investigation -- and apparently with the knowledge of senior HP executives including Patricia Dunn, the chairperson of the HP board -- private investigators impersonated these journalists for the purpose of obtaining copies of the journalist's telephone records from their telephone providers. "Pretexting" is a euphemism for impersonation.
This caused a major scandal at the time; the US being somewhat more respectful of freedom of the press than in Australia. Dunn conceded that pretexting was wrong, but HP defended it as being "not generally unlawful". Congressional hearings were held, legislation was debated. Criminal charges were filed against Dunn and others, but went nowhere; the charges against Dunn were dismissed, three others pleaded no contest in return for a small amount of community service, and the US Department of Justice announced one conviction. A few people (including Dunn) resigned under a cloud, HP paid the state of California US$14.5 million to settle a civil action against the company, and the whole thing generally went away.
I'm happy to see that the journalists who were targeted by HP aren't content to let that be the end of things.
To briefly recap the scandal, HP suspected that a board member was leaking company secrets to the media. HP engaged private investigators to try and locate the leak, and as part of that investigation -- and apparently with the knowledge of senior HP executives including Patricia Dunn, the chairperson of the HP board -- private investigators impersonated these journalists for the purpose of obtaining copies of the journalist's telephone records from their telephone providers. "Pretexting" is a euphemism for impersonation.
This caused a major scandal at the time; the US being somewhat more respectful of freedom of the press than in Australia. Dunn conceded that pretexting was wrong, but HP defended it as being "not generally unlawful". Congressional hearings were held, legislation was debated. Criminal charges were filed against Dunn and others, but went nowhere; the charges against Dunn were dismissed, three others pleaded no contest in return for a small amount of community service, and the US Department of Justice announced one conviction. A few people (including Dunn) resigned under a cloud, HP paid the state of California US$14.5 million to settle a civil action against the company, and the whole thing generally went away.
I'm happy to see that the journalists who were targeted by HP aren't content to let that be the end of things.
