With every app you download, every web search you do and, increasingly, every product you buy, you lose more of your right to privacy and all control over what happens to your information. And no one is doing anything to stop it.
Discussing information security in the digital age at the Wheeler Centre in Melbourne this week, computing and information systems academic Vanessa Teague, lawyer Josh Bornstein and tech security strategist Rachael Falk all agreed that the private sector’s access to and use of our private information was “out of control” and that the government had made little effort to counteract it.
Bornstein said there needed to be far greater regulation, and called for a ban on the sale of private information by companies.
“Why not have a blanket prohibition on service providers on-selling private information to third parties?” asked Bornstein.
“No one signed up for it. This practice did not develop because consumers said ‘I want you to sell my information to some nong to use’.”
Teague agreed: “[This kind of] data sharing just makes everything worse, and I’m yet to hear a single convincing argument it’s in the interest of the consumer.”
Falk, who had earlier pointed out that a consumer had no bargaining power to challenge the individual sections of terms and conditions, which effectively sign away their right to privacy, agreed that she couldn’t think of a genuine benefit to consumers. When host Damien Carrick expressed surprise at such a sweeping statement, Bornstein countered that this was a sign of how far the argument had gotten out of proportion.
And while the private sector is not subject to nearly enough oversight — “they’re so massive, they can do whatever they want,” Bornstein said — Teague said the government was attempting to criminalise legitimate research into privacy issues through amendments to the Privacy Act. She gave the example of the release of a sample of medical billing records for roughly 2 million people on data.gov.au in August 2016. It was de-identified using encryption, but Teague and a team of researchers were able, fairly easily, to get around the encryption and let the government know. However, under the Re-identification Offence Bill — currently stalled in the Senate after the Greens and Labor vowed to opposed it — this research would have been a criminal offence. Teague said this was confusing the indication of a problem with the problem itself.
“I think the law is wrong,” she said. “When someone like me or my research group shows that a data set like that can be re-identified, that should be regarded as a good thing, as showing you the tip of an iceberg, and you should be a lot more worried about the iceberg than trying to stop people explaining to you what the problem is.”
She said if a small group of researchers could so easily re-identify sensitive data, it was worrying to consider what a large corporation with far greater resources and access to more private information could do with such a sample being made public.
The government’s approach to privacy was also criticised in relation to the release of Andie Fox’s private information after she criticised the Department of Human Services. Bornstein said it was “particularly egregious abuse of power.”
“It’s quite a nasty thing to do and it sends a strong message — if you want to criticise the government, you will pay a price,” he said.
The evening was peppered with worrying anecdotes of privacy breaches: a group of patients for a therapist in America, who mysteriously started receiving Facebook suggestions that they become friends with one another; cars (the make of which was tantalisingly elided) that store the footage from the front and rear cameras and the audio from the voice command feature “the Cloud”; an employer who accessed the bank information of an employee who was suing for unfair dismissal, to gauge how long they could continue to pursue their case; and more.
While the panellists differed on how best to protect any semblance of privacy in the digital age (while Bornstein argued strongly that it was only possible through stringent government regulation, Falk and Teague both favoured individual consumer push back), they were of an accord on one point: the push back had to begin immediately.