Four corners puts a spotlight on privacy with its program, In Google we trust.

September 11, 2013 |

Monday’s Four Corners is not the first to highlight the impact to individuals privacy with the widespread use of tracking device and data mining.  But it is an excellent introduction to the problem  using real people doing ordinary activities.  It is worth a view here.

The transcript of the program provides:

KERRY O’BRIEN, PRESENTER: Digital age, welcome to Four Corners.

It’s hardly news in this era of information rich technology that privacy is gradually being eroded, or that our digital profiles are being converted to all kinds of uses, without us having much idea of exactly what’s going on.

But tonight’s story will still startle you, because we use one fairly typical Australian family to illustrate just how the mostly innocuous tool of the internet in common use are being used globally to compile our histories, our interests, our activities, for government or commercial purposes. The cash that’s generated by corporations is mind-boggling. What governments get up to could be useful for the broad community, could be innocuous, or could be a breach of your privacy. Largely we take them on trust.

The question of course doesn’t just relate to the here and now, it relates to where we’re headed. Because the explosion of information being generated, stored and analysed is going to grow massively in the years ahead.

And it can do your head in to try to think the implications through.

Reporter Geoff Thompson presents this simple but fascinating story of a day in the life of one family in the digital age.

GEOFF THOMPSON, REPORTER: The human race now produces 28 billion gigabytes of data every day. And ninety per cent of the data currently in existence was created in just the last two years.

Australians are among the most connected people in the world.

(Pappas’s family home)

In Sydney’s Eastern Suburbs, this is the home of a family we’ll call the Pappas’s.

They are waking up and getting ready for an average day of work, school and life at home.

The five family members agreed to let us intercept and record their online data over 24 hours.

Helen and Jim are Mum and Dad.

Twenty-four year old Katerina is their eldest child, Alexi is 16 and Christina is 12.

CHRISTINA PAPPAS: Well first of all I probably check my Instagram.

GEOFF THOMPSON: Christina’s favourite things to check online are YouTube, Tumblr and Instagram.

CHRISTINA PAPPAS: I like it because like, you can check out what people are getting up to and what they’re doing, and you can usually see what celebrities are getting up to.

GEOFF THOMPSON: The Terms and Conditions of these sites say you have be at least 13 to use them.

But like most users of free internet services and mobile apps, no-one in the Pappas family ever really reads the fine print.

HELEN PAPPAS: No I don’t actually read the fine print.

ALEXI PAPPAS: I’ve never read the terms and conditions in my life, and I think they’ve deliberately, made them like 10 or 15 pages long so that people don’t actually read it. But yeah, no, I don’t read terms and conditions at all.

ALASTAIR MACGIBBON, CENTRE FOR INTERNET SAFETY, FORMER AUSTRALIAN FEDERAL POLICE OFFICER: Even if there are 156 pages of terms and conditions very conveniently though that checkbox is on page one, and I suspect that the majority of Australians have never read a privacy policy and if they had, they probably couldn’t understand it.

GEOFF THOMPSON: The morning we track the family’s activity, Christina is the busiest online. But the connections she’s making are not one way.

ALASTAIR MACGIBBON: If we think that we’re in our lounge room or bedroom engaging in the internet, that it’s just us – there’re an awful lot of people looking over your shoulder.

(Christina says bye to family as she leaves the house)

GEOFF THOMPSON: As Christina leaves for school; her data is already travelling to America, the Netherlands and Britain. Two dozen sites she never even clicked on know she likes Selena Gomez and have witnessed her peruse photos of her friends and plan a trip to the movies.

CHRISTINA: I don’t really mind because I’m not doing anything like that secret, on my accounts, so it not a big deal to me

JON OSTLER, GENERAL MANAGER, BEYOND D, DIGITAL MARKETER: So when you visit a website, you’ll be given a cookie in your browser. And that can be from that website or it could be from an app network which has placed that code on that website. They can then, using that cookie, track what you look at on the website, and then when you visit other websites that have the same technology, they can serve you ads based on the behaviour that you’ve shown across a number of websites which they’re tracking.

(Christina walking to school)

GEOFF THOMPSON: Tracking websites are following Christina unseen from the internet’s shadows, learning her online habits so that advertisers can target her more accurately.

[Talking to Jim]: What would you do if people you didn’t know were following her around like that in the real world?

JIM PAPPAS: What would I do? I’d go crazy probably; I’d be very upset, yeah.

ALASTAIR MACGIBBON: The issue of tracking a child, according to the law, they’re a child; according to most human beings they’re a child, and do these companies discriminate between the internet activity of a child and that of an adult? And the answer is no, and that does have massive social implications for us.

GEOFF THOMPSON: Popular free internet services like those offered by Google and Facebook are among the most intensive trackers of our online lives.

They know more about you than your best friend.

The two companies are less than 15 years old, but generate about $61 billion a year.

$56 billion of that is made by Google alone and 95 per cent of that income derives from targeted advertising based on your online behaviour.

ALASTAIR MACGIBBON: Unfortunately when you’re talking about free online, it usually means you’ve become the product.

TROY HUNT, INTERNET SECURITY RESEARCHER: We’re ticking the box and going ‘Yep, get me into this free service so I can get on and, and do my things’. They’re giving away the same things that we are which is, you know, something like Facebook is a free service, they’re giving away themselves, as a bit of an advertising target to begin with. They’re going to get targeted with information that, that fits their demographic. You know, that’s the nature of a free service.

(Pappas’s house)

GEOFF THOMPSON: Alexi has more apps on his phone than anyone else in the family.

TROY HUNT: I think that we sometimes forget that at the end of the day, apps are talking over the internet just like your browser is, you know maybe it’s the fact that it’s such a little device in your pocket and it’s a more comfortable sort of environment, I dunno, but at the end of the day, they’re doing the same thing that the browser on your PC is doing. The difference is you’re doing it all day long, you’re doing it while you’re sitting on the toilet you know, it can happen any time.

(Troy Hunt in the Pappas’s home talking to Alexi)

TROY HUNT: So basically as soon as you open a web page on your phone, all of those requests can be intercepted by anyone who’s sitting in the middle of the traffic.

GEOFF THOMPSON: We arranged for internet security researcher Troy Hunt to drop around to the Pappas’s home to check out Alexi’s apps.

TROY HUNT [talking to Alexi]: And we’ll look at the data that was sent, so there’s your email address and there’s your nice strong random password that has lots of good characters and length, and unfortunately this NRL app has just sent it over the internet without any protection.

GEOFF THOMPSON: Troy finds serious security flaws in three of the apps on Alexi’s phone. Apps for America’s National Basketball Association and Australia’s National Rugby League, failed to secure user information over the internet.

TROY HUNT [talking to Alexi]: So let’s take a look at Roosters, this is another good example. If we jump into say the store, and as we browse the store we can see all the traffic going through here, and say you want to grab a cap and we’ll take one of those, we’ll add that to the basket, ok, so we’ve got that in our shopping basket. Let’s now go and proceed to the checkout.

And then what we’ll do, we’ve got a bunch of dummy data in here, let’s go through and put in a dummy credit card number as well.

GEOFF THOMPSON: The worst flaw was found in the app of NRL team the Sydney Roosters.

TROY HUNT [talking to Alexi]: And what we see is that the protocol is http, so what that means is that it’s not an encrypted protocol, it means all that credit card data would be available to anyone who was able to observe the connection.

And we’ll use an expired….

That’s particularly alarming, it’s, it’s something that there are industry standards around, so that, that’s probably not real good for the Roosters. But the other thing is that when you do this in a mobile app, you don’t get to see the address bar, you don’t get to see HTTPS or a padlock or anything like that. So he could’ve used that app with the best of intentions thinking that they’d done their security right and had no idea that his credit card information was flowing around the internet unprotected.

TROY HUNT [talking to Alexi]: So what we now get is that we can see that there’s the first name, there’s the last name, the phone number, we’ve got an email address, we’ve got all the delivery data, which is probably going to be your home address, and that’s the sort of stuff attackers want in order to go and do an identity theft. And then when we go down a little bit, what we find is that here’s the credit card number, so we’ve got that, we’ve got the credit card expiry and we have got the credit card verification number, as well as obviously the name on the credit card. And what we see is that…

ALEXI PAPPAS: It just kind of shocked me a bit that the apps that I thought were official and mainstream and kind of trustworthy, they’re not, they’re not what they seem. So yeah, it’s just kind of interesting that I- that something that I trust isn’t actually, isn’t actually trustworthy at all.

TROY HUNT: So that’s a real problem with this app and it’s unfortunate when you’re sitting at a PC and you’re doing your banking or you’re doing your shopping, you get a little padlock icon and you can sort of look for that, and you get some sort of confidence in the security of the website. But you don’t get that in an app, so all you know with an app is that these guys are saying, hey trust me with your credit card details – so that one basically has not even an attempt at securing your credentials.

GEOFF THOMPSON: Since being told of their app’s security flaw by Four Corners last week, the Sydney Roosters say the problem has been fixed.

(Jim Pappas starts up his motorbike and rides it)

A self-employed financial planner, Jim Pappas can afford to wait at home until the peak hour rush into the city is over.

Like most of us he has toll tags attached to his vehicles and accepts the convenience of automatic billing in exchange for transport authorities knowing when he uses tollways.

What he doesn’t know is that when he passes some traffic lights NSW Roads and Maritime Services is downloading information from his mobile phone by scanning its Bluetooth signal.

JIM PAPPAS: I hadn’t thought about it because I didn’t know that that occurred. It’s a bit of a privacy issue there I suppose. Yeah, I wouldn’t be too happy with it, yeah, depending on who gets the information and how it’s used.

GEOFF THOMPSON: Do you feel like you should be asked permission first?

JIM PAPPAS: Absolutely.

TROY HUNT: It’s a question of what they’re actually capturing and saving, I mean the concern that I would have is are they tracking identifiable information about individuals, because if they’re tracking identifiable information and they’re doing it at multiple points, then they’re tracking everything from your personal movements, to the average speed that you could be carrying, that would be a bit of a concern to me, it’s a question though of whether it’s de-identified or not.

GEOFF THOMPSON: The RMS is collecting the MAC addresses of mobile phones at 16 sets of traffic lights in inner Sydney.

In a statement the RMS says that “no other identifying information” is captured and that “MAC addresses are anonymous data”.

MAC address stands for Media Access Control address. It’s a unique identifier of devices such as mobile phones.

TROY HUNT: think this might be one of those cases where you you wanna get a definition of personal information, is a unique device address personal information? You know, maybe it is not, but it does still track an individual’s movements, ah so whether or not they admit to actually tracking it, the capability is there.

GEOFF THOMPSON: Australia’s privacy laws do not regard MAC addresses as personal information, because they don’t easily identify a phone’s owner.

However public outrage over the collection of MAC addresses recently shut down a similar trial in London.

There, it was garbage bins carrying advertising which were recording MAC addresses from the mobile phones of passing pedestrians.

Data which might be harmless enough on its own.

DANNY O’BRIEN, ELECTRONIC FRONTIERS FOUNDATION PRIVACY ADVOCATE, SAN FRANCISCO: So bit by bit we’re having our privacy chipped away, and each of those tiny bits doesn’t seem to reveal that much about us. So to give an example from here in San Francisco, the tracking of, of cars is mainly used here to track people going over the Golden Gate Bridge because they want to pay their, their, their fee as they go over so they have a little device.

Well it didn’t take long for divorce courts here in the United States to subpoena that information because that’s a useful bit of knowledge to know about a spouse that you’re trying to collect data on. I don’t think that when we first started tracking cars in that way anyone thought about how it was gonna transform divorce proceedings. But that’s what happens. You take a little bit of this data and someone’s gonna find a use for it.

(Jim Pappas riding his motorbike)

GEOFF THOMPSON: On his way to work Jim Pappas also passes several police patrol cars. Some carry the Automatic Numberplate Recognition Technology known as ANPR.

Introduced in late 2009 ANPR cameras now sit on top of 280 police cars across NSW. They take six photos a second and almost never miss a passing plate.

SERGEANT MATT REES, NSW POLICE HIGHWAY PATROLMAN: When we were trialling it we dropped a numberplate in front of the car and as the plate fell through the air it read it. I suppose as I said…

GEOFF THOMPSON: NSW Police Highway Patrolman Sergeant Matt Rees agreed to demonstrate to us the technology’s astonishing capabilities.

(Sergeant Matt Rees in his patrol car)

SERGEANT MATT REES: I can tell that it’s hit on an unregistered car without even looking at the screen because I can hear the tone and it’s different to stolen cars and cars with warnings. The car’s fitted with three cameras – there’s two forward facing cameras on the roof and one on the side of the car, facing sideways. The cameras read the numberplates as they pass the police car. Because it works on infrared, at night I can’t even see the numberplates of cars coming towards me because of the headlights, it will still read them.

GEOFF THOMPSON: While we’re with Matt alarm bells ring for a car alongside us, which was previously used in a funeral procession for a Hells Angel motorcycle gang member.

[Directing a question to Matt] So that’s told you quite a lot of information.

SERGEANT MATT REES: Yeah that one tells me that I need to be careful if I stop that car.

GEOFF THOMPSON: For police on patrol it’s a remarkable tool, automatically identifying suspect vehicles.

SERGEANT MATT REES: Well the beauty of this system is that it frees me up to look for other things, So I can – instead of having to look for unregistered cars or stolen cars, I’ll let the cameras do that and I can look for offences like seat belts and mobile phones, traffic light offences.

GEOFF THOMPSON: But the cameras don’t only shoot offenders – every single numberplate they see is photographed and logged.

SERGEANT MATT REES: I suppose it can read thousands of plates.

GEOFF THOMPSON: In fact, ANPR cameras have taken and stored hundreds of millions of photos of cars since 2009 – more than 208 million, 799,000 of them. The NSW Police were happy to explain how they’ve obtained this vast amount of information. But they don’t want to talk at all about how it is being used.

In a written statement, the police will say only that:

POLICE STATEMENT: “The information collected by the ANPR units – car photo, registration plate number … and where and when the photo was taken – is stored in a separate data base for about five years.”

GEOFF THOMPSON: There are 5.7 million vehicles currently registered in NSW.

That means there is an average of 37 photos for every car in the State.

That’s a four year old searchable database of where you’ve been and when.

TROY HUNT: Without any confirmation to the contrary, and I can understand why they’d want to be cagey about something like this, that’s really the only conclusion you can draw right? Because we know that the data’s being collected, we know we have the technology to match a numberplate in one location to a numberplate in another location, I mean this is, this is very basic stuff. So you have to draw the conclusion that that yes they, you know, this is all getting put together at some point.

(Sound of traffic)

GEOFF THOMPSON: The NSW police statement says there are strict protocols for accessing and retrieving information, and none of it is personal.

But the police can of course routinely match numberplates with their owners.

ELIZABETH COOMBS, NSW PRIVACY COMMISSIONER: I think it’s unlikely that the majority in the community are aware of the potential of that collection, and I think many would actually be quite taken by surprise that that is occurring.

GEOFF THOMPSON: [talking to Jim Pappas] : Do you think that the police should ask you before they automatically record when you’re somewhere in your car or motorbike?

JIM PAPPAS: Definitely. We pay their wages so I’m sure they should do us the courtesy regarding privacy and, yeah I’m I definitely think they should.

GEOFF THOMPSON: As a successful businessman, Jim Pappas believes he’s got nothing to hide. But it’s not just the NSW Police or Roads and Maritime Services, which can record his data without his permission.

Dozens of other regulatory authorities can do so too, if he is suspected of committing an offence or somehow pinching from the public purse.

ALASTAIR MACGIBBON: The threshold is surprisingly low I think to people outside of the, the law enforcement and regulatory agencies. Most people would expect that it would be a warrant signed by a judge or a magistrate, and the short answer is it’s not.

GEOFF THOMPSON: Under the Telecommunications Interception and Access Act, bureaucrats in government agencies can search your metadata without a warrant and without your knowledge.

SEN. SCOTT LUDLAM, GREENS SENATOR: Yeah and it happened without anybody noticing. You’ve got to remember these, this stuff we call metadata barely existed two decades ago. The time of the Australia card debate, nobody really had heard of metadata and a whole vast categories of it simply didn’t exist.

GEOFF THOMPSON: Metadata tells them who, when, and where you’ve phoned or emailed someone.

TIMOTHY PILGRIM, AUSTRALIAN PRIVACY COMMISSIONER: Metadata can tell quite a lot about a person’s activity in terms of the times they’re transmitting and who they’re transmitting data to or having communications with, certainly it can provide quite a lot of information.

GEOFF THOMPSON: More than 3000,000 metadata requests are made each year by a growing list of agencies, for reasons they are not required to disclose.

They include Centrelink, Australia Post, local councils and the RSPCA.

SEN. SCOTT LUDLAM: That is one of the areas of law reform that we have to, I think take the greatest interest in. Which agencies can access this material? What can they do with it? And where on earth are the courts? Where are the, where’s the legal oversight that applies to a regular search warrant? Those are the democratic norms that have prevailed in Australia for a hundred years, that we need to update and bring into the digital age.

(Pappas house, Helen drives to Coles)

GEOFF THOMPSON: Back at the Pappas home, Helen is heading out to do the family’s weekly shop.

She goes to the local Coles because it’s close, easy to park and always uncrowded.

The Coles loyalty card system known as “Fly Buys” has been running since 1994.

ROB SCOTT, FINANCE DIRECTOR, COLES: Well Fly Buys is really an extension of what retailers have been doing for, for many years. If you go back 100 years ago when Coles opened its first store, the shopkeeper understood their customers by name, knew what their preferences where, what they wanted to buy and when they wanted to buy it, and that helped them tailor their offer – and really Fly Buys is an opportunity for Coles to do that at scale.

GEOFF THOMPSON: And how does it work?

ROB SCOTT: Well within Fly Buys we, we collect information that the customer provides us, an opt-in programme, and then we can send both targeted offers to the customer. It also helps inform us around what customers like in order for us to put the right products into store, and importantly it delivers significant value. So an average family, if they fully explore the opportunities of Fly Buys, could realise an additional $500 of value per year.

COLES CHECK OUT MACHINE: If you have a fly buys card, please scan it now.

GEOFF THOMPSON: But the data customers surrender in exchange for rewards has a dollar value too.

ALASTAIR MACGIBBON: Loyalty cards and reward systems are about collecting information about you. Again, it’s a perfectly legitimate thing to do, so long as you go into it with your eyes wide open.

JOHN OSTLER: The sort of products you’re buying can tell a marketer an awful lot about what you’re, what else you’re likely to buy, you know, what model of car you’re likely to buy, what, you know, political party you’re likely to vote for, you know, what sort of job you’re likely to have. And you’d be surprised about the, you know, the choices you make in the in the supermarket or wherever it might be, and what that tells marketers about who you are and what you’re likely to do next.

GEOFF THOMPSON: Helen Pappas used to be a Fly Buys member, but opted out of the program.

HELEN PAPPAS: I used to but I decided that I had too many cards in my wallet and I wasn’t really utilising it properly,

GEOFF THOMPSON: But almost seven million Australians do use Coles FlyBuys Cards and Woolworths’ “Everyday Rewards” loyalty card program boasts 6.3 million members.

QUANTIUM COMMERCIAL: Business’s compete in an ever-changing and fiercely competitive….

GEOFF THOMPSON: Earlier this year Woolworths made a bold leap into the big data space, by buying a fifty per cent stake in the data analytics company Quantium.

QUANTIUM COMMERCIAL: Today how we live leaves a trail of data, clues about out lifestyle, preferences and shopping habits.

GEOFF THOMPSON: The deal gives Woolworths access to what it calls “the full wallet” – that is an understanding of not just the buying habits of its own customers, but the customer habits of Quantium’s many other clients, including the National Australia Bank.


ALASTAIR MACGIBBON: I’m not too sure how many National Australia Bank customers have consented to another company having access to that type of information, and, and that example is one of the, I suspect, many social questions we should be asking.

GEOFF THOMPSON: Once again, both Woolworths and Quantium are only too happy to have your data, but are reluctant to discuss what they do with it.

In a written response to questions, Woolworths emphasised that the companies share only data that does not identify you.

But even without your name, your data is hugely valuable.

RICHARD BERGMAN, PWC CYBER SERVICES, ONLINE SECURITY EXPERT: A lot of companies have realised is one, there’s enormous value in them mining their own data, but there’s a lot more value that can be obtained by combining data sets.

So when you look at a retailer and you look at them analysing their loyalty programme, that’s all they see, but what they don’t see is what that customer does for the remainder of the week, where they may shop elsewhere and what other patterns and habits they have.

So if you can combine data sets and get a true representation of what your customer does when they’re not your customer, it allows you to once again focus your attention on, you know, what that customer is looking for.

(Pappas house, Helen unloading shopping from car)

GEOFF THOMPSON: Helen Pappas has just returned home with her shopping. She doesn’t spend much time on the family computer. But Helen does take advantage of the few quiet moments left in the day, before her kids get home from school.

HELEN PAPPAS: I basically check my emails and check anything that’s of concern to me immediately.

GEOFF THOMPSON: Helen uses a Yahoo account. That means her data – like the data of Gmail or Facebook users – likely passes through computer servers in the United States. Making even her emails subject to the scrutiny of US intelligence agencies.

DANNY O’BRIEN: I think the biggest worry about the international level of the internet right now, is that that data that you put into a website that’s running out of another country, usually the United States, is that it’s really out of your control and it’s out of the legal constraints of the Australian legal system too.

GEOFF THOMPSON: In June this year – it took a computer systems administrator working for America’s National Security Agency out of Hawaii, to shatter any lingering faith we had in the internet as a place where privacy is possible.

EDWARD SNOWDEN, NSA WHISTLEBLOWER: The NSA specifically targets the communications of everyone, it ingests them by default. It collects them in its system and it filters them, and it analyses them, and it measures them, and it stores them for periods of time. Simply because that’s the easiest, most efficient and most valuable way to achieve these ends.

GEOFF THOMPSON: Escaping to Hong Kong, Edward Snowden revealed the vast reach of America’s surveillance of our online lives, by accessing the data of trusted companies through programs such as PRISM.

EDWARD SNOWDEN: So while they may be intending to target someone associated with a foreign government, or someone that they suspect of terrorism, they’re collecting your communications to do so.

GEOFF THOMPSON: The world suddenly knew that decisions to trade our civil liberties for extra security were being made for us and not by us.

BARACK OBAMA, PRESIDENT OF THE UNITED STATES: We have to strike the right balance between protecting our security and preserving our freedoms.

GEOFF THOMPSON: Reaching Moscow, Snowden stayed beyond the reach of the US Government.

The same can’t be said for the data of Australians using the internet services of American companies.

DANNY O’BRIEN: US citizens have, at least in theory, some constitutional rights that protect their data from access by the US government. Those rights don’t extend to non-US persons, which means that Australian’s data, when it’s kept in the United States, has no real legal protection from the government.

ALASTAIR MACGIBBON: The implications for Australians when it comes to prisms specifically is that your metadata the, the equivalent of the front and back of the envelopes of the letters that you either send or receive, will be stripped and you know, amalgamated in, in these servers of a US government agency. For the vast bulk of us that has no implication whatsoever. If you’re doing something that either is of interest or is construed to be of interest to those intelligence agencies, then it might have quite significant implications for you.

DANNY O’BRIEN: It gets worse because, not only is there no good legal protections from the US government, ’cause the US government shares its intelligence and research with the rest of the world, including potentially the Australian government. So you have this incredible trade off where the Australian legal system has good protections to prevent data just ending up in the hands of the Australian law enforcement, without you know a good warrant or a judicial process. But that doesn’t stop the US from handing data on Australian citizens straight over to those same parties without any of those legal safeguards.

HELEN PAPPAS: I’m not feeling comfortable with the idea at all. Of course, anybody reading my emails would be very bored, but, again the fact that they can do this to anybody is cause for concern.

SEN. SCOTT LUDLAM: What’s difficult to comprehend in Australia, where both of the old parties are running dead and pretending this simply isn’t happening, is that this has caused a massive furore in the United States, across both sides of the political divide and in Europe and in Latin America and in East Asia, and in fact it only appears to be in Australia, where the major political parties are just hoping that this will all go away. In the US this is being heavily contested, politically, legally, constitutionally, and in terms of of the social rights of intelligence agencies to do what they’ve been doing.

(Katerina walking through train station)

GEOFF THOMPSON: Katerina Pappas is leaving the city where she works for a consumer advocacy group. On the way home, she’s agreed to meet a friend for coffee in Bondi Junction.

They meet at the Westfield Shopping Centre where her movements are captured on CCTV.

But Westfield’s privacy policy allows it to capture a lot more than that. It says:

WESTFIELD PRIVACY POLICY: “…where devices are able to connect to, or are identifiable by, in-centre infrastructure, we may collect data including usage, location and type of device”

GEOFF THOMPSON: Right now, Westfield has the capacity to track your devices in three of its Australian shopping centres, but says it is not doing it yet.

WESTFIELD PROMOTION: “Westfield Labs is a new division of the Westfield group …

GEOFF THOMPSON: Meanwhile, at a new research centre in San Francisco – called Westfield Labs – the company is working to perfect this technology.

WESTFIELD PROMOTION: …our focus is to discover, to develop and build applications and services within the middle of the convergence between the digital and physical shopper.”

RETAILNEXT PROMOTION: What if all systems worked as one, providing real-time data…

GEOFF THOMPSON: While Westfield plans its future, another company – RetailNext – is already there in the United States. They call it in-store tracking.

TIM CALLAN, MARKETING CHIEF, RETAILNEXT, SAN FRANCISCO: We think that one way or another Australians are gonna do this because it’s just such a basic piece of making your stores effective.

RETAILNEXT PROMOTION: With Retailnext, the comprehensive solution for gathering in-store performance data, analysing findings, and visualising key insights, you’ll know exactly how your customer behaves.

TIM CALLAN: what in-store analytics does is it takes the same kind of capabilities that e-commerce sites have had for more than a decade and it brings those to physical brick and mortar stores. So the stores can understand how many shoppers are coming in, where they’re going inside of the stores, where they’re stopping, what products or displays or parts of the store they’re engaging with, and ultimately how all of that translates to sales at the register.

[Tim showing RetailNext technology] In this case we a view from a camera that’s not in the ceiling…

GEOFF THOMPSON: RetailNext’s technology relies on the security camera networks already in shopping centres around the world.

TTIM CALLAN: If they move from the field of vision from one camera to the next, there’s software that will actually stitch those pads, we call ’em, from one camera to another and if you have full camera coverage of the store in principle, you can watch the whole store and understand what people do in the entire store.

GEOFF THOMPSON: Katerina is not comfortable with the idea of being tracked in a shopping centre.

KATERINA PAPPAS: To me it feels like the sole purpose would be to maximise money, maximise where you buy things and how much you buy, what kind of stores you go into, and I, yeah I completely, just that, doesn’t sit well. Like I don’t want to be, yeah I don’t I don’t like that.

Yeah I would want to opt in or out and have the option.

GEOFF THOMPSON: Helen is on her way to Westfield to pick Katerina up. Westfield’s parking station has been a testing ground for a new technology, which helps shoppers find their cars.

Every car parked is photographed and uploaded to a searchable mobile phone App.

In 2011 Troy Hunt discovered that the App was less than secure.

TROY HUNT: That information was made available via an iPhone App so that you could search for your vehicle, and in theory you would only see grainy photos of four possible matches. Unfortunately the way they had implemented it was that they returned much more information than that and it was possible to find all the other vehicles that were in the shopping centre.

GEOFF THOMPSON: When told about the security flaw, Westfield fixed the problem.

But without Troy Hunt alerting the company, anyone with an internet connection could keep a running tab on which cars were in the shopping centre and when.

TROY HUNT: And they would get a list of every vehicle that was currently in the car park and then they could repeat it every sixty seconds, every five minutes, whenever they wanted to, so you would get a profile of who’s coming and going and how long they’re staying.

(Pappas’s house)

GEOFF THOMPSON: As evening comes to the Pappas house, Helen and the kids are catching on the family history.

KATERINA PAPPAS: Oh that’s a really nice photo.

GEOFF THOMPSON: They still enjoy old photo albums and Mum and Dad keep a collection of old records and books.

HELEN PAPPAS: We go back to my generation, how I came to Australia, the boat I was on, I still have black and white photographs from that time.

GEOFF THOMPSON: But, like most modern families, their memories and music increasingly exist only in digital form.

KATERINA PAPPAS: There’s a sense of detachment when you look at an image on, on a screen, the screen is a very desensitised way of viewing, viewing things, viewing the world I think.

GEOFF THOMPSON: But what happens to our digital possessions when we die?

RICHARD BERGMAN: I think actually everyone thinks they do own their digital assets and I think that’s what they think they’re signing up to with the terms and conditions, and in fact most terms and conditions will attribute ownership to you whilst you’re using those assets but it does vary. So for example, with Apple and, and iTunes, your ownership is a license agreement, so technically your iTunes music, you have a license to own and operate.

But when you pass away that license agreement ends because it’s with you as an individual. So it’s not like leaving a record collection to your family members anymore. It’s actually around ‘Well what do we do with these songs that may not sit on a physical device?’

ALASTAIR MACGIBBON: The data is assumed to be owned by the companies you’ve given it to and it certainly will outlive us, and there are some quite sad examples of where families are marketed to based on data of, of deceased now deceased relatives. You know, suggestions that you connect to a person that may not be alive anymore, and there’s a new industry online being built up about what to do with your data post-death.

JON OSTLER: That is a really interesting, another really interesting new phenomenon that no-one’s really taken into to account, as far as who owns that data and what could be done with it and if it’s going to get deleted, or if it’s going to get kept. Um and yeah, I guess as a, as a society we really are in the early stages of the ultimate information technology revolution, and I don’t think anyone’s got all the answers to how it’s all going to end.

GEOFF THOMPSON: It is already virtually impossible to distinguish between our actual and our digital personalities.

Throughout the evening, members of the Pappas household take turns on the family desktop.

The data breadcrumbs they sprinkle around the world paint an increasingly detailed picture of their interests, plans and even secrets.

KATERINA PAPPAS: It’s in a sense shocking, but also at the same time it’s something that you’d expect, which I think is how a lot of things work these days.

GEOFF THOMPSON: But Katerina was surprised to learn that our logging of her data trail reveals that she’s been looking at boutique hotels in New York – where she plans to holiday – and that she’s interested in a personal loan.

KATERINA PAPPAS: I think it is private information and I think, you know, with, especially the financial part of it, if I was looking for a home loan. I think if people sell that information about me, then that that could be, yeah, really worrying.

ALEXI PAPPAS: Just before I’m going to bed you know, maybe I should be encouraging myself to read a little bit more or do something more productive. But instead I’m usually just zoned out on my phone, looking at the apps, you know, the websites and all that.

GEOFF THOMPSON: Alexi’s late-night activity on Facebook tells us – and online trackers – something about him he mostly keeps to himself.

He has an interest in graffiti.

ALEXI PAPPAS: I’d be uncomfortable if anything that I looked up on the internet that I shouldn’t have, and my parents found out about it, not from word of mouth or from what I left the tab open or something, but if they just found it out from advertising then I think that’d be a little bit scary. There’s no, there’s no escape really.

GEOFF THOMPSON: By the time the Pappas’s go to sleep, our investigation reveals that their data has been logged by hundreds of tracking sites they barely knew were watching them.


Information about us has never been so easily available, not only to our friends and employers – but also to the corporations and governments we have chosen to trust.

SEN. SCOTT LUDLAM: We have to rely on trust, and I’ve been working in politics for a decade and you have to ask yourself, do you trust these tools in the hands of government anywhere or everywhere? And I don’t.

DANNY O’BRIEN: I don’t think any social system, any government, can survive knowing everything about its citizens without ultimately that being corrupted. I mean I wouldn’t be able to take that power. I don’t think anyone would want or to take that power, um. But once you’ve got it, you’re gonna find a use for it.

KERRY O’BRIEN: And you thought you felt powerless before this story, how about now?

That’s the program for tonight, until next week, goodnight.

 On Monday morning the AM program ran a story on the very concerning practice by NSW Police to harvest and collect for 5 years data on cars using the roads in the State.  The story provides:

TONY EASTLEY: Police in New South Wales have created a giant database storing more than 200 million photographs of cars using roads across the state.

On average the database holds 37 photographs for every car registered in New South Wales, recording where the car was when the photo was taken.

Tonight’s Four Corners program on ABC1, follows the data trail of an average Australian family.

Geoff Thompson reports.

(Sound of alarm)

GEOFF THOMPSON: Alarm bells ring for New South Wales police highway patrolman Sergeant Matt Rees.

MATT REES: That one tells me that I need to be careful if I stop that car.

GEOFF THOMPSON: The black car which has pulled up alongside him at some traffic lights was seen at a funeral procession for a Hells Angel motorcycle gang member. He knows this because an iPad-like device mounted on his dashboard has automatically photographed the car’s numberplate and alerted Matt to the potential danger within.

MATT REES: There’s two forward facing cameras on the roof and one on the side of the car.

GEOFF THOMPSON: It’s called Automatic Number Plate Recognition, or ANPR, and the technology has been running since late 2009.

But it’s not just suspect vehicles which are photographed. Every single vehicle is, and the photos are being stored in a searchable database for about five years. To date, there are more than 200 million photographs – an average of 37 for every car registered in New South Wales.

The New South Wales police declined Four Corners’ request to discuss what they’re doing with that data, but said in a statement that your car’s number plate is not personal information.

The New South Wales Privacy Commissioner, Elizabeth Coombs, has told Four Corners that while the practice may not be illegal, it does have privacy implications.

ELIZABETH COOMBS: To my mind this issue raises things which are fundamental in the legislation and that’s about transparency and accountability. And the matter that you’re raising is one that I most certainly would be speaking further to police about.

GEOFF THOMPSON: And what do you want to know?

ELIZABETH COOMBS: I’d like to verify the details of what you’re outlining to me, to understand the purposes. I mean, lawful activities as I said are, are permissible underneath the, the Act and such, obviously law enforcement and unregistered vehicles, stolen vehicles fall into that, into that category.

The issues of storage of information for future use, where someone at the moment isn’t committing a crime but may in the future is not something which is envisaged in terms of the Act.

GEOFF THOMPSON: So it may present a problem for the police?

ELIZABETH COOMBS: I wouldn’t go so far and not, certainly not until we’ve had some discussions further about that.

GEOFF THOMPSON: Many people might feel that the police photographing and storing information before they have committed an offence is inappropriate. How would you respond to that?

ELIZABETH COOMBS: I think it’s unlikely that the majority in the community are aware of the potential of that collection and I think many would actually be quite taken by surprise that that is occurring and there’d be yet another proportion who’d be very concerned about it.

Whilst people want the benefits of technology, they’re also becoming increasingly concerned about the issues that need to be managed through the fact that information about them can be so easily collected or information about their appliances or vehicles can be so easily collected, and as you’re saying now, stored.

TONY EASTLEY: New South Wales Privacy Commissioner, Elizabeth Coombs. And Geoff Thompson’s full report can be seen tonight on Four Corners at 8.30 on ABC1.

This story has prompted the NSW Privacy Commissioner to seek more information about the use to which the police use information which could be used to track the lives of innocent citizens.  See the ABC story  NSW Police to be quizzed over numberplate photography data as part of report into privacy.  It provides

The privacy commissioner for New South Wales is seeking more information from police about the extent to which data from people’s everyday lives is being recorded and stored.

Elizabeth Coombs spoke to Four Corners as part of a report into the Automatic Numberplate Recognition (ANPR) technology – launched by NSW police in 2009 as a means to photograph the number plates of every vehicle they pass on the state’s roads.

Tonight’s program discusses the practice as part of its program, In Google We Trust, which examines how government agencies and private industry are gleaning data from our everyday activities by following the data trail of an average Australian family.

In it, Ms Coombs says she is eager to clarify the amount of data being taken, how much is stored and whether or not the scheme is in breach of privacy legislations.

“I think it’s unlikely that the majority in the community are aware of the potential of that collection and I think many would actually be quite taken by surprise that that is occurring,” she said.

“To my mind this issue raises things which are fundamental in the legislation, and that’s about transparency and accountability, and the matter that you’re raising is one that I most certainly would be speaking further to police about.”

NSW Police have been photographing the numberplates of vehicles – regardless of whether they are suspected of any offence – for almost four years and in that time have gathered over 200 million entries.

Three digital cameras are attached to 280 police vehicles and they automatically take the snapshots, time-stamp them before they are added to a vast repository of data which is used as a tool for investigators.

The cars are capable of capturing 1,000 images an hour and thanks to infrared technology, can operate day and night.

The technology is a powerful crime-fighting tool for police, who can scan hundreds of numberplates automatically while freeing them up to look out for other offences.

“It automatically alerts officers to unregistered, uninsured and stolen vehicles, particularly given that as of 1 January this year, registration stickers are no longer required for light vehicles,” a NSW Police spokesman told Four Corners in a written statement.

“Once alerted, officers can take the appropriate action against the driver and/or owner of the vehicle and/or confiscating the vehicle.”

The statement says no personal information is stored and that there are strict protocols and procedures in place for accessing and retrieving information.

Police can routinely match numberplate registration numbers with a vehicle’s owner.

“The information collected by the automatic numberplate recognition units – car photo, registration plate number, police vehicle serial number that captured the read, and where and when the photo was taken -is stored in a separate database for about five years.”




Leave a Reply

Verified by MonsterInsights