October 13, 2015

The Telecommunications (interception and access)  amendment (data retention) Act 2015 (the “Data Retention Act”) comes into force today.  The political fight is over.  The issue is now operation, compliance and regulation.

The Attorney General issued a media release providing:

 The Government welcomes the commencement of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 today. Read the rest of this entry »

Conviction of journalist for hacking Los Angeles times highlights internal threat issues in privacy protection

October 9, 2015

The high profile conviction of Matthew Keys for assisting hackers break into the Los Angeles Times website and deface a headline highlights the need for organisations to maintain adequate controls and processes. Insider interference with cyber security is Read the rest of this entry »

European Aviation Safety Agency releases proposals for regulating drones in Europe

Last month the European Aviation Safety Agency (EASA) has released a discussion paper titled Proposal to create common rules for operating drones in Europe in which it sets out 33 proposals for the use of drones. As is often Read the rest of this entry »

End of Safe Harbour agreement between the USA and the European Union after Court of Justice of the European Union yesterday?

October 7, 2015

The press release says it all –The Court of Justice declares that the Commission’s US Safe Harbour Decision is invalid.   The decision, officially titled Maximillian Schrems v Data Protectin Commissioner is found here.  The Safe Harbour agreement was the basis by which data could be transferred from the EU to the USA in compliance, or that was the theory, with  EU data regulations.  As to how effective it did this was always the issue and the Federal Trade Commission was kept busy prosecuting organisations that did not comply with the Safe Harbour Agreement.

The issue is how will this impact data transfers in Read the rest of this entry »

Linked In settles privacy class action

October 6, 2015

The Itnews reports in LinkedIn to pay $18.3m in email class action settlement that there has been a settlement of a class action against Linked In arising from its practice of accessing email accounts of users and sending invitation to their contacts without prior or any consent.   The article provides:

Networking site LinkedIn has agreed to pay US$13 million (A$18.3 million) to customers for sending out emails on their behalf.  Read the rest of this entry »

The problems with passwords in data protection..time for two factor authentication

October 4, 2015

Passwords are a perennial weakness in data security.  There are no shortage of stories mocking the passwords that people use (such as Top 10 Dumbest Passwords Ever and How Many People Still Use Them, ‘696969’ and 24 more of the dumbest passwords of 2014 and Whatever you do, please don’t use these dumb passwords just to list a few) and some of the passwords chosen would make a cat smile.  The answer is not more mockery and Read the rest of this entry »

Obfuscation and privacy

I am currently reading a fascinating book Obfuscation A User’s Guide for Privacy and Protest which considers and advocates means of reducing digital surveillance by means of adding ambiguous and confusing information so as to interfere with clean data collection by whoever, be they government or retailers.  It has been well received (see review here). The concept is not extraordinary or particularly new (see here) as researchers have been aware for some time that releasing raw data can, with the appropriate algorithms be used to identify individuals.  The points of reference required are startling few.  Adding confusing and misleading data within raw or refined data makes it much more difficult to do that.   It is a complementary approach to protecting one’s privacy.  It is not substitution for adequate privacy regulation and enforcement, both of which remain lacking in Australia at both a Federal and State level. The reality is that for some adopting this approach is too complicated or just too much like hard work.  The default should be proper opt ins rather than opt outs in collection protocols.
Read the rest of this entry »

The myth of people being comfortable giving up their privacy

October 3, 2015

There is a prevailing view amongst business advocates and organisations that people are prepared to give up their privacy, or at least be content that their personal information is being collected and analysed, where they obtain benefits from retail and internet.  The corollary of that assertion, because the evidence is scant, is usually that there is no need pressing, or any, need for privacy protections and a visceral hostility to enhancing privacy protections.  As recently as this week I heard a variation of this spiel.  Apart from being illogical it is not supported by any facts.  As the Atlantic makes clear in Americans Love Technology—but They Want Their Privacy Back it is not an either, technology, or, privacy, argument.  It never has been.  And it Read the rest of this entry »

Drones linked to VR headsets

The development of drone technology moves apace.  Now drones are being operated by and tied to virtual reality goggles worn by the operator as reported by Slate in A Drone Linked to a VR Headset Lets You Explore the Sky, Almost for Real Interestingly the article highlights one of the drone’s features as permitting the user to map out a flight plan, something that has been possible for a while but not commonly available, while another system swaps batteries itself when one runs of out power.  That is a huge development as Read the rest of this entry »

David Jones suffers data breach with customer information compromised

October 2, 2015

Following hot on the heels of Kmart announcing a data breach David Jones has started notifying customers today that there has been a large scale data breach of its website.  Itnews covers the story in David Jones website hacked, customer data stolen & the Age in David Jones says third party accessed ‘limited’ customer information. The PM program covered the story in Department store David Jones says customer details stolen in data breach with the transcript provides:

PETER LLOYD: The personal and private details of customers of retailer David Jones are in the hands of criminals who hacked the company’s computer system. But DJs insists no credit card information or passwords were stolen.

It’s also happened recently to K-Mart and the privacy commissioner says there has been a huge jump in reports of computer hacking to steal data over the last year. Read the rest of this entry »