Peter A Clarke

Australian Privacy Principle 2 provides that an organisation or agency should provide individuals with an opportunity to be anonymous or use a pseudonym except in specific situations.  It is not a default position of many organisations.   The benefits of anonymity and pseudonymity are rarely enunciated outside the tech zone.

In We Need Online Alter Egos Now More Than Ever Wired, per Judith Donath, sets out in eloquantly the benefit of on line alter egos (or pseudonymity in more technical terms).  It provides:

Online, I use my real name for many things. But sometimes, I prefer to use a pseudonym. Not because I want to anonymously harass people or post incendiary comments unscathed; no, I simply want to manage the impression I make, while still participating in diverse conversations and communities.

“Hold on!” some of you are saying. “Writing under a fake name is a form of lying. It’s cowardly and the tactic of bullies and trolls. We need to make people use their real names online to ensure civility and trust.” Indeed, whenever a new controversy about cyberbullying or anonymous rumors arises, a frequently offered “solution” is to ban anonymous comments and insist that people use real names. But this approach focuses on the wrong issue and Read the rest of this entry »

The Sydney Morning Herald in Australians’ private government details at mercy of hackers, say IT security experts reports on the flimsy state of IT security at governmental portals.  It is a sobering piece and one that should put large corporations on notice. Government traditionally gives over more resources to internet security than the private sector, banking and finance being a possible exception.

The article provides:

The private records of millions of Australians – including their doctor visits, prescription drugs, childcare and welfare payments – are at the mercy of cyber criminals because of flimsy IT security around a critical federal government website, IT security experts warn.

And they say the risk will increase from the middle of the year, when the government will make it compulsory for Australians to use the my.gov.au website to lodge their electronic tax returns, potentially also exposing their financial and banking records to hackers.

The myGov site is used by 2.5 million Australians to access Read the rest of this entry »

Personal information is the lifeblood of skiptracers, private investigators and debt collectors.  That information allows individuals to be traced and, often harassed.  The use of social engineering to extract personal information is part of the dark arts used by less ethical operators.  The UK Information Offices reports on illegal social engineering to extract by trickery.

The Information Officers press release (found here) provides:

Two men who ran a company that tricked organisations into revealing personal details about customers have today been found guilty of conspiring to breach the Data Protection Act.

Barry Spencer, 41, and Adrian Stanton, 40, ran ICU Investigations Ltd in Feltham, Middlesex. The pair were convicted at Isleworth Crown Court of conspiring to unlawfully obtain personal data. Five employees of the company Read the rest of this entry »

Digging into the past of a political opponent has been a practice Read the rest of this entry »

Verizon has been publishing annual reports of data breaches since 2000.  It is a very useful publication as it quantifies data breaches, security interests both overall and by industry.  It also maps trends and threats.  For those interested in information security and privacy it should be mandatory reading.  If there is any time left in the day the CISCO annual security report is also a very useful resource (found here).  Both are invaluable for privacy practitioners in preparing policies, training programs and protocols following the Privacy By Design methodology to comply with the Australian Privacy Principles in particular and the Privacy Act 1988 in general.

The 2014 Verizon report (found here) states that there have been 1,367 confirmed data breaches with 63,437 security incidents

The Canberra Times has piece on the report, Revamped Verizon security report to help funnel funds into the right holes, provides as follows:

Cyber security threats vary according to industry sector, a report has found.

After analysing more than 63,000 security incidents that took place in 2013, Verizon’s annual Data Breach Investigations Report, used by corporations and governments worldwide as a benchmark of cyber security, or lack thereof, has come to a new conclusion.

The 2014 edition released on Tuesday analysed more than 63,000 incidents and 1361 data breaches as reported by 50 organisations in 95 countries, including computer emergency response teams (CERTs) and law enforcement agencies.

Rather than isolating one or two main attack vectors, the analysis was able to Read the rest of this entry »

The Australian in Apology to veteran for privacy breach reports on what appears to be a fairly serious privacy breach by the Department of Veterans Affairs.

It provides:

THE Department of Veterans Affairs’ Affairs has apologised to a former army sergeant after a private company employed by the fed­eral government obtained confi­dential information about his claim for medical compensation.

The admission has brought Read the rest of this entry »

 The World Today has reported on the coverage by most media outlets in photographing the Duke and Duchess of Cambridge enjoying private time on private property, the Government House at Yarralumla, yesterday.  Quite disappointing given the World Today reports in Privacy debate swirls after Royal pics published that media outlets were specifically asked to respect the Royals privacy.  That request was clearly ignored.

The story provides:

ASHLEY HALL: A move by sections of the Australian media to broadcast private footage of the Duke and Duchess of Cambridge and Prince George has sparked another privacy debate.

The Royals are spending the afternoon in the Red Centre today. Yesterday was an official rest day, which they spent in the grounds of Government House at Yarralumla in Canberra.

But despite the appeals for privacy, images of the Duchess playing with her son and walking hand in hand with Prince William were broadcast on television news services last night and printed in Australian newspapers this morning.

The media outlets ignored a request from Kensington Palace not to use the images, as Stephanie Smail reports.

STEPHANIE SMAIL: Photographs and footage of the Duke and Duchess of Cambridge and their bouncing baby boy have flooded the Australian media since they arrived last week.

Their official outings have Read the rest of this entry »

On 26 January 2014, in Another data breach involving large US arts and crafts retailer, I posted on Michaels a craft chain store detecting a data breach. It had notified the FBI and was investigating.  There has been some further information provided.  In Michaels says nearly 3 million customers hit by data breach, the Washington Post reports that the data breach involved the theft of information from 3 million customers.  What is clear from the story is that the information security system was woefully inadequate and remained so for a month after the announcement of the data breach.

It provides:

Michaels has confirmed that credit and debit card information was stolen from 3 million customers who shopped at some of its stores during an eight-month period.

The craft-store chain initially confirmed Read the rest of this entry »

In Canadian teen arrested for stealing tax data with Heartbleed the Age reports on a verifiable misuse of Heartbleed to steel personal data from the Canadian Revenue Agency.

It provides:

Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the Heartbleed bug to steal taxpayer data from a government website.

In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.

The suspect, Read the rest of this entry »

The UK Telegraph reports in Hackers steal 500k patient records from Harley Medical Group that personal information relating to 480,000 patients of the Harley Medical Group have been accessed by hackers.  Medical records are defined as sensitive information in the Privacy Act 1988.  They are universally regarded as very confidential and the breach or misuse of medical files is generally regarded as in the category of the most serious privacy breaches.  Doctor patient confidentiality is part of the canon of medical ethics, has long been recognised at common law and, relatively, more recently received statutory recognition. That of course doesn’t prevent general practitioners and surgeons to make mistakes with patient records.  Where the real problems arise is the management of records by private health organisations, be they medical groups, insurers, hospitals or agencies and departments.  With those groups there is a danger of treating patient records as just another form of data.  Which they are most definitely not.  Regulators take a very dim view of data breaches of medical records.  As they should.  It will be interesting to see how the Privacy Commissioner exercises his newly acquired powers when there is a breach of medical confidentiality through a breach of security or other form of interferences with privacy.

The article provides: