Peter A Clarke

Itgovernance compiles monthly records of data breaches and works out, often from the victim of the data breaches the number of records leaked. In January 2019 it concluded that 1,769,185,063 records were accessed. That figure is eye wateringly large and even if the Collection#1 breach is not taken into account, which involved 772,904,991 records from historic data breaches it still means just under a billion records were affected.

And into this environment of steadily more effective cyber attacks and generally inadequate protections the Australian My Health Records system will now opt in the records of about 17 million Australians. The legislation has flaws, the system has bigger flaws and the experience overseas is that these centralised digitised health records are failures. Seven Thirty did a very interesting report of the MyHealth Record system.

The biggest difference between consumer goods and apps is that consumer goods generally go through quality control checks, compliance with standards and review by regulators before being sold to the public while apps are focused getting some new or improved feature for whatever system out as quickly as possible without any external review or control. The rationale seems to be that consumer goods that are defective can harm while apps are cool and even when they don’t work what harm do they do.

Apps are often released with design flaws and commonly require patching and all manner of fixes, The recent rush by Apple to fix its Group FaceTime highlights this approach to product development. The defect permitted a person who hadn’t accepted a call through FaceTime nevertheless being heard. The flaw also permitted third party access to iPhone and iPad microcophones and video camera feed.

Facebook had a worse 2018 than Google but to a large extent that is merely a matter of degree. Facebook’s travails with its association with Cambridge Analytica and not doing much with the proliferation of false news stories planted by Russia and other actors made 2018 an annus horribilis. Google has had to deal with the phenonama of false news issues as well as years of litigation in the European Union, the UK and Australia.
It might be that Google will have a hotter time of it in 2019 with the French Regulators, the National Data Protection Commission, fining it 50 million euros for not getting valid user consent to gather data for targeted advertising. The regulators claim that Google breached the GDPR, the General Data Protection Regulation.

In July 2018 the Singaporean Government announced that there was a cyber attack which compromised the personal data of 1,495,364 people and led to outpatient prescription information for nearly 160,000 people being “exfiltrated”.

Courts generally have found the rapid changes in technology a challenge when applying and sometimes adapting legal principles. That is particularly so regarding privacy protections and when a search warrant is required. Smart phones can, and often, do contain more data than the physical contents of a person’s office, a photo collection and diary. While a search warrant is required to enter and search a house police try and often succeed in forcing a person to open their phone to prying eyes. The principle is the same even if the physical circumstances differ. There have been appalling acts of intrusion with no oversight regarding the actions of Australian Border Force officers.

Police databases are a critically important investigative tool. They enable police to locate suspects, confirm addresses, check car ownership and registration and generally access information about individuals, often provided to the many governmental agencies through compulsion. It is then concerning when police abuse their powers to access data bases. There have been reports of such breaches in Queensland and Victoria.

Data breaches of any personal information is a serious matter. The misuse of personal information can financially affect a person whose information is used for identity theft and it can have a massive impact on an organisation that suffers a data breach.  A sub set of data breaches is where the target is a public figure.  There the motivations are generally not financial.  The aimed impact is reputational and  humiliation. It can also be used to cause disruption, as was the case recently in Germany where there has been a massive hacking attack which has resulted in personal data of hundreds of German politicians have been accessed and then leaked over Twitter.  This has been reported by Wired in  A Major Hacking Spree Gets Personal for German Politicians, Reuters in German politicians’ data published online in massive breach and the Australian in Angela Merkel hit in massive data hack attack.  The focus of these breaches are to humiliate and embarrass.  The breach is a particularly pernicious form of politics.  It is curious that Read the rest of this entry »