Peter A Clarke

The Age reports, in Australians targeted in hacker raids, on a crack down against computer hackers using Blackshades program for illegitimate purposes.

The article provides:

Australian authorities have joined a co-ordinated global crackdown on computer hackers who use software known as Blackshades for sinister purposes.

Hackers in Australia, Canada, Asia and Europe have flooded chatrooms, online forums and websites in recent days complaining about their homes being raided and Read the rest of this entry »

Portals of whatever description, government or business are key entreport to data storage systems.  Weak data security, program flaws or just obsolete structures may result in a site being hacked and personal information compromised.  Verizon in its 2014 data breach investigations report found there were 63,000 confirmed security incidents and over 4,000 breaches world wide.  A breach after known security flaws raises the prospect of a breach of APP 11 of the Privacy Act.

The Sydney Morning Herald reports in Revealed: serious flaws in myGov site exposed millions of Australians’ private information that the much vaunted MyGov website has a serious security weakness.  The potential danger of interference with sensitive personal information is clear.  APP 11 makes it clear that Read the rest of this entry »

Last night’s budget held an unwelcome development for the Information Commissioner’s office.  As in there will be no Information Commissioner come 1 January 2015.  The Privacy Commissioner, a statutory office, will move to the Human Rights Commission and work out of Sydney.

The OAIC were well and truly quick off the mark in the legacy exercise with a statement (found here) which provides:

We acknowledge the Australian Government’s Budget decision on Tuesday 13 May 2014 to disband the Office of the Australian Information Commissioner (OAIC) by 1 January 2015.

Mobile apps are notorious for being gateways into an organisation’s records.  The quality of data security is generally poor.  Sometimes worse than that.  Privacy regulators have been alive to this for some time.  Security experts for a lot longer.  But the relentless desire to be relevant on line and high expectations of consumers to access services, products or information has meant that mobile apps are becoming ubiquitous. The problem is the security architecture rarely takes first, second or third priority in the design and project expenditure.

There is another issue with mobiles, their apps and privacy in terms of information police can access without a warrant.  This issue is considered by the Economist in There’s no app for that which provides:

SUPREME Court oral arguments, some scholars say, are all show. The justices don their robes, stroke their chins and lob their questions at silver-tongued lawyers for an hour, and then vote just the way they would have voted anyway. According to Jeffrey Segal and Harold Spaeth, political scientists who study the Court, judicial “attitudes”, not the subtleties of legal principles, matter most in the justices’ decisions. Oral argument does not “regularly, or even infrequently, [determine] who wins and who loses.”

If the justices Read the rest of this entry »

During Privacy Week the Privacy Commissioner gave, or least published on the oaic website, 3 speeches: Mapping data breach notification, Privacy matters and Defining the sensor society.

They relevantly provide:

Defining the sensor society

It’s a pleasure to be here to speak to you today for Privacy Awareness Week, especially with so much going on in the privacy sphere lately.

Defining the sensor society is an ambitious and important topic for a two day conference. As Australia’s Privacy Commissioner, you will not be surprised to learn that, in my view, any discussion of this topic should have privacy and the protection of personal information at its core. And so I am encouraged to see that is the case in a number of the presentations that you will hear over the next two days.

Privacy is rarely out of the news these days. The media continues to report on exciting new technologies as well as on activities that raise privacy questions and Read the rest of this entry »

This week is Privacy Week around the world.  It is then appropriate that Pro Publica has published Privacy Tools: Encrypt What You Can.  The revelations about NSA activities in the last 12 months make it clear that some encryption programes and keys are not foolproof from government agencies but for most users encryption has to be a fundamental plank of a data security framework.  Not just encryption of emails and stored data but encryption of mobile storage devices, especially USB sticks.  The number of unencrypted devices that are lost and data exposed is quite staggering.  As can be the consequences of such a breach.  The legal liability is obvious as is the acute Read the rest of this entry »

As part of Privacy Awareness Week the Privacy Commissioner has released a guide to developing an APP privacy policy.  The Privacy Policy, if drafted properly, should be the cornerstone to a compliance structure under the Privacy Act.  To prepare a privacy policy which actually fulfills the requirements of APP 1 an APP entity will need to understand the nature of the data it collects, uses and discloses, the data flows and how it properly manages that data, including the programs, protocols and training in place.  A privacy policy is not a pro forma where an organisation fills in a gap here and completes a sentence there.  Organisations handle information in different ways, depending on the type of business/activity and the way it has developed over time.  That said some organisations have had professionals offer them a package involving a privacy policy which could only be done in the most general terms.  That misses the point, doesn’t comply with the guide, doesn’t come close to comply with the APPs and has no relationship to the privacy by design concept. The guide makes it clear that more is expected of privacy policies than is commonly the case.  The real impact of the guide is the proactive steps the Privacy Commissioner takes to have organisations meet the minimum standards.  With greater enforcement powers as of March 2014 he will Read the rest of this entry »

Australian Privacy Principle 2 provides that an organisation or agency should provide individuals with an opportunity to be anonymous or use a pseudonym except in specific situations.  It is not a default position of many organisations.   The benefits of anonymity and pseudonymity are rarely enunciated outside the tech zone.

In We Need Online Alter Egos Now More Than Ever Wired, per Judith Donath, sets out in eloquantly the benefit of on line alter egos (or pseudonymity in more technical terms).  It provides:

Online, I use my real name for many things. But sometimes, I prefer to use a pseudonym. Not because I want to anonymously harass people or post incendiary comments unscathed; no, I simply want to manage the impression I make, while still participating in diverse conversations and communities.

“Hold on!” some of you are saying. “Writing under a fake name is a form of lying. It’s cowardly and the tactic of bullies and trolls. We need to make people use their real names online to ensure civility and trust.” Indeed, whenever a new controversy about cyberbullying or anonymous rumors arises, a frequently offered “solution” is to ban anonymous comments and insist that people use real names. But this approach focuses on the wrong issue and Read the rest of this entry »

The Sydney Morning Herald in Australians’ private government details at mercy of hackers, say IT security experts reports on the flimsy state of IT security at governmental portals.  It is a sobering piece and one that should put large corporations on notice. Government traditionally gives over more resources to internet security than the private sector, banking and finance being a possible exception.

The article provides:

The private records of millions of Australians – including their doctor visits, prescription drugs, childcare and welfare payments – are at the mercy of cyber criminals because of flimsy IT security around a critical federal government website, IT security experts warn.

And they say the risk will increase from the middle of the year, when the government will make it compulsory for Australians to use the my.gov.au website to lodge their electronic tax returns, potentially also exposing their financial and banking records to hackers.

The myGov site is used by 2.5 million Australians to access Read the rest of this entry »

Personal information is the lifeblood of skiptracers, private investigators and debt collectors.  That information allows individuals to be traced and, often harassed.  The use of social engineering to extract personal information is part of the dark arts used by less ethical operators.  The UK Information Offices reports on illegal social engineering to extract by trickery.

The Information Officers press release (found here) provides:

Two men who ran a company that tricked organisations into revealing personal details about customers have today been found guilty of conspiring to breach the Data Protection Act.

Barry Spencer, 41, and Adrian Stanton, 40, ran ICU Investigations Ltd in Feltham, Middlesex. The pair were convicted at Isleworth Crown Court of conspiring to unlawfully obtain personal data. Five employees of the company Read the rest of this entry »