Paul Wallbank – Brilliant Communications

Category: privacy

  • Clawing back our data – Telstra makes metadata available to customers

    Clawing back our data – Telstra makes metadata available to customers

    Today Australian incumbent telco announced a scheme to give customers access to their personal metadata being stored by the company.

    In a post on the company’s Telstra Exchange blog the company’s Chief Risk Officer, Kate Hughes described how the service will work with a standard enquiry being free through the web portal with more complex queries attracting of fee of $25 or more.

    The program is a response to the Australian Parliament’s controversial intention to introduce a mandatory data retention regime which will force telcos and ISPs to retain a record of customer’s connection information.

    We believe that if the police can ask for information relating to you, you should be able to as well.

    At present the scheme is quite labor intensive, a request for information involves a great deal of manual processing under the company’s current systems however Hughes is optimistic they will be able to deal with the workload.

    “We haven’t yet built the system that will enable us to quickly get that data,” Hughes told this website in an interview after the announcement. “If you came to us today and asked for that dataset it wouldn’t be a simple request.”

    The metadata opportunity

    In some respects the metadata proposal is an opportunity for the company to comply with the requirement of the Australian Privacy Principles that were introduced last year where companies are obliged to disclose to their customers any personally identifiable information they hold.

    For large organisations like Telstra this presents a problem as it’s difficult to know exactly what information every arm of the business has been collecting. Putting the data into a centralised web portal makes it easier to manage the requirements of various acts.

    That Telstra is struggling with this task illustrates the problems the data retention proposals present to smaller companies with far fewer resources to gather, store and manage the information.

    Unclear requirements

    Another problem facing Hughes, Telstra and the entire Australian communications industry is no-one is quite clear exactly what data will be required under the act, the legislation proposed the minister can declare what information should be retained while the industry believes this should be hard coded into the act which will make it harder for governments to expand their powers.

    What is clear is that regardless of what’s passed into law, technology is going to stay ahead of the legislators, “I do think though this will be very much a ‘point in time’ debate,” Hughes said. “Metadata will evolve more quickly than this legislation can probably keep pace with so I think we will find ourselves back here in two years.”

    In many ways Australia’s metadata proposals illustrates the problems facing governments and businesses in managing data during an era where its growing exponentially, it may well turn out for telcos, consumers and government agencies that ultimately less is more.

    Similar posts:

  • Reducing big data risks by collecting less

    Reducing big data risks by collecting less

    “To my knowledge we have had no data breaches,” stated Tim Morris at the Tech Leaders conference in the Blue Mountains west of Sydney on Sunday.

    Morris, the Australian Federal Police force’s Assistant Commissioner for High Tech Crime Operations, was explaining the controversial data retention bill currently before the nation’s Parliament which will require telecommunications companies to keep customers’  connection details – considered to be ‘metadata’ – for two years.

    The bill is fiercely opposed by Australia’s tech community, including this writer, as it’s an expensive   and unnecessary invasion of privacy that will do little to protect the community but expose ordinary citizens to a wide range of risks.

    One of those risks is that of the data stores being hacked, a threat that Morris downplayed with some qualifications.

    As we’re seeing in the Snowden revelations, there are few organisations that are secure against determined criminals and the Australian Federal Police are no exception.

    For all organisations, not just government agencies, the question about data should be ‘do we need this?’

    In a time of ‘Big Data’ where it’s possible to collect and store massive amounts of information, it’s tempting to become a data hoarder which exposes managers to various risks, not the least that of it being stolen my hackers. It may well be that reducing those risks simply means collecting less data.

    Certainly in Australia, the data retention act will only create more headaches and risks while doing little to help public safety agencies to do their job. Just because you can collect data doesn’t mean you should.

    Similar posts:

  • Dispelling the internet of snoops

    Dispelling the internet of snoops

    Last October New York lawyer Michael Price bought a new TV and what he read in the accompanying paperwork disturbed him.

    In “I’m terrified of my new TV: Why I’m scared to turn this thing on” Price described how Samsung’s privacy policy worried him, particularly the way the voice recognition data was handled, “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

    Disgraced former CIA director David Petraeus told a venture capital conference in 2012 that security agencies will track people through their dishwashers and Price pointed out a smart TV listening to a room’s conversations fits Petraeus’ vision nicely.

    At the time of its publication at the end of October Price’s story received some coverage among the information security, privacy and internet of things community then sank until last weekend when a tech site picked it up.

    At that stage, the story took on a new life with media outlets around the world running stories on how Samsung TVs are spying on customers.

    For Samsung the story is was major embarrassment and they were quick to point out they don’t actually collect data.

    To be fair to Samsung, they aren’t alone in having products that can listen to their users; almost every voice activated device has this capability and we can expect everything from smartphones to TVs and connected cars to be able to record voice and, through cameras, our movements.

    The marketing and social media industries, like General Petraeus, are enthusiastic about the surveillance opportunities of these devices; Facebook’s  Share and Discover feature for instance opens the microphone when a user starts typing an update to determine what music is being played.

    In the internet of things, it’s not just a smart TVs microphone that’s a potential problem as pretty much every connected device is generating information that can be used by government agencies, insurance companies and plaintiffs to track hapless users.

    Collecting this data also presents a range of risks beyond subpoenas from government agencies and angry litigants, for the vendors of smart devices there is also the problem of complying with various privacy rules, securely storing customers data and ensuring their business partners also respect user information.

    Samsung tried to manage this risk by adding a ‘don’t say stuff near our TV’ clause in the term and conditions, something that backfired dramatically and illustrates the impossibility of managing risk out of your business.

    While companies will struggle with the legalities of capturing massive amounts of customer data, the public in general have to face the risks of allowing everything from their kettles to their cars collecting information on them.

    The predicament for users is that turning off the ‘smart’ functions – assuming that is possible – remove much of the device’s functionality so the trade off between convenience, security will be a difficult compromise for many people.

    For the Internet of Things industry the task now is to convince the public their devices are trustworthy, stories like the Samsung TV snooping on people isn’t going to help their efforts.

    Similar posts:

    • No Related Posts
  • In tech we trust

    In tech we trust

    “There is a big problem with trust today,” says cable operator Liberty Global’s Micheal T. Fries.

    He was sitting on a fascinating panel at the World Economic Forum this week with Yahoo! CEO Marissa Mayer, Salesforce founder Marc Benioff and World Wide Web creator Tim Berners-Lee looks at the issue of trust in the tech world.

    In a world where everyone wants access to our data, it’s a pertinent and timely discussion from people at the front line of where these issues of ethics and privacy are being dealt with.

    Similar posts:

    • No Related Posts
  • Burning user trust

    Burning user trust

    The Guardian today has a stunning expose on the Whisper social media network and its practice of tracking users.

    In trying to sell its services to the Guardian, the company showed that it was betraying their promises of anonymity to its users.

    Whisper’s behaviour is particularly disgraceful given the service’s promise of user confidentiality and their changing of their terms of service only shows the company’s struggle to understand ethics.

    No social media service can afford to burn user trust in the way Whisper has.

    If you’re going to promise users anonymity and security then you better deliver. Whisper has failed

     

    Similar posts:

    • No Related Posts