Tag: surveillence

The science of money and data mining

The use of data mining by private and government agencies is widespread and only going to become more so. Do we care about the consequences?

Last week I wrote a piece for Fairfax Metro – the Sydney Morning Herald and Melbourne Age – looking at how government agencies and private credit companies are mining data.

That story sparked a range of interest with my doing a twenty minute segment on ABC Brisbane today on the topic which morphed into a deeper discussion on surveillance, particularly with the Australian government’s ‘metadata’ laws.

I’ll also be talking on ABC Radio Perth on Monday, March 6 about this story at 6.15am local time (9.15am Sydney and Melbourne).

In the wake of the Australian government’s Centrelink scandala national disgrace that is only getting worse – it’s worthwhile discussing exactly what data is being gathered and how it is being used.

The answer is almost everything with commercial operators like Experian pulling in data from sources ranging from credit card applications to social media services although store loyalty cards remain the richest information source.

As the Australian Tax Office spokesperson pointed out, none of this is particularly new as they have been collecting bank deposit data since the Federal government introduced income taxes in the 1930s.

The arrival of computers in 1960s changed the scale and scope of tax offices’ abilities to track citizens’ finances and gave rise to the major commercial credit bureaus.

With the explosion of personal electronics and internet connected devices in recent years along with increased surveillance powers being granted to government and private agencies, that monitoring is only going to grow.

The best citizens can expect is to have their data protected and respected with financial providers only using what is ethical and relevant in determining our access to banking and insurance products.

Politically the only way to ensure that is to make it clear through the ballot box, the question is do we care enough?

Similar posts:

The messy business of metadata

At present we’ve defined metadata too broadly and private information too narrowly which allow governments and businesses to overreach

“We kill people based on metadata,” former US National Security Agency director Michael Hayden told a panel at John Hopkins University last year.

That statement brings sharply into focus the current Australian debate about Telcos being mandated to retain metadata. This information is powerful and can be used in ways not expected by the community.

How metadata is used depends upon how it is defined; one of the worrying parts of the Australian debate is just how nebulous the definition of ‘metadata’ is.

Defining metadata

The basic definition of metadata is that it is ‘data about data’, every packet of data that’s transmitted across the internet is wrapped in information to help the network deliver it to its intended location in a useful form.

Strictly speaking this is where the glib ‘address on the envelope’ line so beloved by clueless politicians promoting data retention comes in; this information is useful but not private as anyone can see it.

That view underlies the defining metadata case, the 1979 US Supreme Court’s Smith v Maryland case, that held telephone numbers are not private information as they’ve been disclosed to the phone company.

Metadata everywhere

With the rise of digital technologies, metadata became much more than just phone numbers and addresses; digital cameras encode photographs with EXIF information that includes details of the date, time camera, shutter speed, focal length and increasingly the location where the photo was taken.

The smartphone you might take that photo with is logging into base stations which telcos are tracking, this is one of the applications law enforcement agencies regularly use to catch criminals, and increasingly near field communications like BlueTooth are being logged by everything from toll gates to bus shelters to track phone usage.

Every email sent has dozens of lines of metadata describing the servers, routing and software used in sending it. Only a tiny fraction of a Twitter message is the 140 character content, the rest is metadata.

This site has hundreds of lines of metadata to tell your browser how to display it and your browser itself is storing dozens of cookies that tell other sites where you’ve been – all of this is metadata.

When we add the Internet of Things to the metadata debate things get even more complex. As home devices, smartcars and wearable technology generating packets of data, it becomes far easier for governments and private enterprise to stitch together a complete picture of an individual even without looking at the actual content of the packets.

The risks for service providers

As Australian ISP iiNet raised in an excellent submission to the Senate committee on data retention, collecting all of this data creates costs and risks for service providers as they have to store, manage and protect massive amounts of data.

Most of that data will never be looked at, but agencies want the information stored because they can. The bizarre thing is that under Australian law, specifically section 313 of the Telecommunications Act, is that a public servant – not just a a law enforcement officer – only has to ask for the information.

For most people the dangers of government surveillance are remote however all of this information is also available to private organisations ranging from health insurers to credit checking bureaus; the real debate is just how much data do we want others to have on our private lives.

At present we’ve defined metadata too broadly and private information too narrowly.

What’s notable in every discussion about increasing government or police powers is the mantra of getting the laws to catch up with technology.

In the case of metadata it may well be the definition of individual rights has to catch up with modern technology, not the powers of government.

Similar posts:

2014 – the year privacy and security will be defined

Security will be the big technology story of 2014

Happy New Year – 2013 might have been a disappointing year for tech, but for many it was a weird, wild roller coaster ride. Hopefully that ride is going to result in some very interesting destinations in 2014.

It’s tempting to make predictions about 2014 and wise heads prefer not to – what I’d refer to is a failed prediction from 2011, that that year would be remembered as the year of the security breach.

That was wrong. 2012 was worse and 2013 continued the trend of ever increasing corporate glitches and finished the year with two massive security breaches at Target and Snapchat. 2014 promises to be a year when the stakes become higher.

And then there were Edward Snowden’s revelations. Everyone who’s worked in or reported on the tech sector knew security agencies had the ability to snoop on the data of anyone they thought might be of interest, but few of us thought they would have engaged on such massive sweeps of the planet’s personal and business data.

Snowden’s leaks and the fallout from them have a long way to play out and the big story is going to be how the US justice system reacts to the creation of a surveillance state.

In countries like Australia that lack the US’ constitutional protections, fighting the constant spying of government agencies is probably a lost cause unless an economic collapse sees the authorities running out of money to operate their comprehensive monitoring programs.

What we can be certain of in light of ongoing privacy breaches by governments and businesses that the technology world is going to obsessed about security. That’s probably going to be the big, ongoing story for 2014, even if the mainstream media outlets focus on big TVs and the latest smartphone.

So Happy New Year and play nice on the internet. The Feds are watching.

Similar posts: