Monday, August 10, 2020

TikTok and privacy: What's the problem? Perhaps the video-sharing app gathers too much data

by Jefferson Graham
Credit: Unsplash/CC0 Public Domain

Karen North, a professor of social media at the University of Southern California told her two teenage kids they could have any app on their phones, with one exception.

That would be the controversial, but wildly popular TikTok, which young people love for making quick, funny videos, often set to music.

Her reason: "Because their data is being mined, and the company doesn't have to adhere to our privacy laws."

TikTok is owned by ByteDance, a Chinese company, and should the Chinese communist government demand data be handed over, ByteDance would have no choice but to comply, says North.

(TikTok denies this, and has said repeatedly that it stores data in the U.S. and Singapore, and adds that if asked by the Chinese government to hand over data, that it wouldn't comply.)

After President Donald Trump initially said he would would sign an executive order banning the operation of TikTok in the United States, within days, Microsoft said it would intercede with plans to buy the U.S. operations instead. The company hopes to complete the deal by September.

Trump said Thursday he'll go through with the executive order banning TikTok here if no deal happens within 45 days.

Meanwhile, parents might be wondering what exactly is the problem with TikTok?

Unlike Facebook and Instagram, you're free to watch TikTok videos without registering, which means no data collection. However, if you want to create a video and share it, or comment on someone's video, then you must fork over your personal information, starting with age, phone number and e-mail address.

From there, TikTok freely admits—in the privacy policy on its website—it collects information shared from third-party social network providers, and technical (your location) and behavioral information (what videos you think are funny, how often you watch) "about your use of the Platform. We also collect information contained in the messages you send through our Platform and information from your phone book."

That's a lot.

North says that because China has different privacy laws than here, she's wary about the app. "I would say the same thing about any foreign app," she says. "Angry Birds is from Finland. How are the privacy laws there?"


Might there be a ban on all apps from China? Besides TikTok, which has reaped over 800 million downloads and currently is the no. 5 most downloaded app on Apptopia's charts, WeChat, a WhatsApp like communication program, and QQ, which is also used for direct messages, are both owned by China's Tencent.

In a speech this week, Secretary of State Mike Pompeo said all "untrusted" Chinese apps should be removed from U.S. app stores. "With parent companies based in China, apps like TikTok, WeChat and others are significant threats to the personal data of American citizens," not to mention tools for content censorship, Pompeo said.

The information collected by TikTok is similar to what's gathered by Facebook, but security researcher Patrick Jackson, the chief technology officer of security app Disrupt, says Facebook does more ill things with it, simply because it's so much bigger. Facebook boasts of over 2 billion users.

"The sheer volume of what's collected can't be compared," he says. "What's bigger than using your data to influence an election, which Facebook did in 2016," with the Cambridge Analytica scandal, he asks. That's when users data was tapped by Cambridge for political advertising.

(This week Facebook introduced a TikTok clone for its Instagram app called Reels.)

In an April 2020 blog post, Tik Tok said it was doing everything it could to keep the U.S. data out of Chinese hands. "Our goal is to minimize data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the EU and US."

But there's a different between "minimal" and "none."

Jackson suggests that parents counsel their kids that if they are to use TikTok, only use it to watch videos, so no data can be compiled on them. Additionally, users can opt to have their account be listed as "private," and only select certain friends to gain viewing access.

And North says that if the Microsoft deal goes through, she'll be happy to let her kids download the app.

"They own it, they have the data on U.S. servers and follow U.S. laws, and I'm fine with it," she says.

Microsoft has long been a company that focused on business, with Office 365 software and cloud computing. Online it owns LinkedIn, which fits in with its work-centric mantra, and Skype, which Microsoft tried to transition into more of a business communication device. "Where they need help is with the next generation, young people," says North. "This could get them there."


Explore further US Senate votes to ban TikTok on government phones

(c)2020 USA Today
Distributed by Tribune Content Agency, LLC.
Windows, Gates and a firewall: Microsoft's delicate castle in China
Microsoft arrived in China in 1992 and now employs around 6,200 in the region

Microsoft, which is in talks to buy part of Chinese video app TikTok, is one of the few US tech titans that have managed to succeed in China.


The software giant has kept its business alive in the country by complying with strict local laws, despite the communist nation's wide-reaching censorship.

Here are some key points about the technology and gaming group's operations in the world's second biggest economy.

A pioneer

Microsoft arrived in China in 1992 and opened its largest research and development centre outside the United States. It now employs around 6,200 people in China.

The ubiquitous Windows operating system is used in the vast majority of computers in China—despite Beijing promising in recent years to develop its own operating system. The company's success has a downside, however, as its software is widely pirated.

The important Chinese market, which is very restrictive for foreign firms, represents a drop in the ocean of Microsoft's business, accounting for barely 1.8 percent of its turnover, president Brad Smith said at the beginning of the year.

Microsoft's Bing is one of the few foreign search engines operating in China—although it is far behind its local competitors Baidu and Sogou, which dominate the market.
Microsoft founder Bill Gates is pictured with China's President Xi Jinping during a conference on the southern Chinese resort island of Hainan on April 8, 2013

Bill Gates

Microsoft founder Bill Gates has long embodied a model of success in the eyes of many Chinese people and his books are bestsellers in the country.

President Xi Jinping visited the company's headquarters on a state visit to the US in 2015, where he met with Gates and his wife.

Today, as the head of his humanitarian Bill & Melinda Gates Foundation, the 64-year-old has the prestige of a head of state in Beijing.

In February Xi wrote Gates a letter thanking him for his support during the coronavirus epidemic.

Censorship and control

China censors all subjects considered politically sensitive in the name of stability, and internet giants are urged to block unwanted content online.

Refusing to comply with Beijing's strict demands, American giants Facebook, Twitter, Instagram and YouTube, as well as Wikipedia and several other foreign media, are blocked by China's "great firewall".


Microsoft, however, operates its professional LinkedIn network in the country by complying with the draconian censorship rules through a local joint venture.
After Beijing lifted its ban on console sales, Microsoft was the first foreign firm to break into the video games market in China with its Xbox One console in 2014

Skype and Teams, its other two big platforms, are also available in China.

It's not all smooth sailing though, with Bing temporarily taken offline last year, prompting speculation the search engine had been blocked by censors.

Smith told Fox Business News at the World Economic Forum in Davos that "there are times when there are difficult negotiations with the Chinese government."

The Greatfire.org website, which tracks online censorship in China, accused Bing a few years ago of redacting results containing sensitive information.

Video games

In 2000 Beijing halted the sale of all consoles because of their alleged negative effects on the "mental health" of young users, although they remained available illegally.

After the ban was lifted, Microsoft in 2014 was the first foreign firm to break into the video games market in China with its Xbox One console.

Also in 2014, the Chinese competition authorities opened an anti-monopoly investigation against Microsoft and its Windows software.

Around 100 inspectors raided the group's offices in four Chinese cities, confiscating files and questioning employees.


Explore further Microsoft 'waiting to find out' why Bing went offline in China

© 2020 AFP
30-year-old file format behind MacOS hackby Peter Grad , Tech Xplore
Credit: CC0 Public Domain

A security expert revealed this week that an exploit commonly used against Windows users who own Microsoft Office can sneak into MacOS systems as well.


A former NSA security specialist who addressed the Black Hat security conference this week summarized his research into the new use for a very old exploit.

Patrick Wardle explained that the exploit capitalizes on the use of macros in Microsoft Office. Hackers have long used the approach to trick users into granting permission to activate the macros, which in turn surreptitiously launch malicious code.

But Wardle noted that attacks against Mac systems using such macros began occurring around 2017. In 2018, the internet security company Kaspersky uncovered evidence that North Korean hackers infected a cryptocurrency exchange in what was believed to be the first such assault on a MacOS system. Hackers residing under the world's most repressive regime may have earned up to $2 billion in cryptocurrency hacks, according to a report released why the United Nations last year.

The hacks rely on the use of two additional weak spots, one a nearly 30-year-old file format little used in recent years. While Microsoft Office generally prompts users before a macro is executed, the old SYLK Excel file format (.SLK) does not trigger a prompt. Thus, it can be used to bypass a line of security.

Wardle noted that Microsoft Office handles code for old files differently than code for newer ones.

When researchers alerted Apple to the .SLK vulnerability last year, Wardle said, Microsoft declined to issue a patch, asserting that malicious code would be contained within the secure Microsoft Office sandbox environment.

Wardle, who slyly proclaimed, "Working at the NSA corrupted my mind and filled it with evil ideas," set out to test those boundaries of the sandbox protection. In a matter of days, he found a vulnerability.

By beginning a filename with the "$" character, he learned, a file can break out of the sandbox and avoid detection.

"Security researchers love these ancient file formats because they were created at a time when no one was thinking about security," Wardle told Motherboard.

Microsoft has patched the SYLK vulnerability and says it is communicating with Apple on addressing other issues raised by the research of Wardle and others.

Wardle fears these hacks may be just the tip of the iceberg.

"I was surprised how easy it was," to devise these hacks, Wardle told Wired magazine. "I do have experience doing this, but it would be arrogant for me to think that well-resourced hacker groups aren't looking at this and don't have similar talents, if not more so. It's a very broad attack vector. Sufficiently resourced and clever hackers will find ways to gain access and persist on Mac systems."

Dutch researcher Stan Hegt, who uncovered the SYLK macro vulnerability, praised Wardle's research but also cautioned there likely are more problems to come.

"The fact that he's now built a full exploit chain definitely proves a point," said Hegt. "I'm pretty sure if you dig deep in Office, especially on Macs, there's more" troublesome issues to uncover.


Explore further When ok is not ok: Security presenter talks about synthetic clicks
Twitter, TikTok discuss potential combination: WSJ

President Donald Trump set a September 15 deadline for Chinese-owned TikTok to be acquired by an American company

Twitter is in preliminary discussions for a possible combination with TikTok, the Wall Street Journal reported Saturday, after US President Donald Trump said he would ban the app, calling it a threat to national security.

Trump declared Thursday that the popular Chinese video app TikTok and social network WeChat "threaten the national security, foreign policy, and economy of the United States."

In an executive order, Trump gave Americans 45 days to stop doing business with the platforms, effectively setting a deadline for a sale of TikTok by its Chinese parent firm ByteDance.

He has also demanded that a significant portion of the sale go to the US Treasury.

Microsoft has been the primary suitor for TikTok, saying it was in talks to buy the company's US, Canada, Australia and New Zealand operations.

The Financial Times reported Thursday that Microsoft has expanded negotiations and was now after the app's entire global operations.

As a smaller company, Twitter would have a long-shot bid for TikTok, but the social media platform believes it would come under less antitrust scrutiny than larger corporations such as Microsoft, the WSJ said, citing people familiar with the talks.

Twitter, however, would likely need the support of other investors to complete the combination.

While Twitter does allow for the sharing of videos, most posts contain short text messages and photos or GIFs.

In 2012 Twitter acquired the platform Vine, which allowed users to share short videos, but shut down the service in 2016.


Explore further Trump order targets Chinese internet stars TikTok, WeChat
Final canister of nuclear waste transferred to storage facility at San Onofre

by Rob Nikolewski, The San Diego Union-Tribune
Credit: CC0 Public Domain

It took 32 months to complete but the transfer operations that moved canisters filled with spent radioactive fuel, or waste, from wet storage pools to a newly constructed dry storage facility at the San Onofre Nuclear Generating Station wrapped up Friday.

Shortly before 5 a.m., workers lowered the 73rd and final canister into its assigned enclosure at the north end of the plant, known as SONGS for short.

At commercial nuclear plants, after fuel used to generate electricity loses its effectiveness, operators place the assemblies in a metal rack that is lowered into a pool, typically for about five years. Once cooled, the fuel can be transferred to a dry storage facility, which is generally considered a safer place for it.

Officials Southern California Edison, the operator at SONGS, said completing the transfers is a key part of the company's eight-year plan to dismantle most of the structures at the plant, which has not produced power since 2012 and is being decommissioned.

"The safe completion of this storage campaign ... ends the largest canister loading campaign ever in the U.S.," Vince Bilovsky, Edison's deputy decommissioning officer, said in an email. "But our work won't truly be done until all canisters at SONGS are relocated off-site to a federally licensed storage or disposal facility."

Longtime critics of Edison were not cheering the news, though.

"It's a sad day," said Ray Lutz, national coordinator for the advocacy group Citizens' Oversight. "People say, well, (the waste issue) is fine right now and we'll deal with it later. But this is what they've said ever since they started this nuclear industry—we'll figure it out later, the five favorite words."

Transfer operations at SONGS began in January 2018 but seven months later, one of the 50-ton canisters was accidentally left suspended while being lowered into its storage cavity. Resting almost 20 feet from the floor, the canister was left perched on an inner-ring of the cavity for about 45 minutes, unsupported by rigging and lifting equipment.

The canister was eventually lowered safely and Edison officials said workers and the public were in no danger if the canister had fallen. The incident, which came to light after an industrial safety worker came forward six days later at a public meeting, led to a special inspection by the U.S. Nuclear Regulatory Commission.


The commission later fined Edison $116,000 and chided the company for failing "to establish a rigorous process to ensure adequate procedures, training and oversight guidance."

Edison and its chief contractor, Holtec International, instituted a series of enhanced safety and work protocols to ensure another "near-miss" did not occur and after suspending all transfers for 11 months, it resumed moving the canisters in July 2019.

Since then, 44 canisters have been transferred at SONGS, with No. 73 on Friday marking the final move via slow-moving transporters. Another 50 canisters sit in a separate dry storage facility nearby. All told, there are 3.55 million pounds of used-up fuel at the plant, located between the San Onofre Beach and Interstate 5.

As thorny as the transfer operations were, a more complicated issue remains: How long the canisters at SONGS will stay there.

SONGS is not unique. About 80,000 metric tons of waste from commercial nuclear plants are stored across the country—121 sites in 35 states—because the federal government has not constructed a repository to store any of it.

"Our commitment remains ensuring spent nuclear fuel is safely stored and that it can be transported to an off-site facility in the future," Doug Bauder, Edison's chief nuclear officer, said in a statement.

About $15 billion has been spent to construct the Yucca Mountain site in the Nevada desert but shortly before it was scheduled to open, the Obama administration cut off funding, heeding calls from then-Senate Majority Leader Harry Reid, D-Nev., and other elected officials in the Silver State long opposed to the facility.

Some in Congress have called for reopening Yucca and the Trump administration had proposed spending $120 million to look into re-licensing the site but President Donald Trump earlier this year reversed course, saying in a tweet, "Nevada, I hear you on Yucca Mountain."

In recent years, discussion has turned to finding alternate, "interim" sites to store waste from SONGS and other nuclear plants.

A recently passed spending package in the U.S. House of Representatives included $27.5 million to develop a "robust" interim storage program. Rep. Mike Levin, D-Calif., has called for establishing a set of federal guidelines that would put waste at sites like San Onofre—with large populations and in areas with earthquake hazards—at the top of the list once a storage facility becomes available.

Two private companies have applied to build interim facilities but whether those sites will actually be constructed is an open question.

One of the potential sites is in southeastern New Mexico—a partnership between Holtec and a group called the Eddy-Lea Energy Alliance that proposes to store as many as 10,000 canisters and boost the area's economy. The group is seeking a 40-year license from the NRC. But last month, New Mexico Gov. Michelle Lujan Grisham reiterated her opposition to the project in a letter to Trump, saying, "the risks for New Mexicans, our natural resources and our economy are too high."

The other possible site is near the West Texas town of Andrews. A company called Waste Control Specialists has formed a partnership to expand an already existing facility and store as much as 40,000 metric tons spent fuel. The NRC has issued an initial recommendation to license the site but opponents vow to fight final approval.

Levin assembled a task force that in June released some 30 recommendations, including establishing a federal Nuclear Waste Administration aimed at creating a better process to find sites for the nation's spent fuel stockpile.

Following an out-of-court settlement that Lutz was involved in, Edison created an expert panel of experts to look at destinations for SONGS waste. Early next year, Edison intends to release the findings of a strategic plan for possible storage sites "as well as make sure that our fuel is ready for pick up when the opportunity presents itself," Bauder said.

When the eight-year dismantlement effort at SONGS is complete, all that will remain will be the dry storage sites; a security building with personnel to look over the waste; a seawall 28 feet high, as measured at average low tide at San Onofre Beach; a walkway connecting two beaches north and south of the plant and a switch-yard with power lines.

The distinctive 200-feet-high twin domes that loom over Interstate 5 are scheduled to come down between late 2025 and 2027.


Explore further Proposal advances to store nuclear waste in New Mexico

©2020 The San Diego Union-Tribune
Distributed by Tribune Content Agency, LLC.

Pentagon offers military airwaves for 5G wireless networks

Credit: CC0 Public Domain

THE PENTAGON IS GOING TO FREE UP PUBLIC AIR WAVES THEY SEIZED AND OCCUPIED 

The Pentagon plans to free up a big chunk of its military airwaves in the U.S. for high-speed internet service, part of a broader push to get ahead of China in the deployment of 5G wireless technology.


The Trump administration announced Monday that it has identified radio spectrum used for radar defense systems that can be shared with commercial telecommunications providers without compromising national security.
5G is a new technical standard for the "fifth generation" of wireless networks that promises faster speeds; less lag, or "latency," when connecting to the network; and the ability to connect many devices to the internet without bogging it down. 5G networks will ideally be better able to handle more users, lots of sensors and heavy traffic.

But a June report by the Congressional Research Service said there aren't as many frequencies available for 5G technology in the U.S. compared to other countries because the American military holds so much of the usable spectrum. That's in contrast to China, which has been investing in building out networks using these less-expensive bands.

White House officials said that the Federal Communications Commission will be able to auction 100 megahertz of "mid-band" spectrum beginning in December 2021 for use as soon as mid-2022. It has previously been used for shipboard and airborne radar systems.

"This band has the ideal characteristics for 5G deployment—to travel long distances to ensure that all Americans have access to the network, while delivering ultra-fast and high performance that will power technologies in the future," said Michael Kratsios, the U.S. chief technology officer.

Wireless industry trade group CTIA applauded the move Monday.

"Opening up this critical block of mid-band spectrum for full power commercial operations will enhance U.S. competitiveness in the 5G ecosystem," said a statement from Meredith Attwell Baker, the trade association's CEO.


Explore further Explainer: The promise of 5G wireless - speed, hype, risk

© 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
shares
Tech titans say Trump block on worker visas harms US
US tech firms argue in a court filing that President Donald Trump's visa restrictictions would backfire by leading to more jobs going offshore

Amazon, Apple and Facebook are among tech industry titans and organizations signing onto a court filing saying US President Donald Trump's move blocking visas for skilled workers hurts the country.

The brief was filed in federal court Monday in support of a suit by the US Chamber of Commerce and trade groups against a proclamation issued by Trump in June halting visas for various categories of guest workers including highly skilled talent sought by tech firms.

"The president's suspension of nonimmigrant visa programs, supposedly to 'protect' American workers, actually harms those workers, their employers, and the economy," the brief backed by more than 50 tech firms and organizations argued.

"Beyond the overwhelming data undermining the proclamation's purported rationale, the administration's actions send a fundamentally un-American message to those abroad who might otherwise have brought their skills and ingenuity to the United States."

Trump's proclamation suspended a group of non-immigrant visa programs, including H-1B visas relied on by many technology firms to bring in engineers.

The suspension is to last through this year and as long after "as necessary" under the justification of making jobs available to citizens amid economic disruption caused by the pandemic, according to the filing.

Evidence, however, overwhelmingly indicates that suspension of the visa programs will "stifle innovation, hinder growth, and ultimately harm US workers, businesses, and the economy more broadly in irreparable ways," the filing argued.

Rather than safeguarding jobs for US citizens, the proclamation "all but ensures" firms will need to hire abroad essentially moving jobs to other countries, the companies said.

Tech industry competitors in Canada, China, India and other countries are "pouncing on the opportunity" to attract skilled workers being shunned by the US, the filing contended.

"Predictably, other countries are poised to benefit from the US's wholesale suspension of nonimmigrant visas, the filing argued.

"Global competitors are aggressively updating their immigration systems to attract skilled workers."

Others joining the petition included Microsoft, Twitter, Uber and several trade groups for the tech sector including the Information Technology Industry Council.


Explore further US suspends fast-track processing for highly skilled H-1B visa
Uber calls for new deal for 'gig economy' workers

Uber CEO Dara Khosrowshahi is calling for a new deal for gig workers that requires platforms like Uber to pay into a fund for benefits, while maintaining independent contractor status

Uber outlined proposals Monday for a new type of relationship with "gig" workers, including its own drivers, that would keep them as independent contractors but with some guaranteed benefits.
The ride-hailing giant described "a new model for independent platform work" in an 18-page document it hopes can be used as blueprint for Uber and similar firms relying on independent workers.

The move comes with Uber and other firms facing legal pressure to comply with a California law that would require its drivers to be classified as employees, eligible for unemployment, medical and other benefits.

Uber has backed a referendum in the state to overturn the law, while pledging to provide benefits for a social safety net that would keep gig workers independent.

Uber has argued that most of its drivers want to remain independent even if they also are looking for benefits.

The company seeks "to deliver certainty for millions of independent contractors who will increasingly rely on independent work to help them face the economic challenges that lie ahead," Uber said in its document.

"The current health and economic crisis has brought into sharp focus the need for everyone, regardless of their employment status, to be able to find good quality, rewarding work; be able to work in the way they choose; and have access to adequate social protections and benefits."

Uber proposed that gig economy companies be required to establish "benefits funds," allowing gig workers to accrue and use the money for benefits or paid leave.

Chief executive Dara Khosrowshahi, writing in the New York Times, said that the current employment system "is outdated and unfair" and "forces every worker to choose between being an employee with more benefits but less flexibility, or an independent contractor with more flexibility but almost no safety net."

He added: "Uber is ready, right now, to pay more to give drivers new benefits and protections. But America needs to change the status quo to protect all workers, not just one type of work."

Uber's move comes with its business model under threat from efforts in California and elsewhere to classify its drivers as employees.

The company argues that such a requirement would leave jobs only for a small fraction of its drivers and that costs would become more expensive.

"Uber would not be as widely available to riders, and drivers would lose the flexibility they have today if they became employees," Khosrowshahi wrote.

"The vast majority of drivers have said they don't want to be employees because of how much they value flexibility."

© 2020 AFP
How the shady world of the data industry strips away our freedoms
by Uri Gal, The Conversation
Credit: Shutterstock

The recent questioning of the heads of Amazon, Facebook, Google, and Apple in the US Congress has highlighted the threat their practices pose to our privacy and democracy.


However these big four companies are only part of a vast, sophisticated system of mass surveillance.

In this network are thousands of data brokers, ad agencies and technology companies—some of them Australian. They harvest data from millions of people, often without their explicit consent or knowledge.

Currently, this includes data related to the COVID-19 pandemic. For instance, data giant Palantir has provided lab test results and emergency department statuses to the US Centers for Disease Control and Prevention.

How much do they know?

Data companies gather data about our online activity, location, DNA, health and even how we use our mouse. They use a range of techniques, such as:
web-trackers planted on almost every page on the internet, which follow our browsing activity
"smart" home devices leaking details of our usage habits and location
millions of mobile apps sending our data to unknown third parties, including sensitive information such as when we last had sex
millions of retailers tracking our purchasing habits and in-store movements.

This expansive tracking generates billions of data points that can reveal every facet of our lives including our family status, income, political affiliation, interests, friendships and sexual orientation.


Data companies use this information to compile detailed individual consumer profiles. These are used for purposes such as targeting us with ads, determining our eligibility for loans and assessing the riskiness of our lives.

The data industry in Australia

Some of the world's largest data companies operate in Australia. Quantium is an Australian data analytics firm that acquires data from various partners including NAB, Qantas, Woolworths (which owns 50% of the company) and Foxtel.

These partnerships allow Quantium to "tap into the consumer data ecosystem with an unrivaled picture of the behaviors of more than 80% of Australian households, spanning banking, household and retail transactions."

A company spokesperson told The Conversation most of its work is "data science and AI (artificial intelligence) work with first-party de-identified data supplied by the client." From this, Quantium delivers "insights and AI/decision support tools" for clients.

Anonymised or "de-identified" data can still be accurately re-identified. Even if a person's details are de-identified by being converted to an alphanumeric code, the conversion method is identical across most companies.

Therefore, each code is unique to an individual and can be used to identify them within the digital data ecosystem.

A lack of transparency

With a revenue of more than US$110 million last year, the insights from Quantium's data seem to be proving valuable.

From this revenue, more than A$61 million between 2012 and 2020 came from projects commissioned by the Australian government. This includes two 2020 engagements:
a "COVID-19 Data Analytics" project worth more than A$10 million with a contract period from March 17, 2020 to December 31, 2020
a "Quantium Health Data Analytics" project valued at more than A$7.4 million with a contract period from July 1, 2020 to June 30, 2021.

Quantium's spokesperson said they could not discuss the details of the contracts without government approval.

In the past decade, the Australian government has commissioned dozens of projects to other data analytics firms worth more than A$200 million.

These include a A$13.8 million Debt Recovery Service project with Dun & Bradstreet and a A$3.3 million National Police Checks project with Equifax – both started in 2016. It's unclear what and how much data has been shared for these projects.

Last year, Quantium was one of several larger companies put on notice by Australia's consumer watchdog for sharing data with third parties without consumers' knowledge or consent.

How do they work?

Data companies largely operate in the shadows. We rarely know who has collected information about us, how they use it, whom they give it to, whether it's correct, or how much money is being made by it.

LiveRamp (formerly Acxiom) is a US-based company partnered with Australia's Nine Entertainment Co. This partnership allows the Nine Network to give marketers access to online and offline data to target consumers across Nine's digital network.

This data may include the Australian electoral roll, to which LiveRamp gained access last year.

Similarly, Optum is a US-based health data company that collects information from hospital records, electronic health records and insurance claims.

It has data on more than 216 million people and used this to develop a predictive algorithm that was shown to discriminate against black patients.

Compromising our democracy

The prevalence, scope and stealth of the abovementioned data practices are not congruent with the basic principles of a liberal democracy.

According to philosopher Isaiah Berlin, liberal democracies can only thrive if they have autonomous citizens with two types of freedoms:
freedom to freely speak, choose and protest
freedom from undue inspection and intervention.

Our data-driven world signals an extreme diminishing of both these freedoms. Our freedom of choice is harmed when our informational environments are doctored to nudge us towards behaviors that benefit other parties.

Our private space is all but gone in a digital environment where everything we do is recorded, processed and used by commercial and governmental entities.

How can we protect ourselves?

Although our ability to disconnect from the digital world and control our data is eroding rapidly, there are still steps we can take to protect our privacy.

We should focus on implementing legislation to protect our civil liberties. The Australian Consumer Data Right and Privacy Act stop short of ensuring the appropriate data protections. The Australian Competition and Consumer Commission highlighted this in its 2019 report.

In 2014, the US Federal Trade Commission recommended legislation to allow consumers to identify which brokers have data about them—and that they be able to access it.

It also recommended:
brokers be required to reveal their data sources
retailers disclose to consumers that they share their data with brokers
consumers be allowed to opt out.

If we care about our freedoms, we should try to ensure similar legislation is introduced in Australia.


Explore further
Cyberspace is critical infrastructure, and it will take effective government oversight to make it safe
by Francine Berman, The Conversation
Credit: CC0 Public Domain

A famous 1990s New Yorker cartoon showed two dogs at a computer and a caption that read "On the Internet, nobody knows you're a dog." The cartoon represents a digital past when people required few safeguards on the internet. People could explore a world of information without having every click tracked or their personal data treated as a commodity.

The New Yorker cartoon doesn't apply today. Not only do your browser, service provider and apps know you're a dog, they know what breed you are, what kind of dog food you eat, who your owner is and where your doghouse is. Companies are parlaying that information into profit.

Legal and regulatory protections in cyberspace have not kept up with the times. They are better suited to the internet of the past than the present. Today's dependence on the internet has thrust society into a new era, making effective public protections critical for a healthy cyberspace.

The COVID-19 pandemic has made cyberspace critical infrastructure. When schools, stores, restaurants and community gathering places closed, the U.S. went online and digital technologies became the primary platform for education, grocery delivery, services and many workplaces.

In the last four months, I've attended a Zoom funeral, a Zoom wedding and taken ballet classes online. This fall I'll teach online. Many of the shifts from on-site to online are here to stay, and I predict the "new normal" will put much more emphasis on interacting in cyberspace.

This creates new urgency for public protections. As former head of a national Supercomputer Center and a data scientist, I've seen that digital exploitation of personal information is the pandemic in cyberspace. It puts individuals and society at risk.

The need for government action

Public leadership is needed to solve this public problem. But for the most part, the federal government has left the private sector to regulate itself. Today, data is a commodity, and relying on the fox to guard the henhouse has not brought the needed protections.

Evidence of digital exploitation is everywhere. Online dating services Grindr, Tinder and OKCupid share personal data on sexual orientation and location with advertisers. Commercial data brokers sell lists of "dementia sufferers" and "Hispanic payday loan responders" to predators and others. Cambridge Analytica used personal information to manipulate a presidential election. Before public outcry, Zoom handed over user information to Facebook. High school students, peaceful protesters and others have become targets of mass surveillance and facial recognition.


Experiences with data protection regulation in Europe and California demonstrate that getting protections right is complicated and politically fraught, and many people have little confidence in government protection or effectiveness. But with cyberspace serving as public infrastructure, I believe safeguards must come from the public sector.

Regulating protections

So what needs to be done? Political leaders can initiate digital reforms by enacting effective legislation and empowering independent oversight agencies. Federal efforts to safeguard Americans in other areas provide a blueprint: The Health Insurance Portability and Accountability Act protects private health information. The Occupational Safety and Health Administration mandates protective gear to keep workplaces safe. The Food and Drug Administration works to ensure that drugs are safe to ingest.

In these instances, government stepped in because industry could or would not, and companies in these sectors conform to government expectations for public protections or pay a price.

Cyberspace needs the same strategies. Multiple bills in the 116th Congress could provide a baseline for federal digital reforms.

The most comprehensive of the bunch, according to the Electronic Privacy Information Center, is Reps. Eshoo and Lofgren's Online Privacy Act. This bill would promote individuals' rights to access, control and delete personal data. Sen. Gillibrand's Data Protection Act would create an independent Data Protection Agency, needed to monitor and enforce public protections. Sen. Markey's Facial Recognition and Biometric Technology Moratorium Act would ban federal use of facial recognition technology.

Despite the urgency of enacting privacy protections in the wake of COVID-19, Congress has yet to hold hearings, invite experts or seek public comment on these bills.

First steps

Passing legislation now is important because building healthy digital infrastructure takes time. Legislation and policy are only the first step. When digital reforms are enacted, technology companies will need to design new protections into existing and next-generation digital products, services, protocols and algorithms. This could change the software architectures of everything from baby monitors to Fitbits to Facebook.

Digital protections will need to be monitored and effectively enforced by independent federal agencies. They will impact business models in Silicon Valley and the marketplace for information. They will constrain the way the private sector deploys surveillance technologies, accumulates huge personal digital profiles and exploits data.

With unconstrained digital exploitation, the privacy and safety of cyberspace will continue to erode and with it the social fabric. Digital reform is the basis for a healthy cyberspace where users control what personal data is collected and how it is used, where digital products and services meet standards for privacy, safety and security, and where individuals can opt out and still function without commercial penalty.

Cyberspace can function as critical infrastructure only when it's safe for everyone. Federal digital reforms are stuck in committee; redesigning cyberspace for protections later will limit effectiveness. Safeguards must be incorporated into today's and tomorrow's digital products now, including new surveillance technologies and AI. Congress must take the lead to effectively contain the digital exploitation pandemic and make cyberspace safe for the public.

Explore furtherActivists push to curb 'data discrimination' in US legislation

Provided by The Conversation

This article is republished from The Conversation under a Creative Commons license. Read the original article.
6 shares