Placeholder Content Image

Why do organisations still struggle to protect our data? We asked 50 professionals on the privacy front line

<div class="theconversation-article-body"> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p>More of our personal data is now collected and stored online than ever before in history. The rise of data breaches should unsettle us all.</p> <p>At an individual level, data breaches can compromise our privacy, cause harm to our finances and mental health, and even enable identity theft.</p> <p>For organisations, the repercussions can be equally severe, often resulting in major financial losses and brand damage.</p> <p>Despite the increasing importance of protecting our personal information, doing so remains fraught with challenges.</p> <p>As part of a <a href="http://www.doi.org/10.25910/psq3-q365">comprehensive study</a> of data breach notification practices, we interviewed 50 senior personnel working in information security and privacy. Here’s what they told us about the multifaceted challenges they face.</p> <h2>What does the law actually say?</h2> <p>Data breaches occur whenever personal information is accessed or disclosed without authorisation, or even lost altogether. <a href="https://www.abc.net.au/news/2024-06-20/optus-hack/104002682">Optus</a>, <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">Medibank</a> and <a href="https://www.afr.com/technology/canva-criticised-after-data-breach-exposed-139m-user-details-20190526-p51r8i">Canva</a> have all experienced high-profile incidents in recent years.</p> <p>Under Australia’s <a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/">privacy laws</a>, organisations aren’t allowed to sweep major cyber attacks under the rug.</p> <p>They have to notify both the regulator – the Office of the Australian Information Commissioner (OAIC) – and any affected individuals of breaches that are likely to result in “<a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/#:%7E:text=Whether%20access%20or%20disclosure%20would%20be%20likely%2C%20or%20would%20not%20be%20likely%2C%20to%20result%20in%20serious%20harm%2D%2Drelevant%20matters%20%C2%A0">serious harm</a>”.</p> <p>But according to the organisational leaders we interviewed, this poses a tricky question. How do you define serious harm?</p> <p>Interpretations of what “serious harm” actually means – and how likely it is to occur – vary significantly. This inconsistency can make it impossible to predict the specific impact of a data breach on an individual.</p> <p>Victims of domestic violence, for example, may be at increased risk when personal information is exposed, creating harms that are difficult to foresee or mitigate.</p> <h2>Enforcing the rules</h2> <p>Interviewees also had concerns about how well the regulator could provide guidance and enforce data protection measures.</p> <p>Many expressed a belief the OAIC is underfunded and lacks the authority to impose and enforce fines properly. The consensus was that the challenge of protecting our data has now outgrown the power and resources of the regulator.</p> <p>As one chief information security officer at a publicly listed company put it:</p> <blockquote> <p>What’s the point of having speeding signs and cameras if you don’t give anyone a ticket?</p> </blockquote> <p>A lack of enforcement can undermine the incentive for organisations to invest in robust data protection.</p> <h2>Only the tip of the iceberg</h2> <p>Data breaches are also underreported, particularly in the corporate sector.</p> <p>One senior cybersecurity consultant from a major multinational company told us there is a strong incentive for companies to minimise or cover up breaches, to avoid embarrassment.</p> <p>This culture means many breaches that should be reported simply aren’t. One senior public servant estimated only about 10% of reportable breaches end up actually being disclosed.</p> <p>Without this basic transparency, the regulator and affected individuals can’t take necessary steps to protect themselves.</p> <h2>Third-party breaches</h2> <p>Sometimes, when we give our personal information to one organisation, it can end up in the hands of another one we might not expect. This is because key tasks – especially managing databases – are often outsourced to third parties.</p> <p>Outsourcing tasks might be a more efficient option for an organisation, but it can make protecting personal data even more complicated.</p> <p>Interviewees told us breaches were more likely when engaging third-party providers, because it limited the control they had over security measures.</p> <p>Between July and December 2023 in Australia, there was an increase of <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2023">more than 300%</a> in third-party data breaches compared to the six months prior.</p> <p>There have been some highly publicised examples.</p> <p>In May this year, many Clubs NSW customers had their personal information potentially <a href="https://www.rimpa.com.au/resource/more-than-a-million-australian-data-records-potentially-exposed-in-nsw-club-and-pub-data-breach.html#:%7E:text=Outabox%2C%20the%20IT%20services%20provider,and%20has%20notified%20law%20enforcement">breached</a> through an attack on third-party software provider Outabox.</p> <p>Bunnings suffered a <a href="https://australiancybersecuritymagazine.com.au/bunnings-customer-data-compromised/">similar breach</a> in late 2021, via an attack on scheduling software provider FlexBooker.</p> <h2>Getting the basics right</h2> <p>Some organisations are still struggling with the basics. Our research found many data breaches occur because outdated or “legacy” data systems are still in use.</p> <p>These systems are old or inactive databases, often containing huge amounts of personal information about all the individuals who’ve previously interacted with them.</p> <p>Organisations tend to hold onto personal data longer than is legally required. This can come down to confusion about data-retention requirements, but also the high cost and complexity of safely decommissioning old systems.</p> <p>One chief privacy officer of a large financial services institution told us:</p> <blockquote> <p>In an organisation like ours where we have over 2,000 legacy systems […] the systems don’t speak to each other. They don’t come with big red delete buttons.</p> </blockquote> <p>Other interviewees flagged that risky data testing practices are widespread.</p> <p>Software developers and tech teams often use “production data” – real customer data – to test new products. This is often quicker and cheaper than creating test datasets.</p> <p>However, this practice exposes real customer information to insecure testing environments, making it more vulnerable. A senior cybersecurity specialist told us:</p> <blockquote> <p>I’ve seen it so much in every industry […] It’s literally live, real information going into systems that are not live and real and have low security.</p> </blockquote> <h2>What needs to be done?</h2> <p>Drawing insights from professionals at the coalface, our study highlights just how complex data protection has become in Australia, and how quickly the landscape is evolving.</p> <p>Addressing these issues will require a multi-pronged approach, including clearer legislative guidelines, better enforcement, greater transparency and robust security practices for the use of third-party providers.</p> <p>As the digital world continues to evolve, so too must our strategies for protecting ourselves and our data.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/236681/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, Professor, Head of the Discipline of Accounting, Governance and Regulation, University of Sydney Business School, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, Researcher, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, Associate professor, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p><em>Image credits: Shutterstock </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/why-do-organisations-still-struggle-to-protect-our-data-we-asked-50-professionals-on-the-privacy-front-line-236681">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

Australia to introduce new "gold standard" in ID verification

<p>The Australian government is set to introduce a new "gold standard" in ID verification that will protect valuable information from potential data leaks. </p> <p>Government Services Minister Bill Shorten will is set to use his address to the National Press Club on Tuesday to announce the national Trust Exchange, or TEx program, which is currently at the “proof-of-concept stage”, and is slated to be rolled out at the end of the year. </p> <p>The program will connect to a user's MyGov Wallet or digital ID without the need to hand over any documents, allowing businesses to verify your identity using a government-issued QR code.</p> <p>The QR codes could be used for job applications, hotel bookings, or entry into a pub or RSL clubs, eliminating the need to hand over physical driver's licenses or passports.</p> <p>The technology will store information such as someone’s date-of-birth, address, citizenship, visa status, qualifications, occupational licences or working with children check, and other information already held by the government.</p> <p>"Services Australia is partnering with other government systems to develop TEx which would give Australians the ability to verify their identity and credentials based on official information already held by the Australian Government," Shorten is set to say in his National Press Club speech.</p> <p>"That means sharing only the personal information to get the job done, and in some cases, not handing over any personal information at all."</p> <p>“You control what details are exchanged. You then have in your wallet a record of sharing, say, your passport and trade certificate with your employer.”</p> <p>Shorten will say codes "digitally shake hands with your myGov wallet," leaving you with a record in your account of what you shared, and who you shared it with.</p> <p>"All that has been exchanged has been a digital 'thumbs up' from the Government that you are who you say you are," Shorten will say.</p> <p><em>Image credits: Shutterstock </em></p>

Legal

Placeholder Content Image

Worried your address, birth date or health data is being sold? You should be – and the law isn’t protecting you

<div class="theconversation-article-body"><em><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>Australians don’t know and can’t control how data brokers are spreading their personal information. This is the core finding of a newly <a href="https://www.accc.gov.au/system/files/Digital-platform-services-inquiry-March-2024-interim-report.pdf">released report</a> from the Australian Competition and Consumer Commission (ACCC).</p> <p>Consumers wanting to rent a property, get an insurance quote or shop online are not given real choices about whether their personal data is shared for other purposes. This exposes Australians to scams, fraud, manipulation and discrimination.</p> <p>In fact, <a href="https://www.accc.gov.au/media-release/consumers-lack-visibility-and-choice-over-data-collection-practices">many don’t even know</a> what kind of data has been collected about them and shared or sold by data firms and other third parties.</p> <p>Our privacy laws are due for reform. But Australia’s privacy commissioner <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">should also enforce</a> an existing rule: with very limited exceptions, businesses must not collect information about you from third parties.</p> <h2>What are data brokers?</h2> <p><a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">Data brokers</a> generally make their profits by collecting information about individuals from various sources and sharing this personal data with their many business clients. This can include detailed profiles of a person’s family, health, finances and movements.</p> <p>Data brokers often have no connection with the individual – you may not even recognise the name of a firm that holds vast amounts of information on you. Some of these data brokers are large multinational companies with billions of dollars in revenue.</p> <p>Consumer and privacy advocates provided the ACCC with evidence of highly concerning data broker practices. <a href="https://www.accc.gov.au/system/files/Salinger%20Privacy.pdf">One woman</a> tried to find out how data brokers had got hold of her information after receiving targeted medical advertising.</p> <p>Although she never discovered how they obtained her data, she found out it included her name, date of birth and contact details. It also included inferences about her, such as her retiree status, having no children, not having “high affluence” and being likely to donate to a charity.</p> <p>ACCC found another data broker was reportedly creating lists of individuals who may be experiencing vulnerability. The categories included:</p> <ul> <li>children, teenage girls and teenage boys</li> <li>“financially unsavvy” people</li> <li>elderly people living alone</li> <li>new migrants</li> <li>religious minorities</li> <li>unemployed people</li> <li>people in financial distress</li> <li>new migrants</li> <li>people experiencing pain or who have visited certain medical facilities.</li> </ul> <p>These are all potential vulnerabilities that could be exploited, for example, by scammers or unscrupulous advertisers.</p> <h2>How do they get this information?</h2> <p>The ACCC notes <a href="https://cprc.org.au/wp-content/uploads/2023/03/CPRC-working-paper-Not-a-fair-trade-March-2025.pdf">74% of Australians are uncomfortable</a> with their personal information being shared or sold.</p> <p>Nonetheless, data brokers sell and share Australian consumers’ personal information every day. Businesses we deal with – for example, when we buy a car or search for natural remedies on an online marketplace – both buy data about us from data brokers and provide them with more.</p> <p>The ACCC acknowledges consumers haven’t been given a choice about this.</p> <p>Attempting to read every privacy term is near impossible. The ACCC referred to a recent study which found it would take consumers <a href="https://www.mi-3.com.au/06-11-2023/aussies-face-10-hour-privacy-policy-marathon-finds-study">over 46 hours a month</a> to read every privacy policy they encounter.</p> <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=3 2262w" alt="" /></a><figcaption><span class="caption">The approximate length and time it would take to read an average privacy policy in Australia per month.</span> <span class="attribution"><a class="source" href="https://www.accc.gov.au/about-us/publications/serial-publications/digital-platform-services-inquiry-2020-25-reports/digital-platform-services-inquiry-interim-report-march-2024">ACCC Digital Platform Services Inquiry interim report</a></span></figcaption></figure> <p>Even if you could read every term, you still wouldn’t get a clear picture. Businesses use <a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">vague wording</a> and data descriptions which <a href="https://theconversation.com/70-of-australians-dont-feel-in-control-of-their-data-as-companies-hide-behind-meaningless-privacy-terms-224072">confuse consumers</a> and have no fixed meaning. These include “pseudonymised information”, “hashed email addresses”, “aggregated information” and “advertising ID”.</p> <p>Privacy terms are also presented on a “take it or leave it” basis, even for transactions like applying for a rental property or buying insurance.</p> <p>The ACCC pointed out 41% of Australians feel they have been <a href="https://www.choice.com.au/consumers-and-data/data-collection-and-use/how-your-data-is-used/articles/choice-renttech-report-release">pressured to use “rent tech” platforms</a>. These platforms collect an increasing range of information with questionable connection to renting.</p> <h2>A first for Australian consumers</h2> <p>This is the first time an Australian regulator has made an in-depth report on the consumer data practices of data brokers, which are generally hidden from consumers. It comes <a href="https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf">ten years after</a> the United States Federal Trade Commission (FTC) conducted a similar inquiry into data brokers in the US.</p> <p>The ACCC report examined the data practices of nine data brokers and other “data firms” operating in Australia. (It added the term “data firms” because some companies sharing data about people argue that they are not data brokers.)</p> <p>A big difference between the Australian and the US reports is that the FTC is both the consumer watchdog and the <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312913">privacy regulator</a>. As our competition and consumer watchdog, the ACCC is meant to focus on competition and consumer issues.</p> <p>We also need our privacy regulator, the Office of the Australian Information Commissioner (OAIC), to pay attention to these findings.</p> <h2>There’s a law against that</h2> <p>The ACCC report shows many examples of businesses collecting personal information about us from third parties. For example, you may be a customer of a business that only has your name and email address. But that business can purchase “<a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">data enrichment</a>” services from a data broker to find out your age range, income range and family situation.</p> <p>The <a href="https://www.legislation.gov.au/C2004A03712/latest/text">current Privacy Act</a> includes <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles">a principle</a> that organisations must collect personal information only from the individual (you) unless it is unreasonable or impracticable to do so. “Impracticable” means practically impossible. This is the direct collection rule.</p> <p>Yet there is no reported case of the privacy commissioner enforcing the direct collection rule against a data broker or its business customers. Nor has the OAIC issued any specific guidance in this respect. It should do both.</p> <h2>Time to update our privacy laws</h2> <p>Our privacy law was drafted in 1988, long before this complex web of digital data practices emerged. Privacy laws in places such as California and the European Union provide much stronger protections.</p> <p>The government has <a href="https://ministers.ag.gov.au/media-centre/speeches/privacy-design-awards-2024-02-05-2024">announced</a> it plans to introduce a privacy law reform bill this August.</p> <p>The ACCC report reinforces the need for vital amendments, including a direct right of action for individuals and a rule requiring dealings in personal information to be “fair and reasonable”.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/230540/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, Associate Professor, Faculty of Law &amp; Justice, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/worried-your-address-birth-date-or-health-data-is-being-sold-you-should-be-and-the-law-isnt-protecting-you-230540">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

Does the royal family have a right to privacy? What the law says

<p><em><a href="https://theconversation.com/profiles/gemma-horton-1515949">Gemma Horton</a>, <a href="https://theconversation.com/institutions/university-of-sheffield-1147">University of Sheffield</a></em></p> <p>From court cases to conspiracy theories, the royal family’s right to privacy is, somewhat ironically, nearly always in the spotlight. The latest focus is Kate Middleton, Princess of Wales, whose whereabouts have been the subject of <a href="https://www.townandcountrymag.com/society/tradition/a60008117/kate-middleton-health-speculation-conspiracy-theories-online/">online speculation</a> after it was announced she was undergoing abdominal surgery and would be away from public duties until after Easter.</p> <p>This comes just weeks after King Charles <a href="https://www.bbc.co.uk/news/uk-68208157">revealed that he is undergoing treatment for cancer</a>, and a legal settlement between Prince Harry and Mirror Group Newspapers over <a href="https://www.bbc.co.uk/news/uk-68249009">illegal phone hacking</a>.</p> <p>Interest in the personal lives of the royals and other celebrities <a href="https://www.tandfonline.com/doi/full/10.1080/1461670X.2016.1150193">is a constant</a>, driving newspaper sales and online clicks for decades. You only needs to consider the media frenzy that followed Princess Diana to <a href="https://www.tandfonline.com/doi/full/10.1080/17512786.2013.833678">see this</a>, and its potentially devastating consequences.</p> <p>From a legal perspective, the British courts have ruled that everyone – the royal family included – is entitled to a right to privacy. The Human Rights Act incorporates into British law the rights set out by the European Convention on Human Rights. This includes article 8, which focuses on the right to privacy.</p> <p>In the years after the Human Rights Act came into force, courts ruled on a string of cases from celebrities claiming that the press invaded their privacy. Courts had to balance article 8 of the convention against article 10, the right to freedom of expression.</p> <p>Rulings repeatedly stated that, despite being in and sometimes seeking the limelight, celebrities should still be afforded a right to privacy. Some disagree with this position, such as prominent journalist <a href="https://www.independent.co.uk/news/uk/home-news/prince-harry-hacking-piers-morgan-b2336442.html">Piers Morgan, who has criticised</a> the Duke and Duchess of Sussex asking for privacy when they have also released a Netflix documentary, a broadcast interview with Oprah Winfrey and published a memoir.</p> <p>But the courts have made the position clear, as in the case concerning Catherine Zeta-Jones and Michael Douglas after Hello! Magazine published unauthorised photographs from their wedding. The <a href="https://eprints.whiterose.ac.uk/190559/3/Final%20Edited%20Version%20-%20Celebrity%20Privacy%20and%20Celebrity%20Journalism-%20Has%20anything%20changed%20since%20the%20Leveson%20Inquiry_.pdf">court stated</a> that: “To hold that those who have sought any publicity lose all protection would be to repeal article 8’s application to very many of those who are likely to need it.”</p> <p>There is no universal definition of privacy, but scholars have identified key concepts encompassing what privacy can entail. In my own research, I have argued that the <a href="https://eprints.whiterose.ac.uk/190559/3/Final%20Edited%20Version%20-%20Celebrity%20Privacy%20and%20Celebrity%20Journalism-%20Has%20anything%20changed%20since%20the%20Leveson%20Inquiry_.pdf">notion of choice</a> is one of these. Privacy allows us to control the spread of information about ourselves and disclose information to whom we want.</p> <h2>Privacy and the public interest</h2> <p>There are exceptions to these protections if the person involved had no reasonable expectation of privacy, or if it was in the public interest for this information to be revealed. There is no solid, legal definition of the “public interest”, so this is decided on a case-by-case basis.</p> <p><a href="https://www.tandfonline.com/doi/full/10.1080/17577632.2021.1889866">In the past</a>, the public interest defence has been applied because a public figure or official has acted hypocritically and the courts have stated there is a right for a publisher to set the record straight.</p> <p>When it comes to medical records and information concerning health, case law and journalistic <a href="https://www.ipso.co.uk/editors-code-of-practice/">editorial codes of conduct</a> are clear that this information is afforded the utmost protection.</p> <p>Model Naomi Campbell was pictured leaving a Narcotics Anonymous meeting and these images were published by the Daily Mirror. The court found that there had been a public interest in revealing the fact she was attending these meetings, as she had previously denied substance abuse.</p> <p>The House of Lords accepted that there was a public interest in the press “setting the record straight”. Nonetheless, the publication of additional, confidential details, and the photographs of her leaving the meeting were a <a href="https://www.theguardian.com/media/2004/may/06/mirror.pressandpublishing1">step too far</a>. The House of Lords highlighted the importance of being able to keep medical records and information private.</p> <h2>Royal health</h2> <p>When it comes to the royals, the history of <a href="https://www.townandcountrymag.com/society/tradition/a23798094/lindo-wing-st-marys-hospital-facts-photos/">publicity</a> around royal births, often posing with the newborn royal baby outside of the hospital, has set a precedent for what the public can expect about the royals’ medical information. When they choose to go against this tradition, it can frustrate both royal-watchers and publishers.</p> <p>King Charles made the choice to openly speak about his enlarged prostate to “assist public understanding”. And, as Prostate Cancer UK noted, this has worked – they noted a <a href="https://www.independent.co.uk/news/uk/home-news/king-charles-cancer-statement-treatment-b2494190.html">500% increase in people visiting their website</a>. However, he has chosen to not to divulge information about his cancer diagnosis beyond the fact that he is receiving treatment. This is his right.</p> <p>While revealing further information might stop speculation and rumours about his health, it is not the king’s duty to divulge private, medical information. However, if his health begins to impact his ability to act as monarch, the situation could change.</p> <p>It might be that the press finds more information about his health without his knowledge, but unless they have a genuine public interest in publishing this information, privacy should prevail.</p> <p>You would no doubt want your private medical information kept secret, not shared around your workplace and speculated on unless it was absolutely necessary. It is thanks to these laws and court precedent that you don’t have to worry about this. The royal family, regardless of their position, should expect the same standard.<!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/gemma-horton-1515949"><em>Gemma Horton</em></a><em>, Impact Fellow for Centre for Freedom of the Media, <a href="https://theconversation.com/institutions/university-of-sheffield-1147">University of Sheffield</a></em></p> <p><em>Image credits: Getty Images</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/does-the-royal-family-have-a-right-to-privacy-what-the-law-says-224881">original article</a>.</em></p>

Legal

Placeholder Content Image

How Samantha Murphy's digital data could be a crucial clue

<p>Last Friday, Victoria Police revisited the Mount Clear area after extracting information from her mobile phone data, as they continue to investigate the Ballarat mum's disappearance. </p> <p>Now, Former Australia Federal Police officer and professor of cybersecurity, Nigel Phair believes an "anomaly" or "change in the behaviour" of Murphy's data pattern may have prompted authorities to return to the area. </p> <p>Detectives have previously said that Murphy departed her residence and ran approximately 7km through Woowookarung Regional Park with data tracking her last location as Mount Clear. </p> <p>Phair who formerly headed investigations at the Australian High Tech Crime Centre (AHTCC), said that data from her iPhone and Apple Watch is particularly important as both devices constantly log her GPS coordinates, heart rate, altitude and can even detect falls among other biometric information. </p> <p>"From the second that she walked out of her door, when out on the street, they would be able to see where she was moving and how she was moving," Phair told told Liz Hayes on Channel 9's series <em>Under Investigation</em>. </p> <p>Additionally, her iPhone can be precisely located using triangulation from nearby cell phone towers. </p> <p>Phair said that this type of data is extremely reliable and accurate, and he believes that the disturbance in this data the 7km mark, where it stopped tracking the information, reveals some form of sophistication. </p> <p>"That means someone's done something active against those two devices and you have to know what you are doing to think I'm going to completely take these out," he said. </p> <p>"It's not just turning them off, it's destroying them and then getting rid of that piece of evidence."</p> <p>He added that tampering with these devices are particularly hard, because even if they may attempt to change SIM cards, mobile phones that are still on can still be traced. </p> <p>"A device has two signifiers. It has a phone number, which you can change, call that the software signifier," he said.</p> <p>"Then it has a hardware identifier, which is the IMEI number." </p> <p>He said that police would be notified if the IMEI number was still operational. </p> <p>"Regardless if you swap SIMs or don't use a SIM at all and just use it as a Wi-Fi-only device in a Wi-Fi area, it will always broadcast that IME number onto the network," he said. </p> <p>Phair said that it is "highly likely" that police have the data on potential predators and are tracking them, as they can see whether someone else was using a device in the Mount Clear area the day Murphy disappeared. </p> <p>Former Victorian detective Damian Marrett told Hayes the he believes Murphy's disappearance is the result of foul play, as changes in her digital data could suggest it was a "targeted attack". </p> <p>He also added that if anyone else had access to her Find My iPhone app or any of her other data, they could easily track her using this information. </p> <p>"Somebody who intimately knew the tracks that she takes or had access to be able to track her runs," he said.</p> <p>"So she could have been tracked without those people having to physically surveil her."</p> <p><em>Images: Under Investigation/ Facebook</em></p> <p> </p>

Legal

Placeholder Content Image

Aussie mum's outrage over neighbour's "creepy" act

<p>An Aussie mum has slammed her neighbour for being a "creep" after spotting a surveillance camera which she claims is pointed directly into her bathroom window. </p> <p>A photo taken of the set-up showed the camera poking out from underneath the blinds behind a window on the property next door. </p> <p>"It was facing the car park, and now it's facing my window [and it has] been there for the last four days," she wrote in the Facebook post, adding that she lives on private property and is not sure what to do. </p> <p>"It's facing my bathroom window. Disgusting. I have two young kids here."</p> <p>The post blew up, with hundreds of locals urging the mum-of-two to speak to her neighbour, put privacy screens, or tint her windows, to which the mum responded: "I shouldn't have to tint my windows to feel safe enough to have a shower." </p> <p> "I live on private property, he comes off as a creep."</p> <p>Despite revealing that she had issues with the neighbour in the past over her dog, the woman went and talked to the neighbour. </p> <p>"[I] went and spoke with them," she wrote. </p> <p>"Apparently it's not facing my backyard, only theirs, but clearly it is, so I will be taking it further.</p> <p>"It isn't for a backyard, it's for a car park that never gets used, only during the weekdays, but it's not even pointing anywhere near that direction anymore. It's legit right into my windows."</p> <p>Property lawyer Monica Rouvella told <em>Yahoo News</em> that there are several things the woman could do if this continues.</p> <p>"One of them is to contact the local police and they can come out and actually request to view that person's footage to see exactly what's been looked at," she said. </p> <p> "And then the police can actually, I believe, request that the camera be taken down or repositioned."</p> <p>She also said the Hunter Valley mum could try going through local councils, but they might refer back to the police. </p> <p>"The other takeaway is, you know, these days everybody has a camera on their house," she told the publication. </p> <p>"So you know, if you don't like that then don't do things you shouldn't be doing. But yeah, if it is directed at a person's house or window then that's a violation of that person's privacy." </p> <p><em>Images: Facebook</em></p> <p> </p>

Legal

Placeholder Content Image

Are Australia’s roads becoming more dangerous? Here’s what the data says

<p><a href="https://theconversation.com/profiles/mark-stevenson-330220">Mark Stevenson</a>, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em> and <a href="https://theconversation.com/profiles/jason-thompson-96100">Jason Thompson</a>, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></p> <p>In 2022, there were nearly <a href="https://www.bitre.gov.au/sites/default/files/documents/road_trauma_2022.pdf">1,200 road crash deaths</a> in Australia – a figure that has remained largely the same over the past decade. However, some states and territories have seen dramatic increases in just the last five years, such as the ACT (100%), Tasmania (59.4%) and Queensland (21.2%).</p> <p>Serious injuries from road crashes have also been <a href="https://app.powerbi.com/view?r=eyJrIjoiMGVlZDM0YzQtNWI3Mi00YzAyLWI5YjUtZGQyYzc3YjJmMmY3IiwidCI6ImFhMjFiNjQwLWJhYzItNDU2ZC04NTA1LWYyY2MwN2Y1MTc4NCJ9">on the rise</a>, from 35,000 in 2013 to 39,866 in 2019.</p> <p>These statistics highlight the need for an urgent rethink of road safety policies if we are to achieve Australia’s <a href="https://www.sbs.com.au/news/article/australias-road-deaths-rise-despite-push-to-halve-fatalities-by-2030/vcl7yj50g">target</a> of a 50% decrease in fatalities and a 30% decrease in serious injuries by 2030. We are clearly not on track to meet these targets.</p> <p>People are worth more than statistics, though. And it is not surprising we haven’t seen decreases in road deaths when we rely on strategies first implemented three to four decades ago. Change is needed to prevent the ongoing trauma caused by road crashes to Australian families.</p> <p><iframe id="DTp1X" class="tc-infographic-datawrapper" style="border: none;" src="https://datawrapper.dwcdn.net/DTp1X/1/" width="100%" height="400px" frameborder="0"></iframe></p> <h2>Why have road trauma rates not declined?</h2> <p>Australia has long had an international reputation for pioneering road safety measures, such as seat belt restraints, speed management strategies (including speed cameras) and drink-driving laws, among others. In fact, Australia was the <a href="https://link.springer.com/article/10.1007/BF00137361">first country</a> in the world to introduce laws for compulsory seat belt use.</p> <p>These initiatives have been highly successful in reducing road deaths from their peak in 1970, when <a href="https://www.abs.gov.au/ausstats/abs@.nsf/Previousproducts/1301.0Feature%20Article412001?opendocument&amp;tabname=Summary&amp;prodno=1301.0&amp;issue=2001&amp;num=&amp;view=">3,798</a> were recorded. But in the past two decades, further progress has stalled. We must ask ourselves why.</p> <p>One theory to explain why road deaths may have increased in many states in the past couple of years is the pandemic. The previously empty roads are now congested again, which may have led to impatience and speeding. Or perhaps, some people have seemingly forgotten how to drive safely. However, there is another, perhaps simpler explanation.</p> <p>This chart shows how closely road deaths have tracked with domestic fuel sales in Australia – measured in millions of litres of fuel – since 2019. In simple terms, when driving rates decreased at the beginning of the pandemic, deaths and injuries went down. When driving rates increased again in early 2021, deaths and injuries went up.</p> <p>In fact, there is scant evidence to suggest people’s driving behaviours changed during this time. Our recent unpublished research followed approximately 800 drivers from January 2020 to March 2023 using monitoring systems inside their cars to measure their behaviour. We found no differences in driver behaviours during this time.</p> <p>Rather, there’s a more likely reason why road deaths and injuries continue to be so high: the amount of time we spend driving continues to increase, while our strategies to target the risks associated with driving haven’t changed.</p> <p>Unfortunately, government agencies continue to rely on strategies implemented over the past 20-30 years, which were effective when they were first introduced, but are now subject to the law of diminishing marginal returns. This means continually throwing more resources at existing speed management strategies, for example, will likely only see marginal benefits.</p> <h2>A new approach not focused on cars</h2> <p>There is increasing urgency to investigate and implement new road safety strategies based on emerging technologies and a redesign of our cities instead.</p> <p>For example, a <a href="https://www.sciencedirect.com/science/article/abs/pii/S0001457521003092">recent Australian trial</a> using new driving monitoring technology showed promise in reducing risky driving behaviours that could cause crashes. The monitoring systems provided feedback to the driver (via a smartphone app) and encouraged safer driving using financial incentives akin to insurance premiums. This new strategy is being explored further in three states: New South Wales, Queensland and Western Australia.</p> <p>Encouraging people to transition from private car trips to public transport is another road safety strategy that has seldom been considered by governments. Rather, the driver, car and road remain the focus.</p> <p>This <a href="https://www.roadsafety.gov.au/nrss/fact-sheets/vision-zero-safe-system">“safe system” approach</a> puts an emphasis on building safe road infrastructure for cars, while ignoring urban design changes that de-emphasise the need for cars. We should be encouraging more people to commute by rail, tram and bus (all lower-risk modes per kilometre travelled), while at the same time delivering safe infrastructure for sustainable transport such as bicycles/e-bicycles or walking.</p> <p>If we continue to tinker with strategies implemented many decades ago, we will never get close to achieving the lofty government targets on road deaths and injuries by 2030.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/213240/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/mark-stevenson-330220"><em>Mark Stevenson</em></a><em>, Professor of Urban Transport and Public Health, <a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a> and <a href="https://theconversation.com/profiles/jason-thompson-96100">Jason Thompson</a>, Associate Professor, Faculty of Medicine and Melbourne School of Design, <a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></p> <p><em>Image credits: Getty Images</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/are-australias-roads-becoming-more-dangerous-heres-what-the-data-says-213240">original article</a>.</em></p>

Domestic Travel

Placeholder Content Image

The $500 million ATO fraud highlights flaws in the myGov ID system. Here’s how to keep your data safe

<p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an <a href="https://www.abc.net.au/news/2023-07-26/ato-reveals-cost-of-mygov-tax-identity-crime-fraud/102632572">ABC report</a>.</p> <p>Most of the payments were for small amounts (less than A$5,000) and were not flagged by the ATO’s own monitoring systems.</p> <p>The fraudsters exploited a weakness in the identification system used by the myGov online portal to redirect other people’s tax refunds to their own bank accounts.</p> <p>The good news is there’s plenty the federal government can do to crack down on this kind of fraud – and that you can do to keep your own payments secure.</p> <h2>How these scams work</h2> <p>Setting up a myGov account or a myGov ID requires proof of identity in the form of “<a href="https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointChecklist-18042019.pdf">100 points of ID</a>”. It usually means either a passport and a driver’s licence or a driver’s licence, a Medicare card, and a bank statement.</p> <p>Once a myGov account is created, linking it to your tax records requires two of the following: an ATO assessment, bank account details, a payslip, a Centrelink payment, or a super account.</p> <p>These documents were precisely the ones targeted in three large data breaches in the past year: at <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">Optus</a>, at <a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank</a>, and at <a href="https://asic.gov.au/about-asic/news-centre/news-items/guidance-for-consumers-impacted-by-the-latitude-financial-services-data-breach/">Latitude Financial</a>.</p> <p>In this scam, the cyber criminal creates a fake myGov account using the stolen documents. If they can also get enough information to link to the ATO or your Tax File Number, they can then change bank account details to have your tax rebate paid to their account.</p> <p>It is a sadly simple scam.</p> <h2>How government can improve</h2> <p>One of the issues here is quite astounding. The ATO knows where salaries are paid, via the “<a href="https://www.ato.gov.au/business/single-touch-payroll/what-is-stp-/">single touch</a>” payroll system. This ensures salaries, tax and superannuation contributions are all paid at once.</p> <p>Most people who have received a tax refund will have provided bank account details where that payment can be made. Indeed, many people use precisely those bank account details to identify themselves to myGov.</p> <p>At present, those bank details can be changed within myGov without any further ado. If the ATO simply checked with the individual via another channel when bank account details are changed, this fraud could be prevented. It might be sensible to check with the individual’s employer as well.</p> <p>Part of the problem is the ATO has not been very transparent about the risks. If these risks were clearly set out, then calls for changes to ATO procedures would have been loud and clear from the cyber security community.</p> <p>The ATO is usually good at identifying when a cyber security incident may lead to fraud. For example, when the recruitment software company <a href="https://www.abc.net.au/news/2018-06-06/australian-data-may-be-compromised-in-pageup-security-breach/9840048?itm_campaign=newsapp">PageUp was hacked in 2018</a>, the ATO required people who may have been affected to reconfirm their identities. This was done without public commentary and represents sound practice.</p> <p>Sadly, the millions of records stolen in the Optus, Medibank and Latitude Financial breaches have not led to a similar level of vigilance.</p> <p>Another action the ATO could take would be to check when a single set of bank account details is associated with more than one myGov account.</p> <p>A national digital identity would also help. However, this system has been in development for years, is not universally popular, and may well be <a href="https://www.themandarin.com.au/226280-gallagher-warns-community-support-for-digital-identity-not-ubiquitous/">delayed</a> until after the federal election due in 2024.</p> <h2>Protecting yourself</h2> <p>The most important thing to do is make sure the ATO does not use a bank account number other than yours. As long as the ATO only has your bank account number to transfer your tax rebate, this scam does not work.</p> <p>It also helps to protect your Tax File Number. There are only four groups that ever need this number.</p> <p>The first is the ATO itself. The second is your employer. However, remember you do not need to give your TFN to a prospective employer, and your employer only needs your TFN <em>after</em> you have started work.</p> <p>Your super fund and your bank may ask for your TFN. However, providing your TFN to your super fund or bank is optional – it just makes things easier, as otherwise they will withhold tax which you will need to claim back later.</p> <p>Of course, all the usual data safety issues still apply. Don’t share your driver’s licence details without good reason. Take similar care with your passport. Your Medicare card is for health services and does not need to be shared widely.</p> <p>Don’t open emails from people you do not know. Never click links in messages unless you are sure they are safe. Most importantly, know your bank will not send you emails containing links, nor will the ATO.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/210459/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, Associate professor of regulation and governance, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image </em><em>credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/the-500-million-ato-fraud-highlights-flaws-in-the-mygov-id-system-heres-how-to-keep-your-data-safe-210459">original article</a>.</em></p>

Technology

Placeholder Content Image

Australia's most trusted brands revealed for 2023

<p>When it comes to big brands, there are certain names that Aussies go back to time and time again for their reliability and trustworthy reputations. </p> <p>This year, according to recent data collated by <a href="https://www.trustedbrands.com.au" target="_blank" rel="noopener">Reader's Digest</a>, consumers are interacting differently with big name brands after recovering from the pandemic, but now being faced with the cost of living crisis. </p> <p>The survey, now in its 24th year, was carried out by independent market research company Catalyst Consultancy & Research and asked thousands of consumers of a mixed demographic to name the brands they trusted across more than 70 categories. </p> <p>The data suggests that our most trusted brands have "not only changed the way they interact with us during the past three years of the pandemic", but current "cost-of-living pressures mean the most successful organisations are making even further refinements".</p> <p>"With inflation putting price pressure on everyone at the moment, trust remains a hard-earned and vitally important commodity," Reader's Digest Australia Editor-in-Chief Louise Waterson said. </p> <p>"Many leading companies are rebranding their image, or reshaping their services, to hold on to existing customers and seek out new ones."</p> <p><em><strong>Check out the list below of Australia's top 20 most trusted brands, and <a href="https://www.trustedbrands.com.au/" target="_blank" rel="noopener">head here for the full 2023 results</a>.</strong></em></p> <p>20. Woolworths</p> <p>19. Sanitarium</p> <p>18. Bridgestone</p> <p>17. Ryobi</p> <p>16. Dairy Farmers</p> <p>15. Cancer Council Australia</p> <p>14. Dyson</p> <p>13. Bega </p> <p>12. Selleys</p> <p>11. Specsavers</p> <p>10. Glen20</p> <p>9. Dulux</p> <p>8. Royal Flying Doctor Service</p> <p>7. Band-Aid</p> <p>6. Victa</p> <p>5. Panadol</p> <p>4. Bunnings Warehouse</p> <p>3. Cadbury</p> <p>2. Weber</p> <p>1. Dettol</p> <p><em>Image credits: Trusted Brands</em></p>

News

Placeholder Content Image

Kate Ritchie hits out at the Daily Mail for invasion of privacy

<p dir="ltr">Kate Ritchie has hit out at the Daily Mail for invading her privacy and publishing photos of her leaving a mental health facility.</p> <p dir="ltr">The former <em>Home and Away</em> star recently announced she will be taking a break from her radio show to focus on her mental health.</p> <p dir="ltr">The 43-year-old confirmed that she will be back in 2023 alongside co-hosts Joel Creasey and Tim Blackwell.</p> <p dir="ltr">In a lengthy post on Instagram, the mother-of-one confessed that she is seeking help after realising she was relying on alcohol too much.</p> <p dir="ltr">However, things became too much when the Daily Mail published photos of her leaving a mental health facility, invading her privacy.</p> <p dir="ltr">“As announced previously, I am taking a break until next year,” her post began.</p> <p dir="ltr">“The last year has been incredibly emotionally challenging, as well as a relentless schedule, stress, and a lack of sleep. I came to realise that this led to an unhealthy reliance on alcohol.</p> <p dir="ltr">“So I decided to use this time to do something positive by getting the help I need from professionals who specialise in this area.</p> <p dir="ltr">“As everyone would understand, this is a very big step for me to take. I want to sincerely thank everybody who is supporting me.</p> <blockquote class="instagram-media" style="background: #FFF; border: 0; border-radius: 3px; box-shadow: 0 0 1px 0 rgba(0,0,0,0.5),0 1px 10px 0 rgba(0,0,0,0.15); margin: 1px; max-width: 540px; min-width: 326px; padding: 0; width: calc(100% - 2px);" data-instgrm-captioned="" data-instgrm-permalink="https://www.instagram.com/p/Cl4ytUJy_jB/?utm_source=ig_embed&amp;utm_campaign=loading" data-instgrm-version="14"> <div style="padding: 16px;"> <div style="display: flex; flex-direction: row; align-items: center;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 40px; margin-right: 14px; width: 40px;"> </div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 100px;"> </div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 60px;"> </div> </div> </div> <div style="padding: 19% 0;"> </div> <div style="display: block; height: 50px; margin: 0 auto 12px; width: 50px;"> </div> <div style="padding-top: 8px;"> <div style="color: #3897f0; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: 550; line-height: 18px;">View this post on Instagram</div> </div> <div style="padding: 12.5% 0;"> </div> <div style="display: flex; flex-direction: row; margin-bottom: 14px; align-items: center;"> <div> <div style="background-color: #f4f4f4; border-radius: 50%; height: 12.5px; width: 12.5px; transform: translateX(0px) translateY(7px);"> </div> <div style="background-color: #f4f4f4; height: 12.5px; transform: rotate(-45deg) translateX(3px) translateY(1px); width: 12.5px; flex-grow: 0; margin-right: 14px; margin-left: 2px;"> </div> <div style="background-color: #f4f4f4; border-radius: 50%; height: 12.5px; width: 12.5px; transform: translateX(9px) translateY(-18px);"> </div> </div> <div style="margin-left: 8px;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 20px; width: 20px;"> </div> <div style="width: 0; height: 0; border-top: 2px solid transparent; border-left: 6px solid #f4f4f4; border-bottom: 2px solid transparent; transform: translateX(16px) translateY(-4px) rotate(30deg);"> </div> </div> <div style="margin-left: auto;"> <div style="width: 0px; border-top: 8px solid #F4F4F4; border-right: 8px solid transparent; transform: translateY(16px);"> </div> <div style="background-color: #f4f4f4; flex-grow: 0; height: 12px; width: 16px; transform: translateY(-4px);"> </div> <div style="width: 0; height: 0; border-top: 8px solid #F4F4F4; border-left: 8px solid transparent; transform: translateY(-4px) translateX(8px);"> </div> </div> </div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center; margin-bottom: 24px;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 224px;"> </div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 144px;"> </div> </div> <p style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; line-height: 17px; margin-bottom: 0; margin-top: 8px; overflow: hidden; padding: 8px 0 7px; text-align: center; text-overflow: ellipsis; white-space: nowrap;"><a style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: normal; line-height: 17px; text-decoration: none;" href="https://www.instagram.com/p/Cl4ytUJy_jB/?utm_source=ig_embed&amp;utm_campaign=loading" target="_blank" rel="noopener">A post shared by Kate Ritchie (@kateritchieofficial)</a></p> </div> </blockquote> <p dir="ltr">“It is a shocking invasion of my privacy that the Daily Mail, through their unrelenting stalking of me, has forced me to issue this public statement, in their blatant attempt to publicly shame me on a private health matter.”</p> <p dir="ltr">Her post was met with extreme support from fellow actors, comedians and hosts who wished Kate the best in getting better.</p> <p dir="ltr">“Much love,” comedian Tommy Little wrote.</p> <p dir="ltr">“Love love love you sista! Do what you gotta do to put your health and happiness first. Cheering you on always and excited for all that lies ahead x,” fellow radio host Ash London commented.</p> <p dir="ltr">“There’s so much strength to be found in vulnerability. Luckily you are a very strong woman and I have no doubt this time of healing will reveal an even better version of you! We love you @kateritchieofficial,” Aussie swimmer Leisel Jones wrote.</p> <p dir="ltr"><em>Images: Instagram</em></p>

Caring

Placeholder Content Image

Can big data really predict what makes a song popular?

<p>Music is part of our lives in different ways. We listen to it on our commutes and it resounds through shopping centres. Some of us seek live music at concerts, festivals and shows or rely on music to set the tone and mood of our days.</p> <p>While we might understand the genres or songs we appreciate, it’s not clear precisely why a certain song is more appealing or popular. Perhaps the lyrics speak to an experience? Perhaps the energy makes it appealing? These questions are important to answer for music industry professionals, and <a href="https://theconversation.com/how-data-is-transforming-the-music-industry-70940">analyzing data</a> is a key part of this.</p> <p>At Carleton University, a group of data science researchers sought to answer the question: “What descriptive features of a song make it popular on music/online platforms?”</p> <h2>Revenue in the music industry</h2> <p>Revenue in the music industry <a href="https://doi.org/10.1509/jm.14.0473">is derived from two sources that are affected by different factors: live music and recorded music</a>. During the pandemic, although live music income dropped due to the cancellation of in-person performances, the <a href="https://doi.org/10.1371/journal.pone.0267640">income from streaming</a> rose.</p> <p>As digital platforms like Spotify and TikTok have grown, <a href="https://doi.org/10.5753/sbcm.2019.10436">the majority of music revenue has come to be contributed by digital media, mostly music streaming</a>. How and whether this <a href="https://theconversation.com/artists-spotify-criticisms-point-to-larger-ways-musicians-lose-with-streaming-heres-3-changes-to-help-in-canada-176526">revenue reaches singers and songwriters at large</a> is another matter. </p> <h2>Popularity on digital platforms</h2> <p>The popularity of a song on digital platforms is considered a measure of the revenue the song may generate.</p> <p>As such, producers seek to answer questions like “<a href="https://doi.org/10.1098/rsos.171274">How can we make the song more popular?</a>” and “<a href="https://doi.org/10.1109/ICMLA.2019.00149">What are the characteristics of songs that make it the top charts?</a>” </p> <p>With collaborators <a href="https://www.linkedin.com/in/laura-colley/">Laura Colley</a>, <a href="https://www.linkedin.com/in/andrew-dybka/">Andrew Dybka</a>, Adam Gauthier, Jacob Laboissonniere, Alexandre Mougeot and Nayeeb Mowla, we produced a systematic study that collected data from YouTube, Twitter, TikTok, Spotify and Billboard (<a href="https://www.billboard.com/charts/hot-100">Billboard Hot-100</a>, sometimes also denoted by data researchers as “<a href="https://data.world/bigml/association-discovery">Billboard hot top</a>” or in our work and others’ work, “Billboard Top-100”).</p> <p>We linked the datasets from the different platforms with Spotify’s acoustic descriptive metric or “descriptive features” for songs. These features have been derived <a href="https://www.billboard.com/music/music-news/echo-nest-columbia-university-launch-million-song-dataset-1178990/">from a dataset which yielded categories for measuring and analyzing qualities of songs</a>. Spotify’s <a href="https://www.theguardian.com/technology/2014/mar/06/spotify-echo-nest-streaming-music-deal">metrics capture</a> <a href="https://doi.org/10.1098/rsos.171274">descriptive features such as</a>acousticness, energy, danceability and instrumentalness (the collection of instruments and voices in a given piece). </p> <p>We sought to find trends and analyze the relationship between songs’ descriptive features and their popularity.</p> <p>The rankings on the weekly <a href="https://www.billboard.com/charts/hot-100/">Billboard Hot-100</a> are based on sales, online streams and radio plays in the United States.</p> <p>The analysis we performed by looking at Spotify and Billboard revealed insights that are useful for the music industry.</p> <h2>What predicts a Billboard hit?</h2> <p>To perform <a href="https://ieeexplore.ieee.org/document/9842568">this study</a>, we used two different data sets pertaining to songs that <a href="https://www.npr.org/sections/therecord/2013/08/16/207879695/how-the-hot-100-became-americas-hit-barometer">were Billboard hits</a> <a href="https://data.world/kcmillersean/billboard-hot-100-1958-2017">from the early 1940s to 2020</a> and Spotify data related to over 600,000 tracks and over one million artists.</p> <p>Interestingly, we found no substantial correlations between the number of weeks a song remained on the charts, as a measure of popularity, and the acoustic features included in the study.</p> <p>Our analysis determined that newer songs tend to last longer on the charts and that a song’s popularity affects how long it stays on the charts. </p> <p>In a related study, researchers collected data for Billboard’s Hot 100 from 1958 to 2013 and found that <a href="https://doi.org/10.1007/978-3-319-13734-6_36">songs with a higher tempo and danceability often get a higher peak position on the Billboard charts</a>. </p> <h2>Predicting Spotify song popularity</h2> <p>We also used the songs’ features to generate machine learning models to predict Spotify song popularity. Preliminary results concluded that features are not linearly correlated, with some expected exceptions including songs’ energy. </p> <p>This indicated that the Spotify metrics we studied — including acousticness, danceability, duration, energy, explicitness, instrumentalness, liveness, speechiness (a measure of the presence of spoken words in a song), tempo and release year — were not strong predictors of the song’s popularity.</p> <p>The majority of songs in the Spotify dataset were not listed as explicit, tended to have low instrumentalness and speechiness, and were typically recent songs. </p> <p>Although one may think that some features that are innate to certain songs make them more popular, our study revealed that popularity can not be attributed solely to quantifiable acoustic elements. </p> <p>This means that song makers and consumers must consider other contextual factors beyond the musical features, as captured by Spotify’s measurables, that may contribute to the song’s success. </p> <h2>Elements affecting popularity shift</h2> <p>Our study reinforces that elements affecting the popularity of songs change over time and should be continuously explored. </p> <p>For example, <a href="https://doi.org/10.1098%2Frsos.171274">in songs produced between 1985 and 2015 in the United Kingdom, songs produced by female artists were more successful</a>.</p> <p>Other aspects may substantially contribute to the success of a song. Data scientists have proposed <a href="https://doi.org/10.1371/journal.pone.0244576">simplicity of the lyrics</a>, the advertising and <a href="https://www.ipr.edu/blogs/audio-production/what-are-the-elements-of-popular-music/">distribution plans</a> as potential predictors of songs’ popularity.</p> <h2>Attached listeners</h2> <p>Many musicians and producers make use of popular events and marketing strategies to advertise songs. Such events create social engagements and <a href="https://doi.org/10.3389/fpsyg.2018.02682">audience involvement</a> which attaches the listener to the song being performed. </p> <p>For the public, <a href="https://www.osheaga.com/en">live music events</a>, following long lockdowns, have been opportune for reuniting friends, and <a href="https://ottawabluesfest.ca/">enjoying live artistry and</a> entertainment.</p> <p>While attending a music event or listening to a song, we invite you to reflect on what it is about the song that makes you enjoy it.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This arctic originally appeared on <a href="https://theconversation.com/can-big-data-really-predict-what-makes-a-song-popular-189052" target="_blank" rel="noopener">The Conversation</a>. </em></p>

Music

Placeholder Content Image

“Have a second phone”: Aussie spy chief’s warning on social media use

<p dir="ltr">MPs have been urged to use a second phone if they want to access social media apps such as TikTok, after one of Australia’s top spy bosses spoke about how these apps use our personal information.</p> <p dir="ltr">Rachel Noble, the Director-General of the Australian Signals Directorate (ASD), recommended that politicians and their staff should adopt the practice during a Senate estimates hearing.</p> <p dir="ltr">She also said that having a phone without access to social media was the only way to have “absolute certainty” of data privacy.</p> <p dir="ltr">“Our advice was, frankly, for people who are members of parliament who might be particularly targets of espionage … that if you wanted absolute certainty that your social media app couldn’t have access to those things … would be to have a second phone which you exclusively use for that,” Ms Noble said.</p> <p dir="ltr">The warning comes after it was reported earlier this year that the ASD had confidential meetings with politicians and their staff to warn them that some apps undertake excessive data collection and request access to contact lists, location data and photos.</p> <p dir="ltr">Last year, the Department of Home Affairs restricted TikTok use on work phones, joining the Department of Defence in doing so.</p> <p dir="ltr">During the hearing, Ms Noble said that in some cases social media apps were collecting additional information extending “beyond the content of messages, videos and voice recordings”.</p> <p dir="ltr">“Social media apps are monetising what you do on your phone, what you access, what you look at for how long, who your friends are – they will seek to get demographics of your friends in order to push you the information and get you to buy things,” she said.</p> <p dir="ltr">With some apps headquartered outside Australia, such as China, Ms Noble said the information collected could be accessed legally or be subject to covert collection.</p> <p dir="ltr">Sectors of the Australian public service aren’t the only ones restricting use of social media apps on work phones, with parliaments in the United States and New Zealand warning against using TikTok on government devices.</p> <p><span id="docs-internal-guid-4a365f66-7fff-12a0-c84b-6e36f0ce1003"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

"Deplorable": Medibank hacker announces ransom demands

<p>As more sensitive health data has been posted on the dark web, the Medibank hacker has shared their ransom demands for the information to be returned safely. </p> <p>Along with the unlawful release of the information, the hacker stated, "Society ask us about ransom, it's a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer."</p> <p>At current rates, US$9.7 million is worth $15.07 million.</p> <p>The alleged hacker, also posted: "Medibanks (sic) CEO stated, that ransom amount is 'irrelevant'. We want to inform the customers, that He refuses to pay for yours data more, like 1 USD per person. So, probably customers data and extra efforts don't cost that."</p> <p>Following the release of 200 users' personal health data yesterday, the hacker has today posted an additional file of information allegedly obtained in the hack.</p> <p>While the file is titled "abortions", it is understood that the diagnostic code listed in the file against the names of over 300 Australian men and women actually refers to an admission for "Supervision of high risk pregnancy, unspecified, first trimester", according to <a href="https://www.9news.com.au/national/medibank-hack-update-more-health-data-ransom-demand-posted/32e7d105-1b5f-4291-bbb4-32620cbe3456" target="_blank" rel="noopener">9News</a>. </p> <p>Medibank CEO David Koczkar has called the latest health data release as "deplorable", while assuring customers they are working to secure their information. </p> <p>He said, "The release of this stolen data on the dark web is disgraceful."</p> <p>"We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.</p> <p>"We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.</p> <p>"The weaponisation of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.</p> <p>"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."</p> <p>With so much information already leaked, there is a high risk of scams and individual ransom demands to come for the 500 or so Australians whose personal data has already been published.</p> <p>Those customers should be on high alert for scammers.</p> <p>Medibank has yet to reach out to the 500,000 customers whose health data is in jeopardy, to advise them whether more information has been lost to the scammers. </p> <p><em>Image credits: Getty Images </em></p>

Legal

Placeholder Content Image

3 times you should never “accept cookies” on a site

<p><strong>To cookie or not to cookie?</strong></p> <p>Cookie-consent pop-ups are one of the biggest annoyances on the Internet. Almost every site you visit has a notice saying, “This website uses cookies to improve your experience. Do you agree?” or something similar. Typically, we click “yes” or “agree” without even thinking about it because we’re eager to get to the content. But should we? Not necessarily.</p> <p><strong>What are cookies, exactly?</strong></p> <p>Before we delve into the dos and don’ts of cookie consent, here’s a little refresher on this Web tool: Cookies are essentially information collectors and trackers in the form of small text files stored on your browser by the sites you visit. Some are useful. For example, a cookie saved on your browser makes it so you don’t have to re-enter your log-in information every time you visit one of your favourite websites. Cookies can also remember your shopping preferences so that you get a personalised experience when you visit the website. Others, however, track how you use a website, how often you go there, your IP address, your phone number, what types of things you look at and buy, and other information you may not want to share.</p> <p><strong>Do you have to accept cookies?</strong></p> <p>Many companies have you click “yes” so that they’re compliant with current privacy laws. This means that once you click, you’ve given the company permission to use your information as they see fit without the worry of legal backlash. Most of the time, cookies are no big deal. There are a few occasions, though, where you should decline cookies. Don’t worry – if you find yourself in a situation where you need to decline or simply want to decline for whatever reason, most websites will work just fine without collecting your information. With that said, here’s when saying no to the cookies is a good idea.</p> <p><strong>Sketchy sites</strong></p> <p>Beware when you’re on an unencrypted website (these websites will have an unlocked lock icon by the web address) while using a public Wi-Fi network. The information collected by cookies can be intercepted by hackers because there isn’t any security to stop them. Your best bet when borrowing Wi-Fi from your local coffee shop or fast-food joint is to use your browser’s private or incognito mode. While in this mode, cookies aren’t collected by default (though you can manually turn off cookie blocking on some browsers), no matter where your Internet journeys take you.</p> <p><strong>Third-party cookies</strong></p> <p>If the cookie-consent pop-up mentions third-party cookies, click “decline.” Accepting gives the website the right to sell your browsing behaviour to a data broker. The broker then combines your behaviour on one website with information from other websites and builds an extremely detailed profile of you as a consumer. “The broker then sells that profile to other third parties who want to market to people like you,” says Harry Maugans, CEO of Privacy Bee, a proactive privacy management tool for consumers. “As you can imagine, this chain extends infinitely. Once you lose control of your personal data, it gets packaged and repackaged in all kinds of ways. It’s scary but true.”</p> <p>According to Maugans, some third-party cookies are even nefarious. You could become a victim of “cookie stealing” or “session hijacking.” This is when a hacker gains access to a browser and mimics users to be able to steal cookies from that browser. This can put you at risk of identity theft if hackers manage to steal cookies that store your personal information or credit card information.</p> <p>If you’re worried that you might accidentally accept third-party cookies, there’s an easy way to make things fool-proof. Go into your browser and choose to allow only required cookies or “first party” cookies. These cookies are the helpful ones mentioned earlier and are usually only used by the website you’re visiting.</p> <p><strong>When you’re using private information</strong></p> <p>If you don’t feel comfortable sharing the information you’re using or accessing on a website with a stranger, don’t use cookies on that site. According to Jeremy Tillman, president of the privacy company Ghostery, you should avoid cookies on sites where you do your banking, access your medical information, or use other private information.</p> <p>If you’re afraid that you’ve already accepted cookies on websites where you wouldn’t want your information gathered, go into your browser and use the “clear cookies” option. This will prevent sites from collecting your information in the future, as long as you decline the next time a site asks you to accept its cookies.</p> <p><em><span id="docs-internal-guid-ab23c7bc-7fff-94d0-086f-61fdae71f0de">Written by Alina Bradford. This article first appeared in <a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/3-times-you-should-never-accept-cookies-on-a-site" target="_blank" rel="noopener">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA87V" target="_blank" rel="noopener">here’s our best subscription offer.</a></span></em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

Optus data breach: regulatory changes announced, but legislative reform still needed

<p>In response to Australia’s biggest ever data breach, the federal government will <a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">temporarily suspend regulations</a> that stop telcos sharing customer information with third parties.</p> <p>It’s a necessary step to deal with the threat of identify theft faced by 10 million current and former Optus customers. It will allow Optus to work with banks and government agencies to detect and prevent the fraudulent use of their data.</p> <p>But it’s still only a remedial measure, intended to be in place for 12 months. More substantive reform is needed to tighten Australia’s loose approach to data privacy and protection.</p> <h2>Changing regulations, not legislation</h2> <p>The changes – <a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">announced</a> by Treasurer Jim Chalmers and Federal Communications Minister Michelle Rowland – involve amending the <a href="https://www.legislation.gov.au/Details/F2022C00329" target="_blank" rel="noopener">Telecommunications Regulation 2021</a>.</p> <p>This a piece of “subordinate” or “<a href="https://peo.gov.au/understand-our-parliament/your-questions-on-notice/questions/whats-the-difference-between-a-legislative-act-and-a-regulation/" target="_blank" rel="noopener">delegated law</a>” to the <a href="https://www.legislation.gov.au/Series/C2004A05145" target="_blank" rel="noopener">Telecommunications Act 1997</a>. Amending the act itself would require a vote of parliament. Regulations can be amended at the government’s discretion.</p> <p>Under the Telecommunications Act it is a criminal offence for telcos to share information about “the affairs or personal particulars of another person”.</p> <p>The only exceptions are sharing information with the <a href="https://www.infrastructure.gov.au/media-communications-arts/phone/services-people-disability/accesshub/national-relay-service" target="_blank" rel="noopener">National Relay Service</a> (which enables those with hearing or speech disabilities to communicate by phone), to “authorised research entities” such as universities, public health agencies or electoral commissions, or to police and intelligence agencies <a href="https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/telecommunications-interception-and-surveillance" target="_blank" rel="noopener">with a warrant</a>.</p> <p>That means Optus can’t tell banks or even government agencies set up to prevent identity fraud, such as the little-known <a href="https://www.afr.com/companies/telecommunications/banks-treasury-team-up-to-protect-optus-customers-20220928-p5blm3" target="_blank" rel="noopener">Australian Financial Crime Exchange</a>, who the affected customers are.</p> <h2>Important safeguards</h2> <p>The government says the changes will only allow the sharing of “<a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">approved government identifier information</a>” – driver’s licences, Medicare and passport numbers.</p> <p>This information can only be shared with government agencies or financial institutions <a href="https://www.apra.gov.au/register-of-authorised-deposit-taking-institutions" target="_blank" rel="noopener">regulated by</a> the Australian Prudential Regulatory Authority. This means Optus (or any other telco) won’t be able to share information with the Australian branches of foreign banks.</p> <p>Financial institutions will also have to meet strict requirements about secure methods for transferring and storing personal information shared with them, and make undertakings to the Australian Competition and Consumer Commission (<a href="https://www.accc.gov.au/publications/section-87b-of-the-competition-consumer-act" target="_blank" rel="noopener">which can be enforced in court</a>).</p> <p>The information can be shared only “for the sole purposes of preventing or responding to cybersecurity incidents, fraud, scam activity or identify theft”. Any entity receiving information must destroy it after using it for this purpose.</p> <p>These are incredibly important safeguards given the current lack of limits on how long companies can keep identity data.</p> <h2>What is needed now</h2> <p>Although temporary, these changes could be a game changer. For the next 12 months, at least, Optus (and possibly other telcos) will be able to proactively share customer information with banks to prevent cybersecurity, fraud, scams and identity theft.</p> <p>It could potentially enable a crackdown on scams that affect both banks and telcos – such as <a href="https://www.ato.gov.au/General/Online-services/Identity-security-and-scams/Scam-alerts/" target="_blank" rel="noopener">fraudulent texts and phone calls</a>.</p> <p>But this does not nullify the need for a larger legislative reform agenda.</p> <p>Australia’s data privacy laws and regulations should put limits on how much data companies can collect, or for how long they can keep that information. Without limits, companies will continue to collect and store much more personal information <a href="https://theconversation.com/what-do-tiktok-bunnings-ebay-and-netflix-have-in-common-theyre-all-hyper-collectors-187274" target="_blank" rel="noopener">than they need</a>.</p> <p>This will require amending the federal Privacy Act – subject to a <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988" target="_blank" rel="noopener">government review</a> now nearing three years in length. There should be limits on what data companies can retain, and how long, as well as bigger penalties for non-compliance.</p> <p>We all need to take data privacy more seriously.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/optus-data-breach-regulatory-changes-announced-but-legislative-reform-still-needed-192009" target="_blank" rel="noopener">The Conversation</a>. </strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

7 tricks to use less phone data – and lower your phone bill

<p><strong>Turn off background app refresh</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/01-background-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When this feature is enabled, your apps are constantly refreshing so that they can show you the most recent content when opened. This includes email synching, weather widgets updating, and feeds refreshing. For the iPhone: Turn off the background app refresh by going to Settings &gt; General &gt; Background App Refresh. For Android: Go to Settings &gt; Data Usage &gt; Restrict app background data. This will allow you to turn the feature off for all apps or you can pick and choose which ones you want to turn off.</p> <p><strong>Disable apps that use a lot of data</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/02-disable-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>There are certain apps that use more data than others, whether you use them frequently or not. For ones that you don’t use often, turn off cellular data. For the iPhone: Go to Settings &gt; Cellular &gt; then under “Use Cellular Data For” switch certain apps to off.</p> <p><strong>Turn off app updates</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/03-updates-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>If your apps update automatically your phone will start the download whether you are connected to Wi-Fi or not. To turn this off on an iPhone, go to Settings &gt; iTunes &amp; App Stores &gt; turn off Use Cellular Data. For an Android, go to Settings &gt; under General click Auto-update apps &gt; Auto-update apps over Wi-Fi only. Then, your apps will only update when you are connected to Wi-Fi.</p> <p><strong>Turn off Wi-Fi assist</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/04-wifi-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>Wi-Fi assist automatically uses your cellular data when the Wi-Fi signal is poor. To disable Wi-Fi assist for an iPhone go to Settings &gt; Cellular &gt; turn off Wi-Fi Assist.</p> <p><strong>Turn off iCloud drive</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/05-icloud-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>When iCloud is enabled it is constantly moving documents in and out of the cloud. Use less cell phone data by turning iCloud off. To do this on the iPhone got to Settings &gt; iCloud &gt; turn off iCloud Drive.</p> <p><strong>Download music</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/06-download-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When you are on the go, streaming music, podcasts, or videos can really eat away at your data. Both the iPhone and Android phones let you restrict these apps to Wi-Fi only. Turning this setting on will force you to download them when connected to a Wi-Fi network and then allow for data free listening on the move.</p> <p><strong>Turn off cellular data completely</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/07-turn-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>If you know that you are about to reach you data limit or are saving it for the road trip you have coming up, you can simply turn off cellular data. This way, no data will be used, and certain apps will only work if you are connected to a Wi-Fi network.</p> <p><em><span id="docs-internal-guid-a9e22df5-7fff-1897-03fe-9c3a3e5e32d8">Written by M</span></em><em>organ Cutolo</em><em>. This article first appeared in <a href="https://www.readersdigest.com.au/culture/7-tricks-to-use-less-phone-data-and-lower-your-phone-bill" target="_blank" rel="noopener">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA87V" target="_blank" rel="noopener">here’s our best subscription offer.</a></em></p> <p><em>Images: </em><em>NICOLE FORNABAIO/RD.COM</em></p>

Technology

Placeholder Content Image

A class action against Optus could easily be Australia’s biggest

<p>With the Optus data breach exposing almost 10 million current and former customers to identity theft, law firms are circling for what could end up being the biggest – and most valuable – class action case in Australian legal history.</p> <p>A settlement could well be worth billions, eclipsing the current record of <a href="https://www.abc.net.au/news/2014-07-15/black-saturday-bushfire-survivors-secure-record-payout/5597062" target="_blank" rel="noopener">$494 million</a> paid to 10,000 victims of Victoria’s 2009 Black Saturday bushfires.</p> <p>Two class-action specialists, <a href="https://www.lawyersweekly.com.au/biglaw/35625-maurice-blackburn-investigates-action-against-optus" target="_blank" rel="noopener">Maurice Blackburn</a> and <a href="https://www.slatergordon.com.au/class-actions/current-class-actions/optus-data-breach" target="_blank" rel="noopener">Slater &amp; Gordon</a>, are considering suing, and it’s possible others will follow. (Maurice Blackburn also has another case against Optus on its books over a 2019 data breach involving 50,000 customers.)</p> <p>To proceed they’ll need to sign up at least seven people – one of whom acts as the “representative” or lead plaintiff. This shouldn’t be hard. They’ll then need to file a statement of claim for financial, economic or other loss.</p> <p>Multiple class actions are possible if those claims pursue different issues. Or the firms could work together, as they have in the past.</p> <h2>Things to know about class actions</h2> <p>There have been about 700 class actions in Australia in the past 30 years. Class actions can be pursued through state or federal courts. Most go to the Federal Court, which has been empowered to hear class actions since 1992.</p> <p>Less <a href="https://www.alrc.gov.au/wp-content/uploads/2019/08/alrc_report_134_webaccess_2.pdf" target="_blank" rel="noopener">than 5%</a> of Federal Court actions have progressed to a judgement. About 60% have ended in a court-approved settlement, with the balance dismissed or discontinued.</p> <p>The most common type of class action is by shareholders for loss of earnings. These account for about a third of Federal Court class actions.</p> <p>The biggest shareholder settlement so far is $200 million, paid by Centro Property Group to almost 6,000 shareholders in 2012 over misleading and deceptive conduct by Centro’s board. This followed the Australian Securities and Investments Commission <a href="https://www.smh.com.au/business/asic-wins-case-against-centro-directors-20110627-1gmk5.html" target="_blank" rel="noopener">successfully prosecuting</a> Centro (also in the Federal Court).</p> <p>Class actions account for less than 1% of claims lodged with the Federal Court, but their scale and complexity means they take a disproportionate amount of court time, as well as media attention.</p> <p>Because of their cost, many class actions are funded by third parties as a type of business venture. This enables the law firms running the action to sign up plaintiffs on a “no win, no fee”. The litigation funder then takes a share of the settlement (as does the law firm for its legal fees).</p> <p>According to <a href="https://www.alrc.gov.au/wp-content/uploads/2019/08/alrc_report_134_webaccess_2.pdf" target="_blank" rel="noopener">Australian Law Reform Commission</a> data for settled cases, the median percentage of any settlement going to plaintiffs is 57%, with law firms taking 17% and funders taking 22%.</p> <h2>What would a class action against Optus involve?</h2> <p>Based on what is currently known, there are two main ways a class action (or class actions) could proceed against Optus.</p> <p>First, it could argue negligence, with the scope of liability outlined in state or territory legislation. Second, it could argue breach of privacy, in contravention of the federal <a href="https://www.legislation.gov.au/Details/C2014C00076" target="_blank" rel="noopener">Privacy Act</a>, in the Federal Court.</p> <p>To succeed in negligence, a court would have to find Optus had a duty of care to its customers to protect their personal information, that it breached its duty, and that customers suffered damage or loss.</p> <p>To succeed on a breach of privacy, the Federal Court would have to find that personal information held by Optus was subject to unauthorised access or disclosure, or lost, and that the company failed to comply with the “privacy principles” enshrined in the Privacy Act.</p> <p>A second basis for a class action in the Federal Court could be to argue a breach of the <a href="https://www.legislation.gov.au/Details/C2018C00385" target="_blank" rel="noopener">Telecommunications Act</a>. This legislation says carriers and carriage service providers “must to do their best” to protect telecommunications networks and facilities from unauthorised interference or unauthorised access.</p> <h2>What are the precedents?</h2> <p>The closest precedent in Australia to a successful class action for a mass breach of privacy is a 2019 case in the NSW Supreme court. This involved a claim by 108 NSW ambulance service employees against the NSW Health Department.</p> <p>The employees, represented by the firm <a href="https://www.centenniallawyers.com.au/nsw-ambulance-class-action/" target="_blank" rel="noopener">Centennial Lawyers</a>, had their personnel files sold to a personal injury law firm by a contractor (who was convicted of unlawfully disclosing information and carried out community service for the crime).</p> <p>The court ordered NSW Health to pay the sum of <a href="http://www8.austlii.edu.au.ezproxy.newcastle.edu.au/cgi-bin/viewdoc/au/cases/nsw/NSWSC/2019/1781.html" target="_blank" rel="noopener">$275,000 in compensation</a>) – $10,000 for the lead plaintiff and about $2,400 for the others.</p> <h2>How much could the Optus case be worth?</h2> <p>Given the Optus data leak is established, there’s a strong basis to believe a class action would be successful.</p> <p>If so, a court could award compensatory damages for the time and cost of replacing identification documents, as well as exemplary (or punitive) damages, to send a message to corporations handling citizens’ private information.</p> <p>In determining damages, a court will take into account what efforts Optus has made to remedy the leak, mitigate the potential impact on those affected and pay for the costs of replacing drivers’ licences, Medicare cards or passports.</p> <p>Though the economic loss per customer may be relatively small, multiplied by the potential class-action pool size – up to 10 million plaintiffs – compensatory damages could easily be billions of dollars, even without exemplary damages.</p> <p>That makes this a hugely attractive prospect for a law firm or class-action funder.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/a-class-action-against-optus-could-easily-be-australias-biggest-heres-what-is-involved-191515" target="_blank" rel="noopener">The Conversation</a>. </strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

How not to tell customers their data is at risk: the perils of the Optus approach

<p>Optus fears data on up to 9.8 million of its customers has been accessed in a <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack" target="_blank" rel="noopener">sophisticated cyberattack</a> – including, for some customers, passport and drivers licence details, as well as phone numbers, dates of birth and email addresses.</p> <p>It made the announcement through the media, in the middle of Thursday’s national day of mourning public holiday, and during the four-day long weekend in Melbourne in the lead-up to the AFL grand final.</p> <p>At first, it didn’t text or email its customers. Instead, it issued a <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack" target="_blank" rel="noopener">press release</a> in the belief this was</p> <blockquote> <p>the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity.</p> </blockquote> <p>Trust in the media is at an all-time low. Communications authority Edelman reports that globally, only <a href="https://www.edelman.com/sites/g/files/aatuss191/files/2022-01/2022%20Edelman%20Trust%20Barometer%20FINAL_Jan25.pdf" target="_blank" rel="noopener">50%</a> of people trust the media, down from 62% a decade ago. Far more people (61%) trust businesses.</p> <h2>Tweets rather than texts</h2> <p>It has been <a href="https://studycorgi.com/the-role-of-integrated-marketing-communications-campaign/" target="_blank" rel="noopener">conventional wisdom</a> that brands should take an integrated approach to marketing communications. Many channels are better than one, increasingly so as audiences for traditional channels continue to fragment.</p> <p>An integrated marketing approach need not mean communicating through every available channel, but it should mean strategically selecting channels that are trusted and consumed by the brand’s customers.</p> <p>One of the best channels Optus has is its own phone network, and it is experienced in using it to contact its customers.</p> <p>Customers are likely to expect this where Optus has something important to say, and they are likely to trust a direct message from Optus more than one filtered through the media.</p> <p>They are even likely to spread it via word of mouth through friends who also use Optus, giving the company a continuing role in shaping the message.</p> <p>Instead, Optus backed up its press release with tweets.</p> <blockquote> <p dir="ltr" lang="en">Hi Marie, we issued a press release and proactively reached out to media as this is the quickest way to inform all our existing and former customers so they can be on high alert for anything suspicious. Kartik</p> <p>— Optus (@Optus) <a href="https://twitter.com/Optus/status/1572949683332583428?ref_src=twsrc%5Etfw">September 22, 2022</a></p></blockquote> <p>Optus has around 5.8 million active users, around 21% of the Australian population. They are a cross-section of the population, having little in common other than the fact they use Optus for communications.</p> <p>Some of Optus’ customers, especially those in Gen Z, might not use traditional news media. They wouldn’t have received the message through that channel.</p> <p>Former customers dating back to 2017 are also likely to be affected by the breach, taking the total affected to around <a href="https://www.smh.com.au/technology/sophisticated-attack-optus-hackers-used-european-addresses-could-be-state-linked-20220923-p5bkfn.html" target="_blank" rel="noopener">9.8 million</a>, about one third of the population.</p> <p>Twitter is used by about only about <a href="https://www.genroe.com/blog/social-media-statistics-australia/13492" target="_blank" rel="noopener">18%</a> of the population, and the overlap with Optus customers might not be large.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">We'll be contacting impacted customers soon with more information and details on how we'll support them. Optus will not be sending links in any emails or SMS messages. If you believe your account has been compromised, you can contact us on My Optus app (2/2) ^George</p> <p>— Optus (@Optus) <a href="https://twitter.com/Optus/status/1573136010904363008?ref_src=twsrc%5Etfw">September 23, 2022</a></p></blockquote> <h2>What can brands learn from Optus?</h2> <p>As marketing and branding experts, we’ve distilled three lessons, each well known before the data breach.</p> <ol> <li> <p>When you have news affecting your customers, tell them before anyone else, in a personalised, one-to-one approach.</p> </li> <li> <p>Use channels that are trusted and consumed by your customers.</p> </li> <li> <p>Encourage word of mouth through your relationships with your brand community and loyal customers.</p> </li> </ol> <p><strong>This article originally appeared on <a href="https://theconversation.com/how-not-to-tell-customers-their-data-is-at-risk-the-perils-of-the-optus-approach-191258" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

This law makes it illegal for companies to collect third-party data to profile you but they do anyway

<p>A little-known provision of the Privacy Act makes it illegal for many companies in Australia to buy or exchange consumers’ personal data for profiling or targeting purposes. It’s almost never enforced. In a published <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653" target="_blank" rel="noopener">research paper</a>, I argue that needs to change.</p> <p>“Data enrichment” is the intrusive practice of companies going behind our backs to “fill in the gaps” of the information we provide.</p> <p>When you purchase a product or service from a company, fill out an online form, or sign up for a newsletter, you might provide only the necessary data such as your name, email, delivery address and/or payment information.</p> <p>That company may then turn to other retailers or <a href="https://www.oracle.com/au/cx/advertising/data-enrichment-measurement/#data-enrichment" target="_blank" rel="noopener">data brokers</a> to purchase or exchange extra data about you. This could include your age, family, health, habits and more.</p> <p>This allows them to build a more detailed individual profile on you, which helps them predict your behaviour and more precisely target you with ads.</p> <p>For almost ten years, there has been a law in Australia that makes this kind of data enrichment illegal if a company can “reasonably and practicably” request that information directly from the consumer. And at least <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">one major data broker</a> has asked the government to “remove” this law.</p> <p>The burning question is: why is there not a single published case of this law being enforced against companies “enriching” customer data for profiling and targeting purposes?</p> <h2>Data collection ‘only from the individual’</h2> <p>The relevant law is Australian Privacy Principle 3.6 and is part of the federal <a href="https://www.legislation.gov.au/Details/C2022C00199" target="_blank" rel="noopener">Privacy Act</a>. It applies to most organisations that operate businesses with annual revenues higher than A$3 million, and smaller data businesses.</p> <p>The law says such organisations:</p> <blockquote> <p>must collect personal information about an individual only from the individual […] unless it is unreasonable or impracticable to do so.</p> </blockquote> <p>This “direct collection rule” protects individuals’ privacy by allowing them some control over information collected about them, and avoiding a combination of data sources that could reveal sensitive information about their vulnerabilities.</p> <p>But this rule has received almost no attention. There’s only one published determination of the federal privacy regulator on it, and that was against the <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/69.html" target="_blank" rel="noopener">Australian Defence Force</a> in a different context.</p> <p>According to Australian Privacy Principle 3.6, it’s only legal for an organisation to collect personal information from a third party if it would be “unreasonable or impracticable” to collect that information from the individual alone.</p> <p>This exception was intended to apply to <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-3-app-3-collection-of-solicited-personal-information#collecting-directly-from-the-individual" target="_blank" rel="noopener">limited situations</a>, such as when:</p> <ul> <li>the individual is being investigated for some wrongdoing</li> <li>the individual’s address needs to be updated for delivery of legal or official documents.</li> </ul> <p>The exception shouldn’t apply simply because a company wants to collect extra information for profiling and targeting, but realises the customer would probably refuse to provide it.</p> <h2>Who’s bypassing customers for third-party data?</h2> <p>Aside from data brokers, companies also exchange information with each other about their respective customers to get extra information on customers’ lives. This is often referred to as “data matching” or “data partnerships”.</p> <p>Companies tend to be very vague about who they share information with, and who they get information from. So we don’t know for certain who’s buying data-enrichment services from data brokers, or “matching” customer data.</p> <p>Major companies such as <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">Amazon Australia</a>, <a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5337590774&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">eBay Australia</a>, <a href="https://www.facebook.com/privacy/policy/?subpage=1.subpage.4-InformationFromPartnersVendors" target="_blank" rel="noopener">Meta</a> (Facebook), <a href="https://www.viacomcbsprivacy.com/en/policy" target="_blank" rel="noopener">10Play Viacom</a> and <a href="https://twitter.com/en/privacy#twitter-privacy-1" target="_blank" rel="noopener">Twitter</a> include terms in the fine print of their privacy policies that state they collect personal information from third parties, including demographic details and/or interests.</p> <p><a href="https://policies.google.com/privacy?hl=en-US#infocollect" target="_blank" rel="noopener">Google</a>, <a href="https://preferences.news.com.au/privacy" target="_blank" rel="noopener">News Corp</a>, <a href="https://www.sevenwestmedia.com.au/privacy-policies/privacy" target="_blank" rel="noopener">Seven</a>, <a href="https://login.nine.com.au/privacy?client_id=smh" target="_blank" rel="noopener">Nine</a> and others also say they collect personal information from third parties, but are more vague about the nature of that information.</p> <p>These privacy policies don’t explain why it would be unreasonable or impracticable to collect that information directly from customers.</p> <h2>Consumer ‘consent’ is not an exception</h2> <p>Some companies may try to justify going behind customers’ backs to collect data because there’s an obscure term in their privacy policy that mentions they collect personal information from third parties. Or because the company disclosing the data has a privacy policy term about sharing data with “trusted data partners”.</p> <p>But even if this amounts to consumer “consent” under the relatively weak standards for consent in our current privacy law, this is not an exception to the direct collection rule.</p> <p>The law allows a “consent” exception for government agencies under a separate part of the direct collection rule, but not for private organisations.</p> <h2>Data enrichment involves personal information</h2> <p>Many companies with third-party data collection terms in their privacy policies acknowledge this is personal information. But some may argue the collected data isn’t “personal information” under the Privacy Act, so the direct collection rule doesn’t apply.</p> <p>Companies often exchange information about an individual without using the individual’s legal name or email. Instead they may use a unique advertising identifier for that individual, or <a href="https://help.abc.net.au/hc/en-us/articles/4402890310671" target="_blank" rel="noopener">“hash” the email address</a> to turn it into a unique string of numbers and letters.</p> <p>They essentially allocate a “code name” to the consumer. So the companies can exchange information that can be linked to the individual, yet say this information wasn’t connected to their actual name or email.</p> <p>However, this information should still be treated as personal information because it can be linked back to the individual when combined with other <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCAFC/2017/4.html" target="_blank" rel="noopener">information about them</a>.</p> <h2>At least one major data broker is against it</h2> <p>Data broker <a href="https://www.experian.com.au/business/solutions/audience-targeting/digital-solutions-sell-side/digital-audiences-ss" target="_blank" rel="noopener">Experian Australia</a> has asked the government to “remove” Australian Privacy Principle 3.6 “altogether”. In its <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">submission</a> to the Privacy Act Review in January, Experian argued:</p> <blockquote> <p>It is outdated and does not fit well with modern data uses.</p> </blockquote> <p>Others who profit from data enrichment or data matching would probably agree, but prefer to let sleeping dogs lie.</p> <p>Experian argued the law favours large companies with direct access to lots of customers and opportunities to pool data collected from across their own corporate group. It said companies with access to fewer consumers and less data would be disadvantaged if they can’t purchase data from brokers.</p> <p>But the fact that some digital platforms impose extensive personal data collection on customers supports the case for stronger privacy laws. It doesn’t mean there should be a data free-for-all.</p> <h2>Our privacy regulator should take action</h2> <p>It has been three years since the consumer watchdog recommended <a href="https://www.accc.gov.au/system/files/Digital%20platforms%20inquiry%20-%20final%20report.pdf" target="_blank" rel="noopener">major reforms</a> to our privacy laws to reduce the disadvantages consumers suffer from invasive data practices. These reforms are probably still years away, if they eventuate at all.</p> <p>The direct collection rule is a very rare thing. It is an existing Australian privacy law that favours consumers. The privacy regulator should prioritise the enforcement of this law for the benefit of consumers.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/this-law-makes-it-illegal-for-companies-to-collect-third-party-data-to-profile-you-but-they-do-anyway-190758" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

Instagram and Facebook are stalking you on websites accessed through their apps. What can you do about it?

<p>Social media platforms have had some bad <a href="https://theconversation.com/concerns-over-tiktok-feeding-user-data-to-beijing-are-back-and-theres-good-evidence-to-support-them-186211" target="_blank" rel="noopener">press</a> in recent times, largely prompted by the vast extent of their data collection. Now Meta, the parent company of Facebook and Instagram, has upped the ante.</p> <p>Not content with following every move you make on its apps, Meta has reportedly devised a way to also know everything you do in external websites accessed <em>through</em> its apps. Why is it going to such lengths? And is there a way to avoid this surveillance?</p> <p><strong>‘Injecting’ code to follow you</strong></p> <p>Meta has a custom in-app browser that operates on Facebook, Instagram and any website you might click through to from both these apps.</p> <p>Now ex-Google engineer and privacy researcher Felix Krause has discovered this proprietary browser has additional program code inserted into it. Krause developed a tool that <a href="https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?utm_source=tldrnewsletter" target="_blank" rel="noopener">found</a> Instagram and Facebook added up to 18 lines of code to websites visited through Meta’s in-app browsers.</p> <p>This “code injection” enables user tracking and overrides tracking restrictions that browsers such as Chrome and Safari have in place. It allows Meta to collect sensitive user information, including “every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers”.</p> <p>Krause published his <a href="https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?utm_source=tldrnewsletter" target="_blank" rel="noopener">findings</a> online on August 10, including samples of the <a href="https://connect.facebook.net/en_US/pcm.js" target="_blank" rel="noopener">actual code</a>.</p> <p>In response, Meta has said it isn’t doing anything users didn’t consent to. A Meta spokesperson said:</p> <blockquote> <p>We intentionally developed this code to honour people’s [Ask to track] choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.</p> </blockquote> <p>The “code” mentioned in the case is <a href="https://connect.facebook.net/en_US/pcm.js" target="_blank" rel="noopener">pcm.js</a> – a script that acts to aggregate a user’s browsing activities. Meta says the script is inserted based on whether users have given consent – and information gained is used only for advertising purposes.</p> <p>So is it acting ethically? Well, the company has done due diligence by informing users of its intention to collect <a href="https://www.facebook.com/privacy/policy" target="_blank" rel="noopener">an expanded range</a> of data. However, it stopped short of making clear what the full implications of doing so would be.</p> <p>People might give their consent to tracking in a more general sense, but “informed” consent implies full knowledge of the possible consequences. And, in this case, users were not explicitly made aware their activities on other sites could be followed through a code injection.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Facebook reached out to me, saying the system they’ve built honours the user’s ATT choice. </p> <p>However, this doesn’t change anything about my publication: The Instagram iOS app is actively injecting JavaScript code into all third party websites rendered via their in-app browser. <a href="https://t.co/9h0PIoIOSS">pic.twitter.com/9h0PIoIOSS</a></p> <p>— Felix Krause (@KrauseFx) <a href="https://twitter.com/KrauseFx/status/1557777320546635776?ref_src=twsrc%5Etfw">August 11, 2022</a></p></blockquote> <p><strong>Why is Meta doing this?</strong></p> <p>Data are the central commodity of Meta’s business model. There is astronomical value in the amount of data Meta can collect by injecting a tracking code into third-party websites opened through the Instagram and Facebook apps.</p> <p>At the same time, Meta’s business model is being threatened – and events from the recent past can help shed light on why it’s doing this in the first place.</p> <p>It boils down to the fact that Apple (which owns the Safari browser), Google (which owns Chrome) and the Firefox browser are all actively placing restrictions on Meta’s ability to collect data.</p> <p>Last year, Apple’s iOS 14.5 update came alongside a <a href="https://www.apple.com/au/privacy/control/" target="_blank" rel="noopener">requirement</a> that all apps hosted on the Apple app store must get users’ explicit permission to track and collect their data across apps owned by other companies.</p> <p>Meta has <a href="https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?utm_source=tldrnewsletter" target="_blank" rel="noopener">publicly</a> said this single iPhone alert is costing its Facebook business US$10 billion each year.</p> <p>Apple’s Safari browser also applies a default setting to block all third-party “cookies”. These are little chunks of <a href="https://www.trendmicro.com/vinfo/us/security/definition/cookies" target="_blank" rel="noopener">tracking code</a> that websites deposit on your computer and which tell the website’s owner about your visit to the site.</p> <p>Google will also soon be phasing out third-party cookies. And Firefox recently announced “total cookie protection” to prevent so-called cross-page tracking.</p> <p>In other words, Meta is being flanked by browsers introducing restrictions on extensive user data tracking. Its response was to create its own browser that circumvents these restrictions.</p> <p><strong>How can I protect myself?</strong></p> <p>On the bright side, users concerned about privacy do have some options.</p> <p>The easiest way to stop Meta tracking your external activities through its in-app browser is to simply not use it; make sure you’re opening web pages in a trusted browser of choice such as Safari, Chrome or Firefox (via the screen shown below).</p> <p><img src="https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=237&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=548&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=548&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=548&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=689&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=689&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=689&amp;fit=crop&amp;dpr=3 2262w" alt="" /></p> <p><em><span class="caption" style="color: #999999; text-align: center;">Click ‘open in browser’ to open a website in a trusted browser such as Safari.</span><span style="color: #999999; text-align: center;"> </span><span class="attribution" style="color: #999999; text-align: center;">screenshot</span></em></p> <figure class="align-right "><figcaption></figcaption></figure> <p>If you can’t find this screen option, you can manually copy and paste the web address into a trusted browser.</p> <p>Another option is to access the social media platforms via a browser. So instead of using the Instagram or Facebook app, visit the sites by entering their URL into your trusted browser’s search bar. This should also solve the tracking problem.</p> <p>I’m not suggesting you ditch Facebook or Instagram altogether. But we should all be aware of how our online movements and usage patterns may be carefully recorded and used in ways we’re not told about. Remember: on the internet, if the service is free, you’re probably the product. <!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/188645/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/david-tuffley-13731" target="_blank" rel="noopener">David Tuffley</a>, Senior Lecturer in Applied Ethics &amp; CyberSecurity, <a href="https://theconversation.com/institutions/griffith-university-828" target="_blank" rel="noopener">Griffith University</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/instagram-and-facebook-are-stalking-you-on-websites-accessed-through-their-apps-what-can-you-do-about-it-188645" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Our Partners