No. 1 Story
Construction needs cloud flexibility
Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.
read moreYou have zero privacy. Get over it.
James Riley
Friday, 05 November 2010 14:24
Google Australia executives appeared before a Senate committee investigating online privacy one week ago today. To coincide with that appearance, the company published a local blog, updating Australians on its progressive privacy policies.
The blog did not mention its StreetView problem, the one relating to company having admitted in May that it collected the personal information of millions of Australians through its fleet of StreetView cars.
The blog post instead told how its users are in complete control of their privacy and pointed to the privacy tools available to them. A blog post is Google's favoured under-the-radar means of communicating with users about important issues like privacy.
To its credit, Google Australia did mention the problem of its unauthorised and systematic acquisition of Australians personal information in its formal submission to the inquiry and addressed the issue in non-specific terms when queried by Senators.
To its credit too, it was Google Australia itself that alerted the Commonwealth to its unauthorised and systematic collection process last May, when it first realised what it now calls a 'mistake.' It has cooperated with an investigation by the Office of the Australian Privacy Commissioner, although it is impossible to know what this means - the substance of the investigation has been kept from the public.
Google Australia says it is still in discussion with relevant authorities on the issue.
The company is still under investigation by the Australian Federal Police and by the Attorney-General. It may yet be prosecuted, but when and under what law is hard to say.
But don't bother asking any of the truckload of unanswered questions on the issue. Because Google Australia has no interest in engaging on the subject. And the Australian Government is so reluctant to discuss the issue that you're left wondering whether they are just hoping it might go away.
This is appalling, given that this is likely the largest single breach of Australians' privacy in the nation's history.
The StreetView issue is a huge problem for Google Australia and its parent. The company is still trying to untangle itself from the mess with authorities all over the world.
It has apologised for what it calls a mistake, including apologising directly to Australians through a blog. Apparently this is considered best practice in privacy terms.
What it has not done, and what the Australian authorities have not compelled it to do, is to detail precisely what it is apologising for - to detail what information was collected, and the likely impact it has had on those whose data was hoovered (or 'StreetViewed', as privacy breaches might yet be called.)
If there was an audit of the so-called "payload data" that Google Australia collected, it hasn't been shared with the people it affected. If the audit findings were shared with the Office of the Australian Privacy Commissioner, it has declined to reveal anything of it to the Australian public.
This is not an exercise in Google Australia-bashing. The company has done everything it is legally required to do.
But in an era where privacy issues are fundamental to whole new industries, new standards of openness and honesty are demanded. It is simply not enough to apologise for a grievous privacy breach, and then to say "trust us" in relation to the data that was collected.
The bigger problem, of course, is for Australian consumers of online services.
There are no words to describe just how toothless the privacy regime in Australia appears in light of the StreetView problems.
The Office of the Australian Privacy Commissioner has concluded its investigation (it was concluded last July.)
Here are a few things we know, and a few things we don't.
As late as June 21, assistant privacy commissioner Mark Hummerston was reported saying the OAPC had not looked at the payload data collected by Google Australia. At that time he asserts that Google itself had not looked at the data.
At this time the OAPC does not know where the data is being held, whether it is in Australia or overseas. It still doesn't know. At this time - before Australian authorities have even seen the data - Hummerston is already suggesting Google may be required to delete it.
At this time Hummerston says Google Australia has assured him that no bank account details have been collected in the StreetView process. We now know this to be false - and that Google Australia told authorities that it had indeed collected such information well after the conclusion of the Privacy Commissioner investigation.
Two weeks later, on July 9, the OAPC concludes its "investigation" and Google Australia signs an undertaking that includes nothing more noteworthy than to publish a single blog apologising. There is nothing to suggest that Australian privacy officers have seen the payload data.
It is still not clear where the personal information of Australians collected by the StreetView cars is held, and Google Australia has consistently declined to say. Former Privacy Commissioner Karen Curtis said as long ago as May - soon after the unauthorised collections came to light - that she believed they were probably held in the US.
The Australian Privacy Foundation wants the Google payload data kept - if only until the Australian public gets a realistic understanding of the extent of privacy breach in this country.
APF wrote urgently to Google Australia seeking assurance that the company would not delete the payload data. The company's Head of Public Policy and Government Affairs Iarla Flynn told the lobby group that the communications had been passed to Google Inc, which would respond. No response.
The privacy foundation says it is likely to take legal action against Google Australia if the Australian Government does not - through Federal Police, the Attorney-General's or some other agency.
It communicated this intention to Google Australia, to the Office of the Australian Privacy Commissioner, and to the Attorney-General's office requesting assurance that the data not be deleted, and that it be returned to Australia.
Nothing.
The Google Australia/StreetView case is pretty straight-forward. The company has, we understand, agreed to a statement of facts that includes admissions about the unauthorised collection of personal information and the means with which it collected that information. We don't know whether scope and scale is included in any statement of fact
And yet our Government is paralysed on the issue. Maybe the Federal Police have seen the payload data, maybe they haven't. Maybe the payload data is in this country and may its not. We simply don't know.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
