×

Warning

JUser: :_load: Unable to load user with ID: 3658
Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 05 November 2010 15:24

You have zero privacy. Get over it.

By

You really have to wonder at what you would need to do in this country to attract a penalty - let alone conviction - for breaching the privacy of others. Because the unauthorised and systematic collection of the personal information of millions of Australians citizens - including emails, bank account details and passwords - apparently isn't enough.


Google Australia executives appeared before a Senate committee investigating online privacy one week ago today. To coincide with that appearance, the company published a local blog, updating Australians on its progressive privacy policies.

The blog did not mention its StreetView problem, the one relating to company having admitted in May that it collected the personal information of millions of Australians through its fleet of StreetView cars.

The blog post instead told how its users are in complete control of their privacy and pointed to the privacy tools available to them. A blog post is Google's favoured under-the-radar means of communicating with users about important issues like privacy.

To its credit, Google Australia did mention the problem of its unauthorised and systematic acquisition of Australians personal information in its formal submission to the inquiry and addressed the issue in non-specific terms when queried by Senators.

To its credit too, it was Google Australia itself that alerted the Commonwealth to its unauthorised and systematic collection process last May, when it first realised what it now calls a 'mistake.' It has cooperated with an investigation by the Office of the Australian Privacy Commissioner, although it is impossible to know what this means - the substance of the investigation has been kept from the public.

Google Australia says it is still in discussion with relevant authorities on the issue.

The company is still under investigation by the Australian Federal Police and by the Attorney-General. It may yet be prosecuted, but when and under what law is hard to say.

But don't bother asking any of the truckload of unanswered questions on the issue. Because Google Australia has no interest in engaging on the subject. And the Australian Government is so reluctant to discuss the issue that you're left wondering whether they are just hoping it might go away.

This is appalling, given that this is likely the largest single breach of Australians' privacy in the nation's history.

The StreetView issue is a huge problem for Google Australia and its parent. The company is still trying to untangle itself from the mess with authorities all over the world.

It has apologised for what it calls a mistake, including apologising directly to Australians through a blog. Apparently this is considered best practice in privacy terms.

What it has not done, and what the Australian authorities have not compelled it to do, is to detail precisely what it is apologising for - to detail what information was collected, and the likely impact it has had on those whose data was hoovered (or 'StreetViewed', as privacy breaches might yet be called.)

If there was an audit of the so-called "payload data" that Google Australia collected, it hasn't been shared with the people it affected. If the audit findings were shared with the Office of the Australian Privacy Commissioner, it has declined to reveal anything of it to the Australian public.

This is not an exercise in Google Australia-bashing. The company has done everything it is legally required to do.

But in an era where privacy issues are fundamental to whole new industries, new standards of openness and honesty are demanded. It is simply not enough to apologise for a grievous privacy breach, and then to say "trust us" in relation to the data that was collected.

The bigger problem, of course, is for Australian consumers of online services.

There are no words to describe just how toothless the privacy regime in Australia appears in light of the StreetView problems.

The Office of the Australian Privacy Commissioner has concluded its investigation (it was concluded last July.)

Here are a few things we know, and a few things we don't.

As late as June 21, assistant privacy commissioner Mark Hummerston was reported saying the OAPC had not looked at the payload data collected by Google Australia. At that time he asserts that Google itself had not looked at the data.

At this time the OAPC does not know where the data is being held, whether it is in Australia or overseas. It still doesn't know. At this time - before Australian authorities have even seen the data - Hummerston is already suggesting Google may be required to delete it.

At this time Hummerston says Google Australia has assured him that no bank account details have been collected in the StreetView process. We now know this to be false - and that Google Australia told authorities that it had indeed collected such information well after the conclusion of the Privacy Commissioner investigation.

Two weeks later, on July 9, the OAPC concludes its "investigation" and Google Australia signs an undertaking that includes nothing more noteworthy than to publish a single blog apologising. There is nothing to suggest that Australian privacy officers have seen the payload data.

It is still not clear where the personal information of Australians collected by the StreetView cars is held, and Google Australia has consistently declined to say. Former Privacy Commissioner Karen Curtis said as long ago as May - soon after the unauthorised collections came to light - that she believed they were probably held in the US.

The Australian Privacy Foundation wants the Google payload data kept - if only until the Australian public gets a realistic understanding of the extent of privacy breach in this country.

APF wrote urgently to Google Australia seeking assurance that the company would not delete the payload data. The company's Head of Public Policy and Government Affairs Iarla Flynn told the lobby group that the communications had been passed to Google Inc, which would respond. No response.

The privacy foundation says it is likely to take legal action against Google Australia if the Australian Government does not - through Federal Police, the Attorney-General's or some other agency.

It communicated this intention to Google Australia, to the Office of the Australian Privacy Commissioner, and to the Attorney-General's office requesting assurance that the data not be deleted, and that it be returned to Australia.

Nothing.

The Google Australia/StreetView case is pretty straight-forward. The company has, we understand, agreed to a statement of facts that includes admissions about the unauthorised collection of personal information and the means with which it collected that information. We don't know whether scope and scale is included in any statement of fact

And yet our Government is paralysed on the issue. Maybe the Federal Police have seen the payload data, maybe they haven't. Maybe the payload data is in this country and may its not. We simply don't know.



How pathetic would it be if the only action on behalf of Australian online consumers - everyone - is left to a private lobby group? How utterly pathetic would our privacy regime look if that legal action then proved successful?

We talk a lot about the digital economy and it blue sky-greenfield endlessness of potential. But an adequate privacy regime is absolutely fundamental to building that economy.

Privacy laws are fundamental to consumer laws in the digital economy. And entire industries will be shaped by the application or otherwise of privacy rights. You would hardly know it, but there is a battle raging right now.

And the office that is charged with overseeing privacy issues in Australia is not even in the fight.

The former Sun Microsystems chief Scott McNealy's famous one-liner about privacy (in relation to the internet, circa 1999) caused a stir at the time. "You have zero privacy anyway. Get over it."

You'd have to say McNealy completely under-stated the privacy situation on the internet. Because by his yardstick, in 2010 you have less than zero privacy. But some people are still getting over it.

And our Government isn't even watching the basics.

CHIEF DATA & ANALYTICS OFFICER BRISBANE 2020

26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more

DOWNLOAD NOW!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments