Oxevision system, used by 23 NHS trusts, could breach privacy rights, charities say
NHS trusts are facing calls to suspend the use of a monitoring system that continuously records video of mental health patients in their bedrooms amid concerns that it breaches their human rights.
Mental health charities said the Oxevision system, used by 23 NHS trusts in some psychiatric wards to monitor patients’ vital signs, could breach their right to privacy and exacerbate their distress.
Financial industry watchdogs are asking federal officials to attempt to stop the cryptocurrency pilot program launched by Facebook, noting that the U.S. government has the power to criminally prosecute executives for operating the venture.
The Open Markets Institute sent a letter on November 23 to numerous regulatory agencies and the U.S. Department of Justice (DOJ), saying the omnipresent tech conglomerate may be “in the illegal business of receiving deposits without a bank charter.”
“There are several legal and regulatory implications for Facebook’s pilot that warrant particular attention by the agencies,” the Open Markets Institute letter stated.
Other financial industry analysts share the Open Markets Institute’s opinion. Americans for Financial Reform and Demand Progress issued a joint statement in response to the pilot, urging “relevant regulators and lawmakers with jurisdiction over banking, consumer protection, and antitrust to intervene to put this project on hold.”
Facebook has not responded to a request from Truthout for comments on the claim that it might be illegally taking bank deposits.
Financial institutions in the United States that seek to operate as a bank by lending money and accepting deposits — the latter of which Facebook’s pilot appears to be doing — must first have a bank charter approved by the Office of the Comptroller of the Currency (OCC). The OCC is one of the country’s federal bank regulators and an agency within the Department of Treasury. Bank charters outline how firms will operate as a bank, and include plans to comply with safety and soundness regulations.
The Open Markets Institute letter also noted that regulators recently said so-called stablecoins, the type of cryptocurrency at the heart of the Facebook pilot, should be regulated like banks.
Cryptocurrencies consist of publicly available records that demonstrate an entity’s ownership of tokens by using public databases to cryptographically link the tokens to the digital wallet of their owner and past transactions. The exchange-value of many cryptocurrencies fluctuate wildly: In the past month alone, Bitcoin has lost some 20 percent of its value, but is still worth 35 percent more than it was six months ago. Stablecoins, on the other hand, are marketed as being pegged to the value of another asset, like the U.S. dollar.
The constant value of stablecoins has given them deposit-like qualities in the eyes of legal observers and some U.S. officials. Federal regulators made their determination that stablecoin ventures should be regulated like banks in a report on the tokens published on November 1 by the President’s Working Group on Financial Markets, a multi-agency executive branch panel that seeks to uphold market orderliness.
Treasury Secretary Janet Yellen convened the working group to investigate stablecoins because of concerns about the practices of Tether, a company behind one of the most widely used stablecoins, and because of Facebook’s interest in cryptocurrency, which long predates its recently launched pilot program, given that the website has billions of monthly users.
Facebook unveiled its cryptocurrency pilot program, Novi, on October 19, basing the initiative on remittances from the U.S. to Guatemala facilitated by a stablecoin called the Pax Dollar. The announcement came nine days before the company revealed that it was rebranding itself as “Meta” in a move designed to prepare consumers for the future release of virtual reality products for work and entertainment.
The Meta rebrand was rolled out after Facebook received intense scrutiny from federal policymakers. In September, a whistleblower had told The Wall Street Journal that the company was aware of the negative impact of one of its products, Instagram, on the mental health of teenage girls, while doing nothing to address the problem and simultaneously considering the launch of an Instagram for kids — the latest in a long history of scandals, which critics say demonstrate that Facebook has little regard for the well-being of its users. Instagram for kids has been put on hold in the wake of the revelations.
Problems with Tether were highlighted earlier this year by two regulatoryenforcement actions, which revealed that the U.S. Dollar Tether frequently lacked the cash reserves that it needed to maintain its one-to-one peg, raising the fears that the global $3 trillion cryptocurrency market could crash if too many people attempted to redeem their U.S. Dollar Tethers for U.S. dollars at the same time. Stablecoins like the U.S. Dollar Tether are mostly used to speculate on the value of cryptocurrencies like Bitcoin and Ethereum.
The U.S. Dollar Tether redemption problem is reminiscent of a classic bank run, bolstering the argument that stablecoins resemble traditional banking deposits. Bank runs occur when a critical mass of depositors simultaneously attempt to withdraw their money, in a phenomenon that typically leads to the collapse of the bank itself, and losses by customers and other businesses that have partnerships with the bank.
Though the President’s Working Group report said Congress should pass legislation in order to regulate stablecoins like banks, much to the delight of the cryptocurrency industry, it also noted that existing authorities could be used by officials to regulate the market. The working group concluded, as the Open Markets Institute remarked, that “the Department of Justice, may consider whether or how section 21(a)(2) of the Glass-Steagall Act may apply to certain stablecoin arrangements.”
The Glass-Steagall Act was passed in 1933 during the Great Depression, and is best known for having erected a firewall between investment banking and retail banking. Though it was largely repealed by banking deregulation legislation passed during the final months of the Clinton administration, parts of Glass-Steagall remain on the books, including section 21(a)(2), which says that any entity “in the business of receiving deposits subject to check or to repayment…upon request of the depositor” must be licensed by the federal government or state governments. Stablecoins are subject to repayment upon request of those who purchase them.
Punishments for violating the law include a maximum of five years’ imprisonment. Facebook’s pilot, which is called Novi, is only licensed on the federal level as a “Money Services Business” with the arm of the Treasury Department tasked with detecting money laundering and other financial crimes. It is licensed as a money transmitter in 38 states, the District of Columbia and Puerto Rico.
Five Democratic senators blasted Facebook’s decision to move ahead with its Novi pilot under the money transmission framework, though they stopped short of accusing Facebook of violating criminal law. They noted that in 2019, Facebook CEO Mark Zuckerberg promised Congress that the company would wait for regulatory approval before moving forward with plans to launch its own cryptocurrency payment system.
“To be clear, your ability to secure state-issued money transmitter licenses is not equivalent to obtaining the blessing of ‘all U.S. regulators,’ as you said in your testimony two years ago,” the lawmakers said in an October 19 letter to the company, written in response to the launch of Novi. They urged the firm to “immediately discontinue your Novi pilot.”
Arthur Wilmarth, a law professor at George Washington University who has helped pioneer the theory that the Justice Department could prosecute stablecoin issuers, said that the agency “should probably send a letter of warning to Novi: either cease and desist or you can anticipate that we will bring a criminal indictment.”
“Anyone who knowingly partakes is liable,” he told Truthout, adding that the DOJ could send a message to the cryptocurrency industry by going after Facebook executives or those involved with “one of the other stablecoin issuers like Tether.”
Still, Wilmarth and other supporters of this theory aren’t confident that federal prosecutors will exercise their power.
“Is DOJ prepared to do anything? At least the President’s Working Group mentioned the possibility,” Wilmarth said. He noted that the legal theory isn’t as “ironclad” as it used to be because it allows companies to take deposits if they are licensed under state law. In recent years, two states, Wyoming and Nebraska, have allowed special bank charterswithout deposit insurance requirements as a means of attracting cryptocurrency ventures. (Novi doesn’t have any Wyoming license, and the company is only licensed in Nebraska as a money transmitter.)
Renita Marcellin, a senior policy analyst for Americans for Financial Reform, which has also pointed to the Justice Department’s powers when urging the Biden administration to take a tougher stance on cryptocurrencies, said that she doesn’t “expect DOJ to say much here.”
“For market participants and industry people, I am assuming that they feel so empowered to do this because DOJ has been really lacking in this space,” Marcellin said. “Unfortunately, that’s not Mark Zuckerberg’s problem, that’s DOJ’s problem. They need to be very clear about what this law means.”
Assuming Novi does comply with federal law, there are many other criticisms of the project, including worries about its environmental impact, fears that the company could prod Guatemala toward passing laws favoring the cryptocurrency industry, concerns about the viability of Novi itself and the probability of Facebook using the venture to engage in predatory behavior.
“Facebook’s pilot is likely another attempt by the firm to further grow its dominance in digital advertising, and monetize its users’ private data,” said Alexis Goldstein, financial policy director at the Open Markets Institute.
In its letter to regulators, the organization enumerated its concerns with the operation’s safety and soundness. Paxos, the company that issues the Pax Dollar, claims that its stablecoin is backed up by banked cash and “cash equivalents,” which are short-term, highly liquid investments. But the federal government typically only insures up to $250,000 in customer deposits per bank, and it’s unclear how Paxos cash deposits are distributed. And while the firm is overseen by New York state regulators as a limited purpose trust company, a special classification of financial firm established by New York in 2015 to impose some oversight on cryptocurrency ventures, Facebook has not publicly outlined its contingency plans in the event of a run on the Pax Dollar, or if the token loses its peg. Moreover, it’s not clear what would happen if Coinbase, the cryptocurrency exchange that has been hired by Facebook to provide custody services for Pax Dollars, is hacked.
“They mentioned that Coinbase has an insurance program, but they don’t really say what type of losses the insurance covers,” Marcellin said. “How are you taking deposits when you don’t have any backstops for people’s money?”
As for the environmental impact, the Pax Dollar is based on an energy-intensive security feature to validate transactions: algorithmic problem-solving called “proof of work” crypto mining. The Open Markets Institute said this “creates a number of extensive climate harms, which include annual energy consumption akin to that of entire nations, 30,700 tons of electronic waste (computer hardware is notoriously difficult to recycle) annually, [and] higher electricity bills for residents of states with crypto mining.”
There’s also the issue of Facebook claiming that Novi offers poor people access to financial services “with no fees” because the Pax Dollar operates on the Ethereum network which requires users to pay validation transaction fees, which tend to spike when there’s an uptick in transactional activity. For now, Facebook isn’t passing these costs onto Novi users. But the company could put the burden on its customers after capturing market share — a common “predatory pricing” practice employed by numerous tech firms such as Uber, Lyft and Amazon, as the Open Markets Institute remarked. The lack of Novi transaction fees also obscures the fact that users in Guatemala would still need to exchange their Pax Dollars with the Quetzal, Guatemala’s national currency.
“They’re free-riding off the banking system. If people want to transfer it to physical cash, they have to use a bank, so then they have to be subject to transfer fees,” Marcellin said. “This completely undermines the whole idea that this is [offering] services to underbanked. If you don’t have a bank account, you can’t use it.”
There is a potential workaround for this conversion problem, albeit one with troubling implications, if the experience of another Central American country is any indication. The government of El Salvador, Guatemala’s neighbor to the southeast, made Bitcoin legal tender in September much to the chagrin of Salvadorans who protested the move, lamenting the wild swings in the price of Bitcoin, among other aspects of the law. Results of a poll published in August showed that 65 percent of Salvadorans were in opposition to the law that made Bitcoin legal tender.
“The only alternative to leveraging the existing banking system is if Facebook is planning to work with the government of Guatemala to change the laws of that sovereign nation to mandate the acceptance of Pax Dollars as legal tender,” the Open Markets Institute warned.
Finally, there’s the nontrivial matter of how Facebook has treated its users. In addition to the recent Instagram scandal, the company has conducted psychological tests on unwitting users; allowed the data of 87 million users to be exploited in 2016 by Cambridge Analytica, the hardline right-wing political consulting firm that used the information to push fearmongering ads to benefit Donald Trump and the Brexit campaign; enabled incitement to genocide in Myanmar; and allowed disinformation and fake accounts to manipulate political processes in countries around the world.
Considering “Facebook’s track record of violating user privacy, and Facebook’s ongoing need to find new profit centers,” the Open Markets Institute warned, “there is absolutely no reason to believe its promises today that it will not find a way to monetize its digital assets pilot project.”
“If anything, an effort to monetize the data of users who take part in this project seems not merely plausible, but likely,” the organization said. That is, unless the federal government defies expectations and exercises its power to stop the godlike tech giant.
Who gets to decide when it comes to bodily autonomy?
Where does one draw the line over whose rights are worthy of protecting? And how do present-day legal debates over bodily autonomy, privacy, vaccine mandates, the death penalty and abortion play into future discussions about singularity, artificial intelligence, cloning, and the privacy rights of the individual in the face of increasingly invasive, intrusive and unavoidable government technologies?
Caught up in the heated debate over the legality of abortion, we’ve failed to think about what’s coming next. Get ready, because it could get scary, ugly and overwhelming really fast.
Thus far, abortion politics have largely revolved around who has the right to decide—the government or the individual—when it comes to bodily autonomy, the right to privacy in one’s body, sexual freedom, and the rights of the unborn.
In 1973, the U.S. Supreme Court ruled in Roe v. Wade that the Fourteenth Amendment’s Due Process Clause provides for a “right to privacy” that assures a woman’s right to abort her pregnancy within the first two trimesters.
In Planned Parenthood v. Casey (1992), the Supreme Court reaffirmed its earlier ruling in Roe when it prohibited states from imposing an “undue burden” or “substantial obstacle in the path of a woman seeking an abortion before the fetus attains viability.”
No matter how the Supreme Court rules in Dobbs, it will not resolve the problem of a culture that values life based on a sliding scale. Nor will it help us navigate the moral, ethical and scientific minefields that await us as technology and humanity move ever closer to a point of singularity.
Here’s what I know.
Life is an inalienable right. By allowing the government to decide who or what is deserving of rights, it shifts the entire discussion from one in which we are “endowed by our Creator with certain inalienable rights” (that of life, liberty property and the pursuit of happiness) to one in which only those favored by the government get to enjoy such rights. The abortion debate—a tug-of-war over when an unborn child is considered a human being with rights—lays the groundwork for discussions about who else may or may not be deserving of rights: the disabled, the aged, the infirm, the immoral, the criminal, etc. The death penalty is just one aspect of this debate. As theologian Francis Schaeffer warned early on: “The acceptance of death of human life in babies born or unborn opens the door to the arbitrary taking of any human life. From then on, it’s purely arbitrary.”
If all people are created equal, then all lives should be equally worthy of protection. There’s an idea embraced by both the Right and the Left according to their biases that there is a hierarchy to life, with some lives worthier of protection than others. Out of that mindset is born the seeds of eugenics, genocide, slavery and war.
There is no hierarchy of freedoms. All freedoms hang together. Freedom cannot be a piece-meal venture. My good friend Nat Hentoff (1925-2017), a longtime champion of civil liberties and a staunch pro-lifer, often cited Cardinal Bernardin, who believed that a “consistent ethic of life” viewed all threats to life as immoral: “[N]uclear war threatens life on a previously unimaginable scale. Abortion takes life daily on a horrendous scale. Public executions are fast becoming weekly events in the most advanced technological society in history, and euthanasia is now openly discussed and even advocated. Each of these assaults on life has its own meaning and morality. They cannot be collapsed into one problem, but they must be confronted as pieces of a larger pattern.”
Beware slippery slopes. To suggest that the end justifies the means (for example, that abortion is justified in order to ensure a better quality of life for women and children) is to encourage a slippery slope mindset that could just as reasonably justify ending a life in order for the great good of preventing war, thwarting disease, defeating poverty, preserving national security, etc. Such arguments have been used in the past to justify such dubious propositions as subjecting segments of the population to secret scientific experiments, unleashing nuclear weapons on innocent civilians, and enslaving fellow humans.
Beware double standards. As the furor surrounding COVID-19 vaccine mandates make clear, the debate over bodily autonomy and privacy goes beyond the singular right to abortion. Indeed, as vaccine mandates have been rolled out, long-held positions have been reversed: many of those who historically opposed the government usurping a woman’s right to bodily autonomy and privacy have no qualms about supporting vaccine mandates that trample upon those very same rights. Similarly, those who historically looked to the government to police what a woman does with her body believe the government should have no authority to dictate whether or not one opts to get vaccinated.
What’s next? Up until now, we have largely focused the privacy debate in the physical realm as it relates to abortion rights, physical searches of our persons and property, and our communications. Yet humanity is being propelled at warp speed into a whole new frontier when it comes to privacy, bodily autonomy, and what it means to be a human being.
We haven’t even begun to understand how to talk about these new realms, let alone establish safeguards to protect against abuses.
Humanity itself hangs in the balance.
Remaining singularly human and retaining your individuality and dominion over yourself—mind, body and soul—in the face of corporate and government technologies that aim to invade, intrude, monitor, manipulate and control us may be one of the greatest challenges before us.
These battles over COVID-19 vaccine mandates are merely the tipping point. The groundwork being laid with these mandates is a prologue to what will become the police state’s conquest of a new, relatively uncharted, frontier: inner space, specifically, the inner workings (genetic, biological, biometric, mental, emotional) of the human race.
Everything we do is increasingly dependent on and, ultimately, controlled by technological devices. For example, in 2007, there were an estimated 10 million sensor devices connecting human utilized electronic devices (cell phones, laptops, etc.) to the Internet. By 2013, it had increased to 3.5 billion. By 2030, there will be an estimated 100 trillion sensor devices connecting us to the internet by way of a neural network that approximates a massive global brain.
The end goal? Population control and the creation of a new “human” species, so to speak, through singularity, a marriage of sorts between machine and human beings in which artificial intelligence and the human brain will merge to form a superhuman mind.
Advances in neuroscience indicate that future behavior can be predicted based upon activity in certain portions of the brain, potentially creating a nightmare scenario in which government officials select certain segments of the population for more invasive surveillance or quarantine based solely upon their brain chemistry.
Clearly, we are rapidly moving into the “posthuman era,” one in which humans will become a new type of being. “Technological devices,” writes journalist Marcelo Gleiser, “will be implanted in our heads and bodies, or used peripherally, like Google Glass, extending our senses and cognitive abilities.”
Transhumanism—the fusing of machines and people—is here to stay and will continue to grow.
In fact, as science and technology continue to advance, the ability to control humans will only increase. In 2014, for example, it was revealed that scientists had discovered how to deactivate that part of our brains that controls whether we are conscious or not. Add to this the fact that increasingly humans will be implanted with microchips for such benign purposes as tracking children or as medical devices to assist with our health.
All of this indicates a new path forward for large corporations and government entities that want to achieve absolute social control.
It is slavery in another form.
Yet we must never stop working to protect life, preserve our freedoms and maintain some semblance of our humanity.
Abortion, vaccine mandates, transhumanism, etc.: these are all points along the continuum.
Even so, there will be others. For instance, analysts are speculating whether artificial intelligence, which will eventually dominate all emerging technologies, could come to rule the world and enslave humans. How will a world dominated by artificial intelligence redefine what it means to be human and exercise free will?
Scientists say the world’s first living robots can now reproduce. What rights are these “living” organisms entitled to? For that matter, what about clones? At the point that scientists are able to move beyond cloning organs and breeding hybrid animals to breeding full-bodied, living clones in order to harvest body parts, who is to say that clones do not also deserve to have their right to life protected?
These are ethical dilemmas without any clear-cut answers. Yet one thing is certain: as I make clear in my book Battlefield America: The War on the American People and in its fictional counterpart The Erik Blair Diaries/dissivoice-20, putting the power to determine who gets to live or die in the hands of the government is a dangerous place to start.
Analysis: while identity of hackers is not known in this case, Palestinians have long been spied on by Israeli military
The disclosure that Palestinian human rights defenders were reportedly hacked using NSO’s Pegasus spyware will come as little surprise to two groups of people: Palestinians themselves and the Israeli military and intelligence cyber operatives who have long spied on Palestinians.
While it is not known who was responsible for the hacking in this instance, what is very well documented is the role of the Israeli military’s 8200 cyberwarfare unit – known in Hebrew as the Yehida Shmoneh-Matayim – in the widespread spying on Palestinian society.
No right has preoccupied as many conversations in the digital age than the right to privacy. This is mainly owing to the fact that an individual’s privacy is being subjected to constant intrusion by States and non-state actors, thereby leaving the individual’s lives in a ‘goldfish bowl’ situation. At global and regional levels, countries are grappling to withstand these threats in the digital era by employing a number of legal and institutional mechanisms.
This blog post seeks to examine possible treaty-based mechanisms towards realising the right to privacy on the internet in Africa. These are: applying international law through the Charter’s flexibility clause and through developments under African human rights law as a result of subsequent agreements and practice.
Tellingly, the content of the right to privacy under international human rights law is broad-ranging, and includes: private life (or solitude), autonomy (or self-determination), identity (e.g., biometric data), integrity, sexuality, intimacy (e.g., data protection, freedom from surveillance, confidentiality etc) and communications on the internet. (see here, here and here) Nonetheless, defining the right to privacy intuitively is an elusive undertaking as the concept itself is sweeping. Some authors even go beyond to explain the difficulty of defining the concept of the right to privacy through the metaphor of ‘Chameleon’—which underscores that the notion of privacy is under frequent changes.
The right to privacy in the digital age is recognised under the 2015 UN Human Rights Council landmark resolution, which affirms that ‘the same rights that people have offline must also be protected online, including the right to privacy.’ (See UN Office of the High Commissioner for Human Rights (OHCHR) reports in 2014, 2018 and 2021). Recently, while interpreting the right to privacy under article 16 of the Convention on the Rights of the Child (CRC), the UN Committee on the Rights of the Child in its General Comment No.25 (2021) has clarified that the gamut of the right to privacy includes additional layers in the digital ecosystem.
When it comes to the African human rights system, in order to realise the right to privacy in digital era robustly, States are required to align their use or development of AI, robotics or other digital technologies with African human rights law. While the African Charter on Human and Peoples’ Rights (African Charter) doesn’t expressly provide for the right to privacy, the early draft of the African Charter, which was drafted by Kéba Mbaye in 1979, contained an express provision on the right to privacy. In particular, article 24(2) of Mbaye draft guarantees individuals’ privacy from arbitrary or abusive interferences in their private life, family, home or correspondence.
Recent debates have asked whether, and to what extent, African human rights law, and in particular African Charter protects the right to privacy on the digital ecosystem.
On the one hand, there is a view that the African Charter doesn’t expressly protect the right to privacy, which gives rise to the debate of lex imperfecta (an imperfect treaty). To put this another way, the omission of the right to privacy under the African Charter makes Africa’s foremost human rights instrument inadequate to safeguard this right (see here and here). As such, proponents of this view offer claim that accordingly the African Charter could be overhauled through amendment, although it should be noted that amending the Charter by itself requires considerable effort as provided under article 68 of the African Charter.
On the other hand, there is an argument that it is possible to read the right to privacy into the African Charter, notwithstanding this lack of an express provision. Proponents of this view have offered distinct opinions as to how the right to privacy exists under African human rights law (see for example here, and here). The right to privacy may therefore be implicit in some provisions in the African Charter, including the rights to integrity, dignity, liberty and security and the right to health, and accordingly impliedly read into the African Charter.
Flexibility clause
The flexibility clause or complementarity principle within the African Charter provides a mechanism to read the right to privacy into the African Charter through drawing inspiration from international law or the corpus of international human rights relating to the right to privacy in the digital age. Article 60 of the African Charter states that:
The [African] Commission shall draw inspiration from international law on human and peoples’ rights, particularly from the provisions of various African instruments on Human and Peoples’ Rights, the Charter of the United Nations, the Charter of the Organisation of African Unity, the Universal Declaration of Human Rights, other instruments adopted by the United Nations and by African countries in the field of Human and Peoples’ Rights, as well as from the provisions of various instruments adopted within the Specialised Agencies of the United Nations of which the Parties to the present Charter are members.
The presence of the flexibility clause can be seen as a bulwark for the protection of the right to privacy because it reinforces international human rights law in Africa and brings the regional and international system into harmony. Nevertheless, an overbroad formulation of the flexibility clause may cast doubt on the determinacy of treaty obligations.
Subsequent agreements and practice
Subsequent agreements and practice that have developed African human rights law since the Charter came into force are the second way to read the right to privacy into the African Charter.
The 2018 Draft Conclusions of the International Law Commission (ILC) on the interpretation of treaties helps us understand the meaning and effect of subsequent agreements and practice. Pursuant to Draft Conclusion 6(2), subsequent agreements and subsequent practice under article 31(3) of the Vienna Convention on the Law of Treaties (VCLT) may take a variety of forms. They include not only externally oriented conduct, such as official acts, statements and voting at the international level, but also internal legislative, executive and judicial acts, and may even include conduct by non-State actors on behalf of one or more States parties and that falls within the scope of what the treaty conceives as forms of its application. The ILC Draft Conclusion further clarifies that a pronouncement of expert treaty bodies (such as the African Commission on Human and Peoples’ Rights (ACmHPR)) may give rise a subsequent agreement or subsequent practice by states under articles 31(3) of the VCLT, although such pronouncement on its own cannot constitute a subsequent agreement or practice.
When we extrapolate the ILC Draft Conclusions in line with subsequent agreements or practice in the African human rights system, it can be said that African states had not envisaged all human rights, including the right to privacy at the time when the African Charter was adopted. However, African states have since adopted various treaties and protocols that serve to interpret (and arguably widen) the scope of the African Charter. For example, despite being applied on specific themes, the African Charter on the Rights and Welfare of the Child (ACRWC) – which inter alia spells out the right to privacy – was adopted by States in 1990. The ACRWC may be considered as a subsequent treaty which came nine years after the adoption of the African Charter in 1981.
Importantly, the African Commission adopted copious subsequent Declarations (see 2002, 2016, and 2019), Resolutions (see here), Press releases (see here and here), and Guidelines (see here) that seek to fully guarantee the right to privacy in Africa. For example, following the adoption of Principle 40 of the 2019 African Declaration of Principles on Freedom of Expression and Access to Information, the right to privacy in Africa has now clearly been thought to include the protection of personal information, anonymity and confidentiality of communications in digital environment. The African Declaration provides:
Principle 40. Privacy and the protection of personal information
1. Everyone has the right to privacy, including the confidentiality of their communications and the protection of their personal information.
2. Everyone has the right to communicate anonymously or use pseudonyms on the internet and to secure the confidentiality of their communications and personal information from access by third parties through the aid of digital technologies.
The African Declaration explicitly guarantees protection of personal information, anonymity and confidentiality of communications. This further assures individuals of the right to enjoy freedom from any form of surveillance or interception. This further elaborates the right to privacy in the digital ecosystem.
States assent, however, continue to be the Achilles heel of subsequent agreements and practice. Simply put, unless states agree and take notice of the existence of the right to privacy under the African Charter through jus dispositivum (a law adopted by consent), it will be unlikely for this approach to become effective (see here, and here)
Additional barriers to the right to privacy
Thus far, there is no well-developed jurisprudence developed by the African human rights mechanisms, such as African Court on Human and Peoples’ Rights (ACtHPR), African Commission on Human and Peoples’ Rights (ACmHPR) and African Committee of Experts on the Rights and Welfare of the Child (ACERWC), on the right to privacy in the digital era in Africa.
In the absence of well-established jurisprudence, the African regional human rights system could draw inspiration from other avenues such as domestic systems. In 2019, for instance, the South African case of Amabhungane Centre for Investigative Journalism NPC and Another v Minister of Justice and Correctional Services and Others, saw the High Court hold that the practice of bulk surveillance activities and foreign signals interception by the South African Government amounted to interference with individuals’ privacy and was accordingly declared to be unlawful. The South African Constitutional Court upheld this judgement in 2021. The practice of some domestic courts in Africa will have a ripple effect on the development of jurisprudence at regional level. While the impact of domestic jurisprudence on regional level couldn’t be ignored, yet it will be a slow process for this to influence other judicial attitudes towards privacy.
Going forward
The above illustrates that amendment of the Charter is unlikely, and other mechanisms (i.e., jurisprudence) are ineffective. Ultimately, the African Commission and African Court should seriously consider utilising the flexibility and subsequent agreements and practice mechanism to more effectively protect the right to privacy in the digital age.
Yohannes Eneyew Ayalew is PhD Candidate at the Faculty of Law, Monash University and was formerly a Lecturer in Media Law and Human Rights at Bahir Dar University, Ethiopia. He is also a PhD Affiliate at Castan Centre for Human Rights. His project is looking at balancing the rights to freedom of expression and to privacy on the Internet under the African human rights system.
To receive notifications of new posts, click “sign me up” at the bottom To join the Castan Centre mailing list, click here. To follow the Castan Centre on Twitter, click here. To follow the Castan Centre on Facebook, click here.
At the G20 leaders’ summits, President Xi calls on developed countries to lead on emissions reductions and support developing nations. China’s per capita emissions are only 40% of the US’s (2019).
Chinese scientists develop technology to produce animal feed from industrial gas by-products, which could reduce soy imports and carbon emissions.
China implements Personal Information Protection Law (PIPL), regulating the collection, use, and transfer of data to safeguard consumer privacy.
The they, of course, are the capitalists. The bankers. The mortgage companies. The housing agencies. The alphabet soup of agencies which will squeeze blood from turnips and your progeny’s progeny.
The media is the medium for their poison, all those tricks of the mind, subliminal and overt, messages that cause chaos, the mass hysteria, the constant fear, the rage against the ‘other.’ And, the other are our fellow citizens, victims, most of us, sliding and slipping and slurrying down the proverbial drain.
Housing management companies; i.e., apartment management companies, now property management companies. We are talking about putting people out on the streets management companies. Black Rock or Black Stone, or the top (largest) property management companies in USA are evil doers, in the words of the criminal, George W. Bush. Terrorists in our own land.
Take a look at the number of “units” these thieves “own,”; i.e., manage! National Multifamily Housing Council — 50 Largest Apartment Managers
Again, the ‘they’ in the subheading are those who look at citizens as, well, semi-useless renters, eaters, drivers, patients, breathers, breeders. UNITS as in a person’s home, shelter, abode, gathering place, roof-running water-place-to-raise-a-life-or-a-family. In the hands of management companies, who are in Gucci suits and are beholding to the devils of capitalism: money schemers, bond holders, the top echelon of this Ponzi scheme. No national red alert state by state around eviction moratorium running out, or the exorbitant rents and sickening inflated cost of houses, new or preowned? Instead, this Tweedle-dee and Tweedledum Administration is saber-nuke rattling with China and Russia. Instead, this Brokeback Administration is pushing Jab of the Month on every living mammal in the USA. But real change, real safety, real social contracts? Never in the Art of the Deal shit-hole that is the Democratic and Republican mentality, which is for us, useful idiots, mental disease!
I have dealt with some of these property management (killer) outfits. Recently, with one of my clients — homeless veteran, diabetes, amputated leg from the knee down, other chronic illnesses — I went through email-telephone-snail mail hell. Zero response about his one apartment we landed that needed some ADA addition so he could get out of the bloody apartment in his wheelchair. I’ve written about Pinnacle (number three on that list above with 172,000 ‘units’). My client had a Rotary Club and Boy Scout unit and a construction company ready to put in a sound, safe, nice pathway so he could exit and enter his apartment.
Nothing from Pinnacle after hours spent attempting a two-way communication with them. I did get an apartment manager, in the Portland apartment complex office, who was from Ukraine, and who was, again, in this shit-hole country, afraid of rocking the boat, afraid of really helping me get to the top brass. Even the top brass, via email and snail mail, did not respond. You can’t even pull the old wounded military veteran with chronic illness card to get to their heart-strings, because, they have no heart — just a big set of investment-banking-real estate accounts.
What do nations care about the cost of war, if by spending a few hundred millions in steel and gunpowder they can gain a thousand millions in diamonds and cocoa?
― W.E.B. DuBois
Michael Hudson, again, explains how messed up we are in USA with this rentier system. This system of penury, three steps to poverty hustle. And Corporate/Mainstream Media are in with this scam. Don’t get confused with the title, Super-imperialism, Michael Hudson’s book. He goes to the heart of this USA scam:
So, I am talking about even redneck Texas, Dallas, where working class folk are seeing that $1,100 a month one bedroom apartment rent jump to $1,800 in November. Just like that, oh, that Lone Star Shit Hole State. But wait, that jump is happening all over the land. Every rotten governor who dares go on TV to express their Jab-Jab-Jabberwocky and their Unvaccinated-Going-to-get-sacked-turned-away-from-everywhere-no-medical-help-no-entitlements-no schooling sick fascist soft-shoe Vaudeville Big Pharma Blue Face bullshit, well, they are the Paper-Pharma Tigers, with state legislatures as pimped out by corporations and US Chamber of Commerce shits to the point of massive infrastructure failure, pot holes as big as DMZ craters, dirty water, dirty air, zero housing for the 80 percent, no bus drivers for the kiddos. This is America, the land of the Survival of the Fittest, of Richest, or Most Connected, or Most Sociopathic!
This is what these whippersnappers in the Blue States and Red States do — privatize EVERYTHING, since we are almost useless eaters and useless breathers. Useful, to them, as they call us their “useful idiots.” Title any way you want to: “Retirees Flee City Medicare Program as Deadline Looms for Move to Private Health Plan” or, “New York City Retirees Refusing to Eat the Medicare Advantage Dogfood“
So, no rent control, no national housing plan, no holding the US Chamber of Commerce and the other 10,000 thuggery lobbying groups for the building and paving and clear-cutting industries to the people’s standards. And, yes, a few brethren send me link and story after story and link. It’s what I have been feeling and seeing since age 13. Yes, the ugly reality of kill squads, School of the Americas, in Central America. Yes, in Arizona, age 13, after years overseas, seeing the government, the administrations, and their policy of undocumented folk from US-spit upon countries and their death squads coming over the borderline, illegally. Imagine that, people as illegals, and worse, as aliens, from another planet! Media and the newspapers I worked for, I fought those terms — illegal alien. Sick sick roots of this slaver country. Look at this, 15 years ago, with the old web site, Dissident Voice: “This Land is Their Land, and We Are the Illegal Aliens.”
Here, Ferlinghetti — from that little book, Poetry as Insurgent Art!
What are poets for, in such an age?
What is the use of poetry?
The state of the world calls out for poetry to save it. (A voice in the wilderness!)
If you would be a poet, create works capable of answering the challenge of apocalyptic times, even if this means sounding apocalyptic.
You are Whitman, you are Poe, you are Mark Twain, you are Emily Dickinson and Edna St. Vincent Millay, you are Neruda and Mayakovsky and Pasolini, you are an American or a non-American, you can conquer the conquerors with words.
— Lawrence Ferlinghetti, pp.2-3
This headline, in the context of housing crisis, job crisis and, well, the supply chain made up crisis, which Michael Hudson talks about above with Blumenthal and Norton. “Biden says US will go to war with China to defend Taiwan”!
US President Biden bluntly declared at a Town Hall meeting on Thursday that the US was committed to going to war against China in defense of Taiwan. The statement is another provocative step that undermines the basis of US-China diplomatic relations and intensifies the already acute tensions between the two countries. (source)
These are not normal human beings, any of them in these dastardly administrations — Nixon-Ford-Carter-Reagan-Bush-Clinton-Bush-Obama-Trump-Biden. Oh, historically, it gets much much worse. Just the health care crises after crises, and get some slice of the National Health Services in Britain which my aunts and cousins and uncles in the old days used as ways to be treated with dignity for medical ailments. It’s all gone the way of dog food, Reagan/Thatcher, on down the line, Blair/Clinton, Obama/Trump/Biden. More news and analyses coming from a hip-hop guy, than anything from the Fox-MSNBC-CNN-Et Al crap:
Speaking of those great health authorities, those alphabet soup acronym junk science folk from our own FDA, get a grip on this during the planned pandemic:
That FDA, even reported on brokeback NBC: ‘Even the website of the approved product, R.J. Reynolds’ Vuse, which offers “7 Bold Colors, 3 Premium Flavors, 3 Nicotine Levels” along with sleek accessories like pretty “racing wraps” and holsters, says on top: “WARNING: This product contains nicotine. Nicotine is an addictive chemical.” But the FDA claimed that with vaping, “the potential benefit to smokers who switch completely or significantly reduce their cigarette use, would outweigh the risk to youth.” Apparently the argument is: It’s OK if young people get addicted to vaping nicotine because they will now be able to buy e-cigarettes to later quit.’
You know, the FDA in cahoots with the other great Pharma Folk, the self reporting Jewish Family, a la Sackler/Purdue:
Oh, it’s on Hulu, and it is a protracted, goofy drama of the St. Elsewhere kind. SO protracted, so long, but from Macy’s book. Oxycontin. Man, that dope in the white-blue-yellow-pink pill. Talk about emblematic of Pfizer/Merck/GSK/The Lot of them!
Curtis Wright was the FDA’s deputy director overseeing anesthetics and addiction products during the time OxyContin was being approved. In this position, Wright played a key role in allowing the deceptive marketing that suggested OxyContin was non-addictive. Particular focus has fallen on a special label issued by the FDA specifically for OxyContin which read “Delayed absorption as provided by OxyContin tablets is believed to reduce the abuse liability of a drug.” As depicted in Dopesick, this label was used by sales representatives to sell OxyContin as a treatment for moderate pain to skeptical doctors like the one played by former Batman star Michael Keaton. However, Purdue had conducted no actual studies to support this claim and Wright knew it. In Dopesick, FDA employees also confirm the person who approved of this label was Curtis Wright. (source)
Nah, we can’t call these people evil. We can’t call their business dealings illegal. We can’t call into question their ethics. We can’t question where they developed such sick marketing. We can’t look at their origins, their friends, their rabbis, their associations with family lines that go way back. That, my kind reader, would be, well, in the words of racists and fascists, anti-Semitic?
Well, I guess I can leave the origins stories up to the, well,
“How the Sackler family built a pharma dynasty and fueled an American calamity”
In ‘Empire of Pain,’ Patrick Radden Keefe details the humble Jewish immigrant roots of Purdue Pharmaceuticals, and how it is evading justice despite being behind the opioid crisis
In the 1960s, esteemed psychiatrist/genius ad man Dr. Arthur Sackler cemented his family’s massive fortune when his marketing strategy transformed diazepam, better known as Valium, from just another drug produced by his client Hoffman-La Roche into the top-selling “wonder” drug in the United States between 1968 and 1982.
Though the Jewish-American Sackler, whose parents immigrated to the US from Eastern Europe, initially encountered antisemitism, the wealth that he brought his family helped change all that.
Along with his psychiatrist brothers Mortimer and Raymond, Sackler would see enormous success marketing pharmaceuticals directly to doctors. The family delved into philanthropy in addition to pharma, and the name once snubbed by antisemites soon adorned prestigious educational and cultural institutions, from the Metropolitan Museum of Art to the Louvre.
Yet more stories coming from friends that define CAPITALISM, and that is the C which is the big Corrupt, Colluding, Conspiratorial, Contagious, Calamitous, Corrosive, Cancerous. That is the soft shoe here — the C-C-C-C-C-C-C of Capitalism, with those Seven Deadly Sinful C’s! And just to make a quick aside, sort of the Robin Leech, The Lifestyles of the Rich and Famous detour, get a load of this set of seven deadly sinful C’s: Living: “The Super-Rich Are Forming a New Exclusive Club. For $180,000, a three-year membership includes investment opportunities, access to West Point generals, confidential support groups and private getaways.” (source, again, the 7 Sinful C’s Bloomberg News [sic])
Nah, never off with their heads!
[Tag: Richard Branson, from left, during an R360 networking tennis match with Michael Cole and Christopher Ryan, a former Tiger 21 chair in Texas and Puerto Rico and chief executive officer of GoBundance, a professional networking group. Courtesy of R360]
And these fella’s are controlling the narrative around 5/6G, Fake Green Capitalism, World Economic Forum’s “The Deplorables/Barely Useful Idiots Will Be Soylent Green” project of massive anal and biometric and cellular surveillance, and, then this bizarrely vapid story about “the only way to save the earth — read, saving/protecting/growing the billionaires’ and millionaires’ wealth, power, ego, land, families — is with, err, the billionaires’ and millionaires’ great know-how and techie future.”
Oh, Canada, the tail and hind teat of USA: “Why we must embrace geoengineering and other technologies to stop the climate crisis” by Jaqueline McLeod Rogers, University of Winnipeg. I’ll quote her, and just the two paragraphs say it all for me, and alas, while I do come from academia, albeit remedial college courses, writing courses, a la adjunct/freeway flyer, I have to say that my dealings with sustainability and green pornography/greenwashing experts over the years (yes, I ‘graduated’ from the University of British Columbia’s Green/Sustainability Summer Institute mumbo-jumbo course) has pretty much gelled the reality: most academicians are very-very much corruptible and corrupting, back to the 7 Very Sinful C’s of Capitalism:
Diplomacy aside, it’s time to do more than agree to cut emissions. Some scientists say an engineered climate recovery must be taken seriously, with aggressive and deliberate management strategies put in place. We need to cultivate citizen interest and government support for research into the development of large-scale geoengineering projects.
As a media and communications scholar, I cannot argue that one science is superior to another. My research examines how Marshall McLuhan’s thinking about technology relates to the current climate crisis. Drawing on the work of McLuhan and others, I believe there are emerging technological options of urgent interest to citizens committed to a sustainable future, and we need to pursue these rather than holding onto remnants of a new normal. (source)
It all comes down to reset after reset, the great openly brazen and powerful Very Seven Very Deadly Very Sinfully C ‘s of the Worst System for Humanity and Earth Ever Devised, Capitalism! Corrupt, Colluding, Conspiratorial, Contagious, Calamitous, Corrosive, Cancerous
So many truths, so many millions of stories, so many people dazed and confused. This is the trickster veil that the overlords of capitalism have dished out for the planet. The USA has taken it hook, line and sinker:
No one group has done more to damage our global agriculture and food quality than the Rockefeller Foundation. They began in the early 1950s after the War to fund two Harvard Business School professors to develop vertical integration which they named “Agribusiness.” The farmer became the least important. They then created the fraudulent Green Revolution in Mexico and India in the 1960s and later the pro-GMO Alliance for a Green Revolution in Africa since 2006. Money from the Rockefeller Foundation literally created the disastrous GMO genetically altered plants with their toxic glyphosate pesticides. Now again, the foundation is engaged in a major policy change in global food and agriculture and it’s not good. (source)
There you have it, way before 10 a.m. PST, October 23, eight days before the CDC-Fauci-FDA approved Halloween, this blog to never end all blogs. Blots on us all, and, Plague Upon All Their Houses. Just reread, scroll back up, and you get the idea as to whose heads must roll. And it is just a short list. You’ve read about other heads that must roll in many other of my diatribes or rants. Righteous indignation? Nah, calm forward thinking starting 51 years ago when I was just a wee one.
Oh, shoot, back to the future, again:
Max Blumenthal question: “Are current politicians basing the corona measures on incorrectly established scientific principles?”
Mattias Desmet: I think so. Here, too, we see a kind of naïve belief in objectivity that turns into its opposite: a serious lack of objectivity with masses of errors and carelessness. Moreover, there is a sinister connection between the emergence of this kind of absolutist science and the process of manipulation and totalitarianisation of society. In her book The Origins of Totalitarianism, the German-American political thinker Hannah Arendt brilliantly describes how this process took place in Nazi Germany, among other places. For example, nascent totalitarian regimes typically fall back on a ‘scientific’ discourse. They show a great preference for figures and statistics, which quickly degenerate into pure propaganda, characterized by a radical “disregard for the facts”. For example, Nazism based its ideology on the superiority of the Aryan race. A whole series of so-called scientific data substantiated their theory. Today we know that this theory had no scientific validity, but scientists at the time used the media to defend the regime’s positions. Hannah Arendt describes how these scientists proclaimed questionable scientific credentials, and she uses the word “charlatans” to emphasize this. She also describes how the emergence of this kind of science and its industrial applications was accompanied by an inevitable social change. Classes disappeared and normal social ties deteriorated, with much indefinable fear, anxiety, frustration, and lack of meaning. It is under such circumstances that the masses develop very specific psychological qualities. All fears that haunt society become linked to one ‘object’ – for example, the Jews – so that the masses enter into a kind of energetic struggle with this object. And onto that process of social conditioning of the masses, a completely new political and constitutional organization subsequently grafts itself: the totalitarian state.
Today, one perceives a similar phenomenon. There is widespread psychological suffering, lack of meaning, and diminished social ties in society. Then a story comes along that points to a fear object, the virus, after which the population strongly links its fear and discomfort to this dreaded object. Meanwhile, there is a constant call in all media to collectively fight the murderous enemy. The scientists who bring the story to the population are rewarded with tremendous social power in return. Their psychological power is so great that, at their suggestion, the whole of society abruptly renounces a host of social customs and reorganises itself in ways that no one at the beginning of 2020 thought possible. (source)
Oh? So, this discussions can’t happen because the overlords, their masters, the Seven Sinful C’s of Capitalism, the planned resets, all of that trump us barely useful eaters, readers, watchers, walkers, drivers, patients, renters, dreamers, breathers, sleepers, consumers!
The federal government has floated the idea of an industry-funded model for the nation’s privacy office, which has faced concerns of under-resourcing despite an increasing workload for several years. The Office of the Australian Information Commissioner (OAIC) has continually raised concerns with its vastly increasing workload and the lack of a comparable funding increase, with…
Authorities using predictive policing and human surveillance on Muslims in Xinjiang, thinktank says
Authorities in the Chinese region of Xinjiang are using predictive policing and human surveillance to gather “micro clues” about Uyghurs and empower neighbourhood informants to ensure compliance at every level of society, according to a report.
The research by the Australian Strategic Policy Institute (ASPI) thinktank detailed Xinjiang authorities’ expansive use of grassroots committees, integrated with China’s extensive surveillance technology, to police their Uyghur neighbours’ movements – and emotions.
Privacy campaigners raise concerns after nine schools in North Ayrshire scan faces of pupils to take payments
The Information Commissioner’s Office is to intervene over concerns about the use of facial recognition technology on pupils queueing for lunch in school canteens in the UK.
Nine schools in North Ayrshire began taking payments for school lunches this week by scanning the faces of their pupils, according to a report in the Financial Times. More schools are expected to follow.
7-Eleven violated its customers’ privacy by secretly collecting their facial images at 700 stores over the last year for demographic profiling and data verification, the regulator has determined after a seven month investigation. The convenience store chain claims its actions did not constitute a privacy breach and will face no punishment beyond being asked to…
There is “no rational reason” for the way Australian governments are currently planning to roll out digital COVID-19 vaccination certificates, which is less secure and more damaging to privacy than other approaches used elsewhere in the world, a prominent cryptography expert says. National Cabinet recently agreed that states and territories will integrate digital vaccination certificates…
Australia’s federal and state privacy commissioners have released guidance for developing tools that protect public health and enable increased mobility as Australia embarks on a pathway out of COVID-19.
The guidance comes after Queensland Police were in June found using the state’s COVID-19 check-in app data as part of an investigation into the reported theft of an officer’s gun and Taser from a regional pub. The state’s police later directed officers to not access such data “except in extraordinary circumstances”.
Once states and territories reach a certain percentage of their population being vaccinated and begin to open up, premiers have indicated that COVID-19 vaccination certificates will likely become a requirement for entry to certain venues like pubs and clubs. Similar documentation is likely to be required for overseas travel.
Federal Privacy Commissioner Angelene Falk.
It is with this in mind that Australia’s privacy commissioners on Thursday released the National COVID-19 Privacy Principles – a set of universal privacy principles which they say provide flexibility for government and business in developing tools that protect public health and enable increased mobility.
The principles, which are similar in nature to draft guidelines that were issued in response to technology solutions for contact tracing, seek to minimise personal information collected, limit its use, ensure it is kept secure, deleted when no longer needed, and protected by law.
Examples where the Privacy Commissioner’s office considers the principles should apply include the development of vaccination certificates and whether, for example, it is sufficient for them to be sighted instead of collected and stored when they are used in public.
If collection is necessary, the Privacy Commissioner’s office believes technological solutions should ensure only the minimum amount of information is collected and that it is held securely and periodically deleted.
“We’ve learned that the community will provide their personal information to help prevent and manage COVID-19, but they want it to be respected and protected,” federal Privacy Commissioner Angelene Falk said.
“As the next of wave of solutions are developed, we need to keep privacy front and centre. We want to maintain the community’s trust in the use of their personal information, so we need to ensure any new proposals and solutions are built around fundamental privacy principles.”
Commissioner Falk said the commissioners know that privacy is a concern for many Australians and that they need to know their information will continue to be protected within measures that support the health and economic response – whether it’s contact tracing and QR codes, vaccination certificates, or a future proposal with privacy impacts.
“The principles provide an important reminder to build privacy protections into any initiatives that require the collection of personal information from the start,” she said.
“A nationally consistent approach to any personal information handling requirements in health orders will also reduce regulatory friction and provide certainty for the community and for businesses as we move to the next stage of the pandemic response. Australian privacy regulators will continue to work together on privacy issues with national implications to provide consistent advice and guidance.”
The Privacy Commissioner’s office also believes that if someone claims an exemption from a public health order requirement to wear a mask, only the minimum amount of information should be required to be collected to establish the exemption – for example, a certificate that a medical exemption is in place for that individual, without the details of the particular illness, condition or disability being required.
Roe v. Wade is a lightning rod in the U.S. — but the irony is that it upholds several of our country’s oft-proclaimed core values. While the landmark SCOTUS case is frequently cited as the legalization of abortion, the case actually deliberates the concept of personal autonomy and liberty.
Specifically, Roe v. Wade articulates how states can regulate abortion, upholds the right to privacy in specific personal decisions and reiterates that it is not the state’s job to uphold a specific ideology. As we reckon with the possibility of Roe v. Wade being overturned in June 2022, every single person should consider the precedent that this could set. By dismantling the landmark case that protects an individual’s right to private decision-making about their body, conservatives are opening the door to the possibility of more state-level regulation of private decisions.
Let’s be clear: There is a fundamental difference between the regulation of health care practices that can lead to the death of your community (like not wearing a mask), and those that cause an individual physical, financial and social harm (like an unwanted pregnancy).
However, for those expressing concern about government regulation of health care, Roe v. Wade is a critical part of defining what constitutes a private decision that should be made by an individual or family instead of the government, such as contraceptive use, disability rights, the right to send children to religiously affiliated schools or to homeschool them, among other traditionally conservative priorities. In this way, the anti-mask, anti-vax and anti-choice movement is working against its own stated interest of “small government.”
At its core, Roe v. Wade is the protection of privacy and liberty, specifically the constitutional right to privacy within the 14th Amendment’s Due Process Clause, which has been interpreted for more than a century as encompassing privacy as a key tenet of liberty. The Supreme Court’s decision in Roe v. Wade in 1973 was that a person’s control over their own pregnancy should count as privacy. If a person is forced to carry an unplanned pregnancy, it presents a true risk to their physical, mental and financial well-being, and opens them up to social stigma. It also, importantly, does not define when life begins, because they argue, it is not the role of the state to determine that one theory of life is more correct than another, or that one ideology is preferred to another.
In addition, Roe v. Wade articulates that a state cannot regulate abortion to the detriment of a mother’s health. With this, the case signals that the life of a person is valued independently of the fact that they are carrying a fetus. Again, this might not sound significant, but without this recognition of the individual humanity of pregnant people, our rapidly increasing rates of maternal mortality (the worst among high-income countries), our lack of postnatal care for mothers, our pregnancy discrimination trends, and the many other ways we fail those giving birth could become even worse at the state level.
Don’t for a minute think that removing these protections would only impact those with uteruses — protecting against financial, physical and social harm is, unsurprisingly, good for an entire economy. There are myriad studies that demonstrate that a society writ large benefits when people are able to plan their pregnancies, when they can avoid the financial and physical harm caused by an unplanned pregnancy, when they can remain in the workforce, finish school, provide for their children and families, and make space for their own personal mental and physical well-being.
While overturning Roe may signal to conservatives that the Supreme Court is willing to buck the majority opinion for the sake of a moral positioning, they also risk losing their own right to make private decisions around their families. It could set us up for the reversal of the 1965 case Griswold v. Connecticut, which upheld a married couple’s right to access contraceptives in support of personal autonomy. Specifically, the right to privacy established in Griswold and reaffirmed by Roe was the building block on which the court upheld key rights like the right for parents to homeschool or to make their own medical care decisions.
As it seems likely that SCOTUS will at minimum strip the fundamental protections of Roe in June of 2022, it is worth pointing out to the folks cheering this change that, just because you don’t see yourself getting an abortion does not mean that you are exempt from the consequences of restricting other people’s rights. This is a lesson that history teaches us again and again. Maybe we should listen.
The reality is that Roe v. Wade was meant to be a starting point, and the case — quite honestly — is insufficient and has contributed to abortion access inequity across the country. If we continue to qualify our belief in personal autonomy — for instance, by naming pregnancy termination as undeserving of privacy — it paves the way for a potentially slow and painful removal of other basic freedoms. The role of the government is to help mitigate costs on our society — like reducing preventable death by distributing the COVID-19 vaccinations, by implementing speed limits and seat belt laws to reduce road deaths, or by taxing cigarettes to offset health care costs — and to help us live collectively while operating independently with the things closest to our physical selves, like pregnancy.
We all have an interest in protecting the right to abortion, because we all risk over-regulation of basic freedoms and the loss of privacy that has made space for LGBTQ rights, disability rights, education rights, marriage rights, contraceptive rights, child rights, and much more. Misplaced advocacy for overturning Roe could pave the way for a scary future, especially in states with conservative legislatures.
We all should advocate for the protecting of private decision-making and the reduction of unnecessary costs on our communities. To mitigate the dangerous consequences of overturning Roe, we need to invest more in grassroots organizations that are working to build strong state- and local-level coalitions. Policies have always been made at the state level, and in the post-Roe United States, it is essential to build stronger ground-up coalitions.
While SCOTUS may signal its position in next year, the majority of Americans still believe in a person’s right to access abortion care, and every person should be prepared to mobilize for the protection of private decision-making around true, individual choices.
Data breaches arising from ransomware incidents increased by 24 per cent in the first half of the year, prompting Australia’s Privacy Commissioner to warn that such attacks “are a significant cyber threat” that may be under-reported.
The Office of the Australian Information Commissioner (OAIC) received 446 data breach notifications from January to June this year, according to its latest notifiable data breaches report, with 43 per cent resulting from cyber security incidents. Of the 445 total breaches, 46 were from ransomware, up from 37 notifications in the last reporting period.
Privacy Commissioner Angelene Falk.
Since the notifiable data breaches scheme began in February 2018, health service providers and the finance industry have consistently reported the most data breaches compared to any other industry sector. In the first half of this year, that trend remained the same, with health service providers reporting 85 data breaches. The second largest source of notifications was from the finance sector with 57 followed by legal, accounting and management services with 35, and the Australian government and the insurance sector with 34 breaches each.
The rise in ransomware attacks comes as the federal government considers implementing a mandatory ransomware reporting scheme, where organisations that pay criminals to recover their files would be required to report this activity to the government. No government bill exists yet, but Labor’s Tim Watts is separately pushing his own that would require the same thing.
Privacy Commissioner Angelene Falk said the increase in ransomware incidents was cause for concern.
“We know from our work and from the Australian Cyber Security Centre that ransomware attacks are a significant cyber threat,” Commissioner Falk said.
“The nature of these attacks can make it difficult for an entity to assess what data has been accessed or exfiltrated, and because of this we are concerned that some entities may not be reporting all eligible data breaches involving ransomware.
“We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware, including a clear understanding of how and where personal information is stored across their network.”
Australian security expert Troy Hunt, who runs the popular haveibeenpwned.com website, said ransomware had been around for decades, with the PC Cyborg Trojan in 1989 considered among the first. What had resulted in a rise in its use in recent times was a change in the business model of criminal enterprises and the way they had begun monetising stolen data.
“I think one of the main driving factors is just simply return on investment,” Mr Hunt said of ransomware. “It’s just proven to be an enormously efficient way of monetising malicious software because, unfortunately, it does make good business sense to pay [a ransom].”
Another reason it was becoming more popular was because of the types of ultimatums criminals were issuing to victims, resulting in new income streams.
“It’s no longer just a ransom in terms of attacks against availability, where your files are locked and you need to pay for a key, but it’s also ransom with the threat of disclosure [of the stolen data].”
One other “alarming” way criminals were pivoting, Mr Hunt said, was by not only demanding ransoms from companies attacked but by using personal information inside a data breach to demand ransoms from individuals whose data has been stolen. Vastaamo, a now-bankrupted Finland-based private psychotherapy practice, was the target of such an attack, where patients were contacted and asked to pay ransoms or else have their private patient files published.
Mr Hunt said he expected sectors that remained at the top of the reporting list to be there because they were “heavily regulated” industries that were used to their reporting obligations under the law. This didn’t necessarily mean that they were the industries most impacted by known breaches, he said.
In the first half of the year, the OAIC was also notified of a number of data breaches resulting from impersonation fraud, which involves a malicious actor impersonating another individual to gain access to an account, system, network or physical location. There were 35 notifications of social engineering or impersonation fraud during the reporting period.
“The growth of data on the dark web unfortunately means that malicious actors can hold enough personal information to circumvent entities’ ‘know your customer’ and fraud monitoring controls,” Commissioner Falk said.
“We expect entities to notify us when they experience impersonation fraud, where there is a likely risk of serious harm.
“Entities should continually review and enhance their security posture to minimise the growing risk of impersonation fraud.”
In May, Home Affairs secretary Mike Pezzullo said he believed it was “likely” a mandatory ransomware reporting scheme would be rolled out soon.
“I think…most advanced economies are at a point, whereby some means, whether it’s mandatory reporting combined with other measures, that a much more active defence posturing is going to be required simply because of the prevalence of the attacks,” Mr Pezzullo told a Senate Estimates hearing.
While human error breaches decreased after a significant increase last reporting period, Commissioner Falk said entities need to remain alert to this risk, particularly the Australian Government where 74 per cent of breaches fell into this category.
Opinion: When I started in tech journalism more than a decade ago in 2010, I revealed that the federal government was considering introducing metadata retention. The changes meant select data about Australians’ web histories would be stored and logged for two years.
The controversial laws were shelved by Labor when it was in power but eventually, after a change of government and a further push by law enforcement, a bill was passed in 2015. The wedge needed to push a hesitant Labor opposition into supporting them was the December 2014’s Lindt Cafe siege in Sydney’s CBD.
“Your chances that your data will be viewed by law enforcement is low,” AFP Assistant Commissioner Tim Morris said at the time. “Those with nothing to hide have nothing to fear.”
This was despite law enforcements agencies making more than 300,000 applications for our metadata each year, without a warrant.
Since then, we’ve seen Canberra, at the request of police, spy agencies and intellectual property rights holders, chip away at the lack of regulation of multiple internet technologies.
This has included requiring assistance to pry open encrypted smart devices or scrambled messages; blocking of websites to do with pirated movies or music; restricting access to Interpol’s “worst of the worst” list via a then relatively unused telecommunications law (sub-section 313 of the telco act), to a present debate on critical infrastructure and whether the government should be given the power to allow its spy agencies to take control of computer networks of companies it deems manage such infrastructure (in the event of a cyber intrusion or to defend against one).
A separate bill currently before Parliamentwould give more powers to federal police and the Australian Criminal Intelligence Commission to access computers and networks of those suspected of conducting criminal activity online. This has prompted concerns about innocent people who might get swept up in it and a perceived lack of proper judicial oversight.
As part of the new “identify and disrupt” bill, new network activity warrants would allow authorities to hack into devices and networks of groups of individuals suspected of taking part in criminal activity online when their identities are not known. A new warrant would also allow the disruption of data through modification and deletion “to frustrate the commission of serious offences”, and new account takeover warrants would also be introduced.
Amid all this, we’ve also seen multiple cases of abuse of data by law enforcement. The check-in apps each state has been using during the COVID pandemic? Queensland thought it’d be a great idea to use that data to investigate a reported theft of an officer’s gun and Taser from a regional pub despite assurances it would only be used for contact tracing purposes.
Where there’s data, the temptation by third parties to access it will always be there.
The same state government also used metadata to access the private information of cadets to determine whether they were sleeping with one another or faking sick days.
Queensland – I’m not sure what it is about this state and privacy – was also among the first to start taking advantage of the data trail left behind by smart public transport travel cards, not just to find criminals, but to track down witnesses of crimes who may not necessarily wish to talk.
Back in 1997, former US president Bill Clinton said the internet “should be a place where government makes every effort … not to stand in the way, to do no harm”. But he hastened to add that “a hands-off approach to electronic commerce must not mean indifference when it comes to raising and protecting children.”
This brings me to Apple’s latest move – to identify photos uploaded to its online storage service iCloud that match against known child abuse imagery.
It has all the hallmarks of being a smartly designed technology and does seem to have been created with some privacy mechanisms in mind. For example, it uses a “hashing” algorithm of known abuse material to identify imagery on people’s accounts and will only then alert Apple reviewers when an undisclosed threshold of images is reached.
But it rightly has privacy advocates worried about what could come next. What starts off as a technology trained to search for a “worst of the worst” list of images could soon become used to search for other types of content stored on people’s phones. Another feature allows parents to have naked or sexually explicit imagery blurred on a child’s phones.
“All it would take to widen the narrow backdoor that Apple is building is an expansion of the machine learning parameters to look for additional types of content, or a tweak of the configuration flags to scan, not just children’s, but anyone’s accounts,” the Electronic Frontiers Foundation wrote. “That’s not a slippery slope; that’s a fully built system just waiting for external pressure to make the slightest change.”
Scope creep seems to be one of the main concerns often raised by privacy advocates, but one which is frequently ignored by politicians, rarely addressed properly in legislation and often relegated to explanatory memorandums that describe a bill and its “intention”.
One example of website blocking scope creep is Australia’s tertiary regulator, which is now seeking telcos to restrict access to a site allegedly used by students for cheating.
What I think all of this signals is that we’re entering a new age of the internet where further regulation will become commonplace, and corporations will be leaned on by governments to enact new policies rather than governments necessarily creating new laws to force change.
We have seen this already with YouTube, Twitter and Facebook enacting bans following the spread of misinformation and online conspiracies. Rather than following laws, the companies are attempting to meet community and government standards and expectations. It’s voluntary regulation without new laws.
Mostly, I think changes that encroach more on an individual’s privacy will become accepted, especially if convenience continues to be a priority over privacy.
But will users boycott Apple over its latest photo move? Probably not. Until trust is broken or there’s a further erosion of their privacy, they won’t. But by then it might be too late.
Angelene Falk will spend at least another three years in her role as Australian Information and Privacy Commissioner after Attorney-General Michaelia Cash confirmed her reappointment.
Ms Falk’s re-appointment through to August 2024 comes as the government searches for a Freedom of Information Commissioner after it provided $1 million in funding in the May budget to establish the position, and as the nation’s Office of the Australian Information Commissioner (OAIC) battles an ever-growing freedom-of-information case backlog.
As established in 2010, the OAIC was meant to have three separate commissioners – for information, privacy and freedom of information. But Coalition funding cuts in 2015 left just a privacy commissioner to perform all of these roles, which has remained the case in the years since, with Ms Falk currently serving in all three roles.
“I am pleased to announce that Ms Angelene Falk has been reappointed as Australian Information Commissioner and Privacy Commissioner for a period of three years,” Attorney-General Cash said on Friday.
“Since her appointment in 2018, Ms Falk has effectively led the Office of the Australian Information Commissioner.
“She has worked to increase the Australian public’s trust and confidence in the protection of personal information by promoting the understanding of privacy issues and effectively resolving privacy complaints and investigations.”
Commissioner Falk said she was honoured to continue to lead the OAIC.
“This is a pivotal time for both privacy and freedom of information,” Ms Falk said.
“Over the next 3 years, we will uphold and advance these rights to enable citizens and businesses to safeguard personal information and harness its benefits, for individuals and the economy, while we encourage an open-by-design approach to information access across government.
“This includes regulating the online environment and high privacy impact technologies, expanding the Consumer Data Right, advising on and implementing proposed reforms to the Privacy Act 1988, and increasing proactive publication of government-held information.”
Ms Falk was admitted as a legal practitioner to the Supreme Court of NSW in 1998 and holds an Honours Degree of Bachelor of Laws and a Bachelor of Arts from Monash University, a Graduate Diploma in Intellectual Property Law from Melbourne University and a Graduate Diploma in Legal Practice.
Ms Falk has held senior positions in the OAIC since 2012.
Australia’s privacy regulator is formally investigating Optus for an alleged breach of customers’ privacy after the telco published nearly 50,000 customers’ personal information in the White Pages. It follows nearly two years of preliminary inquiries by the watchdog and a class action on behalf of Optus customers.
The data breach occurred in 2019 when Optus published customers’ name, mobile phone numbers and addresses in the White Pages online and in print, despite individuals asking for the details not to be published.
Optus reportedly discovered the breach during a routine audit of 10 million customers then notified those affected and apologised to them. The information was removed online but copies of the physical White Pages were already in circulation.
Maurice Blackburn made a representative complaint to the regulator in April last year and began a class action against the telco alleging it failed in its duties under the Australian Privacy Act.
The case is the first time a class action has used the act to seek compensation for customers, according to the leading legal firm.
Australian Information Commissioner and Privacy Commissioner Angelene Falk
The Office of the Australian Information Commissioner (OAIC) was notified of the data breach shortly after it happened and the telco said it would work with the watchdog on its preliminary inquiries.
On Friday, the OAIC said it was launching an official investigation, nearly two years after the incident occurred.
“This is a complex matter that requires consideration of acts and practices across multiple incidents, spanning a number of years and involving approximately 50,000 individuals,” an OAIC spokesperson told InnovationAus.
“Prior to the commencement of an investigation, the OAIC undertakes preliminary inquiries. In this instance, these inquiries were extensive.”
Optus said it takes the protection of personal information seriously and it will work with the regulator on the investigation.
“We will continue to work collaboratively with the OAIC on this historic matter,” an Optus spokesperson said.
Maurice Blackburn principal lawyer Elizabeth O’Shea said the firm’s complaint is progressing.
“We will carefully monitor the OAIC investigation into Optus and assess how it relates to our representative complaint,” Ms O’Shea told InnovationAus.
The OAIC’s investigation could take years, based on their other probes into data breaches, and its unclear how serious any determination made by Privacy Commissioner Angelene Falk may be.
Some previous data breach determinations have only required undertakings to improve information systems and governance. But earlier this Ms Falk ordered the Department of Home Affairs to pay compensation to nearly 1,300 immigration detention detainees whose personal information was mistakenly posted online in 2014.
“The public disclosure of personal information against the wishes of individuals may have the potential to cause harm,” the OAIC said in a short statement on Friday.
“The OAIC’s investigations can determine whether such matters involve systematic issues that can be prevented by ensuring the right practices are in place. This can set a benchmark for all organisations and build trust in the community.”
Uber breached 1.2 million Australian customers’ privacy when it failed to protect their data from a cyber attack in 2016, the Privacy Commissioner has determined after a three and a half year investigation which encountered “jurisdictional issues”.
Names, email addresses, drivers licence numbers, and location data were stolen in the attack, and Uber paid the cyber criminals to destroy the data through its bug bounty program rather than disclosing the breach responsibly.
The ride hailing giant will only have to make modest remedies, however, including reviewing its data governance and security programs with external experts and implementing their advice within a year.
But the Privacy Commissioner insists the decision sends a clear message that companies must protect Australians’ data even when it is processed overseas. The lengthy investigation has also demonstrated the “jurisdictional issues” which have made pursuing multinationals difficult.
Uber breached Australian privacy law in an incident affecting 57 million users.
The watchdog’s investigation ran for more than three years, which is understood to be due to the complex, cross-jurisdiction nature of the case, which was also expanded several times.
The breach occurred in 2016 when attackers gained access to the credentials of an Uber employee, giving them access to data stored by Amazon Web Services, including unencrypted files. Attackers downloaded the files which related to around 57 million individuals worldwide, including 1.2 million Australians.
Uber became aware of the breach almost immediately because the attackers emailed the company demanding payment. Uber paid the attackers US$100,000 through a bug bounty program, which is supposed to be used for good faith disclosures of vulnerabilities, not extortion.
The tech giant says it obtained written assurances from the attackers they had destroyed the data.
Uber did not formally investigate the breach with external cyber experts until nearly a year later, and said the investigation found no evidence the data had been misused.
The company then went public and contacted some of the drivers whose data had been compromised but not riders.
The Office of the Australian Information Commissioner (OAIC) began an investigation shortly after the public disclosure in late 2017. It made a determination late last month, more than three and a half years later.
The case was considered complex and important because it dealt with a breach by the US parent of the Uber company operating in Australia, which is actually Dutch.
Uber had argued because the US company was used to process the data off-shore, the breach it suffered was not subject to Australian privacy law.
But Australian Australian Information Commissioner and Privacy Commissioner Angelene Falk, who made the determination, said she was satisfied both Uber had an “Australian link” at the time of the breach and were required to comply with the Privacy Act.
“We need to ensure that in future Uber protects the personal information of Australians in line with the Privacy Act,” Ms Falk said.
“The matter also raises complex issues around the application of the Privacy Act to overseas-based companies that outsource the handling of Australians’ personal information to other companies within their corporate group.”
The investigation dragged out because of the inclusion of the Dutch-based Uber company operating in Australia, which was added to the probe in 2019 and the US parent’s argument it was not subject to Australian privacy law, an OAIC spokesperson told InnovationAus.
“The Uber determination demonstrates the complex jurisdictional issues that can arise in applying the Privacy Act 1988 in its current form to multinational corporate structures and data flows…The US-based entity argued it was not subject to the Privacy Act, and so a formal determination was necessary to address the privacy breach. This also required extensive investigation to establish the OAIC’s jurisdiction in this matter,” the spokesperson said.
“The existing test for establishing jurisdiction is complex, and the Australian Government’s current review of the Privacy Act is an opportunity to address this issue. The OAIC’s submission to the review proposes amendments to ensure we can more easily address the privacy risks to Australians whose personal information is held by multinational companies based overseas.”
Ms Falk said her determination made clear the responsibilities of global corporations responsibilities under Australian privacy law.
“Australians need assurance that they are protected by the Privacy Act when they provide personal information to a company, even if it is transferred overseas within the corporate group,” she said.
Ms Falk determined Uber companies breached the Privacy Act 1988 by not taking reasonable steps to protect Australians’ personal information from unauthorised access and to de-identify or destroy the data as required.
They also failed to take reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles, according tot the watchdog.
Ms Falk ordered Uber to prepare, implement and maintain a data retention and destruction policy, an information security program, and incident response plan that complies with Australian privacy law.
The company must also use independent experts to review and report on the policies and there implementation, and report the findings to the OAIC.
A spokesperson for Uber said the company has made several technical upgrades and security certifications, and policy and leadership changes since the 2016 breach.
“We welcome this resolution to the 2016 data incident. We learn from our mistakes and reiterate our commitment to continue to earn the trust of users,” the spokesperson told InnovationAus.
“We are confident that these changes in security and governance will address the determination made by the OAIC, and will work with a third-party assessor to implement any further changes required.”
In the wake of this week’s revelations about the Pegasus spyware, Reporters Without Borders (RSF) and two journalists with French and Moroccan dual nationality, Omar Brouksy and Maati Monjib, have filed a joint complaint with prosecutors in Paris.
They are calling on them to “identify those responsible, and their accomplices” for targeted harassment of the journalists.
The complaint does not name NSO Group, the Israeli company that makes Pegasus, but it targets the company and was filed in response to the revelations that Pegasus has been used to spy on at least 180 journalists in 20 countries, including 30 in France.
Drafted by RSF lawyers William Bourdon and Vincent Brengarth, the complaint cites invasion of privacy (article 216-1 of the French penal code), violation of the secrecy of correspondence (article 226-15), fraudulent collection of personal data (article 226- 18), fraudulent data introduction and extraction and access to automated data systems (articles 323-1 and 3, and 462-2), and undue interference with the freedom of expression and breach of the confidentiality of sources (article 431-1).
This complaint is the first in a series that RSF intends to file in several countries together with journalists who were directly targeted.
The complaint makes it clear that NSO Group’s spyware was used to target Brouksy and Monjib and other journalists the Moroccan authorities wanted to silence.
The author of two books on the Moroccan monarchy and a former AFP correspondent, Brouksy is an active RSF ally in Morocco.
20-day hunger strike
Monjib, who was recently defended by RSF, was released by the Moroccan authorities on March 23 after a 20-day hunger strike, and continues to await trial.
“We will do everything to ensure that NSO Group is convicted for the crimes it has committed and for the tragedies it has made possible,” RSF secretary-general Christophe Deloire said.
“We have filed a complaint in France first because this country appears to be a prime target for NSO Group customers, and because RSF’s international’s headquarters are located here. Other complaints will follow in other countries. The scale of the violations that have been revealed calls for a major legal response.”
After revelations by the Financial Times in 2019 about attacks on the smartphones of around 100 journalists, human rights activists and political dissidents, several lawsuits were filed against NSO Group, including one by the WhatsApp messaging service in California.
The amicus brief that RSF and other NGOs filed in this case said: “The intrusions into the private communications of activists and journalists cannot be justified on grounds of security or defence, but are carried out solely with the aim of enabling government opponents to be tracked down and gagged.
“NSO Group nonetheless continues to provide surveillance technology to its state clients, knowing that they are using it to violate international law and thereby failing in its responsibility to respect human rights.”
RSF included NSO Group in its list of “digital predators” in 2020.
Australia needs a “data code” for children to ensure popular digital services like Instagram and Tik Tok are not collecting and processing information in harmful ways, according to a cohort of digital rights groups.
Several other countries, including the United Kingdom and Ireland, have recently introduced codes which require online service providers like social media companies to make “the best interest of the child” the primary consideration in developing any service likely to be accessed by them.
A local campaign for a similar code is now being led by Reset Australia, which has released a report showing young Australians overwhelmingly do not fully understand the digital bargain they sign up with popular digital service providers, and young users are often “nudged” into agreeing with inaccessible terms and conditions.
The digital rights group analysed the terms and conditions of 10 popular online services and surveyed 400 16 and 17 yearolds on their experiences using them, finding users would need a tertiary-level education and nearly two hours on average to read the terms and conditions (T&Cs).
Fewer than one in 20 of the young Australians surveyed by Reset Australia said they always read T&Cs. Less than 15 per cent read them most of the time, 38 per cent some of the time, and 45 per cent said they never read T&Cs.
Nine of the 10 providers’ T&Cs required a tertiary degree level education to understand, with the other provider’s terms needing a late high school level of reading to comprehend. All the providers allow users as young as 13 to sign up.
Reset Australia is calling for a data code for children after its research showed few young people read or could understand the terms and conditions of platforms like Instagram and Tik Tok.
Co-author of the report Dr Rys Farthing said digital service providers are encouraging Australians as young as 13 to join their platforms but are not making the terms of involvement clear or accessible to them.
“They don’t make their terms and conditions accessible to those younger users,” Dr Farthing told InnovationAus.
“And it’s just ridiculous to think of a service that says ‘hey great children and young people are welcome’. But then doesn’t put in place the provisions and protections to actually ensure that children and young people can meaningfully engage with those platforms.”
Digital service providers are under growing pressure to be more upfront about the business model underlying their “free services”, where user data is typically used to sell targeted adverting, often via a murky system of advertising technology.
Reset Australia’s report found the T&Cs collecting consent for the process are not presented in a way that could help improve understanding, and eight of the 10 service providers analysed used “dark patterns” to nudge young people into accepting them.
“For example, six platforms inferred consent when users click next, and six present ‘data maximising options’ as the best user experience,” the report said.
In Australia, the consumer regulator is currently examining the online advertising ecosystem as part of changes recommended in its landmark digital platforms inquiry. That inquiry also recommended changes to Australian privacy legislation, which are now also underway but have recently stalled.
Dr Farthing said the local law reforms, which include a focus on protecting vulnerable groups like children, is an opportunity to implement a code similar to those in the UK and Ireland.
“Take a page out of that book. Because we know it’s an upstream intervention that can make the digital world better for children and young people,” she told InnovationAus.
“It’s tried and tested because it’s working there, and it creates interoperable policy requirements on these tech companies. It means that actually what they’re doing in Europe they just have to turn on the children and young people in Australia as well.”
The UK Age Appropriate Design Code came began last year and will be enforced this September, requiring service providers to put the “best interests of the child first” when they are designing and developing apps, games, connected toys and websites that are likely to be accessed by them.
Later this year when the UK code is enforceable, the country’s data regulator will begin proactive audits of service providers’ compliance. A lack of compliance could lead to a breach of GDPR, the overarching data processing regulations in the EU and UK which carries significant financial penalties.
Dr Farthing said an Australian code should be similarly legislated or at least regulator-led, because the online service industry had shown self-regulation is not working.
“When it comes to personal data, but particularly when it comes to children and young people’s data, it’s really clear that self-regulation has failed,” Dr Farthing said.
“And these digital platforms and services have been sort of setting their own rules around what requirements are to work out if a young person has consented or not, and what they can and can’t do with young people’s data. They’ve been making those rules by themselves, and they haven’t got a good track record.”
Reset Australia is joined by several other groups in its campaign for a Children’s Data Code, including Unicef Australia, YMCA and The Australian Child Rights Taskforce.
The ABC has delayed the introduction of mandatory logins for its video streaming platform iview, amid concerns the requirement was unlawful and a risk to user privacy through the sharing of view data and personal information with third-party companies.
The national broadcaster had planned to require any user of iview to register for an account from this month, a step it said will improve the service with more features like “personalised” watch lists based on user data.
The requirement is common across commercial providers and in place on the SBS on demand service, but technology and privacy experts questioned its legality and appropriateness for a national broadcaster, urging ABC management to reconsider the decision.
This week the ABC quietly removed the reference to a July deadline from its support pages, changing the wording to “soon”.
The delay was confirmed by an ABC spokesperson, who said the broadcaster is working with the privacy watchdog and intends to introduce mandatory logins by the end of the year.
“We had initially intended to roll out mandatory log-ins across July and August but have decided to slow things down to ensure our audiences understand the benefits they will receive from creating an ABC account and the ways we manage and protect their personal information,” the spokesperson told InnovationAus.
“We are continuing to work with the Office of the Australian Information Commissioner to ensure we are industry leaders in terms of the use of personal data, in line with the trust that Australians place in the ABC.”
The iview platform is considered an Australian leader, having existed in some form since 2008, and always offered anonymous use. Work on a single login for ABC online services has been happening for several years and it was announced in May that registration and login would become a requirement for the iview service. The ABC is also considering making it mandatory for other digital services.
The move is part of a “personalisation” push by the broadcaster but has angered privacy advocates and technology experts who say asking users to actively opt out of data sharing may be illegal under Australian privacy laws and a genuine anonymous use option should also be offered.
ANU associate professor and Thinking Cybersecurity chief executive Vanessa Teague wrote to ABC management about the decision, urging them to reconsider and clarify in more detail how user data is and will be shared.
She welcomed the delay but told InnovationAus more information needs be provided on data sharing of both registered and unregistered users.
“The important question is whether they’re also pausing the data sharing, or merely doing the data sharing with Google, Facebook and [advertising technology company] Tealium anyway without a login,” she told InnovationAus.
The ABC has previously defended the switch, saying appropriate protections are in place, users can opt out of sharing data with third parties, and concerned users should use a pseudonym. But, as InnovationAus revealed, the third party data sharing opt out option does not yet exist.
Prof Teague said the national broadcaster had failed to properly answer why the login is not voluntary.
“[The ABC] also haven’t answered the question of why we need to be forced to do it [login] when we all ought to want it so much.”
Asked at Senate Estimates why anonymous logins would not also continue, ABC managing director David Anderson said it had become “standard practice” for media companies to require logins.
“It’s compulsory in that, we want people to keep coming back to it [iview]. So, we want to be able to provide these features that are positive to you as a user so that you see the value of signing in,” Mr Anderson said in May.
“At the moment, I’m not sure that you are going to come back as much as you would if you had the recommendations we would supply you.”
The ABC spokesperson said the public’s response to the switch to mandatory logins has been “overwhelmingly positive”.
“We have seen more than 1 million (1,014,983) new ABC accounts created from 29 March to 29 June, inclusive. Over that same period, we have received 180 complaints – ie. complaints represented 0.017 per cent of total sign-ups.”
Civil liberties activists will sue global advertisers and social media giants who keep secret dossiers of our private information. The Irish Council For Civil Liberties (ICCL) says current rules mean firms can store and use our sensitive data. The case could have worldwide implications.
It is claimed the dossiers can include financial and mental health information, and “even whether our children have special needs”.
Google, Facebook, Amazon, and Twitter are targets of the lawsuit, as well as Verizon, AT&T and the entire online advertising industry.
These secret dossiers about you – based on what you think is private – could prompt an algorithm to remove you from the shortlist for your dream job. A retailer might use the data to single you out for a higher price online. A political group might micro target you with personalised disinformation.
The ICCL claim our online activity is stored in a vast system called Real-Time Bidding (RTB).
broadcasts personal data about us to thousands of companies. Though RTB data can contain very sensitive information, industry documents also confirm that there are no technical measures to limit what companies can do with this information, nor who they pass it on to.
Billions of daily breaches
Billions of “breaches” occur daily, the ICCL claims. Defendants include the IAB TechLab. IAB is the body which governs the rules which social media firms and advertisers must follow.
And despite the IAB Techlab being based in New York, the court case will be heard in Hamburg. As a result, IAB will be accountable under General Data Protection Regulation (GDPR) rules. GDPR is the legal framework which governs data in the EU.
laws.
Unlawful behaviour
It’s hoped the lawsuit will force big firms to stop tracking everyone online.
In September 2018 we brought evidence of the unlawful behaviour of the ad industry to regulators. Owing to regulatory inertia, years later, we have no resolution to that conduct. Instead, the Irish Council for Civil Liberties have had to stand up for all of our rights.
And if successful, the lawsuit could strike a serious blow against the invasive profiling of private citizens for profit.
Vaccine passports are an increasingly likely proposition in Australia. Last week, national cabinet “welcomed” a new COVID-19 digital vaccination certificate, which will be made available through the Medicare app or myGov.
This week, government services minister Linda Reynolds confirmed Australians who have had two doses would be able to access a certificate. Australians are already able to see their immunisation history online. But the new certificate will only show COVID vaccination status, so it could easily be turned into a “passport”.
Countries all over the world are currently developing digital vaccination passports to facilitate international travel.
In Australia, we are also discussing whether they can be used to open up interstate movement (which will depend on the agreement of state and territory authorities).
However, there is also a legal question as to whether these vaccination certificates can be used for other purposes.
Could businesses ask to see the passport to prevent unvaccinated people from entering restaurants, shops, theatres and other venues? If so, what issues would this raise?
What are vaccine passports?
Vaccine passports are certificates that show the holder has been immunised against COVID-19. Currently they are being developed primarily for travel. For instance, the European Union is set to make available its COVID vaccination passport for all EU citizens and residents by July 1.
The certificate is designed to allow freedom of movement within the EU by allowing holders to avoid internal travel restrictions, such as entry bans and quarantine obligations.
Every certificate will contain a unique QR code which will allow verification of its authenticity, the digital signature and the vaccination details (the name of the vaccine and manufacturer, number of doses administered and the date(s) of vaccination).
A passport to dine out?
In addition to travel, other countries have taken a further step and started using vaccination certificates for internal purposes, such as entry into restaurants and events.
For instance, Israel started a “green pass” system earlier this year, which allowed vaccinated people access to theatres, concert halls, indoor restaurants and bars.
People would show the “green pass” on an app to gain entry to places. The app could also display proof someone had recovered from COVID-19.
But before this, the pass raised privacy concerns. For instance, Orr Dunkelman, a Privacy Israel board member, argued the certificate revealed information that was not necessary for others to know, such as the date a person recovered from COVID or received the vaccine.
Legal considerations for Australia
The first legal point to note is that vaccinations (and certifications of vaccine status) are seen as facilitating the right to health. Widespread vaccination and the use of vaccination passports are viewed as necessary to protect the community from COVID.
Related to this is the argument that vaccination passports will permit greater freedom of movement — which is a recognised human right.
However, there are two main legal concerns with using a COVID certificate to regulate entry into events, restaurants and other businesses.
First, both governments and corporations need to abide by anti-discrimination laws. There will be a relatively small group of people who are unable to have the vaccination for medical reasons. A business that excludes such a person could risk breaching these laws.
The government must therefore consider how to reflect valid exemptions in the COVID certificate. One way to deal with some of the discrimination concerns would be to give unvaccinated individuals with a medical exemption an “unvaccinated with exemption”-type certificate.
What if you don’t want to get vaccinated?
The more difficult question is whether this would be lawful for those who simply do not want to get the vaccination. As I have argued previously, there is no recognised right to conscientious objection to vaccinations under Australian law. Therefore, it may be lawful for businesses to refuse entry to such persons who do not have a COVID certificate.
More generally, however, it would not be lawful for businesses selling essential goods (such as Coles and Woolworths) to refuse entry to unvaccinated persons (whether or not they have a valid exemption). This is due to the fact this would deny persons access to basic food items.
Privacy and equity issues
The use of a digital certificate or app also raises privacy issues. This system will create a significant new store of data of potentially sensitive personal information. This is of particular concern if it is linked to other information on the myGov plaftorm or contains additional data to that of vaccination status.
Finally, government and businesses need to be aware of the equity issues surrounding both the vaccine rollout and any associated certification scheme. In my opinion, enforcement of vaccination passports could not occur before everyone in Australia has been given the opportunity to have the COVID vaccination.
Dr Maria O’Sullivan is a Senior Lecturer in the Faculty of Law and a member of the Castan Centre for Human Rights Law at Monash University.
Thanks in part to independent media, the Tory government has delayed the roll-out of the so-called ‘NHS data grab‘. But while the climbdown is to be welcomed, bigger issues remain.
Flogging our medical records, Tory-style
As we previously wrote, the Tories flogging off our medical data isn’t new. Previously, a single government body was doing it, and the government claimed that it was all legal. It also said that people’s info was anonymous, but some campaign groups disagreed.
On 19 May, Phil Booth wrote for Byline Times that the Tories are at it again. He said:
from 1 July as The Register has reported, NHS Digital, has announced that “data may be shared from the GP medical records about… any living patient registered at a GP practice in England when the collection started”.
NHS Digital… will be able to take the following from GPs’ records: “Data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health.” This will also include data about “staff who have treated patients”, and data “on sex, ethnicity and sexual orientation”, as well as other sensitive data.
Enter Big Pharma
NHS Digital states that some organisations may “need access” to your data. It says “these include but may not be limited to” several government bodies, including Public Health England. But crucially, NHS Digital also says it can give access to your data to:
research organisations, including universities, charities, clinical research organisations that run clinical trials and pharmaceutical companies
The public originally had until 23 June to opt out. You can find out how to do that here. But now, it appears the Tories have caved in – slightly.
About turn
As The Canaryreported, on Tuesday 8 June a Tory minister told the House of Commons that the government was delaying the roll-out. The scheme was due to begin in July. But now, the Tories have pushed it back until 1 September. Under-secretary of state at the Department of Health and Social Care Jo Churchill explained the decision. As the Registerreported, she said:
We have decided we will proceed with the important programme, but we will take some extra time, as we have conversed with stakeholders over the past couple of days
Feel free to chortle. Because it seems that ‘conversing with stakeholders’ is probably not the reason the Tories have backtracked.
Bowing to pressure
First, the story by Byline Times on 19 May was its most-read article ever. It was after the Registerreported it on 13 May. It appears that Byline Times‘s article led to corporate media pickingupon it. It shows the need for independent media in the UK. Because if it hadn’t have been for Byline Times and its reach, the story may not have got the attention it did.
Secondly, as The Canary previously reported, a coalition of groups then threatened the Tories with legal action. It had already sent the government a legal warning that it would take action if it didn’t stop the roll-out. Also, openDemocracy were also involved in the legal case. That, once more, shows the need for independent media.
So, unless the “stakeholders” Churchill mentioned were Byline Times, corporate media, and the coalition threatening legal action, then it seems the Tories have bowed to growing outcry.
But while the delay is to be welcomed, this still doesn’t address the basic problem with the Tories NHS data grab.
A basic issue
Medical data is worth around £10bn a year. The Tories already have form when it comes to flogging this. So, while the delay may mean more people have the chance to opt-out, the Tories will still be selling as much of our info as they possibly can. As Big Brother Watch wrote:
The records include deeply private information including mental and physical health records as well as sensitive codes such as criminal record, relationship status, abuse and abortion. …
The complete lack of transparency surrounding this bulk grab is seriously alarming and risks undermining faith in one of Britain’s most trusted institutions.
The issue of protecting our personal info is a fundamental one. Ultimately, the Tories can delay the sell-off as much as they want. This still doesn’t resolve the ethical and democratic issues surrounding Tories flogging our personal data to companies for profit. And so far, those huge problems have not been resolved.
A group has launched a legal challenge to the Tory government’s so-called “NHS data grab“. It comes as the medical records of the entire population of England are set to go on a central database in a matter of weeks. And as The Canary previously reported, the Tories are looking to sell your data to the highest bidder. But you, and the legal challenge, could stop them.
Flogging our medical records, Tory-style
As we previously wrote, the Tories flogging off our medical data isn’t new. Previously, a single government body was doing it, and the government claimed that it was all legal. It also said that people’s info was anonymous, but some campaign groups disagreed. The latest scandal broke when Byline Timesrevealed that the government is once again looking to sell our medical records.
from 1 July, NHS Digital has announced that “data may be shared from the GP medical records about… any living patient registered at a GP practice in England when the collection started”.
NHS Digital… will be able to take the following from GPs’ records: “Data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health.” This will also include data about “staff who have treated patients”, and data “on sex, ethnicity and sexual orientation”, as well as other sensitive data.
Enter Big Pharma
NHS Digital states that some organisations may “need access” to your data. It says “these include but may not be limited to” several government bodies, including Public Health England. But crucially, NHS Digital also says it can give access to your data to:
research organisations, including universities, charities, clinical research organisations that run clinical trials and pharmaceutical companies
The public has until 23 June to opt out. You can find out how to do that here. And now, a group of organisations is taking action.
A legal challenge?
A coalition of five groups and an MP have begun legal proceedings against the government. They are:
we have less than three weeks to keep our medical data safe.
Foxglove Solicitors is acting on its behalf. The coalition doesn’t seem confident that the government will drop the 23 June opt-out deadline. So, it’s started legal proceedings.
‘Unlawful’?
As it wrote:
On 3 June Just Treatment, Doctors’ Association UK, the Citizens, openDemocracy, the National Pensioners Convention and David Davis MP sent a legal letter (a letter before claim) to the Department of Health and Social Care and NHS Digital. The legal letter says that rushing such a major change through with no transparency or debate violates patient trust, and doing so without seeking patient consent is unlawful. The case asks for a halt to the GP data grab with an injunction, and to rethink and seek meaningful patient consent.
But the coalition needs funding for the case and is looking to raise £40k to cover legal costs. You can view and donate to its crowdfunder here. As it said:
Our legal team work on ‘conditional fee agreements’. That means they only recover their costs from the other side if we win. But if we lose in court, we could have to pay the other side’s costs. The claimants in this are asking the court for a “Cost Capping Order”. If the court grants that it means that there would be a limit on the amount the coalition can be forced to pay in the event it loses. To make this case possible we need to raise as much as possible.
The coalition has also started a petition which you can read and sign here.
Fighting for all of us
The Citizens has created a video explainer of the situation:
It also features the brilliant @doctor_oxford. We asked her to explain the #NHSDataGrab. Please watch this. She explains so clearly why we should all be worried. And why we have so little time to stop it.
The legal case is crucial. Many people won’t be aware of the Tories’ NHS data grab, and therefore won’t know that they can opt out. By stopping this in its tracks, the coalition will be winning for every person in the UK – except the Tories, of course.
On Friday, Maryland enacted a law to regulate the use of forensic genetic genealogy — a technique used by law enforcement to identify suspects by analyzing their relatives’ DNA and constructing “family trees.” The law, sponsored by Senator Charles Sydnor III and Delegate Emily Shetty, creates judicial oversight over and laboratory licensing for the use of forensic genetic genealogy.
The first of its kind in the country, the new legislation is a huge step toward protecting the privacy of innocent people, advancing fairness in the system, and recognizing the power and responsibility of DNA technologies.
What is forensic genetic genealogy?
As an increasing number of people have voluntarily submitted their DNA to databases to learn more about their ancestry, law enforcement has turned to these databases when their own DNA profile system — known as CODIS — fails to identify a suspect from crime scene evidence.
When no match can be found in CODIS, which contains short tandem repeat (STR) DNA profiles, law enforcement will conduct single nucleotide polymorphism (SNP) tests on evidence. Using this information, law enforcement can then search certain ancestry DNA databases like GEDmatch and FamilyTreeDNA for commonalities because the closer the biological relationship between two individuals is, the more DNA they share. Then they use public data — including census records, social media, and other public databases — to build “family trees” and identify possible relatives of the person whose DNA was found at the crime scene. This process, known as forensic genetic genealogy, was most famously used to identify a suspect in the Golden State Killer case.
Maryland’s new legislation requires that this process only be used in investigations with the knowledge and oversight of a judge and establishes a panel of stakeholders to conduct an annual review of its use. The law also requires that labs performing forensic genetic genealogy be accredited by the Maryland Department of Health’s Office of Health Care Quality and limits its use to cases involving murder, rape, felony sexual assault, and criminal acts involving “circumstances presenting a substantial or ongoing threat to public or national security.”
John K. Thomas, Christopher Tapp, and Innocence Project Director of Special Litigation Vanessa Potkin at Mr. Tapp’s post-conviction relief proceedings on July 17, 2019. Forensic genetic genealogy helped identify the actual perpetrator in Mr. Tapp’s case, leading to his exoneration. (Image: Otto Kitsinger/AP Images for The Innocence Project)
Importantly, people charged or convicted of a violent crime will now have the ability to request permission from a judge to use forensic genetic genealogy testing to help prove their innocence — a key measure for wrongfully convicted people. Forensic genetic genealogy has already been instrumental in exonerating two innocent people to date. Additionally, the law requires all DNA samples and data generated by the forensic genetic genealogy process to be destroyed so they cannot be used for other unrelated purposes.
Why does forensic genetic genealogy need to be regulated?
While powerful tools like genetic genealogy have the capacity to exonerate the innocent, their unregulated application can negatively impact privacy and civil liberties.
DNA has been used in criminal cases for over 30 years and has helped to exonerate 375 individuals in the United States to date. Today, every state, Washington, D.C., and the federal government have forensic DNA laboratories that perform testing on biological evidence left at crime scenes. When a DNA profile is developed, these laboratories upload them to CODIS so law enforcement can search these records and be notified if there is a hit. The collection and storage of these profiles are regulated at the state and federal levels. However, there has been little to no oversight over when forensic genetic genealogy is used in a criminal case, how genetic material is collected from innocent people, how their genetic and family tree information is stored, and how their privacy rights can be protected.
Genetic information is deeply personal and there are international human rights conventions that protect its use and collection. This is especially important when it comes to forensic genetic genealogy because SNPs can tell us a lot more about a person than STR DNA tests which are traditionally used in criminal cases.
Yet, before Maryland’s recent legislation, there was little to no government regulation of its use through forensic genetic genealogy in the U.S. And commercial privacy agreements have been insufficient for protecting people who have voluntarily shared their genetic information on direct-to-consumer websites like GEDmatch and FamilyTree.
Fortunately, Maryland’s new legislation requires law enforcement to get informed consent from non-suspects if they want to use the DNA profiles they contributed to commercial databases. The only exception to this is in cases where law enforcement can demonstrate to a judge that asking the non-suspect may pose a substantial significant risk to the investigation and this exception does not apply if the non-suspect has already refused to give consent.
Maryland’s historic legislation was developed as a multi-stakeholder, bipartisan effort that included the Maryland State Police, the MD Chiefs and Sheriffs Association, the Maryland State’s Attorneys Association, the Maryland Public Defender’s Office, bioethicists, academics, and advocacy organizations such as the Innocence Project.
This landmark law is setting an example for the country and the FBI, which will be reviewing and finalizing its interim policy guiding the use of forensic genetic genealogy by the Department of Justice and its agencies. Maryland can serve as an example of balancing public safety needs with a careful contemplation of privacy rights and the social impact of this potential tool.
Privacy and technology experts have written to ABC management, urging them to reconsider the decision to require iview users to log in to use the video streaming service, saying the move raises legal questions and creates risks for viewers.
From July, users of the ABC iview service will be required to sign up with an email address and password to continue using it, with the data collected to be used in ‘personalisation’ features like content recommendations and watchlists.
“I think it’s a really risky move from the ABC, both in terms of their own legal compliance but also the potential that they’re putting their audience at risk of harm,” Salinger Privacy principal Anna Johnston told InnovationAus.
ABC managing director David Anderson defends the broadcaster’s decision to introduce mandatory log-ins
Data collected by the ABC will be shared with third parties, like Google and Facebook, unless the user actively opts out – an option that does not yet exist despite millions of people being signed up and a national campaign promoting the registration.
“The problem with opt-out is that opt-out is not consent. Only proactive opt-in will constitute consent,” Ms Johnston told InnovationAus.
“And the law says that if a company or an organisation is going to send data offshore away from Australia to a third party, they need the person’s consent unless other legal tests are met.
“I can’t see how the ABC can meet those other legal tests.”
Earlier this month the ABC revealed plans to make log in mandatory, promising not to sell the data, protect it at a “global best practice” standard and to offer opt-out options to stop users’ data being shared with thirds parties.
ABC managing director David Anderson last week defended the move during Senate Estimates. He said opt-in was considered but ultimately opt out was chosen because it was “standard practice” for media providers and would improve content delivery.
“It’s compulsory in that, we want people to keep coming back to it [iview]. So, we want to be able to provide these features that are positive to you as a user so that you see the value of signing in,” Mr Anderson said.
“At the moment, I’m not sure that you are going to come back as much as you would, if you had the recommendations we would supply you.
Mr Anderson said he had not yet decided if other ABC services like the ABC listen app would require log-ins in future.
Ms Johnston has written to Mr Anderson, expressing concern with the potential harms of requiring users to log in to iview and the legal risks it creates.
In the letter, she raises the problems with third-party data offshore data sharing and outlines that under Australian privacy laws the ABC is required to offer genuine anonymous use of its services and must not collect personal information unless reasonably necessary or directly related to the service.
She argues the ABC is fundamentally different to commercial media platforms and Australia’s other public broadcaster SBS, which is supported by advertising and requires a log-in. In contrast, ABC receives independent funding and is mandated to reflect the diversity of its entire audience.
“It’s a different balancing act for the ABC than it is for commercial operators,” Ms Johnston said.
“So, as a result, I think the ABC needs to tread more carefully than commercial operators.”
The warning follows a similar alarm from Australian National University associate professor and Thinking Cybersecurity chief executive Vanessa Teague, who has also written to the ABC.
She says the public broadcaster’s decision to collect user data and force ABC viewers to log in to iview is “ill-considered and should be reversed”.
Associate Professor Teague’s letter explains the potential barriers created by a log-in for certain groups like children, older people and those with less familiarity with technology. She also questions the validity of consent obtained by the ABC to collect and share data, and the consequences of “personalised experiences”.
“We are not the product,” Associate Professor Teague told InnovationAus.
“We are the citizens who paid to create the product.”
In the letter to the ABC board, Associate Professor Teague argues increasing “personalised experiences” in media content creates risks and, as demonstrated in the United States, can lead to hyper-partisan thought bubbles that distort perceptions of reality.
“’Personalised experiences’ are unfortunately often experienced by social media users and commercial TV viewers as isolating bubbles of reflected prejudice,” Associate Professor Teague’s letter says.
“This is exactly the opposite of what the ABC does now, and should do in future, for Australians.
“If ABC viewers wanted this, they would opt-in. I see no objection to offering data collection, data sharing and personalisation on an opt-in basis if it is done transparently. But please reconsider your decision to gather viewing data without any option to refuse, to share it without opt-in consent, and to prevent people viewing ABC iview content without logging in.”
The Tories are going to sell your NHS medical records. Not that this is new. Because they’ve been flogging them off already. But what is new is that this scheme is larger than previous ones. And you have a deadline to opt out by.
Flogging your NHS data
Byline Times has reported that the Department for Health and Social Care (DHSC) is going to be selling people’s data from GP practices. As writer Phil Booth noted:
from 1 July, NHS Digital has announced that “data may be shared from the GP medical records about… any living patient registered at a GP practice in England when the collection started”.
NHS Digital… will be able to take the following from GPs’ records: “Data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health.” This will also include data about “staff who have treated patients”, and data “on sex, ethnicity and sexual orientation”, as well as other sensitive data.
Enter the corporations
Its website states that some organisations may “need access” to your data. NHS Digital says “these include but may not be limited to” several government bodies, including Public Health England. But crucially, NHS Digital also says it can give access to your data to:
research organisations, including universities, charities, clinical research organisations that run clinical trials and pharmaceutical companies
But here’s the thing. The Tories have already been selling off patient data to private companies.
US drugs giants, including Merck… Bristol-Myers Squibb and Eli Lilly, have paid the [DHSC], which holds data derived from GPs’ surgeries, for licences costing up to £330,000 each in return for anonymised data to be used for research.
On this occasion, it was the Clinical Practice Research Datalink (CPRD) that was selling data, not NHS Digital. It’s another government body. Meanwhile, the government claimed that the info was anonymous. It also said the sales were in line with all regulatory requirements. But then, the Observerfollowed the story up in February 2020. And it claimed that this anonymisation was not strictly that. One campaign group told it that:
Removing or obscuring a few obvious identifiers, like someone’s name or NHS number from the data, doesn’t make their medical history anonymous. Indeed, the unique combination of medical events that makes individuals’ health data so ripe for exploitation is precisely what makes it so identifiable. Your medical record is like a fingerprint of your whole life.
Now, it appears this sale of our private medical info is expanding to NHS Digital.
Years in the planning
As the British Medical Journal (BMJ) noted, this data sharing plan has been in the pipeline for several years:
the current position on extracting patient data is a bit of a mess: a patchwork of agreements between different research bodies and individual practices (or groups of practices). For the past three years NHS Digital has worked with the Royal College of General Practitioners (RCGP), the BMA [British Medical Association], and others to develop a more coherent structure and process. This new method of data collection, the General Practice Database for Planning and Research (GPDPR), will enable these activities to continue more broadly beyond the pandemic.
In short, everyone’s GP records will be pooled together in one place. But as the BMJ also said, neither the RCGP nor the BMA have “endorsed this process”. This is despite them working with NHS Digital on it. So, it seems the government is pushing ahead with it anyway. It claims this is to do with the coronavirus (Covid-19) pandemic. But of course, the reason for this is all about money.
A £10bn money-spinner. But it’s all legit, obvs.
It’s little wonder the Tories want to flog your medical records. Because as the Observerwrote:
Access to NHS data is increasingly sought by researchers and global drugs companies because it is one of the largest and most centralised public organisations of its kind in the world, with unique data resources.
It put the value of our medical data at £10bn a year. But of course, the government claims this is all perfectly legit. It told the Observer in 2019 that “rigorous processes” meant people’s privacy was protected. And it said that:
Ethically conducted research using CPRD patient data sets has brought enormous benefits to patient care, including providing evidence for the National Institute for Health and Care Excellence (NICE) blood-pressure targets for patients with diabetes, as well as working with universities, regulators and the pharmaceutical industry who research the safety of their medicines.
But as Byline Timesreported, the Tories have just made a concession.
Opt-out, now
On 12 May, NHS Digital updated its website. The public now has an opt-out date. NHS Digital states that it will start sharing data on 1 July. But if you don’t want the government to share your data, you need to opt out by 23 June. There’s a form you need to complete. You can access it here via instant download. Then, you need to send this to your GP by 23 June.
But you need to do it now. Because if you opt-out later than the 23 June deadline, then all your records up to the point you officially submit your wishes can be shared anyway. Meanwhile, as the Financial Times (FT) reported, a campaign group has already begun a legal challenge to the new rules. The FT also noted that, essentially, the DHSC tried to sneak this under the radar:
The plan to create a new data set was announced by Matt Hancock… in early April and publicised mainly on blogs on the NHS Digital website, and through flyers at GP surgeries
Stop this Tory sneakery
Of course, the Tories sneaking around makes sense. Because a similar plan by the government fell flat on its face. The BMJsaid this was “partly” due to public “mistrust”:
Consent to share data involves trust, and the ill fated care.data project five years ago collapsed partly because of patients’ mistrust about how their data might be used. Concern hasn’t been voiced on a similar scale this time, but that may be because so few people know about
So it’s crucial that as many people as possible know about the Tories’ data sale. Spread the word. Opt out. Because otherwise the Tories will soon be selling off your personal data to the highest bidder. And who knows where it could end up.
Though his story has been widely disseminated by now, before Edward Snowden fled to Hong Kong he sent a box of classified documents by snail mail from Hawaii (marked mysteriously “from B. Manning”) to a writer in New York, which made its way, unopened, from person to person until it reached journalists Laura Poitras and Glen Greenwald, who went on to meet with Snowden and tell his story of global panoptic surveillance affecting just about everybody online.
The story, Snowden’s ToolBox: Trust in the Age of Surveillance, by Jessica Bruder and Dale Maharidge, is, as the authors emphasize, a story of trust in an age of paranoia and suspicion. They’re keen to tell us, tag-team style, how the world has changed since the events of 9/11, with the militarization of the Internet, and the rise of surveillance capitalism, leading to a pervasive sense that privacy is no longer viable. We’ve succumbed to the sad notion that if we have ‘nothing to hide’ then we needn’t worry about Big Brother watching over us.
Many readers will be familiar with Jessica Bruder’s work through the adaptation of her travel memoir, Nomadland, which recently won the Oscar for best film, and for which she worked with the director Chloé Zhao to create a screenplay. Her road travels, living the life of a nomad for months, and talking Studs Terkel-like to American wanderers, travelling from job to job as a lifestyle, jibes quite nicely with co-author Dale Maharidge’s background. Maharidge won the Pulitzer Prize in 1990 for And Their Children After Them, his follow-on to the James Agee study of Alabama sharecroppers, Let Us Now Praise Famous Men. They’re People people, and so are the cadre of journalists and independent filmmakers they hook up with in telling this side story.
The first half of the book retells the now-familiar story of how and why Edward Snowden stole highly classified documents from NSA contractor Booz Allen Hamilton and handed them over to Poitras and Greenwald, who went on to make a film, Citizenfour, and detail his revelations in the Guardian. The co-authors quote Snowden judiciously; in an interview shortly after he outs himself on TV, Snowden tells us that the surveillance state he’s seen represents “an existential threat to democracy…I don’t want to live in a world where there’s no privacy and therefore no room for intellectual exploration and creativity.”
Bruder explains that Snowden had wanted to have his revelations run in the New York Times, the nation’s preeminent paper of record, but was seriously bummed out when they quashed an October 2004 article by James Risen and Eric Lichtblau that exposed Stellar Wind, the government’s illegal dragnet of American electronic communications. The Bush administration had denied such activity.
Bruder writes, “Approaching the New York Times…was out of the question. Snowden didn’t have confidence that the newspaper would have the guts to break the story… The scoop was scheduled to run right before the 2004 elections, but Executive Editor Bill Keller deferred to Bush administration officials, who claimed the revelations would damage national security.” When the story finally broke, more than a year later, it caused a political furor and popular outcry.
A more intriguing section in Snowden’s Toolbox comes when Bruder talks about how Poitras and Greenwald got together after the Snowden revelations began running in the Guardian and were invited by Ebay billionaire Pierre Omidyar to start up a new publication — The Intercept. It was meant to be a solid alternative to the corporatized MSM and a trustworthy reporting platform for whistleblowers. The publication garnered and poached some of the best journalistic talent from NYT and WaPo and elsewhere and seemed, at first, like the Travelling Wilburys of journalism.
But there was trouble from the start. The Terms of Service (TOS) made it clear that readers could be expected to have their presence at the site logged and their comments scanned by Google Adsense and Amazon’s algorithms. Such surveillance was troublesome, if for no other reason than that the Intercept’s readership were probably the types the State would want to gather details about.
It recalled the deal that Greenwald had signed with Amazon to promote his Pulitzer Prize-winning post-Snowden account of the surveillance state, No Place to Hide. Viewers of the site were offered an opportunity to receive Greenwald’s book for free, if they applied and were successfully approved for an Amazon credit card. The application details would be processed by Chase, who Greenwald had once excoriated for their corrupt practices. But more importantly, by accepting the deal from Amazon, Greenwald was effectively promoting the forwarding of private information to a corporation that would collect and store that data – from exactly the kind of readers the State would be eager to parse.
We learn that Laura Poitras, co-founder of The Intercept, was turned down when she wanted to continue working with the Snowden trove of documents, which First Look Media, owner of The Intercept, told her “the company would own all rights to any publication that resulted from our writing about the Snowden archive.” And that, she continues, “Notes we took at the archive would be confiscated for review — and possible redaction — by the Intercept.” And she added: “I laughed. The experience felt like something out of Kafka. And it gave me a sense of déjà vu, echoing how the NSA and the FBI had shut down our request to see our files.” The Intercept has since stopped writing altogether about the Snowden archive.
It gets worse when the reader learns that Laura Poitras was stiffed by The Intercept in her compensation package. Bruder writes, “Laura had been facing challenges of her own at the company, including the startling realization that her compensation was far below that of her male colleagues Greenwald and (Jeremy) Scahill.” Unbeknownst to her, Scahill and Greenwald had renegotiated their contracts, and the resulting pay disparity was “in the hundreds of thousands of dollars.”
Toward the end of the book, Bruder and Maharidge, the leit motif is repeated. Trust — at the interpersonal level, work environment and social contract with the State — is key. They write, “Trust is the basis of all cooperative action in a free society. It’s the feeling of fellowship that allows people to take risks and grow. It’s also the underpinning of democracy. And it’s fragile, easy to undermine.”
Succinct, true, and well put.
All in all, Snowden’s Toolbox is a good read, with humor, intelligence, and a welcome sense of journalistic collegiality. An Appendix offers a “toolbox” of stuff journalists and readers can do to maintain their privacy and the documents of their whistleblowing sources.
/cdn.vox-cdn.com/uploads/chorus_image/image/70019326/Labor_7.0.jpg)
