|
Should I download the COVID-Safe app? The privacy pros, cons and don’t-yet-knows
Last Sunday evening, as I was cosily snuggled up on my sofa watching a murder mystery, my phone started beeping like mad. I had multiple text messages from friends and family, all asking my advice on the same thing: ‘What’s with the covid app? Should I download it? Is it a privacy risk?’
There is no ‘one size fits all’ answer to this question. So let’s run through the privacy pros, cons, and the ‘yet TBD’ features of COVIDSafe, so that you can decide for yourself.
Read more >>
|
|
|
Muddy thinking from Clearview
For four months now, Clearview AI, the facial recognition company headed by an Australian expat, has been making the news. This month, it was revealed that contrary to initial denials by the Australian Federal Police, 7 AFP officers were in fact using the tech under a free trial, which means they skipped any of the normal due diligence you would expect from a commercial procurement process. In response to a journalist enquiring about the OAIC’s investigation into the matter, founder Ton-That made the extraordinarily inaccurate claim that the Australian Privacy Act only protects ‘private’ information. (Good luck with that.) Oh, and then they had another security breach due to their own misconfigured servers. |
|
CLOUD conflict and confusion
The decision to host the National COVIDSafe Data Store in the cloud on AWS (Amazon’s web servers) has raised an interesting question about data sovereignty. While the Australian Government has said that the data will only be stored within Australia, and the legal Determination issued makes it a crime for any person to disclose the data to a person outside Australia, or retain it in a database outside Australia, what would happen if the US Government wanted access to the data?
Health Minister Greg Hunt has publicly said that US law doesn’t apply in Australia and that “the Biosecurity Act determination trumps” US law. However the section of the Biosecurity Act under which the Minister’s Determination was made doesn’t actually say that. Section 477(5) says the Determination “applies despite any provision of any other Australian law”, which is defined at s.9 to be a law of the Commonwealth, State or Territory. No mention of trumping the laws of other nations.
The Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) allows the US Government (e.g. the FBI) to access, with a warrant, data held by US-based companies in overseas jurisdictions. (Example A: data held on an AWS server in Sydney.) However, if the data is about non-US citizens or residents, the cloud provider has some grounds on which to challenge such a warrant, including if the privacy rights of a foreign jurisdiction would be infringed upon. But then again, that option to challenge is only in relation to ‘qualifying’ foreign governments which have entered into an executive agreement with the US, which Australia has not yet done. (And are we satisfied with leaving the decision about whether or not to challenge the FBI in the hands of Amazon?) The Law Council has raised concerns that the Ministerial Determination is therefore not enough to protect the data in the National COVIDSafe Data Store from application of the CLOUD Act.
Confused about how this potential conflict of laws would play out in practice? Me too.
|
|
|
|
|
Privacy in design: Tranquil spaces to be ‘let alone’
I love Islamic architecture, for the arched doorways offering little glimpses into private worlds.
‘Smart cities’ are all fine and good for life’s necessary conveniences, with ...
continue reading >
|
|
|
What should we do about facial recognition?
Privacy dies yet again
In another masterful piece of privacy reporting, Kashmir Hill in the New York Times has exposed the nefarious use of facial recognition ...
continue reading >
|
|
|
|
|
We offer a range of online privacy training options, from quick pay-per-view modules through to fully customised programs.
SEE OUR eLEARNING OPTIONS
|
|
