This Week In Digital Trust

In this special episode of This Week in Digital Trust, we explore familiar themes, but with a twist.  On the podcast we often discuss concepts of agency and a sense of identity in the context of privacy, and how our grip on these concepts can be undermined when we lose control over our information.  For Australians who have experienced disadvantage, especially children that have grown up in out-of-home care, these challenges are even more pronounced. Many typically don't have any access to their own records or sufficient visibility about how they are used and for what ends. We speak with experts Frank Golding and Barbara Reed (bios below) to explore this experience and how recordkeeping is now being re-imagined, in a way that might have lessons for how personal data is managed by organisations more broadly. Bios: Dr Frank Golding OAM Frank Golding has a PhD from Federation University Australia and is a Life Member of CLAN, the national care leaver advocacy body. A social historian, Frank has contributed to formal inquiries dealing with the institutionalisation of children and to projects with the National Museum, the National Library of Australia, and the National Summit on Rights in Records. He has presented papers on child welfare in a number of countries. He has written more than a dozen books, as well as book chapters and refereed journal articles. Barbara Reed Barbara Reed is currently working as a part time Research Fellow on the Rights in Records projects of Monash University. As an independent archives and records consultant and Director of Recordkeeping Innovation,  she has worked with a range of government, non-government, private and non-profit organisations, in Australia and internationally. She has previously worked on issues empowering access to records for the Care Leaver Community and the Stolen Generation. Much of her consulting work has been focused on developing recordkeeping practices and competencies, transforming recordkeeping into digital practice, and working with a range of stakeholders to create strategic interventions through standards and best practice guidelines. Links: Dr Frank Golding OAM https://frankgolding.com/ Charter of Lifelong Rights in Childhood Recordkeeping in Out of Home Care https://www.monash.edu/it/clrc Bodies of Light (book) https://www.goodreads.com/book/show/58420822-bodies-of-light Credits: Music by Bensound.com

This week Arj and Jordan take a look back at the big issues of 2022 and how things have played out since they were discussed in earlier episodes. They cover topics including the crash of crypto, the extent of cyber war in the Ukraine/Russia conflict, the march of facial recognition technology, and Australian Government reforms in the cyber and privacy domains. This is our last episode of 2022. We'll be back in early Jan. Thank you all for listening to the first year of TWIDT! Links: Bitcoin crashes in 2022 (Yahoo Finance) https://au.finance.yahoo.com/news/bitcoin-price-crashes-2020-level-crypto-battering-continues-092507106.html Why Russia's cyber war in Ukraine hasn't played out as predicted (New Atlas) https://newatlas.com/military/russia-cyber-war-ukraine/ Cyber Conflict in the Russia-Ukraine War paper series (Carnegie Endowment for International Peace) https://carnegieendowment.org/programs/technology/cyberconflictintherussiaukrainewar Clearview AI facial recognition ruling (OAIC) https://www.oaic.gov.au/updates/news-and-media/clearview-ai-breached-australians-privacy Facial recognition technology: Towards a model law (UTS Human Technology Institute) https://www.uts.edu.au/human-technology-institute/explore-our-work/facial-recognition-technology-towards-model-law Cyber strategy revamp (The Mandarin) https://www.themandarin.com.au/208343-national-security-boffins-to-rally-around-major-reset-on-resilience-migration-cyber-and-democracy-policy/ Dreyfus pledges sweeping data privacy reforms (AFR) https://www.afr.com/politics/federal/dreyfus-pledges-sweeping-data-privacy-reforms-20220627-p5awvw Credits: Music by Bensound.com

This week, Arj and Jordan mark Human Rights Day (Dec 10) with an argument for making human rights a more central focus in Australia's public policy and reform discussions about privacy. The discussion offers a useful framing for analysing a recent decision by EU regulators against Meta's use of personalised advertising without explicit consent, a ruling expected to strike at the heart of the tech giant's business models. They also discuss how stronger privacy laws that make the acquisition of "third-party data" more difficult might be spurring a trend towards new reward schemes and wellbeing apps in the health sector, which the ACCC has warned are creating "big honeypots" of sensitive data. Links: Jordan's oped about privacy and human rights (InnovationAus) https://www.innovationaus.com/the-blindspot-in-australias-approach-to-privacy-reform/ Human Rights Day https://www.un.org/en/observances/human-rights-day EU set to bar Meta from ads based on personal data (Reuters) https://www.reuters.com/technology/eu-raises-concerns-over-metas-targeted-ad-model-wsj-2022-12-06/ Meta’s behavioral ads will finally face GDPR privacy reckoning in January (TechCrunch) https://techcrunch.com/2022/12/06/meta-gdpr-forced-consent-edpb-decisions/ Cyber risk in data honeypots from health insurance app craze: ACCC (The Australian - paywalled) https://www.theaustralian.com.au/business/financial-services/cyber-risk-in-data-honeypots-from-health-insurance-app-craze-accc/news-story/e98bf187286252a0f355980ef77c8cbd Credits: Music by Bensound.com

This week, Arj and Jordan dive into the collapse of cryptocurrency exchange FTX. It leads them to a broader discussion about Effective Altruism, a philosophy and a movement to govern charitable giving that has been taken up with gusto by influential tech billionaires (like FTX founder Sam Bankman-Fried). Arj and Jordan discuss how some of the thinking behind Effective Altruism may be having adverse effects on the direction of technology more broadly. Links: FTX collapse news story (ABC News) https://www.abc.net.au/news/2022-12-03/the-downfall-of-ftx-crypto-king-sam-bankman-fried/101714162 Effective Altruism website https://www.effectivealtruism.org/ Peter Singer pond thought experiment https://www.thelifeyoucansave.org.au/child-in-the-pond/#:~:text=If%20you%20don't%20wade,ll%20be%20late%20for%20work. Timnit Gebru oped about Effective Altruism (WIRED) https://www.wired.com/story/effective-altruism-artificial-intelligence-sam-bankman-fried/ Critique of longtermism (New Statesman) https://www.newstatesman.com/ideas/2022/11/elon-musk-william-macaskill-useful-philosopher Credits: Music by Bensound.com

This week, Arj and Jordan explore the concept of "safe harbour", a legal concept giving board directors a defence from liability from a privacy or cyber incident. With increased penalties recently introduced for privacy breaches and greater scrutiny on boards and executives, we're starting to hear this idea being floated more often. We explore its merits. We also chat briefly about the Australian Government's new "hack the hackers" gambit and the status of legislation to drastically increase fines for privacy violations. Links: Government announces standing operation to disrupt cybercrime (Home Affairs) https://minister.homeaffairs.gov.au/ClareONeil/Pages/standing-operation-against-cyber-criminal-syndicates.aspx New privacy penalty bill passes Parliament (InnovationAus) https://www.innovationaus.com/unworkable-data-breach-laws-pass-parliament/ Tech lobby exemptions sought to privacy fines (InnovationAus) https://www.innovationaus.com/tech-industry-wants-good-faith-data-breach-penalty-exemptions/ David Gonski calls for safe harbour (AFR) https://www.afr.com/companies/professional-services/gonski-pushes-for-new-cyber-risk-mechanism-to-protect-directors-20220822-p5bbqe Lawfirm calls for safe harbour for ransom payments (AFR) https://www.afr.com/technology/making-cyber-ransom-payments-unlawful-would-help-boards-20221120-p5bzp7 Credits: Music by Bensound.com

This week, Arj and Jordan dive into the Musk/Twitter saga. Opinions abound on this one - but Arj and Jordan look closely at how Musk is going with his promise to bring back free speech, the viability of Musk's blue-check verification thought-bubble, and likely repercussions of the departure of privacy, security and compliance officers from the platform. Links: Musk fires engineers after critical posts (CNBC) https://www.cnbc.com/2022/11/15/musk-fires-twitter-engineers-after-critical-posts-on-twitter-and-slack.html Musk halts blue check subscription plan (Reuters) https://www.reuters.com/technology/musk-says-his-companies-will-remain-well-positioned-2023-2022-11-11/ Oped by Twitter's former head of trust and safety (NYTimes) https://www-nytimes-com.cdn.ampproject.org/c/s/www.nytimes.com/2022/11/18/opinion/twitter-yoel-roth-elon-musk.amp.html Privacy and Security officers depart Twitter (The Verge) https://www.theverge.com/2022/11/10/23451198/twitter-ftc-elon-musk-lawyer-changes-fine-warning FTC settlement with Twitter https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again FTC warning to Twitter (TechCrunch) https://techcrunch.com/2022/11/10/ftc-warns-no-ceo-or-company-is-above-the-law-if-twitter-shirks-privacy-order/ Australia’s eSafety commissioner cautions Elon Musk (Guardian) https://www.theguardian.com/technology/2022/nov/08/australia-esafety-commissioner-elon-musk-twitter-moderation-concerns Credits: Music by Bensound.com

This week, Arj and Jordan dive into the vexed question of whether companies should pay ransoms to cybercriminals. The government's position is clear: do not pay. The reality on the ground for most companies is much more complex. Arj and Jordan step through these complexities and the competing imperatives organisations face when confronted with this difficult decision. Important note: This is a complex topic and it's important to emphasise that in this discussion we aren't advocating one way or the other in relation to paying ransoms generally - merely illustrating how businesses faced with a ransom demand do have various and competing considerations. Links: Medibank breach round-up (Guardian) https://www.theguardian.com/australia-news/2022/nov/12/medibank-v-the-hackers-how-the-health-insurer-fell-to-a-mass-data-theft National coordination mechanism invoked (IT News) https://www.itnews.com.au/news/gov-invokes-emergency-coordination-as-medibank-breach-worsens-586965 ACSC ransomware advice https://www.cyber.gov.au/ransomware Ransomware action plan https://www.homeaffairs.gov.au/cyber-security-subsite/files/ransomware-action-plan.pdf Labor call for National Ransomware Strategy https://timwatts.net.au/media/187357/beyond-the-blame-game-ransomware-discussion-paper.pdf Panama Papers https://en.wikipedia.org/wiki/Panama_Papers Credits: Music by Bensound.com

This week, Arj and Jordan dive into the issue of privacy and security of data in the rental market.  After a spate of data breaches affecting Australian businesses, commentators had been warning of the disaster-in-waiting in the real estate sector. And sure enough we got one. Arj and Jordan explore the underlying factors involved, including practices and attitudes at individual real estate agencies, power imbalances in the housing market and legislative gaps. Links: Samantha Floreani article on real estate data practices (Guardian) https://www.theguardian.com/commentisfree/2022/oct/04/telcos-arent-alone-in-collecting-too-much-of-our-personal-information Harcourts real estate agent data breach (Guardian) https://www.theguardian.com/australia-news/2022/nov/03/melbourne-real-estate-agency-data-breach-leaves-details-of-renters-and-landlords-exposed ABC investigation into real estate websites pressuring rental applicants to pay for background checks (ABC) https://www.abc.net.au/news/2022-11-04/regulators-examining-renters-pressured-into-paying-background/101611846 UNSW analysis of rental data collection practices https://newsroom.unsw.edu.au/news/social-affairs/cybersecurity-breaches-call-rental-data-collection-overhaul Business lobby pushes back on removal of small business exemption (AFR) https://www.afr.com/technology/you-can-t-just-flick-a-switch-small-business-fears-new-data-laws-20221004-p5bn2o First Dog on the Moon on housing https://www.theguardian.com/commentisfree/2022/oct/28/you-would-not-believe-what-questions-real-estate-agents-are-asking-tenants-now Credits: Music by Bensound.com

We're back after a break. This week, Arj is joined by elevenM privacy practice lead Melanie Marks to discuss the Australian Government's move to significantly lift penalties on businesses that violate privacy, as the nation experiences a spate of serious data breaches. They discuss the likely impact and effectiveness of the fines, clear up some misconceptions about what the fines are actually for, and explore some of the less-discussed additional powers introduced alongside the fines. Links: Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6940_first-reps/toc_word/22113b01.docx;fileType=application%2Fvnd.openxmlformats-officedocument.wordprocessingml.document Attorney-General press release https://ministers.ag.gov.au/media-centre/tougher-penalties-serious-data-breaches-22-10-2022 Explanatory Memorandum https://parlinfo.aph.gov.au/parlInfo/download/legislation/ems/r6940_ems_715c9651-94ce-4b91-9912-a4023d8c7f61/upload_word/22113%20EM.DOCX;fileType=application%2Fvnd.openxmlformats-officedocument.wordprocessingml.document  Link to make submissions on the Bill https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Legal_and_Constitutional_Affairs/PrivacyEnforcement2022 OAIC's Federal Court proceedings against Facebook https://www.oaic.gov.au/updates/news-and-media/commissioner-launches-federal-court-action-against-facebook Credits: Music by Bensound.com

This week, Arj and Jordan get wonky, exploring why public policy approaches to scaling back market power are increasingly dovetailing with reforms to better safeguard individual privacy. The conversation takes them to unexpected places, covering two new momentous EU regulations, Amazon's acquisition of Roomba maker iRobot, and the so-called "hipster antitrust" movement. Links: Article about Digital Markets Act and the Digital Services Act (InnovationAus) https://www.innovationaus.com/eu-double-act-puts-regulatory-squeeze-on-platform-tech/ FTC probing Amazon's iRobot aquisition (Reuters) https://www.reuters.com/markets/deals/ftc-seeks-more-data-amazons-17-bln-deal-vacuum-maker-irobot-2022-09-20/ ACCC Digital platforms inquiry https://www.accc.gov.au/focus-areas/inquiries-finalised/digital-platforms-inquiry-0 ACCC on Google's proposed FitBit acquisiton (Guardian) https://www.theguardian.com/australia-news/2020/dec/22/google-faces-400m-fine-over-fitbit-takeover-if-it-doesnt-wait-for-competition-watchdogs-approval Article about "hipster antitrust" (Reuters) https://www.reuters.com/article/us-usa-antitrust-breakingviews-idUSKBN2B3016 Lina Khan paper in Yale Law Journal https://www.yalelawjournal.org/pdf/e.710.Khan.805_zuvfyyeh.pdf Credits: Music by Bensound.com