Source: Katina Michael with Rebecca Herold, October 2, 2019, “Principles of Professional Ethics in the Workplace”, Data Security and Privacy: Voice of America, https://www.voiceamerica.com/
Dr Katina Michael
Expertise: Privacy and Cybersecurity
School of Computer and Information Technology
Professor Michael comments regularly on the social implications of emerging technologies with an emphasis on privacy and national security.
The topics she’s best-versed on are cybersecurity, privacy, technology, ethics, social media, wearables and biotechnology.
She researches the social and ethical implications of emerging technologies.
She has engaged in debates on hot issues; smartphone addiction; Facebook’s privacy breaches; whether humans are being enslaved or empowered by technology; when citizen rights are violated by tech companies or governments and the possibilities and limitations of mechanical upgrades to the human body.
She has also researched on the regulatory environment surrounding the tracking and monitoring of people using commercial global positioning systems (GPS) applications, focusing on people with dementia, mental illnesses, parolees, and minors.
Since 1996 Dr Michael has been studying the impact of microcircuitry and nanotechnology devices in humans.
Her research on location intelligence and resulting behaviours was a precursor to wearable devices like the FitBit.
She delivered a TEDx talk on the future prospects of microchipping people and more recently on the future prospects of brain pacemakers.
She understands the history of computers, and key innovations in design since they were first developed.
She is deeply involved in the Public Interest Technology movement, and technology for good with respect to Sustainable Development Goals.
Dr Michael can talk in depth about automatic identification technologies including bar codes, magnetic stripe cards, smart cards, biometrics, radio-frequency identification tags and transponders.
She can provide an informed opinion on location-based services including Global Positioning Systems, UHF and A-GPS, Wireless Local Area Networks, Cellular and 3G Mobile and IP Location Services.
On computing her knowledge covers context aware applications, mobile media, wearable computing, chip implants and nanotechnology.
She has a strong interest in national security including homeland defence, national identification schemes, counter-terrorism strategies, natural disaster prevention and response, pandemics and government readiness.
On privacy and surveillance, she can discuss dataveillance, sousveillance and uberveillance.
On public policy her expertise covers the Telecommunication Interception Access Act, anti-terrorism laws, standards and guidelines.
Dr Michael works between Australia and the US. While she's in the US, media can reach her via +14804941149.
Source: Katina Michael, June 12, 2019, “Expertise: Privacy and Cybersecurity (Katina Michael)”, UOW Media, https://www.uow.edu.au/media/find-an-expert/katina-michael/
Citation: Katina Michael with Gemma Veness, June 2, 2019, “United States visa applicants now required to hand over social media usernames”, ABC24hour News: Afternoons, https://www.abc.net.au/news/newschannel/
For an alternate perspective: https://www.abc.net.au/news/2019-06-04/us-visa-rules-social-media-accounts/11174262
As the Federal Government today pushes the button to create My Health Records for every Australian who wants one, the industry has stepped out asking for more transparency around security and secondary use of the records to enable people to make more informed decisions about it.
The industry has also voiced out about data de- and re-identification, a global approach to cybersecurity issues as healthcare digitises, information security requirements of the future and blockchain as a way to alleviate some of the challenges associated with the My Health Record system.
On 26 November 2018, the Federal Parliament passed legislation to strengthen privacy protections in My Health Records Act 2012 without debate or division.
The new legislation means that Australians can opt in or opt out of My Health Record at any time in their lives. Records will be created for every Australian who wants one after 31 January and after then, they have a choice to delete their record permanently at any time.
The date of 31 January follows much deliberation from the Federal Government to extend the opt-out date. Australians initially had until 15 October 2018 to opt out of the national health database, or a My Health Record was to be created for them by the end of that year.
But following the opposition calling for an extension to the opt-out period, the public outcry against the potential for the data to be shared with police and other government agencies, a leaked government document detailing the Australian Digital Health Agency’s response to concerns and a raft of changes recommended by the Senate Inquiry into My Health Record, the Federal Government pushed this date back and relaxed its stance on when Australians can opt in or opt out of the system.
Australian Academy of Technology and Engineering (ATSE) President Professor Hugh Bradlow said the collection of health data across the population will result in better health outcomes as it not only shows how effective interventions are, but also allows treatments to be personalised based on the experience of thousands of other patients.
“New forms of measurement (based on artificial intelligence) will also give patients far more significant information about institutional performance, practitioner performance, the outcomes of specific interventions, etc.” he said.
The Society of Hospital Pharmacists of Australia (SHPA) Chief Executive Kristin Michaels said the My Health Record debate highlighted the need for an integrated ehealth system, accessible only to health professionals and set up at the request of health organisations, for the benefit of all Australians.
"All Australians, regardless of any illness or condition, deserve to get the highest-quality care,” Michaels said.
“More often than many would think, patients are unable to explain the medicines they are already taking and for what conditions they are already being treated, particularly after a seizure or if unconscious. Many of these patients are unaccompanied. Sometimes this lack of information leads to errors that have serious impacts on people’s lives.
“[Hence] hospital pharmacists have long called for a shared, electronic patient data system that links up a fragmented health system and empowers patients in their own care."
The issue of security
However, University of Melbourne Department of Computing and Information Systems Cybersecurity Senior Lecturer Associate Professor Vanessa Teague expressed her concerns around the privacy implications of secondary uses of My Health Records not being accurately explained.
“Both doctors and patients can be easily and confidently identified in a dataset… In the case of patients, this means that a few points of information, such as the patient's age and dates of surgeries or childbirths, is enough to identify the person and thus, retrieve all their Medicare bills and PBS [Pharmaceutical Benefits Scheme] prescriptions for many years.
“Easy and confident re-identification has been demonstrated on numerous other datasets that were shared in the mistaken belief that they were de-identified. It is probably not possible to securely de-identify detailed individual records like My Health Records without altering the data so much that its scientific value is substantially reduced.”
Teague said patients may choose to opt out of secondary uses of their data but are unable to make a “genuinely informed decision” if they are inaccurately told that their detailed record cannot be identified.
“Even more importantly, those whose identifiable MBS [Medicare Benefits Schedule]-PBS records were already published in 2016 should be notified, because the earlier release could make re-identification of their My Health Records much easier,” she said.
Harvard Medical School International Healthcare Innovation Professor Dr John Halamka also previously criticised the system for relying on outdated technology, saying that the $2 billion My Health Record was nothing more than “digitised paper” as it uses such “out-of-date” technology that crucial patient information on test results and diseases are unable to be read or shared by computers.
University of Wollongong School of Computing and Information Technology Professor Katina Michael said health data breaches, for some, could have a huge impact.
She used the recent example from Singapore, where 1.5 million Singapore health records were breached in a highly targeted effort on SingHealth. Among the breached health records was Singapore Prime Minister Lee Hsien Loong's personal records.
“What does this tell us when one of the world's most advanced cybersecurity nations suffers such a large-scale attack? Plainly, that no one's personal information is safe, no matter the measures in place,” she said.
"If we have learnt anything over the last four months, it is that electronic health records are hackable. We need not have to look too far to see that no system is impenetrable.”
Michael also speculated that there is the possibility of a ramp up of blockchain initiatives to beef up on My Health Record security.
“We will likely be told in the not too distant future that we wildly underestimated our security requirements and as such, must go one step further and protect our credentials,” she said.
According to Professor Michael, this involves the implant of a 16-digit Personal Health Record (PHR) ID number into people that also reads vital signs while embedded. This technology then alerts first responders of ailments and medications without the need for the person to provide any information.
ATSE’s Bradlow said the industry needs to be “realistic” about it as the danger of data leaking due to cyber hacking is as true as hacking any other data system.
“Let’s remember that many [healthcare professionals] have easy access to today’s paper-based health records – an electronic record is actually a step up in privacy. Within My Health Record, we can make it the default to require a patient access code,” he said.
“A well-designed record system which is managed by a professional security organisation and has a clear audit trail, for example, provided by blockchain, can mitigate this risk significantly."
Source: Hafizah Osman, 31 January 2019, “Industry calls for more caution over MHR system”, https://www.healthcareit.com.au/article/industry-calls-more-caution-over-mhr-system
Note: Thank you Hafizah Osman— interestingly I was referring to the VeriChip experiment of the PHR that Dr John Halamka trialled for a short time and wrote about in 2006 here: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1656959/
Citation: Katina Michael with Nancy Notzon, December 7, 2018, “Rushing Through the Encryption Bill Means Watering Down National Security”, ABC Radio: The World Today, https://www.abc.net.au/radio/adelaide/programs/worldtoday/the-world-today/10573620 8.30-11.30min
A University of Wollongong data expert has labeled the government's proposed encryption laws delusional and warns they could have catastrophic consequences.
The changes would force technology companies to help police access encrypted messages.
Professor Katina Michael, from the School of Computing and Information Technology says the powers are unprecedented and have no oversight.
She is speaking to ABC reporter Kelly Fuller.
Citation: Katina Michael with Kelly Fuller, “Rushed Encryption Laws Herald a Watering Down in National Security”, ABC Illawarra: Radio, 6 December 2018, https://soundcloud.com/kelfuller/data-expert-warns-encryption-laws-could-have-catastrophic-outcomes
It was a sunny day in December 2015 and 14 people lay dead in San Bernardino, California after a mass shooting at the North Park Elementary School.
I still remember the news footage taken from a helicopter hovering over a bullet-ridden black Ford Expedition, in which the perpetrators Syed Rizwan Farook and Tashfeen Malik had fled and were killed in, during a shootout with police.
There have been so many mass shootings in America since, including last year’s horrific killing of 58 concertgoers in Las Vegas, that the grim memory of San Bernardino has faded.
But the tragedy has had a lasting legacy in unexpected ways. In the months after the shootings, the FBI attempted to enlist the support of phone-maker Apple to gain access to Syed Rizwan Farook’s iPhone 5C as part of their investigation into what was being labeled a terrorist attack. The FBI wanted Apple to create a new operating system they could install on the dead shooter’s phone that would bypass security features. It would also serve to give the FBI access to iPhones in future criminal investigations too.
Apple famously refused, telling the FBI that giving in to a demand to “hack our own users” would set a precedent undermining the privacy of all iPhone users.
“While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect,” he wrote in an open letter to customers at the time.
This was just a couple of years after the Edward Snowden leaks, which revealed the extent to which government security agencies were secretly gathering masses of internet data. The big tech companies, keen to shore up trust, rushed to introduce end-to-end encryption to services like WhatsApp, Gmail and iMessage, making the argument that if their customers’ data was invisible to them, they couldn’t hand it over to the authorities.
FBI vs Apple
There were tense meetings between then-president Barack Obama and Apple chief executive Tim Cook, who didn’t resile from his position. Eventually, the FBI found a company that could break the phone’s encryption, paying them nearly US$1 million to do so. The issue died down as a technical fix broke the impasse. But politicians have continued to push the issue calling for new legislation that would force tech companies to allow law enforcement agencies access to encrypted systems.
In the wake of the San Bernardino massacre, President Trump made his feelings on the issue plain, calling for a boycott of Apple products.
“Who do they think they are?" He complained to the hosts of Fox & Friends.
Since then, he has been relatively silent on encryption, but his officials and US senators have been quietly working on the issue with a view to drafting encryption circumvention legislation that they know will face stiff resistance from the tech sector and its K Street lobbyists in Washington D.C.
Governments elsewhere have the same goal in mind as they struggle to track the online communication of suspected criminals and terrorists. An attack in London last May that saw a man drive his car into pedestrians, killing four people, opened the encryption debate in Britain.
The killer had apparently sent a message on the encrypted WhatsApp platform hinting at what he was about to do, moments before he ploughed into unsuspecting pedestrians. It led Theresa May to call for her security services to be given the ability to circumvent encryption systems.
Five Eyes stand together
The UK’s Investigatory Powers Act or ‘Snooper’s Charter’ introduced in 2016 gives British law enforcement agencies some powers to require network operators to remove “electronic protection” from communications and data. But it isn’t seen as strong enough to demand backdoors to encryption services, particularly for services delivered from outside the UK.
New Zealand introduced similar legislation in 2013, with the Telecommunications (Interception Capability and Security) Act. That requires internet providers to make their networks interception available to government agencies armed with a warrant. But it only applies to “network operators” - it is unlikely that the law could be used to demand Apple or Microsoft retrieve encrypted data for the New Zealand Police or the GCSB.
The issue hasn’t flared up in New Zealand in recent years, but our membership of the ‘Five Eyes’ security partnership with Australia, the United Kingdom, the US and Canada could propel us towards the legal changes other countries are pursuing.
Meeting earlier this year, the Five Eyes issued a joint statement stating their preference for technology service providers to “voluntarily establish lawful access solutions to their products and services that they create or operate in our countries”.
Then came the veiled threat:
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
Backlash in Australia
Across the Tasman, the Liberal Government is pushing ahead with mandatory measures.
The so-called Assistance and Access Bill proposes three levels of assistance that tech companies and internet providers could be required to lend law enforcement agencies. At the lowest level, voluntary assistance could be offered, with the highest level of assistance seeing the country’s attorney general requiring tech companies to “build a new capability” into their systems to allow access to encrypted information.
The Bill has been slammed by Apple and other multinational tech companies as being too ambiguous and wide-ranging as well as by privacy and encryption experts.
“This is not a solution to the problem of just-in-time policing and border force security but an override on the freedoms of everyday Australians and Australian companies, or even those doing business in Australia,” says Professor Katina Michael, a technology and innovation expert at the University of Wollongong and Arizona State University.
“Privacy is a human right, and one way that right can be maintained in today's digital transactions is through encryption.”
Apple reiterated its call that breaking encryption systems will undermine security for everyone.
“This is no time to weaken encryption,” it wrote in a submission on the Bill.
“There is a profound risk of making criminals’ jobs easier, not harder. Increasingly stronger — not weaker — encryption is the best way to protect against these threats.”
The Australian Computer Society saw no reason to expedite the legislation which it described as “problematic”.
Technically, it can be done
But Dr Richard Adams, Adjunct Fellow in the School of Information Systems at Curtin University, said that while tech companies had an obligation to protect their customers’ data, they also had obligations to the “wider community”.
“The challenge is for manufacturers to meet the needs of both groups rather than adopt the best stance from a marketing/cost perspective,” he says.
With that in mind and the legislation putting the onus on the tech companies to come up with ways to grant security services access to encrypted services, it was time to consider what technical solutions could be offered to meet the government half-way.
“A simplistic solution on phone devices would be to store the data twice, once with the ‘user key’ and once with the ‘manufacturer key’ so the strength of the encryption itself would not be affected and the risk of having two ‘keys’ could be mitigated by the use of a very complex manufacturer key requiring physical access to the device,” he says.
“Obviously there would be push-back on the additional storage required and reduced battery life but the point is that from a purely technical standpoint it could be done relatively easily."
With the Five Eyes member countries all at different stages in pushing for stronger laws to deal with encrypted services, such technical efforts to assist governments will need more serious consideration.
The alternative is heavy-handed legislation that is not fit for purpose, rammed through by governments with a larger law enforcement agenda.
But Michael says we also need to consider the threat to privacy posed by the companies that are opposing efforts to circumvent encryption, which are wielding immense power themselves through their access to masses of our data.
“The complexity here is in the fact that private corporations like Apple, Google, Facebook, Amazon and Microsoft are amassing so much personal data that citizen data rights are being equally eroded by corporations themselves who share the data with third parties,” she says.
“We need to take a step back as Australians and ask ourselves why these private corporations are fighting this government bill together?”
Jackie and He Luman, October 12, 2018, “专家解读:入境新西兰被要求交手机和密码该怎么做?”, China News, http://www.chinanews.com/hr/2018/10-12/8648054.shtml
Fork Over Passwords or Pay the Price, New Zealand Tells Travelers
Citation: Charlotte Graham-McLay, October 2, 2018, “Fork Over Passwords or Pay the Price, New Zealand Tells Travelers”, New York Times, https://www.nytimes.com/2018/10/02/world/asia/new-zealand-passwords-devices.html. Also available here: https://www.wral.com/fork-over-passwords-or-pay-the-price-new-zealand-tells-travelers/17888313/. Also here: https://www.iol.co.za/news/world/fork-over-passwords-or-pay-the-price-new-zealand-tells-travellers-17333028
What opportunities and challenges do digital technologies present for the development of our society?
I truly believe that we can harness technology for good. That information and communication technology is key to achieving the Sustainable Development Goals. But more than this? We need to be human. Being human means that we can achieve anything together through compassion, care, foresight, and long-term sustainability. Right now we use technology in ways that helps us to gain access to critical information, but also as a means to become more engrossed in ourselves and our personal interests alone. What about the public interest? What about public interest technologies like those being suggested by the SDG Academy an all of its speakers? Think on doing this rewarding course. It takes a mission critical view of how technology can be used (or abused) as a tool for dis(empowerment). We have a choice- from our perspective the choice is easy- we MUST use technology for good.
My involvement was in 3 MOOCS related to: privacy, data rights, security and ethics, with a heavy emphasis on human rights throughout. Stay tuned for more.
About this course
Tech for Good was developed by UNESCO and Cetic.br/NIC.br, the Brazilian Network Information Center’s Regional Center for Studies on the Development of the Information Society. It brings together thought leaders and changemakers in the fields of information and communication technologies (ICT) and sustainable development to show how digital technologies are empowering billions of people around the world by providing access to education, healthcare, banking, and government services; and how “big data” is being used to inform smarter, evidence-based policies to improve people’s lives in fundamental ways.
It also addresses the new challenges that technology can introduce, such as privacy, data management, risks to cybersecurity, e-waste, and the widening of social divides. Ultimately, Tech for Good looks at the ways in which stakeholders are coming together to answer big questions about what our future will look like in a hyper-digitized world.
This course is for:
Technology specialists who want to understand more about how ICT is being used to improve people’s lives around the world.
Sustainable development practitioners who need to understand the opportunities and limitations of technology in a development context.
Advanced undergraduates and graduate students interested in the key concepts and practices of this exciting and ever-changing field.
What you'll learn
ICT can improve access to knowledge and services, promote transparency, and encourage collaboration
Responsible collection and use of data requires governance, security, and trust
ICT projects should be contextualized and inclusive
Technology is not neutral! Be aware of bias in design and implementation
Module 1: Welcome to the Digital Age
Introduction to the Course
Bridging the Digital Divide
Three Approaches to ICT for the SDGs
Module 2: Technology for Governments and Citizens
Equity and Access to Services
User-Driven Public Administration
It's All About the Data
The Open Government Approach
Case Study: Aadhaar in India
The Challenges of Digital Government
Module 3: ICT Infrastructure
Enabling ICT: The Role of Infrastructure
Promoting Digital Inclusivity
Innovations in Infrastructure
Building Smart Sustainable Cities
ICT as Infrastructure: A Look at Societal Platforms
Module 4: ICT Innovations in Health
Achieving Universal Health Coverage
Improving Healthcare Delivery
Involving the Community
Evidence in Action: Success Stories of ICT and Health
Emerging Challenges and Opportunities
Module 5: Learning in Knowledge Societies
The Ecosystem of ICT for Education
Education for a Connected World
Sharing Knowledge: ICT, Openness, and Inclusion
Measuring ICT and Education: Frameworks
Measuring ICT and Education: Data and Indicators
Rethinking ICT for Education Policies
Module 6: Promoting Financial Inclusion
An Introduction to Financial Services
The Potential of Digital Platforms
Mobile Payments for Marginalized Communities
ICT for Enabling Access to Credit
Replacing the Cash Economy
The Challenges of ICT-enabled Financial Inclusion
Module 7: Measurement and Metrics
Managing Data for the SDGs
ICT Innovation for Statistical Development
Engaging with Data: Communications and Citizen Empowerment
Case Study: Brazil’s Cetic.br
ICT for Monitoring the SDGs
Limitations of ICT for Monitoring the SDGs
Module 8: Artificial Intelligence
An Introduction to Artificial Intelligence
Who Drives the Agenda on “AI for Good”?
Implications for Discrimination and Exclusion
The Human Side of AI: Risks and Ethics
Module 9: Concerns for our Digital Future
Privacy and the Importance of Trust
Knowing your Data Rights
The Downsides of Digital
Module 10: The Way Forward
The New Workforce: Six Points about the Future of Work
The Meaning of Work in the Digital Era
The Open Movement
Closing Thoughts on ICT for the SDGs
Original link here: https://www.edx.org/course/tech-for-good-the-role-of-ict-in-achieving-the-sdgs
Sydney airport seizure of phone and laptop 'alarming', say privacy groups
Border Force detain British-Australian software developer Nathan Hague, apparently at random, for 90 minutes
A British-Australian citizen travelling through Sydney airport has had his devices seized, and believes his laptop password cracked and his digital files inspected by Border Force officers, in what privacy groups say is a worrying development.
Nathan Hague, a 46-year-old software developer, was detained apparently at random for 90 minutes while the officers took his phone and password-protected laptop into a back room.
Hague said the officers refused to tell him what would be done with his devices, why they were being inspected or whether his digital data was being copied and stored.
“I don’t have anything to hide, but I value my privacy,” Hague said. “So I asked them, if you’re OK to do the bomb inspection in front of me, you’re OK to go through my bags in front of me, why do you have to take my devices out of my sight? What are you going to do with them?”
Hague said he asked the officers whether his files would be copied, and if so, what they would be using the files for. He said the officers refused to answer those questions, or explain what the ABF’s data retention policy was, or detail how long the files would be kept.
The ABF acknowledged that Hague’s devices were examined, but declined to comment on whether the files had been copied.
“Officers may question travellers and examine goods if they suspect the person may be of interest for immigration, customs, biosecurity, health, law-enforcement or national security reasons,” said a spokesperson for the ABF.
Tim Norton, chair of Digital Rights Watch, said the use of these powers under the Customs Act effectively circumvents any judicial oversight and was an “alarming trend”.
“People should have the right to know what information is being collected, for what purpose, who it’s being shared with and why. These powers make a mockery of our right to privacy,” he says.
Under the Customs Act, officers have the right to examine travellers’ personal items, including accessing electronic devices and making copies of their files. The Customs Act imposes no legal threshold or requirement that officers need to meet in order to use this power.
Professor Katina Michael, of the University of Wollongong’s school of computing and information technology, said the ABF’s electronic search powers were “highly invasive”.
“If sensitive information is leaked, say in the case of a lawyer or doctor who is travelling across regions, then there are major concerns for privacy.”
In 2016, the ABF was sued after officers seized a passenger’s phone and used it to send text messages.
Greens senator Jordon Steele-John said overreach on data collection is “happening all the time.”
“Australia’s privacy laws are now so drastically out of step with the rest of the world – especially the EU – that they will cause conflicts and infringe on the rights of citizens from other jurisdictions, especially when you add in the new proposed powers under the Assistance and Access bill,” Steele-John said.
Fears over new search powers
Under new legislation, proposed last week, the ABF would be given additional search powers and the penalties for individuals refusing to provide access to the ABF to evidence held in a device – for example, refusing to share their password to unlock a device – would be up to five years’ imprisonment, or 10 for serious offences.
An exposure draft of the bill revealed the obligation to assist police and other agencies in unlocking devices, including by de-encrypting data, would extend to tech giants such as Facebook, Apple and Google.
Steele-John and other privacy advocates have raised concerns over the new legislation.
“The scope and overreach of the new Border Force powers is terrifying, and has much broader consequences and implications than just individual privacy, in the context of this incident which occurred at Sydney airport.”
Keeping data private
Professor Michael recommended that people who wanted to protect their data should not carry devices across international borders.
“If you are doing sensitive work, keep your files on your computer encrypted, or go one better and do not take your computer with you through Customs. Put it on the cloud where the GDPR [EU’s General Data Protection Regulation] is in force and lease a laptop in your given destination,” she said.
But that advice is of little comfort to Hague, who said the actions of the ABF officers had put his business in breach of Europe’s tough new GDPR data privacy laws and he would now need to give privacy breach notifications to his clients.
“I don’t mind people looking at the files if that’s one of the directives, but you have to give clear definitions and you also can’t leave the international business travellers exposed like this to having fines or breach notices being served by their own clients.”
“I’m getting messages from fellow business owners that they’re re-thinking their choice to come to Australia to do business over here, they’d rather just do it remotely. They expect that in America, but they don’t expect that behaviour here in Australia.”
Citation: Elise Thomas, August 24, 2018, "Sydney airport seizure of phone and laptop 'alarming', say privacy groups", The Guardian, https://www.theguardian.com/world/2018/aug/25/sydney-airport-seizure-of-phone-and-laptop-alarming-say-privacy-groups
The Health Minister has defended My Health Record as having Defence-level security, as the Shadow Minister declares the beginning of the opt-out period “shocking”
And experts have highlighted a number of areas of concern around privacy, with one calling the record “a major honeypot of health data, waiting to be hacked”.
Health Minister Greg Hunt has told Fairfax Media that the system, which has been active for six years – though has only become opt-out recently following a trial in two parts of the country – has military-grade security and has never been breached.
The My Health Record system has multiple layers of security to protect access to the system, including defence level encryption, secure gateways and firewalls, authentication mechanisms, and malicious content filtering, he said in a statement this week.
The Australian Digital Health Agency’s Cyber Security Centre monitors for suspicious activities and the centre will trigger an investigation when required, Mr Hunt said.
He also told ABC Radio Melbourne’s Jon Faine that he is “very comfortable” with the system, and that individuals have “total control” over their record.
During the interview ABC staff attempted to sign onto the My Health Record system and an error message was returned.
“The system’s not working as you speak and say anyone at any time, as you just said. In fact, it’s not working,” Mr Faine told the Minister, who said in response that “we have six million Australians doing it”.
“I guess the alternative is—are we saying that Australia shouldn’t have a modern system that allows for diagnoses, medicine, other records, vaccination, all to be available to the consumer?” Minister Hunt said.
Shadow Minister for Health and Medicare Catherine King said that “Greg Hunt must immediately explain what he’s doing to address the problems plaguing his e-health rollout, which are preventing people from opting out of the My Health Record”.
“The first 24 hours of the opt-out period have been a disaster – confirming Labor’s fears that Malcolm Turnbull and Greg Hunt are simply incapable of getting a rollout of this size and ambition right,” she said.
“This Government is far from competent. They have a woeful record on IT security, privacy and basic digital functionality.
“They gave us census fail, the robodebt debacle, and then allowed Australians’ Medicare data to be sold on the dark web. And now they have stuffed up the launch of the My Health Record opt-out period.”
She said that Labor supports e-health but the Government has mishandled the My Health Record process, saying people experienced “long delays and technical faults” as they attempted to opt out on Monday, 16 July, the first day on which they were able to do so.
Dr Katina Michael, a professor in the School of Computing and Information Technology at the University of Wollongong, said that electronic health records make sense but “must be done the right way”.
The prospect for data discovery, patient welfare, and convenience is a value proposition that must be weighed up against risks and potential costs to individuals.
“Privacy breaches are asymmetric. But the type of confidential information stored on an electronic health record, is unlike having merely your identity credentials stolen—it is like having your whole personhood exposed in terms of your condition, medication, past acts, and more,” she says.
“There are massive implications for those working in pressured workplaces who may have their health record used against them- e.g. pilots, doctors, surgeons, healthcare workers.
“The implications for whether health insurance companies will have access to this data in the future is also questionable. Will it cost more to insure a child suffering from autism, or one born with Down Syndrome versus a child who seemingly is ‘normal’. Might this cause a chilling effect over disclosure of illnesses, meaning the people who need the care the most are disadvantaged from the outset?
“We need to make people aware of the pros and cons of opting-out, but we also need better more honest reporting by government about some of the potential risks, in essence, to better inform the public.
“What we have now is a major honeypot of health data, waiting to be hacked for the taking and be available on the dark web.
“We also need to call for urgent reforms, that if data is compromised, there is a privacy tort allowing people to sue the company or GP or government that has allows a data breach to occur.”
Bruce Arnold, an Assistant Professor in the School of Law at the University of Canberra, said that My Health Record has been “sadly oversold”.
“Implementation of My Health Record shows that the Australian government has learnt nothing from the UK e-health trainwreck,” he said.
“In the UK patients, health practitioners, IT specialists and privacy lawyers alike condemned inadequate governance, misunderstanding of risk and disregard for patient autonomy. The UK government belatedly heeded those criticisms in, for example, the 2013 Caldicott report Information: To Share Or Not To Share? Independent review of how information about patients is shared across the health and care system. Australia has not.
“A properly designed and implemented national e-health regime offers considerable benefits for patients, clinicians and researchers. The risks of an insecure system that conscripts patients (and assumes de-identification will enable problem-free sale of bulk health data) greatly outweigh those benefits.
“Legal protection for patient privacy under My Health Record are for example inadequate. So is the IT framework. Audit trails will not reclaim a patient’s privacy when a data breach occurs.”
The PSA, however, has welcomed the the Australian Digital Health Agency’s invitation for Australians to join My Health Record.
“My Health Record will empower Australians to take ownership of their health information by managing privacy and controlling who has access to their health information,” says national president Dr Shane Jackson.
“Pharmacists now will be able to more actively support patients with their medication management needs, especially those with complex chronic disease. These patients often take multiple medications and a connected My Health Record system will ensure health professionals have the information they need at the point of care to support patients with their healthcare.
“Pharmacists have a vital role to play wherever medicines are used, and PSA, as the peak national body for pharmacists, is collaborating with the Agency to help pharmacists guide their patients through this important decision.
“The information in My Health Record will allow pharmacists to provide better coordinated care for their patients, which is why over 3,200 pharmacies are already connected to the system.”
Source: Megan Haggan, July 17, 2018, "Opt-Out Period Begins with 'Disaster', Australian Journal of Pharmacy Blog, https://ajp.com.au/news/opt-out-period-begins-with-disaster/
Today marks the beginning of the opt-out period for the nation wide medical information database called the "my health record". If a person does NOT want their medical information stored in a government run database, they have until October 15th to leave the program.
Despite concerns about privacy from the public and interested groups, Dr Steve Hambelton from the Australian Digital Health Agency said, "I can absolutely categorically state that none of the ... My Health Record data will be able to be sold to third parties — that's absolutely prohibited,"
But despite calls from the government for trust in the system, personal privacy remains a point of contention in the medical database. Could it be hacked by a malicious party? What safeguards are in place? Just who has access to the data?
To discuss privacy concerns I spoke to Dr Katina Michael, professor in the School of Computing and Information Technology at the University of Wollongong.
And later on in the show, Rohan McKnight, Digital Health Manager South Eastern NSW Primary Health Network, a company contracted to gather some of the data, joined us.
Citation: Katina Michael with Lindsay McDougall, July 16, 2018, "Opting Out of MyHealthRecord", ABC Illawarra 96.7FM, https://soundcloud.com/doctormcdougall/my-health-report-soundcloudmp3
Citation: Katina Michael with Eric Gyors, March 28, 2018, "Is it the end of privacy?", EPISODE: Wednesday Drive – 4:00pm 28th Mar 2018, https://eastsidefm.org/episodes/wednesday-drive-400pm-28th-mar-2018/
Jesse Mulligan found out the hard way how much data Facebook keeps on you when Kanoa Lloyd downloaded his and read it back to him on Three's The Project.
Facebook has come under fire recently after it was revealed Cambridge Analytica was using data from the site to influence elections in the United States and Africa.
- Political firm Cambridge Analytica accused of rigging elections worldwide
- UK investigating Cambridge Analytica, Facebook
The company was using data collected when users took part in online quizzes and managed to get from 200,000 users who completed the quizzes, to over 50 million users from their friend lists.
To illustrate just how much data Facebook keeps on you, The Project host Kanoa Lloyd downloaded all of Jesse Mulligan's and read it back to him live on air.
"This stack here shows me so much stuff and this is the kind of stuff that could potentially be getting shopped out to companies like Cambridge Analytica," she said.
Among some of the things she discovered was the day Jesse signed up to the site, the name of his father and the number of messages he had sent.
The message was to Jesse's flatmate in London, and he remarked it was really creepy that Kanoa was able to find that out so easily.
"I feel creeped out knowing this, I don't need to know this stuff and I definitely wouldn't want a company like Cambridge Analytica knowing this stuff about me either," she said.
Lloyd even managed to find the contents of his first ever Facebook message, but he wouldn't let her read it out on the show.
Katina Michael from the Australian Privacy Foundation says while you don't necessarily have to delete your Facebook it may be time to think twice about those innocuous looking quizzes.
"When you've got 2 billion subscribers and your whole model and whole business is built on advertising and micro-analysing consumers, people have become products and that's a bit evil," she said.
While it may be hard for users to understand the breach Dr Michael says they should be concerned about how their data is being used.
"People perhaps have cared about privacy but haven't realised the seriousness of the micro-analysis going on with our psychographics," she said.
"Everyone should care about their right to privacy and the intrusion of their privacy, how anyone is misusing their personal information."
Newshub Staff, March 23, 2018, "The secret file that tells you what data Facebook has on you", Newshub, http://www.newshub.co.nz/home/new-zealand/2018/03/the-secret-file-that-tells-you-what-data-facebook-has-on-you.html
Citation: Katina Michael with Joe O'Brien, "Now that Facebook have acknowledged "mistakes", what's next?" ABC 24 hrs: Mornings with Joe O'Brien, channel 24, 11am-11.12am.
Joe O'Brien is the host of ABC News 24's morning news program and was previously co-host on ABC News Breakfast. Joe has more than 20 years experience in journalism and has been with the ABC since 1995. He presented the 7pm ABC News programs in both Queensland and New South Wales, and regularly presented the national Midday Report on ABC TV. Joe's extensive reporting experience covers everything from drought and floods to sport and politics. He was first based for the ABC in Rockhampton, and then in Brisbane as a reporter and presenter. Follow @JoeABCNews
Sources of Information for Consideration:
The damning evidence is mounting on CA. Today it was announced that CEO Alexander Nix has been suspended from his position given a Channel 4, UK covert sting recording.
Citation: Katina Michael with Cassie McCullagh, March 21, 2018, "Psychometrics, big data, data-driven approaches, microtargetting, and you", ABC Sydney Radio: FOCUS: http://www.abc.net.au/radio/sydney/programs/focus/focus/9549448
Cybercrime is on the rise, with one in three Aussies being ripped off in the past year.
As you watch this report, you might be thinking digital crime will never happen to me, but that's exactly the attitude that's making hackers so successful.
Original source: https://www.facebook.com/WINNewsIllawarra/videos/2085877424762323/
Citation: Katina Michael with Bruce Roberts, "How do Australians stay safe: some cybersecurity tips", WINTV News, February 21, 2018, https://www.facebook.com/WINNewsIllawarra/videos/2085877424762323/
Katina Michael with Louise Saunders, "The Ethics of Body Worn Cameras, Covert Trackers, Location Apps and More", ABC Hobart: Drive, http://www.abc.net.au/radio/hobart/programs/drive/drive/9381594, February 10, 2018, 6.07-6.20 pm.
Errata: Sorry Louise, that I called you Liz throughout the interview- extremely embarrassing given your profile! Just demonstrates what nerves can do on live radio! Thanks for understanding.