Posts filed under ‘Aus’

NZ: Privacy reality check

I spend a lot of my working day thinking about identity-related online services. Protection of privacy in these services is axiomatic. Not only does it make good sense to me, it’s also mandated as one of the policy principles by Cabinet.

The 2007 Privacy & Human Rights Report issued by Privacy International provides a reality check. Across the 47 countries surveyed, the Report says that, “The 2007 rankings indicate an overall worsening of privacy protection across the world, reflecting an increase in surveillance and a declining performance of privacy safeguards.”

New Zealand gets a red colour indicating “Systemic failure to uphold safeguards” as does Australia. Canada gets a yellow for “Some safeguards but weakened protections” while USA and UK get a black for being “Endemic surveillance societies.” Top of the heap is Greece but even it gets only a 3.1 rating out of 5.

The Report lists nine key aspects for New Zealand’s ranking. This seems to have prompted a leading blogger in The New Zealand Herald to call it ‘Systematic failure’ to protect our privacy who goes on to say “From biometric passports to greater sharing of information among Government departments to greater use of surveillance technology, we would certainly seem to be following the lead of countries in the black category. But privacy is a touchy issue for Kiwis and rightly so. Just listen to talkback radio whenever talk of a national ID card emerges in the media.”

According to the Report, of particular concern for NZ is:

- “Court of appeal has had some problematic decisions regarding privacy complaints” and

- “DNA database based on order from high court judge, violent crimes, and convicted burglars; though voluntary samples can be included and increasingly this is being pushed by the police, resulting in more than 80% of samples on database being given ‘voluntarily’.”

I think what’s missing from the Report is people’s perception of the state of privacy in the country being reviewed. Perceptions can be as (if not more) important than the reality.

On that front, in my opinion NZ is doing fine but, as the Report shows, things could be better.

February 4, 2008 at 11:04 pm 2 comments

Biometrics in the Sky

From the outside, it seems that one of the central beliefs in the US government is that if they can collect every person’s biometrics on Earth and put that into a database, then they can substantially solve all their security problems. Federal authorities have pursued this approach almost single-mindedly over the past few years.

Sometimes these efforts have been overt. A good example is the US-VISIT Program where visitors to the US have to endure lengthy delays as everyone’s fingerprints (currently both index fingers but soon all ten) and photograph are taken.

For me personally, after a 12-13 hours flight, the thought of another two hours standing in a line to get my fingers squashed by a “friendly” official so that the fingerprint reader gets an acceptable reading within a couple of attempts means that I try to avoid travelling to or via the US altogether.

In classic government doublespeak, the benefits of US-VISIT are touted as “Protects the privacy of our visitors” and “demonstrate that we remain a welcoming nation.” Yeah, right!

Sometimes the US efforts to collect the biometrics of every single human being have been more subtle. I think the current “Server in the Sky” concept falls into this category. Police from the International Information Consortium (US, UK, Canada, Australia, and NZ) will be able to exchange biometrics and personal information about criminals and suspects. New Zealand is “considering joining the consortium.”

These five countries already share intelligence amongst themselves and co-operate in running Echelon, the global eavesdropping service that can listen into telephone, radio, and email communication.

What’s subtle about this is that anything submitted for matching also gets added to the US biometrics database. And that’s another step forward in the grand plan to collect the world’s biometrics.

What’s wrong with this? Why shouldn’t we all do our bit in the fight against global terror and criminals? If you haven’t done anything wrong, surely you have nothing to fear from having your biometrics in a US database?

You do… because the central belief that collecting the world’s biometrics will substantially solve all the US’s security problems is wrong. Because the US federal authorities have not proven themselves worthy of such trust. Because the US has a long history of subsequent misuse to achieve more pressing national security concerns. Because “acceptable collateral damage” from data inaccuracies means a lot of grief for some innocent people.

January 16, 2008 at 9:02 pm Leave a comment

Promoting online services

A colleague sent me this link to a YouTube video. She obviously wanted us to be inspired by the South Korean example of promoting e-government services.

Problem is… how are we going to find a Kiwi music group that the Australians won’t promptly claim to be theirs?

While at YouTube, I found another one that uses Pororo as the “e-government publicity ambassador “. Our answer has to be bro’Town! Surely the Aussies aren’t going to claim that too?

December 19, 2007 at 8:42 pm Leave a comment

ID theft from security breaches

How much identity fraud or theft actually comes from breaches involving the disclosure of personal identity information?

This is an important question because of increased publicity around high profile breaches. The fiasco in UK involving 25 million records is an obvious one but also, according to Privacy Rights Clearinghouse, over the past three years there were about 217 million known records containing sensitive personal information involved in security breaches in the US.

The question is also important given the moves to introduce guidelines or laws for data breach notifications, in both New Zealand and Australia.

There isn’t a lot of hard data to go by. That makes the recent study by US firm ID Analytics interesting.

The study looked at over a dozen data breaches involving more than ten million consumer identities. ID Analytics found five separate cases where breached identity data was misused by fraudsters, with two of those cases resulting from employee theft of data.

Very few identities were misused following a data breach.

Smaller breaches had a higher misuse rate than larger breaches. Misuse of personal data ranged from 1 in 200 identities for breaches of fewer than 5,000 individuals to a misuse rate of less than 1 in 10,000 identities for breaches of more than 100,000 individuals. So, data breaches that get major press coverage, generally falling in the latter category, have a misuse rate of under 0.01%.

Therefore, there is some evidence that identity fraud or theft that actually comes from breaches involving the disclosure of personal identity information is quite low. A greater danger comes from internal breaches than external ones.

Hopefully, this will inform a rational debate on the nature of public disclosure for data breaches.

December 10, 2007 at 9:52 pm 2 comments

Demise of the Access Card

Reports from across the Tasman say that Australia’s new government has pulled the plug on the Access Card. The ID card that wasn’t supposed to be an ID card has been controversial and Labour seems to have decided that former Prime Minister John Howard’s baby should be aborted.

The official website has already been changed so clearly the government wants to move on.

The Access Card saga is a classic tale of how not to implement a major government initiative. Lack of consistent and clear messages compounded by a lack of transparency and trust has always made it difficult to separate fact from political noise.

As David Vaile of the Australian Privacy Foundation once put it, “The problem with the Access Card project is that it involves collecting the data first, connecting systems, and then deciding what to use it for.”

Privacy and civil liberties advocates are apprehensive that the reports of the death of the Access Card have been greatly exaggerated. They are keeping a watch out for any proposal to re-introduce the card in a new form, as was the case with the Australia Card.

I don’t think they need to worry. As the UK has shown, ID cards for countries that traditionally haven’t had them are now so passĂ©.

December 6, 2007 at 9:58 pm Leave a comment

Privacy & culture

I was recently discussing with a colleague about the differences in peoples’ attitude to privacy in New Zealand and Singapore. He thought most of it could be explained by differences in culture.

To illustrate his point, he sent me a link to a very interesting website that is based on work done by Prof Geert Hofstede. Prof Hofstede developed a framework for scoring countries on five dimensions: Power Distance, Individualism, Masculinity, Uncertainty Avoidance, and Long Term Orientation.

While it’s possible to see the rating of countries individually, what’s really useful is to compare pairs of countries. Sure enough, comparing New Zealand with Singapore showed the huge variations between the two countries.

I tried a few more combinations and, based on my own opinion about various cultures, found his assessment to be pretty accurate. For example, New Zealand-Canada showed striking similarities and the privacy approach between the two are in fact quite aligned.

As expected, New Zealand-Australia showed similar scoring on all the five dimensions. Not quite sure why Australia is higher on every dimension though.

This approach is of course bordering on stereotyping but, at a sweeping generalisation level with country = culture, it does provide an easy way to see how attitudes to privacy are rooted in culture.

October 16, 2007 at 8:40 pm 1 comment

NZ’s biggest identity fraudster

123 false identities and “…a full time occupation of serious dishonesty.”

That’s what it took New Zealand’s biggest identity fraudster, Wayne Thomas Patterson, to con the Ministry of Social Development out of $3.4 million benefits over two and a half years. He had so much of cash and gold in his house that the story and video of finding them make it sound like a fun treasure hunt for police.

His preferred point of attack seems to be superannuation where age (65+) is the major determinant of eligibility. Stolen birth certificates and disguises did the rest.

Wayne’s false identities seem to represent the classic cascading of identity documents. Start with forged birth certificates and then move on progressively to genuine driver licences, IRD (tax) numbers, bank accounts, passports, and benefits.

Which also means that multiple government departments- Ministry of Social Development (social welfare benefits), Land Transport New Zealand (driver licences), Inland Revenue Department (tax numbers), and Department of Internal Affairs (passports)- would have reviewed their identity verification processes to prevent this from happening again. Still, it is worth asking how this chain of trust can be broken effectively.

As the Chief Executive of the Ministry of Social Development said, one must keep this in perspective. That Ministry pays out $17 billion a year to a million people. And, it comes out with a net gain of $467,000 thanks to some astute investments that Wayne made with his millions.

This is the third country that Wayne has been jailed in for identity fraud after earlier spending jail time in USA and Australia. Ironically, once he’s out of jail, it will be the Ministry of Social Development that he can look at to help him out. Only, this time it will have to be with his true identity.

October 12, 2007 at 9:48 pm 1 comment

Older Posts Newer Posts


This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Feeds


Follow

Get every new post delivered to your Inbox.