Computer and Online Cyber Security
Computer Security No 8: The Delimma of Privacy
Corporate Computer Security
We all want to have our privacy respected and at the same time, we want to be safe; if we hear about a crime, we are glad when the authorities catch the perpetrators. But the tools and rights they use may come at a cost for all of us.
FBI vs Apple
Telco meta data
FBI vs Apple: (source CNN articles)
Following the San Bernardino massacre where 14 people were killed and 22 seriously injured, FBI recovered the work phone of one of the terrorists responsible. The phone was however locked with a 4-digit password and was set to eliminate all its data after ten failed password attempts. FBI took Apple to court and tried to have them write software to allow a backdoor for such cases.
Apple objected to at least 11 orders issued by the US district courts, claiming the implications of a legal precedent that would be established by the success of such an action would go beyond issues of privacy.
A day before the hearing set for March 2016, the government obtained a delay and on March 28 FBI announced it had unlocked the iPhone and withdrew its request.
Speculative news sources pointed at an Israeli company that is believed to have helped FBI. The FBI chief alluded that the cost was more than US $1.3 million at a Cyber forum in London.
Health records:(sources: austlii, Office of the Australian Information Commissioner, etc)
In Australia, the rules about dealing with health records are the State Health Records Acts, the Privacy Act, My Health Records Regulation, etc.
The former PCEHR (personally controlled ehealth record), now renamed MyHealthRecord, has a pilot running in Northern Queensland and Nepean Blue Mountains; the change was from Opt-in to Opt-out - which will see people enrolled automatically into the system and only have the record taken out if they withdraw their consent.
The health records do NOT belong to the individual; they belong to the private practitioner (GP, specialist) and there are rules about how you can obtain a copy of the records. See more at: Find Law.com
It is however up to individual to specify to the doctor or practice how they wish their records to be handled. This may become significant going forward, with the increasing data aggregation, reporting in an environment where secondary use of data is not clearly regulated.
Telco meta data
The new laws that mandates Telcos keep the data for two years came into effect in October 2015. For people in technical circles, like Lance McDonald, this is somewhat an overkill and it may only help catch criminals in a few cases.
See his detailed explanation here: Gizmodo.com.au
The law does not help in catching hard-core criminals, who will disguise their paths and delete the breadcrumbs leading to their activities (via DarkWeb, Tor, etc). And these networks are unfortunately thriving. When SilkRoad was disbanded (see the transaction types - as shown in the US court), it took less than 2 weeks to be replaced…by another crooks' heaven.
Meanwhile, the costs of this exercise, despite initial government handout of $131m to help Telcos prepare will be passed onto us. Not denying it does not catch anyone…but merely asking “was this the most efficient method”?
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© 2011 - 2016 Advisory Boards Group website by aml websites