24 May 2018

Consumer Data Right

The Treasurer has announced appointment of the Independent chair of the Consumer Data Right’s Data Standards Body
The Turnbull Government is continuing to progress our establishment of the Consumer Data Right, beginning with the Open Banking regime, which will provide Australians with more choice and better deals in the financial sector. 
Mr Andrew Stevens has been selected as the interim Chair of the Data Standards Body for the Consumer Data Right. 
The Consumer Data Right, starting in the banking sector with Open Banking, will give consumers greater control over the data that businesses hold on them. 
The Data Standards Body, established within the CSIRO’s Data61, is facilitating the development of data sharing standards that provide consumers with safe, convenient, and timely methods of accessing and transferring their data to trusted and accredited data recipients. 
The Independent Chair will ensure the standards maximise the benefits for consumers and are developed in consultation with technology firms, and consumer and privacy groups.
CSIRO’s Data61 has been appointed
to perform the role of a Data Standards Body for the Federal Government’s Consumer Data Right, which will give Australians greater control over their own data, including who receives it and how it is used, and open up competition across industry sectors.

Ectoplasm Ahoy!

Fancy a video conference with Kubilai Khan or Charles Manson, ? A two-way call with John Rawls or Aristotle? That's the prospect if you embrace claims made by the SoulPhone Foundation, a US entity that is researching communication with what legal pragmatists such as myself refer to as dead people.

The Foundation's site asks
imagine that science and technology have advanced to the point where it is only a matter of time before accurate and reliable devices will be available for us to continue our relationships with our loved ones who have “passed on,” but definitely not “passed away.” 
The Laboratory for Advances in Consciousness and Health (LACH) at the University of Arizona is actually progressing toward a working prototype of what my colleagues and I call the “SoulPhone.” We express this emerging historic development as the evolution from the cell phone, through the smart phone, to the SoulPhone. 
Now, imagine that this technology exists, and that you can literally text, speak to, or video conference with your child who has physically died. What we call “death” will have been radically transformed from “passing away” to “moving to” a different realm (like a different city, state, or country). ​
The site helpfully provides answers to several concerns -
Q. When contacting those “on the other side,” might we be intruding upon their rest or privacy? 
Two decades of contemporary research with genuine mediums clearly indicate that cooperating spirits want to communicate with their loved ones on earth. “Departed” loved ones and luminaries want to continue to be with us just as we wish to be with them. The evidence reveals that we on earth are not intruding upon the rest or privacy of those in spirit. We are, rather, enabling them to experience and express their love for us and the planet. 
Q. Could SoulPhone devices be used in negative or harmful ways as has occurred with the Internet and other technologies in the world today? 
There will always be those who use surgical knives to kill rather than cure. Some will use smart phones to trigger bombings instead of sending loving messages. Potential abuse of the SoulPhone is no different than for any other technology. Society must be educated in respecting the gift and power of this technology for humanity. 
Q. Will using the SoulPhone and communicating with spirits possibly leave ones self open to evil interference? 
We are very mindful of this possibility and have considered it for years. Here is not the place to describe how we address this profound question. There are technical ways to minimize abuse from “negative” spirits, but for reasons of intellectual property cannot be shared here. Insights from the science of Quantum Electro-Dynamics (QED) indicate that you get what you intend. For people who believe in evil spirits, those are very real. On the other hand, for example, evidential mediums who do not believe in negative spirits can truthfully say they have never observed one. So both those who perceive evil spirits, and those who don’t, are telling their truth. 
When using out-of-body (OBE) techniques, Robert Monroe of the Monroe Institute recommended intending that you will connect only with those on your energetic level or above. Another of his techniques involved encasing one's self in a protective shield. The SoulPhone technology may incorporate using one or more of these approaches to protect being “spiritually hacked.”
Potential consumers of the service or the 'protective shield' might want to read works such as Jeffrey Sconce, Haunted Media: Electronic Presence from Telegraphy to Television (Duke University Press, 2000) or John Durham Peters, Speaking Into the Air: A History of the Idea of Communication (University of Chicago Press, 2000).

Hoary old sceptic that I am, the SoulPhone - used to contact Elvis or otherwise - strikes me as sad, just like the work noted here.

Regulation

'The Fatal Failure of the Regulatory State' by W. Kip Viscusi in William and Mary Law Review (Forthcoming) comments 
 While regulatory agencies place high values on the benefits associated with the reduction in mortality risks due to regulations, these same agencies substantially undervalue lives in their enforcement efforts. The disparity between the valuation of prospective risks and fatalities that have occurred is often by several orders of magnitude, diminishing whatever safety incentives the regulations might have generated. A review of the practices by the major federal agencies with responsibility for product safety and occupational safety finds that the value placed on fatalities in agencies’ regulatory analyses can be a factor of 1,000 times greater than the magnitude of the corresponding sanctions that the agency levies for regulatory violations that led to the fatalities. The source of the mismatch between the valuation of prospective risks and fatalities that have occurred can be traced to agencies’ dated and restrictive legislative mandates. This Article proposes revisions in these statutes to create more appropriate, stronger safety incentives. Setting the pertinent price to deter excessive risks will also foster corporate risk analyses so long as companies are also provided with pertinent legal protections.

22 May 2018

Blood

'CDIB: The Role of the Certificate of Degree of Indian Blood in Defining Native American Legal Identity' by Paul Spruhan in (2018) 6(2) American Indian Law Journal comments
Native Americans are the only group in the United States that possess a document stating the amount of their “blood” to receive government benefits. The official name is a “Certificate of Degree of Indian or Alaska Native Blood,” or (CDIB) for short. As suggested in its name, the CDIB states the amount of “Indian” or “Alaska Native” blood possessed by the person named on the document.  It may be broken down by different tribal blood or may only state the amount of blood of a specific tribe.  It is certified by a Bureau of Indian Affairs (BIA) or tribal official authorized to issue it.  It may be printed on a standard eight and a half by eleven inch piece of paper or on a smaller card, which may or may not be laminated. 
Why does such a document exist in the United States in 2018? Simple in form, yet possessing immense bureaucratic power, the CDIB is a key that unlocks educational loans, medical services, employment preference, or other federal benefits unique to Native Americans,  and, in some circumstances, even enrollment as a member of a tribal nation. 
Simultaneously derided and coveted,  pervasive yet mysterious, the CDIB is one of the most important documents for Native Americans, but is issued with no direct statutory authority and governed by no formally published regulations. A CDIB may be issued directly by the BIA or by a tribal enrollment office operating under a “638” contract, but with no clear rules to govern how those offices grant or deny a CDIB or calculate the blood quantum listed on the document. 
This article is about the CDIB and its role in defining Native American legal identity. The purpose of the article is to describe the CDIB, its function, its statutory authority (or lack thereof), and the BIA’s recent attempts at issuing regulations, which no other article or book has done. First, I discuss its primary purpose as proof of blood quantum for specific federal statutes and regulations, and how its use has expanded to other purposes, including by tribes to define eligibility for membership. Second, I discuss its origins as an internal BIA document lacking any direct congressional authorization or published regulations and suggest several possibilities for its first appearance. I then discuss a 1986 Interior Board of Indian Appeals (IBIA) decision, Underwood v. Deputy Ass’t Secretary- Indian Affairs (Operations). In that decision, the IBIA blocked an attempt by the BIA to unilaterally alter a person’s blood quantum on a CDIB, because there were no properly issued regulations. I then discuss the BIA’s attempts at issuing regulations since 2000 and the possible reasons for why they have never been finalized. I then discuss potential remedies the BIA might consider in order to solve problems arising out of the CDIB program, including the potential misuse of CDIBs in current disenrollment conflicts within some tribes. In the conclusion, I discuss the CDIB’s role in enshrining “blood” as the dominant definition of Native American legal identity. I also argue that, for as long as the CDIB continues, the BIA has an affirmative obligation to issue clear policies that prevent its misuse in internal tribal conflicts.

Legal Pragmatism

'Three Forms of Legal Pragmatism' by Charles L. Barzun in (2018) 95(5) Washington University Law Review comments 
The term “Legal Pragmatism” has been used so often for so long that it may now seem to lack any clear meaning at all. But that conclusion is too quick. Although there are diverse strands of legal pragmatism, there is also unity among them. This essay distinguishes among three such forms of legal pragmatism. It dubs them instrumentalist, quietist, and holist strands, and it offers, as representatives of each, the views of Richard Posner, Ronald Dworkin, and David Souter, respectively. Each of these forms of pragmatism has developed as a response to the same underlying philosophical problem, namely that of justifying moral and legal values within a naturalistic, nontheological worldview. That problem is an old one and a fundamental one. And it is one felt acutely by those judges and legal theorists over the last century or more who have sought to make sense of the judge’s task when deciding hard cases. The essay does not defend any one or more of these three understandings of law and adjudication against its critics. But it does suggest that the feature they share, in virtue of which they are all plausibly classed as “pragmatist,” may also be an important and distinctive feature of law as a discipline – that is, as a form of reasoning about matters practical and theoretical.
'Trust Me, I'm a Pragmatist: A Partially Pragmatic Critique of Pragmatic Activism' by Joshua Galperin in (2017) 42(2) Columbia Journal of Environmental Law comments
Pragmatism is a robust philosophy, vernacular hand waiving, a method of judicial and administrative decisionmaking, and, more recently, justification for a certain type of political activism. While philosophical, judicial, and administrative pragmatism have garnered substantial attention and analysis from scholars, we have been much stingier with pragmatic activism — that which, in the spirit of the 21st Century’s 140-character limit, I will call “pragtivism.” This Article is intended as an introduction to pragtivism, a critique of the practice, and a constructive framework for addressing some of my critiques. 
To highlight the contours of pragtivism, this Article tells the story of the Dunes Sagebrush Lizard. In 2010 the United States Fish and Wildlife Service proposed to list the imperiled Lizard under the Endangered Species Act. In record time, the State of Texas, the Texas Oil and Gas Association, and other stakeholders developed a conservation plan for the lizard. FWS approved the plan and as a consequence agreed to withdraw its proposed listing. In March 2016 the Court of Appeals for the D.C. Circuit upheld the non-listing. 
The Texas Plan and the D.C. Circuit decision are results of “innovative” environmentalism, which relies on “flexible,” “collaborative,” “cooperative,” “voluntary,” “pragmatic” “partnerships” to achieve “win-win solutions.” But does this pragtivist boasting undermine more critical dialogue and more effective environmental protection? Does it trample on an intentional and well-reasoned structure of traditional environmental law? Is it actually pragmatic in the philosophical sense? This Article is a first attempt to answer some of these questions and to generate more analysis of the influence of pragmatism on environmental activism. It begins with a taxonomy of pragmatism in law and policy, details the Lizard’s story as a case study, offers a critique of pragtivism as a method of environmental protection, and concludes by offering a framework that might improve the use of pragtivism if the practitioners are truly willing to be pragmatic.

Digital Driver Licences and the Identity Hub

The Road Transport and Other Legislation Amendment (Digital Driver Licences and Photo Cards) Bill 2018 (NSW) seeks to amend the Road Transport Act 2013 (NSW), the Photo Card Act 2005 (NSW), Gaming and Liquor Administration Act 2007 (NSW), Liquor Act 2007 (NSW) and other legislation to 'provide for the issue and use of digital driver licences and digital Photo Cards and for other purposes'.

In essence, the new regime will provide for people to hold a digital version of their licence or government-issued photo identity card on their mobile phones. The biometric image will be used by NSW Police in relation to road management and, presumably, for other law enforcement.

The expectation is that it will also have extensive use across the private sector (for example in over 14,200 venues under NSW liquor law), consistent with the driver licence being the default identity document for most adult Australians.

NSW will presumably be emulated by the other state/territory jurisdictions

The IGA and the Hub

The Second Reading Speech understandably does not refer to sharing of images and other data with the Commonwealth Department of Home Affairs under the identity-matching services interoperability hub to be operated by that Department.

That hub is at the heart of the current Identity-matching Services Bill 2018 (Cth) - noted here - to 'facilitate the secure, automated and accountable exchange of identity information between the Commonwealth and state and territory governments' under the October 2017 Intergovernmental Agreement on Identity Matching Services (IGA).

Under the IGA, the Commonwealth, states and territories agreed to preserve or introduce legislation to support the collection, use and disclosure of facial images and related identity information between the parties, via a set of identity-matching services, for
  •  Preventing identity crime 
  •  General law enforcement 
  •  National security 
  •  Protective security 
  •  Community safety 
  •  Road safety, and 
  •  Identity verification. 
 The interoperability hub
facilitates data-sharing between agencies on a query and response basis, without storing any personal information. Passport, visa and citizenship images will continue to be held by the Commonwealth agencies that issue these documents, and that already have facial recognition systems.  
 Driver licence images will be made available by the establishment of a National Driver Licence Facial Recognition Solution (NDLFRS), hosted by the Commonwealth on behalf of the states and territories in accordance with the IGA. The NDLFRS will consist of a federated database of identification information contained in government identification documents (initially driver licences) issued by state and territory authorities, and a facial recognition system for biometric comparison of facial images against facial images in the database..
The NSW Bill

The 2nd Reading Speech states
As at the end of 2017 there were over six million New South Wales driver licences and over 568,000 photo cards in use. 
The bill delivers on the Government's 2015 election commitment to transition to digital driver licences by 2019. It also supports the Government's digital strategy, the Premier's priority to improve government services and the State priority of 70 per cent of government transactions to be conducted by digital channels by 2019. In 2015 the New South Wales Government announced its commitment to offering the people of New South Wales a range of digital licences, including a transition to digital driver licences by 2019. Since then this Government has successfully digitised the responsible service of alcohol and responsible conduct of gambling competency cards, the recreational fishing fee, boat driver licences and recreational vessel registrations. This bill will take the next step by delivering the digital driver licence and the digital photo card. 
Digitising the driver licence and photo card is an opportunity to provide benefits for the community of New South Wales in three key areas. Firstly, for the citizens of New South Wales the digital driver licence and digital photo card will provide greater convenience, choice and security. Digital licences are also an opportunity for citizens to have more control and transparency over how the personal information on their licence is shown and shared with others. 
The reality is that a digital driver licence or digital photo card brings a multitude of additional benefits and protections for users. One example of this is when a licence is lost. If you lose a physical driver licence or you have your wallet stolen, you have no ability to stop it being used by another person for nefarious purposes. Sure, you can report it to police and to Service NSW but once a licence is lost there is no way to cancel it in the way you would a credit card because so much checking of the licence is simply sighting it rather than it being scanned. There is a risk that it can still be used. 
Then to replace a lost physical card you must attend a Service NSW centre in person and apply for a new card, which would be sent to you sometime after applying for it. This process takes time out of your busy day and is a major inconvenience. However, for a digital driver licence it is a much more secure proposition. Say you lose your phone that has your digital driver licence on it. You eventually have to go out and buy new device but you are concerned that your digital driver licence is on there. As soon as you know your phone has been lost or stolen you can log into Service NSW and cancel your digital driver licence on that device. 
You will know if it is used by someone who is not you as you will have access to an activity log, just like you have with your Opal card. By being able to cancel their card at the click of a button the citizen is empowered to take control of their identity security and privacy and ensure that their licence cannot be used or scanned by an unauthorised person, just like they can with their credit card. To replace your digital driver licence you simply take your new device, re-download the app, accept the digital driver licence on the new phone and away you go. 
For businesses in New South Wales, digital licences present an opportunity to streamline manual processes for checking or recording licence details. This means that businesses may deliver a better experience for their customers and benefit from time and cost savings. Digital licences can also provide a greater level of assurance, reducing risks of fraud and loss. For government, this development will mean simpler and faster ways to communicate and interact with citizens—for example, digital notifications and licence renewals for those who prefer to deal with us in that way. 
The NSW photo card is an increasingly important identity product; in 2017 alone there was a 28.38 per cent increase in its adoption. This makes it a priority for digitisation. A digital photo card is also not constrained by the national driver licensing framework and therefore may be delivered in a more flexible form to enhance citizen privacy—for example, providing citizens with more control over the personal information they share, depending on the situation, such as to security staff at licensed venues. It will also give citizens a digital identity product that is independent of their authority to drive.
Private Sector use

The Speech quotes industry support
The Australian Hotels Association: The continued expansion of smartphone technology for cardless transactions will see the use of wallets as an option rather than a necessity, based on these feedback from our Dubbo members. The AHA NSW is supportive of the expansion of the digital driver licence statewide. 
The Liquor Stores Association: [The LSA] remains supportive of a full statewide rollout of the digital driver licence as it will give packaged liquor retailers, licensees and their staff at the point of purchase a safe and efficient digital service control age verification measure. 
The Restaurant and Catering Association: I am firmly of the view that this project will be of significant benefit to the approximately 14,200 cafĂ© and restaurant businesses in New South Wales. The addition of the digital driver licence as a valid form of identification will provide patrons with a more seamless method of ordering alcohol in licensed cafes and restaurants. It is for this reason I have no hesitation in supporting a state-wide rollout of the digital driver licence. 
ClubsNSW: Proper implementation of digital drivers' licences will be a positive development in better equipping clubs for the digital future and the industry is excited for what these changes mean. I look forward to continuing to work closely with industry as we progress to implementation of the digital driver licence and the digital photo card and thank them for their support to date. I now go through the statewide rollout of the digital driver licence and digital photo card.
Privacy is 'sacrosanct'

The Minister comments
Once launched, the people of New South Wales will be able to opt-in to receive a digital driver licence and digital photo card. These will essentially constitute a digital representation of a person's physical driver licence or photo card. 
The digital versions will be in addition to the physical licence or card, and accessible via the MyServiceNSW app, which can be downloaded to their device, such as a smartphone. The digital driver licence and digital photo card will provide a secure and user-friendly experience and be able to be authenticated visually, by viewing the visual security features, or electronically. Citizens who opt in for the digital driver licence will have the option of carrying or producing either their digital driver licence or their physical licence card when driving in New South Wales. Citizens will also be able to show their digital driver licence or digital photo card as evidence of their age and of their identity in the liquor and gaming industry to enter pubs and registered clubs, and in a variety of ways that the driver licence and photo card is currently used.
The rhetoric ramps up, complete with reference to privacy being sacrosanct ...
As many in this House know, a mobile phone is so much more than just a digital driver licence. A phone is a person's personal property and may also be used to store and access personal and private information. To ensure appropriate privacy and a citizen's right to maintain control of their personal electronic device, a driver will only need to display their digital driver licence on their device to the police or authorised officer in order for their digital driver licence to be checked. I am pleased that the Privacy Commissioner has supported this approach, stating, "This will ensure the privacy rights of an individual who holds personal information on their phone beyond the digital driver licence is preserved." ...
The member for Cessnock also will recall how important it was that, when we debated that legislation, both sides of politics agreed that privacy was sacrosanct. I do not think there is any debate in this Chamber when it comes to putting the privacy of the citizen front and centre. Indeed, when we drafted the Data Analytics Centre legislation—the Data Sharing (Government Sector) Act 2015, as it was appropriately titled—we made sure that the Privacy Commissioner was involved from the ground up in the steering committee so that we achieved the right outcome. In preparing this legislation, we engaged the Privacy Commissioner because privacy is beyond politics. It is an absolutely enshrined right of the citizen.
Further
One final question, which in my view is the most important of all, is: How does the digital driver licence and digital photo card ensure security of personal information and protect against fraud? To obtain a digital driver licence and digital photo card, a person is required to register for a MyServiceNSW account and establish their identity to link their account with Roads and Maritime Services. Once verified, the person's driver licensing or photo card information and photograph is securely released to the Department of Finance, Services and Innovation and Service NSW digital platforms to be processed to create the digital driver licence and digital photo card in the Service NSW app. None of the information or photographs is stored by the Department of Finance, Services and Innovation or Service NSW platforms. The digital driver licence and digital photo card are securely stored on a person's device. On top of any device PIN code or touch identification—fingerprint—the Service NSW app is also PIN code protected to ensure that the person's personal information remains safe and secure.  
Identity Crime

In relation to identity crime the Speech states that
Visually, the digital driver licence contains several features that can be sighted to ensure that it is not a screenshot or a fake. The digital driver licence can then be further verified by police using a "MobiPol" device, which scans a digital driver licence to initiate a search against backend police systems without the police officer having to manually type in the licence number.
Approximately 95 per cent of road traffic infringements issued by police are issued through MobiPol devices and the digital driver licence leverages this technology. In network blackspots where MobiPol is unable to connect to backend police systems, police may still verify the digital driver licence in the same way as a physical licence: by radioing back to station or using the terminals in their vehicles.
The digital driver licence and digital photo card include several visual security features that can be sighted to ensure that it is not a fake or a screenshot. For example, the design includes animations and a hologram. The digital driver licence and digital photo card also include a quick response code that may be scanned to verify its authenticity. Unauthorised use of a digital driver licence and digital photo card may also be detected through a device management framework and activity log, which will notify the person of logins from unrecognised devices or other unusual activity. 
This would mean that if someone living in Sydney has opted in to have a digital driver licence, whenever that digital driver licence is scanned they could be notified by email instantly of when and where that was done—just like a credit card. For example, if your card was scanned in Byron Bay by someone seeking to defraud you, you could instantly deactivate the digital driver licence and inform Service NSW and/or the police of the breach. This tangible security and fraud benefit comes with the digital driver licence and simply is not available with the physical card. I am pleased that the Privacy Commissioner supports this added level of protection, stating: "The recommendation that holders of a digital driver licence are notified of transactions including third party checks is supported".

21 May 2018

Whistleblowing

'Understanding and responding to victimisation of whistleblowers' (AIC Trends and Issues in Crime and Criminal Justice 549, 2018) by Inez Dussuyer and Russell Smith comments
Speaking out in the public interest — being a whistleblower — can be risky. Media reports and public inquiries into allegations of misconduct in the public and private sectors regularly recount the negative consequences that those who make reports in the public interest have experienced—despite the presence of legislation that seeks to prevent reprisals and retaliation for disclosing misconduct. Instances in which whistleblowers have lost employment and careers, suffered harassment and intimidation, and experienced threats or acts of violence continue to occur in Australia. 
This study sought to understand the nature of victimisation experienced by whistleblowers who had reported or attempted to report wrongdoing in their workplace. Information was obtained from in-depth interviews with 36 whistleblowers and 21 people who dealt with their reports in public and private sector organisations. The results confirm the nature of the harms that almost all whistleblowers experience as a consequence of reporting misconduct. The paper concludes by identifying ways in which whistleblowers could better be protected from victimisation and how the procedures and safeguards involved in the whistleblowing process could be strengthened.

Facial Recognition Questions

The 56 page Big Brother Watch report Face Off - The lawless growth of facial recognition in UK policing comments
 Facial recognition has long been feared as a feature of a future authoritarian society, with its potential to turn CCTV cameras into identity checkpoints, creating a world where citizens are intensively watched and tracked. However, facial recognition is now a reality in the UK – despite the lack of any legal basis or parliamentary scrutiny, and despite the significant concerns raised by rights and race equality groups. This new technology poses an unprecedented threat to citizens’ privacy and civil liberties, and could fundamentally undermine the rights we enjoy in public spaces. Police forces in the UK have rolled out automatic facial recognition at a pace unlike any other democratic nation in the world. Leicestershire Police, South Wales Police and the Metropolitan Police have deployed this technology at shopping centres, festivals, sports events, concerts, community events – and even a peaceful demonstration. One police force even used the surveillance tool to keep innocent people with mental health issues away from a public event.
In this report, we explain how facial recognition technology works, how it is being used by police in the UK, and how it risks reshaping our rights. We are seeking to raise awareness of this growing issue with parliamentarians and inform the wider public about what is happening behind the cameras.
In this report, we:
• Reveal new statistics following a series of freedom of information requests, exposing the shocking inaccuracy and likely unlawful practices within a number of police forces using automated facial recognition; 
• Analyse the legal and human rights implications of the police’s use of facial recognition in the UK; 
• Review the evidence that facial recognition algorithms often disproportionately misidentify minority ethnic groups and women; 
• Present guest contributions from allies worldwide warning about the impact of facial recognition on rights, including contributions from representatives of American Civil Liberties Union, Electronic Frontier Foundation, Georgetown Privacy Centre, and the Race Equality Foundation;
 We conclude by launching our campaign against the lawless growth of facial recognition in the UK, supported by rights groups, race equality groups, technologists, lawyers and parliamentarians.
 The report's key findings :
• The overwhelming majority of the police’s ‘matches’ using automated facial recognition to date have been inaccurate. On average, a staggering 95% of ‘matches’ wrongly identified innocent people. 
• Police forces have stored photos of all people incorrectly matched by automated facial recognition systems, leading to the storage of biometric photos of thousands of innocent people. 
Metropolitan Police 
• The Metropolitan Police has the worst record, with less than 2% accuracy of its automated facial recognition ‘matches’ and over 98% of matches wrongly identifying innocent members of the public. The force has only correctly identified 2 people using the technology – neither of which was a wanted criminal. One of those people matched was incorrectly on the watch list; the other was on a mental health-related watch list. However, 102 innocent members of the public were incorrectly identified by automated facial recognition. 
• The force has made no arrests using automated facial recognition. 
South Wales Police 
• South Wales Police’s record is hardly better, with only 9% accuracy of its matches whilst 91% of matches wrongly captured innocent people. 
• 0.005% of ‘matches’ led to arrests, numbering 15 in total. 
• However, at least twice as many innocent people have been significantly affected, with police staging interventions with 31 innocent members of the public incorrectly identified by the system who were then asked to prove their identity and thus their innocence. 
• The force has stored biometric photos of all 2,451 innocent people wrongly identified by the system for 12 months in a policy that is likely to be unlawful. 
• Despite this, South Wales Police has used automated facial recognition at 18 public places in the past 11 months – including at a peaceful demonstration outside an arms fair.  
Custody images 
• Out of the 35 police forces that responded to our Freedom of Information request, not one was able to tell us how many photos they hold of innocent people in their custody image database.

20 May 2018

Trade Secrets and US startups

'Why Do Startups Use Trade Secrets?' by David S. Levine and Ted M. Sichelman in (1018) 94 Notre Dame Law Review comments  
Empirical studies of the use of trade secrecy are scant, and those focusing on startups, non-existent. In this paper, we present the first set of data — drawn from the Berkeley Patent Survey — on the use of trade secrets by U.S. startup companies in the software, biotechnology, medical device, and hardware industries. 
Specifically, we report on the prevalence of trade secrecy usage among startups. Additionally, we assess the importance of trade secrets in relation to other forms of intellectual property protection and barriers to entry, such as patents, copyrights, first-mover advantage, and complementary assets. We segment these results by a variety of factors, including industry, company business model, overall revenue, patenting propensity, funding sources, innovation types, and licensing. From this segmentation, we implement a basic regression model and report on those factors showing a statistically significant relationship in the use of trade secrets by startups. 
Our results point to three major findings. First, trade secrecy serves other important aims aside from first-mover advantage. Second, trade secrets may act both as economic complements and substitutes to patenting. Third, trade secrets may serve as important strategic assets, functioning much in the same manner as patents in terms of licensing and setting the boundaries of the firm.

18 May 2018

Reidentification

Protecting unit-record level personal information: The limitations of de-identification and the implications for the Privacy and Data Protection Act by Vanessa Teague, Chris Culnane and Benjamin Rubinstein for the Office of the Victorian Information Commissioner (OVIC) offers cautions about de-identication in Victoria's public and private sectors.

The report states
De-identification is a subject that has received much attention in recent years from privacy regulators around the globe. Once touted as a silver bullet for protecting the privacy of personal information, the reality is that when it involves the release of data to the public, the process of de-identification is much more complex. 
As improvements in technology increase the type and rate at which data is generated, the possibility of re-identification of publicly released data is greater than ever. Auxiliary information – or secondary information – can be used to connect an individual to seemingly de-identified data, enabling an individual’s identity to be ascertained. Auxiliary information can come from anywhere, including other publicly available sources online. 
In recent examples of successful re-identification that we have seen in Australia, it is clear that those releasing de-identified data did not appreciate the auxiliary information that would be available for re-identification – in that they did not expect re-identification would be possible. Individual data elements may be non-distinct and recognisable in many people, but a combination of them will often be unique, making them attributable to a specific individual. This is why de-identification poses a problem for unit-record level data.
 OVIC comments
This report is one of a number of publications on de-identification produced by, or for, the Victorian public sector. Notably, in early 2018 Victoria’s Chief Data Officer issued a de-identification guideline to point to what ‘reasonable steps’ for de-identification looks like in the context of data analytics and information sharing under the Victorian Data Sharing Act 2017 (VDS Act). This paper is not aimed at the work conducted by the Victorian Centre for Data Insights (VCDI), where information sharing occurs within government with appropriate controls, and it is not intended to inhibit that work. Rather, it speaks to the use of de-identification more broadly, in circumstances where so-called ‘de-identified’ data is made freely available through public or other less inhibited release of data sets, which occurs in so-called “open data” programs. This report should be interpreted in that context. ...
This report has been produced to demonstrate the complexities of de-identification and serve as a reminder that even if direct identifiers have been removed from a data set, it may still constitute ‘personal information’. The intention is not to dissuade the use of de-identification techniques to enhance privacy, but to ensure that those relying on and sharing de-identified information to drive policy design and service delivery, understand the challenges involved where the husbandry of that data is not managed. ... Public release of de-identified information may not always be a safe option, depending on the techniques used to treat the data and the auxiliary information that the public may have access to. Wherever unit level data – containing data related to individuals – is used for analysis, OVIC’s view is that this is most appropriately performed in a controlled environment by data scientists. Releasing the data publicly in the hope that ‘de-identification’ provides protection from a privacy breach is, as this paper demonstrates, a risky enterprise.
The authors go on to state
A detailed record about an individual that has been de-identified, but is released publicly, is likely to be reidentifiable, and there is unlikely to be any feasible treatment that retains most of the value of the record for research, and also securely de-identifies it. A person might take reasonable steps to attempt to deidentify such data and be unaware that individuals can still be reasonably identified.
The word ‘de-identify’ is, unfortunately, highly ambiguous. It might mean removing obvious identifiers (which is easy) or it might mean achieving the state in which individuals cannot be ‘reasonably identified’ by an adversary (which is hard). It is very important not to confuse these two definitions. Confusion causes an apparent controversy over whether de-identification “works”, but much of this controversy can be resolved by thinking carefully about what it means to be secure. When many different data points about a particular individual are connected, we recommend focusing instead on restricting access and hence the opportunity for misuse of that data. Secure research environments and traditional access control mechanisms are appropriate.
Aggregated statistics, such as overall totals of certain items (even within certain groups of individuals) could possibly be safely released publicly. Differential privacy offers a rigorous and strong definition of privacy protection, but the strength of the privacy parameters must be traded off against the precision and quantity of the published data.
This paper discusses de-identification of a data set in the context of release to the public, for example via the internet, where it may be combined with other data. That context includes the concept of “open data”, in which governments make data available for any researchers to analyse in the hope they can identify issues or patterns of public benefit.
Therefore, it’s important to emphasise that this document should not be read as a general warning against data sharing within government, or in a controlled research environment where the combination of the data set with other data can be managed. It is not intended to have a chilling effect on sharing of data in those controlled environments.
 In reference to statutory responsibilities the report comments
In taking ‘reasonable steps’, a data custodian must have regard to not only the mathematical methods of de-identifying the information, but also “the technical and administrative safeguards and protections implemented in the data analytics environment to protect the privacy of individuals”.
Therefore, there is a possibility that in some circumstances, a dataset in which ‘reasonable steps’ have been taken for de-identification under the VDS Act may not be de-identified according to the PDP Act, because individuals may still be ‘reasonably identified’ if the records are released publicly outside the kinds of research environments described in the VDS Act.
In this report, we describe the main techniques that are used for de-identifying personal information. There are two main ways of protecting the privacy of data intended for sharing or release: removing information, and restricting access. We explain when de-identification does (or does not) work, using datasets from health and transport as examples. We also explain why these techniques might fail when the de-identified data is linked with other data, so as to produce information in which an individual is identifiable.
Does de-identification work? In one sense, the answer is obviously yes: de-identification can protect privacy by deleting all the useful information in a data set. Conversely, it could produce a valuable data set by removing names but leaving in other personal information. The question is whether there is any middle ground; are there techniques for de-identification that “work” because they protect the privacy of unit-record level data while preserving most of its scientific or business value?
Controversy also exists in arguments about the definitions of ‘de-identification’ and ‘work’. De-identification might mean:
• following a process such as removing names, widening the ranges of ages or dates, and removing unusual records; or 
• achieving the state in which individuals cannot be ‘reasonably identified’.
These two meanings should not be confused, though they often are. A well-intentioned official might carefully follow a de-identification process, but some individuals might still be ‘reasonably identifiable’. Compliance with de-identification protocols and guidelines does not necessarily imply proper mathematical protections of privacy. This misunderstanding has potential implications for privacy law, where information that is assumed to be de-identified is treated as non-identifiable information and subsequently shared or released publicly.
De-identification would work if an adversary who was trying to re-identify records could not do so successfully. Success depends on ‘auxiliary information’ – extra information about the person that can be used to identify their record in the dataset. Auxiliary information could include age, place of work, medical history etc. If an adversary trying to re-identify individuals does not know much about them, re-identification is unlikely to succeed. However, if they have a vast dataset (with names) that closely mirrors enough information in the de-identified records, re-identification of unique records will be possible.
4. Can the risk of re-identification be assessed?
For a particular collection of auxiliary information, we can ask a well-defined mathematical question: can someone be identified uniquely based on just that auxiliary information?
There are no probabilities or risks here – we are simply asking what can be inferred from a particular combination of data sets and auxiliary information. This is generally not controversial. The controversy arises from asking what auxiliary information somebody is likely to have.
For example, in the Australian Department of Health's public release of MBS/PBS billing data, those who prepared the dataset carefully removed all demographic data except the patient’s gender and year of birth, therefore ensuring that demographic information was not enough on its own to identify individuals. However, we were able to demonstrate that with an individual's year of birth and some information about the date of a surgery or other medical event, the individual could be re-identified. There was clearly a mismatch between the release authority's assumptions and the reality about what auxiliary information could be available for re-identification.
5. How re-identification works
Re-identification works by identifying a ‘digital fingerprint’ in the data, meaning a combination of features that uniquely identify a person. If two datasets have related records, one person's digital fingerprint should be the same in both. This allows linking of a person's data from the two datasets – if one dataset has names then the other dataset can be re-identified.
Computer scientists have used linkage to re-identify de-identified data from various sources including telephone metadata, social network connections, health data and online ratings, and found high rates of uniqueness in mobility data and credit card transactions.  Simply linking with online information can work.
Most published re-identifications are performed by journalists or academics. Is this because they are the only people who are doing re-identification, or because they are the kind of people who tend to publish what they learn? Although by definition we won’t hear about the unpublished re-identifications, there are certainly many organisations with vast stores of auxiliary information. The database of a bank, health insurer or employer could contain significant auxiliary information that could be of great value in re-identifying a health data set, for example, and those organisations would have significant financial incentive to do so. The auxiliary information available to law-abiding researchers today is the absolute minimum that might be available to a determined attacker, now or in the future.
This potential for linkage of one data set with other data sets is why the federal Australian Government's draft bill to criminalise re-identification is likely to be ineffective, and even counterproductive. If re-identification is not possible then it doesn't need to be prohibited; if re-identification is straightforward then governments (and the people whose data was published) need to find out.
The rest of this report examines what de-identification is, whether it works, and what alternative approaches may better protect personal information. After assessing whether de-identification is a myth, we outline constructive directions for where to go from here. Our technical suggestions focus on differential privacy and aggregation. We also discuss access control via secure research environments

15 May 2018

Should Robots Have Privacy?

'Schrödinger's Robot: Privacy in Uncertain States' by Ian E Kerr in (2019) 20 Theoretical Inquiries in Law asks
Can robots or AIs operating independent of human intervention or oversight diminish our privacy? There are two equal and opposite reactions to this issue. On the robot side, machines are starting to outperform human experts in an increasing array of narrow tasks, including driving, surgery, and medical diagnostics. This is fueling a growing optimism that robots and AIs will exceed humans more generally and spectacularly; some think, to the point where we will have to consider their moral and legal status. On the privacy side, one sees the very opposite: robots and AIs are, in a legal sense, nothing. Judge Posner, for example, has famously opined that they do not invade privacy because they are not sentient beings. Indeed, the received view is that since robots and AIs are neither sentient nor capable of human-level cognition, they are of no consequence to privacy law. 
This article argues that robots and AI operating independently of human intervention can and, in some cases, already do diminish our privacy. Rejecting the all-or-nothing account of robots and privacy described above, I seek to identify the conditions that give rise to diminished privacy in order to see whether robots and AI can meet those conditions. To do so, I borrow from epistemic privacy — a theory that understands a subject’s state of privacy as a function of another’s state of cognizance regarding the subject’s personal facts. Epistemic privacy offers a useful analytic framework for understanding the kind of cognizance that gives rise to diminished privacy. 
I demonstrate that current robots and AIs are capable of developing truth-promoting beliefs and observational knowledge about people without any human intervention, oversight, knowledge, or awareness. Because machines can actuate on the basis of the beliefs they form in ways that affect people’s life chances and opportunities, I argue that they demonstrate the kind of cognizance that definitively implicates privacy. Consequently, I conclude that legal theory and doctrine will have to expand their understanding of privacy relationships to include robots and AIs that meet these epistemic conditions. An increasing number of machines possess epistemic qualities that force us to rethink our understanding of privacy relationships with robots and AIs.

Searches

The Age reports that Australian Federal Police 'will be given sweeping new powers to demand identification from travellers under new laws to boost counter-terrorism efforts at Australia's airports' on the basis of what Prime Minister Turnbull characterises as 'dangerous times'.

The AFP will be able to ask anyone for ID and eject them from the airport as part of a 2018 budget announcement. Under existing laws, police can only demand ID if they have reasonable grounds to suspect someone is involved in criminal activity.

Home Affairs Minister Peter Dutton commented 
There's certain conditions that need to be met at the moment before police can ask for that identification. Which is an absurdity and it’s an issue that the police have raised with us. So we're addressing an anomaly and a deficiency in the law at the moment. 
The new rules will not require domestic  travellers to carry ID.

We can presumably expect calls for similar checking by state/territory police at other transport nodes, such as major rail stations, and public/private entertainment or retail facilities.

14 May 2018

Information Economics

'Information Wants to Be Expensive, Not Free! And this is Bad for Justice, Democracy, the Economy' by Dieter Zinnbauer ( (Transparency International) comments
This essay is rather speculative. I argue that there is a very much overlooked characteristic of information goods, particularly digital information goods – that leads to a substantive, yet rarely discussed market failure with far-reaching consequences for important classes of information related to our education and research system, the judiciary, markets and democracy at large. 
This overlooked feature is the positionality of many information goods. Positionality means that the utility of a specific information item for user x depends on the level of consumption of the same item by other users. Specific types of information are more valuable (or at times only valuable), when they are very exclusively available only to a small band of users. Or more intuitively, the fewer other people have a specific piece of information at a given point in time, the more valuable it may be to me.
Surprisingly, this simple characteristic is rarely discussed in the information literature or perhaps seems just too obvious to merit deeper analysis. Yet, as I will try to show, the positionality of information has far-reaching implications for the functioning of information markets and for the actual incentive systems of different players that all too often seem to be mis-construed as overly pro-social. And putting a focus on positionality also highlights the relevance and urgency for revisiting related regulatory policies, in order to ponder possible corrective interventions to tackle the ensuing informational imbalances and exclusive practices that positionality-oriented pricing structures for such information will generate.
The argument is developed as follows: The introductory chapter presents a number of quotes that are indicative of different perspectives on information dynamics and lays out the rationale for this essay. Chapter 2 briefly discusses the conventional view and analysis of market failures in information that serve as backdrop against which the argument developed here is set. Chapter 3 introduces the concept of positionality and argues for its applicability to many information markets. Chapter 4 traces the implications of informational positionality that primarily works through pricing for exclusivity across key societal institutions: research and education; the judicial system, markets and investment and finally politics and democratic decision-making.
The concept of information as positional goods offers a fresh perspective with regard to market failures and informational problems in all these areas. In addition, such a prism suggests to revisit the incentives involved and thus the overall political economy dynamics of how different stakeholders define and act upon their interests in these situations. As it turns out, commitment to openness and fair and inclusive information access may run less deep than is usually assumed. The analysis also suggests that many open government initiatives have only a limited remedial effect on these market failures. Chapter 5 develops a set of speculative conjectures about how information positionality might shape information markets in the near future – or may have already begun to do without much public notice. Finally, chapter 6 flags some ideas for possible entry points for remedies and regulatory approaches. As mentioned at the outset the line of reasoning is rather exploratory and seeks to flag specific issues and ideas for discussion and further investigation rather than exploring them in detail.

Cashless Economy

Goodbye privacy? Matthew Lesh of the IPA in today's The Age - 'Measures to tackle black economy are suspiciously totalitarian' - comments
The Turnbull government’s proposed ban on cash payments above $10,000 is a disturbing breach of our right to privacy, an attack on the basic liberty of free exchange, and will worsen Australia’s red tape crisis. ... In practice, the ban will be ineffective and unenforceable. A transaction limit will not make criminals suddenly law-abiding citizens – they will flout the rules by using multiple smaller transactions and illegal bank accounts with stolen identities. 
The ban will, however, prevent the many genuine uses of cash, including keeping transactions private from prying eyes, avoiding credit card transaction fees, and the preference for physical cash over non-material digital currency. 
In 1984, George Orwell explored how Big Brother uses surveillance to control citizens. "Always the eyes watching you and the voice enveloping you. Asleep or awake, working or eating, indoors or out of doors, in the bath or in bed – no escape," Orwell wrote. 
The intention of the cash ban is to create an accessible digital record of transactions that government can monitor. This establishes a creepy precedent, foreshadowing a future in which you are only allowed to make purchases that Big Brother can watch. If the government should be able to track our transactions why stop at $10,000? Why not $5000? Why not, as some commentators have proposed, $0? 
In the long-run, a cashless society would immensely empower the state, which could use our spending habits to reward and punish certain behaviour, or introduce taxes on savings. Imagine a future in which because you spend "too much" on unhealthy food, the government charges you higher taxes; or because you don't have a gym membership you have to pay a higher Medicare surcharge. 
Cash is not only an important protection from state power, it also provides privacy from partners and families, and financial institutions and businesses.
 The Treasurer's Budget Speech referred to measures that
include outlawing large cash payments of greater than $10,000 in the Australian economy. 
This will be bad news for criminal gangs, terrorists and those who are just trying to cheat on their tax or get a discount for letting someone else cheat on their tax. 
It's not clever. It's not OK. It's a crime.
More detail is provided in the statement that
The Government will combat the harm the black economy is doing to honest individuals, businesses and the Australian community. The black economy is a complex, costly and growing economic and social problem covering a range of issues which detract from the integrity of Australia’s tax system. 
In response to the Black Economy Taskforce Final Report, the Government is announcing a comprehensive approach to stamping out the black economy, levelling the playing field for all businesses, and changing perceptions that black economy behaviour is acceptable. 
New measures include
  • increasing the ability of enforcement agencies to detect and disrupt black economy participants. 
  • removing the unfair advantage black economy participation gives businesses by removing deductions for non‑compliant payments and changing the Government’s procurement procedures to incentivise tax compliance in supply chains. 
  • consulting on reforms to the Australian Business Number (ABN) system to improve the confidence the community has in identifying who they are dealing with, including development of rigorous new identification systems for company directors (DINs). 
  • introducing an economy‑wide cash payment limit for large cash transactions of $10,000 to reduce the ability of black economy operators to use cash to avoid their tax and reporting obligations and launder the proceeds of crime.  
  • providing additional funding to the Tax Practitioners Board to take action against tax agents that facilitate activity in the black economy. 
  • expanding the taxable payments reporting system to contractors in industries with higher identified risks of not reporting their income.
The Government is also creating an Illicit Tobacco Taskforce which will investigate, prosecute and dismantle organised crime groups operating in illicit tobacco. The taxing point of tobacco will also be moved to when it enters Australia to help starve the illegal tobacco market.

NonhumanAnimals

'Exonerating the Innocent: Habeas for Nonhuman Animals - Wrongful Convictions and the DNA Revolution: Twenty-Five Years of Freeing the Innocent' (University of Denver Legal Studies Research Paper No. 18-16) by Justin F. Marceau and Steve Wise comments
It is hard to conceive of a greater blemish on our justice system than the punishment of innocent persons. The idea of imprisoning or executing an innocent person almost defies the human capacity for empathy; it is nearly impossible to imagine oneself in such circumstances. Advances in science and the work of non-profits like the Innocence Project have made the exoneration of more than 300 people possible. And while the struggle to liberate unjustly incarcerated persons must continue, and should be accelerated, the cruelty of punishing innocents is not limited to the incarceration of human animals. It is time to consider the need to liberate at least some nonhuman animals from the most horrible confinement. These nonhuman animals are unquestionably innocent, their conditions of confinement, at least in some cases, are uniquely depraved; and their cognitive functioning, much less their ability to suffer, rivals that of humans. It is time to seriously consider habeas type remedies for nonhuman beings. 
We are cognizant that the call for nonhuman habeas may cause some to construe this project as one that dishonors or diminishes the efforts that have led to exonerations and the work that remains to be done in the context of human innocence. Nothing could be further from our purpose. One of us has been involved in death penalty defense and litigating claims of wrongful incarceration since graduating from law school, and the commitment to those issues remains unflappable. Indeed, we hope the salience of the cause of liberating humans will be reinforced by our efforts to cross the species barrier. It does no disservice to the cause of innocent humans to suggest that we pay closer attention to the suffering of nonhuman animals. Just as we look back in disgust at our forefathers who were less careful in their protection of human innocents, we predict that our grandchildren will judge us for the way we collectively treat nonhuman animals.
This Chapter proceeds in three parts. First, it analyzes the question of whether exoneration or innocence in the context of nonhuman confinements is illogical. Second, assuming it is a proper question at all, it examines why we would consider exonerating nonhuman animals, that is to say, what are the scientific and social reasons for contemplating relief for humans? Finally, the Chapter considers the practical viability of nonhuman habeas at least for a limited class of nonhuman animals subject to particularly harsh conditions. In so doing, the Chapter discusses the cutting-edge cases filed in recent years by the Nonhuman Rights Project (“NhRP”) seeking habeas review for chimpanzees.
'Meaning in the lives of humans and other animals' by Duncan Purves and Nicolas Delon in (2018) 175(2) Philosophical Studies 317–338 argues that
contemporary philosophical literature on meaning in life has important implications for the debate about our obligations to non-human animals. If animal lives can be meaningful, then practices including factory farming and animal research might be morally worse than ethicists have thought. We argue for two theses about meaning in life: (1) that the best account of meaningful lives must take intentional action to be necessary for meaning—an individual’s life has meaning if and only if the individual acts intentionally in ways that contribute to finally valuable states of affairs; and (2) that this first thesis does not entail that only human lives are meaningful. Because non-human animals can be intentional agents of a certain sort, our account yields the verdict that many animals’ lives can be meaningful. We conclude by considering the moral implications of these theses for common practices involving animals.
 The authors ask
Can animals1 have meaningful lives? This question has been largely omitted from discussions of meaning in contemporary analytic philosophy. It has also been largely ignored by the animal ethics literature. Perhaps the omission is a result of philosophers thinking that the question is misplaced or that it involves a category mistake. Yet, we will argue, the omission is important, because assessing the possibility of meaning in animal life is vital for understanding the full scope and content of our ethical obligations to animals. If meaning is a constituent of a good life, and some of our practices deprive animals’ lives of meaning, then this may be an overlooked way in which our practices harm them. 
In this paper we argue for two theses about the meaningfulness of animal life: (1) that the best account of meaningful lives requires acting intentionally in ways that contribute to final value; and (2) that this does not entail that the lives of animals are necessarily meaningless. A life can count as ‘meaningless’ either because it possesses zero meaning or because attributing meaning to a life of that sort would be a category mistake. To illustrate the difference, the number 2 is heatless, not because it is cold, but because it is not the sort of thing to which the concept HEAT applies. Analogously, a virus’s life is meaningless, not because it possesses zero meaning, but because the concept MEANING simply doesn’t apply. Our second thesis can be understood as a rejection of the claim that the lives of animals are meaningless in either of these senses. To the contrary, to the extent that animals can be intentional agents, our account of meaning yields nuanced verdicts concerning which animal lives are meaningful. It also accounts for the intuitively right range of cases involving humans. Section 2 discusses some prominent theories of meaning in the recent philosophical literature and their associated problems. In Sect. 2 we also propose and defend our intentional theory of meaning. In Sect. 3 we consider the implications of this theory for the possibility of meaning in the lives of animals. In Sect. 4 we discuss the ethical importance of the possibility of meaning in animal life.

AGSVA

The Australian National Audit Office report Mitigating Insider Threats through Personnel Security - consistent with past ANAO and Parlt Committee reports - identifies concerns regarding the national security vetting regime.

The audit report objective was to assessment of 'the effectiveness of the Australian Government’s personnel security arrangements for mitigating insider threats'.

ANAO states
 The Protective Security Policy Framework (PSPF) outlines a suite of requirements and recommendations to assist Australian Government entities to protect their people, information and assets. Personnel security, a component of the PSPF, aims to provide a level of assurance as to the eligibility and suitability of individuals accessing government resources, through measures such as conducting employment screening and security vetting, managing the ongoing suitability of personnel and taking appropriate actions when personnel leave. In 2014, the Attorney-General announced reforms to the PSPF to mitigate insider threats by requiring more active management of personnel risks and greater information sharing between entities. At the time of the audit, further PSPF reforms were being considered by the Government. 
The Australian Government Security Vetting Agency (AGSVA) was established within the Department of Defence (Defence) from October 2010 to centrally administer security vetting on behalf of most government entities (with the exception of five exempt intelligence and law enforcement entities). Centralised vetting was expected to result in: a single security clearance for each employee or contractor, recognised across government entities; a more efficient and cost-effective vetting service; and cost savings of $5.3 million per year. ANAO Audit Report No.45 of 2014–15 Central Administration of Security Vetting concluded that the performance of centralised vetting had been mixed and expectations of improved efficiency and cost-effectiveness had not been realised. ... 
The effectiveness of the Australian Government’s personnel security arrangements for mitigating insider threats is reduced by: AGSVA not implementing the Government’s policy direction to share information with client entities on identified personnel security risks; and all audited entities, including AGSVA, not complying with certain mandatory PSPF controls. 
AGSVA’s security vetting services do not effectively mitigate the Government’s exposure to insider threats. AGSVA collects and analyses information regarding personnel security risks, but does not communicate risk information to entities outside the Department of Defence or use clearance maintenance requirements to minimise risk. Since the previous ANAO audit, AGSVA’s average timeframe for completing Positive Vetting (PV) clearances has increased significantly. AGSVA has a program in place to remediate its PV timeframes, and it has established a comprehensive internal quality framework. AGSVA plans to realise many process improvements through procuring a new information and communications technology (ICT) system, which is expected to be fully operational in 2023. 
Selected entities’ compliance with PSPF personnel security requirements was mixed. While most entities had policies and procedures in place for personnel security, some entities were only partially compliant with the PSPF requirements to ensure personnel have appropriate clearances. None of the entities had fully implemented the PSPF requirements introduced in 2014 relating to managing ongoing suitability. In addition, entities did not always notify AGSVA when clearance holders leave the entity.
It goes on to note that
AGSVA’s clearances do not provide sufficient assurance to entities about personnel security risks. A significant proportion of vetting assessments in 2015–16 and 2016–17 resulted in potential security concerns being identified, but the majority (99.88 per cent) of vetting decisions were to grant a clearance without additional risk mitigation. On rare occasions AGSVA minimised risk by denying the requested clearance level and granting a lower level, or avoided risk by denying a clearance. In some cases identified concerns, which were accepted by AGSVA on behalf of sponsoring entities, should have been communicated to entities or managed through clearance maintenance requirements. 
AGSVA does not provide information about identified security concerns to sponsoring entities outside Defence due to a concern that disclosure would breach the Privacy Act 1988. The PSPF was revised in 2014 to require AGSVA to update its informed consent form to allow such disclosure to occur. Defence and AGD gave a commitment to Government in October 2016 that AGSVA would start sharing risk information in 2017–18. AGSVA updated its consent form in February 2017, but its revised form does not explicitly obtain informed consent to share information with entities. Consequently, AGSVA has not met the intent of the Government’s 2014 policy reform. 
AGSVA’s information systems do not meet its business needs, which has resulted in inefficient processes and data quality and integrity issues. Defence is in the scoping and approval stages of a project to develop a replacement ICT system, which is expected to be fully operational in 2023. The audit included additional work on information security, which is the subject of a report prepared under section 37(5) of the Auditor-General Act 1997.

13 May 2018

Australian Data Breach Regime

The incisive 'The introduction of data breach notification legislation in Australia: A comparative view' by Angela Daly in (2018) 34(3) Computer Law and Security Review states
This article argues that Australia's recently-passed data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and its coming into force in 2018, makes an internationally important, yet imperfect, contribution to data breach notification law. Against the backdrop of data breach legislation in the United States and European Union, a comparative analysis is undertaken between these jurisdictions and the Australian scheme to elucidate this argument. Firstly, some context to data breach notification provisions is offered, which are designed to address some of the problems data breaches cause for data privacy and information security. There have been various prominent data breaches affecting Australians over the last few years, which have led to discussion of what can be done to deal with their negative effects. The international context of data breach notification legislation will be discussed, with a focus on the United States and European Union jurisdictions, which have already adopted similar laws. The background to the adoption of the Australia legislation will be examined, including the general context of data privacy and security protection in Australia. The reform itself will be then be considered, along with the extent to which this law is fit for purpose and some outstanding concerns about its application. While data breach notification requirements are likely to be a positive step for data security, further reform is probably necessary to ensure strong cybersecurity. However, such reform should be cognisant of the international trends towards the adoption of data security measures including data breach notification, but lack of alignment in standards, which may be burdensome for entities operating in the transnational data economy.

ASIO Questioning and Detention Powers

The report by the Parliamentary Joint Committee of Intelligence and Security on its review of the operation, effectiveness and implications of Division 3 of Part III (the questioning and detention powers) of the Australian Security Intelligence Organisation Act 1979 (Cth) considers
whether there is a need for an ASIO questioning power in the current security context, and the interaction of ASIO’s questioning and detention powers with other counter-terrorism powers that have more recently been introduced.
Those powers were discussed in ‘The Extraordinary Questioning and Detention Powers of the Australian Security Intelligence Organisation’ by Lisa Burton, Nicola McGarrity and George Williams in (2012) 36(2) Melbourne University Law Review noted here

Under
Division 3 of Part III of the Act allows ASIO, upon obtaining a warrant, to question a person under compulsion in order to obtain intelligence that is important in relation to a terrorism offence. With the Attorney-General’s consent, ASIO may request either a questioning warrant (QW) or a questioning and detention warrant (QDW) from an issuing authority (a judge acting in a personal capacity). Both warrant types require the person to appear before a prescribed authority for questioning in relation to the relevant terrorism offence/s. Under a QDW police officers take the person into custody and detain that person; under a QW the person is not initially apprehended or detained, instead appearing for questioning at a specified time. QDWs may be obtained where there are reasonable grounds for believing that, if the person is not immediately detained, the person may alert someone involved in a terrorism offence, may not appear for questioning, or may destroy or damage relevant records or things; and that relying on other methods of collecting that intelligence would be ineffective. 
The prescribed authority controls the questioning and detention process and may make a range of directions, including to detain the person or defer (or extend) questioning. Questioning may occur for up to eight hours, but this can be extended on request up to a maximum of 24 hours (or 48 hours if using an interpreter).7 Under a QDW, the person is detained until either the questioning has ceased, the above maximum questioning period is reached, or 168 hours (7 days) has passed from the time the person was brought before the prescribed authority, whichever is the earliest. 
During questioning, the person must provide any information, records or things requested. There is no privilege against self-incrimination—the person must answer the questions or produce the requested things even though it may incriminate them; however, any information provided cannot be used against the person in a criminal proceeding
The report notes
A range of safeguards apply. The [Inspector-GeneraI of Intelligence and Security] IGIS must be provided with a copy of any warrant requests, issued warrants, recordings made of questioning, and details of actions undertaken pursuant to a warrant. The IGIS may be present when a person is taken into custody under a QDW and during questioning under either warrant type.  The IGIS may raise concerns about any impropriety or illegality under the warrant and the prescribed authority must consider those concerns and may suspend questioning and other processes until the concerns are addressed. If the person wishes to make a complaint to the IGIS or the Ombudsman, then the person must be given facilities to enable them to make the complaint. 
The person may contact a lawyer. However, the person may be prevented from contacting a particular lawyer if the person is in detention and the prescribed authority is satisfied, on the basis of circumstances relating to that lawyer, that contacting that lawyer would mean:
a. a person involved in a terrorism offence may be alerted that the offence is being investigated; or 
b. a record or thing that the person may be requested to produce in accordance with the warrant may be destroyed, damaged or altered. 
A person’s contact with their lawyer can be monitored by ASIO. Reasonable opportunities must be provided for the lawyer to advise the person, and the lawyer may request permission to address the prescribed authority during breaks in questioning. The lawyer may not, however, intervene in the questioning or address the prescribed authority during questioning, except to clarify an ambiguous question. If the lawyer fails to comply with these restrictions, and is considered by the prescribed authority to be unduly disruptive of the questioning, the lawyer may be removed. If removed, the prescribed authority must permit the person to contact another lawyer. 
A range of criminal offences apply for non-compliance with the warrant, including for when the person fails to appear for questioning, makes a false statement, or fails to answer a question. Persons who commit these offences face a five year term of imprisonment. 
Secrecy offences also apply. During the life of a warrant, the person and their lawyer must not, on a strict liability basis, disclose the existence of the warrant, the fact of the questioning or detention or any operational information. In the two years following the expiry of the warrant, the person and lawyer also must not, on a strict liability basis, disclose any operational information obtained as a result of the questioning. The penalty for either offence is five years imprisonment
 The Committee makes four recommendations
R1 that the Australian Security Intelligence Organisation retains a compulsory questioning power under the Act. 
R2 that ASIO’s current detention powers, as set out in Division 3 of Part III of the Act, be repealed. 
R3 that the Government develop legislation for a reformed ASIO compulsory questioning framework, and refer this legislation to the Committee for inquiry and report. The Committee further recommends that proposed legislation be introduced by the end of 2018 and that the Committee be asked to report to the Parliament no sooner than three months following introduction. The Committee considers any proposed legislation should include an appropriate sunset clause. 
R4 that the Act be amended to extend the sunset date of 7 September 2018 by 12 months to allow sufficient time for legislation to be developed and reviewe

08 May 2018

National Security, Risk and Migration Vetting

'Extreme Vetting of Immigrants: Estimating Terrorism Vetting Failures', a Cato study by David J. Bier, comments
President Donald Trump has promised to implement “extreme vetting” of immigrants and foreign travelers, asserting that wide-spread vetting failures had allowed many ter- rorists to enter the United States. This policy analysis provides the first estimate of the number of ter- rorism vetting failures, both before and after the vetting enhancements implemented in response to the September 11, 2001, attacks. Vetting failures are rare and have become much rarer since 9/11.
A terrorism vetting failure occurs when a foreigner is granted entry to the United States who had terrorist associations or sympathies and who later committed a terrorism offense including support for terrorist groups abroad. This analysis defines vetting failure broadly to include individuals who had privately held extremist views before entry. Moreover, unless evidence exists to the contrary, it assumes that anyone who entered the United States legally either as an adult or older teenager, and who was charged with a terrorism offense within a decade of entry, entered as a result of a vetting failure, even without any evidence that he or she was radicalized prior to entry.
By this definition, only 13 people — 2 percent of the 531 individuals convicted of terrorism offenses or killed while committing an offense since 9/11 — entered due to a vetting failure in the post-9/11 security system. There were 52 vetting failures in the 15 years leading up to 9/11, four times as many as in the 15 years since the attacks. From 2002 to 2016, the vetting system failed and permitted the entry of 1 radicalized terrorist for every 29 million visa or status approvals. This rate was 84 percent lower than during the 15-year period leading up to the 9/11 attacks. Only 1 of the 13 post-9/11 vetting failures resulted in a deadly attack in the United States. Thus, the rate for deadly terrorists was 1 for every 379 million visa or status approvals from 2002 through 2016.
During this same period, the chance of an American being killed in an attack committed by a terrorist who entered as a result of a vetting failure was 1 in 328 million per year. The risk from vetting failures was 99.5 percent lower during this period than during the 15-year period from 1987 to 2001. The evidence indicates that the U.S. vetting system is already “extreme” enough to handle the challenge of foreign terrorist infiltration.

Homeopathy in Australian Pharmacies

The national Government has released its response to last year's Final Report of the Review of Pharmacy Remuneration and Regulation.

The response is of particular interest for disengagement regarding the sale and promotion of homeopathic products, which - as noted in a range of authoritative studies highlighted in this blog (eg here and here) - have no therapeutic efficacy apart from the placebo effect. It is disquieting that pharmacists continue to sell 'medications' in which it is impossible to detect a pharmacologically active agent. That practice, and the Commonwealth's response (an embodiment of regulatory capture), tells us something useful about health policy and about regulation, which we can contextualise through reference to the failures of ASIC, TGA, APRA and the OAIC evident in current reporting of for example the Hayne Royal Commission.

The response states
The Government responds to the Report in accordance with meeting its obligations under the Sixth Community Pharmacy Agreement (6CPA). The independent Review upholds a commitment made between the Australian Government and the Pharmacy Guild of Australia (the Guild), during negotiations of the 6CPA in 2015, to conduct a comprehensive review of pharmacy remuneration and regulation.
The Terms of Reference for the Review provided that it would make recommendations on the future remuneration, regulation including pharmacy location rules and other arrangements that apply to pharmacy and wholesalers for the dispensing of medicines and other services, including preparation of infusions or injections for chemotherapy, provided under the Pharmaceutical Benefits Scheme (PBS), to ensure consumers have reliable and affordable access to medicines.
In November 2015, the then Minister for Health, the Hon Sussan Ley MP, appointed Professor Stephen King to chair a panel of three eminent independent reviewers to undertake the Review. Other members appointed to the Review Panel were Ms Jo Watson and Mr Bill Scott. The Government acknowledges the comprehensive consultation, analysis and strategic thinking undertaken by the Review Panel in delivering the Report.
The Government notes that the Report has been informed by an extensive public consultation process and gratefully acknowledges the input of all individuals and organisations who contributed their knowledge, expertise and vision to the Review.
The Report notes that Australia’s pharmacy sector is evolving and adapting to change – it is in the midst of transition from a product supply focus to one which is more patient-centred and adaptive to an outcomes-based approach to the optimal use of medicines – and that this trend is also occurring internationally.
The Government notes that a number of recommendations of the Review complement work that has already been undertaken, or is in progress by Government and/or other organisations, agencies or jurisdictions to progress issues that support community pharmacy with this transition. Other recommendations of the Review will require further investigation by Government. The Government recognises the pivotal role of the community pharmacy sector in delivering medicines to Australian patients. The Government is committed to working closely with community pharmacies and other stakeholders to address the significant pressures being placed on the health system, including a growing burden of chronic disease, an ageing population, and growing demand for high-cost, high-tech services and breakthrough medicines.
xxx The 6CPA between the Government and the Guild provides approximately $18.9 billion to more than 5,700 community pharmacies for dispensing PBS medicines, providing pharmacy programs and services and for the Community Service Obligation (CSO) arrangements with pharmaceutical wholesalers.
The 6CPA, which operates until 30 June 2020, supports Australia’s National Medicines Policy and the sustainability of the PBS, contributes to the Government’s investment in new medicine listings (since coming into Government in September 2013, the Coalition has added around $8.2 billion worth of medicines to the PBS) and provides greater certainty of Government revenue to community pharmacies, in an environment of ongoing medicine price reductions associated with price disclosure.
In May 2017, the Government entered into a compact with the Guild to strengthen the PBS. As part of the 2017-18 Budget measure Improving Access to Medicines – support for community pharmacies, the Government is providing $825 million over three years from 2017–18 to support and improve Australians’ access to medicines.
This funding includes an additional $210 million over three years to community pharmacies and $15 million to pharmaceutical wholesalers in response to lower than forecast prescription volumes and in recognition of the impact of the package of price reduction policies outlined in the Budget measure. As part of the 2017-18 Budget measure, the Government is also providing $600 million in funding to community pharmacy for new and expanded community pharmacy programs delivered under the 6CPA. This funding will enable pharmacies to offer new or expanded services to consumers, including home visits by pharmacists, helping patients with their medication, and supporting Health Care Homes (HCH) with medicine management. The Government undertakes to work collaboratively with the Guild and other key stakeholders to maintain the community pharmacy model and to secure a viable community pharmacy sector that continues to meet the needs of consumers into the future.
The recommendations in the report cover
 2-1: PBS Pricing Variations. 
2-2: The $1 Discount. 
2-3: PBS Safety Net 
2-4: Pharmacy Atlas 
2-5: Consumer Medicines Information. 
2-6: Electronic Prescriptions . 
2-7: Electronic Medications Record 
2-8: Electronic Prescriptions — Consumer Choice 
3-1: Access to Medicines Programs for Indigenous Australians 
3-2: Pharmacy Ownership and Operation by an Aboriginal Health Service 
3-3: Patient Labelling of Medicines under Bulk Supply Arrangements 
3-4: Machine Dispensing 
4-1: Community Pharmacy — Minimum Services 
4-2: Complementary Medicines in Community Pharmacy 
4-3: Placement of Scheduled Medicines within a Community Pharmacy 
4-4: Sale of Homeopathic Products in PBS Approved Pharmacies 
5-1: Community Pharmacy Accounting Information (King  and Watson) and Alternative Recommendation 5-1 (Scott) 
5-2: Remuneration to be based on the Cost of Dispensing Services Associated with a Best Practice Pharmacy Model (King and Watson)  and Alternative Recommendation (Scott) 
5-3: Remuneration for Dispensing – Methodology (King and Watson) and Alternative Recommendation  (Scott) 
5-4: Remuneration Limits 
5-5: Remuneration for Other Services 
6-1: Reforms to Pharmacy Location Rules 
6-2: Pharmacy Location Rules — Concentration of Ownership 
6-3: Transparency in Government Programs . 
6-4: Rural Pharmacy Maintenance Allowance 
6-5: Harmonising Pharmacy Legislation 
6-6: Evaluation Mechanisms 
7-1: Community Service Obligation 
7-2: A Comprehensive Supply Chain Analysis 
7-3: Supporting Access to High-Cost Medicines 
7-4: Supporting Access to Highly Specialised Medicines 
7-5: Tightening the Listing of Generic Medicine 
8-1: Scope of Community Pharmacy Agreements — Dispensing 
8-2: Scope of Community Pharmacy Agreements — Wholesaling 
8-3: Scope of Community Pharmacy Agreements — Programs and Services 
8-4: Community Pharmacy Agreement Participants. 
9-1: Community Pharmacy Programs — Key Principles . 
9-2: Dose Administration Aids — Standards . 
9-3: Home Medicines Review — Removal of Caps 
9-4: Pharmacy Support for Residential Aged Care Facilities 
9-5: Support for Expanded Pharmacy Services Identified by Pharmacy Trial Program 
10-1: Chemotherapy Compounding — Uniform Minimum Standards 
10-2: Chemotherapy Compounding — Payments. 
10-3: Chemotherapy Compounding — Practice Models 
11-1: Managing Patient Medicine Risks on Discharge from Hospitals
In relation to Recommendation 4-4: 'Sale of Homeopathic Products in PBS Approved Pharmacies' the report noted
 Homeopathy and homeopathic products should not be sold in PBS-approved pharmacies. This requirement should be referenced and enforced through relevant policies, standards and guidelines issued by professional pharmacy bodies. 
The Government response is
The Government notes this recommendation. 
The Government notes the importance of the provision of information to consumers for all medicines and health related products available through community pharmacy. 
Professional standards have been designed for use by individual pharmacists to assess their own professional practice. They are intended to serve as guidance for desired standards of practice. However, it is the sole responsibility of the individual pharmacist to determine, in all circumstances, whether a higher standard is required. It is equally their  responsibility to meet that standard and ensure that consumers are provided with the best available information about the current evidence for, or lack-of efficacy in, offered treatments and therapies. 
As in relation to Recommendation 4-2, the Government has accepted the recommendations of the independent RMMDR reforming the regulation of complementary medicines in Australia.
The report's recommendation regarding 4-2 was
Community pharmacists are encouraged to:
a. display complementary medicines for sale in a separate area where customers can easily access a pharmacist for appropriate advice on their selection and use; and 
b. provide appropriate information to consumers on the extent of, or limitations to, the evidence of efficacy of complementary medicines. This could be achieved through the provision of appropriate signage within the pharmacy (in the area in which these products are sold), directing consumers to ‘ask the pharmacist for advice’ if required.
The Government has endorsed a regime where pharmacies - increasingly owned by chains - are free to sell what would be acerbically characterised as snake oil on the basis that a pharmacist is on the premises and thus available to answer any question about whether the pills, potion or salve will work.