21 July 2018

Australian General Practice

'Overcoming the data drought: exploring general practice in Australia by network analysis of big data' by Bich Tran, Peter Straka, Michael O Falster, Kirsty A Douglas, Thomas Britz and Louisa R Jorm in (2018) 209(2) Medical Journal of Australia 68-73 reports on investigation of the organisation and characteristics of medical general practice in Australia by applying novel network analysis methods to national Medicare claims data.

The authors analysed Medicare claims for general practitioner consultations during 1994–2014 for a random 10% sample of Australian residents, and applied hierarchical block modelling to identify provider practice communities (PPCs) covering around 1.7 million patients per year.

 They conclude that the number of PPCs fluctuated during the 21-year period; there were 7747 PPCs in 2014. The proportion of larger PPCs (six or more providers) increased from 32% in 1994 to 43% in 2014, while that of sole provider PPCs declined from 50% to 39%. The median annual number of claims per PPC increased from 5000 (IQR, 40–19 940) in 1994 to 9980 (190–23 800) in 2014; the proportion of PPCs that bulk-billed all patients was lowest in 2004 (21%) and highest in 2014 (29%).

Continuity of care and patient loyalty were stable; in 2014, 50% of patients saw the same provider and 78% saw a provider in the same PPC for at least 75% of consultations. The density of patient sharing in a PPC was correlated with patient loyalty to that PPC.

They argue
A strong primary care system that delivers appropriate care at the right time and in the right place is the bedrock of the Australian health care system. General practitioners are the major providers of primary care and serve as gatekeepers to specialist care and other components of the health care system. Almost all GP services are provided privately on a fee-for-service basis. Rebates are provided to patients by the national health insurance scheme according to the Medicare Benefits Schedule (MBS), and patients may seek care from several providers and at multiple locations. However, there is a dearth of information on the organisation and characteristics of Australian general practice. For example, the proportion of general practices that are accredited has not been reported since 2011,1 as the total number of practices is not known. 
Since the final Annual Survey of Divisions (ASD) in 2011–12,2 national data on the structure and characteristics of general practices have not been systematically reported. The Bettering the Evaluation and Care of Health (BEACH) survey3 was the only national study of general practice activity, describing the characteristics and activity of a representative sample (13% of practising GPs), but the program ended in 2016. The Medical Directory of Australia (MDA), published by the Australian Medical Publishing Company (http://www.ampco.com.au/mda-online), publishes estimates of the size of the GP workforce, but their data are based on mailing addresses, which do not necessarily match practice location. The National Health Workforce Dataset (NHWDS) includes data based on a survey voluntarily completed by practitioners during their annual registration, but it focuses on practitioners, not practices. Claims for subsidised services in the MBS are made on the basis of Medicare provider numbers, but, as practice location is not routinely linked, MBS data provide no information about practice activities. 
Efforts to understand the complex determinants of the quality of and variations in health care have led to the emergence of a new research approach, the application of data-driven methods to identifying and characterising networks of health care providers. A network is a set of people or groups of individuals, organisations, or other entities (“nodes”) with a pattern of interactions (“edges”). Administrative claims data have been analysed in the United States to investigate variations in the characteristics of patient-sharing networks,6,7 how these naturally occurring networks of providers are related to variations in health care costs, and quality of care.   
In this article, we report the first study to apply network analysis of national Medicare claims data in Australia to derive provider practice communities (PPCs); that is, groups of providers who share patients with each other to a greater extent than with other provider groups, as in group general practices (although a PPC does not necessarily correspond directly with a specific group practice). Using Medicare claims for the 21-year period 1994–2014 and a novel graph-partitioning algorithm, we examined trends in the number of PPCs and their characteristics, including size, bulk-billing rate, continuity of care, patient loyalty, and patient sharing.
In summary
During 1994–2014, Australian GP practice communities have generally increased in size, but continuity of care and patient loyalty have remained stable. Our novel approach to the analysis of routinely collected data allows continuous monitoring of the characteristics of Australian general practices and their influence on patient care.

18 July 2018

Bad Behaviour and the ACCC

From the recent 'Companies Behaving Badly' speech by ACCC chair Rod Sims
... in reviewing our enforcement activity in April, in just one month alone we saw the following. 
Ford was ordered to pay $10 million in penalties after it admitted that it had engaged in unconscionable conduct in the way it dealt with complaints about PowerShift transmission cars, sometimes telling customers that shuddering was the result of the customer’s driving style despite knowing the problems with these cars. 
Telstra was ordered to pay penalties of $10 million in relation to its third-party billing service known as ‘Premium Direct Billing’ under which it exposed thousands of its own mobile phone customers to unauthorised charges. 
Thermomix paid penalties of over $4.5 million for making false or misleading representations to certain consumers through its silence about a safety issue affecting one of its products which the company knew about from a point in time. 
Flight Centre was ordered to pay $12.5 million in penalties for attempting to induce three international airlines to enter into price fixing agreements 
a second Japanese shipping company, K-Line, pleaded guilty to criminal cartel conduct concerning the international shipping of cars, trucks and buses to Australia 
proceedings against Woolworths were instituted alleging that the environmental representations made about some of its home brand picnic products were false, misleading and deceptive. 
And unfortunately, this is just the tip of the iceberg. 
Earlier this year, the Federal Court found that the food manufacturer Heinz had made misleading claims that its Little Kids Shredz products were beneficial for young children, when they contained approximately two-thirds sugar. 
Who could forget the infamous marketing of Reckitt Benckiser who made misleading representations on the packaging of each of its four Nurofen Specific Pain products? They represented that each was specifically formulated to treat a particular type of pain when in fact each product contained the same active ingredient and was no more effective at treating the type of pain than any of the other Nurofen Specific Pain products. The key difference was that the specific pain products were near double the price of the standard Nurofen product. 
Hotel giant Meriton was caught out recently taking deliberate steps to prevent guests it suspected would give an unfavourable review from receiving TripAdvisor’s ‘Review Express’ prompt email, including by inserting additional letters into guests’ email addresses so that their email addresses would not be correct. The Court found this to be a deliberate strategy by Meriton to minimise the number of negative reviews Meriton’s guests posted on TripAdvisor. 
Recently Optus Internet admitted it made misleading representations to around 14,000 customers about their transition to the NBN, including stating that their services would be disconnected (in as little as 30 days in some cases) if they did not move to the NBN when under its contracts they could not force disconnection within the timeframe claimed. 
Pental also recently admitted that it made misleading representations about its White King ‘flushable’ cleaning wipes saying that they would disintegrate in the sewerage system when flushed, just like toilet paper, when Australian wastewater authorities face significant problems because they can cause blockages in sewerage systems. We have a similar case against Kimberly-Clarke still being contested before the Court. 
We have seen more bad behaviour in the education sector in recent years than you would hope to see in a lifetime. In one case, Acquire Learning and Careers was ordered to pay penalties of $4.5 million for its tactics in pressuring consumers to enrol in vocational training. The Court found its model was based on maximising the number of enrolments it was able to achieve for its clients and thereby maximising the fees payable to it. The judge said its activities resembled those of an unscrupulous ‘fly-by-night operation’ rather than those of a prominent and market leading provider of student recruitment services, as it described itself. 
A few years ago the companies behind Bet365 paid penalties of $2.75 million for its ‘free bets’ offer in which it failed to make clear that in order to receive the represented $200 free bet offer, new customers were required to deposit and then gamble $200 of their own money first. 
And too many large companies continue to mislead consumers about their fundamental consumer guarantees which provide for refunds, replacement or repair when a good is faulty. 
For example, following the so-called ‘error 53’ which disabled some iPhones and iPads, Apple Inc admitted it misrepresented to a number of Australian customers that they were no longer eligible for a remedy if their device had been repaired by a third party, often with a low cost screen replacement. Apple Inc was ordered to pay $9 million in penalties.   
At the end of last year, the Full Federal Court upheld the finding against Valve, one of the world’s largest online video game retailers, that it had made misleading representations about consumer guarantees. 
And it is not just consumers who are subjected to bad behaviour from big companies.

Welfare Cards

The ANAO report on The Implementation and Performance of the Cashless Debit Card Trial considers implementation and evaluation of the Cashless Debit Card trial by the Department of Social Services.

The ABC astringently reports 'Cashless welfare audit finds data on effectiveness severely flawed, but Government maintains scheme is working', going on to comment
The report said it was "difficult to conclude" whether there had been a reduction in social harm, such as alcoholism and violence, because there was a "lack of robustness in data collection". 
It pointed to missing data as part of the problem, such as hospital admission figures for Kununurra and Wyndham. 
The audit office also conducted some of its own analysis and came up with different figures to what the Social Services Minister was told. 
For example, the minister was advised that there were fewer ambulance call-outs in September 2016 compared to the previous year. However, when ANAO took seasonality into account and analysed the data over a longer period, it found a 17 per cent increase in call-outs between April and October 2016 compared to the previous year. 
It was a similar story with school attendance. The minister was told there was an increase, but ANAO analysis found it dropped for Indigenous students after the implementation of the trial.
The actual report states
Welfare quarantining, in the form of income management, was first introduced in 2007 as part of the Australian Government’s Northern Territory National Emergency Response. 
The aim of income management is to assist income support recipients to manage their fortnightly payments — such as Newstart/Youth Allowance, parenting or carer payments, and the Disability Support Pension — for essentials like food, rent and bills. 
On 1 December 2014, the Government agreed to trial a new approach to income management — the Cashless Debit Card (CDC), in Ceduna and the East Kimberley. The Cashless Debit Card Trial (CDCT or the trial) aimed to: test whether social harm caused by alcohol, gambling and drug misuse can be reduced by placing a portion (up to 80 per cent) of a participant’s income support payment onto a card that cannot be used to buy alcohol or gambling products or to withdraw cash; and inform the development of a lower cost welfare quarantining solution to replace current income management arrangements. 
On 14 March 2017, the Minister for Human Services and the Minister for Social Services announced the extension of the trial in Ceduna and the East Kimberley for a further 12 months. In addition, funding was allocated as part of the 2017–18 Budget to trial the CDC in two new locations with the Government announcing in September 2017 that the CDC would be delivered to the Goldfields region of Western Australia and also to the Hinkler Electorate (Bundaberg and Hervey Bay Region) in Queensland. 
Subsequently, the Social Services Legislation Amendment (Cashless Debit Card) Act 2018 received royal assent on 20 February 2018. The amendments restricted the expansion of the CDC, with the cashless welfare arrangements continuing to 30 June 2019 in the current trial areas of East Kimberley and Ceduna, with one new trial site in the Goldfields. 
Rationale for undertaking the audit 
Recent ANAO audits have highlighted the need for entities to articulate mechanisms to determine whether an innovation is successful and what can be learned to inform decision making regarding scaling up the implementation of that innovation. The CDCT was selected for audit to identify whether the Department of Social Services (Social Services) was well placed to inform any further roll-out of the CDC with a robust evidence base. Further, the audit aimed to provide assurance that Social Services had established a solid foundation to implement the trial including: consultation and communication with the communities involved; governance arrangements; the management of risks; and robust procurement arrangements. 
Audit objective and criteria 
The objective of the audit was to assess the Department of Social Services’ implementation and evaluation of the Cashless Debit Card Trial. 
To form a conclusion against the audit objective, the ANAO adopted the following high level audit criteria: Appropriate arrangements were established to support the implementation of the Cashless Debit Card Trial. The performance of the Cashless Debit Card Trial was adequately monitored, evaluated and reported on, including to the Minister for Social Services. 
Audit methodology 
The audit methodology included: examining and analysing documentation relating to the implementation, risk management, monitoring and evaluation for the Cashless Debit Card Trial; and interviews with key officials in the departments of Social Services and Prime Minister and Cabinet and with external stakeholders including Indue Limited (Indue), ORIMA Research (ORIMA), Community Leaders, Local Partners and others in the trial sites. 
The Department of Social Services largely established appropriate arrangements to implement the Cashless Debit Card Trial, however, its approach to monitoring and evaluation was inadequate. As a consequence, it is difficult to conclude whether there had been a reduction in social harm and whether the card was a lower cost welfare quarantining approach. 
Social Services established appropriate arrangements for consultation, communicating with communities and for governance of the implementation of CDCT. Social Services was responsive to operational issues as they arose during the trial. However, it did not actively monitor risks identified in risk plans and there were deficiencies in elements of the procurement processes. 
Arrangements to monitor and evaluate the trial were in place although key activities were not undertaken or fully effective, and the level of unrestricted cash available in the community was not effectively monitored. Social Services established relevant and mostly reliable key performance indicators, but they did not cover some operational aspects of the trial such as efficiency, including cost. There was a lack of robustness in data collection and the department’s evaluation did not make use of all available administrative data to measure the impact of the trial including any change in social harm. Aspects of the proposed wider roll-out of the CDC were informed by learnings from the trial, but the trial was not designed to test the scalability of the CDC and there was no plan in place to undertake further evaluation.
Other findings are
Implementation of the Cashless Debit Card Trial 
Social Services conducted an extensive consultation process with industry and stakeholders in the trial sites. A communication strategy was developed and implemented which was largely effective, although Social Services identified areas for improvement in future rollouts. 
There were appropriate governance arrangements in place with clearly defined roles and responsibilities across key departments and stakeholders for reporting and oversight of the CDCT. 
Social Services demonstrated an integrated approach to risk management across the department linking enterprise, program and site-specific risk plans. While a CDCT program risk register was developed, the identified risks were not actively managed, some risks were not rated in accordance with the Risk Management Framework, there was inadequate reporting of risks and some key risks were not adequately addressed by the controls or treatments identified. In particular, treatments were inadequate to address evaluation data and methodology risks that were ultimately realised. Social Services managed and effectively addressed operational issues as they arose. 
Aspects of the procurement process to engage the card provider and evaluator were not robust. The department did not document a value for money assessment for the card provider’s IT build tender or assess all evaluators’ tenders completely and consistently. 
Social Services effectively established or facilitated arrangements to deliver local support to CDCT communities, although there were delays in the deployment of additional support services. As part of the CDCT, Social Services also trialled Community Panels and reviewed their effectiveness to inform broader implementation. 
Performance monitoring, evaluation and reporting 
A strategy to monitor and analyse the CDCT was developed and approved by the Minister. However, Social Services did not complete all the activities identified in the strategy (including the cost-benefit analysis) and did not undertake a post-implementation review of the CDCT despite its own guidance and its advice to the Minister that it would do a review. There was scope for Social Services to more closely monitor vulnerable participants who may participate in social harm and their access to cash. 
Key performance indicators (KPIs) developed to measure the performance of the trial were relevant, mostly reliable but not complete because they focused on evaluating only the effectiveness of the trial based on its outcomes and did not include the operational and efficiency aspects of the trial. There was no review of the KPIs during the trial and KPIs have not been established for the extension of the CDC. 
Social Services developed high level guidance to support its approach to evaluation, but the guidance was not fully operationalised. Social Services did not build evaluation into the CDCT design, nor did they collaborate and coordinate data collection to ensure an adequate baseline to measure the impact of the trial, including any change in social harm.   
Social Services regularly reported on aspects of the performance of the CDCT to the Minister but the evidence base supporting some of its advice was lacking. Social Services advised the Minister, after the conclusion of the 12 month trial, that ORIMA’s costs were greater than originally contracted and ORIMA did not use all relevant data to measure the impact of the trial, despite this being part of the agreed Evaluation Framework. 
Social Services undertook a review and reported to the Minister on a number of key lessons learned from the 12 month trial of the CDC. Learnings about the effectiveness of the Community Panels were based on the number of applications received and delays in decision making, rather than from the evaluation findings that noted a delay in the establishment of the Community Panels and a lack of communication with participants. The 12 month trial did not test the scalability of the CDC but tested a limited number of policy parameters identified in the development of the CDC. Many of the findings from the trial were specific to the cohort (predominantly indigenous) and remote location, and there was no plan in place to continue to evaluate the CDC to test its roll-out in other settings.
The ANO makes the following recommendations
1  Social Services should confirm risks are rated according to its Risk Management Framework and ensure mitigation strategies and treatments are appropriate and regularly reviewed.  
2  Social Services should employ appropriate contract management practices to ensure service level agreements and contract requirements are reviewed on a timely basis. 
3  Social Services should ensure a consistent and transparent approach when assessing tenders and fully document its decisions. 
4  Social Services should undertake a cost-benefit analysis and a post-implementation review of the trial to inform the extension and further roll-out of the CDC. 
5  Social Services should fully utilise all available data to measure performance, review its arrangements for monitoring, evaluation and collaboration between its evaluation and line areas, and build evaluation capability within the department to facilitate the effective review of evaluation methodology and the development of performance indicators. 
.6  Social Services should continue to monitor and evaluate the extension of the Cashless Debit Card in Ceduna, East Kimberley and any future locations to inform design and implementation.

Transparency and the Data Producer's Right

Reading 'The Many Dimensions of Transparency: A Literature Review' by Daniel Wyatt before I go off to two days of internet governance and open government meetings

Wyatt comments
This paper presents, from the perspective of a legal academic, an overview of the literature produced by political theorists and scientists on the topic of transparency. The purpose of this overview is that although legal academics that deal with this topic are generally comfortable with the ins and outs of the legislative frameworks that give life to the concept—for example the UK’s freedom of information law or the EU’s public access to documents regulation—they tend to be less clear about the theoretical underpinnings and real-world manifestations of increased transparency. Given that legal academia is ill-equipped to respond to such concerns, recourse must therefore be had to literature in the political sciences on the topic. 
To achieve the paper’s modest goal, numerous posited definitions of transparency are first outlined. Secondly, transparency’s relationship with the concepts of accountability, legitimacy and trust are then discussed. Finally, the potentially ‘negative’ aspects of the concept are analysed, for example that increased transparency leads to extreme position-taking in decision-making institutions or to decreased efficiency of decision-making processes. The ultimate conclusion of the paper is that transparency is still a vaguely understood and largely under-researched concept—particularly from an empirical perspective—and that its operation is almost entirely context-bound.
'Data Producer's Right in the Platform Economy' by Peter K. Yu in (2018) 15 Medien und Recht International comments
In October 2017, the European Commission advanced a proposal for the creation of a new data producer's right for non-personal, anonymized machine-generated data. Driven in large part by the automotive industry, this proposal has thus far attracted considerable criticisms. While commentators have questioned whether the proposed right is needed in the first place, the EU proposal has also generated more questions than answers. 
Written for a special issue on the "Legal Implications of the Platform Economy," this essay begins by revisiting the debate on sui generis database protection in both the Europe Union and the United States. It then discusses the many difficult policy questions that policymakers will have to address before they can create the new right. The essay concludes by examining four additional complications that may make it difficult to develop a coherent body of laws to govern the emerging and fast-changing data economy.

17 July 2018


Vulnerability as a Category of Historical Analysis: Initial Thoughts in Tribute to Martha Albertson Fineman' by Deborah Dinner in (2018) 67(6) Emory Law Journal 1149 offers
some initial thoughts about the significance of vulnerability theory as a category of analysis in legal history. Vulnerability theory is centrally concerned with how the state should respond to the inevitability of change over time in individual, social, institutional, and environmental circumstances. Vulnerability theory thus suggests that the law must account for temporality, making legal history central to the project of legal theory. To develop this insight, I use an illustrative example from my own scholarship: the legal construction and obfuscation of vulnerability in the U.S. welfare regime.
Diner comments
Over the last decade, Professor Fineman has turned her attention to one such negative space: vulnerability in the human condition. In 2008, she published 'The Vulnerable Subject: Anchoring Equality in the Human Condition'. This essay, since cited by more than 150 law-review articles and countless book chapters, presented Fineman’s critique of the limits of antidiscrimination law and argued that recognition of universal human vulnerability should serve as the ethical foundation for a more responsive state. In the last decade, vulnerability theory has evolved considerably, but I will start my remarks with a brief overview of this landmark essay. 
Fineman’s piece starts with a familiar critique: that the formal conception of equality in U.S. antidiscrimination law — same treatment for similarly situated individuals — has proved wholly inadequate either to challenge structures of subordination or to remedy socioeconomic inequality. She draws attention to the way in which the rhetorical prominence of antidiscrimination, as our legal culture’s dominant frame for justice and injustice, reinforces the perceived legitimacy of a restrained state. Putting a twist on our understanding of the public–private divide, she argues that the contemporary state has not withered. Rather, the state refrains from using its formidable coercive authority to guarantee substantive equality. 
The essay then proceeds to chart wholly new territory in legal scholarship: universal and constant human vulnerability. Of crucial importance, Fineman departs from the popular conception of vulnerability as signaling the “victimhood, deprivation, dependency, or pathology” of particular groups. Rather, the essay advances the radical notion that vulnerability is a universal and constant aspect of the condition. Vulnerability, she explains, “should be understood as arising from our embodiment,” which carries with it the capacity for “harm, injury, and misfortune . . . whether accidental, intentional, or otherwise.” Vulnerability also stems from individuals’ differential location in social, economic, and political institutions. For this reason, while vulnerability is universal, Fineman reasons, its manifestations in specific individuals’ experiences are particular and varying. 
In my own view, Fineman’s thoughts about the simultaneous universality and particularity of vulnerability offer fruitful terrain for further scholarship. Scholars may explore the points of overlap and departure between Fineman’s theory and critical-race and feminist theories. The latter view vulnerability as institutionally produced and, generally, challenge universalist theories as insufficiently attentive to the construction and deployment of power. It seems that these two approaches to vulnerability may be compatible—a view that should not be surprising given the long and profound role Fineman has played in the development of critical theory within the legal academy. Existential vulnerability, if understood as particular in its manifestation, may support theoretical insights into the institutional production of vulnerability. Fineman and critical theorists of vulnerability similarly highlight the ways in which both state and civic society institutions construct privilege and disadvantage. Indeed, Fineman herself argues that it is not identity traits, themselves, that produce inequality. Rather, “systems of power and privilege . . . interact to produce webs of advantages and disadvantages.” 
Fineman’s project, however, is ultimately constructive rather than critical.  In keeping with her laudable pragmatism, Fineman’s theory calls for a responsive state that promotes both human and institutional resilience. Vulnerability theory argues that the state has a responsibility to promote resilience by facilitating the just distribution of physical assets such as material resources, human assets such as education and health care, and social assets such as strong, functional families and communities. For the purposes of this Essay, however, I will focus on the concept of human vulnerability rather than its cognate—resilience. 
Even at this early stage, the reader might wonder: why does the author, whose primary intellectual identity lies within the field of legal history, find this particular piece of legal theory so compelling? Here is the answer: Fineman’s theory is of considerable interest to legal historians because it is fundamentally concerned with how we should re-theorize law given the inevitability of change over time. I take the occasion of this tribute issue honoring Martha Albertson Fineman’s oeuvre to outline some ideas about the significance of vulnerability theory as a category of analysis in legal history. To begin, vulnerability theory makes historical analysis critical to law by placing historical change (and not just originalist inquiry) at the core of legal analysis. Vulnerability theory draws our attention to the fact that human beings are constantly susceptible to change, both positive and negative, in our bodily, social, and environmental circumstances. Vulnerability theory, therefore, reconceives the universal political–legal subject as dynamic rather than static, materially fragile, and socially interdependent. Vulnerability theory is thus well-suited to legal history because it foregrounds temporality as a means to understand social experience as well as institutional arrangements under law. The theory demonstrates that any theory of social justice must account for change over time. 
Even as it demonstrates the relevance of temporality for legal theory, vulnerability theory demands that historians pay greater attention to the persistence of enduring and constant human needs across time. Over the last three decades, critical-race and feminist theory has informed historical scholarship by showing how ideas about identity and difference have structured social–legal institutions. Vulnerability theory, I would argue, challenges historians to examine how history is shaped, too, by what Fineman terms inevitable, biological dependency across the life course as well as the derivative dependency of caregivers. These existential characteristics have provoked varied and shifting institutional and legal responses over time. 
The question for legal historians is how and why law has constructed and reconstructed the institutional arrangements of dependency. Accordingly, recognition of vulnerability can offer new ways to organize historical periodization and theories of causation. This Essay uses an illustrative example from my own scholarship to demonstrate the capacity for vulnerability theory to enrich legal history. It analyzes the legal construction and obfuscation of vulnerability in the U.S. “welfare regime”: the public as well as private arrangements that order social provisioning. As a short Essay meant to provoke rather than to answer questions, the piece is necessarily cursory in its treatment of historical causation, controversies, and patterns. First, I outline the relationship between gender and vulnerability in the liberal welfare regime, premised on concepts of feminine vulnerability and masculine independence. Second, I discuss the ways in which the neoliberal welfare regime assumes invulnerability: it valorizes sex neutrality, while reinforcing private responsibility for dependency. Third, I use vulnerability theory to help illuminate a historical path not taken: the transformation of the welfare regime according to the model of the universal, interdependent caregiver rather than the universal, autonomous breadwinner. Throughout this brief exposition, I endeavor to explain how Fineman’s theoretical insights inform my own methodology and analysis as a legal historian.

Australian Consumer Privacy Perceptions

The Consumer Policy Research Centre report Consumer data and the digital economy: Emerging issues in data collection, use and sharing calls for placing consumers in the driver’s seat to ensure significant benefit and innovation can flow from open data.

Salient findings are
95% wanted companies to give options to opt out of certain types of information collected about them, how it can be used and/or what can be shared with others
91%  agreed that companies should only collect the information currently needed to provide the service 
When asked ‘what data/information would you be uncomfortable with companies sharing with third parties for purposes other than delivering the product or service’, the four highest- ranking answers were:
  • Phone contacts (87%) 
  • Your messages (86%) 
  • Device ID (84%) 
  • Phone number (80%) 
Of the Australians surveyed who reported reading a Privacy Policy or Terms and Conditions for one or more services/products in the past 12 months: 67% indicated that they still signed up for one or more products even though they did not feel comfortable The most common reason (73% ) for accepting privacy policies with which consumers were not comfortable was that it was the only way to access the product or service 
Consumers surveyed found it unacceptable for companies to:
  • Charge different consumers different prices based on their (data) profile (88%) 
  • Collect data about them without their knowledge to assess eligibility or exclude from a loan or insurance (87%) 
  • Use payment behaviour data to exclude from certain essential products and services (82%)
73% believe Government should ensure companies give consumers options to opt out of what data they provide, how it can be used and if it can be shared 
67% believe Government should develop protections to ensure consumers are not unfairly excluded from essential products or services based on the data or profile.
The authors note
Australians are spending more of their lives online. 87% were active internet users in 2017 , more than 17 million use social networking sites , and 84% of Australians are now buying products online. 
Big Data is big business. In 2018 alone, revenue from the Big Data software market was estimated at $42 billion. The introduction of the General Data Protection Regulation now provides EU consumers with new protections including greater transparency and control of data being collected about them by companies.
They argue that although  establishment of the Consumer Data Right is 'a step in the right direction, it currently falls short of economywide protections for Australian consumers whose data is being collected, shared and used on a daily basis'.

The report highlights policy implications
Building consumer trust and confidence to participate in the digital economy. 
Policy and regulatory settings must ensure that consumers can build trust through their participation in the digital economy. This will be central to the sustainable development of innovative technologies that are dependent on data collection. The United Kingdom’s Competition and Market Authority provides useful guidance for businesses and government on the elements of consumer data use practices that support well-functioning markets; which includes:
  • Consumers know when and how their data is being collected and used; and have some control over whether and how they participate. 
  • Businesses are using the data to compete on issues that matter to the consumer. 
  • The use of consumer data benefts both consumers and businesses. 
  • Rights to privacy is protected through the regulation of data collection and use. › There are effective ways to fairly manage non-compliance with regulation. 
Consumers need to be provided with genuine choice and control over collection, sharing and use 
Reforms to ensure that consumers are put in the driver’s seat when it comes to their own data are critical. Protections and regulations that are reliant on a consent model must ensure consumers genuinely comprehend and have choice over the type of data being collected, who it is being shared with and for what purpose. 
Comprehension testing and behavioural research should inform consent requirements. Essential elements of any consent regime must ensure that the consent provided is:
  • Expressed – the controller must be able to demonstrate that consent was given. 
  • Specifc to purpose (unbundled with other matters). 
  • Easy to understand (written in clear and plain language). 
  • Easily accessible 
  • Able to be withdrawn (as easily as it is to give consent). 
  • Freely given (not conditional if the data is not necessary for the provision of the service). 
Ensuring consumers’ right to privacy is adequately protected 
Experts caution against a wholly self-management approach to privacy. 
A balanced approach includes: having a definition for valid consent; developing practical mechanisms for people to manage their privacy for all entities, rather than micro-managing each; adjustment of time and focus of privacy law to provide guidance on types of uses at the time they are proposed; and the law to develop a code of basic privacy norms. 
Privacy by Design principles can be also applied by businesses and regulators to protect consumer privacy during the design phase, and throughout the lifecycle of any product 
Greater transparency of, and access to data and profiles 
Enabling greater transparency and access to the scores and profiles that are being built of consumers can help to avoid incorrect, biased and potentially discriminatory practices. Without transparency for consumers as to what data may have been used as an input to a company making a decision, they are unable to either challenge the outcome nor change their behaviour in the future to achieve a different outcome. To ensure algorithms and scores are not discriminatory, regulators can increase monitoring, auditing and assessment powers. 
Examples of algorithmic auditing and assessment services emerging internationally include bias check services established by the Algorithmic Justice League and ORCAA established by mathematician Cathy O’Neil for companies to test the fairness of the algorithms they are using. 
Strengthening regulatory monitoring and intervention powers 
The evolution of technology and machine-learning practices require a significant shift in capability, skills and monitoring powers within regulators. 
It is critical that regulators are adequately resourced and skilled to keep pace with new technologies and practices. They also need to be armed with sufficient discovery powers to identify potentially discriminatory or predatory lending behaviours, based on profiling practices, and to audit or assess algorithms. 
This will require investment in new skills, systems and people to keep pace with a fast-moving commercial environment. Ensuring the academic and community sector are also suffciently resourced to engage in policy and regulatory development processes will be key during this economy-wide shift in the operation of our markets.

13 July 2018

Smith Review on APS Security

The Department of the Prime Minister and Cabinet (PMC) has released the report by Ric Smith AO PSM on his review of the Department's 'security procedures, practices and culture, including the implications for the Australian Public Service more broadly'. It

The review followed publication by the ABC of a webpage called "The Cabinet Files", which featured a series of classified Commonwealth documents provided by a third party, reportedly found in a locked filing cabinets at a second-hand furniture shop in Canberra. Publication occasioned much schadenfreude across the APS.

The ABC comments 'Hundreds of top-secret and highly classified cabinet documents have been obtained by the ABC following an extraordinary breach of national security'.
The Cabinet Files is one of the biggest breaches of cabinet security in Australian history and the story of their release is as gripping as it is alarming and revealing. 
It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys. They were purchased for small change and sat unopened for some months until the locks were attacked with a drill. Inside was the trove of documents now known as The Cabinet Files. 
The thousands of pages reveal the inner workings of five separate governments and span nearly a decade. 
Nearly all the files are classified, some as "top secret" or "AUSTEO", which means they are to be seen by Australian eyes only. 
But the ex-government furniture sale was not limited to Australians — anyone could make a purchase. 
And had they been inclined, there was nothing stopping them handing the contents to a foreign agent or government.
The Australian Federal Police (AFP) lost nearly 400 national security files in five years, according to a secret government stocktake contained in The Cabinet Files. 
The Department of Prime Minister and Cabinet regularly audits all government departments and agencies that have access to the classified documents to ensure they are securely stored. 
The missing documents are not the same files the ABC has obtained. 
The classified documents lost by the AFP are from the powerful National Security Committee (NSC) of the cabinet, which controls the country's security, intelligence and defence agenda. 
The secretive committee also deploys Australia's military and approves kill, capture or destroy missions. 
Most of its documents are marked "top secret" and "AUSTEO", which means they are to be seen by Australian eyes only.
The Department states it referred the matter to the Australian Federal Police for investigation into how these documents left the Commonwealth's possession; it is reasonably evident that the documents came from within PMC.

The Terms of Reference for the Smith review were
At 12 noon on Wednesday 31 January, the ABC published a webpage called "The Cabinet Files". The webpage referenced a series of classified Commonwealth documents provided to the ABC by a third party, reportedly following the purchase of locked filing cabinets at a second-hand furniture shop in Canberra. 
The Secretary of the Department of the Prime Minister and Cabinet (PMC) has referred this matter to the Australian Federal Police (AFP) for investigation into how these documents left the Commonwealth's possession. The Secretary has confirmed that it is reasonably evident that the documents came from within PMC. 
As part of the response to this incident, the Secretary has commissioned Mr Ric Smith AO PSM to undertake an independent review of PMC's security procedures, practices and culture, including the implications for the Australian Public Service more broadly. 
In order for it to effectively discharge its responsibilities, it is critical that the Australian Public Service appropriately safe guards all official information, to ensure its confidentiality, integrity, and availability. 
The review will make recommendations to ensure that PMC safeguards official information in an appropriately secure and practical manner that reflects the trust and confidence placed in them by the Government and the Opposition of the day, and will address the implications of these findings for the Australian Public Service. In particular, the review will consider PMC's security procedures, practices and culture, including:
• PMC practices, systems and documented procedures for handling, storing, disposing of and providing access to official information, as well as the safe guarding and disposal of assets used to store official information; 
• the effectiveness of these procedures in responding to staff movements and in different working environments; and 
• the formal and informal security culture within PMC, including ­ internal communication and training regarding security, and ­ the awareness, behaviours and attitudes of staff towards proper security.
The review will also address the implications of its findings on these matters for the broader Australian Public Service.
The 42 page report states
The incident that triggered this Review would have been very serious for any Public Service agency but was especially so for the Department of the Prime Minister and Cabinet (PMC) given its position at the apex of Commonwealth agencies. 
In commissioning this Review, the Secretary of the Department recognised the gravity of the incident and sought advice on measures that needed to be taken to optimise protective security management in the Department. 
The incident was investigated by the Australian Federal Police (AFP), whose report identified ‘human errors in the record keeping, movement, clearance and disposal of document storage containers by PMC in 2016 rather than a deliberate unauthorised disclosure’. 
This Review concluded that the Department should strengthen the high-level governance of its protective security responsibilities, and demand a more robust security culture in the organisation. While the Department’s procedures, protocols and guidelines are generally sound, they are in need of updating and modernising in response inter alia to its fast changing working environment. The shortcomings reflected in the incident which triggered this Review should be addressed through the revision of procedures, protocols and guidelines and through more targeted training programs. 
‘Protective security’ is a term which embraces the security of people, assets, systems, information and documents. Breaches of protective security may arise from activities or failures across a wide spectrum – ranging from espionage to carelessness and error, to assault on individuals, and attacks on property and assets. While the impact of breaches can be especially severe at the level of National Security, the importance of failings at any level should not be underestimated. They can affect government efficiency and inhibit frank consideration of policy or operational options. They can also erode confidence in the Public Service within both the Government and the Opposition, in the Australian community at large and among foreign governments with whom Australia works. Protective security is therefore critical to the functioning of government. 
In addressing its Terms of Reference, this Report describes the environment in which protective security must be managed within PMC (Chapter 1) and then, in order, describes and makes recommendations about:
• the protective security governance arrangements in place in PMC (Chapter 2), 
• the existing documentation in PMC, including practices, systems and procedures relating to protective security (Chapter 3) 
• PMC’s culture in regard to protective security and its relevant training programs (Chapter 4), and 
• the implications of the recent incident for the broader Public Service, including lessons that might be drawn from the Review for other agencies (Chapter 5).
 It goes on to make the following recommendations
Chapter One: PMC’s operating environment 
1. PMC's risk management framework should clearly identify the risks associated with the Department's unusually complex operating security environment. 
2. As a matter of risk management, all staff joining PMC at the level of EL2 and above, or promoted to those levels, should be briefed on the complexity of the Department's working environment and the level and nature of the risk they, as managers, are responsible for managing. 
3. A further review should be undertaken after 12 months to confirm that the agreed recommendations in this Report have been implemented and, to the extent possible, to measure their effectiveness. 
Chapter Two: Protective Security Governance arrangements 
4. Protective security should be specified as one of the whole-of-department responsibilities of Deputy Secretary Governance, who should attend the quarterly meetings of the Government Security Committee which is chaired by the Attorney-General's Department, with Deputy Secretary National Security attending National Security related meetings as appropriate. 
5. The Executive Board should consider regular, say monthly, compliance or breach reports prepared jointly by the IT Security Advisor (ITSA) and Agency Security Advisor (ASA), including data on breaches and security waivers, recording any incidents of particular concern and explaining the remedial action taken. 
6. To facilitate security compliance reporting to the Executive Board, processes for recording security breaches should be improved as soon as practicable to ensure robust security data is collected to enable comparisons over time and between work units. 
7. This data should be used to ensure that staff who incur breaches are actively counselled. A staff member who incurs two breaches in a Performance Agreement year should be counselled by a First Assistant Secretary. Three breaches in a year should lead to counselling by the Secretary or Deputy Secretary, and should trigger a review of the staff member's security clearance. 
8. In anticipation of a recommendation from a current review of the Protective Security Policy Framework (PSPF), PM&C should nominate the head of Corporate Division as Chief Security Officer, responsible for both ICT and non ICT security. 
9. Corporate Division should prioritise the completion of an integrated, real-time framework to link staff profiles and movements (e.g. onboarding, leave, promotion, temporary secondments, and exit) with asset registers including responsibility for individual containers, the assignment of digital devices, and other PMC records. 
10. The 'clear desk' policy required in the Department's Protective Security Plan should be enforced, and security staff clearly mandated to record and report breaches. 
Chapter Three: PMC’s documented practices, systems and procedures 
11. PM;C's Protective Security Plan (the Plan) and its supporting policies, protocols and guidelines should be updated as a matter of urgency to reflect Machinery of Government changes since 2015, lessons learned from the recent incident, increased digitalisation and changes in office configurations following from the implementation of 'Working Your Way'. 
12. The revision of the Plan and its supporting documents should aim for coherency and consistency across the Department's policies and procedures; avoid duplication; ensure that the revised documents are both clear and accessible; and distinguish clearly between those areas in which high-level principles are sufficient and those in which compliance-based directions are necessary. 
13. New and specific requirements to the disposal and relocation of security containers should be implemented with immediate effect. Detailed recommendations are set out in the Annex of Chapter 3. 
14. Consideration should be given to whether secure containers should simply be destroyed, that is transferred to a scrap metal dealer, with drawers removed, rather than passed to agents for public sale at the end of their useful life. 
Chapter Four: Culture, training and behaviours 
15. The Secretary and Deputy Secretaries should lead in raising awareness and accountabilities for security across the PMC network, including by using opportunities in their weekly communication with staff. 
16. All Canberra-based new starters should be required to undertake face-to-face security training within the first week of starting at PMC, including IT security, Physical and Personnel security, and storage and handling of Cabinet documents. 
17. All staff in the regional network should be required to complete mandatory online induction training within a week. 
18. In parallel, a PMC team, comprising Learning and Development staff and security personnel, should regularly evaluate the effectiveness of the Department's security training, including assessing the value of face to face training versus e learning modules and training. 
19. PMC's Security section should initiate random but frequent internal security checks, and periodic independent audits of staff security, with an emphasis on the storage of classified information. The outcomes of regular audits should inform targeted areas for further training and nudges. 
20. The ASA and the ITSA should consider working with the Behavioural Economics Team of the Australian Government to assess options for increasing security awareness at key points in information and document management processes. 
21. The redesign of PMC's working environments (physical and virtual), including the transition to Working Your Way, must be accompanied by a. an assessment of the implications of environmental changes, including the centralisation of key facilities such as shredders and storage facilities; b. enhanced promotion of advice for staff accessing PMC resources on mobile devices in public spaces. 
22. Consideration should be given to nominating 'Security Champions' in branches to help grow the security culture and establish a continuous line of communication with the ASA and ITSA. 
Chapter Five: Implications for the Australian Public Service 
23. Secretaries and agency heads should be advised to review protective security management arrangements in their agencies, paying particular attention to higher level governance and to ensuring an appropriate security culture. 
24. In addition to agencies' annual compliance reports, reports resulting from investigations or inquiries into significant security incidents in agencies should be passed to the Attorney-General's Department (AGD), redacted to exclude names and other personal or sensitive information; and AGD should use these reports and the agency compliance reports to develop an annual assessment for the Attorney-General about the 'protective security hygiene' of Commonwealth agencies. 
25. AGD should be asked to engage regularly with 'security executives' or ASAs to enable exchanges of information about developments in the area of non-IT protective security and to share 'lessons learned' from any investigations, reports or reviews in the area of protective security. 
26. The Australian Signals Directorate (ASD) should be asked to facilitate exchanges of information about cyber security and risk assessments to support greater alignment of risk and planning across agencies. 
27. AGD should be asked to survey suitable protective security courses and security training services, including but not limited to courses offered through Registered Training Organisations, and ask agency heads to review the training needs of their staff in this area. 
28. Protective security should be routinely included as a standing item on the agenda for Secretaries' Board meetings to enable the Secretary of AGD to report significant incidents and other matters of non-compliance with the PSPF, and to enable the Secretary of PMC to advise Secretaries on matters relating to agencies' handling of Cabinet documents.

Procreative Liberty

Privatizing Procreative Liberty in the Shadow of Eugenics' by Dov Fox in (2018) Journal of Law and the Biosciences comments 
John Robertson is renowned for the theory of ‘procreative liberty’ that he expounded in his pioneering book, Children of Choice. Procreative liberty captures the ‘freedom to reproduce without sex’ above and beyond the ‘freedom to have sex without reproduction’ that are recognized by constitutional rights to abortion and birth control. Most controversial among Robertson's work on procreative liberty was its application to prenatal selection. Unless the state had very good reasons, he argued, people should be free to access reproductive medicine or technology to have a child who or would be born with particular traits. Prospective parents in the USA today face no official limits in using sperm banks, egg vendors, IVF clinics, or surrogacy agencies with an eye toward choosing for certain characteristics. But should they be protected, this essay asks, when mix-ups or misdiagnoses thwart the selection of offspring traits? The best answer to this question extends the theory of procreative liberty from government restrictions to professional negligence. It also demands sensitivity to genetic uncertainty, the limits of private law, and the history of eugenics in America.
Fox states
“Procreative liberty” draws life from the constitutional rights to access birth control and abortion. The U.S. Supreme Court has designated those practices among the handful of fundamental rights—like freedom of thought and movement—that demand the greatest measure of protection against government intrusion. So federal and state actors can’t ban contraception or abortion without the strongest possible justification. But neither right entitles a woman who can’t afford them to the “financial resources” they’d need “to avail herself of” those otherwise “protected choices.” These rights paradigmatically target the decision to prevent or end an unwanted pregnancy. But they also empower individuals to achieve wanted parenthood by refusing contraception or abortion. The Court articulated these rights in not just negative but positive terms: “to accomplish . . . conception”; “to conceive and to raise one’s children”; “whether to bear or beget.” Robertson argued such protections should extend to reproduction with assistance from donors, surrogates, or technology. But he appreciated that the landmark privacy cases allow this broader reach just as surely as they don’t compel it. Indeed, the Supreme Court hasn’t yet spoken to the involvement of third parties in reproductive rights. And state courts for their part almost always decline invitations to enlarge those rights beyond government restrictions on abortion and birth control. They’ve upheld restrictions on reproduction, for example, that range from probate conditions that forbid procreation and judicial orders barring drug-using parents from having additional children until they get clean to bans on donating sperm without pay and rules barring prisoners from mailing their sperm to their wives for the purpose of insemination. Professor Robertson weighed in on many of these questions over the years as advances in the methods and mores of procreation dramatically transformed the reproductive landscape over the quarter-century since his book’s publication,  including recently in the pages of this journal on matters of egg freezing and uterine transplants.
Most controversial among Robertson’s work on procreative liberty was its application to the prenatal selection of offspring characteristics. People should have a constitutional right, in his view, against laws that limit the use of reproductive medicine or technology to have (or avoid having) a child who is (or would be) born with particular traits. If people are generally free to choose whether or not to reproduce, Robertson argued, and if the genetic characteristics of expected offspring will affect that decision, then they should also be generally free to use genetic information in making those decisions. ...
... This essay seeks to extend Robertson’s arguments about procreative liberty from public restrictions to private ones, from government officials to medical professionals, from constitutional law to contracts and torts. Courts have consistently held that the private “law does not recognize disruption of family planning either as an independent cause of action or element of damages.” Contract or tort actions against wrongfully frustrated donor screening or embryo selection need “not [be] coextensive with or measured by the woman’s constitutional right to decide the fate of her pregnancy.” But reproductive interests in one domain of law can usefully inform the other. My focus lies with thwarted selection of offspring traits — what I have elsewhere called “confounded procreation.” The plaintiffs in these cases wanted a baby and got one, except that the defendant’s negligence led them to get a baby with genetic traits that are different than those they’d used reproductive medicine to select for. What they wanted, for any number of reasons, wasn’t just any child, but a child of a particular type. So they review ultrasound images or peruse donor profiles that enable them to learn certain information about what potential offspring might be like. Their goal is to use that information to choose among possible cells or tissues or nascent human beings before deciding which will be born or implanted or conceived. But then professionals fertilize patients with the wrong sperm, implant another couple’s embryos, misrepresent donor information, or misdiagnose fetuses. These kinds of errors lead patients to initiate, continue, or terminate pregnancies in ways that frustrate their preferences for a child of one kind or another. The most common thing that prospective parents are looking for when they use prenatal screening today is a child who’s biologically related to them or who’s free of some disease that they’re at risk of passing on. Other would-be parents are looking for traits other than health or heredity. Some people might try to have a girl or boy for nonmedical reasons; others a child who resembles their physical or other genetically influenced features that matter to them.

Critical Infrastructure

The Critical Infrastructure Security Act 2018 (Cth) is meant to provide a framework for managing risks to national security relating to critical infrastructure, including by:
(a) improving the transparency of the ownership and operational control of critical infrastructure in Australia in order to better understand those risks; and 
(b) facilitating cooperation and collaboration between all levels of government, and regulators, owners and operators of critical infrastructure, in order to identify and manage those risks. 
That framework does not construe telecommunications as critical infrastructure, in contrast to much overseas planning in terms of  'critical information infrastructure'.

The framework centres on disclosure of ownership and control, reflecting recent anxieties regarding overseas ownership of major facilities. It consists of
 (a) the keeping of a register of information in relation to critical infrastructure assets (the register will not be 6 made public); 
(b) requiring certain entities relating to a critical 8 infrastructure asset to provide information in relation to the asset, and to notify if certain events occur in relation  to the asset; 
(c) allowing the Minister to require certain entities relating to a critical infrastructure asset to do, or refrain from doing, an act or thing if the Minister is satisfied that there is a risk of an act or omission that would be prejudicial to security; 
(d) allowing the Secretary to require certain entities relating to a critical infrastructure asset to provide certain  information or documents; 
(e) allowing the Secretary to undertake an assessment of a critical infrastructure asset to determine if there is a risk to national security relating to the asset.
Certain information obtained under, or relating to the operation of, the Act is 'protected information'. with restrictions on when a person may make a record of, use or disclose that information.Protected information is
(a) obtained by a person in the course of exercising powers, or performing duties or functions, under this Act; or 
(b) is the fact that the asset is declared under section 51 to be a  critical infrastructure asset; or 
(c) was information to which paragraph (a) or (b) applied and is obtained by a person by way of an authorised disclosure 21 under Division 3 of Part 4 or in accordance with section 46.
Civil penalty provisions of the Act may be enforced using civil penalty orders or injunctions, and enforceable undertakings may be accepted in relation to compliance with civil penalty provisions. The Regulatory Powers (Standard Provisions) Act 2014 (Cth) is applied for these purposes. Other provisions may be enforced by imposing a criminal penalty.

The Minister for Home Affairs  may privately declare a particular asset to be a critical  infrastructure asset so that the Act applies to it. A private declaration can only be made if there would be a risk to national  security if it were publicly known that the asset is critical  infrastructure that affects national security. Presumably many people in academia, the consulting sector and journalists will make correct inferences.

The Secretary of the Home Affairs Department must give the Minister reports, for presentation to the Parliament, on the operation of the Act. Do not expect, of course, that the reports will be particularly detailed.

Under section 9 an asset is a critical infrastructure asset if it is:
 (a) a critical electricity asset; or 
(b) a critical port; or 
(c) a critical water asset; or 
(d) a critical gas asset; or 
(e) an asset declared under section 51 to be a critical infrastructure asset; or 
(f) an asset prescribed by the rules for the purposes of s 9. 
An asset is a critical electricity asset if it is:
 (a) a network, system, or interconnector, for the transmission or  distribution of electricity to ultimately service at least  100,000 customers; or 
(b) an electricity generation station that is critical to ensuring the  security and reliability of electricity networks or electricity  systems in a State or Territory, in accordance with  subsection (2). 
Rules may prescribe  requirements for an electricity generation station to be critical to  ensuring the security and reliability of electricity networks or   electricity systems in a particular State or Territory.

An asset is a critical port if it is land that forms part of any of  specified security regulated ports:  Broome;  Adelaide;   Brisbane;   Cairns;  Christmas Island;  Dampier;  Darwin;  Eden;  Fremantle;  Geelong;  Gladstone;  Hay Point;  Hobart;  Melbourne;  Newcastle;  Port Botany;  Port Hedland;   Rockhampton;  Sydney Harbour; Townsville;

 An asset is a critical gas asset if it is any of the following:
 (a) a gas processing facility that has a capacity of at least 300  terajoules per day or any other capacity prescribed by the  rules;  
(b) a gas storage facility that has a maximum daily quantity of 75  terajoules per day or any other quantity prescribed by the  rules;  
(c) a network or system for the distribution of gas to ultimately  service at least 100,000 customers or any other number of  customers prescribed by the rules;  
(d) a gas transmission pipeline that is critical to ensuring the 24 security and reliability of a gas market, in accordance with  subsection (2).  
The rules may prescribe   (a) specified gas transmission pipelines that are critical to 30 ensuring the security and reliability of a gas market; or  (b) requirements for a gas transmission pipeline to be critical to  ensuring the security and reliability of a gas market

12 July 2018


'The Case of the Religious Gay Blood Donor' by Brian Soucek in William and Mary Law Review (Forthcoming) comments
The Food and Drug Administration prohibits sexually active gay men from donating blood. This essay envisions an original legal challenge to that rule: not the predictable equal protection suit, but a religious freedom claim brought by a gay man who wants to give blood as an act of charity. Because the FDA’s regulations substantially burden his exercise of religion—requiring a year of celibacy as its price—the FDA would be forced to show that its policy is the least restrictive means of preventing HIV transmission through the blood supply. Developments in testing technology and the experience of other countries suggest that this would be hard to prove. 
A lawsuit like this would either produce a major victory for gay rights or, as likely, would force courts to clarify and curtail some of the most controversial aspects of recent, mostly conservative, religious freedom efforts: their expansive view of religious burdens and their willingness to impose costs on the government or other third parties. In other words, by appropriating legal arguments from the right, a lawsuit like this presents a win-win proposition for progressive litigators. This essay considers why mainstream gay rights organizations may nonetheless shy away from bringing it.
Soucek's challenging article begins
Sexually active gay men cannot donate blood under current federal law. But federal law also prohibits the government from substantially burdening someone’s religious practice unless it is the least restrictive way of advancing a compelling governmental interest. 
So what happens if a gay man wants to donate blood as an act of charity—a religious practice encouraged by his church? 
This Essay imagines the lawsuit that might allow him to do so. The suit could go either of two ways. Given the generous understanding of religious liberty law in recent Supreme Court opinions, the case might be an easy win. Requiring celibacy as the price of living one’s faith surely counts as a burden that is substantial; and public health, while clearly a compelling governmental interest, does not necessitate such draconian means, as the experience of other countries, the testimony of medical experts, and advances in HIV testing all make clear. A win for the plaintiff would be a major gay rights victory, undermining an enduring and stigmatizing policy remnant of the AIDS crisis.
On the other hand, the government might claim that giving blood isn’t really a form of religious exercise, or that even if it is, it is a religious calling that can be answered in alternate ways. A gay man who wants to be charitable can donate money or time or soup—not blood. The government might also claim that expanding the pool of blood donors would either increase costs, if it is to be done safely, or else it would marginally increase the rate of HIV transmission through the blood supply—thereby imposing burdens on third parties like hemophiliacs and others who depend on transfusions of blood. 
This is all to say that the religious gay plaintiff could lose. But his loss would likely require courts to clarify—and curtail—some of the most controversial aspects of recent, mostly conservative, religious freedom efforts: the expansive and deferential notion of “substantial burden” at play in cases like Hobby Lobby,  and the disregard for governmental and thirdparty costs seen in recent actions by the Department of Justice, the Department of Health and Human Services, and those across the country seeking exemptions to antidiscrimination laws that protect gays and lesbians. In short, the case is a coin toss: heads, gay rights advocates win; tails, religious conservatives lose.
It needs to be asked, then, why gay rights advocates are not clamoring to bring such a case. Perhaps they just haven’t thought of it; after all, it has never been proposed in academic literature. But Part IV of this Essay suggests that deeper considerations may be at play: worries about the way this litigation could provoke anti-gay backlash and reinforce stereotypes, even as it promises to disrupt the stereotypical opposition between religion and gay rights.
Before getting there, Part III, the heart of the Essay, shows how this hypothesized challenge brings together in a single case all of the deepest unanswered questions in recent religious liberty law—from the nature of religious burdens and the fungibility of religious practice, to the costs of granting exemptions and the ways those costs can be disbursed without violating the constitution. Part III looks at how a religious gay blood donor could win either by actually winning his case, or by a loss that manages to curb recent advances in religious freedom law that are currently threatening LGBT and women’s rights.
Prior to that, Part II shows how a religious freedom challenge to the gay blood donation ban differs from the more predictable equal protection challenge that others have discussed10—and how the former may be a stronger claim. Part I begins by explaining the ban that is at issue in everything that follows.

Crypto and States

'Why Quantum Computing Will Not Destabilize International Security: The Political Logic of Cryptology' by Jon Lindsay comments
The implications of quantum information technology for cybersecurity and strategic stability seem worrisome. In theory, an adversary with a quantum computer could defeat the asymmetric encryption protocols that underwrite internet security, while an adversary using quantum communications guaranteed secure by the laws of physics could deny intelligence warning of surprise attack. To assess these claims, this article first develops a general political logic of cryptology grounded in the bargaining model of war, which understands uncertainty as an important cause of war and institutions as an important source of information. Cryptology of any technological vintage is shaped by both aspects of this logic, with ambiguous implications for strategic stability. In practice, strategic interaction between intelligence competitors using real quantum systems implemented in fallible human organizations will mitigate the impact of quantum computing. The upshot is that the revolutionary scientific innovation of quantum computing will probably have only marginal political impact, in part because the fields of cryptology and computing have already undergone important transformations in recent decades.
'Digital Switzerlands' by Kristen Eichensehr in (2019) 167 University of Pennsylvania Law Review (Forthcoming) comments
 U.S. technology companies are increasingly standing as competing power centers that challenge the primacy of governments. This power brings with it the capacity to bolster or undermine governmental authority, as well as increasing public demands for the companies to protect users from governments. The companies’ power raises serious questions about how to understand their role. Scholars have proposed varying conceptions, suggesting that the companies should be understood as public utilities, information fiduciaries, surveillance intermediaries, or speech governors. This Article takes up another possibility, one suggested by the companies themselves: that they are “Digital Switzerlands.” 
The companies’ claim to be Digital Switzerlands encompasses two ideas: that the companies are on par with, not subordinate to, the countries that try to regulate them, and that they are in some sense neutral. This Article critically evaluates the plausibility of these claims and explores how the companies differ from other powerful private parties. The Digital Switzerlands concept sheds light on why the companies have begun to resist both the U.S. and foreign governments, but it also means that the companies do not always counter governments. Understanding the relationship between companies, users, and governments as triangular, not purely hierarchical, reveals how alliances among them affect the companies’ behavior toward governments. But the companies’ efforts to maintain a posture of neutrality also carry a risk of passivity that may allow governmental attacks on users to go unchallenged. 
Turning to the normative, the Article proposes several considerations for assessing the desirability of having companies be Digital Switzerlands. Does the rise of the companies as competing power centers benefit individual users? Does the companies’ lack of democratic attributes render them illegitimate powers? If the companies claim the benefits of the sovereign analogy, should they also be held to the public law values imposed on governments, and if so, how? And if there is value in the companies acting as Digital Switzerlands, how can this role be entrenched to prevent backsliding? The Article offers preliminary answers to these questions, with the knowledge that the answers may well evolve along with the companies’ self-conception.

11 July 2018

Judicial Engagement and AV

'Judicial engagement and AV links: judicial perceptions from Australian courts' by Anne Wallace, Sharyn Roach Anleu and Kathy Mack in (2018) International Journal of the Legal Profession comments
Use of technology significantly impacts the nature of judicial work. While audio-visual (“AV”) links may generate some efficiencies, the increasing use of this technology conflicts with other important developments, notably procedural justice and therapeutic jurisprudence, which recognise and valorise the interactive nature of judicial work, especially sentencing in criminal cases. Analysing judicial perceptions of AV use in courts creates a clearer picture of its benefits and disadvantages, particularly in light of expectations of direct personal engagement.
The authors argue
Information and communications technologies are often key components of strategies to promote organisational efficiency and reduce costs in courts (see, for example, New South Wales Department of Justice, 2016–17 Annual Report). The use of audio-visual (“AV”) technology also has implications for managing judicial workloads and for the skills and qualities judicial officers need to perform their role. However, courtroom technology may have unintended effects on the quality of communication required for judicial work, especially with the defendant in criminal cases. 
After describing the volume and nature of work and the use of AV technology in Australian courts, the article draws on perceptions and experiences of judicial officers to investigate the implications of AV technology for the reciprocal communication between the judicial officer and others involved in the court process. This is important in light of developments, notably procedural justice and therapeutic jurisprudence, which valorise the interactive nature of everyday judicial work. 
This article reports findings from two projects. First, investigations undertaken nationally over the past decade by the Magistrates Research Project and Judicial Research Project (JRP) into several dimensions of judicial work. Second, research undertaken as part of a three-year empirical research project that investigated the use of AV links in Australian court proceedings (Gateways).

UK Research Integrity report

The UK House of Commons Science and Technology Committee report on research integrity comments
Research is fundamental to the process of pushing back the frontiers of human knowledge and understanding. Research helps cure diseases, tackle climate change, and understand the world around us. The UK has an enviable reputation for high-quality research, and researchers are among the most trusted groups of people in the eyes of the public. It is recognised that the vast majority of research undertaken in the UK is of high quality and high integrity.
Nevertheless, error, questionable practices, and outright fraud are possible in any human endeavour, and research integrity must be taken seriously and tackled head-on. The 2012 Concordat to Support Research Integrity provided a set of high-level commitments in this vein, but, six years on, while all the most research intensive-universities are complying with key recommendations of the Concordat, around a quarter of universities overall are not fulfilling the basic Concordat recommendation of producing an annual report on research integrity.
Compliance with the Concordat has technically been a prerequisite for receiving funding from UK research councils and higher education funding councils since 2013, but non-compliance has not led to any hard consequences. This reflects the fact that the Concordat has only high-level commitments and recommendations, meaning that ‘compliance’ is difficult to assess in practice. More broadly, there has been a lack of co-ordinated leadership to drive the implementation of its recommendations in universities, such as transparency in declaring the number of misconduct investigations carried out each year. The Concordat should be tightened so that compliance can be more easily assessed, with a timetabled route-map to securing 100% compliance. We welcome Universities UK’s plans to convene a meeting of the Concordat signatories to discuss the issues raised in our report and look forward to seeing further action in this area.
The current lack of consistent transparency means that it is impossible to assess the scale of the research integrity issue, leading to accusations that parts of the sector are policing themselves in a secretive way in order to maintain its reputation or, worse, a perception that investigations are not conducted properly in order to avoid embarrassment. Meanwhile, there is a risk that a future high-profile scandal could expose any weaknesses in this arrangement. Fraud appears to be rare, but the number of institutions reporting no investigations each year does not tally with other available information—the self-reported pressures on researchers to compromise on standards, an increase in the rate of journal articles being retracted, and a growth in image manipulation in articles. Part of the cause may be a lack of understanding of the principles of statistics among researchers, and greater emphasis should be placed on statistical rigour. The sector needs to see increased transparency and reporting of problems as a positive sign that issues are being identified and dealt with accordingly, rather than as a threat.
We see a gap in the UK research integrity system for a new committee to provide a means of independently verifying whether a research institution has followed appropriate processes in investigating misconduct, following similar models in Canada and Australia. The primary responsibility to investigate misconduct should remain with the employer, but there is also a need to improve confidence in the existing system of self-regulation and to adjust for the potential conflict of interest of ‘self-policing’. More broadly, the new committee should be responsible for championing research integrity in the sector, driving the future implementation of a tightened Research Integrity Concordat, and pursuing issues we identify in this report. The new committee will need to be established by and work closely with UK Research and Innovation, and produce an annual report on the state of research integrity in the UK. This is an opportunity for the research community to get ahead of this issue; without such a body being established, there is a risk that the demand for statutory regulation will grow in response to any future scandals, despite a consensus against such regulation within the community.
Meanwhile, there are other steps that can be taken to support research integrity rather than simply responding to problems. We are encouraged to hear that research integrity will form part of the ‘environment’ judgements for the next Research Excellence Framework, and that there are moves towards appropriate publishing of datasets, and better reporting of research methods. Meanwhile, UKRI needs to understand how the pressures and incentives within the research funding system affect research behaviour and consider where counterbalances are needed to ensure a healthy research culture. Training is key to ensuring that the right research culture is imbued by each new generation of researchers and their supervisors, and to ensuring that errors such as common misuses of statistics are avoided. In order to increase the effectiveness of research, increased emphasis should be put on the need to publish ‘negative’ research findings, especially in the field of medicine.
Employers, funders and publishers of research need to be able to share information to support investigations of misconduct, and it is encouraging that protocols are being developed to help employers to manage cases which cross institutional boundaries. 
 The Committee states
In January 2017 our predecessor Committee launched a follow-up inquiry into research integrity, to coincide with the publication of a briefing on this topic from the Parliamentary Office of Science and Technology (POST). 
The Committee called for written submissions on the issues identified in the POST briefing, including:
  • The extent of the research integrity problem; 
  • Causes and drivers of recent trends; 
  • The effectiveness of controls/regulation (formal and informal), and what further measures if any are needed; 
  • What matters should be for the research/academic community to deal with, and which for Government.
That inquiry was ended prematurely by the dissolution of Parliament for the General Election in 2017. We decided to continue this inquiry in the new Parliament, drawing on the 82 submissions to our predecessors and a further 48 accepted and published by us. We held six oral evidence sessions, hearing from 27 witnesses. We are grateful for all these contributions to our work. 
We did not seek to investigate specific allegations of research misconduct or to re-open old cases. We and our predecessor Committee rejected several written submissions on that basis. However, a small number of cases are referred to in our report where they illustrate current issues relating to research integrity.
Its Conclusions and Recommendations are
1. The Science Minister’s initial reluctance to give evidence to our inquiry was disappointing, not least as it risked sending the message that the Government does not take this issue seriously. Nevertheless, we welcome the fact that that the Minister was subsequently willing to appear and are grateful for his responses to our questions. (Paragraph 8) 
2. The Government rightly invests considerable sums of public money in research, and investment in research and development as a proportion of GDP is set to grow further in the coming years. The Government needs to be confident that all possible steps are being taken to ensure that this money is not wasted through problems with research integrity, and that the research that it buys is as reliable as possible. While the Government should not seek to interfere directly in research matters or compromise the independence of universities, it should nevertheless maintain an active interest in supporting research integrity and ensuring that all elements of self-regulation are functioning well in order to get the best value possible from public investment. (Paragraph 9) Understanding and measuring ‘research integrity’ 
3. The available data on misconduct investigations suggest that serious research misconduct is rare, but it is impossible to be certain without better data. There is a mismatch between the number of investigations and the scale of reported temptations to compromise on research standards, the ‘reproducibility crisis’ in some disciplines, the growth in journal article retraction rates, and trends in image manipulation. We hope that most researchers will never succumb to the temptations to compromise on research standards, and some of these trends may be the product of increased detection and correction of honest errors. Nevertheless, it is worrying that there seem to be so few formal research misconduct investigations conducted by universities. Increases in the number of investigations should be seen as a healthy sign of more active self-regulation. Further work is needed to determine the scale of the problem. (Paragraph 28) 
The Concordat to Support Research Integrity 
4. Most universities take their research integrity responsibilities seriously, but progress in implementing the Concordat to Support Research Integrity across the whole sector is disappointing. Six years on from the signing of the Concordat, the sector as a whole still falls some way short of full compliance in terms of publishing an annual statement, which risks giving the impression of pockets of complacency. We were surprised by the reasons that some universities gave for not publishing an annual statement on research integrity as recommended by the Concordat. The majority of universities have successfully balanced transparency against confidentiality in producing an annual statement, but a few are lagging behind and see transparency as a threat to their public image. Publishing an annual statement is a positive opportunity for an institution to set out the steps that it is taking to safeguard research standards, as well as to report on the number of investigations. We were encouraged that our letter to all Universities UK members prompted some of them to take steps to improve their compliance with the Concordat. More leadership is required to drive the implementation of the Concordat across the whole of the research sector, and we return to this issue in Chapter 6. We welcome Universities UK’s plans to convene a Research Integrity Forum meeting to consider our recommendations relating to the Concordat and look forward to seeing the results of their work. (Paragraph 39) 
5. Compliance with the Concordat has technically been a condition of receiving funding from research councils and higher education funding councils since 2013, but meaningful sanctions have never been deployed. The Concordat contains mainly high-level statements rather than explicit measurable requirements, and comprehensive information on ‘compliance’ is not collected by the funders. We recommend that the signatories update and strengthen the Concordat by making the requirements and expectations clearer, and produce a route map and timetable for reaching 100% compliance with the strengthened version within the next year. UKRI should collect and publish details of universities that are not compliant. In particular, the Concordat should be strengthened in relation to training on research integrity (discussed in Chapter 4), processes for responding to allegations of misconduct (see Chapter 5), commitments to clinical trials transparency (which we will return to in a dedicated report) and publication of ‘negative’ research results. (Paragraph 43) 
6. We endorse the Government Chief Scientific Adviser’s call for Government departments to sign up to the Concordat on Research Integrity to ensure consistency of approaches to research governance. If the Concordat is suitably strengthened, as we recommend above, this will be a useful step forward. We look forward to receiving further details of actions taken by the departments in response to his initiative in the Government’s response to this report. (Paragraph 46) 
Supporting and promoting the integrity of research 
7. It is surprising that most UK universities are not subscribers to the UK Research Integrity Office. The result is that the profile and impact of UKRIO might be highest with the institutions which already choose to participate, rather than the ones that might need the most help. The default assumption for all universities should be that they are subscribers to UKRIO, unless they can explain why they do not need to use UKRIO’s advisory services. We recommend that the Government and Universities UK write jointly to all universities to encourage them to engage with UKRIO and consider subscribing to its services. (Paragraph 50) 
8. Creating a healthy ‘research culture’ is just as important as tackling lapses in research integrity, and would help ensure that a career in research is attractive to those who value rigour, accuracy, honest and transparency. We endorse Research England’s plans to require the REF 2021 assessors to consider how research integrity issues can be taken into account. We hope that this will underline the importance of research integrity to a healthy research environment, and counterbalance some of the pressures to compromise on integrity. For this to be successful it must be implemented in a way that encourages universities to be more transparent about research integrity and investigations, rather than an additional incentive to avoid drawing attention to lapses in integrity. (Paragraph 57) 
9. There is a need to understand more fully the effects of the current funding system on researcher and institutional behaviour, and consider how unwanted effects can be minimised. We recommend that UKRI commission research to understand the effects of incentives in the research system on researcher behaviour and assess where adjustments or counterbalances may be needed to support research integrity. (Paragraph 58) 
10. We are encouraged to hear that some universities make training in research integrity a mandatory part of doctoral studies and include it in their research supervisor training programme. It is important that the attitudes to research integrity transmitted to the next generation of researchers are the right ones, and that those supervising them are also suitably trained. We recommend that UKRIO provide guidance to universities on best practice in delivering training to doctoral supervisors. (Paragraph 66) 
11. The research councils do not have reliable information on what training is currently being delivered. The increased concentration of training, through ‘Centres for Doctoral Training’, presents an opportunity for monitoring whether suitable training on research integrity is being provided as part of a PhD. We recommend that UKRI assess whether suitable training is being provided in line with current requirements and report back to us on its findings. UKRI should also consider further the case for centralised provision of training on research integrity, or standards that could be set. (Paragraph 67) 
12. We recommend that UKRI consider how best to encourage research teams to engage with statisticians as part of their research, and how best to improve the statistical competencies of researchers in general. (Paragraph 68) 
13. We are encouraged to see moves towards open publishing of datasets, and steps being taken to improve reporting of research methods through reporting checklists. However, we also recognise the need for protocols for accessing research data to ensure that secondary analysis is conducted appropriately. The Centre for Data Ethics and Innovation should consider further how best to balance the need for data to be openly shared with the need to ensure that data is used responsibly in secondary analysis. (Paragraph 75) 
Detecting and responding to problems with research integrity 
14. There is a continuing need for publishers to invest in techniques and technologies to spot problems with research papers. While the purpose of peer review is not to detect fraud, the sector’s responsibility for the integrity of the research base includes taking reasonable steps to ensure that technology to detect problems is developed and put to good use. This may be an area in which market forces do not obviously support this investment of resource. A Concordat-style set of commitments in the academic publishing community to invest jointly in software for the detection of image manipulation—or common standards for checking images—may be required. We recommend that UKRIO convene a discussion with publishers to explore this. (Paragraph 82) 
15. Universities and other employers of researchers need to be able to demonstrate that they are following best practice in the way that investigations are conducted. The annual narrative report recommended by the Concordat (see Chapter 3) is one opportunity for institutions to review their processes and set out whether they reflect UKRIO’s guidance. Any suggestion that best practices are not being followed is a concern, particularly given the reputational risk of, for example, not using external panel members in some stages of the process. UKRIO’s guidance on misconduct processes was published in 2008; it is worrying that, ten years on, some institutions may not yet have acted on it. We recommend that following best practice in use of external panel members form an explicit part of a strengthened Concordat. (Paragraph 88)
16. Cases of researchers committing misconduct at a string of institutions suggest that either some universities are using non-disclosure agreements to keep misconduct quiet, or are not being sufficiently diligent in checking references when hiring researchers. Hiding misconduct through non-disclosure agreements is not acceptable, not least as it effectively makes the institution complicit in future misconduct by that individual. The Government should ask UKRI to consider how this practice can be effectively banned by institutions receiving public funds, and statements to this effect should be included in a strengthened Concordat (see Chapter 3). Meanwhile, there is a need for greater diligence in employers checking for past misconduct, and for previous employers fully disclosing such information. (Paragraph 101) 
17. Researcher mobility means that research misconduct investigations may require coordination between current and former employers, and between journals and funders. We are encouraged to see the Russell Group developing protocols for communicating with related parties when dealing with allegations that cross institutional boundaries. There is a need for all parts of the system to work together—including employers, funders and publishers of research outputs—but there appear to be problems with the required sharing of confidential information. We recommend that employers, funders and publishers of research work together to agree a protocol for information-sharing on researchers involved in research integrity problems in a way that meets employment protection legislation. Commitments in this vein could form part of a tightened Concordat (see Chapter 3). (Paragraph 106) 
Regulating research and researchers 
18. UK research has an enviable record of excellence and public trust, but this should not be taken for granted. There is a risk that public trust in science could be eroded in the future through high-profile examples of research misconduct, and a risk that this could lead to demands for knee-jerk and ill-advised changes to the research system in the UK. There is a need for the research community—including funders, publishers, and employers of researchers—to stay ahead of research integrity issues and how they are dealt with in public policy. The UK’s position of international high regard and public trust in researchers is strengthened if the community has the confidence to admit that no area of human endeavour is immune to misconduct and error at some scale. (Paragraph 110) 
19. We see a gap in the UK system for a body that can provide a means of independently verifying whether a research institution has followed appropriate processes to investigate misconduct, as in Australia and Canada. We recommend that the Government ask UKRI to establish a new national committee which could undertake this role. Employers should still have the first responsibility for investigating and taking action in response to allegations of research misconduct, but there should be a means of checking that processes have been followed appropriately. The new committee should be able to recommend to UKRI that funding be restricted or reclaimed if an employer has not followed appropriate processes in responding to research misconduct. While established under the auspices of UKRI, the new committee should have its own secretariat and sufficient independence from it so that it can act in cases where the research is not funded by UKRI. Without a body along the lines we suggest there is a risk that demands for statutory regulation will grow in the future. We recognise that there is a strong consensus within the community about the disadvantages that overbearing regulation could bring. We argue, however, that the onus is now on the community to support steps to avoid this. (Paragraph 122) 
20. We recommend that the national committee should also have formal responsibility for promoting research integrity, as the equivalent body does in Canada. Working with Universities UK, the new committee should take responsibility for driving the implementation of an updated and strengthened Concordat, and following up on other recommendations to the sector in this report. Meanwhile, UKRIO should continue its work in providing advice on research integrity and sharing best practice. It should now advise UKRI on the creation of the new body, including its work methods, drawing on the best international examples. (Paragraph 123) 
21. Transparency is a key feature of a healthy research integrity system. The new national research integrity committee we recommend should publish an annual report on the state of research integrity in the UK, looking across the whole of research, and collecting information on: retractions; misconduct investigations and their outcomes; Concordat compliance; and training undertaken. The data for this will come from university narrative statements and the aggregated data on screening-phase investigations that UKRI is now being provided with. The proposed national committee should also consider how best to engage industry with the issue of research integrity, and should incorporate meaningful information on this aspect in its annual report. (Paragraph 128)