Second Life: a fresh approach to a cease and desist letter

Cease and desist letters are usually heavy-handed.

But when Darren Barefoot put up a parody of Second Life called Get a First Life, using a variation of Second Life's logo, Second Life's lawyers responded with a nonexclusive, nontransferable, nonsublicenseable, revocable, limited license to use the modified eye-in-hand logo rather than a prohibition demand.

February 6, 2007 in Legal, Privacy, Venture capital, Web/Tech | Permalink | Comments (0) | TrackBack

Legal liability of employee web designers

In Houghton v Arms [2006] HCA 59, the High Court of Australia has held that two website designers who misled an internet wine business about the operation of a bank’s financial transactions facility were liable for misleading and deceptive conduct under the Victorian Fair Trading Act 1999 even though they were employees. The representations were fundamental to the wine merchant's decision to structure his business in a particular way.

Mr Arms traded under the name "Australian Cellar Door" and formulated a proposal for the provision by means of an internet web site, www.auscellardoor.com.au, of a service for the direct marketing of the products of small to medium independent wineries. The expectation was that direct "cellar door" sales would attract sales tax at a much lower rate and would avoid the need for the payment by the wineries of the margin, usually in the order of 30 per cent, required by agents or distributors when sales were effected by retail outlets. However the promised payment mechanism could not achieve that result.

The trial judge had accepted that representations had been made to their client Mr Arms, the substance of which was that, in order to run his business effectively and operate the auscellardoor web site, Mr Arms was not required to obtain any documentation from the wineries other than a form, with provision for banking details; WSA (the employer)had engaged in that conduct when it was incumbent upon it to alert Mr Arms to the existence of the additional requirements of the ANZ Bank, or to ascertain that there were no such additional requirements in order for a winery to become an ANZ e-Gate merchant. Ryan J found that, had Mr Arms known the true position, he would have changed the auscellardoor web site to a profitable method of trading by November 2000, not June 2001, and would not have lost the sum of $58,331 from the seven month "set back".

While the trial judge gave judgment against the employer but refused judgment against the employees, the Federal Court of Appeal allowed the action and the High Court upheld the Appeal Court decision.

December 13, 2006 in Legal, Privacy, Venture capital, Web/Tech | Permalink | Comments (0) | TrackBack

Podcasting Legal Guide

Creative Commons have published a Podcasting Legal Guide. Whilst it's based on US law only, it identifies many issues which need to be addressed if a podcast is broadcast in other jurisdictions.

For example, it discusses the copyright status of unpublished works in the US:

"Every unpublished work from around the world of authors who died before 1936 is in the public domain in the United States. That means that the unpublished diary of an Australian who died in 1930 will be in the public domain in the U.S.; however, that same diary may still be subject to copyright under Australian copyright law in Australia. So, if you are marketing or targeting your podcast for a particular territory, you need to be aware of the copyright laws in that country as well as in the U.S. Moreover, because of the borderless nature of the Internet, you can't really stop your podcast from distributing to Australia, in which case you may be violating laws in another country."

June 20, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

ANAO Report on internet security in government agencies

The ANAO has published its audit report of internet security at six government agencies. For the six agencies audited, the ANAO concluded that the current level of Internet security was insufficient, given the risks and problems identified through the audit findings.

The ANAO noted that a number of agencies could improve performance in some key areas, particularly email filtering, and all agencies audited could improve performance in one or more aspects of managing Internet security, such as the development of system security plans.

The ANAO made 5 key recommendations for the six agencies audited for the report, including Customs, the Australian Federal Police, the Nuclear Safety Authority, Medicare, Department of Industry, Tourism and Resources and the Department of Workplace Relations.

June 17, 2006 in Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Extension of content regulation

The Minister for Communications, Information Technology and the Arts, Senator Helen Coonan, has announced that new safeguards will be put in place to protect consumers from inappropriate or harmful material on emerging content services such as 3G mobile phones and subscription-based Internet portals.

A recent Review of the Regulation of Content Delivered Over Convergent Devices found there is a need for specific safeguards for users of these services.

New laws will extend the current safeguards that apply to content delivered over the Internet or television to be applied to content delivered over convergent devices. This will include prohibition of content rated X18+ and above, requirements for consumer advice and age-restricting access to content suited only to adults.

June 16, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Commonwealth Bank releases Australian internet banking survey

When I was researching Australian financial services website compliance I found little data about internet banking usage.

So the release of details from the Commonwealth Bank’s inaugural E-Money survey - an annual index of electronic banking usage in Australia, is a welcome addition.

The results include:

  • of 6.8 million Australians that have used online banking, 85 per cent prefer the internet to manage their day-to-day banking needs;
  • Convenience is the main benefit of online banking for half of all online users (50%); followed by time savings (29%), ease of use over traditional banking methods (10%);
  • customers aged 25-34 year olds and full-time workers were the most likely to use internet banking, while those over 50 years of age preferred using branches;
  • The most popular online transaction is funds transfer/bill payment;
  • among those yet to try internet banking, only 32 per cent are concerned about internet security.

June 11, 2006 in Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

The technology behind Australia's access card

MIS Magazine's story on Australia's health and services access card highlights the huge planning and implementation obstacles to this project: there are already arguments over its specifications and the technology to be used.

June 9, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Privacy and RFID

A group of multinational companies including IBM, Intel and Microsoft have issued draft  guidelines for Privacy Best Practices for Deployment of RFID Technology.

RFID (radio frequency identification) raises privacy concerns when its use enables parties to obtain personally identifiable information, including location information, about particular individuals that those parties otherwise would be unable or unauthorized to obtain. This information may be a person's location; it may be that the person has a certain product in his or her possession; it may be that the person has used a particular service. Security concerns arise if unauthorized parties are able to obtain such information either from interception of the radio communications between tags and readers, through unauthorized reading of the tags, or via unauthorized access to the network or the database.

Representatives from various consumer groups and commercial enterprises developed these guidelines in an effort to address current privacy concerns, as well as to limit future concerns regarding the deployment of RFID technology.

The guidelines cover:

  • giving of notice when information, including location information, is collected through an RFID system and linked, or is intended by a commercial entity to become linked, to an individual's personal information either on the RFID tag itself or through a database.
  • Consumers should be offered such choice before the conclusion of the transaction to obtain a good or service, wherever practicable, so that, when coupled with robust notice, consumers are given the tools to effectively exercise their choice with respect to the use of RFID technology.
  • Companies should exercise reasonable and appropriate efforts to secure RFID tags, readers and, whenever applicable, any corollary linked information from unauthorized reading, logging and tracking, including any network or database transmitting or containing that information and radio transmissions between readers and tags. In addition, companies should exercise reasonable and appropriate efforts to secure the linked information from unauthorized access, loss or tampering.

May 5, 2006 in Privacy | Permalink | Comments (0) | TrackBack

Australia is to have a health smartcard

Australia will not have a complulsory national ID card. The Prime Minister has announced Australia will have a new access card for health and welfare services.

The access card will replace 17 health and social services cards and vouchers across the Human Services portfolio.

The card will have the cardholder’s name, a digital photograph, their signature and card number. A microchip in the card will store a photo, address, date of birth and details of any children or other dependants. The card will also provide cardholders with the option to voluntarily store other information such as emergency contact details, allergies, health alerts, chronic illnesses, immunisation information and organ donor status. Information held on the access card will be subject to strict protections and will only be accessible by authorised people.

The access card will be phased in over a two year registration period beginning in 2008. From early 2010, people will only be able to obtain government health and social service benefits if they have an access card.

Privacy Commissioner, Karen Curtis response to the announcement was that the privacy rights of individuals needed to be respected:

it is essential that appropriate privacy protections are built in early, particularly into the system design of the access card and registration process, rather than trying to 'bolt' these on later...it will be important to ensure that as the proposal is developed the uses and safeguards are clearly identified and legislated. This will help to ensure that the Government's intention that this not be a national identity card is met.

UPDATE: How Queensland's drivers licence smartcard compares. What it will look like.
What The Australian Privacy Foundation says.

April 30, 2006 in Privacy | Permalink | Comments (0) | TrackBack

First Australian Spam Act decision

In Australian Communications and Media Authority v Clarity1 Pty Ltd [2006] FCA 410 Federal Court Justice Nicholson found Clarity1and its sole director had breached the Spam Act by sending unsolicited commercial electronic messages (‘CEMs’) and using harvested electronic addresses. The matter has been adjourned to determine the amount of civil penalties.

From 15 October 2003 Clarity1 carried on business under the business name of Business Seminars Australia and the name of the Maverick Partnership. ACMA alleged Clarity1 sent at least 56 million unsolicited emails.

Clarity1 claimed that they were exempt as they were sending the emails for charities and to educational institutions but no evidence was provided.

Justice Nicholson also rejected the company’s defence that the recipients of emails had consented to receive them. He further rejected the defence that the company could use harvested lists acquired before the Spam Act commenced to send Spam emails at any time.

The judgment is a useful analysis of the Spam Act.

Penalty imposed

April 14, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

What is an electronic signature?

Whilst we know what a digital signature is, there has been little guidance of what is an "electronic signature" (as used in section 10 of the Electronic Transactions Act (Cth) ).

The English High Court considered the issue in Metha v J Pereira Fernandes SA [2006] EWHC 813 (Ch) (07 April 2006).

On 20th February 2005, Mr Mehta asked a member of his staff to send an e mail to JPF's solicitors in the following terms:

"... I would be grateful if you could kindly consider the following. If the hearing of the Petition can be adjourned for aperiod of 7 days subject to the following:

(a) A Personal Guarantee to be given in the amount of £25,000 in favour of your client -together with a list of my personal assets provided to you by my solicitor

(b) A repayment schedule to be redrawn over a period of six months with a payment of £5000.00 drawnfrom my personal funds to be made before the adjourned hearing.

I am also prepared to give a company undertaking not to sell market or dispose of any company assets without prior consent from your client pending the signing of the Personal Guarantee ... "

The e mail was not signed by Mr Mehta but is described in the header as having come from Nelmehta@,aol.com. This e mail address appears on other e mails sent to JPF's solicitors by Mr Mehta, which have been signed by him.

The issue was whether that email was a binding personal guarantee. Guarantees are only binding if they are signed by the guarantor.

Judge Pelling decided it was not "signed":

"The email referred to in Paragraph 3 above is not signed by anyone in a conventional sense. Mr Mehta's name or initials do not appear at the end of the email or, indeed, anywhere else in the body of the email. Inevitably, therefore, JPF must contend that the presence of the email address at the top of the email constitutes a signature...

As well know to anyone who uses email on a regular basis, What is relied upon is not inserted by the sender of the email in any active sense. It is inserted automatically. My knowledge of the technicalities of email is not sufficiently detailed to enable me to know whether it is inserted by the ISP with whom the sender or the recipient has his email account. However, I accept Mr Aslett's submission that as a matter of obvious inference, if it is inserted by the latter it can only be from information supplied by the former. Mr Mehta suggested that the address was inserted by his employee. I do not see how this could be so and certainly Mr Mehta was not able to give me a coherent explanation of how that might be so. It is possible that Mr Metha's employee was authorised to use Mr Metha;s email account remotely but, even if that is so, I do not see how that can impact on any of the issues I have to resolve since it is not in dispute that the email was sent on the instructions of Mr Metha and the method by which the sender address came to be inserted would not be affected even if that was the position...

What is relied upon is an e mail address. It is the e mail equivalent of a fax or telex number. It is well known that the recipient of a fax will usually receive a copy that has the name and/or number of the sender automatically printed at the top together with a transmission time. Can it sensibly be suggested that the automatically generated name and fax number of the sender of a fax on a faxed document that is otherwise a Section 4 note or memorandum would constitute a signature for these purposes? If Mr Aslett is right then the answer depends solely upon whether the sender (or the sender's principal where the sender was an agent) knew that the number or address would appear on the recipient's copy.

I have no doubt that if a party creates and sends an electronically created document then he will be treated as having signed it to the same extent that he would in law be treated as having signed a hard copy of the same document. The fact that the document is created electronically as opposed to as a hard copy can make no difference. However, that is not the issue in this case. Here the issue is whether the automatic insertion of a person's e mail address after the document has been transmitted by either the sending and/or receiving ISP constitutes a signature for the purposes of Section 4.

In my judgment the inclusion of an e mail address in such circumstances is a clear example of the inclusion of a name which is incidental in the sense identified by Lord Westbury in the absence of evidence of a contrary intention. Its appearance divorced from the main body of the text of the message emphasises this to be so. Absent evidence to the contrary, in my view it is not possible to hold that the automatic insertion of an e mail address is, to use Cave J's language, "... intended for a signature... ". To conclude that the automatic insertion of an e mail address in the circumstances I have described constituted a signature for the purposes of Section 4 would I think undermine or potentially undermine what I understand to be the Act's purpose, would be contrary to the underlying principle to be derived from the cases to which I have referred and would have widespread and wholly unintended legal and commercial effects. In those circumstances, I conclude that the e mail referred to in Paragraph 3 above did not bear a signature sufficient to satisfy the requirements of Section 4.

April 14, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Should we be more worried about offline privacy breaches than online privacy?

beSpacific linked to two stories today: the first is the  Privacy Rights Clearinghouse's updated Chronology of Data Breaches Reported Since the ChoicePoint Incident and the second is a Newsweek article on Why Privacy Won't Matter (about advertising on Google and Yahoo).

Whilst both chronicle the ease with which personal data can be obtained, the data breaches chronology shows that physical offline security (eg lost or stolen computers and backup tapes) is more prevalent than hackers. Perhaps we should be starting with real world awareness of the importance of security while we are giving away our information online.

March 27, 2006 in Privacy | Permalink | Comments (0) | TrackBack

New Australian Guidelines for Electronic Commerce

The Australian E-commerce Best Practice Model (BPM) was released in May 2000. A review of the Australian E-commerce Best Practice Model commenced in November 2003.  The BPM has been updated and replaced by The Australian Guidelines for Electronic Commerce, which were released by the Parliamentary Secretary to the Treasurer on 17 March 2006.

Treasury has also released a fact sheet covering issues when engaging in business-to-consumer e-commerce:

• Does your business follow ‘fair business practices’?
• Do consumers need specialised software or hardware to trade with you?
• Have you taken reasonable steps to ensure the goods and services you supply are accessible to people with a disability?
• Is all advertising material clearly identifiable, so it cannot be confused with other content?
• Are procedures in place to ensure that any marketing messages you send do not constitute spam?
• Have you taken reasonable steps to avoid entering into transactions with minors?
• Can consumers easily fi nd all key information about your business, including contact details?
• Are contract terms for purchases clear, accurate and easily accessible by consumers?
• Have you taken appropriate steps to protect consumers’ privacy?
• Have you provided consumers with payment mechanisms that are easy to use and offer appropriate security?
• Have you clearly explained to consumers the security and authentication methods you use so they can assess any risks?
• Do consumers have easy access to, and clear information about, dispute resolution procedures?
• Are consumers informed about any specific laws or jurisdiction applicable to transactions with your business?

See my guidelines for website compliance

March 23, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Who can access your Google search records?

The New York Times reports that at a hearing in the California Federal District Court, the US government is now requesting a sample of 50,000 Web site addresses in Google's index instead of a million, which it was demanding until recently. And it is asking for just 5,000 search queries, compared with an earlier demand for an entire week of queries, which could amount to billions of search terms.

The government says it intends to use the data in a study to measure the effectiveness of software that filters out pornographic Web sites. The government says it is not seeking information that would "personally identify" individuals.

"It is my intent to grant some relief to the government," Judge Ware said, "given the narrowing that has taken place with the request and its willingness to compensate Google for whatever burden that imposes."

He said he was particularly concerned about perceptions by the public that Web searches could be subject to government scrutiny, "so I'll pay particular attention to that part of it." The judge said that he would issue a full decision shortly, but did not give a date.

UPDATE 20 March: The Judge has issued his decision which is analysed here at Concurring Opinions.

Although the Judge did not rule on the original subpoena he was critical of the government's approach and did not give it access to the search queries at all, only the URL's.

March 16, 2006 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Is new Google Desktop search safe?

Electronic Frontiers Foundation (EFF) has urged consumers not to use a new feature of Google Desktop because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password.

The new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers.

EFF Staff Attorney Kevin Bankston said "If you use the Search Across Computers feature and don't configure Google Desktop very carefully—and most people won't—Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files."

February 13, 2006 in Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Was Scott McNealy right: do we have zero privacy?

Last November there was a story about how an accused murderer's computer's history of Google searches helped convict him.

We regularly read articles about how email was used in a court case.

Last week Google refused to provide the US Department of Justice with extensive search data.(see collection of links at beSpacific)

Om Malik's article Living a Cached Life argues that Scott McNealy was right, that the only privacy you will have will be in your thoughts.

"Search engines are like the digital sand, where we leave foot prints. Corporate email systems (as Microsoft and Bill Gates know all too well from their DoJ adventures), instant messaging systems, and even shopping carts - we are leaving a tiny bit of privacy wherever we go."

If you are someone who cares about their privacy (and not everyone does) there are things that you can do, starting with not doing personal things on your work computer.(see Don Dodge for 7 tips).

Privacy and technology are not incompatible: the privacy threatening features of internet technology are not separable from the capacity that makes it desirable or useful on other grounds. If you take care you can have your privacy and use technology, except where you trade it for a service you want.

Privacy analysts divide the population into 3 categories. “Privacy fundamentalists” are deeply concerned about privacy rights and reject any consumer benefits that require release of data about themselves. At the other end of the spectrum are “the privacy unconcerned”, who don’t think about privacy, don’t see any problem about giving their information away or how it might be used. In the middle are “privacy pragmatists” who balance the potential benefits and threats involved in sharing information and are concerned about “function creep” (ie the secondary use of information originally divulged for one purpose only.) Pragmatists will give up protection depending on what they get in return.

Telecommunications providers know the date, time, length, call number and destination of phone calls. If you are calling from a mobile phone, they know your location. Pay TV services know the viewing interests of subscribers. Internet portals know the interests of users. Online financial services aggregators and bill management services have access to sensitive personal financial information. Businesses can track a customer’s purchase history. Information about you is stored on public registers and telephone and email directories. Your school, university and employer may have published your name. Discussion groups and chat rooms can be searched. Junk email is commonplace. Your identity can be verified through DNA databases. There are surveillance cameras in public places.

There is a record of the prescription drugs you use and your medical history. Technology records the magazines we purchase and the articles we read. When a person enrols for prenatal classes, she receives catalogues for baby products. When a veteran fills a script for arthritis, he gets a letter from DVA telling him how to manage arthritis. When you lodge a building application with your local authority you get junk mail from building suppliers.

Your motor vehicle location can be tracked (telematics).

Current technology allows previously unrelated information to be collected and analysed by search engines. Businesses sometimes enter into strategic alliances to share technology and information and share advertisements. Information provided for one purpose is able to be used for another.

Do we only have zero privacy if we don't value it?

January 23, 2006 in Privacy | Permalink | Comments (0) | TrackBack

New Queensland privacy laws

The advent of new technologies such as digital cameras, mobile phones and the internet have prompted the Queensland Government to amend the Criminal Code.

The Premier Mr Beattie said the new laws, to be introduced as part of the Justice and Other Legislation Amendment Bill 2005, would make it illegal under the Criminal Code to covertly film or observe someone in private places such as bathrooms, toilets and change rooms.

"The so-called practice of 'up skirting', where an offender uses a concealed camera to film up under someone else's clothing, will also be outlawed," he said.

November 8, 2005 in Privacy | Permalink | Comments (0) | TrackBack

Unauthorised Photographs on the Internet and Ancillary Privacy Issues

The Standing Committee of Australian Attorneys-General has issued a Discussion Paper on Unauthorised Photographs on the Internet and Ancillary Privacy Issues. (pdf)

At a meeting of the Standing Committee of Attorneys-General (SCAG) in August 2005, Ministers agreed that all State and Territory officers would work in consultation to develop options for reform to address the issue of unauthorised publication of photographs being made available on websites.

The issue of unauthorised photographs on the Internet was highlighted recently when a number of unauthorised photographs of children were posted on voyeuristic websites.

Submissions are due by 14 October 2005.

September 9, 2005 in Privacy | Permalink | Comments (0) | TrackBack

Procedures for notifying customers after data breaches

In Keeping the Trust Dr Larry Ponemon identifies the 4 basic questions a company CIO should be able to answer in data security planning:

  • Detection: Is your company able to detect the breach of sensitive personal data?
  • Escalation: Is the company able to report the breach of sensitive personal information to appropriate personnel within a specified time period?
  • Disclosure:Is there a process in place to notify each victim with a letter sent by first class or express mail (and corresponding telephone call or e-mail)?
  • Redress: Is the company prepared to provide each individual whose sensitive personal information has been breached with a means to contact the company and ask additional questions or obtain recommendations to minimize potential harms resulting from this breach?

He also identifies six mistakes that can cause a company’s reputation to tank and gives 8 recommendations for remedial action in the case of a data breach that will let customers know there's been a breach of their data and help them keep their faith in you. (via BeSpacific)

August 26, 2005 in Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

Identity theft and privacy

This week's ABC Four Corners program Your Money and Your Life on cyber-fraud has raised public consciousness on the issue.

In particular, allegations that personal and financial details of some customers of Switch Mobile were being sold from a call centre in India have resulted in an announcement by the Privacy Commissioner that she will investigate allegations Switch Mobile and One Touch Solutions (Switch's telemarketer) breached the Privacy Act through the misuse of personal details obtained from their customers.

On the topic of identity theft the Commissioner said:

"Generally, people who are concerned about how to protect their personal information when conducting business over the phone or on the internet can consider taking the following steps:

  • deal with businesses that have a clear Australian connection, and be sure you can contact them if you have any concerns;
  • only give out personal information that is relevant to the transaction;
  • if you're not sure why some personal information is being requested, ask the business to explain why it is necessary;
  • if you think your personal information has been mis-used, contact the business;
  • If that doesn't produce satisfactory results, you can then complain to her Office.

More information about identity theft, how to avoid being a victim, and what to do if you think you are a victim of identity theft, is available in the Attorney-General's Department ID theft prevention kit."

Speaking recently at a conference on a national identity security strategy the Commissioner said

  • Identity theft has significant costs to the economy (estimated at $1.1B per year). It also has large personal cost for the victims of identity theft.
  • US researchers estimate that the victims of identity theft will spend anaverage of 600 hours (that is 25 days) clearing up their credit problems and checking the accuracy of their personal information.

August 19, 2005 in Legal, Privacy, Web/Tech | Permalink | Comments (0) | TrackBack

No misuse of data in 2004 election

The Australian Communications Authority (ACA) has found no evidence of misuse of data from the Integrated Public Number Database (IPND) during the 2004 federal election campaign.

The ACA has been investigating a complaint by the Australian Labor Party about telemarketing activities by the Liberal Party of Australia during the campaign. The ACA’s investigation focused on whether the Liberal Party’s telemarketing activities improperly used data from the IPND.

“Our investigation found that the phone numbers were obtained from publicly available databases,” ACA Acting Chairman Dr Bob Horton said.

“These databases can include numbers that in the past were listed numbers, but have since become unlisted, as well as information from other sources.

“However, the ACA has asked the Office of the Federal Privacy Commissioner to review the complaint because there may be other matters within its jurisdiction.”

UPDATE: 30 March
The Privacy Commissioner, Karen Curtis, has advised that she will not be investigating the complaint about the telemarketing activities of the Liberal Party of Australia, which was referred to her by the Australian Communications Authority (ACA) on 21 March 2005.

“I have examined the information provided to me by the ACA following its investigation of this matter,” Ms Curtis said.

“On the basis of that information, I am satisfied that the matters raised would fall outside the jurisdiction of the Privacy Act, as it provides an exemption for the acts and practices of political organisations and those organisations  contracted to them,” said Ms Curtis.

March 23, 2005 in Privacy | Permalink | Comments (0) | TrackBack

Databases

Further to my post on the Choicepoint database identity fraud, comes this Vanity Fair article on the author of the MATRIX data mining system (via Ernie the Attorney).

It's a great read about a self-taught programmer who wrote a program to identify the 9/11 terrorists:

"MATRIX, for Multi-state Anti-Terrorism Information Exchange. The list was forwarded through Asher's law-enforcement contacts to Brian Stafford, head of the U.S. Secret Service, and to a senior F.B.I. agent. The feds were stunned.          

According to Asher, five of the names on his list were under investigation by the F.B.I., and one was on those passenger manifests—Marwan al-Shehhi, pilot of the second jet that hit the World Trade Center. Asher had current and prior addresses for al-Shehhi and the rest of those 419 names. He had bank records, motor-vehicle records, and driver's licenses, complete with digital photographs. He had aviation licenses. He had credit histories. He had the names of neighbors and landlords, along with their digital pictures."

Is he a hero or a villain?

March 1, 2005 in Privacy, Web/Tech | Permalink | Comments (0) | TrackBack