The review has two parts. The first covers the extension of the traditional media’s legal rights and responsibilities to some new media publishers. The second part of the review looks at whether the laws which deal with crimes such as harassment, intimidation, defamation, and breach of privacy are fit for purpose in the digital age.

It is really the second half of the review that most interests NetSafe, although the first half looks at a very interesting question. At what point does a blogger or a news website  access the legal privileges and exemptions currently reserved for the traditional news media? David Farrar at Kiwiblog has more readers than many newspapers in this country and often writes about political issues – so it absolutely makes sense to consider him “news media” . But what about Mods Motors? That also has a wide “circulation”. Its mostly about cars, but it does also include “news” and opinion about car and transport regulations.  What about the NetSafe blog?  The review also recommends an independent converged regulator (like the ACMA or OFCOM) to manage regulation of this space.

The second half of the review sits squarely in NetSafe territory. Information technology has been a real enabler for harassment, intimidation, defamation, and breach of privacy. The laws that deal with these issues were written pre-technology. Mostly they tend to be applicable, but accessing the remedies is comparatively prohibitive. Basically, its really easy to offend against somebody – and hard to effectively defend yourself.

The Law Commission has made a range of recommendations starting with a review of current laws to make sure they’re applicable in the digital age. There some clarifications of existing law and a handful of new offences recommended: maliciously impersonating another person, publishing intimate photos, and incitement to suicide.

The most radical of the proposals is the establishment of a Communications Tribunal that would operate at a lower level than the courts. The idea being that the tribunal would be more accessible for people who are offended against.

The Law Commission is taking submissions on this paper until March 12, 2012. I suspect there will be a number of strong voices against the recommendations – as there are against any attempts to exert control on online activities. I would encourage organisations and individuals working in the cyber safety and law enforcement space to make a submission.

As NetSafe staff speak with lots of school age children (and educators), we’re often exposed to views that differ from our own, in part due to an age gap, and the notion of privacy has surely evolved for tech savvy teens happy to share their lives online.

Just today, WikiLeaks founder Julian Assange has been quoted as describing Facebook as “the most appalling spying machine ever invented” in an interview with Russia Today.

The New York Daily News story goes on to say he refers to the popular social networking site as one of the top tools for the U.S. to spy on its citizens:

“Here we have the world’s most comprehensive database about people, their relationships, their names, their addresses, their locations, their communications with each other and their relatives, all sitting within the United States, all accessible to US Intelligence,” he said. “Facebook, Google, Yahoo, all these major U.S. organizations have built-in infaces for US intelligence.

The Saturday Night Live sketch comparing Assange and Zuckerburg:

I believe for many younger people (I’d clump them together as the X-Factor/Pop Idol generation) that exposure to popular TV shows and other media has created the notion that success (and fame) can be gained through building your own personal brand, by getting your name out there and making friends and influencing people.

Now Dale Carnegie wrote the book How to Win Friends and Influence People all the way back in 1937 so can we really say that times have changed?

I believe we can – even 20 years ago publishing as a concept was a top down, centrally controlled operation where newspaper and book editors and TV channel execs called the shots and decided what made the news, got screentime or made it onto the bestseller lists.

In 2011 anyone can share their thoughts and dreams, publish a manifesto and also expose their darkest secrets should they – or others – wish.

Back in 1999 I worked for one of the largest internet companies in the world providing community homepage building services to people keen to build websites about their family, their hobbies and their pets. Modelled on Geocities, this UK start-up let you easily build a simple, template driven website in exchange for displaying banner ads to visitors.

It was perhaps a new (and short lived) business model where ‘citizens’ of this online city were encouraged to cluster around shared topics and themes, publish stuff and connect, kind of like the social networks of today.

1999 was also the year that blogging went mainstream and anyone could create an online diary or weblog to publish to the world.

Twelve years on and a 13 year old child of one of my Facebook friends has taken this process further by publishing a whole array of thoughts, experiences and pictures on the site through an open profile with more than 500 friends and a possible world of watchers.

When I suggested to him locking down his profile, he couldn’t grasp why that move would do anything but restrict the opportunity to make new friends.

It’s something Facebook founder Mark Zuckerburg famously commented on back in January:

People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time.

The Wikipedia entry on privacy describes the term as being a Western notion, often without equal in some cultures, with the first publication advocating privacy in the United States – by Samuel Warren and Louis Brandeis – being published way back in 1890.

The concept of privacy as a natural right to “be left alone” has of course evolved since then and new technology has always been seen to have brought with it new threats to retaining privacy.

But in this 21st century world is the concept now dead in the water given the numerous ways corporate and governmental organisations have to monitor our activities and the fact that a new generation of young people seem to be actively avoiding being ‘left alone’?

One Facebooker responding to the Assange story commented:

Every time you use a credit card, log into a website, buy anything on-line or a store you are giving away information about yourself. It’s known as data mining and has been going on for years.

There’s no need to get paranoid about it. it’s a… fact of modern life and we have to get used to it. The only way to get away from it is to live in a cave and grow your own food; but some nosy busybody will have that logged on a computer somewhere as well.

Should we therefore give up and accept defeat? It’s a discussion I think will be actively explored at July’s NetHui.

Updated: A tip off from someone connected with privacy in NZ – The Onion News Network’s tongue in cheek take on Facebook being the CIA’s greatest success

Social networking - how safe are you? Take the online survey

This week is Privacy Awareness Week, an international event designed to promote awareness of privacy rights and responsibilities with a focus this year on social networking.

It’s a topical subject given last week’s data breach at Sony and the need to alert millions of people globally around the dangers of identity theft.

The Office of the Privacy Commissioner, which is running the event in New Zealand, is working on two streams for the event:

1. for corporates the issues around offshoring and cloud computing. This is something that will become more mainstream given the rise of centralised software as a service and the storage of customer data outside New Zealand. It’s an issue Rick Shera, the Chairman of NetSafe, will also be discussing later in May at the next New Zealand Information Security Forum (NZISF) meeting.
2. privacy and social networking. Again, a very topical subject given recent media stories on abuse of Facebook profiles and pages and the application of common user behaviour to other social sites.

You can help out the Commissioner and APPA (Asia Pacific Privacy Authorities) by taking the ‘How private is your profile?’ survey online.

And if you’re concerned about identity theft then check out their online ID Theft Tool

The company’s database was accessed by hackers and now up to 77 million sets of personal data (including those Kiwis who had shared their names, addresses, dates of birth and other information) could be floating around the ‘net up for sale to the highest bidder.

Sony has suggested matching credit card information could also be at risk but to date police forces in NZ and also Australia have only advised the public to keep an eye on their statements or speak with the bank if they’re concerned.

In the US the leak has prompted law suits over the Sony causing “millions of consumers fear, apprehension, and damages including extra time, effort, and costs for credit monitoring, and extra time, effort, and costs associated with replacing cards and account numbers, and burden, and is harming both consumers’ and merchants’ ability to protect themselves from such fraud.”

Practical tips to protect against identity fraud and theft

The New Zealand government states that  incidences of identity theft are rare but times may be changing now we’re all so interconnected, purchasing products and services overseas and sharing our data with companies that operate outside NZ privacy laws.

Identity fraud where criminals use your personal info and possibly credit card data to make purchases and apply for loans, etc is best tackled by keeping a regular eye on your credit report.

The main provider of credit reference checking in NZ is Veda Advantage – you can request your credit file for free by downloading a form from their website and not opting for the paid-for Express service.

The New Zealand Police website also has a lot of useful advice on preventing identity crime – we’ve reproduced a selection related to internet use below.

If you’ve been a victim or suspect rogue activity on your accounts contact your bank and police to make a report. You can also use the online Orb service provided by NetSafe.

Top tips on securing your personal data:

• Shred or destroy old bank statements, credit card bills, utility bills or other documents to prevent this material falling into the hands of criminals

  In the online world this means avoid storing secure information on laptops that can be stolen and securely wipe old hardware you sell on TradeMe (both computers and mobile phones)
  

• Be careful to whom you give personal information. If you have to reveal personal information, ask some questions about the security of the information and be very cautious giving out any information over the phone or internet unless you know who you are dealing with.

  This is particularly true when it comes to phishing websites and cold calling PC support companies and when filling out registration forms for online offers and competitions
  

• Guard your mail from theft by securing your letterbox. Criminals value your mail and will use it to commit fraud with your accounts or open loans or credit in your name

  Online this is securing your email, banking and auction accounts with individual and strong passwords and not sharing them with others

• Check your bank and credit card statements to make sure there are no unauthorised transactions – this may be the first sign someone has stolen your identity.

  If you’re a Facebook user be especially aware of charges on your mobile phone account if you enjoy taking quizzes and surveys as malicious apps are now charging users without their knowledge. In the case of the Sony leak check credit card statements for unknown purchases

For fans of the Matt Damon/Jason Bourne spy thriller trilogy, the word Treadstone has instant meaning – a US government ‘black op’ programme training volunteers soldiers to become highly effective assassins.

What does a fictional movie series have to do with being an iPhone owner?

Smartphone iPhone security and privacy threats - see our presentation for more info

Well if you’ve been following the media over the last 24 hours, you’d possibly be thinking your shiny smartphone has been reporting back your every move to Apple and – as some message board commentators would have you believe under the terms of the US Patriot Act – to the US government too.

Researchers in the UK recently published their findings about a location cache file on iPhones running the iOS4 operating system that regularly logged the location coordinates of the phone owner and then copied them across to the PC or Mac they were syncing with.

If you’re even slightly into personal privacy and security or a member of the tin hat brigade*/Apple hater, the file at  Library/Caches/locationd/consolidated.db would appear to be very good at tracking your movements and can be used along with the iPhoneTracker app to build up a visual map of your routine travel.

This isn’t really news to me. Of course, I can’t claim to have found this file before Alisdair Allan and Pete Warden but having spent the last few weeks putting together a NetSafe presentation on smartphone security the idea of Apple logging this information comes as no surprise.

Location Based Services – privacy vs commercial gain

Location Based Services are just one of the next big things that handset manufacturers and corporate marketers are really hoping will take off in a big way. And judging by current smartphone sales forecasts they could soon be very happy indeed.

After all, when you’re meters away from your favourite coffee shop company as you pass through an airport after hours stuck on a crowded plane, a quick SMS from them offering you a bargain mochachoccachino could result in a swift sale.

If your phone is letting Google (if you have Android or Latitude) or a.n.other provider of location based marketing know your location every minute what harm is there in letting you have a loyalty reward?

I’m not so sure that having an iPhone really does mean some secret US government agency can follow my movements but if you’ve ever watched Enemy of the State maybe the Faraday Cage loving Gene Hackman character has a point.

Are we trading away our personal privacy for the sake of being in the shiny tech gadget crowd? Does it matter? These are the kind of questions I think will be increasingly asked over the next few years.

In the UK, “The Information Commissioner today said anyone who is concerned about the log of their whereabouts can make a complaint to his officials, who enforce the Data Protection Act.”

I’ll be watching to see how this situation develops and keeping my stack of anonymous passports close to hand.

*we use the term in jest

Womens Refuge have pointed out that this service could be abused by people to spy on and control their partners. This is true. However, there are already a number of software products that enable spying on phones. Many of which are more “feature rich” than myfone.

Civil Liberties groups have said it is spying – and that parents shouldn’t spy on kids. They have said that many parents are too controlling – and that this technology will be used to control kids. The technology isn’t promoted as covert surveillance. It is supposed to be disclosed to the phone user. In that regard – its not really “spying” – although there will be ways to work around the disclosure mechanism.

Sally Rae (one of the owners of the service in NZ) is quoted as saying “…what’s more important – our childrens’ civil rights or their safety and protection?”

I don’t think we need to make this a choice. Our children have a right to be safe. That is one of their rights. Parents have a responsibility to protect their children. What we also need to remember is that we have a responsibility to protect their other rights.

The product is just a tool. Using it – a parent can see into their child’s online life. What they do with that information is the key. If they are using the tool to control their child – that probably isn’t of much value. Children will find other ways to access the online world. If they think they can install this product and their child will be protected – they are wrong. In a networked world, online challenges are a reality for young people.

A product like this works if a parent uses the information it produces to educate their child about the challenges of communications technology. That means it can be a useful tool for young children – if its used properly.

Parents should also see this tool as temporary. As children show more maturity online, they should be given more freedom.

We’re holding a meet-up at NetSafe on April 20th to discuss the issues around mobile phone security – that’s physical threats around data loss, corporate policies around smartphone usage and more importantly malware and virus threats for individuals who are benefiting from mobile internet access and always-on connectivity.

As part of the process of researching the topic for the event I’ve created a brief survey for users/owners. Please do take 5 minutes to respond if you have the time to spare as we’ll be publishing our insights to bring a local flavour to recent vendor research on the subject.

The Norton Mobile Survey – covering 3000 adults in 6 countries – is the latest window into cellphone behaviour with a keen eye on selling more copies of their Mobile Security product and promoting the free trial Android app.

The survey reveals that:

53 percent of adults in India have fallen victim to mobile phone loss or theft, but despite that, only two in five Indians currently have a password protecting their devices.

Our low profile survey may well reinforce these findings – drop me an email if you’d like to attend the meeting.

iPhone Spyphone

Whilst investigating rumours that a non-jailbroken iPhone is 100% secure, I discovered a dark part of the internet given over to ’spyphone software’ and the fabled ability to remotely turn on a cellphone’s microphone and/or camera without the owner knowing.

As the NetSafe budget doesn’t stretch to $500 software on a hunch I’ve had to make do with these two low budget trials:

1. Configuring a home security camera network with some old laptops and a $5 iPhone app. The motion detector alerts my phone with push notifications and I’m then able to view up to 4 cameras feeding live footage.

   For $5 this has got to be a winner – if you splash some cash on IP cameras that don’t require an OS and work over wi-fi this would enable you to create a fairly fancy security system on the cheap.

2. Investigating the stalker-friendly usefulness of extended EXIF data in digital cameras. Most modern cameras and hence camera phones will record GPS lat and long coordinates when you take a pic these days for handy Flickr style photo sharing/geo-tagging.

   Again with a $5 app I’m able to view and investigate photos shared on social networks (assuming the EXIF data is still present) and map where the shots were taken. One click and I’m onto Google Maps and plotting a route to take me to that point.

   It’s certainly prompted me to consider the privacy implications around sharing photos given that law enforcement is creating Geo-Intelligence software to help trap criminals using this data. If I were a true crime fighter though I’d no doubt have a black helicopter to go along with that iPhone app…

The 4 pillars she mentioned are:

1. the right to be forgotten
2. transparency – “a fundamental condition for exercising control over personal data and for building trust in the Internet”
3. privacy by default
4. protection regardless of data location

The first one is a major sticking point among former Facebook users who try to delete their accounts and remove their content (pictures/updates) from the service.

The speech stems from the EU’s efforts to update 1995 privacy laws and acknowledge that the “ways of collecting personal data have become increasingly elaborate and less easily detectable”.

15+ years ago the prospect of your data being ‘owned’, controlled and kept secure by a firm half way round the world was probably less common for most people who were yet to even take baby steps onto the internet.

Today, most web users are at least half aware that what they type into Google and tweet to their followers is being recorded and used for targeted advertising purposes amongst other things.

So is the EU’s confrontational approach to the web giants something we should be quick to encourage? Should we fear the prospect of a multinational Googlezon of the future knowing everything about us?

The big, bad European Union

In the UK at least, for many people EU staffers are equally feared and/or detested – a looming Big Brother like intrusion into everyday life. You just have to mention the myth of the banning of the curved banana for most people to search their memories and come up with other EU initiatives that are held up as affronts to personal (and sovereign) freedoms.

So should the four pillars be adopted around the world? Do we need organisations like the EU to take the fight to the Facebooks and Googles to ensure we really can be forgotten in a digital world?

An attempt to honour another new piece of European Union legislation on data protection is already running into problems with many companies struggling to understand and implement changes to their websites that will require consent from visitors to use cookies for storing personal details by 25 May.

Perhaps Kiwis in general are more laissez faire when it comes to personal privacy? Would the nation revolt if data generated by the latest census were to be processed by a company already implicated in privacy crimes in the US?

Widespread fears about the Patriot Act and the risk of transferring so much information to the US military-industrial machine have certainly generated debate on the topic. Maybe we need those 4 pillars after all.

With Domo on your phone you can expose your Facebook favourites with other Domo users nearby and start up a conversation on shared interests.

The short video below explains the idea some more. Is it the ultimate intro tool for nervous geeks or a worryingly stalker friendly app for the overly curious? You decide:

Do you struggle every January to stick with those new years exercise based resolutions or constantly wail at the kids to brush their teeth? Well GreenGoose could have the answer for you.

I’ll let their website spell out the benefits for individuals of strapping tiny motion/accelerometer based sensors to everyday items:

• Earn Lifestyle Points.
• Exchange them with other online apps.
• Get rewards.

So the basic premise seems to be to hook up your sneakers to a tracking device and share the summary of your daily run on Facebook or other social sites and let your friends monitor your behaviour and berate you for lying in. Plus earn Facebook Gold* on your good days – assuming some sort of social currency takes off and becomes a common way to pay. *FB Gold isn’t the correct currency for Zygna games and others but you get the idea.

I may not have that 100% correct but you can understand the general theory behind the service.

Would I want to be sharing the intimate details of my life with everyone?

That of course is the question to ask. For many people younger than myself that may well already be widely acceptable, especially if you follow the discussion around modern privacy expectations.

The idea isn’t new in the health industry either where one British insurer rewarded policy holders for gym attendance and healthy lifestyles with cheaper insurance premiums. But do we want to be exposing every aspect of our lives online for pats on the back from our Facebook friends and surveillance by companies who may not always have the best of intentions?