-----
This weekly blog is to explore the news around the larger issues around Digital Health, data security, data privacy, AI / ML. technology, social media and any related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board were dated 6 December, 2018 and we have seen none since! It’s pretty sad!
Note: Appearance here is not to suggest I see any credibility or value in what follows. I will leave it to the reader to decide what is worthwhile and what is not! The point is to let people know what is being said / published that I have come upon, and found interesting.
-----
Big parties are watching you – and your data
12:00AM October 1, 2022
Both major parties are pouring scorn on Optus for its customer-data breach, rightly so. If reports are accurate that the company’s defences weren’t up to scratch, that’s simply not good enough.
We are also hearing calls for Privacy Act reforms to better protect citizens whose personal information is retained by businesses. There’s a growing clamour as politicians share their anger and concern over what has happened.
But are these politicians hypocrites? Yes, they absolutely are.
Major political parties operate sophisticated voter-tracking software without the consent of voters and their databases contain enormous amounts of personal information about all of us. Every major-party member of parliament has voter-tracking software operating in their office and they won’t let you see it even if you ask.
Labor’s database is named Campaign Central (previously Electrac), the Coalition’s database is named Feedback. Political parties get automatic electronic access to the electoral roll, with monthly updates also freely provided by the Australian Electoral Commission.
Basic information these party databases have includes our name, date of birth, address and, for many of us, a lot more. Parties seek to harvest as much information about us as they can, with the aim of using such details to better target campaigning to win our votes.
-----
Fake image AI bots have been let loose on the world
By Will Pavia
The Times
5:28PM October 1, 2022
Ever since mobile phones were fitted with cameras, anyone making an outlandish claim about a fish they had caught or the crowd size at their presidential inauguration would be met with a chorus of sceptics, demanding photographic proof with the phrase: “Pic or it didn’t happen”.
This week, however, the process of proving anything at all became a lot more complicated, with the launch of text-to-image services that generate artificial photographs, or even a video, in response to a few descriptive words punched into a text box.
On Wednesday, a San Francisco laboratory called Open Ai released Dall-E, a programme powered by AI. The following day, Google announced its own 3D image generator and Meta, the parent company of Facebook, offered a programme that could produce a few seconds of fake video.
The services, alongside two rival text-to-image generators launched in July and August, are expected to flood the internet with fake images. There are fears they could supercharge the spread of fake news.
-----
https://www.innovationaus.com/model-facial-recognition-law-would-ban-high-risk-use-in-australia/
Model facial recognition law would ban high-risk use in Australia
Joseph
Brookes
Senior Reporter
27 September 2022
Australia urgently needs dedicated facial recognition laws to stop the current slide towards a surveillance state and reduce the serious risk of error in high stakes applications like policing, according to new analysis.
The report from the University of Technology Sydney is calling for the Attorney General’s Department to adopt a model law for facial recognition technology (FRT) that would see a regulator develop technical standards, oversee mandatory human rights risk assessments, and provide advice to developers, deployers and affected individuals.
Both the regulator and an individual affected by an FRT developer or user would have review rights with determinations possible.
It would be a marked shift in Australia, where no dedicated FRT law exists. The current limited regulation of FRT comes from a mix of privacy and anti-discrimination laws, and some state-level human-rights laws.
-----
https://www.innovationaus.com/a-mygov-makeover-this-pig-will-need-more-than-lipstick/
A myGov makeover? This pig will need more than lipstick
Glenn
Archer
Contributor
29 September 2022
Just over a week ago, I upgraded my three-year-old iPhone to a shiny new model. It was a pretty smooth experience until I went to use the myGovID app so that I could, as you might expect, log into myGov.
While I anticipated that it might be necessary to reauthenticate myself/phone to the app, I never dreamed I’d need to also redo my biometric, scan my passport and enter my Medicare card number. This was hardly the user-centered experience I was led to believe was to be the future.
Not so much the promise of “set up once and use it again and again”, and more like “set up again and again…”.
The myGovID is the digital identity that is the key to the portal that is myGov. It will progressively take the place of the myGov account sign-in using username and password. However, the experience of having to reverify my identity to my iPhone was just my most recent of several examples of myGov failing to meet one of its most basic criteria – that being ease of use.
-----
https://www.croakey.org/beyond-optus-sounding-the-alarm-about-another-critical-data-hack/
Beyond Optus: sounding the alarm about another critical data hack
Introduction by Croakey: A delay by Optus in informing the Federal Government that people’s Medicare details are part of a massive data breach has been described by Federal Health and Aged Care Minister Mark Butler as “deeply unfortunate”.
He told ABC radio this morning that the Government was “particularly concerned that we were not notified earlier and consumers were not notified earlier about the breach of Medicare data as well”.
“All the resources of government are going into protecting consumers in the face of this extraordinary breach of their personal data,” he said.
Meanwhile, Adjunct Professor George Newhouse and Duncan Fine, two of the founders and directors of the National Justice Project, are concerned that far less attention has been paid to a data breach earlier this year affecting NDIS participants – many of whom still have not been notified.
Now is the time, they say, for the Albanese Government to address our “weak and hopelessly out-of-date” privacy laws.
George Newhouse and Duncan Fine write:
As many Optus customers are finding out to their horror this week, we are coming to grips with our modern globally connected world where personal information can be stolen and fall into the wrong hands.
While the Optus case deserves blanket media coverage, spare a thought for the victims of a more serious but less reported data hack.
Recently, thousands of Australians living with a disability had their extremely sensitive and personal information (including health details) accessed and stolen after a cloud-based server of a private company was hacked.
The company, known as CTARS, is a cloud-based client management system for the NDIS which is used by out of home care services. In May 2022, CTARS became aware of the data breach. An unauthorised third party had gained access to their systems and claimed to have taken a significant volume of data.
-----
The changing role of leaders in digital health: Positioning CNMIO’s for success
Sep 26, 2022 | Aged care, Community Chats, Community of Practice, Data, Digital Health, eHealth, Innovation, Nursing & Midwifery Informatics
Dr Helen Almond FAIDH
Senior Lecturer, Australian Institute of Health Service Management, College of Business and Economics (COBE), University of Tasmania
For more than 25 years, the informaticist role has been steadily evolving and growing in importance. Healthcare organisations have undergone significant change in recent years, including the need to incorporate an increasing range of technological advances into their day-to-day operations.
Without a doubt, innovations such as clinical information system digitalisation, population health, big data, and precision medicine are reshaping the current health and care landscape (Ellis, 2018). These advancements are also changing the role of chief information officers (CIOs); those individuals in charge of ensuring the safe and secure implementation of technology in the workplace and must adapt to new demands and challenges posed by the health and care workforce and users. The majority of large healthcare organisations have finished implementing electronic medical records (EMRs). The next challenge for CIOs and their immediate teams is to ensure that EMRs are fully utilised (Ellis, 2018).
CNMIOs (chief nursing and midwifery information officers) provide expert clinical leadership as well as a critical link between digital health and organisational change. However, because of the CNMIO’s reliance on data, the CNMIO must be wary of documentation overload. The amount of information that the nursing and midwifery workforce is required to document has grown exponentially since the implementation of EMRs. The CNMIO should determine and advocate for the bare minimum of documentation required to reduce paperwork while ensuring safety and quality and meeting regulatory and accreditation requirements (Parsi, 2020).
-----
First question in the telco hack: Why did Optus have so much of our data?
10:00PM September 30, 2022
Questions over the tragic Optus data theft start with just why the phone company had and kept so much of our data in the first place.
Data is a valuable asset and maybe now people realise what can go wrong when their own data is kept by someone, perhaps they might question next time a company wants their information and certainly will better understand the value of data.
In the case of the digital platforms like Google, Meta and Apple the reason why they want your data is simple — to drive advertising revenue and product development — but in their case often they are collecting the data without you even knowing about it.
Most people are either oblivious or don’t care, but this should change post Optus.
Amid Treasurer Jim Chalmers’ preparation for his October 25 budget, on Friday he received the ACCC’s recommendations on just what sort of regulatory changes are needed to control the digital platforms.
-----
How much would Optus pay to replace everyone’s ID?
By Tim Biggs
September 30, 2022 — 3.56pm
With millions of identity documents exposed in Optus’ data breach, many Australians now need to replace their cards and passports to make sure they can’t be used by criminals for fraud and theft.
And with the Prime Minister confirming on Friday that Optus, and not taxpayers, would foot the bill for at least the new passports, just how big a bill could Optus end up with to clean up the mess?
Estimating these numbers requires a healthy dose of assumptions and guesswork, given the lack of solid details on what data was stolen. It’s believed up to 9.8 million Australians had their personal data compromised in the breach, but only 3 million or so had identity documents like passports or drivers licences exposed, and 37,000 Medicare numbers.
It’s impossible to tell at this point how many individual documents Optus would have to pay to replace, especially given some people would have only had a passport or a licence exposed and not both, and some of the data will likely be out of date. But let’s assume an extreme outcome where the telco had to pay to replace 3 million passports, 3 million drivers licences and 15,000 Medicare cards (22,000 of the exposed numbers were expired).
-----
How Australia responded rapidly to Optus breach
12:00AM October 1, 2022
It was late on Wednesday, September 21, when a message pinged into the Australian Signals Directorate.
The shadowy organisation, first formed to crack Japanese radio messages in World War II but now the Australian government’s frontline cyber security agency, runs a 24/7 “watch operations centre’’ in Canberra scanning for cyber attacks.
The message to the watch centre that night was from telecommunications company Optus, reporting it had been the victim of a cyber attack.
A cyber intruder, apparently calling themselves Optusdata, had got into the telco’s database and stolen the personal information of almost 10 million current and former customers, about 40 per cent of the Australian population.
-----
Optus hack shows Albo-dextrous PM can make the right calls
Political and international editor
October 1, 2022 — 5.00am
Optus first made contact with the federal government’s cyber protection agency on Wednesday last week to report a large-scale data theft. But it said it was not a live attack. The company told the Australian Cyber Security Centre that it had already closed the open “window” that the thief had climbed through.
That window was a piece of software that allows two different computer systems connected through the internet to talk to each other, called an application programming interface. It was clear from the outset that this was a straightforward breach.
So when Optus claimed publicly that it was a “sophisticated attack” that had penetrated layers of encryption, the government’s experts privately were aghast. Independent experts scoffed publicly at the Optus claim; some argued that it wasn’t even a hack, more like shoplifting unprotected goods than safe-breaking.
It was just the beginning of the frustration that led the Minister for Cybersecurity, Clare O’Neil, to declare this week that the government was “incredibly angry” with Optus.
As the breadth and depth of the breach started to emerge, the case quickly was handed to the elite cyberwarriors in the centre’s parent agency, the Australian Signals Directorate.
-----
Preparing the world for a robot apocalypse
By Rhys Blakely
The Times
6:42AM September 30, 2022
Hollywood screenwriters have often imagined humanity being wiped out by an evil super-intelligent machine.
A survey suggests scientists regard such a scenario as entirely plausible, with a third of researchers in artificial intelligence believing it could cause a disaster akin to a nuclear apocalypse.
The research, by a team at New York University, enrolled 327 scientists who had recently published AI research. Thirty-six per cent of them agreed it was “plausible that decisions made by AI or machine-learning systems could cause a catastrophe this century that is at least as bad as an all-out nuclear war”.
Seventy-three per cent said AI could lead to societal changes on the scale of the Industrial Revolution, while 61 per cent said private companies had too much influence on the field.
Both tyrants and tycoons have acknowledged the role AI promises to play in geopolitics. Russian President Vladimir Putin said in 2017 that “whoever becomes the leader in this sphere will become the ruler of the world”.
-----
Experts have two theories on how Optus’ data was breached
By Carla Jaeger
September 28, 2022 — 4.13pm
Key points
- The details of almost 10 million Australians were compromised in the Optus breach, including financial identification and personal information.
- While there has been no concrete explanation to how the Optus data breach occurred, somehow the hacker managed to access the data without encryption.
- Experts warn that without scrupulous management of the methods used to encrypt and protect data, even encrypted information is at risk of breaches.
As Optus weathers the fallout from the damaging data breach that exposed the personal details of 9.8 million customers, questions have been raised about how protected the data was to begin with.
So, how do companies protect the information of their customers?
Let’s start with the basics: Personally identifiable information, or PII, refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.
When any sensitive data is stored digitally, it has become common practice to encrypt that information.
-----
https://www.afr.com/technology/not-feasible-to-crack-properly-encrypted-data-20220927-p5blda
‘Not feasible’ to crack properly encrypted data
John Davidson Columnist
Sep 27, 2022 – 3.41pm
It was not feasible that the Optus customer information at the centre of one of the biggest data breaches in Australian history was encrypted, and that hackers cracked the encryption, a leading cryptography expert said.
Even the most standard modern encryption simply could not be broken, meaning the data cannot have been encrypted when it was accessed by the cybercriminals, said Vanessa Teague, an adjunct associate professor at the Australian National University who specialises in the use of cryptography to replace the types of identity databases that the Optus attackers accessed.
Or, if the data was encrypted, Optus must have accidentally revealed the normally secret “private key” that was protecting the data from being unlocked, she said.
On Tuesday afternoon, a person claiming to be the Optus intruder said he or she had now deleted all the data, having revealed the unencrypted personal details of 10,200 Optus and former Optus customers.
-----
Scott Morrison to front Robodebt inquiry
8:12PM September 27, 2022
Former prime minister Scott Morrison and his ex-ministerial colleagues Alan Tudge, Stuart Robert and Christian Porter are expected to be called to give evidence to the Robodebt Royal Commission as it seeks to understand why the discredited debt recovery scheme was allowed to continue for years after concerns were first raised.
In her opening address on Tuesday, commissioner Catherine Holmes said the flawed system of debt recovery used by the Department of Human Services from 2015 to 2019 against hundreds of thousands of benefit recipients was well understood after numerous inquiries, but little had been revealed about how the government responded “behind the scenes” to criticisms of its operation.
“Many people at different levels of government will be asked to give an account of their role in the devising, implementation and continuing of the Robodebt Scheme, but the focus, appropriately … will be on those in senior positions who had oversight of it,” Ms Holmes said.
Government Services Minister Bill Shorten says the Robodebt Royal Commission is being called because the… previous government “broke the law” for four and a half years. “This Royal Commission isn’t being called because someone doesn’t like someone,” he said. “This Royal Commission is being called because nearly 400,000.
-----
‘Too many eyes’: Optus hacker deletes data, apologises to customers
September 27, 2022
The hacker purportedly behind the massive Optus data breach has seemingly deleted the stolen data and apologised to Optus customers, declaring “we will not sale data to anyone [sic].”
The user ‘Optusdata’ has removed their original post, on a popular online data breach forum, which called for Optus to pay a $US1m cyber ransom within seven days.
“Too many eyes. We will not sale data to anyone. We cant [sic] if we even want to: personally deleted data from drive (Only copy),” the user wrote on Tuesday. “Sorry too [sic] 10,200 Australian whos data was leaked.
“Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you.
“Deepest apology to Optus for this. Hope all goes well from this
“Optus if your [sic] reading we would have reported exploit if you had method to contact. No security mail, no bug bountys [sic], no way too [sic] message.
-----
Targets of Robodebt royal commission revealed
The top officials who were in charge when the unlawful Robodebt scheme was in place will be the focus of a new royal commission.
September 27, 2022 - 10:53AM
The Robodebt royal commission will focus on the actions of senior decision makers, the senior counsel assisting said on Tuesday as the inquiry kicked off in Brisbane.
Prime Minister Anthony Albanese promised during the most recent election campaign that he would establish the royal commission if elected.
“The letters patent direct the commissioner to inquire into the specific factual matters which are set out with a focus on the decisions and actions taken or not taken by those in positions of seniority,” senior counsel assisting Justin Greggery said in his opening statement.
“The factual inquiry with its focus upon the role played by those in positions of seniority will be the basis upon which the commission makes recommendations it considers appropriate.
-----
How to protect yourself from inevitable Optus-style hacks
By Tim Biggs
September 27, 2022 — 11.37am
Data breaches like the one affecting Optus customers prove that there’s no guaranteed way to keep your data safe. You can be as vigilant as you like, but you still have to give over your details to prove who you are and one day that data may end up in the hands of crooks.
But whether you’ve been affected by the latest breach or not, there are still things you should know to keep yourself, your accounts and your credit as safe as you can.
Why do telcos keep this much data about their customers?
Australia law requires that telcos retain certain information for at least two years after collection, and this includes details used for identification purposes. That means that if you provide a piece of data for the purposes of proving your identity to a telco, it will be retained for two years or potentially longer. This does not include passwords, PINs or answers to secret questions, but it does include addresses, passport numbers and driver’s license details.
What happens if this data ends up in the hands of criminals?
While a single piece of identity data on its own may not be much use to criminals, having a matching set of various data can be exploited for identity theft, SIM jacking or breaking into online accounts. A criminal with access to your name, date of birth and several identifying documents for example could apply for credit in your name and spend up big while the bill goes to you.
-----
What Optus customers should do now to protect security after data breach
8:35AM September 26, 2022
Optus customers are being urged to ‘be vigilant’ and keep a close eye on their online accounts, according to CEO Kelly Bayer Rosmarin, who has fronted the media a day after revealing a massive cyber attack affecting up to nine million customers nationally.
Ms Bayer Rosmarin said customers should have heightened awareness and look out for any suspicious or unexpected activity across online accounts and bank accounts. Most affected customers were yet to be contacted when the hack was first revealed, but have been in the days since.
“Unfortunately, because this is not the most vulnerable information like financial detail and passwords, we don’t have a simple message of ‘just change your password’,” Ms Bayer Rosmarin told reporters at an online press conference last week.
“Really what customers can do is just be vigilant. If they receive a notification that a password has been changed on one of their online services or their bank, and they did not initiate that, then assume that they need to report that and get on top of it straightaway.
-----
https://insightplus.mja.com.au/2022/37/genomic-testing-and-medico-legal-risk/
Genomic testing and medico-legal risk
Rocky Ruperto Sally Parsons
INTEGRATING genomics into mainstream health care has many benefits, but also presents challenges. One challenge is ensuring that doctors and patients can safely and sustainably benefit from genomic medicine without increased medico-legal risk.
While the number of legal cases in Australia is still relatively small, this moment in time represents an opportunity to develop tools, training and support so doctors and their patients can safely and sustainably benefit from the advancing capabilities without increased medico-legal risk.
Over the past 2 years, we have been exploring the practical and medico-legal risks associated with genomic medicine, particularly in the context of antenatal care. Through our work, we identified that informed consent to test and workforce and funding issues are significant barriers to more effective use of genomics in health care. What we are seeing and how these medico-legal risks can be addressed through tools, training and support are explored below.
Informed consent to test
At the centre of consultations involving genomic medicine are individuals and families grappling with complex and often life-altering decisions. Many people need support both to understand the issues involved and to deal with the consequences of their decisions.
-----
David.