Placeholder Content Image

Why do organisations still struggle to protect our data? We asked 50 professionals on the privacy front line

<p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p>More of our personal data is now collected and stored online than ever before in history. The rise of data breaches should unsettle us all.</p> <p>At an individual level, data breaches can compromise our privacy, cause harm to our finances and mental health, and even enable identity theft.</p> <p>For organisations, the repercussions can be equally severe, often resulting in major financial losses and brand damage.</p> <p>Despite the increasing importance of protecting our personal information, doing so remains fraught with challenges.</p> <p>As part of a <a href="http://www.doi.org/10.25910/psq3-q365">comprehensive study</a> of data breach notification practices, we interviewed 50 senior personnel working in information security and privacy. Here’s what they told us about the multifaceted challenges they face.</p> <h2>What does the law actually say?</h2> <p>Data breaches occur whenever personal information is accessed or disclosed without authorisation, or even lost altogether. <a href="https://www.abc.net.au/news/2024-06-20/optus-hack/104002682">Optus</a>, <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">Medibank</a> and <a href="https://www.afr.com/technology/canva-criticised-after-data-breach-exposed-139m-user-details-20190526-p51r8i">Canva</a> have all experienced high-profile incidents in recent years.</p> <p>Under Australia’s <a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/">privacy laws</a>, organisations aren’t allowed to sweep major cyber attacks under the rug.</p> <p>They have to notify both the regulator – the Office of the Australian Information Commissioner (OAIC) – and any affected individuals of breaches that are likely to result in “<a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/#:%7E:text=Whether%20access%20or%20disclosure%20would%20be%20likely%2C%20or%20would%20not%20be%20likely%2C%20to%20result%20in%20serious%20harm%2D%2Drelevant%20matters%20%C2%A0">serious harm</a>”.</p> <p>But according to the organisational leaders we interviewed, this poses a tricky question. How do you define serious harm?</p> <p>Interpretations of what “serious harm” actually means – and how likely it is to occur – vary significantly. This inconsistency can make it impossible to predict the specific impact of a data breach on an individual.</p> <p>Victims of domestic violence, for example, may be at increased risk when personal information is exposed, creating harms that are difficult to foresee or mitigate.</p> <h2>Enforcing the rules</h2> <p>Interviewees also had concerns about how well the regulator could provide guidance and enforce data protection measures.</p> <p>Many expressed a belief the OAIC is underfunded and lacks the authority to impose and enforce fines properly. The consensus was that the challenge of protecting our data has now outgrown the power and resources of the regulator.</p> <p>As one chief information security officer at a publicly listed company put it:</p> <blockquote> <p>What’s the point of having speeding signs and cameras if you don’t give anyone a ticket?</p> </blockquote> <p>A lack of enforcement can undermine the incentive for organisations to invest in robust data protection.</p> <h2>Only the tip of the iceberg</h2> <p>Data breaches are also underreported, particularly in the corporate sector.</p> <p>One senior cybersecurity consultant from a major multinational company told us there is a strong incentive for companies to minimise or cover up breaches, to avoid embarrassment.</p> <p>This culture means many breaches that should be reported simply aren’t. One senior public servant estimated only about 10% of reportable breaches end up actually being disclosed.</p> <p>Without this basic transparency, the regulator and affected individuals can’t take necessary steps to protect themselves.</p> <h2>Third-party breaches</h2> <p>Sometimes, when we give our personal information to one organisation, it can end up in the hands of another one we might not expect. This is because key tasks – especially managing databases – are often outsourced to third parties.</p> <p>Outsourcing tasks might be a more efficient option for an organisation, but it can make protecting personal data even more complicated.</p> <p>Interviewees told us breaches were more likely when engaging third-party providers, because it limited the control they had over security measures.</p> <p>Between July and December 2023 in Australia, there was an increase of <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2023">more than 300%</a> in third-party data breaches compared to the six months prior.</p> <p>There have been some highly publicised examples.</p> <p>In May this year, many Clubs NSW customers had their personal information potentially <a href="https://www.rimpa.com.au/resource/more-than-a-million-australian-data-records-potentially-exposed-in-nsw-club-and-pub-data-breach.html#:%7E:text=Outabox%2C%20the%20IT%20services%20provider,and%20has%20notified%20law%20enforcement">breached</a> through an attack on third-party software provider Outabox.</p> <p>Bunnings suffered a <a href="https://australiancybersecuritymagazine.com.au/bunnings-customer-data-compromised/">similar breach</a> in late 2021, via an attack on scheduling software provider FlexBooker.</p> <h2>Getting the basics right</h2> <p>Some organisations are still struggling with the basics. Our research found many data breaches occur because outdated or “legacy” data systems are still in use.</p> <p>These systems are old or inactive databases, often containing huge amounts of personal information about all the individuals who’ve previously interacted with them.</p> <p>Organisations tend to hold onto personal data longer than is legally required. This can come down to confusion about data-retention requirements, but also the high cost and complexity of safely decommissioning old systems.</p> <p>One chief privacy officer of a large financial services institution told us:</p> <blockquote> <p>In an organisation like ours where we have over 2,000 legacy systems […] the systems don’t speak to each other. They don’t come with big red delete buttons.</p> </blockquote> <p>Other interviewees flagged that risky data testing practices are widespread.</p> <p>Software developers and tech teams often use “production data” – real customer data – to test new products. This is often quicker and cheaper than creating test datasets.</p> <p>However, this practice exposes real customer information to insecure testing environments, making it more vulnerable. A senior cybersecurity specialist told us:</p> <blockquote> <p>I’ve seen it so much in every industry […] It’s literally live, real information going into systems that are not live and real and have low security.</p> </blockquote> <h2>What needs to be done?</h2> <p>Drawing insights from professionals at the coalface, our study highlights just how complex data protection has become in Australia, and how quickly the landscape is evolving.</p> <p>Addressing these issues will require a multi-pronged approach, including clearer legislative guidelines, better enforcement, greater transparency and robust security practices for the use of third-party providers.</p> <p>As the digital world continues to evolve, so too must our strategies for protecting ourselves and our data.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/236681/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, Professor, Head of the Discipline of Accounting, Governance and Regulation, University of Sydney Business School, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, Researcher, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, Associate professor, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p><em>Image credits: Shutterstock </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/why-do-organisations-still-struggle-to-protect-our-data-we-asked-50-professionals-on-the-privacy-front-line-236681">original article</a>.</em></p>

Legal

Placeholder Content Image

New Zealand's most trusted brands revealed for 2023

<p>When it comes to big brands, there are certain names that New Zealanders go back to time and time again for their reliability and trustworthy reputations. </p> <p>This year, according to recent data collated by <a href="https://www.trustedbrands.co.nz" target="_blank" rel="noopener">Reader's Digest</a>, consumers are interacting differently with big name brands after recovering from the pandemic, but now being faced with the cost of living crisis.</p> <p>The survey, now in its 24th year, was carried out by independent market research company Catalyst Consultancy &amp; Research and asked thousands of consumers of a mixed demographic to name the brands they trusted across more than 70 categories. </p> <p>The data suggests that our most trusted brands have "not only changed the way they interact with us during the past three years of the pandemic", but current "cost-of-living pressures mean the most successful organisations are making even further refinements".</p> <p>"With inflation putting price pressure on everyone at the moment, trust remains a hard-earned and vitally important commodity," Reader's Digest Australia Editor-in-Chief Louise Waterson said. </p> <p>"Many leading companies are rebranding their image, or reshaping their services, to hold on to existing customers and seek out new ones."</p> <p><em><strong>Check out the list below of New Zealand's top 20 most trusted brands, and <a href="https://www.trustedbrands.co.nz/" target="_blank" rel="noopener">head here for the full 2023 results</a>.</strong></em></p> <p>20. Huntley &amp; Palmers</p> <p>19. Weber</p> <p>18. Yates</p> <p>17. Sleepyhead</p> <p>16. Dilmah</p> <p>15. Fisher &amp; Paykel</p> <p>14. Panadol</p> <p>13. Arnott's</p> <p>12. Anchor</p> <p>11. Dettol</p> <p>10. CookieTime</p> <p>9. Mainland</p> <p>8. Samsung</p> <p>7. TipTop</p> <p>6. Toyota</p> <p>5. Resene</p> <p>4. Canon</p> <p>3. Mitre 10</p> <p>2. Hato Hone St John</p> <p>1. Whittaker's</p> <p><em>Image credits: Trusted Brands</em></p>

News

Placeholder Content Image

Can big data really predict what makes a song popular?

<p>Music is part of our lives in different ways. We listen to it on our commutes and it resounds through shopping centres. Some of us seek live music at concerts, festivals and shows or rely on music to set the tone and mood of our days.</p> <p>While we might understand the genres or songs we appreciate, it’s not clear precisely why a certain song is more appealing or popular. Perhaps the lyrics speak to an experience? Perhaps the energy makes it appealing? These questions are important to answer for music industry professionals, and <a href="https://theconversation.com/how-data-is-transforming-the-music-industry-70940">analyzing data</a> is a key part of this.</p> <p>At Carleton University, a group of data science researchers sought to answer the question: “What descriptive features of a song make it popular on music/online platforms?”</p> <h2>Revenue in the music industry</h2> <p>Revenue in the music industry <a href="https://doi.org/10.1509/jm.14.0473">is derived from two sources that are affected by different factors: live music and recorded music</a>. During the pandemic, although live music income dropped due to the cancellation of in-person performances, the <a href="https://doi.org/10.1371/journal.pone.0267640">income from streaming</a> rose.</p> <p>As digital platforms like Spotify and TikTok have grown, <a href="https://doi.org/10.5753/sbcm.2019.10436">the majority of music revenue has come to be contributed by digital media, mostly music streaming</a>. How and whether this <a href="https://theconversation.com/artists-spotify-criticisms-point-to-larger-ways-musicians-lose-with-streaming-heres-3-changes-to-help-in-canada-176526">revenue reaches singers and songwriters at large</a> is another matter. </p> <h2>Popularity on digital platforms</h2> <p>The popularity of a song on digital platforms is considered a measure of the revenue the song may generate.</p> <p>As such, producers seek to answer questions like “<a href="https://doi.org/10.1098/rsos.171274">How can we make the song more popular?</a>” and “<a href="https://doi.org/10.1109/ICMLA.2019.00149">What are the characteristics of songs that make it the top charts?</a>” </p> <p>With collaborators <a href="https://www.linkedin.com/in/laura-colley/">Laura Colley</a>, <a href="https://www.linkedin.com/in/andrew-dybka/">Andrew Dybka</a>, Adam Gauthier, Jacob Laboissonniere, Alexandre Mougeot and Nayeeb Mowla, we produced a systematic study that collected data from YouTube, Twitter, TikTok, Spotify and Billboard (<a href="https://www.billboard.com/charts/hot-100">Billboard Hot-100</a>, sometimes also denoted by data researchers as “<a href="https://data.world/bigml/association-discovery">Billboard hot top</a>” or in our work and others’ work, “Billboard Top-100”).</p> <p>We linked the datasets from the different platforms with Spotify’s acoustic descriptive metric or “descriptive features” for songs. These features have been derived <a href="https://www.billboard.com/music/music-news/echo-nest-columbia-university-launch-million-song-dataset-1178990/">from a dataset which yielded categories for measuring and analyzing qualities of songs</a>. Spotify’s <a href="https://www.theguardian.com/technology/2014/mar/06/spotify-echo-nest-streaming-music-deal">metrics capture</a> <a href="https://doi.org/10.1098/rsos.171274">descriptive features such as</a>acousticness, energy, danceability and instrumentalness (the collection of instruments and voices in a given piece). </p> <p>We sought to find trends and analyze the relationship between songs’ descriptive features and their popularity.</p> <p>The rankings on the weekly <a href="https://www.billboard.com/charts/hot-100/">Billboard Hot-100</a> are based on sales, online streams and radio plays in the United States.</p> <p>The analysis we performed by looking at Spotify and Billboard revealed insights that are useful for the music industry.</p> <h2>What predicts a Billboard hit?</h2> <p>To perform <a href="https://ieeexplore.ieee.org/document/9842568">this study</a>, we used two different data sets pertaining to songs that <a href="https://www.npr.org/sections/therecord/2013/08/16/207879695/how-the-hot-100-became-americas-hit-barometer">were Billboard hits</a> <a href="https://data.world/kcmillersean/billboard-hot-100-1958-2017">from the early 1940s to 2020</a> and Spotify data related to over 600,000 tracks and over one million artists.</p> <p>Interestingly, we found no substantial correlations between the number of weeks a song remained on the charts, as a measure of popularity, and the acoustic features included in the study.</p> <p>Our analysis determined that newer songs tend to last longer on the charts and that a song’s popularity affects how long it stays on the charts. </p> <p>In a related study, researchers collected data for Billboard’s Hot 100 from 1958 to 2013 and found that <a href="https://doi.org/10.1007/978-3-319-13734-6_36">songs with a higher tempo and danceability often get a higher peak position on the Billboard charts</a>. </p> <h2>Predicting Spotify song popularity</h2> <p>We also used the songs’ features to generate machine learning models to predict Spotify song popularity. Preliminary results concluded that features are not linearly correlated, with some expected exceptions including songs’ energy. </p> <p>This indicated that the Spotify metrics we studied — including acousticness, danceability, duration, energy, explicitness, instrumentalness, liveness, speechiness (a measure of the presence of spoken words in a song), tempo and release year — were not strong predictors of the song’s popularity.</p> <p>The majority of songs in the Spotify dataset were not listed as explicit, tended to have low instrumentalness and speechiness, and were typically recent songs. </p> <p>Although one may think that some features that are innate to certain songs make them more popular, our study revealed that popularity can not be attributed solely to quantifiable acoustic elements. </p> <p>This means that song makers and consumers must consider other contextual factors beyond the musical features, as captured by Spotify’s measurables, that may contribute to the song’s success. </p> <h2>Elements affecting popularity shift</h2> <p>Our study reinforces that elements affecting the popularity of songs change over time and should be continuously explored. </p> <p>For example, <a href="https://doi.org/10.1098%2Frsos.171274">in songs produced between 1985 and 2015 in the United Kingdom, songs produced by female artists were more successful</a>.</p> <p>Other aspects may substantially contribute to the success of a song. Data scientists have proposed <a href="https://doi.org/10.1371/journal.pone.0244576">simplicity of the lyrics</a>, the advertising and <a href="https://www.ipr.edu/blogs/audio-production/what-are-the-elements-of-popular-music/">distribution plans</a> as potential predictors of songs’ popularity.</p> <h2>Attached listeners</h2> <p>Many musicians and producers make use of popular events and marketing strategies to advertise songs. Such events create social engagements and <a href="https://doi.org/10.3389/fpsyg.2018.02682">audience involvement</a> which attaches the listener to the song being performed. </p> <p>For the public, <a href="https://www.osheaga.com/en">live music events</a>, following long lockdowns, have been opportune for reuniting friends, and <a href="https://ottawabluesfest.ca/">enjoying live artistry and</a> entertainment.</p> <p>While attending a music event or listening to a song, we invite you to reflect on what it is about the song that makes you enjoy it.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This arctic originally appeared on <a href="https://theconversation.com/can-big-data-really-predict-what-makes-a-song-popular-189052" target="_blank" rel="noopener">The Conversation</a>. </em></p>

Music

Placeholder Content Image

“Have a second phone”: Aussie spy chief’s warning on social media use

<p dir="ltr">MPs have been urged to use a second phone if they want to access social media apps such as TikTok, after one of Australia’s top spy bosses spoke about how these apps use our personal information.</p> <p dir="ltr">Rachel Noble, the Director-General of the Australian Signals Directorate (ASD), recommended that politicians and their staff should adopt the practice during a Senate estimates hearing.</p> <p dir="ltr">She also said that having a phone without access to social media was the only way to have “absolute certainty” of data privacy.</p> <p dir="ltr">“Our advice was, frankly, for people who are members of parliament who might be particularly targets of espionage … that if you wanted absolute certainty that your social media app couldn’t have access to those things … would be to have a second phone which you exclusively use for that,” Ms Noble said.</p> <p dir="ltr">The warning comes after it was reported earlier this year that the ASD had confidential meetings with politicians and their staff to warn them that some apps undertake excessive data collection and request access to contact lists, location data and photos.</p> <p dir="ltr">Last year, the Department of Home Affairs restricted TikTok use on work phones, joining the Department of Defence in doing so.</p> <p dir="ltr">During the hearing, Ms Noble said that in some cases social media apps were collecting additional information extending “beyond the content of messages, videos and voice recordings”.</p> <p dir="ltr">“Social media apps are monetising what you do on your phone, what you access, what you look at for how long, who your friends are – they will seek to get demographics of your friends in order to push you the information and get you to buy things,” she said.</p> <p dir="ltr">With some apps headquartered outside Australia, such as China, Ms Noble said the information collected could be accessed legally or be subject to covert collection.</p> <p dir="ltr">Sectors of the Australian public service aren’t the only ones restricting use of social media apps on work phones, with parliaments in the United States and New Zealand warning against using TikTok on government devices.</p> <p><span id="docs-internal-guid-4a365f66-7fff-12a0-c84b-6e36f0ce1003"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

7 tricks to use less phone data – and lower your phone bill

<p><strong>Turn off background app refresh</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/01-background-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When this feature is enabled, your apps are constantly refreshing so that they can show you the most recent content when opened. This includes email synching, weather widgets updating, and feeds refreshing. For the iPhone: Turn off the background app refresh by going to Settings &gt; General &gt; Background App Refresh. For Android: Go to Settings &gt; Data Usage &gt; Restrict app background data. This will allow you to turn the feature off for all apps or you can pick and choose which ones you want to turn off.</p> <p><strong>Disable apps that use a lot of data</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/02-disable-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>There are certain apps that use more data than others, whether you use them frequently or not. For ones that you don’t use often, turn off cellular data. For the iPhone: Go to Settings &gt; Cellular &gt; then under “Use Cellular Data For” switch certain apps to off.</p> <p><strong>Turn off app updates</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/03-updates-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>If your apps update automatically your phone will start the download whether you are connected to Wi-Fi or not. To turn this off on an iPhone, go to Settings &gt; iTunes &amp; App Stores &gt; turn off Use Cellular Data. For an Android, go to Settings &gt; under General click Auto-update apps &gt; Auto-update apps over Wi-Fi only. Then, your apps will only update when you are connected to Wi-Fi.</p> <p><strong>Turn off Wi-Fi assist</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/04-wifi-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>Wi-Fi assist automatically uses your cellular data when the Wi-Fi signal is poor. To disable Wi-Fi assist for an iPhone go to Settings &gt; Cellular &gt; turn off Wi-Fi Assist.</p> <p><strong>Turn off iCloud drive</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/05-icloud-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>When iCloud is enabled it is constantly moving documents in and out of the cloud. Use less cell phone data by turning iCloud off. To do this on the iPhone got to Settings &gt; iCloud &gt; turn off iCloud Drive.</p> <p><strong>Download music</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/06-download-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When you are on the go, streaming music, podcasts, or videos can really eat away at your data. Both the iPhone and Android phones let you restrict these apps to Wi-Fi only. Turning this setting on will force you to download them when connected to a Wi-Fi network and then allow for data free listening on the move.</p> <p><strong>Turn off cellular data completely</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/07-turn-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>If you know that you are about to reach you data limit or are saving it for the road trip you have coming up, you can simply turn off cellular data. This way, no data will be used, and certain apps will only work if you are connected to a Wi-Fi network.</p> <p><em>Written by M</em><em>organ Cutolo</em><em>. This article first appeared in <a href="https://www.readersdigest.co.nz/culture/7-tricks-to-use-less-phone-data-and-lower-your-phone-bill" target="_blank" rel="noopener">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a href="http://readersdigest.innovations.co.nz/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA87V" target="_blank" rel="noopener">here’s our best subscription offer.</a></em></p> <p><em>Images: </em><em>NICOLE FORNABAIO/RD.COM</em></p>

Technology

Placeholder Content Image

Even if TikTok and other apps are collecting your data, what are the actual consequences?

<p>By now, most of us are aware social media companies collect vast amounts of our information. By doing this, they can target us with ads and monetise our attention. The latest chapter in the data-privacy debate concerns one of the world’s most popular apps among young people – TikTok.</p> <p>Yet anecdotally it seems the potential risks aren’t really something young people care about. Some were <a href="https://twitter.com/theprojecttv/status/1548962230741487617">interviewed</a> by The Project this week regarding the risk of their TikTok data being accessed from China.</p> <p>They said it wouldn’t stop them using the app. “Everyone at the moment has access to everything,” one person said. Another said they didn’t “have much to hide from the Chinese government”.</p> <p>Are these fair assessments? Or should Australians actually be worried about yet another social media company taking their data?</p> <p><strong>What’s happening with TikTok?</strong></p> <p>In a 2020 Australian parliamentary hearing on foreign interference through social media, TikTok representatives <a href="https://www.aph.gov.au/Parliamentary_Business/Hansard/Hansard_Display?bid=committees/commsen/1a5e6393-fec4-4222-945b-859e3f8ebd17/&amp;sid=0002">stressed</a>: “TikTok Australia data is stored in the US and Singapore, and the security and privacy of this data are our highest priority.”</p> <p>But as Australian Strategic Policy Institute (ASPI) analyst Fergus Ryan has <a href="https://www.aspistrategist.org.au/its-time-tiktok-australia-came-clean/">observed</a>, it’s not about where the data are <em>stored</em>, but who has <em>access</em>.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">'Where the data is stored is really immaterial if the data can be accessed from Beijing at any point, and that's what we have known for a couple of years' | <a href="https://twitter.com/ASPI_ICPC?ref_src=twsrc%5Etfw">@ASPI_ICPC</a>'s <a href="https://twitter.com/fryan?ref_src=twsrc%5Etfw">@fryan</a> spoke to <a href="https://twitter.com/abcnews?ref_src=twsrc%5Etfw">@abcnews</a> about Tik Tok &amp; data security</p> <p>📺 Watch the interview: <a href="https://t.co/iKIXqj2Rt2">https://t.co/iKIXqj2Rt2</a></p> <p>— ASPI (@ASPI_org) <a href="https://twitter.com/ASPI_org/status/1549185634837102592?ref_src=twsrc%5Etfw">July 19, 2022</a></p></blockquote> <p>On June 17, BuzzFeed published a <a href="https://www.buzzfeednews.com/article/emilybakerwhite/tiktok-tapes-us-user-data-china-bytedance-access">report</a> based on 80 leaked internal TikTok meetings which seemed to confirm access to US TikTok data by Chinese actors. The report refers to multiple examples of data access by TikTok’s parent company ByteDance, which is based in China.</p> <p>Then in July, TikTok Australia’s director of public policy, Brent Thomas, wrote to the shadow minister for cyber security, James Paterson, regarding China’s access to Australian user data.</p> <p>Thomas denied having been asked for data from China or having “given data to the Chinese government” – but he also noted access is “based on the need to access data”. So there’s good reason to believe Australian users’ data <em>may</em> be accessed from China.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">TikTok Australia has replied to my letter and admitted that Australian user data is also accessible in mainland China, putting it within reach of the Chinese government, despite their previous assurances it was safe because it was stored in the US and Singapore <a href="https://t.co/ITY1HNEo6v">pic.twitter.com/ITY1HNEo6v</a></p> <p>— James Paterson (@SenPaterson) <a href="https://twitter.com/SenPaterson/status/1546957121274621952?ref_src=twsrc%5Etfw">July 12, 2022</a></p></blockquote> <p><strong>Is TikTok worse than other platforms?</strong></p> <p>TikTok collects rich consumer information, including personal information and behavioural data from people’s activity on the app. In this respect, it’s not different from other social media companies.</p> <p>They all need oceans of user data to push ads onto us, and run data analytics behind a shiny facade of cute cats and trendy dances.</p> <p>However, TikTok’s corporate roots extend to authoritarian China – and not the US, where most of our other social media come from. This carries implications for TikTok users.</p> <p>Hypothetically, since TikTok moderates content according to Beijing’s foreign policy goals, it’s possible TikTok could apply censorship controls over Australian users.</p> <p>This means users’ feeds would be filtered to omit anything that doesn’t fit the Chinese government’s agenda, such as support for Taiwan’s sovereignty, as an example. In “shadowbanning”, a user’s posts appear to have been published to the user themselves, but are not visible to anyone else.</p> <p>It’s worth noting this censorship risk isn’t hypothetical. In 2019, information about Hong Kong protests was reported to have been <a href="https://www.theguardian.com/technology/2019/sep/25/revealed-how-tiktok-censors-videos-that-do-not-please-beijing">censored</a> not only on Douyin, China’s domestic version of TikTok, but also on TikTok itself.</p> <p>Then in 2020, ASPI <a href="https://www.aspi.org.au/report/tiktok-wechat">found</a> hashtags related to LGBTQ+ are suppressed in at least eight languages on TikTok. In response to ASPI’s research, a TikTok spokesperson said the hashtags may be restricted as part of the company’s localisation strategy and due to local laws.</p> <p>In Thailand, keywords such as #acab, #gayArab and anti-monarchy hashtags were found to be shadowbanned.</p> <p>Within China, Douyin complies with strict national content regulation. This includes censoring information about the religious movement Falun Gong and the Tiananmen massacre, among other examples.</p> <p>The legal environment in China forces Chinese internet product and service providers to work with government authorities. If Chinese companies disagree, or are unaware of their obligations, they can be slapped with legal and/or financial penalties and be forcefully shut down.</p> <p>In 2012, another social media product run by the founder of ByteDance, Yiming Zhang, was forced to close. Zhang fell into political line in a <a href="https://chinamediaproject.org/2018/04/11/tech-shame-in-the-new-era/">public apology</a>. He acknowledged the platform deviated from “public opinion guidance” by not moderating content that goes against “socialist core values”.</p> <p>Individual TikTok users should seriously consider leaving the app until issues of global censorship are clearly addressed.</p> <p><strong>But don’t forget, it’s not just TikTok</strong></p> <p>Meta products, such as Facebook and Instagram, also measure our interests by the seconds we spend looking at certain posts. They aggregate those behavioural data with our personal information to try to keep us hooked – looking at ads for as long as possible.</p> <p><a href="https://www.aclu.org/news/privacy-technology/holding-facebook-accountable-for-digital-redlining">Some real cases</a> of targeted advertising on social media have contributed to “digital redlining” – the use of technology to perpetuate social discrimination.</p> <p>In 2018, Facebook came under fire for showing some employment ads only to men. In 2019, it settled another digital redlining <a href="https://www.theguardian.com/technology/2019/mar/28/facebook-ads-housing-discrimination-charges-us-government-hud">case</a> over discriminatory practices in which housing ads were targeted to certain users on the basis of “race, colour, national origin and religion”.</p> <p>And in 2021, before the US Capitol breach, military and defence product ads <a href="https://www.buzzfeednews.com/article/ryanmac/facebook-profits-military-gear-ads-capitol-riot">were running</a> alongside conversations about a coup.</p> <p>Then there are some worst-case scenarios. The 2018 Cambridge Analytica scandal <a href="https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html">revealed</a> how Meta (then Facebook) exposed users’ data to the political consulting firm Cambridge Analytica without their consent.</p> <p>Cambridge Analytica harvested up to 87 million users’ data from Facebook, derived psychological user profiles and used these to tailor pro-Trump messaging to them. This likely had an influence on the 2016 US presidential election.</p> <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w" alt="A phone shows a TikTok video playing on the screen, with a person mid-dance." /></a><figcaption><span class="caption">To what extent are we willing to ignore potential risks with social platforms, in favour of addictive content?</span> <span class="attribution">Shutterstock</span></figcaption></figure> <p>With TikTok, the most immediate concern for the average Australian user is content censorship – not direct prosecution. But within China, there are recurring instances of Chinese nationals being <a href="https://www.scmp.com/news/china/politics/article/3176605/crackdown-chinas-moderate-rights-voices-how-tweets-are-now">detained or even jailed</a> for using both Chinese and international social media.</p> <p>You can see how the consequences of mass data harvesting are not hypothetical. We need to demand more transparency from not just TikTok but all major social platforms regarding how data are used.</p> <p>Let’s continue the <a href="https://www.afr.com/policy/foreign-affairs/tiktok-s-privacy-fundamentally-incompatible-with-australia-20220713-p5b18l">regulation debate</a> TikTok has accelerated. We should look to update privacy protections and embed transparency into Australia’s national regulatory guidelines – for whatever the next big social media app happens to be.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/187277/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em><a href="https://theconversation.com/profiles/ausma-bernot-963292" target="_blank" rel="noopener">Ausma Bernot</a>, PhD Candidate, <a href="https://theconversation.com/institutions/griffith-university-828" target="_blank" rel="noopener">Griffith University</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/even-if-tiktok-and-other-apps-are-collecting-your-data-what-are-the-actual-consequences-187277" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

Data visualisations made more accessible to screen reader users

<p>A type of assistive technology, screen readers are software programs that scan the contents of a computer screen and transform it into a different format – like synthesised voice or Braille – for people with complete or partial blindness, learning disabilities, or motion sensitivity.</p> <p>Now, scientists from the University of Washington (UW) in the US have designed a JavaScript plugin called VoxLens that allows people to better interact with these visualisations.</p> <p>VoxLens allows screen reader users to gain a high-level summary of the information described in a graph, listen to said graph translated into sound, or use voice-activated commands to ask specific questions about the data, such as the mean or the minimum value.</p> <p>The team presented their <a href="https://dl.acm.org/doi/fullHtml/10.1145/3491102.3517431" target="_blank" rel="noreferrer noopener">research</a> last month at the <a href="https://programs.sigchi.org/chi/2022" target="_blank" rel="noreferrer noopener">ACM CHI Conference on Human Factors in Computing Systems</a> in New Orleans in the US.</p> <figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"> <div class="wp-block-embed__wrapper"> <div class="entry-content-asset"> <div class="embed-wrapper"> <div class="inner"><iframe title="VoxLens - Paper Summary and Demo Video" src="https://www.youtube.com/embed/o1R-5D2WS4s?feature=oembed" width="500" height="281" frameborder="0" allowfullscreen="allowfullscreen"></iframe></div> </div> </div> </div> </figure> <p>“If I’m looking at a graph, I can pull out whatever information I am interested in – maybe it’s the overall trend or maybe it’s the maximum,” says lead author Ather Sharif, a doctoral student in the Paul G. Allen School of Computer Science &amp; Engineering at UW.</p> <p>“Right now, screen reader users either get very little or no information about online visualisations, which, in light of the COVID-19 pandemic, can sometimes be a matter of life and death. The goal of our project is to give screen reader users a platform where they can extract as much or as little information as they want.”</p> <p>The difficulty with translating graphs, according to co-senior author Jacob O. Wobbrock, a professor of information at UW, comes from deciphering information with no clear beginning and end.</p> <div class="newsletter-box"> <div id="wpcf7-f6-p193459-o1" class="wpcf7" dir="ltr" lang="en-US" role="form"> </div> </div> <p>“There is a start and an end of a sentence and everything else comes in between,” he explains. “But as soon as you move things into two dimensional spaces, such as visualisations, there’s no clear start and finish.</p> <p>“It’s just not structured in the same way, which means there’s no obvious entry point or sequencing for screen readers.”</p> <p><strong>Working with screen reader users to improve accessibility</strong></p> <p>The team worked with screen reader users who had partial or complete blindness when designing and testing the tool. During the testing phase, participants learned how to use VoxLens and then completed nine tasks, each of which involved answering questions about a data visualisation.</p> <p>The researchers found that participants completed the tasks with 122% increased accuracy and 36% decreased interaction time, compared to participants of a previous study who hadn’t had access to VoxLens.</p> <p>“We want people to interact with a graph as much as they want, but we also don’t want them to spend an hour trying to find what the maximum is,” says Sharif. “In our study, interaction time refers to how long it takes to extract information, and that’s why reducing it is a good thing.”</p> <p>VoxLens can be implanted easily by data visualisation designers with a single line of code. Right now it only works for visualisations created using <a href="https://www.javascript.com/" target="_blank" rel="noreferrer noopener">JavaScript</a> libraries – such as <a href="https://d3js.org/" target="_blank" rel="noreferrer noopener">D3</a>, <a href="https://www.chartjs.org/" target="_blank" rel="noreferrer noopener">chart.js</a> or <a href="https://www.google.com.au/sheets/about/" target="_blank" rel="noreferrer noopener">Google Sheets</a> – but the team is working towards expanding to other popular platforms.</p> <p>“This work is part of a much larger agenda for us – removing bias in design,” adds co-senior author Katharina Reinecke, associate professor in the Paul G. Allen School of Computer Science &amp; Engineering at UW. “When we build technology, we tend to think of people who are like us and who have the same abilities as we do.</p> <p>“For example, D3 has really revolutionised access to visualisations online and improved how people can understand information. But there are values ingrained in it and people are left out. It’s really important that we start thinking more about how to make technology useful for everybody.”</p> <p><img id="cosmos-post-tracker" style="opacity: 0; height: 1px!important; width: 1px!important; border: 0!important; position: absolute!important; z-index: -1!important;" src="https://syndication.cosmosmagazine.com/?id=193459&amp;title=Data+visualisations+made+more+accessible+to+screen+reader+users" width="1" height="1" /></p> <div id="contributors"> <p><em><a href="https://cosmosmagazine.com/technology/voxlens-accessibility-screen-readers/" target="_blank" rel="noopener">This article</a> was originally published on <a href="https://cosmosmagazine.com" target="_blank" rel="noopener">Cosmos Magazine</a> and was written by <a href="https://cosmosmagazine.com/contributor/imma-perfetto" target="_blank" rel="noopener">Imma Perfetto</a>. Imma Perfetto is a science writer at Cosmos. She has a Bachelor of Science with Honours in Science Communication from the University of Adelaide.</em></p> <p><em>Image: Getty Images</em></p> </div>

Technology

Placeholder Content Image

ACCC says consumers need more choices about what online marketplaces are doing with their data

<p>Consumers using online retail marketplaces such as eBay and Amazon “have little effective choice in the amount of data they share”, according to the <a href="https://www.accc.gov.au/publications/serial-publications/digital-platform-services-inquiry-2020-2025/digital-platform-services-inquiry-march-2022-interim-report" target="_blank" rel="noopener">latest report</a> of the Australian Competition &amp; Consumer Commission (ACCC) Digital Platform Services Inquiry.</p> <p>Consumers may benefit from personalisation and recommendations in these marketplaces based on their data, but many are in the dark about how much personal information these companies collect and share for other purposes.</p> <p><a href="https://www.accc.gov.au/media-release/concerning-issues-for-consumers-and-sellers-on-online-marketplaces" target="_blank" rel="noopener">ACCC chair Gina Cass-Gottlieb</a> said:</p> <blockquote> <p>We believe consumers should be given more information about, and control over, how online marketplaces collect and use their data.</p> </blockquote> <p>The report reiterates the ACCC’s earlier calls for amendments to the Australian Consumer Law to address unfair data terms and practices. It also points out that the government is considering <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988" target="_blank" rel="noopener">proposals for major changes to privacy law</a>.</p> <p>However, none of these proposals is likely to come into effect in the near future. In the meantime, we should also consider whether practices such as obtaining information about users from third-party data brokers are fully compliant with existing privacy law.</p> <p><strong>Why did the ACCC examine online marketplaces?</strong></p> <p>The ACCC examined competition and consumer issues associated with “general online retail marketplaces” as part of its <a href="https://www.accc.gov.au/focus-areas/inquiries-ongoing/digital-platform-services-inquiry-2020-2025" target="_blank" rel="noopener">five-year Digital Platform Services Inquiry</a>.</p> <p>These marketplaces facilitate transactions between third-party sellers and consumers on a common platform. They do not include retailers that don’t operate marketplaces, such as Kmart, or platforms such as Gumtree that carry classified ads but don’t allow transactions.</p> <p>The ACCC report focuses on the four largest online marketplaces in Australia: Amazon Australia, Catch, eBay Australia and Kogan. In 2020–21, these four carried sales totalling $8.4 billion.</p> <figure class="align-center "><em><img src="https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w" alt="" /></em><figcaption><em><span class="caption">Online marketplaces such as Amazon, eBay, Catch and Kogan facilitate transactions between third-party buyers and sellers.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/new-york-usa-november-1-2018-1219079038" target="_blank" rel="noopener">Shutterstock</a></span></em></figcaption></figure> <p>According to the report, eBay has the largest sales of these companies. Amazon Australia is the second-largest and the fastest-growing, with an 87% increase in sales over the past two years.</p> <p>The ACCC examined:</p> <ul> <li>the state of competition in the relevant markets</li> <li>issues facing sellers who depend on selling their products through these marketplaces</li> <li>consumer issues including concerns about personal information collection, use and sharing.</li> </ul> <p><strong>Consumers don’t want their data used for other purposes</strong></p> <p>The ACCC expressed concern that in online marketplaces, “the extent of data collection, use and disclosure … often does not align with consumer preferences”.</p> <p>The Commission pointed to surveys about <a href="https://www.accc.gov.au/system/files/Consumer%20Policy%20Research%20Centre%20%28CPRC%29%20%2818%20August%202021%29.pdf" target="_blank" rel="noopener">Australian consumer attitudes to privacy</a> which indicate:</p> <ul> <li>94% did not feel comfortable with how digital platforms including online marketplaces collect their personal information</li> <li>92% agreed that companies should only collect information they need for providing their product or service</li> <li>60% considered it very or somewhat unacceptable for their online behaviour to be monitored for targeted ads and offers.</li> </ul> <p>However, the four online marketplaces analysed:</p> <ul> <li>do not proactively present privacy terms to consumers “throughout the purchasing journey”</li> <li>may allow advertisers or other third parties to place tracking cookies on users’ devices</li> <li>do not clearly identify how consumers can opt out of cookies while still using the marketplace.</li> </ul> <p>Some of the marketplaces also obtain extra data about individuals from third-party data brokers or advertisers.</p> <p>The <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3432769" target="_blank" rel="noopener">harms from increased tracking and profiling</a> of consumers include decreased privacy; manipulation based on detailed profiling of traits and weaknesses; and discrimination or exclusion from opportunities.</p> <p><strong>Limited choices: you can’t just ‘walk out of a store’</strong></p> <p>Some might argue that consumers must not actually care that much about privacy if they keep using these companies, but the choice is not so simple.</p> <p>The ACCC notes the relevant privacy terms are often spread across multiple web pages and offered on a “take it or leave it” basis.</p> <p>The terms also use “bundled consents”. This means that agreeing to the company using your data to fill your order, for example, may be bundled together with agreeing for the company to use your data for its separate advertising business.</p> <p>Further, as my research has shown, there is <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3905693" target="_blank" rel="noopener">so little competition on privacy</a> between these marketplaces that consumers can’t just find a better offer. The ACCC agrees:</p> <blockquote> <p>While consumers in Australia can choose between a number of online marketplaces, the common approaches and practices of the major online marketplaces to data collection and use mean that consumers have little effective choice in the amount of data they share.</p> </blockquote> <p>Consumers also seem unable to require these companies to delete their data. The situation is quite different from conventional retail interactions where a consumer can select “unsubscribe” or walk out of a store.</p> <p><strong>Does our privacy law currently permit all these practices?</strong></p> <p>The ACCC has reiterated its earlier calls to amend the Australian Consumer Law to prohibit unfair practices and make unfair contract terms illegal. (At present unfair contract terms are just void, or unenforceable.)</p> <p>The report also points out that the government is considering proposals for major changes to privacy law, but <a href="https://theconversation.com/a-new-proposed-privacy-code-promises-tough-rules-and-10-million-penalties-for-tech-giants-170711" target="_blank" rel="noopener">these changes</a> are uncertain and may take more than a year to come into effect.</p> <p>In the meantime, we should look more closely at the practices of these marketplaces under current privacy law.</p> <p>For example, under the <a href="https://www.legislation.gov.au/Series/C2004A03712" target="_blank" rel="noopener">federal Privacy Act</a> the four marketplaces</p> <blockquote> <p>must collect personal information about an individual only from the individual unless … it is unreasonable or impracticable to do so.</p> </blockquote> <p>However, <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3905693" target="_blank" rel="noopener">some online marketplaces</a> say they collect information about individual consumers’ interests and demographics from “<a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5338596835&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">data providers</a>” and <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">other third parties</a>.</p> <p>We don’t know the full detail of what’s collected, but demographic information might include our age range, income, or family details.</p> <p>How is it “unreasonable or impracticable” to obtain information about our demographics and interests directly from us? Consumers could ask online marketplaces this question, and complain to the <a href="https://www.oaic.gov.au/privacy/privacy-complaints" target="_blank" rel="noopener">Office of the Australian Information Commissioner</a> if there is no reasonable answer.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/182134/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em><a href="https://theconversation.com/profiles/katharine-kemp-402096" target="_blank" rel="noopener">Katharine Kemp</a>, Senior Lecturer, Faculty of Law &amp; Justice, UNSW, <a href="https://theconversation.com/institutions/unsw-sydney-1414" target="_blank" rel="noopener">UNSW Sydney</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/accc-says-consumers-need-more-choices-about-what-online-marketplaces-are-doing-with-their-data-182134" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

How does Spotify use your data? Even experts aren’t sure

<p dir="ltr">Spotify has revolutionised the music industry, and its ability to recommend music tailored to your personal taste has been a standout feature.</p> <p dir="ltr">But it isn’t the only app to provide this kind of personalised experience, with Artificial Intelligence being used to create your personalised newsfeeds on Facebook and Twitter, recommend purchases on Amazon, or even the order of search results on Google.</p> <p dir="ltr">To achieve this, these apps and websites use our data in their recommendation algorithms - but they are so secretive about these algorithms that we don’t fully know how they work.</p> <p dir="ltr">In a search for answers, a team of New Zealand legal and music experts <a href="https://www.scimex.org/newsfeed/tinder-and-spotifys-fine-print-arent-clear-about-how-they-use-our-data-for-recs" target="_blank" rel="noopener">pored over</a> several versions of the privacy policies and Terms of Use used by Spotify and Tinder to determine how our data is being used as new features have been rolled out.</p> <p dir="ltr">Their work, published in the <em><a href="https://doi.org/10.1080/03036758.2022.2064517" target="_blank" rel="noopener">Journal of the Royal Society of New Zealand</a></em>, found that Spotify’s privacy policy has nearly doubled since its launch in 2012, which reflects an increase in the amount of data the platform now collects.</p> <p dir="ltr"><strong>The algorithm hungers for data</strong></p> <p dir="ltr">Originally, Spotify collected basic information such as the kinds of songs played, the playlists created, and the email address, age, gender, and location of a user, as well as their profile picture, and the pictures and names of their Facebook friends if their profile was linked.</p> <p dir="ltr">In the 2021 policy, Spotify collects voice data, users’ photos, and location data - and the team of experts have connected this expansion to the patents the company owns.</p> <p dir="ltr">That same year, “Spotify was granted a patent that allows the company to promote ‘personalised content’ based on the ‘personality traits’ it detects from voice data and background noise,” the authors wrote, suggesting the algorithm has changed to capture voice data.</p> <p dir="ltr">As for its Terms of Use, the authors found both Spotify and Tinder used ambiguous wording and vague language, despite expectations that it would be somewhat transparent because it is a legal agreement between the platform and its users.</p> <p dir="ltr">They noted that the opaque style of the Terms of Use made analysis more difficult.</p> <p dir="ltr">Despite this, they found that from 2015, Spotify’s recommendations were also influenced by “commercial considerations”, including third-party agreements Spotify had with other companies.</p> <p dir="ltr">The team of experts argue that this particular change “provides ample room for the company to legally highlight content to a specific user based on a commercial agreement”.</p> <p dir="ltr">Meanwhile, Spotify has also started offering artists the option to lower their royalty rate “in exchange for an increased number of recommendations”.</p> <p dir="ltr">Taken together, the authors argue that this means that the playlists made specifically for us could be influenced by factors outside of our control, “like commercial deals with artists and labels”.</p> <p dir="ltr"><strong>Users deserve answers</strong></p> <p dir="ltr">Though they made these findings, the authors note that some will still be speculative while companies stay tight-lipped about how their algorithms work.</p> <p dir="ltr">“When companies are uncooperative, and typical academic inquiry cannot be complete without breaching contractual agreements, we maintain that scholarly investigation can have a speculative character,” they wrote.</p> <p dir="ltr">“This suggestion does not mean that a less academic rigour can be expected or granted about making assumptions on the basis of partial, observable data. Instead, we propose that it is the companies’ remit and burden to refute such assumptions and communicating the clarity of their systems.”</p> <p dir="ltr">With many of us using services like Spotify, Tinder, Google and Amazon on a daily basis, it’s up to these companies to become more transparent in how they use our information with the understanding that we deserve to know what happens to the data that makes us, us.</p> <p><span id="docs-internal-guid-22451cbe-7fff-7512-7ed6-c621fbd456c7"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

The metaverse: three legal issues we need to address

<p>The “<a href="https://www.wired.com/story/what-is-the-metaverse/" target="_blank" rel="noopener">metaverse</a>” seems to be the latest buzzword in tech. In general terms, the metaverse can be viewed as a form of cyberspace. Like the internet, it’s a world – or reality, even – beyond our physical world on Earth.</p> <p>The difference is that the metaverse allows us to immerse a version of ourselves as <a href="https://medium.com/@ppreddy576/digital-avatars-and-working-with-human-like-creatives-b84f24005a05" target="_blank" rel="noopener">avatars</a> in its environment, usually through <a href="https://hbr.org/2016/10/the-mainstreaming-of-augmented-reality-a-brief-history" target="_blank" rel="noopener">augmented reality</a> (AR) or <a href="https://www.britannica.com/technology/virtual-reality" target="_blank" rel="noopener">virtual reality</a> (VR), which people are and will increasingly be able to access using tools like VR goggles.</p> <p>While it all seems very exciting, a curious lawyer like me is inclined to ask: who or what governs the metaverse? The way I see it, there are three key areas which, at this stage, are legally murky.</p> <p><strong>1. A boundless marketplace</strong></p> <p>Transactions in the metaverse are generally monetised using cryptocurrency or <a href="https://edition.cnn.com/2021/03/17/business/what-is-nft-meaning-fe-series/index.html" target="_blank" rel="noopener">NFTs</a> (non-fungible tokens). An NFT is a unique digital asset: it could be an image, a piece of music, a video, a 3D object, or another type of creative work. The NFT market is booming – in some cases we’re talking about <a href="https://edition.cnn.com/style/article/beeple-first-nft-artwork-at-auction-sale-result/index.html" target="_blank" rel="noopener">sales</a> equivalent to millions of pounds.</p> <p>While it’s difficult to say whether this is simply a trend, or a new and exciting form of capital investment, these kinds of transactions raise some interesting legal questions.</p> <p>For example, in the “real” world, when it comes to purchasing a piece of art, property law dictates that <a href="https://www.reedsmith.com/en/perspectives/2021/05/reed-smith-guide-to-the-metaverse" target="_blank" rel="noopener">ownership</a> is two-fold. First, ownership can be attributed in the actual physical art work. And second, the buyer may or may not own the intellectual property of the art work, depending on the terms of the sale.</p> <p>But what kind of ownership is precisely included in a transaction of digital art? International law firm <a href="https://www.reedsmith.com/en/perspectives/2021/05/reed-smith-guide-to-the-metaverse" target="_blank" rel="noopener">Reed Smith</a> has said that “ownership” in the metaverse is nothing more than a form of licensing, or provision of services. In such instances, true ownership still lies with the owner. This may mean, for example, that the buyer cannot sell the item without permission from the true owner.</p> <p>Virtual real estate has also become an NFT, with individuals and companies <a href="https://theconversation.com/real-estate-in-the-metaverse-is-booming-is-it-really-such-a-crazy-idea-174021" target="_blank" rel="noopener">spending enormous sums</a> to own a “property” in the metaverse. Do the intricacies of land law apply here? For example, will real-world legislation cover trespassers on private land in the metaverse? Can you take out a mortgage on your virtual property?</p> <p>The metaverse may also be susceptible to hosting a virtual marketplace somewhat like <a href="https://www.newscientist.com/article/mg24933260-400-silk-road-review-the-true-story-of-the-dark-webs-illegal-drug-market/" target="_blank" rel="noopener">Silk Road</a>, which was a dark web marketplace dealing in illegal drugs, weapons and, allegedly, “<a href="https://www.bbc.co.uk/news/av/technology-24378137" target="_blank" rel="noopener">murder for hire</a>”. What kinds of laws can be put in place to safeguard against this happening in the metaverse? It would be ideal to have a global regulatory authority overseeing the metaverse, although this would be difficult to implement.</p> <p><strong>2. Data</strong></p> <p>Another possible legal implication of the metaverse is around data and data protection. The metaverse will expose new categories of <a href="https://www.cms-lawnow.com/ealerts/2022/01/legal-advice-in-the-metaverse" target="_blank" rel="noopener">our personal data</a> for processing. This might include facial expressions, gestures and other types of reactions an avatar could produce during interactions in the metaverse.</p> <p>The EU’s General Data Protection Regulation (<a href="https://gdpr.eu/" target="_blank" rel="noopener">GDPR</a>) could arguably apply to the metaverse, as could the <a href="https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted" target="_blank" rel="noopener">UK’s Data Protection Act</a>. But given the novel nature of the metaverse, to ensure that users’ rights are protected, the processes governing informed consent around data processing may need to be revisited.</p> <figure class="align-center "><img src="https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=338&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=338&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=338&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=424&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=424&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/443780/original/file-20220201-17-1a83bq0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=424&amp;fit=crop&amp;dpr=3 2262w" alt="A rendering of two avatars shaking hands." /><figcaption><span class="caption">Interactions in the metaverse will expose new types of personal data.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/business-man-wear-virtual-glasses-shaking-2089653463" target="_blank" rel="noopener">Athitat Shinagowin/Shutterstock</a></span></figcaption></figure> <p>Further, the “no-boundaries” nature of the metaverse means that while we might want to assume the GDPR will apply, the clauses dealing with transfer and processing of data outside the EU may need to be clarified. The GDPR applies <a href="https://www.metaverselaw.com/category/gdpr/" target="_blank" rel="noopener">based on</a> the location of the subject when their data is processed, not on their home country or citizenship.</p> <p>So can we look to the location based on the person operating the avatar, or is it more appropriate to look at the avatar itself, since it’s the avatar’s data that will be processed? And if we look to the avatar’s location, how would we determine which jurisdiction the metaverse falls under?</p> <p><strong>3. User interactions</strong></p> <p>When users interact through their avatars, we may have situations where some kind of altercation occurs that would equate to breaking the law, if it took place between people in the real world. Such incidents could be in breach of tort law (which covers civil claims such as negligence or nuisance) or criminal law (involving illegal acts and crime such as assault, murder, burglary or rape).</p> <p>Imagine one avatar assaults another. Could we apply criminal laws of assault and battery to this situation? How could we make an avatar responsible for their actions in the metaverse? This would be complicated, because it would mean that we need to attribute a <a href="https://www.cms-lawnow.com/ealerts/2022/01/legal-advice-in-the-metaverse" target="_blank" rel="noopener">legal persona</a> to the avatar, giving them rights and duties within a legal system; allowing them to sue or be sued.</p> <p>Proving assault or battery would also be much more difficult because it usually requires “<a href="https://www.cps.gov.uk/legal-guidance/offences-against-person-incorporating-charging-standard#:%7E:text=The%20offence%20is%20committed%20when,or%20caused%20the%20bodily%20harm." target="_blank" rel="noopener">actual bodily harm</a>”. In the metaverse, there will naturally be no actual bodily harm. It would be challenging to prove harm, loss or injury suffered by an avatar.</p> <p>Worryingly, <a href="https://www.thetimes.co.uk/article/my-journey-into-the-metaverse-already-a-home-to-sex-predators-sdkms5nd3" target="_blank" rel="noopener">sexual predators</a> are already emerging in the metaverse, masking their identity behind an avatar that may not easily be traced back to its operator in the real world. For example, we’ve seen incidents of <a href="https://www.technologyreview.com/2021/12/16/1042516/the-metaverse-has-a-groping-problem/" target="_blank" rel="noopener">groping</a>. Users in the metaverse can wear haptic vests or other technologies which would actually allow them to feel the sensations if they were touched or groped.</p> <p><a href="https://www.reeds.co.uk/insight/should-sexual-harassment-be-a-criminal-offence-in-the-uk/" target="_blank" rel="noopener">Sexual harassment laws</a> do not require physical contact to constitute sexual harassment. But are existing laws adequate to deal with this issue? Within the environment of VR and gaming, for example, upon whom rests the responsibility to ensure the safety of users?</p> <p>There is little doubt issues of sexual harassment will make their way into the metaverse, particularly if unscrupulous users know this is a grey area. Believing that their actions cannot be proved, or that they cannot be held responsible for events that take place in the metaverse, might embolden such behaviour.</p> <p>This comes back to the question of legal personas of avatars – is a legal persona necessary to make avatars responsible for their actions in the metaverse? And what kind of standards and criteria need to be in place to distinguish between a “legal” avatar and the true legal person who operates that avatar? These issues should all be addressed before the metaverse becomes mainstream.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/175891/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/pin-lean-lau-1282877" target="_blank" rel="noopener">Pin Lean Lau</a>, Lecturer in Bio-Law, Brunel Law School | Centre for Artificial Intelligence: Social &amp; Digital Innovations, <a href="https://theconversation.com/institutions/brunel-university-london-1685" target="_blank" rel="noopener">Brunel University London</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/the-metaverse-three-legal-issues-we-need-to-address-175891" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Legal

Placeholder Content Image

Smartphone security: everything you need to know to keep your phone safe

<p><strong>Smartphone safety </strong></p> <p><span>Considering our smartphones are now home to everything from emergency contacts to banking information, keeping those assets out of the wrong hands is more important than ever. </span></p> <p><span>Read on for all the mobile security threats you need to be on the alert for and what steps experts recommend you take to protect your device.</span></p> <p><strong>The key principles of smartphone security</strong></p> <p>No matter which type of smartphone you have, these are the four main security issues you should be mindful of.</p> <p>Virus protection: Like your laptop or desktop, phones are susceptible to hacking and viruses.</p> <p>Smartphone privacy: Whether it’s a nosy partner, friend, co-worker, or a hacker who is up to no good, maintaining your privacy on your device is paramount.</p> <p>Phone security: Your phone is often your lifeline and increasingly serves as your digital wallet, which makes it a top target for thieves.</p> <p>Personal data collection: Apps and even your phone itself are always trying to glean information about you. Find out how much is too much and how you can control what information is – and isn’t – shared about you.</p> <p><strong>Phone security best practices: 1. Ignore and avoid phishing attacks</strong></p> <p><span>Hackers and digital thieves are becoming craftier than ever in an attempt to steal the keys to your identity. </span></p> <p><span>Once you’re aware of their tricks and know about the latest scams, you won’t fall victim or mistakenly download a virus to your phone. </span></p> <p><span>Your first line of defence: immediately delete any questionable emails or texts and learn how to stop spam texts altogether.</span></p> <p><strong>2. Use antivirus for phones</strong></p> <p><span>Did you know that even with the latest iPhone security updates, <a href="https://www.rd.com/article/can-iphones-get-viruses/">iPhones can get viruses</a>, too? Android users will want to know the ins and outs of <a href="https://www.rd.com/article/google-play-protect/">Google Play Protect</a>. </span></p> <p><span>If you should accidentally download a virus, we have you covered for that as well and can fill you in on <a href="https://www.rd.com/article/remove-virus-android-phone/">how to remove hidden malware on an Android phone</a>. </span></p> <p><span>Of course, investing in a secure phone is essential to preventing security problems in the first place.</span></p> <p><strong>3. Secure your message to maintain privacy</strong></p> <p><span>Whether you’re in a career that demands privacy or you’re simply planning a surprise birthday party for a friend, you’ll want to know about these strategies for keeping your texts and phone calls secure. </span></p> <p><span><a rel="noopener" href="https://www.rd.com/article/how-to-hide-text-messages-on-an-iphone/" target="_blank">Start by learning how to hide text messages on an iPhone.</a> Then consider if you need an <a rel="noopener" href="https://www.rd.com/article/encrypted-phones/" target="_blank">encrypted phone</a> – find out what this buzzword actually means and why and how to encrypt your iPhone or Android phone. The most secure messaging apps are a must for anyone with privacy concerns.</span></p> <p><strong>4. Manage your app permissions</strong></p> <p><span>Your smartphone and the apps you download to your phone know a lot about you, sometimes even too much. </span></p> <p><span>One of the quickest ways to keep your personal information private is by paying attention to your app permissions. </span></p> <p><span>For example, does your rideshare app really need access to your contact list or your calendar? Both iPhones and Androids have made it easier than ever to control app permissions, but you still need to do your homework in order to limit them to the ones the app truly needs.</span></p> <p><strong>5. Lock your phone</strong></p> <p><span>According to a 2017 Pew Report, almost 30 percent of smartphone owners do not even use a screen lock or other security features; yet the easiest and most obvious way to keep your phone protected is to regularly lock your home screen and use two-factor authentication. </span></p> <p><span>Additionally, experts recommend that you go the extra mile, so make sure you don’t have a weak password and learn how to lock apps on your phone.</span></p> <p><strong>6. Be wary of public Wi-Fi</strong></p> <p><span>Sure, it can be convenient to check your email while waiting for your train or bus and you may occasionally go to the coffee shop down the street to work. </span></p> <p><span>But logging on to an open Wi-Fi network could potentially open your device up to hackers – if you’re not careful.</span></p> <p><strong>7. Use a recovery app to find a lost phone</strong></p> <p><span>A lost or stolen iPhone may feel like the worst thing in the world that can happen, but there are steps you can take immediately to protect yourself and your information. </span></p> <p><span>Plus the built-in Find My iPhone app can help you reconnect with your lost phone.</span></p> <p><strong>Don't jailbreak or root your device</strong></p> <p><span>Finally, experts strongly recommend against jailbreaking your iPhone or rooting your Android. </span></p> <p><span>Jailbreaking is the term used to describe hacking into Apple’s mobile operating system iOS and tweaking it so you can customise the appearance and performance of your iPhone. When similar modifications are made to an Android smartphone, the process is called rooting.</span></p> <p><span>Why? Even though jailbreaking your phone may seem appealing, no customisation is worth making your phone vulnerable to hacking or other viruses.</span></p> <p><strong>Bottom line</strong></p> <p><span>While iPhone and Android are constantly employing better and more sophisticated security measures, at the end of the day, keeping your phone and personal data safe is largely up to you. </span></p> <p><span>If you get a suspicious scam text or an iPhone virus warning, think twice before automatically clicking on any links to open it. Look to see if there are any telltale misspellings? Does the URL start with “https:”? </span></p> <p><span>And remember, that Apple (and other legitimate companies, such as your bank) will never ask for your password in a text message. Common sense will always be your best defence.</span></p> <p><em>Image credits: Getty Images</em></p> <p><em>This article originally appeared on <a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/smartphone-security-everything-you-need-to-know-to-keep-your-phone-safe?pages=1">Reader's Digest</a>. </em></p>

Technology

Placeholder Content Image

A failure at 6? Data-driven assessment isn’t helping young children’s learning

<p>Children’s <a href="https://www.education.vic.gov.au/Documents/childhood/providers/edcare/veyldframework.pdf">early years</a> from birth to the age of eight are crucial for their social, emotional and intellectual development. However, early years education in Australia is fragmented. It operates across two spaces, the pre-compulsory period, often called early childhood education, and the first three years of compulsory schooling.</p> <p>In recent times the focus in these three years has been on assessment that produces numerical data. Teachers need to demonstrate children are meeting standards.</p> <p>In contrast, in the pre-compulsory years the focus is on observing and interacting with the child. Practices are based on the belief that all children have agency and are capable learners.</p> <p>A chasm has opened up between these <a href="https://www.routledge.com/Early-Childhood-and-Compulsory-Education-Reconceptualising-the-relationship/Moss/p/book/9780415687744">separate education systems</a>. Children go from playing to being tested in the blink of an eye. This abrupt change in young children’s education is problematic.</p> <h2>What does research tell us about the early years?</h2> <p>A <a href="https://research-repository.griffith.edu.au/bitstream/handle/10072/391647/Dunn356707Accepted.pdf?sequence=2&amp;isAllowed=y">2015 review</a> of research on best practices in the early years identified key factors in successful teaching and learning. The review noted the importance of:</p> <ul> <li> <p>a smooth transition between pre-school education and compulsory school education</p> </li> <li> <p>play-based learning</p> </li> <li> <p>seeing children as capable and having agency in their learning</p> </li> <li> <p><a href="https://www.education.vic.gov.au/school/teachers/teachingresources/discipline/english/literacy/speakinglistening/Pages/teachingpracdialogic.aspx">dialogic interactions</a> involving <a href="https://earlychildhood.qld.gov.au/earlyYears/Documents/language-dialogic-in-action.pdf">rich discussions</a> between children and between children and teachers.</p> </li> </ul> <p>Australia has introduced a mandated curriculum and a national assessment program in primary schools. The review noted this meant many early years teachers have adopted a more formalised and narrow approach to learning in schools. It isn’t appropriate for young children.</p> <p>We can see the resulting <a href="https://researchnow.flinders.edu.au/en/publications/where-are-the-early-years-of-school-in-contemporary-early-childho">divide between non-compulsory and compulsory</a> early years education in Victoria. On the one hand, teachers need to acknowledge the needs of children from birth to eight years. On the other hand, for those between the ages of five and 12, the <a href="https://victoriancurriculum.vcaa.vic.edu.au/">Victorian Curriculum</a> requires teachers to assess and report against curriculum standards.</p> <p>The focus on formal assessment and numerical data in the early years of schooling means children as young as six can be labelled as failing. In countries like Finland and Singapore, which have been <a href="https://www.oecd.org/pisa/pisaproducts/strongperformers/">identified</a> as <a href="http://timssandpirls.bc.edu/pirls2016/international-results/pirls/student-achievement/pirls-achievement-results/">high-performing</a>, children do not even <a href="https://expatchild.com/school-starting-ages-around-world/">begin formal schooling</a> before the age of six or seven.</p> <p><iframe src="https://data.worldbank.org/share/widget?indicators=SE.PRM.AGES&amp;type=shaded&amp;view=map" width="100%" height="380" frameborder="0" scrolling="no"></iframe></p> <p><a href="https://journals.sagepub.com/doi/pdf/10.2304/ciec.2014.15.2.185">One study</a> has described the early years in countries like the United Kingdom, America and Australia as being at the mercy of top-down policy development, leading to “a highly prescriptive and assessment-driven early years climate”. <a href="https://www.routledge.com/The-Datafication-of-Primary-and-Early-Years-Education-Playing-with-Numbers/Bradbury-Roberts-Holmes/p/book/9781138242173">UK researchers</a> have identified the “datafication” of early years education and its impacts on children and teachers. And <a href="https://researchoutput.csu.edu.au/en/publications/a-sociological-analysis-of-australias-naplan-and-my-school-senate">Australian researchers</a> used the term “adultification” to describe the unrealistic expectations placed on young children.</p> <h2>So what happens in our schools?</h2> <p>My doctoral <a href="https://minerva-access.unimelb.edu.au/handle/11343/268186">research</a> found “datafication” and “adultification” defined the early years of schooling in Victoria. I engaged with more than 100 early-years teachers to explore their literacy teaching and assessment practices. The recurring theme was these teachers were expected to frequently assess young children in formal ways that provided numerical data.</p> <p>Teachers voiced frustration. One described the early years as “death by assessment”. Another lamented that community expectations were unreasonable, saying “people are hung up on data, numbers”.</p> <p>There was an overwhelming sense that the teachers knew their children best and should be given the agency to assess and plan for literacy teaching rather than being required to use a suite of commercially produced assessment tools.</p> <p>The Victorian Early Years Learning and Development Framework (<a href="https://www.education.vic.gov.au/Documents/childhood/providers/edcare/veyldframework.pdf">VEYLDF</a>) is designed to support early years teachers working with children and families. Its premise is that children have the greatest opportunities to develop neural pathways for learning and are also most vulnerable to negative experiences from birth to eight years.</p> <p>The framework is based on research into best practice for children in these years. Rather than formal assessment based on numbers, the VEYLDF advocates for assessment that is authentic and responsive to how all children can best demonstrate their learning and development.</p> <p>The Victorian Education Department <a href="https://www.education.vic.gov.au/childhood/professionals/learning/Pages/veyldf.aspx">encourages</a> teachers in schools to use the framework. However, little is known about how many actually use the framework to inform teaching and learning.</p> <p>Making it mandatory to report against curriculum standards from the time children begin compulsory schooling sets the boundaries for how many teachers operate. It is hard to have a foot in both camps when reporting against these standards is mandatory and you feel compelled to prepare children for what comes next – which includes <a href="https://www.nap.edu.au/">NAPLAN</a>, the national assessment program.</p> <p><img src="https://images.theconversation.com/files/432555/original/file-20211118-18-1xgrfo5.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="Group of laughing and smiling children together among trees" /> <span class="caption">‘Death by assessment’ threatens the joy young children find in learning.</span> <span class="attribution"><span class="source">Shutterstock</span></span></p> <h2>Schools can still let children be children</h2> <p>However, some schools are turning their backs on the relentless measuring of young children’s attainments. <a href="https://www.sjfootscray.catholic.edu.au/">St John’s</a>, a multicultural primary school in Melbourne’s inner west, is one example. You only need to look at the school <a href="https://www.sjfootscray.catholic.edu.au/learning/">website</a> to see its philosophy differs from many others.</p> <blockquote> <p>“St John’s Horizon [a school community-developed vision] clearly states ‘KIDS AT THE HEART’ which encapsulates our focus and belief in the image of the child – the child who is capable, curious, full of wonder, rich in knowledge, able to construct and co-construct his or her own learning. We believe in JOY – Joy in learning.”</p> </blockquote> <p>A conversation with the then principal, Gemma Goodyear, gave me an insight into these beliefs, which are inspired by teaching and learning in schools in <a href="https://www.reggiochildren.it/en/reggio-emilia-approach/">Reggio Emilia</a>, Italy. Goodyear said children do not come to school to be “fixed”, and the teachers engage them by providing meaningful, contextualised learning experiences. And, yes, through their focus on rich learning they still get great results without relentless testing.</p> <p>It is time to revisit the early years of schooling and ensure teachers have the skills and understandings they need to support learners in this phase. These years should be a time when children become engaged and excited about learning, a time of great joy, and a time when children are allowed to be children.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/169463/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><span><a href="https://theconversation.com/profiles/martina-tassone-1270226">Martina Tassone</a>, Early Childhood and Primary Course Coordinator and Language and Literacy Lecturer, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></span></p> <p>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/a-failure-at-6-data-driven-assessment-isnt-helping-young-childrens-learning-169463">original article</a>.</p> <p><em>Image: Shutterstock</em></p>

Family & Pets

Placeholder Content Image

Researchers discover dangerous spyware being used to hack messages

<p><span style="font-weight: 400;">The recent hacking of a Saudi activist’s phone has alerted smartphone users to the dangers of messaging applications. </span></p> <p><span style="font-weight: 400;">These apps, such as iMessage or WhatsApp, are the latest software targeted by hackers to steal private information. </span></p> <p><span style="font-weight: 400;">All it takes is a simple call through these systems to infiltrate a device, even if the person doesn’t answer. </span></p> <p><span style="font-weight: 400;">Apple has recently issued an update saying they intend to resolve the loophole in iMessage, but there are still growing concerns over the ease of hacking through messaging software.</span></p> <p><span style="font-weight: 400;">The latest research into cyber security was published by Citizen Lab, after the phone belonging to the anonymous activist was hacked using the Pegasus surveillance tool.</span></p> <p><span style="font-weight: 400;">Pegasus – created by NSO Group, a global cyber security organisation based in Israel – is the world’s most powerful spyware tool.</span></p> <p><span style="font-weight: 400;">Previous versions of Pegasus have deployed malicious software that could infiltrate devices without users needing to click on anything for the hacking to take place. </span></p> <p><span style="font-weight: 400;">Citizen Lab researcher John Scott-Railton told </span><a href="https://www.news.com.au/technology/online/hacking/researchers-find-new-pegasus-spyware-hack-targeting-imessage-on-saudi-activists-iphone/news-story/dc5ed151272805b8a2eb62e7b5f332d6"><span style="font-weight: 400;">The Washington Post</span></a><span style="font-weight: 400;"> that the hack on the Saudi activist’s phone showed that messaging apps were the weak spot. </span></p> <p><span style="font-weight: 400;">“Chat programs are quickly becoming a soft underbelly of device security,” he said.</span></p> <p><span style="font-weight: 400;">Pegasus has previously been investigated by cyber experts and journalists after political figures, business leaders and human rights activists have all been targeted. </span></p> <p><span style="font-weight: 400;">The latest finding is expected to heap pressure on the Israeli government who have previously said they will investigate NSO Group.</span></p> <p><em><span style="font-weight: 400;">Image credit: Shutterstock</span></em></p>

Technology

Placeholder Content Image

Beware: Your private data could be shared with strangers

<p>Just to remind us that even the world’s biggest and wealthiest tech companies are not immune to privacy breaches, Google made worldwide headlines recently after a glitch that sent thousands of users’ private videos backed up on Google Photos to complete strangers.</p> <p>Google Takeout is a service that allows Google Photo users to backup their personal data or use it with other apps. <a href="https://www.businessinsider.com.au/google-photos-accidentally-sent-users-private-videos-to-strangers-report-2020-2?r=US&amp;IR=T">Google mixed up user-data</a> and sent many Take-out users’ personal videos to random people.</p> <p>While the issue lasted several days, Google says it only affected 0.01% of users – but with the number of users in excess of 1 billion, the number is believed to run into the thousands.</p> <p>The way big tech companies like Google and Facebook collect, store and share user-data has <a href="https://www.sydneycriminallawyers.com.au/blog/facebook-defiant-in-the-face-of-data-scandal/">come under scrutiny in recent years.</a></p> <p><strong>The ACCC has taken legal action against Google</strong></p> <p>Last year, the Australian consumer watchdog, the Australian Competition and Consumer Commission (ACCC) filed legal proceedings against Google, accusing it of misleading smartphone users about how it collects and uses personal location data.</p> <p>It’s the ACCC’s first lawsuit against a global tech giant, but one which the Commission hopes will send a clear message that tech companies are legally required to inform users of how their data is collected, and how users can stop it from being collected.</p> <p>Other countries are said to be watching the proceedings closely, as they too consider how to keep tech companies accountable.</p> <p>In a nutshell, <a href="https://www.reuters.com/article/us-australia-google-regulator/australian-regulator-files-privacy-suit-against-google-alleging-location-data-misuse-idUSKBN1X804X">the ACCC alleges that Google breached the Australian Consumer Law (ACL)</a> by misleading its users during the years 2017 and 2018 by:</p> <ul> <li>not properly disclosing that two different settings need to be switched off if consumers do not want Google to collect, keep and use their location data, and</li> <li>not disclosing to consumers on which pages personal location data can be used for a purposes unrelated to the consumer’s use of Google services.</li> </ul> <p>Some of the alleged breaches carry penalties of up to A$10 million or 10% of annual turnover.</p> <p>According to the ACCC, Google’s account settings on Android phones and tablets have led consumers to believe that changing a setting on the “Location History” page stops the company from collecting, storing and using their location data. It alleges that Google failed to make clear to consumers that they would actually need to change their choices on a separate setting titled “Web &amp; App Activity” to prevent this from occurring.</p> <p>It is well known that Google collects and uses consumers’ personal location data for purposes other than providing Google services to consumers, although users are often surprised to realise just how much information these tech giants have and profit from.</p> <p>For example, Google uses location data for its navigation platforms, using the data to work out demographic information for the sole purposes of selling targeted advertising. And, as it has become increasingly clear, digital platforms have the ability to track consumers when they are <a href="https://www.sydneycriminallawyers.com.au/blog/smile-facebook-may-soon-be-filming-you/">both online and offline</a> to create highly detailed personal profiles.</p> <p>These profiles are then used to sell products and services, but companies like the ACCC believe the way the information is gathered is misleading or deceptive, and could also breach <a href="http://www.sydneycriminallawyers.com.au/blog/police-hacking-in-australia-a-case-of-breach-of-privacy/">privacy laws</a>.</p> <p><strong>No ‘blanket’ protection for users globally</strong></p> <p>The closest thing to a cross-jurisdiction set of rules regarding privacy rights is the General Data Protection Regulation (EU) 2016/679 (GDPR), which were introduced in 2018 and govern data protection and privacy in the European Union (EU) and the European Economic Area (EEA).</p> <p>The regulation also addresses the transfer of personal data outside the EU and EEA areas. The instrument aims to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the rules within the EU.</p> <p>Not all companies and organisations have adopted the GDPR. Rather, only those with offices in an EU country or that collect, process or store the personal data of anyone located within an EU country are required to comply with the rules.</p> <p>But because many businesses have an international focus and reach, <a href="https://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/">many Australian businesses have adopted the regulations</a> and given consumers some assurances regarding privacy.</p> <p>And the GDPR laws do have teeth. In January, a French regulator fined Google 50 million euros (about AUD$82 million) for breaches of privacy laws. And Ireland’s Data Protection Commissioner is currently investigating Google over contravening the privacy rules.</p> <p>Facebook is also under fire for privacy breaches as well as for misuse of data. Last year, it was fined a record-breaking $5 billion in the United States over the misuse of data and inadequate vetting of misinformation campaigns, which were used together to help sway the 2016 presidential election in favour of Donald Trump.</p> <p><strong>Beware of posting or uploading information</strong></p> <p>In the meantime, the ACCC has not yet specified the nature and scope of the corrective notices and other orders it is seeking against Google.</p> <p>However, the regulator has sent warnings to <a href="https://www.sydneycriminallawyers.com.au/blog/thinking-of-getting-a-digital-assistant-device-think-again/">all technology users to be vigilant</a> in updating their privacy settings and being aware the information they provide when setting up devices and apps can be used and, indeed, profited from by tech companies.</p> <p><em>Written by Sonia hickey and Ugur Nedim. Republished with permission of <a href="https://www.sydneycriminallawyers.com.au/blog/beware-your-private-data-could-be-shared-with-strangers/">Sydney Criminal Lawyers.</a> </em></p> <p> </p>

Art

Placeholder Content Image

Booking data shows new hotspot that beats out iconic Aussie favourites

<p><span style="font-weight: 400;">According to new booking data, a city is set to be the hot spot for Aussie and overseas tourists this year.</span></p> <p><span style="font-weight: 400;">Online travel agency </span><span style="font-weight: 400;">Trip.com</span><span style="font-weight: 400;"> has revealed to </span><a href="https://www.news.com.au/travel/australian-holidays/western-australia/early-booking-data-has-revealed-australias-new-hotspot-for-2020/news-story/7d7e52ada59c75ffcb998beb252e49c4"><span style="font-weight: 400;">news.com.au</span></a><span style="font-weight: 400;"> that bookings have already been made for travellers from January 1 to the 31</span><span style="font-weight: 400;">st</span><span style="font-weight: 400;"> of December for this year to this one destination.</span></p> <p><span style="font-weight: 400;">It’s Perth.</span></p> <p><span style="font-weight: 400;">The West Australian capital has the most hotels pre-booked in 2020 by Australians, which puts it well ahead of usual favourites Sydney, the Gold Coast and Melbourne.</span></p> <blockquote style="background: #FFF; border: 0; border-radius: 3px; box-shadow: 0 0 1px 0 rgba(0,0,0,0.5),0 1px 10px 0 rgba(0,0,0,0.15); margin: 1px; max-width: 540px; min-width: 326px; padding: 0; width: calc(100% - 2px);" class="instagram-media" data-instgrm-captioned="" data-instgrm-permalink="https://www.instagram.com/p/B6zvHzTob96/?utm_source=ig_embed&amp;utm_campaign=loading" data-instgrm-version="12"> <div style="padding: 16px;"> <div style="display: flex; flex-direction: row; align-items: center;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 40px; margin-right: 14px; width: 40px;"></div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 100px;"></div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 60px;"></div> </div> </div> <div style="padding: 19% 0;"></div> <div style="display: block; height: 50px; margin: 0 auto 12px; width: 50px;"></div> <div style="padding-top: 8px;"> <div style="color: #3897f0; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: 550; line-height: 18px;">View this post on Instagram</div> </div> <p style="margin: 8px 0 0 0; padding: 0 4px;"><a style="color: #000; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: normal; line-height: 17px; text-decoration: none; word-wrap: break-word;" rel="noopener" href="https://www.instagram.com/p/B6zvHzTob96/?utm_source=ig_embed&amp;utm_campaign=loading" target="_blank">‘Postcard perfection’ from @troy.a.sullivan taken on a recent #Rottnest adventure. The diversity of coral species, marine life and shipwrecks in the clear waters around #Rottnestisland make it a fascinating spot for #snorkelling 🐟🤿! Popular #beaches and #bays to snorkel include The Basin, Parakeet Bay, Parker Point, Little Salmon Bay and Little Armstrong Bay. 📷@troy.a.sullivan #justanotherdayinwa #westernaustralia #thisisWA #rotto #seeperth #indianocean #perthlife #rottnestislandwa #snorkelaustralia #snorkel #summerholidays</a></p> <p style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; line-height: 17px; margin-bottom: 0; margin-top: 8px; overflow: hidden; padding: 8px 0 7px; text-align: center; text-overflow: ellipsis; white-space: nowrap;">A post shared by <a style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: normal; line-height: 17px;" rel="noopener" href="https://www.instagram.com/rottnestislandwa/?utm_source=ig_embed&amp;utm_campaign=loading" target="_blank"> Rottnest Island</a> (@rottnestislandwa) on Jan 1, 2020 at 11:10pm PST</p> </div> </blockquote> <p><span style="font-weight: 400;">Perth is also the number one spot for international visitors booking hotels in Australia. They’re heading to Perth, then Adelaide and then the Gold Coast, according to the data.</span></p> <p><span style="font-weight: 400;">One spot in particular is catching the attention of Aussies and overseas travellers alike, as there are some cute and cuddly animals on the island.</span></p> <p><span style="font-weight: 400;">Rottnest Island, home of the quokka, has tourists heading to Perth in droves.</span></p> <blockquote style="background: #FFF; border: 0; border-radius: 3px; box-shadow: 0 0 1px 0 rgba(0,0,0,0.5),0 1px 10px 0 rgba(0,0,0,0.15); margin: 1px; max-width: 540px; min-width: 326px; padding: 0; width: calc(100% - 2px);" class="instagram-media" data-instgrm-permalink="https://www.instagram.com/p/B6g8Y8mIEjR/?utm_source=ig_embed&amp;utm_campaign=loading" data-instgrm-version="12"> <div style="padding: 16px;"> <div style="display: flex; flex-direction: row; align-items: center;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 40px; margin-right: 14px; width: 40px;"></div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 100px;"></div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 60px;"></div> </div> </div> <div style="padding: 19% 0;"></div> <div style="display: block; height: 50px; margin: 0 auto 12px; width: 50px;"></div> <div style="padding-top: 8px;"> <div style="color: #3897f0; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: 550; line-height: 18px;">View this post on Instagram</div> </div> <p style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; line-height: 17px; margin-bottom: 0; margin-top: 8px; overflow: hidden; padding: 8px 0 7px; text-align: center; text-overflow: ellipsis; white-space: nowrap;"><a style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: normal; line-height: 17px; text-decoration: none;" rel="noopener" href="https://www.instagram.com/p/B6g8Y8mIEjR/?utm_source=ig_embed&amp;utm_campaign=loading" target="_blank">A post shared by Rottnest Island (@rottnestislandwa)</a> on Dec 25, 2019 at 4:00pm PST</p> </div> </blockquote> <p><span style="font-weight: 400;">“Perth has really come of age, we have a vast area of either brand new or refurbished hotels and are very competitive on price,” Destination Perth CEO Tracey Cinavas-Prosser said in a statement.</span></p>

Domestic Travel

Placeholder Content Image

iPhone 11 pro models reportedly sending data to Apple despite permissions being turned off

<p><span style="font-weight: 400;">Cybersecurity expert Brian Krebs has alerted the public about a worrisome location tracking feature on Apple’s latest iPhone 11 Pro.</span></p> <p><span style="font-weight: 400;">He revealed on his website </span><a href="https://krebsonsecurity.com/2019/12/the-iphone-11-pros-location-data-puzzler/"><span style="font-weight: 400;">KrebsOnSecurity</span></a><span style="font-weight: 400;"> that even if you turn off your location services on the latest iPhone, the phone intermittently tracks your location and sends the data to Apple anyway. </span></p> <p><span style="font-weight: 400;">The Location Services Privacy policy reads:</span></p> <p><span style="font-weight: 400;">“Location services allows Apple and third-party apps and websites to gather and use information based on the current location of your iPhone. If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple to be used for augmenting this crowdsourced database of Wi-Fi hotspot and cell tower locations.”</span></p> <p><span style="font-weight: 400;">However, in the video below, you can see the purple arrows which mean that location services are still being used despite the services being turned off.</span></p> <div class="embed-responsive embed-responsive-16by9"><iframe class="embed-responsive-item" src="https://www.youtube.com/embed/37_3hd_SK24"></iframe></div> <p><span style="font-weight: 400;">Krebs notified Apple and said that an engineer got back to him, saying that they “do not see any actual security implications”.</span></p> <p><span style="font-weight: 400;">“We do not see any actual security implications,” an Apple engineer wrote to Mr Krebs.</span></p> <p><span style="font-weight: 400;">“It is expected behaviour that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings.”</span></p> <p><span style="font-weight: 400;">Mr Krebs tried to replicate the tracking issue on an earlier iPhone 8 but was unable to, which points to a possible issue with the iPhone 11 Pro devices themselves instead of the software.</span></p> <p><span style="font-weight: 400;">Apple later disclosed to Krebs that the behaviour is tied to the inclusion of a new short-range technology that lets iPhone 11 users share files locally with other nearby users that support this feature. </span></p> <p><span style="font-weight: 400;">Apple also said that a future version of its mobile operating system will allow users to disable it.</span></p>

Technology

Placeholder Content Image

Hackers are getting smarter by targeting councils and governments

<p>In recent weeks, <a href="https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/">Johannesburg’s computer network was held for ransom</a> by a hacker group called Shadow Kill Hackers. This was the <a href="https://www.bbc.com/news/technology-49125853">second time</a> in three months a ransomware attack has hit South Africa’s largest city. This time, however, hackers didn’t pose the usual threat.</p> <p>Rather than denying the city <a href="https://www.hkcert.org/ransomware.hk/ransomware-basic.html">access to its data</a>, the standard blackmail in a ransomware attack, they threatened to publish it online. This style of attack, known as <a href="https://en.wikipedia.org/wiki/Ransomware#Leakware_(also_called_Doxware)">leakware</a>, allows hackers to target more victims in a single attack – in this case the city’s citizens.</p> <p>The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyberattack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates.</p> <p><strong>A new plan of attack</strong></p> <p>During the Johannesburg attack, city employees received a computer message saying hackers had “compromised all passwords and sensitive data such as finance and personal population information”. In exchange for not uploading the stolen data online, destroying it and revealing how they executed the breach, the hackers demanded four bitcoins (worth about A$52,663) - “a small amount of money” for a vast city council, they said.</p> <p><em><a href="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">The hacker group operated a Twitter account, on which they posted a photo showing the directories they had access to.</span> <span class="attribution"><span class="source">ShadowKillGroup/twitter</span></span></em></p> <p>In this case, access to data was not denied. But the threat of releasing data online can put enormous pressure on authorities to comply, or they risk releasing citizens’ sensitive information, and in doing so, betraying their trust.</p> <p>The city of Johannesburg decided <a href="https://coingeek.com/we-shall-not-pay-the-ransom-johannesburg-tells-hackers/">not to pay the ransom</a> and to restore systems on its own. Yet we don’t know whether the data has been released online or not. The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks.</p> <p><a href="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">This login screen message was displayed on computers in Johannesburg following the attack.</span> <span class="attribution"><span class="source">pule_madumo/twitter</span></span></p> <p>Another notable leakware attack happened a decade ago against the US state of Virginia. <a href="https://www.govtech.com/security/Cyber-Criminal-Demands-10-Million.html">Hackers stole</a> prescription drug information from the state and tried obtaining a ransom by threatening to either release it online, or sell it to the highest bidder.</p> <p><strong>When to trust the word of a cybercriminal?</strong></p> <p>Ransomware attack victims face two options: <a href="https://www.sciencedirect.com/science/article/pii/S1361372316300367">pay, or don’t pay</a>. If they choose the latter, they need to try other methods to recover the data being kept from them.</p> <p>If a ransom is paid, criminals will often decrypt the data as promised. They do this to encourage compliance in future victims. That said, paying a ransom <a href="https://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/">doesn’t guarantee the release or decryption of data</a>.</p> <p>The type of attack experienced in Johannesburg poses a new incentive for criminals. Once the attackers have stolen the data, and have been paid the ransom, the data still has extractive value to them. This gives them <a href="https://arxiv.org/pdf/1707.06247.pdf">duelling incentives</a> about whether to publish the data or not, as publishing it would mean they could continue to extort value from the city by targeting citizens directly.</p> <p>In cases where victims decide not to pay, the solution so far has been to have strong, separate and updated <a href="https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html">data backups</a>, or use one of <a href="https://www.nomoreransom.org/en/index.html">the passkeys available online</a>. Passkeys are decryption tools that help regain access to files once they’ve been held at ransom, by applying a repository of keys to unlock the most common types of ransomware.</p> <p>But these solutions don’t address the negative outcomes of leakware attacks, because the “<a href="https://www2.deloitte.com/content/dam/Deloitte/bm/Documents/risk/cayman-islands/2017%20Deloitte%20-%20Taking%20data%20hostage%20-%20The%20rise%20of%20ransomware.PDF">hostage</a>” data is not meant to be released to the victim, but to the public. In this way, criminals manage to innovate their way out of being defeated by backups and decryption keys.</p> <p><strong>The traditional ransomware attack</strong></p> <p>Historically, <a href="https://www.techopedia.com/definition/4337/ransomware">ransomware attacks denied users access to their data, systems or services</a> by locking them out of their computers, files or servers. This is done through obtaining passwords and login details and changing them fraudulently through the process of <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>.</p> <p>It can also be done by encrypting the data and converting it to a format that makes it inaccessible to the original user. In such cases, criminals contact the victim and pressure them into paying a ransom in exchange for their data. The criminal’s success depends on both the value the data holds for the victim, and the victim’s inability to retrieve the data from elsewhere.</p> <p>Some cybercriminal groups have even developed complex online “<a href="https://www.computerworld.com/article/3173698/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html">customer support</a>” assistance channels, to help victims buy cryptocurrency or otherwise assist in the process of paying ransoms.</p> <p><strong>Trouble close to home</strong></p> <p>Facing the risk of losing sensitive information, companies and governments often pay ransoms. This is <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">especially true</a> in Australia. Last year, 81% of Australian <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">companies</a> that experienced a cyberattack were held at ransom, and 51% of these paid.</p> <p>Generally, paying tends to <a href="http://www.rmmagazine.com/2016/05/02/ransomware-attacks-pose-growing-threat/">increase the likelihood</a> of future attacks, extending vulnerability to more targets. This is why ransomware is a rising global threat.</p> <p>In the first quarter of 2019, <a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf">ransomware attacks went up by 118%</a>. They also became more targeted towards governments, and the healthcare and legal sectors. Attacks on these sectors are now more lucrative than ever.</p> <p>The threat of leakware attacks is increasing. And as they become more advanced, Australian city councils and organisations should adapt their defences to brace for a new wave of sophisticated onslaught.</p> <p>As history has taught us, it’s <a href="https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack">better to be safe</a> than sorry.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/126190/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/roberto-musotto-872263">Roberto Musotto</a>, Cyber Security Cooperative Research Centre Postdoctoral Fellow, <a href="http://theconversation.com/institutions/edith-cowan-university-720">Edith Cowan University</a> and <a href="https://theconversation.com/profiles/brian-nussbaum-874786">Brian Nussbaum</a>, Assistant Professor at College of Emergency Preparedness, Homeland Security and Cybersecurity, <a href="http://theconversation.com/institutions/university-at-albany-state-university-of-new-york-1978">University at Albany, State University of New York</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">original article</a>.</em></p>

Technology

Placeholder Content Image

What you need to know about YouTube's algorithm system

<p>People watch <a href="https://youtube.googleblog.com/2017/02/you-know-whats-cool-billion-hours.html">more than a billion hours</a> of video on YouTube every day. Over the past few years, the video sharing platform has <a href="https://www.thedailybeast.com/how-youtube-pulled-these-men-down-a-vortex-of-far-right-hate">come under fire</a> for its role in <a href="https://www.nytimes.com/2018/03/10/opinion/sunday/youtube-politics-radical.html">spreading</a> and <a href="https://www.theguardian.com/media/2018/sep/18/report-youtubes-alternative-influence-network-breeds-rightwing-radicalisation">amplifying</a> extreme views.</p> <p>YouTube’s video recommendation system, in particular, has been criticised for radicalising young people and steering viewers down <a href="https://policyreview.info/articles/news/implications-venturing-down-rabbit-hole/1406">rabbit holes</a> of disturbing content.</p> <p>The company <a href="https://youtube.googleblog.com/2019/01/continuing-our-work-to-improve.html">claims</a> it is trying to avoid amplifying problematic content. But <a href="https://dl.acm.org/citation.cfm?doid=3298689.3346997">research</a> from YouTube’s parent company, Google, indicates this is far from straightforward, given the commercial pressure to keep users engaged via ever more stimulating content.</p> <p>But how do YouTube’s recommendation algorithms actually work? And how much are they really to blame for the problems of radicalisation?</p> <p><strong>The fetishisation of algorithms</strong></p> <p>Almost everything we see online is heavily curated. Algorithms decide what to show us in Google’s search results, Apple News, Twitter trends, Netflix recommendations, Facebook’s newsfeed, and even pre-sorted or spam-filtered emails. And that’s before you get to advertising.</p> <p>More often than not, these systems decide what to show us based on their idea of what we are like. They also use information such as what our friends are doing and what content is newest, as well as built-in randomness. All this makes it hard to reverse-engineer algorithmic outcomes to see how they came about.</p> <p>Algorithms take all the relevant data they have and process it to achieve a goal - often one that involves influencing users’ behaviour, such as selling us products or keeping us engaged with an app or website.</p> <p>At YouTube, the “up next” feature is the one that receives most attention, but other algorithms are just as important, including search result rankings, <a href="https://youtube.googleblog.com/2008/02/new-experimental-personalized-homepage.html">homepage video recommendations</a>, and trending video lists.</p> <p><strong>How YouTube recommends content</strong></p> <p>The main goal of the YouTube recommendation system is to keep us watching. And the system works: it is responsible for more than <a href="https://www.cnet.com/news/youtube-ces-2018-neal-mohan/">70% of the time users spend</a> watching videos.</p> <p>When a user watches a video on YouTube, the “up next” sidebar shows videos that are related but usually <a href="https://www.pewinternet.org/2018/11/07/many-turn-to-youtube-for-childrens-content-news-how-to-lessons/">longer and more popular</a>. These videos are ranked according to the user’s history and context, and newer videos are <a href="https://storage.googleapis.com/pub-tools-public-publication-data/pdf/45530.pdf">generally preferenced</a>.</p> <p>This is where we run into trouble. If more watching time is the central objective, the recommendation algorithm will tend to favour videos that are new, engaging and provocative.</p> <p>Yet algorithms are just pieces of the vast and complex sociotechnical system that is YouTube, and there is so far little empirical evidence on their <a href="https://arxiv.org/abs/1908.08313">role</a> in processes of radicalisation.</p> <p>In fact, <a href="https://journals.sagepub.com/doi/full/10.1177/1354856517736982">recent research</a> suggests that instead of thinking about algorithms alone, we should look at how they interact with community behaviour to determine what users see.</p> <p><strong>The importance of communities on YouTube</strong></p> <p>YouTube is a quasi-public space containing all kinds of videos: from musical clips, TV shows and films, to vernacular genres such as “how to” tutorials, parodies, and compilations. User communities that create their own videos and use the site as a social network have played an <a href="https://books.google.com.au/books?id=0NsWtPHNl88C&amp;source=gbs_book_similarbooks">important role</a> on YouTube since its beginning.</p> <p>Today, these communities exist alongside <a href="https://journals.sagepub.com/doi/full/10.1177/1329878X17709098">commercial creators</a> who use the platform to build personal brands. Some of these are far-right figures who have found in YouTube a home to <a href="https://datasociety.net/output/alternative-influence/">push their agendas</a>.</p> <p>It is unlikely that algorithms alone are to blame for the radicalisation of a previously “<a href="https://www.wired.com/story/not-youtubes-algorithm-radicalizes-people/">moderate audience</a>” on YouTube. Instead, <a href="https://osf.io/73jys/">research</a> suggests these radicalised audiences existed all along.</p> <p>Content creators are not passive participants in the algorithmic systems. They <a href="https://journals.sagepub.com/doi/10.1177/1461444819854731">understand how the algorithms work</a> and are constantly improving their <a href="https://datasociety.net/output/data-voids/">tactics</a> to get their videos recommended.</p> <p>Right-wing content creators also know YouTube’s policies well. Their videos are often “borderline” content: they can be interpreted in different ways by different viewers.</p> <p>YouTube’s community guidelines restrict blatantly harmful content such as hate speech and violence. But it’s much harder to police content in the grey areas between jokes and bullying, religious doctrine and hate speech, or sarcasm and a call to arms.</p> <p><strong>Moving forward: a cultural shift</strong></p> <p>There is no magical technical solution to political radicalisation. YouTube is working to minimise the spread of borderline problematic content (for example, conspiracy theories) by <a href="https://youtube.googleblog.com/2019/01/continuing-our-work-to-improve.html">reducing their recommendations</a> of videos that can potentially misinform users.</p> <p>However, YouTube is a company and it’s out to make a profit. It will always prioritise its commercial interests. We should be wary of relying on technological fixes by private companies to solve society’s problems. Plus, quick responses to “fix” these issues might also introduce harms to politically edgy (activists) and minority (such as sexuality-related or LGBTQ) communities.</p> <p>When we try to understand YouTube, we should take into account the different factors involved in algorithmic outcomes. This includes systematic, long-term analysis of what algorithms do, but also how they combine with <a href="https://policyreview.info/articles/news/implications-venturing-down-rabbit-hole/1406">YouTube’s prominent subcultures</a>, their <a href="https://arxiv.org/abs/1908.08313">role</a> in political polarisation, and their <a href="https://datasociety.net/pubs/oh/DataAndSociety_MediaManipulationAndDisinformationOnline.pdf">tactics</a> for managing visibility on the platform.</p> <p>Before YouTube can implement adequate measures to minimise the spread of <a href="https://journals.sagepub.com/doi/pdf/10.1177/0894439314555329">harmful content</a>, it must first understand what cultural norms are thriving on their site – and being amplified by their algorithms.</p> <hr /> <p><em>The authors would like to acknowledge that the ideas presented in this article are the result of ongoing collaborative research on YouTube with researchers Jean Burgess, Nicolas Suzor, Bernhard Rieder, and Oscar Coromina.</em><!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/125494/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/ariadna-matamoros-fernandez-577257">Ariadna Matamoros-Fernández</a>, Lecturer in Digital Media at the School of Communication, <a href="http://theconversation.com/institutions/queensland-university-of-technology-847">Queensland University of Technology</a> and <a href="https://theconversation.com/profiles/joanne-gray-873764">Joanne Gray</a>, Lecturer in Creative Industries, <a href="http://theconversation.com/institutions/queensland-university-of-technology-847">Queensland University of Technology</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/dont-just-blame-youtubes-algorithms-for-radicalisation-humans-also-play-a-part-125494">original article</a>.</em></p>

Technology

Placeholder Content Image

How to manage your phone's data use

<p>Smartphones give you access to a wealth of information and media, but most networks put a cap on the amount of data you can use each month. A typical phone contract includes a data allowance of between 500MB and 10GB per month; the more data, the higher the monthly cost. Your usage can mount up surprisingly quickly – watching a film on the phone is about 700MB in SD, an hour of streaming TV is around 500MB or 60-140MB for the same of radio, chatting on Skype for an hour is around 40MB. Try these tips to better manage your data usage:</p> <ul> <li>If possible, wait until you can connect to free Wi-Fi before using your phone’s data features.</li> <li>When you are on the road, use your car’s GPS, not your phone, to find your way. The phone has to download map data as you move, but maps are preloaded in a GPS, making this free to use.</li> <li>Be careful of how many “free” games you play on the move. Many of these are funded by ads that pop up on your screen. Every ad has to download through your network, using up your data allowance.</li> <li>If you regularly need to use a lot of data on your phone, consider a data-compressing app, such as Onavo (<a href="http://www.onavo.com/">www.onavo.com</a>). It compresses</li> <li>data before it is fed to your phone, so you use less of your monthly allowance. You may have to subscribe to such compression services, so you’ll need to weigh up whether it’s worth the cost.</li> </ul> <p><strong>Travel Smart</strong></p> <p>Using your phone overseas can be costly. Before you go, see if your carrier offers prepaid or flat-rate roaming. At your destination, if your phone is unlocked, you can buy a local prepaid SIM to replace yours, or buy a cheap prepaid phone and use free Wi-Fi for internet.</p> <p><em>This article first appeared in </em><span><a rel="noopener" href="https://www.readersdigest.co.nz/money/How-to-Manage-Your-Phone-Data-Use" target="_blank"><em>Reader’s Digest</em></a><em>. For more of what you love from the world’s best-loved magazine, </em><a href="http://readersdigest.innovations.co.nz/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRN93V"><em>here’s our best subscription offer.</em></a></span></p> <p><img style="width: 100px !important; height: 100px !important;" src="https://oversixtydev.blob.core.windows.net/media/7820640/1.png" alt="" data-udi="umb://media/f30947086c8e47b89cb076eb5bb9b3e2" /></p>

Retirement Income

Placeholder Content Image

What to do if your data has been hacked

<p>Unless you’ve been staying offline – in which case you won’t even be reading this piece – chances are you’ve got some information stored online.</p> <p>From basic ones like your name and address to something more personal like your health data, date of birth or credit card details.</p> <p>It’s become so common that we sometimes don’t even think twice about keying in these bits of info whenever we start a new account.</p> <p>Unfortunately, that means there’s a fair bit of data about us that can be stolen online, sometimes through no fault of our own.</p> <p>Take, for example, the recent SingHealth breach in Singapore where the hackers accessed the information of 1.5 million people, including Prime Minister Lee Hsien Loong.</p> <p>And then there’s the Facebook fiasco earlier this year where the data of 87 million people around the world was improperly shared with British political consulting firm, Cambridge Analytica.</p> <p>Having your data stolen is the digital equivalent of losing your wallet – and will give you an equally big headache.</p> <p>As long as there is information about you available online, you are vulnerable.</p> <p>The concern is, we never quite know in what way our data will be used against us down the road once it gets in the hands of hackers.</p> <p>If you’ve ever had your data stolen, here are 5 things you should immediately do in order to minimise the damage:</p> <p><strong>1. Find out what was stolen</strong></p> <p>You will be informed via email, mail or text message if your data was stolen and what was likely accessed.</p> <p>Is it just your login credentials or did the thieves get away with your credit card and identity card info?</p> <p>Take note, however, that scammers can also take advantage of situations like these and send you a phishing email or text message to try and get your personal information.</p> <p>These can look and sound like they come from the official company but are actually fraudulent.</p> <p>To be safe, don’t clink on any links provided.</p> <p>Just head straight to the company’s website to find out how you can get help.</p> <p><strong>2. Change your login information</strong></p> <p>Change your login credentials, such as your username and password, for the affected site.</p> <p>Then log in to other sites that use the same login information and change those too.</p> <p>Hackers will use the same login information across different websites to try and gain access as many people tend to reuse usernames and passwords.</p> <p><strong>3. Change your security questions</strong></p> <p>If you’ve provided the answers to several security questions, such as your mother’s maiden name, make sure to change these questions and answers as well.</p> <p>If a hacker has access to that compromised information, he can reset your passwords.</p> <p><strong>4. Check your credit card accounts</strong></p> <p>If your credit card information is one of the details that has been stolen, call your bank and let them know.</p> <p>You may want to be safe and ask to cancel the card and get a new one.</p> <p><strong>5. Update all your other online accounts</strong></p> <p>Use this opportunity to update all your logins and passwords for your different accounts. It’s best to use different passwords for different sites and services, so if information on one account has been compromised, it can’t be used to access other services.</p> <p>You don’t have to come up with completely different passwords, just a slight variation. Consider using a passphrase. For example, your password could be “ihtsosin2018”, which stands for “I have to stop online shopping in 2018”<em>.</em></p> <p><em>Written by Siti Rohani. This article first appeared in <a href="https://www.readersdigest.com.au/true-stories-lifestyle/thought-provoking/what-do-if-your-data-has-been-hacked">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a rel="noopener" href="http://readersdigest.innovations.co.nz/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRN93V" target="_blank">here’s our best subscription offer</a>.</em></p>

Technology