Privacy and data protection

Australia’s digital identity systems in danger of fregmentation

Australia is making strides in digital identity implementation yet faces challenges in interoperability and inclusivity among government levels and the private sector. As Australia’s ConnectID celebrates its first anniversary, Managing Director Andrew Black reflected on significant progress, highlighted by the adoption of mobile driver licences and the Digital ID Act.

These developments symbolise the country’s dedication to enhancing its digital ID infrastructure. However, Black warns of fragmentation risks as various systems develop in isolation, raising concerns about potential inefficiencies and user frustration due to lack of cohesion.

ConnectID aims to bridge these interconnectivity gaps by fostering collaboration between public and private initiatives, exemplified through their service expansion to over 10 million customers and the creation of the JapanAustralia Cross-Border Interoperability Working Group. Black emphasised the importance of continuous strategic interaction to prevent system conflicts and ensure technically compatible, user-focused solutions. The initiative underlines the need for a unified approach to avoid diverging systems that could hinder innovation and user satisfaction.

Meanwhile, New South Wales’ newly appointed digital minister Jihad Dib advocates for an inclusive approach to digital identity, viewing it as a ‘people strategy’. Dib stressed the importance of seamless, equitable digital access for all, aiming for comprehensive digital service availability by 2030. He noted the goal of continuing his predecessor’s efforts while aligning with federal standards to prevent digital congestion akin to traffic gridlock.

Why does it matter?

Challenges faced by the Australian digital ID stress the importance of a collaborative digital identity system that prioritises interoperability and inclusivity. The key features are crucial for public trust and widespread adoption.

The broader understanding is that digital identity should be seen as more than a technical or legislative issue. It is a social challenge warranting a balance between innovation and accessibility.

AI in waste management raises privacy concerns

Cities are increasingly turning to AI to enhance waste management and reduce contamination in recycling and composting efforts. In East Lansing, Michigan, where a significant student population often contributes to recycling contamination, city officials have launched a pilot program using AI to address the issue. The initiative includes equipping recycling trucks with AI-powered cameras that identify non-recyclable items and sending personalised postcards to residents to inform them of their mistakes. This approach has reportedly led to a 20% reduction in recycling contamination.

Despite these promising results, privacy concerns have arisen regarding the collection of personal data through these AI systems. Experts warn that the information gathered from residents’ trash could expose sensitive details about their lives, potentially leading to identity theft or misuse by authorities. For instance, a discarded pregnancy test could be used against a woman in states with strict abortion laws. This phenomenon, referred to as ‘mission creep,’ raises alarms about how technologies designed for one purpose can evolve into surveillance tools.

City officials, like East Lansing’s environmental sustainability manager Cliff Walls and Leduc’s environmental manager Michael Hancharyk, acknowledge these privacy issues and are taking steps to mitigate risks. They emphasise working with vendors to ensure data protection and transparency with residents. Hancharyk noted that his city had to comply with Alberta’s privacy regulations before implementing its program.

While acknowledging the importance of improving waste management, cybersecurity experts stress the need for municipalities to carefully weigh the benefits of AI against the potential risks to residents’ privacy. They advocate for thorough assessments of new technologies and their implications, particularly for sensitive populations. As cities continue to innovate in waste management, striking a balance between efficiency and privacy will be crucial.

Vedomosti reports increased iPhone purchases by Russian government amid security concerns

Russian government spending on iPhones between January and September was four times higher than during the same period last year, according to Vedomosti. Security warnings and restrictions on some officials have not prevented these purchases.

The Federal Security Service (FSB) last year accused the US of using spyware to compromise thousands of iPhones. Although Apple rejected the claim, officials preparing for the 2024 presidential election were instructed to avoid iPhones over espionage concerns.

Contracts for iPhones totalled 6.9 million roubles for the first nine months of 2024, compared to 1.6 million the previous year. Despite the digital ministry banning iPhones for work purposes, officials and institutions continue to procure them.

Demand for the latest iPhone 16 remains strong, with consumers relying on grey-market imports after Apple halted direct exports due to the conflict in Ukraine. Even with higher prices, interest in Apple products across Russia shows no signs of slowing.

Vodafone pushes for cybersecurity reforms in Greece

Vodafone Greece, in collaboration with the Hellenic Foundation for European and Foreign Policy (ELIAMEP), presented a set of proposed cybersecurity policies to Michalis Bletsas, Governor of the National Cybersecurity Authority. The initiative stems from public opinion surveys conducted by Metron Analysis on the views of Greek citizens and businesses on digital security, and a roundtable discussion at the Delphi Economic Forum’s Center for Cybersecurity.

The project identifies key issues in Greece’s cybersecurity landscape, such as fragmented policies, weak public-private sector collaboration, and a lack of a cybersecurity culture among workers. The proposals aim to improve anticipation, prevention, resilience, and response to cyber threats by reforming Greece’s legislative framework and raising awareness about digital security. Bletsas noted that these proposals align with the European NIS2 Directive, which is currently under public consultation.

Maria Skagou, Vodafone Greece’s Director of Legal and Regulatory Affairs, emphasised the importance of cybersecurity in today’s digital age, stressing the need for risk prevention, staff training, and public awareness to address evolving threats.

Qatar CRA launches pioneering consumer protection policy in telecommunications sector

The Communications Regulatory Authority (CRA) has introduced a comprehensive Communications Consumer Protection Policy and Regulation to enhance consumer rights and ensure fair practices within Qatar’s telecommunications sector. The policy establishes clear rules that service providers must follow and covers crucial areas such as advertising standards, billing transparency, contract fairness, data privacy, and protection from unsolicited marketing and spam.

Additionally, it guarantees uninterrupted access to emergency services while setting clear procedures for handling consumer complaints and disputes. Moreover, by modernising the regulatory framework, the new policy replaces outdated regulations, including the 2014 Telecommunications Consumer Protection Policy, thus ensuring a more robust protection system. It is also aligned with Qatar’s Vision 2030 and Digital Agenda 2030, ensuring that consumer protection is improved and supports broader national goals.

Furthermore, the CRA’s initiative reflects its proactive approach to safeguarding consumer rights and maintaining a competitive telecommunications environment in Qatar. The CRA significantly strengthens its leadership in consumer protection and innovation by holding service providers to higher standards and ensuring that consumers have access to clear information and reliable services. As a result, this policy not only addresses consumers’ immediate needs but also ensures that Qatar’s telecommunications sector remains at the forefront of technological advancement and regulatory best practices.

Internet Archive faces major cybersecurity breach amid targeted attacks

The Internet Archive, the world’s largest digital library, is facing new security troubles after recently recovering from a series of cyber-attacks. On 20 October, users and media outlets reported receiving an email that appeared to come from the Internet Archive Team, revealing a stolen access token for the library’s Zendesk account, a customer service platform. The email claimed the Internet Archive had failed to rotate several exposed API keys, including one that allowed access to over 800,000 support tickets since 2018.

The email, although unauthorised, seemed legitimate as it passed security checks, indicating it might have come from an official Zendesk server. Security experts, including the group Vx-underground, believe the hackers still have persistent access to the Archive’s systems, sending a clear message about unresolved vulnerabilities. Jake Moore, a cybersecurity advisor at ESET, stressed the importance of swift audits after such attacks, warning that attackers often return to test new defences.

The recent cyber-attacks on the Internet Archive included distributed denial-of-service (DDoS) attacks, website defacement, and a data breach. While the pro-Palestinian hacktivist group BlackMeta claimed responsibility for the DDoS attacks, the data breach involved a separate threat actor. According to reports, the breach was caused by an exposed GitLab configuration file, allowing the hacker to download source code and access sensitive information, including the Zendesk API tokens.

Experts warn that the attack may have compromised over 800 support tickets. Despite criticism for not rotating API keys, Internet Archive faces significant challenges in fully understanding the extent of the breach and preventing further exploitation. Ev Kontsevoy, CEO of Teleport, emphasised the importance of having a clear view of access relationships to manage incidents without widespread disruption.

The Internet Archive and its founder, Brewster Kahle, have not publicly commented on the issue. Both Internet Archive and GitLab have also yet to respond to requests for more information.

The situation remains ongoing as the digital library works to address the security flaws that continue to leave it vulnerable.

News Corp sues AI firm Perplexity over copyright violations

News Corp, the media giant behind outlets like The Wall Street Journal and the New York Post, has filed a lawsuit against the AI search engine Perplexity, accusing the company of infringing on its copyrighted content. According to the lawsuit, Perplexity allegedly copies and summarises large quantities of News Corp’s articles, analyses, and opinions without permission, potentially diverting revenue from the original publishers. The AI startup, which positions itself as a tool to help users ‘skip the links’ to full articles, is claimed to have harmed the financial interests of news outlets by discouraging users from visiting the sources.

The lawsuit goes beyond accusations of content scraping, stating that Perplexity has sometimes reproduced material verbatim and falsely attributed facts or even invented news stories under News Corp’s name. News Corp claims it sent a cease-and-desist letter to Perplexity in July but received no response, prompting the legal action. Perplexity has also faced similar accusations from other major publications like Wired, Forbes, and The New York Times, with concerns over scraping content, bypassing paywalls, and plagiarism.

In the lawsuit, News Corp asks the court to order Perplexity to stop using its content without authorisation and destroy any databases containing its works. CEO Robert Thomson condemned Perplexity’s practices as abusing intellectual property that harms journalists and content creators. Thomson did, however, commend other companies like OpenAI, which have made deals with News Corp and other outlets to use their content for AI training legally.

Perplexity has yet to comment on the lawsuit, though it has started paying some publishers, including Time and Fortune, for the use of their content. As the legal battle unfolds, the case highlights growing tensions between traditional media companies and AI platforms over the use of copyrighted material.

Meta faces legal challenge on Instagram’s impact on teenagers

Meta Platforms is facing a lawsuit in Massachusetts for allegedly designing Instagram features to exploit teenagers’ vulnerabilities, causing addiction and harming their mental health. A Suffolk County judge rejected Meta’s attempt to dismiss the case, asserting that claims under state consumer protection law remain valid.

The company argued for immunity under Section 230 of the Communications Decency Act, which shields internet firms from liability for user-generated content. However, the judge ruled that this protection does not extend to Meta’s own business conduct or misleading statements about Instagram’s safety measures.

Massachusetts Attorney General Andrea Joy Campbell emphasised that the ruling allows the state to push for accountability and meaningful changes to safeguard young users. Meta expressed disagreement, maintaining that its efforts demonstrate a commitment to supporting young people.

The lawsuit highlights internal data suggesting Instagram’s addictive design, driven by features like push notifications and endless scrolling. It also claims Meta executives, including CEO Mark Zuckerberg, dismissed concerns raised by research indicating the need for changes to improve teenage users’ well-being.

Meta reintroduces facial recognition for celebrity scam protection

Meta, the parent company of Facebook, is testing facial recognition technology again, three years after halting its use due to privacy concerns. This time, the company focuses on combating ‘celeb bait’ scams, which use public figures’ images in fraudulent advertisements. Meta plans to enrol around 50,000 celebrities in a trial program that will automatically compare their profile photos with those in suspicious ads. If the system detects a match, Meta will block the ad and notify the celebrities who can opt out of the program.

The trial, which will begin globally in December, excludes regions where regulatory clearance has yet to be obtained, such as Britain, the European Union, South Korea, and certain US states states like Texas and Illinois. Meta’s vice president of content policy, Monika Bickert, explained that the program protects celebrities from being exploited in scam ads, a growing problem on social media platforms. Meta aims to offer this protection while allowing participants to choose whether to participate in the trial.

The initiative comes at a time when Meta is balancing the need to address rising scam concerns while avoiding past criticisms over user data privacy. In 2021, Meta shut down its previous facial recognition system and deleted the face scan data of a billion users, citing growing concerns over biometric data use. Earlier this year, the company faced a $1.4 billion fine in Texas for allegedly collecting biometric data illegally.

In addition to targeting scam ads, Meta is also considering using facial recognition data to help everyday users regain access to their accounts, especially in cases where they’ve been hacked or forgotten their passwords. Meta emphasises that all facial data generated by the new system will be deleted immediately after use, regardless of whether a scam is detected. The tool has undergone extensive internal and external privacy reviews before being implemented.

Ride-hailing app Yango suspended in Togo over safety concerns

Togo’s transport ministry has suspended the operations of Yango, a ride-hailing app owned by Yandex, the tech giant from Russia, due to security concerns. The app had been operating in the West African nation since June, but the ministry stated Yango was functioning without proper authorisation and in violation of national regulations.

The decision to suspend Yango was driven by concerns over passenger safety, as well as the app’s failure to adhere to the country’s legal procedures. The ministry emphasised the need to ensure that transportation services in Togo operate in compliance with local laws.

Effective immediately, Yango’s services have been halted across the entire national territory. The company has not yet commented on the suspension or provided any response to requests for information.

Yango, which had only recently entered the Togolese market, now faces an indefinite pause in operations as the government prioritises safety and regulatory compliance for ride-hailing services.