The ABC is still promoting its now-mandatory ‘iView Login’ without dealing with unresolved questions, particularly about adequate disclosure of their apparent intent to export individual-level, ineffectively de-identified iView account usage data to foreign third party commercial surveillance
companies like Tealium, Google and Facebook.
Evidence prompting our questions was revealed recently by noted IT security and cryptography researcher, Dr Vanessa Teague, published here. Dr Teague’s analysis suggested that the weak efforts to de-identify iView account users by ‘hashing’ their email address in the export data would fall at the first serious attempt at re-identification, especially if the recipient has lots of potentially matching data (as is to be the case here).
The Australian Privacy Foundation (APF) recently raised questions about the removal of non-
account access to iView in several open letters, published here. But ABC now appears to have closed the door to further consultation after a brief, inconclusive response, declining to clarify factual questions about this practice or to address related, unresolved issues.
This casts doubt on the validity of user consent to the iView contract terms (including its privacy policy), which people must give in order to use iView. The potential for misleading effects of continued publicity efforts omitting the relevant information is of concern.
“It is disappointing that “our” ABC – whose journalists often investigate and break stories about privacy-intrusive data practices and threats to personal information security – has declined to provide a definitive answer about the evidence. iView usage data may be intended for routine disclosure to data aggregators and marketing businesses with a history of privacy abuse” said David Vaile, chair of the APF. “If iView consents were invalid due to failure to provide proper information about these practices, the data recipients and their implications and risks, then the operation of iView may be in breach of privacy law.”
“Unless these questions can be resolved, users concerned about their data security and privacy may now need to reconsider their use of iView, or to adopt defensive measures like ‘burner’ email addresses or mass sharing of accounts. It is unfortunate a flagship public service, ostensibly “our” ABC, one the community expects should be promoting best practice, trustworthy safe computing and full disclosure is leaving the facts and policy issues unresolved, putting self-respecting users in an invidious position.”
Media Contacts for Australian Privacy Foundation board members:
companies like Tealium, Google and Facebook.
Evidence prompting our questions was revealed recently by noted IT security and cryptography researcher, Dr Vanessa Teague, published here. Dr Teague’s analysis suggested that the weak efforts to de-identify iView account users by ‘hashing’ their email address in the export data would fall at the first serious attempt at re-identification, especially if the recipient has lots of potentially matching data (as is to be the case here).
The Australian Privacy Foundation (APF) recently raised questions about the removal of non-
account access to iView in several open letters, published here. But ABC now appears to have closed the door to further consultation after a brief, inconclusive response, declining to clarify factual questions about this practice or to address related, unresolved issues.
This casts doubt on the validity of user consent to the iView contract terms (including its privacy policy), which people must give in order to use iView. The potential for misleading effects of continued publicity efforts omitting the relevant information is of concern.
“It is disappointing that “our” ABC – whose journalists often investigate and break stories about privacy-intrusive data practices and threats to personal information security – has declined to provide a definitive answer about the evidence. iView usage data may be intended for routine disclosure to data aggregators and marketing businesses with a history of privacy abuse” said David Vaile, chair of the APF. “If iView consents were invalid due to failure to provide proper information about these practices, the data recipients and their implications and risks, then the operation of iView may be in breach of privacy law.”
“Unless these questions can be resolved, users concerned about their data security and privacy may now need to reconsider their use of iView, or to adopt defensive measures like ‘burner’ email addresses or mass sharing of accounts. It is unfortunate a flagship public service, ostensibly “our” ABC, one the community expects should be promoting best practice, trustworthy safe computing and full disclosure is leaving the facts and policy issues unresolved, putting self-respecting users in an invidious position.”
Media Contacts for Australian Privacy Foundation board members:
David Vaile | 0414 731 249 | chair@privacy.org.au |
Dr Juanita Fernando | 0408 131 535 | juanita.fernando@privacy.org.au |