The US Federal Communications Commission last month granted Elon Musk’s SpaceX permission to launch 4,425 satellites that will provide affordable high speed broadband internet to consumers.
The Starlink network will be accessible in the US and around the world – including in areas where the internet is currently unavailable or unreliable.
SpaceX isn’t the only company investing in global internet infrastructure. Facebook, Google and Microsoft all have various projects underway to deliver high speed connectivity to remote and rural areas.
It’s all part of a trend of private companies attempting to breach the digital divide and wage a battle for the global internet.
But entrusting market forces to build critical internet resources and infrastructure is problematic. These companies aren’t obligated to operate in the interest of consumers. In some cases their practices could serve to further entrench the existing digital divide.
Half the world’s population can’t access the internet
The internet is embedded in social, personal and economic life across the developed world.
But access varies significantly between industrialised nations that boast high per capita incomes, and developing nations with largely poor, rural populations.
For example, 94% of South Korean adults and 93% of Australian adults have access to the internet, compared with just 22% of Indians and 15% of Pakistanis.
As society becomes increasingly dependent on the internet, nations and communities need equal access. Otherwise legacy inequalities will become further entrenched and new divides will emerge, potentially creating a “permanent underclass”.
Tech giants battle it out
The tech giants have been investing heavily in critical infrastructure in recent years.
New investments centre on atmospheric, stratospheric and satellite delivery strategies.
Along with SpaceX’s constellation of small satellites, Facebook’s internet.org uses atmospheric drones to deliver internet to rural and remote areas. Google’s Project Loon uses high altitude navigable balloons for the same purpose.
Private investors who build infrastructure are driven by commercial imperatives rather than a need to deliver social benefits. And that dynamic can entrench and exacerbate existing – and create new – digital, social and economic divides.
Facebook’s Free Basics is a program that aims to provide cheap internet services to consumers in developing countries. It currently operates in 63 developing nations.
Critics say the service is a blatant a strategy to extend Facebook’s global dominance to the developing world. It’s also been accused of violating net neutrality by strictly controlling participating sites to eliminate Facebook’s competitors.
Technology is not neutral
Privately owned and operated internet infrastructure can also become a means of social control.
Termination of internet services is a notorious tactic used by authoritarian regimes to repress dissent by disrupting communication and censoring information. But private entities may also exercise control over infrastructure outside of government regulation.
For example, when WikiLeaks published government correspondence in 2010, Amazon and AnyDNS withdrew the services that maintained the Wikileaks website. Mastercard, Paypal and VISA terminated services through which the organisation received funding for its activities.
These companies were not acting under government direction, citing violations of their Acceptable Use policies to justify their decisions. Harvard professor Yochai Benckler said at the time:
Commercial owners of the critical infrastructures of the networked environment can deny service to controversial speakers, and some appear to be willing to do so at a mere whiff of public controversy.
SpaceX must meet a host of technical conditions before Starlink can be activated. But we shouldn’t assume that providing internet access to developing countries will lead to an ecosystem from which economic or social benefits will flow.
Up to 400 Australian organisations may have been snared in a massive hacking incident detailed today. The attack, allegedly engineered by the Russian government, targeted millions of government and private sector machines globally via devices such as routers, switches, and firewalls.
This follows a cyber attack orchestrated by Iranian hackers revealed last month, which targeted Australian universities.
… support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.
The Russians’ modus operandi was to target end-of-life devices and those without encryption or authentication, thereby compromising routers and network infrastructure. In doing so, they secured legitimate credentials from individuals and organisations with weak password protections in order to take control of the infrastructure.
Cyber attacks are key to modern conflict
This is not the first instance of Russian aggression.
The US city of Atlanta last month was crippled by a cyber attack and many of its systems are yet to recover – including the court system. In that case, attackers used the SamSam ransomware, which also uses network infrastructure to infiltrate IT systems, and demanded a ransom payment in Bitcoin.
Iran has conducted cyber attacks against numerous targets in the US, Israel, UAE, and other countries. In turn, Iran was subjected to a cyber attack on April 7 that saw computer screens display the US flag with the warning “don’t mess with our elections”.
Prosecuting hackers is ineffective
The US government has launched prosecutions against hackers – most recently against nine Iranians for the cyber attacks on universities. However, prosecutions are of limited efficacy when hackers are beyond the reach of US law enforcement and unlikely to be surrendered by their home countries.
As I have written previously, countries such as Australia and the US cannot watch passively as rogue states conduct cyber attacks against targets within our jurisdiction.
Strong countermeasures must be taken in self defence against the perpetrators wherever they are located. If necessary, self defence must be preemptive – any potential perpetrators must be crippled before they are able to launch strikes on organisations here.
Reactive measures are a weak deterrent, and our response should include a first strike cyber attack option where there is credible intelligence about imminent attacks. Notably, the UK has threatened to use conventional military strikes against cyber attacks. This may be an overreaction at this time.
Educating the public is essential
Numerous cyber attacks in recent years – including the current attack – have targeted common household devices, such as routers. As a result, the security of public infrastructure relies to some extent on the security practices of everyday Australians.
So, what role should the government play in ensuring Australians are securing their devices?
Unfortunately, cybersecurity isn’t as simple as administering an annual flu shot. It’s not feasible for the government to issue cybersecurity software to residents since security patches are likely to be out-of-date before the next attack.
But the government should play a role in educating the public about cyber attacks and securing public internet services.
The city of New York has provided a free app to all residents called NYC Secure that is aimed at educating people. It is also adding another layer of security to its free wifi services to protect users from downloading malicious software or accessing phishing websites. And the city of Jonesboro, Georgia is putting up a firewall to secure its services.
Australian city administrations must adopt similar strategies alongside a sustained public education effort. A vigilant public is a necessary component in our collective security strategy against cyber attacks.
This cannot be achieved without significant investment. In addition to education campaigns, private organisations – banks, universities, online sellers, large employers – must be leveraged into ensuring their constituents do not enable attacks through end-of-life devices, unsupported software, poor password protection policies and lack of encryption.
Governments must also prioritise investment in their own IT and human resources infrastructure. Public sector IT talent has always lagged the private sector due to pay imbalances, and other structural reasons.
It is difficult for governments to attain parity of technical capabilities with Russian or North Korean hackers in the short term. The only solution is a strong partnership – in research, detection tools, and counter-response strategies – with the private sector.
The Atlanta attack illustrates the perils of inaction – an audit report shows the city was warned months in advance but did nothing. Australian cities must not make the same mistake.
The government has strongly challenged the Telecommunications Industry Ombudsman (TIO) after its report showed complaints about services delivered over the NBN surged by 204% in the second half of 2017, compared with the same period a year earlier.
Communications Minister Mitch Fifield also announced details of a review, earlier flagged, of the telecommunications consumer protections framework, saying the high level of complaints about telecommunications services generally showed “the existing model for complaints handling and redress is not working”.
Fifield said the way the information regarding the 22,827 complaints about services delivered over the NBN was presented in the TIO report, released Tuesday, “could give the impression that responsibility for this figure rests with NBN Co”.
But advice to the government from NBN Co was that of these complaints, less than 5% were sent to NBN Co as complaints to resolve.
The NBN has been been heavily criticised for a slow rollout – although it says it has met every target for the past 14 quarters – low speeds and connection problems, generating high levels of complaints.
The six months to December saw a 39% increase in NBN premises activated.
The government and NBN Co are also focusing on the 16% fall in the rate of complaints about these services from the first to the second half of 2017.
In January to June of 2017, there were 19,683 complaints about services delivered over the NBN, making the picture better for the NBN when comparisons are made between the first and second halves of the year.
But the TIO report warns generally about comparisons of the two halves of the same year because of seasonal variations, preferring to compare the same period of each year. The government rejects the seasonal variation argument, saying the TIO itself has previously made comparisons within a year. It also believes the TIO is letting retailers off the hook.
The TIO is an industry-funded complaints resolution body. The NBN is not represented on its board.
The TIO report includes complaints for the six months to December covering mobile and fixed line telephony and both pre-NBN and NBN broadband.
It received nearly 85,000 complaints in total, which was a 28.7% rise over the same period in 2016. There was a 30.7% increase in complaints from residential consumers, and a 15.6% rise in those from small businesses.
Total complaints decreased from the 92,000 in the first half of 2017.
Fifield said that no matter who was the responsible party, the complaints figures were too high. “The current model for protecting consumers needs reform”.
The review, to provide for the post 2020 environment, will be undertaken in three parts to ensure consumers
… have access to an effective complaints handling and redress scheme;
… have reliable telecommunications services including reasonable timeframes for connections, fault repairs and appointments, as well as potential compensation or penalties against providers;
… are able to make informed choices and are treated fairly by their providers in service, contracts, billing, credit and debt management and switching providers.
Meanwhile chief executive of NBN Co Bill Morrow will present an upbeat account of the network’s impact in a speech at the National Press Club on Tuesday.
He will say the network generated an extra $1.2 billion in economic activity in 2017 and is encouraging more women to become their own bosses.
Morrow, who is leaving his job at the end of the year, will present figures prepared by the economic advisory firm AlphaBeta, using census data, modelling and polling to estimate the impact of the network – labelled “the nbn effect”.
He will say that “nbn-connected women are becoming self-employed at twice the overall rate of self-employment growth in nbn areas.
“In percentage terms, these results are stunning. The number of self-employed women in nbn regions grew at an average 2.3% every year, compared to just 0.1% annual average growth in female entrepreneurs in non-nbn areas.
“If this trend continues, up to 52,200 additional Australian women will be self-employed by the end of the rollout due to the ‘nbn effect’”, he will say.
The 2017 overall $1.2 billion estimated increase in economic activity – through new jobs, businesses and greater productivity – excludes the economic stimulus of the rollout itself.
“By the end of the rollout, this ‘nbn effect’ is predicted to have multiplied to $10.4 billion a year,” Morrow will say. “This represents an extra 0.07 percentage points to GDP growth, or 2.7% of the estimated GDP growth rate in 2021. By the end of the rollout, the ‘nbn effect’ is forecast to have helped create 31,000 additional jobs,” Morrow will say.
The network is now more than halfway built. About one in three homes and businesses are connected. The rollout is due to be completed by the end of 2020. Morrow has been CEO since 2014.
To explain shadow profiles simply, let’s imagine a simple social group of three people – Ashley, Blair and Carmen – who already know one another, and have each others’ email address and phone numbers in their phones.
If Ashley joins Facebook and uploads her phone contacts to Facebook’s servers, then Facebook can proactively suggest friends whom she might know, based on the information she uploaded.
For now, let’s imagine that Ashley is the first of her friends to join Facebook. The information she uploaded is used to create shadow profiles for both Blair and Carmen — so that if Blair or Carmen joins, they will be recommended Ashley as a friend.
Next, Blair joins Facebook, uploading his phone’s contacts too. Thanks to the shadow profile, he has a ready-made connection to Ashley in Facebook’s “People You May Know” feature.
At the same time, Facebook has learned more about Carmen’s social circle — in spite of the fact that Carmen has never used Facebook, and therefore has never agreed to its policies for data collection.
Despite the scary-sounding name, I don’t think there is necessarily any malice or ill will in Facebook’s creation and use of shadow profiles.
It seems like a earnestly designed feature in service of Facebooks’s goal of connecting people. It’s a goal that clearly also aligns with Facebook’s financial incentives for growth and garnering advertising attention.
But the practice brings to light some thorny issues around consent, data collection, and personally identifiable information.
Some of the questions Zuckerberg faced this week highlighted issues relating to the data that Facebook collects from users, and the consent and permissions that users give (or are unaware they give).
Facebook is often quite deliberate in its characterisations of “your data”, rejecting the notion that it “owns” user data.
That said, there are a lot of data on Facebook, and what exactly is “yours” or just simply “data related to you” isn’t always clear. “Your data” notionally includes your posts, photos, videos, comments, content, and so on. It’s anything that could be considered as copyright-able work or intellectual property (IP).
What’s less clear is the state of your rights relating to data that is “about you”, rather than supplied by you. This is data that is created by your presence or your social proximity to Facebook.
Examples of data “about you” might include your browsing history and data gleaned from cookies, tracking pixels, and the like button widget, as well as social graph data supplied whenever Facebook users supply the platform with access to their phone or email contact lists.
Like most internet platforms, Facebook rejects any claim to ownership of the IP that users post. To avoid falling foul of copyright issues in the provision of its services, Facebook demands (as part of its user agreements and Statement of Rights and Responsibilites) a:
…non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details…
Part of the reason we keep seeing data scares like this is that Facebook’s lacklustre messaging around user rights and data policies have contributed to confusion, uncertainty and doubt among its users.
It was a point that Republican Senator John Kennedy raised with Zuckerberg this week (see video).
After the grilling
Zuckerberg and Facebook should learn from this congressional grilling that they have struggled and occasionally failed in their responsibilities to users.
It’s important that Facebook now makes efforts to communicate more strongly with users about their rights and responsibilities on the platform, as well as the responsibilities that Facebook owes them.
This should go beyond a mere awareness-style PR campaign. It should seek to truly inform and educate Facebook’s users, and people who are not on Facebook, about their data, their rights, and how they can meaningfully safeguard their personal data and privacy.
Given the magnitude of Facebook as an internet platform, and its importance to users across the world, the spectre of regulation will continue to raise its head.
Ideally, the company should look to broaden its governance horizons, by seeking to truly engage in consultation and reform with Facebook’s stakeholders – its users — as well as the civil society groups and regulatory bodies that seek to empower users in these spaces.
Despite large investments in the National Broadband Network, the “digital divide” in Australia remains largely unchanged, according to a new report from the Australian Bureau of Statistics.
The Australian Household Use of Information Technology report says we are doing more online, and we are using an increasing number of connected devices. Our homes are more connected.
However, the number of people using the internet is not growing, and the basic parameters of digital inequality in Australia – age, geography, education and income – continue to define access to and uses of online resources.
Almost 2.6 million Australians, according to these ABS figures, do not use the internet. Nearly 1.3 million households are not connected. So what is going on? The ABS data points to the complexity of the social and economic issues involved, but it also helps us identify the key areas of concern.
Who’s missing out
Age is a critical factor. While more than nine in ten people aged between 15 to 54 are internet users, the number drops to eight in ten of those aged 55-64 years, and to under six in ten of those over 65 years.
Most people with jobs (95.1%) are online, compared to just 72.5% of those not employed. Migrants from non-English speaking countries are less connected (81.6%) than those Australian born (87.6%). Those already at a disadvantage – the very people who have the most to gain from all the extraordinary resources of the internet – are missing out.
This is not to say that it is only individuals that will benefit from greater digital inclusion. Raising the level of digital inclusion yields direct benefits for the community, government and business. There are, for instance, clear efficiency gains for government moving services online.
Raising the level of online health engagement for those over 65 years of age (the heaviest users of health care) would provide such a benefit. Currently, just over one in five people in this age category access online health services, substantially below the national average of two in five.
But nor should we focus only on the economic and efficiency gains of inclusion: the social benefits of connection and access to entertainment and information are considerable for most internet users, and especially so for those who are isolated and lonely, as older people may be.
Income and affordability matter
Australians with higher incomes are substantially more likely to have internet access at home than those with lower incomes – 96.9% of the highest quintile (bracket representing one fifth of the sample) income households have access, whereas only 67.4% of the lowest quintile have access.
And better-off Australians appear to be doing more online. Compared to the general population their uses of online banking and shopping, education and health services are higher. They are connected to the internet with multiple devices, with an average of 7.2 devices at home, compared to 4.4 in the lowest income quintile.
The gap between the major cities and the bush has not narrowed over time – 87.9% of those living in major cities have internet access at home, 82.7% in inner regional, 80.7% in outer regional and 77.1% in remote areas. It’s important to note that this survey did not include remote Indigenous communities, where the evidence suggests that internet access is usually very poor.
Among those who are connected, geographical differences in the means of access and modes of engagement with online services suggest a further gap among those who are already disadvantaged. People in remote areas use the internet much less for entertainment and formal education compared to their urban counterparts, which are services that require more bandwidth and better quality connections.
Unfortunately, the ABS did not ask why households do not have home internet access, as it did in 2014-15. That data revealed cost was a factor keeping 198,600 households offline. Unsurprisingly, 148,200 of these households were from the two lowest income quintiles. Cost was the major factor in keeping more than 30,000 of the 76,000 family households (with children under 15) offline.
Given the increasingly central role of the internet in educational activities, the fact that the number of family households without access has not fallen since 2014-15 is concerning.
Affordability will continue to be a problem as more data-intensive services are offered online and the demand for data increases, and as mobile services become increasingly important.
However, cost was not the only reason people gave for non-use. Around 200,000 of the two lowest income households lacked knowledge or confidence to use the internet. Digital ability, and our readiness to make use of the internet, are clearly areas for continuing attention. We know that interventions there can make a difference.
The final survey on household use of IT
This ABS survey is the last of its kind. We hope the Bureau will be able to undertake further surveys in this area. The end of this data series does not signal its lack of relevance, at a time when digital inclusion is more important than ever. On the contrary, it points to a pressing new challenge for governments, the community, and business.
As our service economy increasingly moves online — in education, health, work, and government services — we need to ensure that all Australians, particularly those already disadvantaged, have affordable access to the online world. A reliable evidence base to inform our work in this area is essential.
But the information we have should be enough to spark action in some critical areas. The affordability of broadband is clearly one of these. When we consider, for example, the situation of families with children — where cost is clearly an issue for a significant number of them — we need to recognise that existing policy settings and market mechanisms are not working.
The digital divide is likely to grow
The ABS findings correspond to other recent work in the area. Australian policy has long had the aim of making communications widely accessible across our huge country and dispersed, fairly small population.
But the Australian Digital Inclusion Index has highlighted the problem of affordability and unequal access across economic, social and spatial lines. Australia’s performance also compares poorly to other countries.
The Inclusive Internet Index, produced by The Economist’s Intelligence Unit, rates Australia at 25 out of 86 countries, behind Russia and Hungary.
So despite the egalitarian aspirations embodied in the policy language of the National Broadband Network, the evidence suggests that the Australian internet remains unusually unequal in terms of access and affordability.
Instead of a digital economy designed for everyone, we appear to have created a highly stratified internet, where the distribution of resources and opportunities online reflects Australia’s larger social and economic inequalities. The risk is that over time the digital divide will amplify these. Unfortunately there is little indication in the ABS data that any of the key indicators will change soon.
Facebook announced last week it would discontinue the partner programs that allow advertisers to use third-party data from companies such as Acxiom, Experian and Quantium to target users.
Graham Mudd, Facebook’s product marketing director, said in a statement:
We want to let advertisers know that we will be shutting down Partner Categories. This product enables third party data providers to offer their targeting directly on Facebook. While this is common industry practice, we believe this step, winding down over the next six months, will help improve people’s privacy on Facebook.
Few people seemed to notice, and that’s hardly surprising. These data brokers operate largely in the background.
The invisible industry worth billions
In 2014, one researcher described the entire industry as “largely invisible”. That’s no mean feat, given how much money is being made. Personal data has been dubbed the “new oil”, and data brokers are very efficient miners. In the 2018 fiscal year, Acxiom expects annual revenue of approximately US$945 million.
The data broker business model involves accumulating information about internet users (and non-users) and then selling it. As such, data brokers have highly detailed profiles on billions of individuals, comprising age, race, sex, weight, height, marital status, education level, politics, shopping habits, health issues, holiday plans, and more.
These profiles come not just from data you’ve shared, but from data shared by others, and from data that’s been inferred. In its 2014 report into the industry, the US Federal Trade Commission (FTC) showed how a single data broker had 3,000 “data segments” for nearly every US consumer.
Based on the interests inferred from this data, consumers are then placed in categories such as “dog owner” or “winter activity enthusiast”. However, some categories are potentially sensitive, including “expectant parent”, “diabetes interest” and “cholesterol focus”, or involve ethnicity, income and age. The FTC’s Jon Leibowitz described data brokers as the “unseen cyberazzi who collect information on all of us”.
In Australia, Facebook launched the Partner Categories program in 2015. Its aim was to “reach people based on what they do and buy offline”. This includes demographic and behavioural data, such as purchase history and home ownership status, which might come from public records, loyalty card programs or surveys. In other words, Partner Categories enables advertisers to use data brokers to reach specific audiences. This is particularly useful for companies that don’t have their own customer databases.
The recent Cambridge Analytica furore stemmed from third parties. Indeed, apps created by third parties have proved particularly problematic for Facebook. From 2007 to 2014, Facebook encouraged external developers to create apps for users to add content, play games, share photos, and so on.
Facebook then gave the app developers wide-ranging access to user data, and to users’ friends’ data. The data shared might include details of schooling, favourite books and movies, or political and religious affiliations.
With the Partner Categories program, the buying, selling and aggregation of user data may be largely hidden, but is it unethical? The fact that Facebook has moved to stop the arrangement suggests that it might be.
More transparency and more respect for users
To date, there has been insufficient transparency, insufficient fairness and insufficient respect for user consent. This applies to Facebook, but also to app developers, and to Acxiom, Experian, Quantium and other data brokers.
Users might have clicked “agree” to terms and conditions that contained a clause ostensibly authorising such sharing of data. However, it’s hard to construe this type of consent as morally justifying.
In Australia, new laws are needed. Data flows in complex and unpredictable ways online, and legislation ought to provide, under threat of significant penalties, that companies (and others) must abide by reasonable principles of fairness and transparency when they deal with personal information. Further, such legislation can help specify what sort of consent is required, and in which contexts. Currently, the Privacy Act doesn’t go far enough, and is too rarely invoked.
In its 2014 report, the US Federal Trade Commission called for laws that enabled consumers to learn about the existence and activities of data brokers. That should be a starting point for Australia too: consumers ought to have reasonable access to information held by these entities.
Facebook has also faced scrutiny over its failure to prevent the spread of “fake news” on its platforms, including via an apparent orchestrated Russian propaganda effort to influence the 2016 US presidential election.
Facebook’s actions – or inactions – facilitated breaches of privacy and human rights associated with democratic governance. But it might be that its business model – and those of its social media peers generally – is simply incompatible with human rights.
In some ways, social media has been a boon for human rights – most obviously for freedom of speech.
Previously, the so-called “marketplace of ideas” was technically available to all (in “free” countries), but was in reality dominated by the elites. While all could equally exercise the right to free speech, we lacked equal voice. Gatekeepers, especially in the form of the mainstream media, largely controlled the conversation.
But today, anybody with internet access can broadcast information and opinions to the whole world. While not all will be listened to, social media is expanding the boundaries of what is said and received in public. The marketplace of ideas must effectively be bigger and broader, and more diverse.
Social media played a major role in co-ordinating the massive protests that brought down dictatorships in Tunisia and Egypt, as well as large revolts in Spain, Greece, Israel, South Korea, and the Occupy movement. More recently, it has facilitated the rapid growth of the #MeToo and #neveragain movements, among others.
Video sharing site YouTube seems to automatically guide viewers to the fringiest versions of what they might be searching for. A search on vegetarianism might lead to veganism; jogging to ultra-marathons; Donald Trump’s popularity to white supremacist rants; and Hillary Clinton to 9/11 trutherism.
YouTube, via its algorithm’s natural and probably unintended impacts, “may be one of the most powerful radicalising instruments of the 21st century”, with all the attendant human rights abuses that might follow.
The business model and human rights
Human rights abuses might be embedded in the business model that has evolved for social media companies in their second decade.
Essentially, those models are based on the collection and use for marketing purposes of their users’ data. And the data they have is extraordinary in its profiling capacities, and in the consequent unprecedented knowledge base and potential power it grants to these private actors.
Indirect political influence is commonly exercised, even in the most credible democracies, by private bodies such as major corporations. This power can be partially constrained by “anti-trust laws” that promote competition and prevent undue market dominance.
Anti-trust measures could, for example, be used to hive off Instagram from Facebook, or YouTube from Google. But these companies’ power essentially arises from the sheer number of their users: in late 2017, Facebook was reported as having more than 2.2 billion active users. Anti-trust measures do not seek to cap the number of a company’s customers, as opposed to its acquisitions.
Power through knowledge
In 2010, Facebook conducted an experiment by randomly deploying a non-partisan “I voted” button into 61 million feeds during the US mid-term elections. That simple action led to 340,000 more votes, or about 0.14% of the US voting population. This number can swing an election. A bigger sample would lead to even more votes.
So Facebook knows how to deploy the button to sway an election, which would clearly be lamentable. However, the mere possession of that knowledge makes Facebook a political player. It now knows that button’s the political impact, the types of people it is likely to motivate, and the party that’s favoured by its deployment and non-deployment, and at what times of day.
It might seem inherently incompatible with democracy for that knowledge to be vested in a private body. Yet the retention of such data is the essence of Facebook’s ability to make money and run a viable business.
A study has shown that a computer knows more about a person’s personality than their friends or flatmates from an analysis of 70 “likes”, and more than their family from 150 likes. From 300 likes it can outperform one’s spouse.
This enables the micro-targeting of people for marketing messages – whether those messages market a product, a political party or a cause. This is Facebook’s product, from which it generates billions of dollars. It enables extremely effective advertising and the manipulation of its users. This is so even without Cambridge Analytica’s underhanded methods.
Advertising is manipulative: that is its point. Yet it is a long bow to label all advertising as a breach of human rights.
Advertising is available to all with the means to pay. Social media micro-targeting has become another battleground where money is used to attract customers and, in the political arena, influence and mobilise voters.
While the influence of money in politics is pervasive – and probably inherently undemocratic – it seems unlikely that spending money to deploy social media to boost an electoral message is any more a breach of human rights than other overt political uses of money.
Yet the extraordinary scale and precision of its manipulative reach might justify differential treatment of social media compared to other advertising, as its manipulative political effects arguably undermine democratic choices.
As with mass data collection, perhaps it may eventually be concluded that that reach is simply incompatible with democratic and human rights.
Finally, there is the issue of the spread of misinformation.
While paid advertising may not breach human rights, “fake news” distorts and poisons democratic debate. It is one thing for millions of voters to be influenced by precisely targeted social media messages, but another for maliciously false messages to influence and manipulate millions – whether paid for or not.
In a Declaration on Fake News, several UN and regional human rights experts said fake news interfered with the right to know and receive information – part of the general right to freedom of expression.
Its mass dissemination may also distort rights to participate in public affairs. Russia and Cambridge Analytica (assuming allegations in both cases to be true) have demonstrated how social media can be “weaponised” in unanticipated ways.
Yet it is difficult to know how social media companies should deal with fake news. The suppression of fake news is the suppression of speech – a human right in itself.
The preferred solution outlined in the Declaration on Fake News is to develop technology and digital literacy to enable readers to more easily identify fake news. The human rights community seems to be trusting that the proliferation of fake news in the marketplace of ideas can be corrected with better ideas rather than censorship.
However, one cannot be complacent in assuming that “better speech” triumphs over fake news. A recent study concluded fake news on social media:
… diffused significantly farther, faster, deeper, and more broadly than the truth in all categories of information.
Also, internet “bots” apparently spread true and false news at the same rate, which indicates that:
… false news spreads more than the truth because humans, not robots, are more likely to spread it.
The depressing truth may be that human nature is attracted to fake stories over the more mundane true ones, often because they satisfy predetermined biases, prejudices and desires. And social media now facilitates their wildfire spread to an unprecedented degree.
Perhaps social media’s purpose – the posting and sharing of speech – cannot help but generate a distorted and tainted marketplace of fake ideas that undermine political debate and choices, and perhaps human rights.
It is premature to assert the very collection of massive amounts of data is irreconcilable with the right to privacy (and even rights relating to democratic governance).
Similarly, it is premature to decide that micro-targeting manipulates the political sphere beyond the bounds of democratic human rights.
Finally, it may be that better speech and corrective technology will help to undo fake news’ negative impacts: it is premature to assume that such solutions won’t work.
However, by the time such conclusions may be reached, it may be too late to do much about it. It may be an example where government regulation and international human rights law – and even business acumen and expertise – lags too far behind technological developments to appreciate their human rights dangers.
At the very least, we must now seriously question the business models that have emerged from the dominant social media platforms. Maybe the internet should be rewired from the grassroots, rather than be led by digital oligarchs’ business needs.
a coordinated campaign of cyber intrusions into computer systems belonging to 144 US universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies … [and] the United Nations…
History suggests that this response is unlikely to deter future attacks, and that counter-attacks are a more effective strategy. But would it be justified? Current international law focuses on armed attack, not cyber attack as a justification for state action taken in self-defence.
As cyber attacks become more common, international law needs to clear up this grey area.
How they did it and what was taken
The indictment alleges that defendants Gholamreza Rafatnejad and Ehsan Mohammadi are founders of Mabna Institute – an organisation established for the purpose of scientific espionage. Mabna is alleged to have contracted with Iranian governmental agencies (including the Islamic Revolutionary guard) to conduct hacking on their behalf.
The defendants allegedly engaged in a conspiracy to compromise computer accounts of thousands of professors to steal research data and intellectual property, costing the US approximately US$3.4 billion. They allegedly conducted surveillance and sent professors targeted “spearphishing” emails to lure them into providing access to their computer systems.
Valuable data was transferred from the compromised IT systems to the hackers, according the the indictment. Over 100,000 professors were apparently targeted and approximately 8,000 email accounts compromised.
Private companies were also targeted – none Australian – via “password spraying”, said the US Department of Justice. This is a technique whereby the attacker identifies the email accounts of a target via public search and gains access to the account using common or default passwords.
The prosecution is a necessary, but insufficient response to these cyber attacks.
The defendants are based in Iran and are unlikely to be brought to justice. Previously, US prosecutors have charged Iranian hackers with attacks against financial institutions and a dam in New York to no avail.
Rogue states such as Iran, Russia, and North Korea are only likely to be deterred against conducting cyber attacks if their targets have robust self-defense and counter-attack capabilities. However, the legal status of cyber attacks and the appropriate responses are not clear in international law.
Under the UN Charter, states have an obligation to refrain “from the threat or use of force against the territorial integrity or political independence of any state”. Crucially, states possess an “inherent right of individual or collective self-defence if an armed attack occurs”.
The key questions then are whether a cyber attack amounts to a “use of force”, whether hacking attributable to a state amounts to an “armed attack”, and if a cyber attack violates “territorial integrity”. Traditionally, international law has answered these questions with reference to acts of physical violence – conventional military strikes.
It’s likely that a large scale cyber attack against a state that has physical consequences within its territory may be characterised as a “use of force”, and may violate “territorial integrity” under the charter. For instance, attacks that turn self-driving cars into weapons, knock out nuclear stations or paralyse the power grid might reach this threshold.
But what if the attack is designed to sow confusion or generate internal discord, such as in the case of Russian hacking of the US election? Or attacks directed beyond a particular country? This is a harder question and not settled currently. Similarly, it’s not certain that even large scale hacking would rise to the level of an “armed attack”.
Precedent in international law
In 1984, Nicaragua brought proceedings against the US in response to American support for the Contras (rebels fighting the government). In that case, the International Court of Justice (ICJ) opined that armed attack might also include:
the sending by a State of armed bands on to the territory of another State, if such an operation, because of its scale and effects, would have been classified as an armed attack had it been carried out by regular armed forces.
Crucially, the ICJ underlined the principle of non-intervention:
Intervention is wrongful … [using] methods of coercion, particularly force, either in the direct form of military action or in the indirect form of support for subversive activities in another State.
Based on the Nicaragua case, if a cyber attack has sufficient “scale and effects” it may amount to an armed attack. More importantly, if the attacks are attributable to a state (in this case the Islamic Revolutionary Guard) – or are within its overall or effective control or direction – it would appear that the armed attack would give rise to the right to self-defence.
However, this may be difficult to establish in practice – there may not be sufficient evidence connecting the hacker to the state to show control, and hence attribution.
So, what are the permissible self-defence responses under international law? Could the US launch military strikes against Iran or Russia for these incidents if they are found to be behind these attacks? The legality of such strikes is not clear even though the US might claim such status.
The international community should set bright line rules on this matter before an expansive reading of self-defence triggers war. The NATO Cooperative Cyber Defence Centre of Excellence’s Tallinn Manual 2.0 is a start, but a binding instrument is needed. John Bolton’s appointment as US President Donald Trump’s National Security Advisor makes this an urgent priority because a military strike in response to the next major cyber attack is a realistic prospect.
In the aftermath of revelations about the alleged misuse of Facebook user data by Cambridge Analytica, many social media users are educating themselves about their own digital footprint. And some are shocked at the extent of it.
Last week, one user took advantage of a Facebook feature that enables you to download all the information the company stores about you. He found his call and SMS history in the data dump – something Facebook says is an opt-in feature for those using Messenger and Facebook Lite on Android.
This highlights an issue that we don’t talk about enough when it comes to data privacy: that the security of our data is dependent not only on our own vigilance, but also that of those we interact with.
It’s easy for friends to share our data
In the past, personal data was either captured in our memories or in physical objects, such as diaries or photo albums. If a friend wanted data about us, they would have to either observe us or ask us for it. That requires effort, or our consent, and focuses on information that is both specific and meaningful.
Nowadays, data others hold about us is given away easily. That’s partly because the data apps ask for is largely intangible and invisible, as well as vague rather than specific.
What’s more, it doesn’t seem to take much to get us to give away other people’s data in return for very little, with one study finding 98% of MIT students would give away their friends’ emails when promised free pizza.
Other studies have shown that collaborating in folders on cloud services, such as Google Drive, can result in privacy losses that are 39% higher due collaborators installing third-party apps you wouldn’t choose to install yourself. Facebook’s data download tool poses another risk in that once the data is taken out of Facebook it becomes even easier to copy and distribute.
This shift from personal to interdependent online privacy reliant on our friends, family and colleagues is a seismic one for the privacy agenda.
How much data are we talking about?
With more than 3.5 million apps on Google Play alone, the collection of data from our friends via back-door methods is more common than we might think. The back-door opens when you press “accept” to permissions to give access to your contacts when installing an app.
Then the data harvesting machinery begins its work – often in perpetuity, and without us knowing or understanding what will be done with it. More importantly, our friends never agreed to us giving away their data. And we have a lot of friends’ data to harvest.
The average Australian has 234 Facebook friends. Large-scale data collection is easy in an interconnected world when each person who signs up for an app has 234 friends, and each of them has 234 and, so on. That’s how Cambridge Analytica was apparently able to collect information on up to 50 million users, with permission from just 270,000.
Add to that the fact that the average person uses nine different apps on a daily basis. Once installed, some of these apps can harvest data on a daily basis without your friends knowing and 70% of apps share it with third parties.
We’re more likely to refuse data requests that are specific
However, this can be changed by making a data request more specific – for example, by separating out “contacts” from “photos”. When we asked participants if they had the right to give all the data on their phone, 95% said yes. But when they focused on just contacts, this decreased to 80%.
We can take this further with a thought experiment. Imagine if an app asked you for your “contacts, including your grandmother’s phone number and your daughter’s photos”. Would you be more likely to say no? The reality of what you are actually giving away in these consent agreements becomes more apparent with a specific request.
The silver lining is more vigilance
This new reality not only threatens moral codes and friendships, but can cause harm from hidden viruses, malware, spyware or adware. We may also be subject to prosecution as in a recent German case in which a judge ruled that giving away your friend’s data on Whatsapp without their permission was wrong.
Although company policies on privacy can help, these are difficult to police. Facebook’s “platform policy” at the time the Cambridge Analytica data was harvested only allowed the collection of friends’ data to improve the user experience of an app, while preventing it from being sold on or used for advertising. But this puts a huge burden on companies to police, investigate and enforce these policies. It’s a task few can afford, and even a company the size of Facebook failed.
The silver lining to the Cambridge Analytica case is that more and more people are recognising that the idea of “free” digital services is an illusion. The price we pay is not only our own privacy, but the privacy of our friends, family and colleagues.
Malcolm Turnbull is now connected to the National Broadband Network (NBN) at his Point Piper home on a 100 megabits per second (Mbps) plan, it was revealed in Senate Estimates yesterday. But only because his department intervened to avoid delays affecting other customers.
And while the Prime Minister might be happy with his NBN connection, that’s not the case for the 2.5 million customers waiting on a connection through their pay TV or cable service who have been left in limbo.
Rather than meeting its objective of connecting 90% of homes and workplaces with broadband speeds of up to 100 Mbps, the NBN is looking more like a giant sponge. It soaks up public infrastructure dollars and returns high prices, long delays, unacceptably slow data speeds and service standards that are now the subject of an ACCC investigation.
As a result, a growing number of competitors are bypassing the NBN by undercutting prices and beating performance standards.
The latest challenge to the NBN came after South Australian Premier Jay Weatherill denounced the “very poor NBN outcome” and last week announced A$35 million in funding for an Adelaide fibre network alternative if he is reelected in March 2018.
The plan was warmly welcomed by Mighty Kingdom, an app and games developer who told the ABC, “I don’t have what I need to get me to the rest of the world.”
This follows news announced last year that Adelaide City Council is working with TPG to deliver an NBN-alternative broadband service to local businesses. The service promises fibre internet up to 100 times faster than the NBN, at lower prices, and with no installation costs for city businesses or organisations.
Another telco start-up, DGtek is offering its customers a full fibre alternative service.
Upon its launch in 2016, DGtek’s founder David Klizhov said:
“Ideally the NBN would have worked if it was fibre to the home, but it’s taken quite a lot of time and we thought that we could have a go at the Australian market using technology that’s been implemented already overseas.”
DGtek uses Gigabit Passive Optical Networks (GPON) and runs it directly into tightly packed homes with the dense population of inner Melbourne. As a sweetener, DGtek offers free internet service to government organisations – such as schools and hospitals – in areas they service.
The threat from 5G and other new technologies
New entrant competition is not the only threat to NBN Co. Optus and Telstra are both launching 5G services in 2019. This represents a quantum leap in wireless technology that could win away millions of current and potential NBN customers.
While Vodafone CEO Inaki Berroeta has said that 5G is unlikely to replace the NBN in Australian homes, Optus Managing Director of Networks Dennis Wong recently told BIT Magazine:
Everyone has heard of concepts like self-driving cars, smart homes, AI and virtual reality, however their full potential will require a fast and reliable network to deliver. Seeing 5G data speeds through our trial that are up to 15 times faster than current technologies allows us to show the potential of this transformative technology to support a new eco-system of connected devices in the home, the office, the paddock and in the wider community.
According to iiNet, it is made up of fibre and copper and provides a faster connection than ADSL and most NBN plans. The network is independent from Telstra and differs to NBN in that iiNet’s VDSL2 network uses its own copper lines.
Levelling the field for smaller players
The huge capital requirements of rolling out telecoms infrastructure has always acted to deter more competition in the Australian market. But following a regulatory decision of the ACCC in 2017, smaller entrants can now enjoy cost-based access to some of the largest networks – including Telstra, TPG and Opticom – allowing them to better compete both with the big telcos, and with the NBN.
By providing access to superfast broadband access service (SBAS) and the local bitstream access service (LBAS), new entrants will be able to sell NBN-like fixed line superfast broadband wholesale.
So where to for the NBN?
Yesterday the government released a working paper forecasting that demand for bandwidth will double for households with high internet usage over the next decade. The report also suggests that the NBN is equipped to meet those needs.
However, cost, technology and customer service problems continue to threaten the commercial success of the NBN. Without a radical rethink, it is doomed to fail its initial mission.