The AstraZeneca vaccine and over-65s: we may not have all the data yet, but limiting access could be counterproductive


Kylie Quinn, RMIT University

Last week, a German vaccine advisory committee recommended the AstraZeneca vaccine only be used in 18-64-year-olds, citing a lack of data on the efficacy of the vaccine in people over 65.

Subsequently, the European regulator, the European Medicines Agency, conditionally approved the vaccine for anyone over 18.

What can we make of this? Should we be giving this vaccine to older people or not?

While we don’t yet have all the data we’d like, we don’t have reason to believe this vaccine won’t be at least somewhat effective in older adults. To exclude them from receiving it wouldn’t necessarily be the right approach.

The recommendation

STIKO, a German vaccine advisory committee that reports to the country’s government, was responsible for the draft recommendation which caused the stir. It released a similar final recommendation at the weekend.

While the German government may elect to follow STIKO’s advice or the European Medicines Agency’s guidelines, the latter’s approval carries significant weight. Equivalent to the Therapeutic Goods Administration (TGA) in Australia, this body decides which vaccines may legally be supplied in Europe.

The AstraZeneca vaccine has already received approvals, not singling out older age groups, from multiple international regulators, including those in the United Kingdom, India and Mexico.




Read more:
Germany may not give the Oxford-AstraZeneca vaccine to over-65s, but that doesn’t mean it won’t work


Why did STIKO make this recommendation?

STIKO’s advice is based on the fact it didn’t have enough data to definitively say whether the vaccine will work in older people — not because it won’t.

According to the data we have so far from AstraZeneca’s phase 3 trials, only two out of 660 people in the trial aged over 65 got sick with COVID-19. Two sick people isn’t enough for a strong statistical analysis.

AstraZeneca initially enrolled younger people in its trials, with older people enrolled only later. So data on older people in the original trials and another trial in the United States are still on the way.

A doctor prepares to vaccinate a grey-haired woman.
AstraZeneca’s early trials didn’t include as many older people as younger people.
Shutterstock

What do we know about the vaccine?

We have very good safety data for the AstraZeneca vaccine in older people. Older people actually have significantly lower levels of early side effects after vaccination. This makes sense, as older people’s immune systems don’t tend to react as strongly to vaccines, which would reduce many of these early side effects.

But the vaccine has been shown to induce strong immune responses in older people, which are likely to provide a degree of protection. The European Medicine Agency’s press release on their decision refers to a reasonable likelihood of protection based on this data.

So, just looking at immune responses, it’s reasonable to anticipate the AstraZeneca vaccine will be of some benefit, at least, to older people.




Read more:
Why we should prioritise older people when we get a COVID vaccine


What do we know from other vaccines?

Often, vaccines aren’t as effective in older people as compared to younger people, because their immune responses can be less robust. For example, in 2010-2011 in the US, the flu vaccine was 60% effective in the general population, but only 38% effective in people over 65.

There’s more information on efficacy in older people for other COVID-19 vaccines. Notably, the Pfizer vaccine maintained efficacy of 93.7% for people over 55, compared to 95% overall. Accordingly, it would be reasonable to prioritise the Pfizer vaccine for older people.

But we’re beginning to see that vaccine supply and distribution can be unpredictable, with supply issues for Pfizer and AstraZeneca starting to affect vaccine rollout.

Importantly, all COVID-19 vaccines assessed so far, including the AstraZeneca vaccine, provide a high level of protection against severe disease and death across variants of the SARS-CoV-2 virus.

A health-care worker administers a vaccine to a senior man.
Older people are more susceptible to the coronavirus.
Shutterstock

Limiting access limits options for older people

The question that advisory committees and regulators are weighing up is, should the AstraZeneca vaccine, or any vaccine, be recommended for older people if we know:

  • the vaccine has low risk of side effects

  • the vaccine has a fair but unconfirmed likelihood of providing some benefit

  • COVID-19 has a higher likelihood of severe disease and death in the demographic.

This is tricky to navigate and advice may differ across different vaccines and countries. For example, China is delaying vaccine rollout to older people while it waits for more data.

But conditional approval is a reasonable path to take. It allows for some uncertainty and maintains contact with the manufacturer. It also recognises that the likely benefit of giving older people any available vaccine could outweigh the hypothetical risk that it might not work in the midst of a crushing pandemic.




Read more:
The Oxford vaccine has unique advantages, as does Pfizer’s. Using both is Australia’s best strategy


In any case, approvals from regulators, such as the European Medicines Agency and the TGA, have the most impact — defining who the vaccine can be supplied to in a country.

If regulatory guidelines are kept open to all age groups above 18, it will facilitate access to vaccines for many people who could benefit from them. The next steps are distributing these vaccines, and educating and updating the public with the latest information as it comes to hand.

Crucially, we should support older people in vaccine decisions with two things; good information and easy access to an array of safe, protective vaccines.The Conversation

Kylie Quinn, Vice-Chancellor’s Research Fellow, School of Health and Biomedical Sciences, RMIT University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Data from 45 countries show containing COVID vs saving the economy is a false dichotomy



Shutterstock

Michael Smithson, Australian National University

There is no doubt the COVID-19 crisis has incurred widespread economic costs. There is understandable concern that stronger measures against the virus, from social distancing to full lockdowns, worsen its impact on economies.

As a result, there has been a tendency to consider the problem as a trade-off between health and economic costs.

This view, for example, has largely defined the approach of the US federal government. “I think we’ve learned that if you shut down the economy, you’re going to create more damage,” said US Treasury Secretary Steve Mnuchin in June, as the Trump administration resisted calls to decisively combat the nation’s second COVID wave.

But the notion of a trade-off is not supported by data from countries around the world. If anything, the opposite may be true.

Data from 45 nations

Let’s examine available data for 45 nations from the Organisation for Economic Co-operation and Development, using COVID-19 data and economic indicators.

The COVID-19 statistics we’ll focus on are deaths per million of population. No single indicator is perfect, and these rates don’t always reflect contextual factors that apply to specific countries, but this indicator allows us to draw a reasonably accurate global picture.

The economic indicators we’ll examine are among those most widely used for overall evaluations of national economic performance. Gross domestic product (GDP) per capita is an index of national wealth. Exports and imports measure a country’s international economic activity. Private consumption expenditure is an indicator of how an economy is travelling.

Effects on GDP per capita

Our first chart plots nations’ deaths per million from COVID-19 against the percentage change in per capita GDP during the second quarter of 2020.

The size of each data point shows the scale of deaths per million as of June 30, using a logarithmic, or “log”, scale – a way to display a very wide range of values in compact graphical form.


Log(deaths per million) by percentage change in Q2 2020 GDP per capita.


If suppressing the virus, thereby leading to fewer deaths per million, resulted in worse national economic downturns, then the “slope” in figure 1 would be positive. But the opposite is true, with the overall correlation being -0.412.

The two outliers are China, in the upper-left corner, with a positive change in GDP per capita, and India at the bottom. China imposed successful hard lockdowns and containment procedures that meant economic effects were limited. India imposed an early hard lockdown but its measures since have been far less effective. Removing both from our data leaves a correlation of -0.464.

Exports and imports

Our second chart shows the relationship between deaths per million and percentage change in exports.

If there was a clear trade-off between containing the virus and enabling international trade, we would see a positive relationship between the changes in exports and death-rates. Instead, there appears to be no relationship.


Log(deaths per million) by percentage change in Q2 2020 exports.


Our third chart shows the relationship between deaths per million and percentage change in imports. As with exports, a trade-off would show in a positive relationship. But there is no evidence of such a relationship here either.


Log(deaths per million) by percentage change in Q2 2020 imports.


Consumer spending

Our fourth chart shows the relationship between deaths per million and percentage change in private consumption expenditure. This complements the picture we get from imports and exports, by tracking consumer spending as an indicator of internal economic activity.


Log(deaths per million) by percentage change in Q2 2020 private consumption.


Again, no positive relationship. Instead, the overall negative relationship suggests those countries that succeeded (at least temporarily) in suppressing the virus were better off economically than those countries adopting a more laissez-faire approach.

National wealth

As a postscript to this brief investigation, let’s take a quick look at whether greater national wealth seems to have helped countries deal with the virus.

Our fifth and final chart plots cases per million (not deaths per million) against national GDP per capita.


Log(GDP per capita) by log(cases per million).


If wealthier countries were doing better at suppressing transmission, the relationship should be negative. Instead, the clusters by region suggest it’s a combination of culture and politics driving the effectiveness of nations’ responses (or lack thereof).

In fact, if we examine the largest cluster, of European countries (the green dots), the relationship between GDP per capita and case rates is positive (0.379) – the opposite of what we would expect.




Read more:
Vital Signs: the cost of lockdowns is nowhere near as big as we have been told


It’s not a zero-sum game

The standard economic indicators reviewed here show, overall, countries that have contained the virus also tend to have had less severe economic impacts than those that haven’t.

No one should be misled into believing there is zero-sum choice between saving lives and saving the economy. That is a false dichotomy.

If there is anything to be learned regarding how to deal with future pandemics, it is that rapidly containing the pandemic may well lessen its economic impact.The Conversation

Michael Smithson, Professor, Australian National University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

‘Very convincing evidence’: Pfizer now has the data it needs to apply for COVID vaccine approval



Shutterstock

Kylie Quinn, RMIT University

On Wednesday, Pfizer and BioNTech announced their mRNA vaccine has demonstrated a remarkable 95% efficacy in the “final efficacy analysis” of its phase 3 trial.

The news comes hot on the heels of Pfizer/BioNTech’s interim analysis last week, which pointed to greater than 90% efficacy, and Moderna’s announcement on Monday, also based on an interim analysis, that its vaccine is 94.5% efficacious.

The word “efficacy” describes how well the vaccine offers protection against the target disease during the trial, whereas the word “effectiveness” refers to how well the vaccine protects against the disease in the real world.

This “final efficacy analysis” represents the Pfizer/BioNTech study’s “primary endpoint” — which means there are enough volunteers in the study who have developed COVID-19 to perform a solid evaluation of whether the vaccine is working.

Before the study began, statisticians designing the study identified that 164 people with confirmed COVID-19 would be enough cases to evaluate efficacy (more than 43,000 participants are enrolled in the trial in total).

There were 94 people who had COVID-19 in the interim analysis last week, and they reached 170 people this week — 162 of whom got the placebo and only eight of whom received the vaccine. This is very convincing evidence that this vaccine protects against developing COVID-19 disease.

The fact the primary endpoint was reached so quickly indicates cases are surging in the United States across a lot of the sites where the trial is taking place. Yes, these surging cases are providing more data than anticipated for phase 3 clinical studies; but they also highlight the urgency of the situation in the US.




Read more:
90% efficacy for Pfizer’s COVID-19 mRNA vaccine is striking. But we need to wait for the full data


Deeper insights

Pfizer/BioNTech have provided three additional important pieces of information.

First, the vaccine appears to be safe. Volunteers in the study were asked to report different symptoms after receiving the vaccine, and the most common symptoms of note were fatigue and headaches (3.8% of participants experienced more severe fatigue, and 2% headaches).

Second, the vaccine appears to protect against severe disease. The trial saw ten people become severely unwell with COVID-19, only one of whom had received the vaccine. This is a huge relief, because severe COVID-19 puts immense pressure on health-care systems.

Third, they’ve reported the vaccine has 94% efficacy in older people. This is crucial as older adults are bearing the brunt of COVID-19. In Australia, people over 65 make up only 20% of cases but almost 50% of all ICU admissions and more than 95% of deaths from COVID-19.

This efficacy in older people exceeds what many researchers had anticipated, as vaccines often don’t work as well in this group.

An elderly lady wearing a mask walks with a frame in a garden.
The Pfizer/BioNTech vaccine appears to work equally well in older people.
Shutterstock

It’s not a competition

The Moderna vaccine has also shown promising results on those first two measures — safety and protecting against severe disease. We await data on its efficacy in older people.

This rapid-fire succession of press releases may feel like Pfizer/BioNTech and Moderna are competing for the “biggest” efficacy, but competition is not the driving factor.

The primary endpoints are pre-defined by both companies and, when the study reaches them, an interim or final analysis can be performed. Data and safety monitoring boards, independent from the companies, perform these analyses.




Read more:
Moderna’s COVID vaccine reports 95% efficacy. It means we might have multiple successful vaccines


From a scientific perspective, it’s plausible these two vaccines would have similar efficacy, because they use very similar mRNA vaccine designs. In fact, it’s reassuring they are similar because, in science, we must be able to repeat our results. This gives us confidence the data are correct and that we’ll see similar results outside the lab.

In any scenario, competition is redundant when you consider the size of the problem. Nearly eight billion people around the world urgently need a vaccine. Pfizer/BioNTech and Moderna have each indicated they can make enough vaccines for around 500 million people next year. That still leaves seven billion people needing a vaccine — more than enough of a market for both companies, and more.

Any way you look at it, the real competition is against the virus.

What’s next?

In the coming days, Pfizer/BioNTech will apply to the US Food and Drug Administration (FDA) for an emergency use approval for their vaccine. Moderna and other vaccine developers likely won’t be far behind once they reach their primary endpoints.

Applications to other regulatory bodies around the world will follow, including the Therapeutic Goods Administration in Australia. A successful emergency use approval with the FDA can accelerate approvals with other bodies.




Read more:
How to read results from COVID vaccine trials like a pro


This study will continue for two years to collect “secondary endpoints” — more in-depth details on how the vaccine works and its safety longer term. It will aim to answer three important questions:

  • longevity: how long the vaccine protects people for

  • infection: these latest results show that the vaccine prevents people from getting sick and showing symptoms of COVID-19. But we also need to see whether the vaccine protects people from getting infected in the first place

  • transmission: whether the vaccine reduces the likelihood of an infected but vaccinated person passing the virus on to another person.

It’s fairly straightforward to measure whether a vaccine prevents people from developing disease — you wait for people to report symptoms that could be COVID-19 and then perform a COVID test. Longer timelines and more complicated, laborious lab work are needed to learn about longevity, infection and transmission.

So, there are more insights into the virus and vaccines to come. But these studies are an exciting landmark in vaccine development.




Read more:
Why we should prioritise older people when we get a COVID vaccine


The Conversation


Kylie Quinn, Vice-Chancellor’s Research Fellow, School of Health and Biomedical Sciences, RMIT University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

83% of Australians want tougher privacy laws. Now’s your chance to tell the government what you want



Shutterstock

Normann Witzleb, Monash University

Federal Attorney-General Christian Porter has called for submissions to the long-awaited review of the federal Privacy Act 1988.

This is the first wide-ranging review of privacy laws since the Australian Law Reform Commission produced a landmark report in 2008.

Australia has in the past often hesitated to adopt a strong privacy framework. The new review, however, provides an opportunity to improve data protection rules to an internationally competitive standard.

Here are some of the ideas proposed — and what’s at stake if we get this wrong.




Read more:
It’s time for privacy invasion to be a legal wrong


Australians care deeply about data privacy

Personal information has never had a more central role in our society and economy, and the government has a strong mandate to update Australia’s framework for the protection of personal information.

In the Australian Privacy Commissioner’s 2020 survey, 83% of Australians said they’d like the government to do more to protect the privacy of their data.

The intense debate about the COVIDSafe app earlier this year also shows Australians care deeply about their private information, even in a time of crisis.

Privacy laws and enforcement can hardly keep up with the ever-increasing digitalisation of our lives. Data-driven innovation provides valuable services that many of us use and enjoy. However, the government’s issues paper notes:

As Australians spend more of their time online, and new technologies emerge, such as artificial intelligence, more personal information about individuals is being captured and processed, raising questions as to whether Australian privacy law is fit for purpose.

The pandemic has accelerated the existing trend towards digitalisation and created a range of new privacy issues including working or studying at home, and the use of personal data in contact tracing.

Australians are rightly concerned they are losing control over their personal data.

So there’s no question the government’s review is sorely needed.

Issues of concern for the new privacy review

The government’s review follows the Australian Competition and Consumer Commission’s Digital Platforms Inquiry, which found that some data practices of digital platforms are unfair and undermine consumer trust. We rely heavily on digital platforms such as Google and Facebook for information, entertainment and engagement with the world around us.

Our interactions with these platforms leave countless digital traces that allow us to be profiled and tracked for profit. The Australian Competition and Consumer Commission (ACCC) found that the digital platforms make it hard for consumers to resist these practices and to make free and informed decisions regarding the collection, use and disclosure of their personal data.

The government has committed to implement most of the ACCC’s recommendations for stronger privacy laws to give us greater consumer control.

However, the reforms must go further. The review also provides an opportunity to address some long-standing weaknesses of Australia’s privacy regime.

The government’s issues paper, released to inform the review, identified several areas of particular concern. These include:

  • the scope of application of the Privacy Act, in particular the definition of “personal information” and current private sector exemptions

  • whether the Privacy Act provides an effective framework for promoting good privacy practices

  • whether individuals should have a direct right to sue for a breach of privacy obligations under the Privacy Act

  • whether a statutory tort for serious invasions of privacy should be introduced into Australian law, allowing Australians to go to court if their privacy is invaded

  • whether the enforcement powers of the Privacy Commissioner should be strengthened.

While most recent attention relates to improving consumer choice and control over their personal data, the review also brings back onto the agenda some never-implemented recommendations from the Australian Law Reform Commission’s 2008 review.

These include introducing a statutory tort for serious invasions of privacy, and extending the coverage of the Privacy Act.

Exemptions for small business and political parties should be reviewed

The Privacy Act currently contains several exemptions that limit its scope. The two most contentious exemptions have the effect that political parties and most business organisations need not comply with the general data protection standards under the Act.

The small business exemption is intended to reduce red tape for small operators. However, largely unknown to the Australian public, it means the vast majority of Australian businesses are not legally obliged to comply with standards for fair and safe handling of personal information.

Procedures for compulsory venue check-ins under COVID health regulations are just one recent illustration of why this is a problem. Some people have raised concerns that customers’ contact-tracing data, in particular collected via QR codes, may be exploited by marketing companies for targeted advertising.

A woman uses a QR code at a restaurant
Under current privacy laws, cafe and restaurant operators are exempt from complying with certain privacy obligations.
Shutterstock

Under current privacy laws, cafe and restaurant operators are generally exempt from complying with privacy obligations to undertake due diligence checks on third-party providers used to collect customers’ data.

The political exemption is another area of need of reform. As the Facebook/Cambridge Analytica scandal showed, political campaigning is becoming increasingly tech-driven.

However, Australian political parties are exempt from complying with the Privacy Act and anti-spam legislation. This means voters cannot effectively protect themselves against data harvesting for political purposes and micro-targeting in election campaigns through unsolicited text messages.

There is a good case for arguing political parties and candidates should be subject to the same rules as other organisations. It’s what most Australians would like and, in fact, wrongly believe is already in place.




Read more:
How political parties legally harvest your data and use it to bombard you with election spam


Trust drives innovation

Trust in digital technologies is undermined when data practices come across as opaque, creepy or unsafe.

There is increasing recognition that data protection drives innovation and adoption of modern applications, rather than impedes it.

A woman looks at her phone in the twilight.
Trust in digital technologies is undermined when data practices come across as opaque, creepy, or unsafe.
Shutterstock

The COVIDSafe app is a good example.
When that app was debated, the government accepted that robust privacy protections were necessary to achieve a strong uptake by the community.

We would all benefit if the government saw that this same principle applies to other areas of society where our precious data is collected.


Information on how to make a submission to the federal government review of the Privacy Act 1988 can be found here.




Read more:
People want data privacy but don’t always know what they’re getting


The Conversation


Normann Witzleb, Associate Professor in Law, Monash University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

How political parties legally harvest your data and use it to bombard you with election spam



Robin Worrall/Unsplash, CC BY-SA

Erica Mealy, University of the Sunshine Coast

On Monday October 26, five days ahead of Queensland’s election, many voters received an unsolicited text message from Clive Palmer’s mining company Mineralogy, accusing Labor of planning to introduce a “death tax” and providing a link to an online how-to-vote card for Palmer’s United Australia Party.

Screenshot of campaign text message
Screenshot of a text message sent by Clive Palmer’s Mineralogy.
Author provided

Many recipients angrily wondered how Palmer’s firm had got hold of their contact details, and why they were receiving information that had already been thoroughly debunked.

It’s not clear how many voters received the message, although Deputy Premier Steven Miles accused Palmer of sending it to “hundreds of thousands of Queenslanders”. The message was also sent to many permanent and interstate residents not eligible to vote in the election.

Screenshot of election text message.
Not all of the recipients of this message were in the relevant electorate.
Author provided

But the issue goes deeper than Palmer’s dubious tactics, although his message was a particularly egregious example. This and similar messages have been sent to voters outside the relevant electorate. For example, one message from an independent candidate for the electorate of Macalister was received by a resident of Stafford.

In fact, there’s no law to prevent registered political parties — and the contractors and volunteers who work on their behalf — collecting your contact details and bombarding you with messages, regardless of whether you consented or not.

The problem of spam text messages was also prevalent during the 2019 federal election, when the tactics of Palmer’s United Australia Party in particular were called into question, prompting the party to pledge to stop the practice.




Read more:
From robo calls to spam texts: annoying campaign tricks that are legal


Political candidates, including independents and members of registered political parties, can request access to the Australian Electoral Commission’s database of voters’ contact details, to use in their campaign messaging. And it doesn’t stop there: they can also buy access to voters’ data from “information aggregator” companies such as Sensis, including voters’ names, home addresses, phone numbers and e-mail addresses.

Information aggregators also collect and analyse your publicly available data. Your Twitter, Facebook, LinkedIn, Tiktok or Instagram posts can easily be scraped. If your phone number or email address appears publicly, such as on an advert for a community event or public comment on a town planning submission, it can be collected. Few people realise how large their digital footprint really is.

This can reveal not only your contact details but also your political views. Publicly share a post about environmental concerns or social justice issues and you may have just pigeonholed yourself as a left-leaning voter, potentially putting you in line for targeted campaign messages.

Australia has laws against unsolicited spam, so how do political parties get away with this? Because they are entirely exempt from anti-spam legislation.

How politicians dodge spam laws

Private businesses have to abide by strict federal laws about data privacy and spam. The Privacy Act 1998 and the Spam Act 2003 were enacted to protect the public from unwanted and harmful information sharing.

The Privacy act regulates who may have access to your personal information, how it must be stored and what must happen should that data be compromised. For example, if your data is hacked you must be notified.

As summarised by the Australian Communications and Media Authority (ACMA), Spam is unwanted marketing messages sent via email, text or instant messaging containing offers, advertisements or promotions. Permission to contact you by these means can be part of the terms and conditions of sale or use of a product, through a specific check box or if you make your e-mail or phone number public. Specific exemptions are made in the Spam Act for registered charities, government organisations, educational institutions and registered political parties.

Of course, in an open democracy it makes sense to allow elected officials to communicate directly with the voting public, particularly at election time. But aside from the nuisance and (legal) invasion of privacy, there are two main problems with the current free-for-all.

Problem 1: data security

If a data breach occurs for a non-exempt organisation, such as a bank or government organisation, any person who could be harmed from having information shared must be notified. The types of harm include the potential for identity theft and fraud.

But political parties, being exempt from privacy laws, are also exempt from this responsibility. This means if a political party has a data breach and shares your contact details, it doesn’t have to tell you.

Political parties reportedly maintain detailed databases of their constituents. These databases contain not just personal information held by the electoral commission, but any interactions with elected members, including complaints and contacts with electorate offices.

Problem 2: misinformation

Palmer’s text messages were a blanket salvo rather than tailored to particular voters. Hundreds of voters, and many non-voters, received the same message, despite repeated explicit denials from Labor it’s considering introducing a “death tax”.

In Australia, with an arguably free press and available fact-checking, the public can seek balanced, factual information if they are motivated to do so. But in the internet age, many people are vulnerable to “fake news”, whether through naivete or because of “confirmation bias” — the increased likelihood of believing information that fits with their pre-existing worldview.

What can you do about it?

Screenshot of election campaign message
Clive Palmer’s follow-up message sent on October 29.
Author provided

Until the law changes, there are limited ways to combat political text and email intrusion. The first is judicious use of the block and delete buttons and e-mail spam filters. While not foolproof, this does reduce the potential for receiving messages again from that same number or email. However, this tactic would not have helped avoid a second round of messages sent by Palmer on October 29 from a different number.

The second way to combat these messages is to prevent your data and opinions from reaching political databases. In Australia, there is currently no reliable service to help remove your data from the public view, so the best option is to keep it from getting out in the first place.

To do this, you must always read the terms and conditions before giving away personal data. If you have time, audit your entire public online presence to find all the places on the internet that store your personal data, including on all social media platforms and on personal, professional or community web pages. You must always remain vigilant about protecting your information, which is no simple task.The Conversation

Erica Mealy, Lecturer in Computer Science, University of the Sunshine Coast

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Towards a post-privacy world: proposed bill would encourage agencies to widely share your data


Bruce Baer Arnold, University of Canberra

The federal government has announced a plan to increase the sharing of citizen data across the public sector.

This would include data sitting with agencies such as Centrelink, the Australian Tax Office, the Department of Home Affairs, the Bureau of Statistics and potentially other external “accredited” parties such as universities and businesses.

The draft Data Availability and Transparency Bill released today will not fix ongoing problems in public administration. It won’t solve many problems in public health. It is a worrying shift to a post-privacy society.

It’s a matter of arrogance, rather than effectiveness. It highlights deficiencies in Australian law that need fixing.




Read more:
Australians accept government surveillance, for now


Making sense of the plan

Australian governments on all levels have built huge silos of information about us all. We supply the data for these silos each time we deal with government.

It’s difficult to exercise your rights and responsibilities without providing data. If you’re a voter, a director, a doctor, a gun owner, on welfare, pay tax, have a driver’s licence or Medicare card – our governments have data about you.

Much of this is supplied on a legally mandatory basis. It allows the federal, state, territory and local governments to provide pensions, elections, parks, courts and hospitals, and to collect rates, fees and taxes.

The proposed Data Availability and Transparency Bill will authorise large-scale sharing of data about citizens and non-citizens across the public sector, between both public and private bodies. Previously called the “Data Sharing and Release” legislation, the word “transparency” has now replaced “release” to allay public fears.

The legislation would allow sharing between Commonwealth government agencies that are currently constrained by a range of acts overseen (weakly) by the under-resourced Australian Information Commissioner (OAIC).

The acts often only apply to specific agencies or data. Overall we have a threadbare patchwork of law that is supposed to respect our privacy but often isn’t effective. It hasn’t kept pace with law in Europe and elsewhere in the world.

The plan also envisages sharing data with trusted third parties. They might be universities or other research institutions. In future, the sharing could extend to include state or territory agencies and the private sector, too.

Any public or private bodies that receive data can then share it forward. Irrespective of whether one has anything to hide, this plan is worrying.

Why will there be sharing?

Sharing isn’t necessarily a bad thing. But it should be done accountably and appropriately.

Consultations over the past two years have highlighted the value of inter-agency sharing for law enforcement and for research into health and welfare. Universities have identified a range of uses regarding urban planning, environment protection, crime, education, employment, investment, disease control and medical treatment.

Many researchers will be delighted by the prospect of accessing data more cheaply than doing onerous small-scale surveys. IT people have also been enthusiastic about money that could be made helping the databases of different agencies talk to each other.

However, the reality is more complicated, as researchers and civil society advocates have pointed out.

Person hitting a 'share' button on a keyboard.
In a July speech to the Australian Society for Computers and Law, former High Court Justice Michael Kirby highlighted a growing need to fight for privacy, rather than let it slip away.
Shutterstock

Why should you be worried?

The plan for comprehensive data sharing is founded on the premise of accreditation of data recipients (entities deemed trustworthy) and oversight by the Office of the National Data Commissioner, under the proposed act.

The draft bill announced today is open for a short period of public comment before it goes to parliament. It features a consultation paper alongside a disquieting consultants’ report about the bill. In this report, the consultants refer to concerns and “high inherent risk”, but unsurprisingly appear to assume things will work out.

Federal Minister for Government Services Stuart Roberts, who presided over the tragedy known as the RoboDebt scheme, is optimistic about the bill. He dismissed critics’ concerns by stating consent is implied when someone uses a government service. This seems disingenuous, given people typically don’t have a choice.

However, the bill does exclude some data sharing. If you’re a criminologist researching law enforcement, for example, you won’t have an open sesame. Experience with the national Privacy Act and other Commonwealth and state legislation tells us such exclusions weaken over time

Outside the narrow exclusions centred on law enforcement and national security, the bill’s default position is to share widely and often. That’s because the accreditation requirements for agencies aren’t onerous and the bases for sharing are very broad.

This proposal exacerbates ongoing questions about day-to-day privacy protection. Who’s responsible, with what framework and what resources?

Responsibility is crucial, as national and state agencies recurrently experience data breaches. Although as RoboDebt revealed, they often stick to denial. Universities are also often wide open to data breaches.

Proponents of the plan argue privacy can be protected through robust de-identification, in other words removing the ability to identify specific individuals. However, research has recurrently shown “de-identification” is no silver bullet.

Most bodies don’t recognise the scope for re-identification of de-identified personal information and lots of sharing will emphasise data matching.

Be careful what you ask for

Sharing may result in social goods such as better cities, smarter government and healthier people by providing access to data (rather than just money) for service providers and researchers.

That said, our history of aspirational statements about privacy protection without meaningful enforcement by watchdogs should provoke some hard questions. It wasn’t long ago the government failed to prevent hackers from accessing sensitive data on more than 200,000 Australians.

It’s true this bill would ostensibly provide transparency, but it won’t provide genuine accountability. It shouldn’t be taken at face value.




Read more:
Seven ways the government can make Australians safer – without compromising online privacy


The Conversation


Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Keep calm, but don’t just carry on: how to deal with China’s mass surveillance of thousands of Australians



Shutterstock

Bruce Baer Arnold, University of Canberra

National security is like sausage-making. We might enjoy the tasty product, but want to look away from the manufacturing.

Recent news that Chinese company Zhenhua Data is profiling more than 35,000 Australians isn’t a surprise to people with an interest in privacy, security and social networks. We need to think critically about this, knowing we can do something to prevent it from happening again.

Reports indicate Zhenhua provides services to the Chinese government. It may also provide services to businesses in China and overseas.

The company operates under Chinese law and doesn’t appear to have a presence in Australia. That means we can’t shut it down or penalise it for a breach of our law. Also, Beijing is unlikely to respond to expressions of outrage from Australia or condemnation by our government – especially amid recent sabre-rattling.




Read more:
Journalists have become diplomatic pawns in China’s relations with the West, setting a worrying precedent


Zhenhua is reported to have data on more than 35,000 Australians – a list saturated by political leaders and prominent figures. Names, birthdays, addresses, marital status, photographs, political associations, relatives and social media account details are among the information extracted.

It seems Zhenhua has data on a wide range of Australians, including public figures such as Victorian supreme court judge Anthony Cavanough, Australia’s former ambassador to China Geoff Raby, former NSW premier and federal foreign affairs minister Bob Carr, tech billionaire Mike Cannon-Brookes and singer Natalie Imbruglia.

It’s not clear how individuals are being targeted. The profiling might be systematic. It might instead be conducted on the basis of a specific industry, academic discipline, public prominence or perceived political influence.

It’s unlikely Zhenhua profiles random members of the public. That means there’s no reason for average citizens without a China connection to be worried.

Still, details around the intelligence gathering elude us, so best practise for the public is to maintain as much online privacy as possible, whenever possible.

Overall, we don’t know much about Zhenhua’s goals. And what we do know came from a leak to a US academic who sensibly fled China in 2018, fearing for his safety.

Pervasive surveillance is the norm

Pervasive surveillance is now a standard feature of all major governments, which often rely on surveillance-for-profit companies. Governments in the West buy services from big data analytic companies such as Palantir.

Australia’s government gathers information outside our borders, too. Take the bugging of the Timor-Leste government, a supposed friend rather than enemy.

How sophisticated is the plot?

Revelations about Zhenhua have referred to the use of artificial intelligence and the “mosaic” method of intelligence gathering. But this is probably less exciting than it sounds.

Reports indicate much of the data was extracted from online open sources. Access to much of this would have simply involved using algorithms to aggregate targets’ names, dates, qualifications and work history data found on publicly available sites.

The algorithms then help put the individual pieces of the “mosaic” together and fill in the holes on the basis of each individual’s relationship with others, such as their as peers, colleagues or partners.

Some of the data for the mosaic may come from hacking or be gathered directly by the profiler. According to the ABC, some data that landed in Zhenhua’s lap was taken from the dark web.

One seller might have spent years copying data from university networks. For example, last year the Australian National University acknowledged major personal data breaches had taken place, potentially extending back 19 years.

This year there was also the unauthorised (and avoidable) access by cybercriminals to NSW government data on 200,000 people.

While it may be confronting to know a foreign state is compiling information on Australian citizens, it should be comforting to learn sharing this information can be avoided – if you’re careful.

What’s going on in the black box?

One big question is what Zhenhua’s customers in China’s political and business spheres might do with the data they’ve compiled on Australian citizens. Frankly, we don’t know. National security is often a black box and we are unlikely ever to get verifiable details.

Apart from distaste at being profiled, we might say being watched is no big deal, especially given many of those on the list are already public figures. Simply having an AI-assisted “Who’s Who” of prominent Australians isn’t necessarily frightening.

However, it is of concern if the information collected is being used for disinformation, such as through any means intended to erode trust in political processes, or subvert elections.

For instance, a report published in June by the Australian Strategic Policy Institute detailed how Chinese-speaking people in Australia were being targeted by a “persistent, large-scale influence campaign linked to Chinese state actors”.

Illustration of surveillance camera with Chinese flag draped over.
In June, Prime Minister Scott Morrison announced China was supposedly behind a major state-based attack against several of Australia’s sectors, including all levels of government.
Shutterstock

Deep fake videos are another form of subversion of increasing concern to governments and academics, particularly in the US.




Read more:
Deepfake videos could destroy trust in society – here’s how to restore it


Can we fix this?

We can’t make Zhenhua and its competitors disappear. Governments think they are too useful.

Making everything visible to state surveillance is now the ambition of many law enforcement bodies and all intelligence agencies. It’s akin to Google and its competitors wanting to know (and sell) everything about us, without regard for privacy as a human right.

We can, however, build resilience.

One way is to require government agencies and businesses to safeguard their databases. That hasn’t been the case with the NSW government, Commonwealth governments, Facebook, dating services and major hospitals.

In Australia, we need to adopt recommendations by law reform inquiries and establish a national right to privacy. The associated privacy tort would incentivise data custodians and also encourage the public to avoid oversharing online.

In doing so, we might be better placed to condemn both China and other nations participating in unethical intelligence gathering, while properly acknowledging our own wrongdoings in Timor-Leste.The Conversation

Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

US coronavirus data will now go straight to the White House. Here’s what this means for the world


Erin Smith, Edith Cowan University

Led by physicians, scientists and epidemiologists, the US Centers for Disease Control and Prevention (CDC) is one of the most reliable sources of knowledge during disease outbreaks. But now, with the world in desperate need of authoritative information, one of the foremost agencies for fighting infectious disease has gone conspicuously silent.

For the first time since 1946, when the CDC came to life in a cramped Atlanta office to fight malaria, the agency is not at the front line of a public health emergency.




Read more:
Americans still trust doctors and scientists during a public health crisis


On April 22, CDC director Robert Redfield stood at the White House briefing room lectern and conceded that the coronavirus pandemic had “overwhelmed” the United States. Following Redfield at the podium, President Donald Trump said the CDC director had been “totally misquoted” in his warning that COVID-19 would continue to pose serious difficulties as the US moved into its winter ‘flu season in late 2020.

Invited to clarify, Redfield confirmed he had been quoted correctly in giving his opinion that there were potentially “difficult and complicated” times ahead.

Trump tried a different tack. “You may not even have corona coming back,” the president said, once again contradicting the career virologist. “Just so you understand.”

CDC director Robert Redfield and President Donald Trump offer contrasting interpretations at an April 22 White House briefing.

The exchange was interpreted by some pundits as confirmation that the CDC’s venerated expertise had been sidelined as the coronavirus continued to ravage the US.

In the latest development, the New York Times reported this week the CDC has even been bypassed in its data collection, with the Trump administration ordering hospitals to send COVID-19 data directly to the White House.

Diminished role

When facing previous public health emergencies the CDC was a hive of activity, holding regular press briefings and developing guidance that was followed by governments around the world. But during the greatest public health emergency in a century, it appears the CDC has been almost entirely erased by the White House as the public face of the COVID-19 pandemic response.

This diminished role is obvious to former leaders of the CDC, who say their scientific advice has never before been politicised to this extent.

As the COVID-19 crisis was unfolding, several CDC officials issued warnings, only to promptly disappear from public view. Nancy Messonnier, director of the CDC’s National Center for Immunization and Respiratory Diseases, predicted on February 25 that the virus was not contained and would grow into a pandemic.

The stock market plunged and Messonnier was removed from future White House press briefings. Between March 9 and June 12 there was no CDC presence at White House press briefings on COVID-19.

The CDC has erred during the pandemic, most significantly in its initial efforts to develop a test for COVID-19. The testing kits proved to be faulty – a problem compounded by sluggish efforts to rectify the situation – and then by severe delays in distributing enough tests to the public.

But many public health specialists are nevertheless baffled by the CDC’s low profile as the pandemic continues to sweep the globe.

“They have been sidelined,” said Howard Koh, former US assistant secretary for health. “We need their scientific leadership right now.”

What does it mean for the world?

The CDC being bypassed in the collection of COVID-19 data is another body blow to the agency’s standing.

Hospitals have instead been ordered to send all COVID-19 patient information to a central database in Washington DC.

This will have a range of likely knock-on effects. For starters, the new database will not be available to the public, prompting inevitable questions over the accuracy and transparency of data which will now be interpreted and shared by the White House.

The Department of Health and Human Services, which issued the new order, says the change will help the White House’s coronavirus task force allocate resources. But epidemiologists and public health experts around the world fear the new system will make it harder for people outside the White House to track the pandemic or access information.




Read more:
Even during the coronavirus pandemic, the role of public health workers is unrecognized


This affects all nations, because one of the CDC’s roles is to provide sound, independent public health guidance on issues such as infectious diseases, healthy living, travel health, emergency and disaster preparedness, and drug efficacy. Other jurisdictions can then adapt this information to their local context — expertise that has become even more essential during a pandemic, when uncertainty is the norm.

It is difficult to recall a previous public health emergency when political pressure led to a change in the interpretation of scientific evidence.

What happens next?

Despite the inevitable challenges that come with tackling a pandemic in real time, the CDC remains the best-positioned agency – not just in the US but the entire world – to help us manage this crisis as safely as possible.

In the absence of US leadership, nations should start thinking about developing their own national centres for disease control. In Australia’s case, these discussions have been ongoing since the 1990s, stymied by cost and lack of political will.

COVID-19, and the current sidelining of the CDC, may be the impetus needed to finally dust off those plans and make them a reality.The Conversation

Erin Smith, Associate Professor in Disaster and Emergency Response, School of Medical and Health Sciences, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Australians want to support government use and sharing of data, but don’t trust their data will be safe



File 20190226 150715 ffa5h7.jpg?ixlib=rb 1.1
A new survey reveals community attitudes towards the use of personal data by government and researchers.
Shutterstock

Nicholas Biddle, Australian National University and Matthew Gray, Australian National University

Never has more data been held about us by government or companies that we interact with. Never has this data been so useful for analytical purposes.

But with such opportunities come risks and challenges. If personal data is going to be used for research and policy purposes, we need effective data governance arrangements in place, and community support (social licence) for this data to be used.

The ANU Centre for Social Research and Methods has recently undertaken a survey of a representative sample of Australians to learn their views about about how personal data is used, stored and shared.

While Australians report a high level of support for the government to use and share data, there is less confidence that the government has the right safeguards in place or can be trusted with people’s data.




Read more:
Soft terms like ‘open’ and ‘sharing’ don’t tell the true story of your data


What government should do with data

In the ANUPoll survey of more than 2,000 Australian adults (available for download at the Australian Data Archive) we asked:

On the whole, do you think the Commonwealth Government should or should not be able to do the following?

Six potential data uses were given.

Do you think the Commonwealth Government should or should not be able to … ?
ANU Centre for Social Research and Methods Working Paper

Overall, Australians are supportive of the Australian government using data for purposes such as allocating resources to those who need it the most, and ensuring people are not claiming benefits to which they are not entitled.

They were slightly less supportive about providing data to researchers, though most still agreed or strongly agreed that it was worthwhile.

Perceptions of government data use

Community attitudes to the use of data by government are tied to perceptions about whether the government can keep personal data secure, and whether it’s behaving in a transparent and trustworthy manner.

To measure views of the Australian population on these issues, respondents were told:

Following are a number of statements about the Australian government and the data it holds about Australian residents.

They were then asked to what extent they agreed or disagreed that the Australian government:

  • could respond quickly and effectively to a data breach
  • has the ability to prevent data being hacked or leaked
  • can be trusted to use data responsibly
  • is open and honest about how data are collected, used and shared.

Respondents did not express strong support for the view that the Australian government is able to protect people’s data, or is using data in an appropriate way.

To what extent do you agree or disagree that the Australian Government … ?
ANU Centre for Social Research and Methods Working Paper



Read more:
What are tech companies doing about ethical use of data? Not much


We also asked respondents to:

[think] about the data about you that the Australian Government might currently hold, such as your income tax data, social security records, or use of health services.

We then asked for their level of concern about five specific forms of data breaches or misuse of their own personal data.

We found that there are considerable concerns about different forms of data breaches or misuse.

More than 70% of respondents were concerned or very concerned about the accidental release of personal information, deliberate hacking of government systems, and data being provided to consultants or private sector organisations who may misuse the data.

Level of concern about specific forms of data breaches or misuse of a person’s own data …
ANU Centre for Social Research and Methods Working Paper

More than 60% were concerned or very concerned about their data being used by the Australian government to make unfair decisions. And more than half were concerned or very concerned about their data being provided to academic researchers who may misuse their information.




Read more:
Facebook’s data lockdown is a disaster for academic researchers


Trust in government to manage data

The data environment in Australia is changing rapidly. More digital information about us is being created, captured, stored and shared than ever before, and there is a greater capacity to link information across multiple sources of data, and across multiple time periods.

While this creates opportunities, it also creates the risk that the data will be used in a way that is not in our best interests.

There is policy debate at the moment about how data should be used and shared. If we don’t make use of the data available, that has costs in terms of worse service delivery and less effective government. So, locking data up is not a cost-free option.

But sharing data or making data available in a way that breaches people’s privacy can be harmful to individuals, and may generate a significant (and legitimate) public backlash. This would reduce the chance of data being made available in any form, and mean that the potential benefits of improving the wellbeing of Australians are lost.

If government, researchers and private companies want to be able to make use of the richness of the new data age, there is an urgent and continuing need to build up trust across the population, and to put policies in place that reassure consumers and users of government services.The Conversation

Nicholas Biddle, Associate Professor, ANU College of Arts and Social Sciences, Australian National University and Matthew Gray, Director, ANU Centre for Social Research and Methods, Australian National University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

We’ve been hacked – so will the data be weaponised to influence election 2019? Here’s what to look for


Michael Jensen, University of Canberra

Prime Minister Scott Morrison recently said both the Australian Parliament and its major political parties were hacked by a “sophisticated state actor.”

This raises concerns that a foreign adversary may be intending to weaponise, or strategically release documents, with an eye towards altering the 2019 election outcome.




Read more:
A state actor has targeted Australian political parties – but that shouldn’t surprise us


While the hacking of party and parliamentary systems is normally a covert activity, influence operations are necessarily noisy and public in order to reach citizens – even if efforts are made to obscure their origins.

If a state actor has designs to weaponise materials recently hacked, we will likely see them seek to inflame religious and ethnic differences, as well as embarrass the major parties in an effort to drive votes to minor parties.

If this comes to pass, there are four things Australians should look for.

1. Strategic interest for a foreign government to intervene

If the major parties have roughly the same policy position in relation to a foreign country, a foreign state would have little incentive to intervene, for example, in favour of Labor against the Coalition.

They may, however, attempt to amplify social divisions between the parties as a way of reducing the ability of Australians to work together after the election.

They may also try to drive down the already low levels of support for democracy and politicians in Australia to further undermine Australian democracy.

Finally, they may also try to drive the vote away from the major parties to minor parties which might be more favourable to their agenda.

This could be achieved by strategically releasing hacked materials which embarrass the major parties or their candidates, moving voters away from those parties and towards minor parties. These stories will likely be distributed first on social media platforms and later amplified by foreign and domestic broadcast media.

It is no secret that Russia and China seek a weakening of the Five Eyes security relationship between Australia, New Zealand, Canada, the United States, and the United Kingdom. If weakened, that would undermine the alliance structure which has helped prevent major wars for the last 70 years.

2. Disproportionate attention by foreign media to a local campaign

In the US, although Tulsi Gabbard’s polling numbers rank her near the bottom of declared and anticipated candidates for the Democratic nomination, she has received significant attention from Russia’s overt or “white” propaganda outlets, Sputnik and RT (formerly Russia Today).

The suspected reason for this attention is that some of her foreign policy positions on the Middle East are consistent with Russian interests in the region.

In Australia, we might find greater attention than normal directed at One Nation or Fraser Anning – as well as the strategic promotion of Green candidates in certain places to push political discussion further right and further left at the same time.

3. Promoted posts on Facebook and other social media platforms

Research into the 2016 US election found widespread violations of election law. The vast majority of promoted ads on Facebook during the election campaign were from groups which failed to file with the Federal Election Commission and some of this unregistered content came from Russia.

Ads placed by Russia’s Internet Research Agency, which is under indictment by the Mueller investigation, ended up disproportionately in the newsfeeds of Facebook users in Wisconsin and Pennsylvania – two of the three states that looked like a lock for Clinton until the very end of the campaign.

What makes Facebook and many other social media platforms particularly of concern is the ability to use data to target ads using geographic and interest categories. One can imagine that if a foreign government were armed with voting data hacked from the parties, this process would be all the more effective.




Read more:
New guidelines for responding to cyber attacks don’t go far enough


Seats in Australia which might be targeted include seats like Swan (considered a marginal seat with competition against the Liberals on both the left and the right) and the seats of conservative politicians on GetUp’s “hitlist” – such as Tony Abbott’s and Peter Dutton’s seats of Warringah and Dickson.

4. Focus on identity manipulation, rather than fake news

The term “fake news” suffers from conceptual ambiguities – it means different things to different people. “Fake news” has been used not just as a form of classification to describe material which “mimics news media content in form but not in organisational process or intent” but also used to describe satire and even as an epithet used to dismiss disagreeable claims of a factual nature.

Studies of propaganda show that information need not be factually false to effectively manipulate target audiences.

The best propaganda uses claims which are factually true, placing them into a different context which can be used to manipulate audiences or by amplifying negative aspects of a group, policy or politician, without placing that information in a wider context.

For example, to amplify concerns about immigrants, one might highlight the immigrant background of someone convicted of a crime, irrespective of the overall propensity for immigrants to commit crimes compared to native born Australians.

This creates what communication scholars call a “representative anecdote” through which people come to understand and think about a topic with which they are otherwise unfamiliar. While immigrants may or may not be more likely to commit crimes than other Australians, the reporting creates that association.

Among the ways foreign influence operations function is through the politicisation of identities. Previous research has found evidence of efforts to heighten ethnic and racial differences through Chinese language WeChat official accounts operating in Australia as well as through Russian trolling efforts which have targeted Australia. This is the same pattern followed by Russia during the 2016 US election.

Liberal democracies are designed to handle conflicts over interests through negotiation and compromise. Identities, however, are less amenable to compromise. These efforts may not be “fake news” but they are effective in undermining the capacity of a democratic nation to mobilise its people in pursuit of common goals.




Read more:
How digital media blur the border between Australia and China


The Russian playbook

No country is immune from the risk of foreign influence operations. While historically these operations might have involved the creation of false documents and on the ground operations in target countries, today materials can be sourced, faked, and disseminated from the relative security of the perpetrating country. They may include both authentic and faked documents – making it hard for a campaign to charge that certain documents are faked without affirming the validity of others.

Most importantly, in a digitally connected world, these operations can scale up quickly and reach substantially larger populations than previously possible.

While the Russian interference in the 2016 US election has received considerable attention, Russia is not the only perpetrator and the US is not the only target.

But the Russians created a playbook which other countries can readily draw upon and adapt. The question remains as to who that might be in an Australian context.The Conversation

Michael Jensen, Senior Research Fellow, Institute for Governance and Policy Analysis, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.