Friday, August 26, 2022

Cyber security and rights at work

 


Written by: (Contributed) on 26 August 2022

 In August, the Albanese government announced a national overhaul of cyber security provision. In a society where cyber attacks have been estimated to cost the economy more than $33 billion a year, with an attack taking place every eight minutes, it was a welcome announcement. (1)

Australia, in recent years, has experienced an epidemic of identity thefts and other related cyber problems. It has been estimated that more than one Australian in every six have had their identities stolen. What has not been so well publicised, however, is the emerging problem of Facial Recognition Technology (FRT) provision in wider society and the implications for Australian people.

In July the Office of the Australian Information Commissioner began a probe into FRT systems following disclosures that the Good Guys, Kmart and Bunnings were using the technology randomly with their customers. (2) The Commission noted the retail outlets were recording bio-metric data of customers, without their consent. FRT technology enables the analysis of personal images and facial appearances, known as face-prints. Later, it was announced that a number of gambling and alcohol premises in South Australia were also using FRT technology on customers. (3) Fears had arisen that proprietors could potentially use the confidential information for other purposes without consent. Serious ethical issues, therefore, arise about uses and abuses of personal information data.

A study of the latest FRT technology has revealed it is readily available and easy to obtain with a minimal financial outlay. More sophisticated systems, still readily affordable, can also be used and controlled through cyber space on mobile telephones and drones; foreign governments, criminals and employers are able to act with relative impunity. (4)

Elsewhere, other investigations of TikTok social media by the British and Australian governments and the University of Melbourne, have already noted face-prints together with voice-prints, can be used as 'dangerous permissions' enabling third parties to 'hijack a phone's camera and microphone, collecting photos and voice recordings of users at any time … allowing the company to share this bio-metric data with third parties … these face-prints and voice-prints are comparable to finger-prints as they can help others identify, surveil and profile people of interest'. (5)

Workplace Surveillance



It is also important to note that in most Australian States, laws concerning the use of spy-cameras are notoriously lax, with serious implications for traditional civil liberties. A worker, for example, filmed operating a mobile phone and drinking a cup of coffee in a rest area of a workplace or office might be having a timed 'smoko' or meal-break, and not being work-shy. Manufacturing workers  have specifically timed breaks of 10 minutes, 15 minutes, 20 minutes and 24 minutes at different times of their standard 7.6 hour and/or 12.0 hour shifts and overtime entitlements as specified in the Manufacturing and Associated Industries and Occupations Award, September 2020, and their own Enterprise Bargaining Agreements which also allow for further washing-time and walking-time. Those in control of surveillance systems placed over tea-areas tend have no localised knowledge of which worker was taking which break-time, leading to allegations to management of excessive time taken away from work-stations.

In South Australia the official government information centre, MyGov, has also been found to be notoriously 'leaky' on numerous occasions, particularly in the area of health records. Highly confidential personal information has regularly entered the public domain. There is also highly limited and virtually non-existent accountability for those whose civil liberties have been infringed. The reliability of personal data on MyGov has also been shown to be a major problem; ordinary citizens rarely, if ever, gain access to the massive computer banks to check their personal information. 

 Another area of controversy has also arisen with the widespread use of private security companies in Australia and their use of personnel for intelligence-gathering in everyday society. Recruitment to such organisations is conducted through a one week-long training course and a registration for work in open society. While private security companies are subject to government scrutiny, they also operate in 'grey areas' with questionable legal considerations which are often overlooked.

The reliability of those providing the personal information to computer banks, likewise, has also been shown to be questionable on occasions; with serious implications for employers using the personal information systems for selection and recruitment purposes for workforces. Recent studies conducted by Forrester Consulting commissioned by Data-com, have found Australian organisations have fallen behind on 'best practice in cyber security … with almost half of those surveyed in the report yet to implement leading verification practices'. (6) 

A number of leading law firms dealing in industrial relations offer employers website advice on the extent to which they can legally place employees under surveillance. The surveillance includes accessing employees’ emails, inbound and outbound phone call and internet usage, as well as monitoring by CCTV cameras (now including FRT) and GPS location tracking.

Only NSW and the ACT have laws governing workplace surveillance. Victoria, SA, the NT and WA have no specific workplace surveillance legislation; instead, there is general legislation covering surveillance. Tasmania and Queensland have no legislation on surveillance at all. 

SO, for many workers around Australia, there are no laws or regulations restricting an employer or others using FRT technology on their workforces or social gatherings. Used in conjunction with MyGov and other state and federal data-banks, furthermore, very real fears arise about confidentiality of personal information for millions of people.

1.     Labor wipes slate on cyber, Australian, 19 August 2022.
2.     Kmart, Bunnings in privacy probe, Australian, 13 July 2022.
3.     Call to halt gambler facial recognition, Australian, 19 August 2022.
4.     See: Websites – Facial Recognition Technology Systems.
5.     It's time to stop TikTok harvesting our children's data, Australian, 12 August 2022.
6.     Business fails cyber security, Australian, 11 August 2022.

No comments:

Post a Comment