{"id":60743,"date":"2020-11-23T14:47:43","date_gmt":"2020-11-23T03:47:43","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=60743"},"modified":"2020-11-23T14:47:43","modified_gmt":"2020-11-23T03:47:43","slug":"its-not-just-spies-who-want-your-data","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/","title":{"rendered":"It\u2019s not just spies who want your data"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"967\" height=\"725\" class=\"alignnone size-full wp-image-60745\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg 967w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311-205x154.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311-768x576.jpg 768w\" sizes=\"(max-width: 967px) 100vw, 967px\" \/><\/figure>\n<p>Australia\u2019s domestic intelligence agency, the Australian Security Intelligence Organisation, <a href=\"https:\/\/www.asio.gov.au\/TBYL.html\" target=\"_blank\" rel=\"noopener noreferrer\">released a rare public statement<\/a> last week aimed at raising awareness about the use of social media and professional networking services for espionage purposes. \u2018Think before you link\u2019 focuses on foreign intelligence threats and rightly cautions Australians to be careful about revealing personal information on networking services. It is ASIO\u2019s first public awareness campaign and marks a significant step in the right direction for Australian intelligence agencies as they seek to engage in more regular dialogue with the public, something they have<a href=\"https:\/\/www.aspistrategist.ru\/national-security-the-public-debate-and-the-end-of-just-trust-us\/\" target=\"_blank\" rel=\"noopener noreferrer\"> long struggled to do<\/a>.<\/p>\n<p>But beyond foreign intelligence threats, there\u2019s a broader issue that also deserves our attention. The problem is data\u2014or, more specifically, the accumulation of stolen, scraped or traded\u00a0personal information that affects everyone, not just government and defence employees. While it may not involve state secrets, personal data is a form of sensitive information and it needs to be protected.<\/p>\n<p>In fact, many different groups\u2014ranging from cyber criminals and marketers to banks and law enforcement agencies\u2014derive value from personal information. So, even though<a href=\"https:\/\/www.youtube.com\/watch?v=7Rt-nurz64Q\" target=\"_blank\" rel=\"noopener noreferrer\"> ASIO\u2019s warning focuses on<\/a> Australians being recruited or duped by professional spies, online targeting and the creation of fake profiles and inauthentic networks are not just the realm of highly resourced state-sponsored cyber operatives. The tools and techniques used are cheap, simple and widely accessible. It\u2019s not difficult, or expensive, to create an online presence with a unique <a href=\"https:\/\/thispersondoesnotexist.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">artificial intelligence-generated profile picture<\/a>. And it\u2019s <a href=\"https:\/\/www.nbcnews.com\/tech\/security\/how-fake-persona-laid-groundwork-hunter-biden-conspiracy-deluge-n1245387\" target=\"_blank\" rel=\"noopener noreferrer\">not just intelligence agencies<\/a> manufacturing online personas.<\/p>\n<p>Nor does engagement with these fake online personas always involve inducements such as generous gifts and trips overseas, particularly during a pandemic. It may not even be obvious to the victim that they are giving information away. In 2016, <a href=\"https:\/\/www.brighttalk.com\/webcast\/5416\/210793\/how-hackers-are-using-social-media-for-cyber-espionage\" target=\"_blank\" rel=\"noopener noreferrer\">suspected Iranian threat actors<\/a> stole data directly from their victims through a keylogger they hid in a CV-creation application that they required their victims to use as part of the job application process.<\/p>\n<p>While people can limit their public disclosure of personal information on networking sites, they often still need to share personal data with online companies to accomplish common tasks like renting property and looking for a job. These companies should have robust privacy policies that state what information they collect, why they collect it and how they share, use and store it, but such policies are often ambiguous and written in legalese. Privacy policies are also often written to protect the company (the data taker) rather than the consumer (the source of the data).<\/p>\n<p>More worryingly, it\u2019s not always clear that these companies are capable of keeping people\u2019s personal information secure. There are a significant number of unsecured databases left open and accessible to the public and organisations regularly suffer data breaches. The Office of the Australian Information Commissioner\u2019s<a href=\"https:\/\/www.oaic.gov.au\/privacy\/notifiable-data-breaches\/notifiable-data-breaches-statistics\/notifiable-data-breaches-report-january-june-2020\/\" target=\"_blank\" rel=\"noopener noreferrer\"> notifiable data breach report<\/a> for the first half of 2020 shows that malicious or criminal attacks still remain the highest cause of data breaches. Once a data breach occurs, control of the data is lost. If it\u2019s biometric data, like face, fingerprint or iris geometry, the consequences are even more serious. Unlike a password, your biometric data is a lot harder to change.<\/p>\n<p>Data itself can be difficult to monetise, but deep insights into individuals derived from data are highly valuable. Data broking is believed to be a <a href=\"https:\/\/www.webfx.com\/blog\/internet\/what-are-data-brokers-and-what-is-your-data-worth-infographic\/\" target=\"_blank\" rel=\"noopener noreferrer\">US$200 billion industry<\/a>. The industry has developed a business model that revolves around aggregating datasets (online and\/or offline data, such as loyalty card shopping data) that have been bought or publicly scraped, analysed and then sold to buyers for different uses. In the US, there are examples of <a href=\"https:\/\/www.vice.com\/en\/article\/3azvey\/police-buying-hacked-data-spycloud\" target=\"_blank\" rel=\"noopener noreferrer\">police<\/a> purchasing hacked data and \u00a0<a href=\"https:\/\/www.vox.com\/recode\/2020\/2\/7\/21127911\/ice-border-cellphone-data-tracking-department-homeland-security-immigration\" target=\"_blank\" rel=\"noopener noreferrer\">immigration authorities<\/a> and the<a href=\"https:\/\/www.vice.com\/en\/article\/jgqm5x\/us-military-location-data-xmode-locate-x\" target=\"_blank\" rel=\"noopener noreferrer\"> US military<\/a> buying location data, and even<a href=\"https:\/\/www.forbes.com\/sites\/kalevleetaru\/2018\/04\/05\/the-data-brokers-so-powerful-even-facebook-bought-their-data-but-they-got-me-wildly-wrong\/?sh=138bab8c3107\" target=\"_blank\" rel=\"noopener noreferrer\"> Facebook is alleged<\/a> to have bought back data.<\/p>\n<p>In Australia, data brokers operate in the shadows. As users and consumers, we have no way of knowing exactly what happens to our data, which makes it difficult to truly protect our privacy or to provide informed consent as to how our data is used. To bring the industry out of the dark, the government should consider introducing a national registry of data brokers and implementing federal laws similar to those in California, which require <a href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201920200AB1202\" target=\"_blank\" rel=\"noopener noreferrer\">data brokers to register<\/a> with the state attorney-general.<\/p>\n<p>Changes could also be made to the <a href=\"https:\/\/www.oaic.gov.au\/privacy\/guidance-and-advice\/data-breach-preparation-and-response\/part-4-notifiable-data-breach-ndb-scheme\/#key-points:~:text=The%20NDB%20scheme%20requires%20regulated%20entities,individuals%20to%20whom%20the%20information%20relates\" target=\"_blank\" rel=\"noopener noreferrer\">OAIC\u2019s notifiable data breach scheme<\/a> to better protect the privacy of personal data. Currently, the scheme requires regulated entities to report a data breach only if it is \u2018likely to result in serious harm to any of the individuals to whom the information relates\u2019. What constitutes \u2018serious harm\u2019 is ambiguous and this reporting requirement applies only to regulated entities, not all entities that could hold troves of personal data. And it is left to the entity that lost control of the data to decide what is considered \u2018serious harm\u2019.<\/p>\n<p>The European Union\u2019s<a href=\"https:\/\/ec.europa.eu\/newsroom\/article29\/item-detail.cfm?item_id=612052\"> General Data Protection Regulation<\/a> better implements this protection by obligating all companies that are responsible for data to <a href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/reform\/rules-business-and-organisations\/obligations\/what-data-breach-and-what-do-we-have-do-case-data-breach_en\" target=\"_blank\" rel=\"noopener noreferrer\">report a data breach<\/a> to the supervisory authority within 72 hours after an assessment of risk to the data subjects\u2019 rights and freedoms. The Australian scheme should be similarly broadened to better capture data breaches and clarify reporting requirements. Canada is proposing a<a href=\"https:\/\/www.ic.gc.ca\/eic\/site\/062.nsf\/eng\/00119.html\" target=\"_blank\" rel=\"noopener noreferrer\"> Digital Charter Implementation Act<\/a> that would <a href=\"https:\/\/www.cbc.ca\/news\/politics\/privacy-bill-bains-fines-1.5804779\" target=\"_blank\" rel=\"noopener noreferrer\">impose fines on companies<\/a> that breach the privacy of Canadians. Australia should explore the implementation of similar fines to encourage data holders to better secure people\u2019s personal data and deter businesses from holding data they don\u2019t need.<\/p>\n<p>To lay the groundwork for a prosperous, data-driven economy that values privacy, more robust data protections and regulations should be implemented that give data subjects more control over their information.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Australia\u2019s domestic intelligence agency, the Australian Security Intelligence Organisation, released a rare public statement last week aimed at raising awareness about the use of social media and professional networking services for espionage purposes. \u2018Think before &#8230;<\/p>\n","protected":false},"author":1100,"featured_media":60745,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1031,749,2175],"class_list":["post-60743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-asio","tag-cyber-espionage","tag-data"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>It\u2019s not just spies who want your data | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"It\u2019s not just spies who want your data | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Australia\u2019s domestic intelligence agency, the Australian Security Intelligence Organisation, released a rare public statement last week aimed at raising awareness about the use of social media and professional networking services for espionage purposes. \u2018Think before ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-23T03:47:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"967\" \/>\n\t<meta property=\"og:image:height\" content=\"725\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jocelinn Kang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jocelinn Kang\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg\",\"width\":967,\"height\":725},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/\",\"name\":\"It\u2019s not just spies who want your data | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#primaryimage\"},\"datePublished\":\"2020-11-23T03:47:43+00:00\",\"dateModified\":\"2020-11-23T03:47:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"It\u2019s not just spies who want your data\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2\",\"name\":\"Jocelinn Kang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g\",\"caption\":\"Jocelinn Kang\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/jocelinn-kang\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"It\u2019s not just spies who want your data | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/","og_locale":"en_US","og_type":"article","og_title":"It\u2019s not just spies who want your data | The Strategist","og_description":"Australia\u2019s domestic intelligence agency, the Australian Security Intelligence Organisation, released a rare public statement last week aimed at raising awareness about the use of social media and professional networking services for espionage purposes. \u2018Think before ...","og_url":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-11-23T03:47:43+00:00","og_image":[{"width":967,"height":725,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg","type":"image\/jpeg"}],"author":"Jocelinn Kang","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Jocelinn Kang","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/11\/hacking2311.jpg","width":967,"height":725},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/","url":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/","name":"It\u2019s not just spies who want your data | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#primaryimage"},"datePublished":"2020-11-23T03:47:43+00:00","dateModified":"2020-11-23T03:47:43+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/its-not-just-spies-who-want-your-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"It\u2019s not just spies who want your data"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/341d1ce2f1a835c9ebcb1d13a21e21e2","name":"Jocelinn Kang","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e65b9e7b0bdec9c4f3380d2709fbd30f?s=96&d=mm&r=g","caption":"Jocelinn Kang"},"url":"https:\/\/www.aspistrategist.ru\/author\/jocelinn-kang\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/60743"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1100"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=60743"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/60743\/revisions"}],"predecessor-version":[{"id":60746,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/60743\/revisions\/60746"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/60745"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=60743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=60743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=60743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}