web analytics

Bill Bennett


Tag: privacy

Reserve Bank gets NZ’s first privacy compliance notice

New Zealand’s Privacy Commissioner issued its first compliance notice to the Reserve Bank.

The notice follows an online attack on the bank’s systems in December 2020.

While the notice makes sense, a press release from the Commissioner’s office reads more bureaucratic procedure than a public shaming.

The Reserve Bank breach happened when software which claims to be secure enough to move confidential information between banks was compromised.

Reports suggest other organisations caught up in the same attack paid ransoms to the attackers. We don’t know if the Reserve Bank paid up.

Systemic weakness

The attack breached the Reserve Bank’s security systems. As John Edwards, the Privacy Commissioner says, it “raised the possibility of systemic weakness in the Bank’s systems and processes for protecting personal information.”

A review of the Bank’s systems uncovered many areas where it has not complied with the Privacy Act’s Principal 5. This says agencies that hold personal information must have reasonable safeguards in place to protect personal privacy.

Yet, the press release from the Privacy Commissioner quotes Edwards saying: “We are heartened by the speed and thoroughness of the Bank’s response. We were notified as soon as the cyber-attack was identified, and they have been constructive and open throughout the compliance investigation process. We are pleased to see the positive way they’ve dealt with the aftermath of the attack.”

In other words, it was sloppy but ended up doing the right thing.

The press release quotes Reserve Bank governor Adrian Orr attempting unconvincing damage limitation.

Yet the whole point of the Act is to pre-empt online attacks. Organisations like the Reserve Bank should have robust protections in place before any private information is put at risk.

While the notice is real enough, this first one is something of a practice run for dealing with future compliance failures.

Christie makes case for technology sovereignty

Writing at Newsroom, Catalyst co-founder Don Christie says technological sovereignty could be a defining issue of the decade.

“Large multinationals arrive in the country, contribute nothing in the way of paying local taxes, and exfiltrate value and data (“the new oil” as it was unironically christened by The Economist). It is essentially digital colonialism.”

The ugly face of what Christie calls ‘digital colonialism’ was on show at a recent industry event. A handful of companies had speaking slots.

Long-term focus

Local firms spoke about serving small business, building skills and capability. Their focus was longer-term.

Meanwhile two of the multinationals that got to speak made short term sales pitches. One even used the occasion to push its latest promotion.

“…there are other approaches. Ones that involve paying taxes that provide for schools and hospitals, keeping data onshore and respecting te ao Māori, acknowledging the value of New Zealanders’ privacy, and building a resilient digital sector that will provide fulfilling, high-value jobs for Kiwis for decades to come.”


Paying local taxes for digital products is a sore point. Yet it is not unusual for countries to tax foreign resources firms like miners and oil explorers.

On that basis, it makes sense to treat the ‘new oil’ the same way.

Tax on digital profits is being addressed at the international level. The process will be slow and could be unsatisfactory. Yet a small country like New Zealand would do better to fall into line with other like-minded nations and not go it alone.


Jobs are critical. We have low unemployment today. Indeed, a halt to immigration means we are desperately short of skilled workers.

Yet we may be a lockdown away from widespread company failure and layoffs.

While multinationals use locals, and in cases pay well, much of the work is in sales or administration. The high value-add work tends to take place close to corporate headquarters.

More high value jobs means building more capability. It would give young New Zealanders better career paths. And that would seed interest in tech related subjects in schools and tertiary institutions.

If we get this right, there will be more corporate headquarters in Auckland, Wellington and Christchurch. This would be better for the wider economy.

“…Rebuilding New Zealand’s economy in the aftermath of the Covid-19 pandemic, and under the shadow of climate change, is a challenge that we have not seen since the end of World War II. The decisions we collectively make now have the potential to impact, positively or negatively, generations of Kiwis to come.”


There are ministers and opposition politicians who get this. Building digital capability is low down the priority list at the moment. If more prominent industry personalities speak out, we can push it higher up the agenda.

“We should be planning for our own data management, cyber security, and artificial intelligence applications, and how these can be implemented across all of our sectors: agriculture, education, finance and others.

“Building and delivering value for the current and future generations, now that technology is interwoven into every aspect of our communities and our economy.”

It’s hard to disagree with any of this. A good place to start would be with government. Even now, government buyers appear to have a built-in reluctance to choose local technology. Fixing that would be the best place to start.

Glassholes return with Facebook, Ray-Ban

Facebook and Ray-Ban would love you to be excited about Ray-Ban Stories.

They are sunglasses with a smattering of unimpressive technology features.

Facebook’s marketing calls them smart-glasses.

Which is brave considering they are not even as smart as the now abandoned Google Glass.


In effect, it is a pair of cameras, linked to your phone by Bluetooth, and carefully disguised in normal-looking sunglasses.

That’s about it.

The new Ray-Ban glasses have two cameras to capture video or photos. These sync with an app called Facebook View.

You can fire up the camera by hitting a physical button or say: “Hey Facebook, take a video”.


While there is no display in the lens, there are Bluetooth speakers on the frame. This lets you play sound from your phone or make and receive calls. There is a physical volume control and a pause button.

Indicators let you know the device is charged or needs a charge.

A tiny white lamp illuminates what you are filming or capturing. It serves a double purpose. The idea is that when the light is on, people know they are being filmed.

Privacy dead zone

It’s a stretch to accept that everyone who sees the white light will know what it means. But then privacy and respect for people has never been a Facebook virtue.

Nick Heer suggests you can cover the light with tape for secret filming. He goes on to explain that this violates the terms of service. As if that means anything.

There’s something nasty about a product which, while pretending to be a smart device, is a voyeur’s wet dream.

Facebook might tell you the glasses make it easy to record precious family moments. It’s unlikely the company’s marketing will warn you the glasses make it easy for creeps to record your family.


It didn’t take long for those wise to Google Glass to label the creeps wearing that device to coin the term glassholes. If the Facebook product takes off we may see that name return.

Google Glass was not a success. If anything it did the company’s reputation more harm than good. For many people, Facebook’s reputation is already in the gutter. Seeding a new generation of glassholes isn’t going to fix that.

Hong Kong’s doxxing law spooks tech giants

Asia Internet Coalition, a Singapore-based lobby group says its members may leave Hong Kong if a new doxxing laws comes into force.

AIC members include tech giants Facebook, Google and Apple.

The group worry that legislation could make them criminally liable.

Doxxing is when people publish private details about online personalities. It can be as simple as identifying the real name of someone using a pseudonym.

It could also refer to revealing addresses, phone numbers or other details used to trace and identify people.

Doxxing victims

In recent years people have weaponised the practice in Hong Kong to the point where there are thousands of victims.

People have used doxxing to scare activists off pro-democracy protests. On the other side, protestors have revealed the names of police or court officials who acted against protestors. It has also been used against journalists.

When private details are published people may find themselves on the wrong end of threatening calls or other intimidating behaviour. Sometimes this includes attacks on family members. Doxxing can lead to identity theft.

Hong Kong’s courts have found the effects can be severe and long-lasting.

The proposed privacy law amendments aim to outlaw doxxing and force social media companies and websites to take down personal information.

Psychological harm

The Hong Kong government proposes to change the existing data privacy legislation to include doxxing acts committed with the “intent to cause psychological harm”.

A conviction would be punishable by up to five years in prison and a fine of HK$1 million.

As things stand, Hong Kong’s officials can make employees of social media or other websites criminally liable.

The AIC objects to the definition of doxxing used in the proposed law. It also worries services like Facebook and Twitter might face liabilities when doxxing happens on their services.

In a letter, the AIC says the only way tech companies could avoid punishment would be by withdrawing their services from Hong Kong and ceasing to invest in the territory. It is not clear whether these companies make significant investments in Hong Kong.

iOS users vote no to Facebook app tracking

Did you ever doubt Apple users would choose to turn off Facebook app-tracking? It’s now a week since an iOS update arrived allowing users to make their own choice. Let’s look at the numbers.

Flurry Analytics, an advertising analytics company, reports around 88 percent of iOS users worldwide have chosen not to allow apps to track them. There’s a daily update of numbers of Flurry’s website.

The number is higher in the US. There a mere four percent of iOS users allow tracking.

No wonder Facebook went on the offensive with a whingey, dishonest response to Apple’s move.

It’s worth remembering there are countries where switching off Facebook app tracking is not allowed by law. And others where authorities might treat users who opt out with suspicion.

Apple’s popular move

The only conclusion to draw is that Apple’s privacy move is popular with customers.

This is an area where Android phone makers will struggle to compete.

Google’s mobile operating system has tracking baked through its insides like the word Blackpool through a stick of seaside rock. That’s the main reason Google subsidises Android.

Presumably there are Android users who prefer not to be tracked. Switching to Apple and iOS is bothersome, but worth the effort if you prize privacy.


Apple calls the new iOS feature App Tracking Transparency. When you open an app, a pop-up appears on screen. It asks if you want to allow the app to track your activity across other companies’ apps and websites?

There are two choices. The first is “Ask App Not to Track”. The second choice is “Allow.”

If you take the first choice, Apple stops the app from using the code that identifies the device.

This is a string on letters and numbers. There is one per iPhone or iPad. It gives companies a unique identifier they can track as you move between apps and websites.

Apple then tells the app owner that you don’t want them to track you in any way. It sends a clear, unambiguous message.

It’s almost as clear and unambiguous as the message that 88 percent of users are unwilling to be surveillance fodder.