Resources

You Will Soon Be Able To Pay Your Subway Fare With Your Face in China

China has led the world in adoption of smartphone-based mobile payments to the point where the central bank had to remind merchants not to discriminate against cash. The next phase of development may be to pay with your face.

In Shenzhen, the local subway operator is testing various advanced technologies backed by the ultra-fast 5G network, including facial-recognition ticketing.

At the Futian station, instead of presenting a ticket or scanning a QR bar code on their smartphones, commuters can scan their faces on a tablet-sized screen mounted on the entrance gate and have the fare automatically deducted from their linked accounts.

Currently in a trial mode, the facial-recognition ticketing service could in future help improve the efficiency of handling the up to 5 million rides per day on the city’s subway network. Shenzhen Metro did not elaborate when it will roll out the facial payment service.

The introduction of facial recognition-and-payment services to the public transit system marks another step by China toward integrating facial recognition and other artificial intelligence-based technology into everyday life in the world’s most populous nation.

Consumers can already pay for fried chicken at KFC in China with its “Smile to Pay” facial recognition system, first introduced at an outlet in Hangzhou in January 2017.

“To use facial ticketing in the future, passengers will also need preregistration of their facial information and link their payment methods to their accounts, just like them making payments at the KFC restaurant,” said a staff member at the Futian station’s demonstration area in Shenzhen.
China may use facial recognition to stop kids from live streaming

Chinese cities are among the most digitally savvy and cashless in the world, with about 583 million people using their smartphones to make payment in China last year, according to the China Internet Network Information Center. Nearly 68 per cent of China’s internet users used a mobile wallet for their offline payments.

Hard Disks Can Be Turned Into Listening Devices

Researchers from the University of Michigan and Zhejiang Univeristy in China have found that hard disk drives can be turned into listening devices, using malicious firmware and signal processing calculations.

For a study titled “Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone,” computer scientists Andrew Kwong, Wenyuan Xu, and Kevin Fu describe an acoustic side-channel that can be accessed by measuring how sound waves make hard disk parts vibrate. “Our research demonstrates that the mechanical components in magnetic hard disk drives behave as microphones with sufficient precision to extract and parse human speech,” their paper, obtained by The Register ahead of its formal publication, stated. “These unintentional microphones sense speech with high enough fidelity for the Shazam service to recognize a song recorded through the hard drive.”

The team’s research work, scheduled to be presented in May at the 2019 IEEE Symposium on Security and Privacy, explores how it’s possible to alter HDD firmware to measure the offset of a disk drive’s read/write head from the center of the track it’s seeking. The offset is referred to as the Positional Error Signal (PES) and hard drives monitor this signal to keep the read/write head in the optimal position for reading and writing data. PES measurements must be very fine because drive heads can only be off by a few nanometers before data errors arise. The sensitivity of the gear, however, means human speech is sufficient to move the needle, so to speak. Vibrations from HDD parts don’t yield particularly good sound, but with digital filtering techniques, human speech can be discerned, given the right conditions.

“Flashing HDD firmware is a prerequisite for the snooping […] because the ATA protocol does not expose the PES,” The Register reports. “To exfiltrate captured data, the three boffins suggest transmitting it over the internet by modifying Linux operating system files to create a reverse shell with root privileges or storing it to disk for physical recovery at a later date.”

The researchers note that this technique does require a fairly loud conversation to take place near the eavesdropping hard drive. “To record comprehensible speech, the conversation had to reach 85 dBA, with 75 dBA being the low threshold for capturing muffled sound,” the report says. “To get Shazam to identify recordings captured through a hard drive, the source file had to be played at 90 dBA. Which is pretty loud. Like lawn mower or food blender loud.”

Age of Surveillance Capitalism: “We Thought We Were Searching Google, But Google Was Searching Us”

Corporations have created a new kind of marketplace out of our private human experiences. That is the conclusion of an explosive new book that argues big tech platforms like Facebook and Google are elephant poachers, and our personal data is ivory tusks. Author Shoshana Zuboff writes in “The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power”: “At its core, surveillance capitalism is parasitic and self-referential. It revives Karl Marx’s old image of capitalism as a vampire that feeds on labor, but with an unexpected turn. Instead of labor, surveillance capitalism feeds on every aspect of every human’s experience.”

Facebook admits 18% of Research spyware users were teens, not <5%

Facebook has changed its story after initially trying to downplay how it targeted teens with its Research program that a TechCrunch investigation revealed was paying them gift cards to monitor all their mobile app usage and browser traffic. “Less than 5 percent of the people who chose to participate in this market research program were teens” a Facebook spokesperson told TechCrunch and many other news outlets in a damage control effort 7 hours after we published our report on January 29th. At the time, Facebook claimed that it had removed its Research app from iOS. The next morning we learned that wasn’t true, as Apple had already forcibly blocked the Facebook Research app for violating its Enterprise Certificate program that supposed to reserved for companies distributing internal apps to employees.

It turns out that wasn’t the only time Facebook deceived the public in its response regarding the Research VPN scandal. TechCrunch has obtained Facebook’s unpublished February 21st response to questions about the Research program in a letter from Senator Mark Warner, who wrote to CEO Mark Zuckerberg that “Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me.”

In the response from Facebook’s VP of US public policy Kevin Martin, the company admits that (emphasis ours) “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. Analysis shows that number is about 18 percent when you look at the complete lifetime of the program, and also add people who had become inactive and uninstalled the app.” So 18 percent of research testers were teens. It was only less than 5 percent when Facebook got caught. Given users age 13 to 35 were eligible for Facebook’s Research program, 13 to 18 year olds made of 22 percent of the age range. That means Facebook clearly wasn’t trying to minimize teen involvement, nor were they just a tiny fraction of users.

Unearthed Emails Show Google, Ad Giants Know They Break Privacy Laws

Privacy warriors have filed fresh evidence in their ongoing battle against real-time web ad exchange systems, which campaigners claim trample over Europe’s data protection laws. The new filings — submitted today to regulators in the UK, Ireland, and Poland — allege that Google and industry body the Interactive Advertising Bureau (IAB) are well aware that their advertising networks flout the EU’s privacy-safeguarding GDPR, and yet are doing nothing about it. The IAB, Google — which is an IAB member — and others in the ad-slinging world insist they aren’t doing anything wrong. The fresh submissions come soon after the UK Information Commissioner’s Office (ICO) revealed plans to probe programmatic ads. These are adverts that are selected and served on-the-fly as you visit a webpage, using whatever personal information has been scraped together about you to pick an ad most relevant to your interests. […] The ICO’s investigation will focus on how well informed people are about how their personal information is used for this kind of online advertising, which laws ad-technology firms rely on for processing said private data, and whether users’ data is secure as it is shared on these platforms.

Google Displays Fake Phone Numbers For Some Local Businesses In Toronto So They Can Record Calls

A spokesperson for Google has confirmed the service they’ve launched in Vancouver and Toronto to connect potential customers to trusted service providers funnels customers through ostensibly local phone numbers that are actually owned by Google for the purpose of call monitoring.

Google Local Services is an addition to its search platform that connects potential customers to local service providers who pay for the advertising. It launched in Toronto and Vancouver last December for locksmiths and heating, cooling and ventilation professionals. When someone in Toronto searches for a locksmith, for example, they’ll see some service providers with green check marks next to the company name, meaning they’ve been vetted by Google.

The number next to the listing has a local area code, but that’s not the business’ real contact info. Instead, it’s a dummy Google number that will route you to the business — after informing you that it will be recording anything you say.

Facebook Pays Teens To Install VPN That Spies On Them

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” a fitting name for Facebook’s effort to map new trends and rivals around the globe.

We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps — including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

Prisons Across the United States Are Quietly Building Databases of Incarcerated People’s Voice Prints

In New York and other states across the country, authorities are acquiring technology to extract and digitize the voices of incarcerated people into unique biometric signatures, known as voice prints.

Prison authorities have quietly enrolled hundreds of thousands of incarcerated people’s voice prints into large-scale biometric databases. Computer algorithms then draw on these databases to identify the voices taking part in a call and to search for other calls in which the voices of interest are detected. Some programs, like New York’s, even analyze the voices of call recipients outside prisons to track which outsiders speak to multiple prisoners regularly.

Corrections officials representing the states of Texas, Florida, and Arkansas, along with Arizona’s Yavapai and Pinal counties; Alachua County, Florida; and Travis County, Texas, also confirmed that they are actively using voice recognition technology today. And a review of contracting documents identified other jurisdictions that have acquired similar voice-print capture capabilities: Connecticut and Georgia state corrections officials have signed contracts for the technology

Authorities and prison technology companies say this mass biometric surveillance supports prison security and fraud prevention efforts. But civil liberties advocates argue that the biometric buildup has been neither transparent nor consensual. Some jurisdictions, for example, limit incarcerated people’s phone access if they refuse to enroll in the voice recognition system, while others enroll incarcerated people without their knowledge. Once the data exists, they note, it could potentially be used by other agencies, without any say from the public.

Attackers Can Track Kids’ Locations Via Connected Watches

Over the last year of looking at kids GPS tracking watches we have found some staggering issues. With these devices it almost seems that having multiple security issues is the new normal.

While parents and guardians may get a feeling of security from using these devices, our testing and research shows it’s just that, a “feeling”.

A couple of years ago we bought and reviewed a number of smart kids tracker watches, including some Gator watches from TechSixtyFour.

After chatting to our friends at the Norwegian Consumer Council, who we know well through My Friend Cayla, we discovered they were working on exactly the same tech, by complete coincidence!

We decided to pause our project to avoid us duplicating their efforts. Shortly after, the Norwegian Consumers Council published the excellent ‘WatchOut’ research that demonstrated trivial access to kids GPS locations through vulnerable tracker watches, including the Gator.

It received plenty of press coverage and resulted in several kids tracker watches taking swift action to secure their systems.

A year on, we decided to have a look at the Gator watch again to see how their security had improved as a result of their actions.
TL; DR

Guess what: a train wreck. Anyone could access the entire database, including real time child location, name, parents details etc. Not just Gator watches either – the same back end covered multiple brands and tens of thousands of watches

The Gator web backend was passing the user level as a parameter. Changing that value to another number gave super admin access throughout the platform. The system failed to validate that the user had the appropriate permission to take admin control!

This means that an attacker could get full access to all account information and all watch information. They could view any user of the system and any device on the system, including its location. They could manipulate everything and even change users’ emails/passwords to lock them out of their watch.

‘The goal is to automate us’: welcome to the age of surveillance capitalism

The behaviour of the digital giants looks rather different from the roseate hallucinations of Wired magazine. What one sees instead is a colonising ruthlessness of which John D Rockefeller would have been proud. First of all there was the arrogant appropriation of users’ behavioural data – viewed as a free resource, there for the taking. Then the use of patented methods to extract or infer data even when users had explicitly denied permission, followed by the use of technologies that were opaque by design and fostered user ignorance.

And, of course, there is also the fact that the entire project was conducted in what was effectively lawless – or at any rate law-free – territory. Thus Google decided that it would digitise and store every book ever printed, regardless of copyright issues. Or that it would photograph every street and house on the planet without asking anyone’s permission. Facebook launched its infamous “beacons”, which reported a user’s online activities and published them to others’ news feeds without the knowledge of the user. And so on, in accordance with the disrupter’s mantra that “it is easier to ask for forgiveness than for permission”.

The combination of state surveillance and its capitalist counterpart means that digital technology is separating the citizens in all societies into two groups: the watchers (invisible, unknown and unaccountable) and the watched. This has profound consequences for democracy because asymmetry of knowledge translates into asymmetries of power.

Stare Into The Lights My Pretties

Parents are using GPS ankle monitors to track their teenagers like criminals

There’s no shortage of GPS trackers for parents who want to keep tabs on their children’s driving. After all, car accidents are the leading cause of death for American teens. For some parents, that’s enough.

For others, nothing but a full-on ankle monitor—the kind used to track people released on bail or parole—will do.
Frank Kopczynski, the owner of Tampa Bay Monitoring (in fact located in Clearwater, Florida), also runs Action Plus Bail Bonds. He said the biggest challenge in strapping an ankle monitor to teenage non-offenders is whether they can remove it themselves.

“We provide a bracelet that is near-impossible to cut off,” Kopczynski told Quartz. “It also allows us to have two-way communication and gives us the option of sounding a piercing alarm.”

Along with the 95-decibel siren, if a teen is out past curfew, their parents can call Tampa Bay Monitoring’s office, and Kopczynski or one of his employees will activate the ankle monitor’s speaker and tell the child it’s time to get home or the police will be called. Hearing “this god-like voice out of nowhere” is generally effective, said Kopczynski; since the system is two-way, staff can also monitor the teen covertly.

The electronic monitoring industry has more than doubled in size in recent years, and has expanded well beyond its initial market of people on bail or parole. For example, immigrants detained by US authorities and put on an electronic monitoring program are required to pay extremely high fees—$880 for activation plus $420 a month— while they await their hearings.

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants

Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews.

The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.

Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.

The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.

Facebook has been reeling from a series of privacy scandals, set off by revelations in March that a political consulting firm, Cambridge Analytica, improperly used Facebook data to build tools that aided President Trump’s 2016 campaign. Acknowledging that it had breached users’ trust, Facebook insisted that it had instituted stricter privacy protections long ago. Mark Zuckerberg, the chief executive, assured lawmakers in April that people “have complete control” over everything they share on Facebook.

[Facebook’s strategy in times of crisis: delay, deny and deflect.]

Facebook began forming data partnerships when it was still a relatively young company. Mr. Zuckerberg was determined to weave Facebook’s services into other sites and platforms, believing it would stave off obsolescence and insulate Facebook from competition. Every corporate partner that integrated Facebook data into its online products helped drive the platform’s expansion, bringing in new users, spurring them to spend more time on Facebook and driving up advertising revenue. At the same time, Facebook got critical data back from its partners.

The partnerships were so important that decisions about forming them were vetted at high levels, sometimes by Mr. Zuckerberg and Sheryl Sandberg, the chief operating officer, Facebook officials said. While many of the partnerships were announced publicly, the details of the sharing arrangements typically were confidential.

Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show. Facebook acknowledged that it did not consider any of those three companies to be service providers. Spokespeople for Spotify and Netflix said those companies were unaware of the broad powers Facebook had granted them. A spokesman for Netflix said Wednesday that it had used the access only to enable customers to recommend TV shows and movies to their friends.

A Royal Bank of Canada spokesman disputed that the bank had had any such access. (Aspects of some sharing partnerships, including those with the Royal Bank of Canada and Bing, were first reported by The Wall Street Journal.)

Spotify, which could view messages of more than 70 million users a month, still offers the option to share music through Facebook Messenger. But Netflix and the Canadian bank no longer needed access to messages because they had deactivated features that incorporated it.

These were not the only companies that had special access longer than they needed it. Yahoo, The Times and others could still get Facebook users’ personal information in 2017.

Yahoo could view real-time feeds of friends’ posts for a feature that the company had ended in 2012. A Yahoo spokesman declined to discuss the partnership in detail but said the company did not use the information for advertising. The Times — one of nine media companies named in the documents — had access to users’ friend lists for an article-sharing application it had discontinued in 2011. A spokeswoman for the news organization said it was not obtaining any data.

Facebook’s internal records also revealed more about the extent of sharing deals with over 60 makers of smartphones, tablets and other devices, agreements first reported by The Times in June.

Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show.

Apple officials said they were not aware that Facebook had granted its devices any special access. They added that any shared data remained on the devices and was not available to anyone other than the users.

Stare Into The Lights My Pretties

Amazon error allowed Alexa user to eavesdrop on another home

A user of Amazon’s Alexa voice assistant in Germany got access to more than a thousand recordings from another user because of “a human error” by the company.

The customer had asked to listen back to recordings of his own activities made by Alexa but he was also able to access 1,700 audio files from a stranger when Amazon sent him a link, German trade publication c’t reported.

On the recordings, a man and a female companion could be overheard in his home and the magazine was able to identify and contact him through the recorded information, according to the report.

Facebook has Filed a Patent To Calculate Your Future Location

Facebook has filed several patent applications with the U.S. Patent and Trademark Office for technology that uses your location data to predict where you’re going and when you’re going to be offline.

A May 30, 2017, Facebook application titled “Offline Trajectories” describes a method to predict where you’ll go next based on your location data. The technology described in the patent would calculate a “transition probability based at least in part on previously logged location data associated with a plurality of users who were at the current location.” In other words, the technology could also use the data of other people you know, as well as that of strangers, to make predictions. If the company could predict when you are about to be in an offline area, Facebook content “may be prefetched so that the user may have access to content during the period where there is a lack of connectivity.”

Another Facebook patent application titled “Location Prediction Using Wireless Signals on Online Social Networks” describes how tracking the strength of Wi-Fi, Bluetooth, cellular, and near-field communication (NFC) signals could be used to estimate your current location, in order to anticipate where you will go next. This “background signal” information is used as an alternative to GPS because, as the patent describes, it may provide “the advantage of more accurately or precisely determining a geographic location of a user.” The technology could learn the category of your current location (e.g., bar or gym), the time of your visit to the location, the hours that entity is open, and the popular hours of the entity.

Yet another Facebook patent application, “Predicting Locations and Movements of Users Based on Historical Locations for Users of an Online System,” further details how location data from multiple people would be used to glean location and movement trends and to model location chains. According to the patent application, these could be used for a “variety of applications,” including “advertising to users based on locations and for providing insights into the movements of users.” The technology could even differentiate movement trends among people who live in a city and who are just visiting a city.

Facebook Privacy Social Networks Internal Emails Show Facebook Weighing the Privacy Risks of Quietly Collecting Call and Text Records From Its Android Users—Then Going Ahead Anyway

Earlier this year, many Android users were shocked to discover that Facebook had been collecting a record of their call and SMS history, as revealed by the company’s data download tool. Now, internal emails released by the UK Parliament show how the decision was made internally.

According to the emails, developers knew the data was sensitive, but they still pushed to collect it as a way of expanding Facebook’s reach. The emails show Facebook’s growth team looking to call log data as a way to improve Facebook’s algorithms as well as to locate new contacts through the “People You May Know” feature. Notably, the project manager recognized it as “a pretty high-risk thing to do from a PR perspective,” but that risk seems to have been overwhelmed by the potential user growth.

Initially, the feature was intended to require users to opt in, typically through an in-app pop-up dialog box. But as developers looked for ways to get users signed up, it became clear that Android’s data permissions could be manipulated to automatically enroll users if the new feature was deployed in a certain way.

AI Mistakes Ad On a Bus For an Actual CEO, Then Publicly Shames Them For ‘Jaywalking’

Since last year, many Chinese cities have cracked down on jaywalking by investing in facial recognition systems and AI-powered surveillance cameras. Jaywalkers are identified and shamed by displaying their photographs on large public screens… Developments are also underway to engage the country’s mobile network operators and social media platforms, such as Tencent Holdings’ WeChat and Sina Weibo, to establish a system in which offenders will receive personal text messages as soon as they are caught violating traffic rules….

Making a compelling case for change is the recent experience of Dong Mingzhu, chairwoman of China’s biggest maker of air conditioners Gree Electric Appliances, who found her face splashed on a huge screen erected along a street in the port city of Ningbo… That artificial intelligence-backed surveillance system, however, erred in capturing Dong’s image on Wednesday from an advertisement on the side of a moving bus. The traffic police in Ningbo, a city in the eastern coastal province of Zhejiang, were quick to recognise the mistake, writing in a post on microblog Sina Weibo on Wednesday that it had deleted the snapshot. It also said the surveillance system would be completely upgraded to cut incidents of false recognition in future.

My devices are sending and receiving data every two seconds, sometimes even when I sleep

blockquote>When I decided to record every time my phone or laptop contacted a server on the internet, I knew I’d get a lot of data, but I honestly didn’t think it would reveal nearly 300,000 requests in a single week.

On average, that’s about one request every two seconds.

Are your devices sending and receiving data when you’re not using them?

They sure are. The quietest times fall — predictably — overnight. But even while I’m sleeping my devices are pretty busy talking to various companies. For example, here are the 841 times my devices made contact with 46 different domains between 10pm and 6:30am on the second night of the experiment. Most of these requests are background updates for things like my email and calendar or synchronisation that various apps like Dropbox or iCloud perform.

But exactly what each of them is doing is quite difficult to tell.

French Officer Caught Selling Access To State Surveillance Systems

A French police officer has been charged and arrested last week for selling confidential data on the dark web in exchange for Bitcoin,” reports ZDNet. French authorities caught him after they took down the “Black Hand” dark web marketplace. Sifting through the marketplace data, they found French police documents sold on the site. All the documents had unique identifiers, which they used to track down the French police officer who was selling the data under the name of Haurus.

Besides selling access to official docs, they also found he ran a service to track the location of mobile devices based on a supplied phone number. He advertised the system as a way to track spouses or members of competing criminal gangs. Investigators believe Haurus was using the French police resources designed with the intention to track criminals for this service. He also advertised a service that told buyers if they were tracked by French police and what information officers had on them.

Facebook Filed A Patent To Predict Your Household’s Demographics Based On Family Photos

Facebook has submitted a patent application for technology that would predict who your family and other household members are, based on images and captions posted to Facebook, as well as your device information, like shared IP addresses. The application, titled “Predicting household demographics based on image data,” was originally filed May 10, 2017, and made public today.

The system Facebook proposes in its patent application would use facial recognition and learning models trained to understand text to help Facebook better understand whom you live with and interact with most. The technology described in the patent looks for clues in your profile pictures on Facebook and Instagram, as well as photos of you that you or your friends post.

It would note the people identified in a photo, and how frequently the people are included in your pictures. Then, it would assess information from comments on the photos, captions, or tags (#family, #mom, #kids) — anything that indicates whether someone is a husband, daughter, cousin, etc. — to predict what your family/household actually looks like. According to the patent application, Facebook’s prediction models would also analyze “messaging history, past tagging history, [and] web browsing history” to see if multiple people share IP addresses (a unique identifier for every internet network).

Scope creep with Australia metadata retention

Telecommunications industry group Communications Alliance has revealed details of dozens of state and federal departments and agencies it claims are accessing so-called communications ‘metadata’.

The 2015 legislation that introduced the data retention regime authorised a list of “criminal law-enforcement agencies” to obtain warrant-free access to metadata. Those agencies included federal, state and territory police agencies, a number of anti-corruption bodies, Border Force, the Australian Securities and Investments Commission; and the Australian Competition and Consumer Commission.

However, last month at the hearing of an inquiry into the government’s bill aimed at enhancing police access to encrypted communications services, Communications Alliance CEO John Stanton said that a significantly larger number of organisations were accessing information kept by telcos to meet their data retention obligations.

In addition to police agencies and other organisations listed in the data retention legislation, it includes Centrelink, the Australian Taxation Office, Australia Post’s Corporate Security Group, Workplace Health and Safety, Work Safe Victoria, the Taxi Services Commission and a number of local councils.