Documents obtained through a Freedom of Information Act request have revealed the Office of the Australian Information Commissioner’s concerns following the release of the draft final report of the Age Assurance Technology Trial.
The documents – seen by Electronic Frontiers Australia and first obtained by Crikey – reveal the OAIC told the Office of the eSafety Commissioner, “Our overarching concerns remain regarding the conclusive references to privacy and language in the report that overstates the privacy evaluation that has taken place in the Australian context”.
EFA Chair John Pane – who was a member of the AATT Stakeholder Advisory Board before he resigned after airing similar concerns – said the newly revealed documents “validate EFA’s position and its strong concerns about misleading privacy claims made by the AATT”.
"It seems from the outset, the AATT testing of privacy controls was extremely superficial and not fit for purpose, with the end result having the necessary attributes of textbook ‘privacy washing’,” Pane said in an April 17 statement.
“The trial set an incredibly low bar for vendor compliance, bizarrely inferring operational privacy capabilities simply by reading participants' externally facing privacy policies. There was a glaring failure to undertake proper, detailed technical assessments of the participating vendors' actual privacy frameworks, risk registers, and operational controls directly against Australian privacy law.
"Furthermore, the AATT failed to identify or adequately condemn behaviours by certain vendors that indicated a serious misunderstanding of Australian privacy law regarding both data minimisation and data retention by building backdoors and indefinitely retaining children’s highly sensitive personal and biometric data on the assumption that a coroner or law enforcement agency might request it in the future."
Pane said the AATT’s final report was “predictably cloaked in government-friendly political rhetoric” while claiming the technology involved was private and robust.
“Yet, while comprehensive in page count, the report conveniently excluded fundamental performance indicators from its scope – most notably, the ease with which these technologies can be circumvented by technical means or third-party collusion,” Pane said.
“We urgently need to break the surveillance-based, data-extractive business models of social media giants. The solution lies in forcing a statutory digital duty of care onto these platforms to protect all users – not just children – from algorithmic manipulation and digital surveillance while simultaneously uplifting digital civics and online safety education for primary and secondary school students.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.