
Australian welfare recipient’s data released to counter public criticism - kerno
https://www.theguardian.com/australia-news/2017/feb/27/centrelink-recipients-data-released-by-department-to-counter-public-criticism
======
cyberferret
No doubting the veracity of this occurrence, but it is baffling that it
happened nonetheless - federal government departments here (Australia) are
usually cautious to a paranoid level when it comes to people even looking at
information. I remember cases when curious internal staff members at the tax
and social security offices being sacked on the spot for merely doing searches
on celebrity names without due reason.

Both my sisters work in law enforcement agencies, and tell me that their every
action on their computer systems is tracked and logged. Once when my younger
sister worked in the Traffic infringement section of the local police
department, I asked her to check up if I was actually pinged by a remote speed
camera that morning as I suspected I was. She refused, on the grounds that any
such searches were tracked, and if it was found she did a search against a
vehicle belonging to a close family member, it would trigger an internal
investigation by the ethics team.

~~~
josephg
I'm an Australian who lived a couple of years in the Bay Area. The views
people hold toward privacy was one of the most surprising cultural differences
between our countries. As an outsider I was shocked to learn that privacy
really _is_ an afterthought for a lot of bay area residents.

US anecdote: a product I worked on had a feature which needs full access to a
customer's email account to use. The feature scrapes their inbox and can send
emails impersonating our customers' staff. I said there was no way I'd use
that feature, but it proved to be super popular! People had no problem handing
over access to their entire (work) email account to a startup.

Australia anecdote: When my uncle died we needed to hunt down his bank
details. The banks (by law) weren't allowed to even tell us if he was one of
their customers without seeing his death certificate and our documentation.

I'm now way more nervous about trusting US based startups with my data. Its
not just that many of the engineers are inexperienced, and most startups don't
have any security expertise. Its also that culturally I know they probably
don't understand personal privacy. I can't trust that they'll protect my data
if they might not bother protecting their own.

~~~
mdpopescu
I worked on a financial product based on one of Intuit's. I was shocked to
realize that this Intuit product was impersonating people (using their
username and password) to log on to their bank accounts and download all
transactions - which our product was then analyzing. I was sure nobody would
allow that; who will give a third-party their bank username and password?

I was extremely surprised to find out that the answer was "at least tens of
thousands of people".

~~~
feld
_cough_ Mint

~~~
shiven
_cough cough_ Yodlee

------
devurandom_
The power corporations are accumulating with information on intimate customer
behavior and the glacial response of society to this is a daily refrain on HN.
Has anyone seen a comprehensive, or at least collected, list of canonical
examples of strong arguments for:

* Raising awareness amongst non-technical folks that such incredible stocking up of PII can raise complicated ethical risks?

* Giving legislative representatives practical and defensible reasons to not just go with the flow and actually have a chance to offer smart legislative options without being shot down?

This particular example is alarming - I can picture plenty of corporations
that wouldn't mind the idea of "customer service" representatives casually
raising the prospect of releasing customer PII in order to "show their side of
the story" as leverage in situations where a customer is threatening to go to
an Ombudsman or other public forum.

~~~
sundvor
On top of all the complete and utterly ... WRONG ... things that Centrelink
have been doing lately, a billion dollar entity attacking a single,
disadvantaged person furthers the depths of the inethical behaviours at
display by the Australian government.

The list of wrong things include knowingly issuing pay-us-back-or-we'll-empty-
your-bank-account legal notices incorrectly, when they clearly averaged e.g. a
single high payment month over the whole period when the rules state this is
not to be done. Then saying just call us, knowing the call wait lines are so
horrid it is a whole day project just to get in touch with anyone.

I'm so over this government.

------
vacri
It is beyond bizarre that their own legal counsel approved the release,
especially since they're also under the spotlight at the moment. I'm not sure
how they expect to 'maintain public trust by showing their side of the story'
when that involves violating privacy.

------
yosamino
This is a good example of why the "I don't have anything to hide" argument is
incorrect.

That way of thinking only works as long as your goals and positions are
aligned with the entity collecting information about you to begin with. If
they're not, or the situation changes, imbalances of information lead to
_disadvantages_ for you pretty quickly.

All it took was some bureaucrat feeling petty.

~~~
literallycancer
And this is how it looks in the 3rd world.[1]

 _On 31 October, Congress party officials provided assailants with voter
lists, school registration forms, and ration lists.[49] The lists were used to
find the location of Sikh homes and business, an otherwise impossible task
because they were located in unmarked and diverse neighbourhoods. On the night
of 31 October, the night before the massacres began, assailants used the lists
to mark the houses of Sikhs with letter "S".[49] In addition, because most of
the mobs were illiterate, Congress Party officials provided help in reading
the lists and leading the mobs to Sikh homes and businesses in the other
neighbourhoods.[46] By using the lists the mobs were able to pinpoint the
locations of Sikhs they otherwise would have missed.[46]_

 _... One man, Amar Singh, escaped the initial attack on his house by having a
Hindu neighbour drag him into his neighbour 's house and declare him dead.
However, a group of 18 assailants later came looking for his body, and when
his neighbour replied that others had already taken away the body an assailant
showed him a list and replied, "Look, Amar Singh's name has not been struck
off from the list so his dead body has not been taken away."[46]_

1 - [https://en.wikipedia.org/wiki/1984_anti-
Sikh_riots#Use_of_vo...](https://en.wikipedia.org/wiki/1984_anti-
Sikh_riots#Use_of_voter_lists_by_the_Congress_Party)

~~~
pessimizer
And in the first world:
[https://en.wikipedia.org/wiki/IBM_and_the_Holocaust](https://en.wikipedia.org/wiki/IBM_and_the_Holocaust)

"The 1933 census, with design help and tabulation services provided by IBM
through its German subsidiary, proved to be pivotal to the Nazis in their
efforts to identify, isolate, and ultimately destroy the country's Jewish
minority. Machine-tabulated census data greatly expanded the estimated number
of Jews in Germany by identifying individuals with only one or a few Jewish
ancestors. Previous estimates of 400,000 to 600,000 were abandoned for a new
estimate of 2 million Jews in the nation of 65 million.[15]"

------
yazbo_mcclure
Australia Australia we love you Australia

------
yummyfajitas
In the event that this release was illegal, I really do feel for the people at
the agency. Someone made public false allegations about them and they are
legally forbidden from proving that person wrong. It's a tough position to be
in.

I don't have a good solution to this, but I do think that there should be a
legal way to prove a person is lying if they directly make accusations about
you. After all, they are the one who made the situation public, not you.

~~~
jbapple
> there should be a legal way to prove a person is lying if they directly make
> accusations about you.

"about _you_ "? Her article did not name or provide identifying information
about any individual employee of Centrelink.

~~~
yummyfajitas
In my post, "you" refers to the corporate person that is the Centrelink
government agency (and implicitly the humans behind that corporate person),
about which false allegations were made.

Is there some meaningful distinction here that means false allegations about
an organization of humans should go unrefuted, but false allegations about a
single human should be refuted?

~~~
jbapple
> Is there some meaningful distinction here that means false allegations about
> an organization of humans should go unrefuted, but false allegations about a
> single human should be refuted?

To me, false allegations against individuals are more serious than false
allegations against organizations for a few reasons. First, I care about the
well-being of organizations only to the extent they positively impact the
well-being of humans (or, to a lesser extent, animals). Second, a single false
allegation against an individual human seems to be able to have a much more
damaging effect than one against an organization.

I suspect this is a well-worn topic and that I would consider many of the
other objections to corporate personhood to be "meaningful distinctions".

~~~
yummyfajitas
In this case, the false allegations were spread with the implicit goal of
getting the government to spend more money/resources fixing problems that may
not exist. If successful, that would result in a huge amount of waste, which
harms real humans.

Even if it were a private organization, such allegations could directly result
in harm to the human owners. For example, false allegations about bad food at
a restaurant would mean the human owners and employees lose money. In much the
same way, false allegations about a human might result in them losing their
job.

~~~
jbapple
While all of these are possible and all of these are bad outcomes, I think
that their probability of happening and the magnitude of the result is less
bad than what would occur if allegations of cruelty or incompetence were made
against an individual.

I don't think we're going to be able to settle this argument here, so I'll
just leave it at that.

------
briane80
This story follows a pattern of coordinated attacks on public services in The
Guardian and other left leaning media outlets. Usually with the agenda of
demanding more money and funding.

No doubt, mistakes happen in large bureaucracies but the story is usually
slanted as some evil agency trying to destroy certain 'marginalised' sections
of society. Whereas the truth is probably nothing like that.

I cannot help but think it is agenda pushing, distortion of facts and playing
on emotions. Read the woman's original article and see the emotional language
and phrases used. I think it says a lot about the intent of these media
pieces.

Read the linked Centrelinks response and several things are refuted, so why in
these comments is there an automatic pile on one side?

~~~
yosamino
I think I can't quite follow your argument. Did you mean that the Guardian is
trying to demand funding from someone, and they think they'll get this through
this story somehow ? Would you mind explaining ?

> No doubt, mistakes happen in large bureaucracies but the story is usually
> slanted as some evil agency trying to destroy certain 'marginalised'
> sections of society. Whereas the truth is probably nothing like that.

The truth is that as an individual, especially one from a marginalized section
of society, you are up against a powerful bureaucracy that has the ability to
completely screw up your life, by mistake or not. So we as a society depend on
holding these bureaucracies to very high standards.

It is also true that in any large bureaucracy, mistakes inevitably happen from
time to time. One would wish for a leadership of said bureaucracy to handle
these mistakes with integrity and from a position of confidence. By, for
example, contacting this women directly, quietly resolving this issue and then
adding this problem to the yearly statistics to prove you run a good ship. Who
knows, this woman might have written a blog post singing your praises, after
you resolved her problem for her. Certainly the better PR strategy.

If, on the other hand, you resolve to attacking your clients in public,
violating their privacy rights in the process, then maybe you're too close to
running an evil, rather than a responsible agency.

> Read the linked Centrelinks response and several things are refuted, so why
> in these comments is there an automatic pile on one side?

Did you read the refutation of the refutation as well ? I found the article
presents the different viewpoints quite well. Including that this sort of
pressure is able to stir up strong emotions.

