At a glance.
- The global impact of China’s surveillance industry.
- What the Optus breach tells us about data retention.
- Pennsylvania health network suffers data breach.
The global impact of China’s surveillance industry.
The Atlantic Council offers an in-depth look at the objectives of China’s domestic surveillance market and its potential global impact. While the Chinese government sees its surveillance industry as an investment in the nation’s future as a global tech superpower, it is also a means for controlling its citizens. “The state promotes surveillance technology and practices abroad through diplomatic exchanges, law enforcement cooperation, and training programs. These efforts encourage the dissemination of surveillance devices, but also support the government’s goals concerning international norm-making in multilateral and regional institutions,” the paper states. The industry is an ecosystem reliant on partnerships between the public and private sectors, with the government procuring security tech private firms and passing legislation that promotes innovation. In this symbiotic relationship, private tech firms like Haimeng, Jin Ruan, Ruitec, and Goldeweb tailor their services to the government’s surveillance needs, and growth in the surveillance sector helps China to reach its national and global technology goals.
What the Optus breach tells us about data retention.
As we’ve been covering, Australian telecom giant Optus was recently hit with what many are calling the largest data breach in the nation's history. Because the mobile provider (the second-largest in the country) retains customer data for six years, approximately 4 million former customers were impacted in the breach, which begs the question, did Optus really need to hang on to so much old data for so long? Optus says they were legally obligated to maintain the data according to the Telecommunications Consumer Protections Code, which states that telecom companies must be able to provide customers’ billing information for “up to six years prior to the date the information is requested.” However, as CRN notes, the law only refers to basic details like name and address, and extraneous information Optus retained, like passport details, only need to be saved for two years per the Telecommunications (Interception and Access) Act 1979.
The larger issue, perhaps, is that there’s no upper limit on how long such data can be stored, making firms like Optus, with their troves of personal user data, lucrative targets for cybercriminals. Brendan Walker-Munro of the University of Queensland states, “This is a serious weakness with our privacy laws. Consumer data is big business. Companies are collecting – and keeping – much more personal information than they need without a truly legitimate commercial or legal purpose.” Walker-Munro suggests that the federal government should step up to change this, and the Attorney-General’s Department’s ongoing review of the Privacy Act, as well as the National Data Security Action Plan being developed by the Department of Home Affairs, provide opportunities for lawmakers to do just that.
Pennsylvania health network suffers data breach.
US primary care network Keystone Health has confirmed that a recent data breach potentially exposed the protected health information of 235,237 individuals. Based in the state of Pennsylvania, Keystone says the security incident was first detected on August 19 and further investigation determined that an unauthorized party had gained access to system files. As Health IT Security reports, the compromised data included patient names, clinical information, and Social Security numbers. Keystone’s notice to those impacted reads, ““While we have a robust information security system in place, unfortunately, no system is perfect, and we recently identified and addressed a cybersecurity incident…To help prevent something like this from happening again, we are implementing new network security measures and providing additional training to our employees.”