Top Scoops

Book Reviews | Gordon Campbell | Scoop News | Wellington Scoop | Community Scoop | Search


Should Govt agencies adopt Facebook’s business tool?

From Nine To Noon, 9:09 am today

A cyber-security expert is sounding a warning about government organisations use of a Facebook business tool, 'Workplace by Facebook'.


Click a link to play audio (or right-click to download) in either
MP3 format.

The New Zealand Transport Agency has adopted Workplace by Facebook as its internal communications tool, and other agencies, including the Social Development Ministry are trialling it.

However the Privacy Commissioner said those using it had to abide by strict safety rules set by the government's chief digital officer.

Photo: Supplied

Director of Waikato University's Cyber Security Research Lab, Doctor Ryan Ko, said while Facebook claimed to be compliant with international standards, users could never know exactly how their data might be being harvested by the company.

"On [Facebook's] websites they mention they are compliant with several standards so they are accountable to several global standards like ISO 27,001 and American standards SOC 2 and SOC 3."

"But the way the data is being harvested internally can never be known directly to the users at this point because the ... software they are providing for the users, is just telling them the real-time activity monitoring and so on but doesn't provide a full provenance of what has happened to the data of the entire lifetime, [for example] what you have clicked on."

"Those things are just collected and the scary thing is when someone malicious uses the data, that's where the mess starts."

Dr Ko said if he was in the government's shoes, he probably wouldn't be considering non-New Zealand companies for the storage and processing of data.

"The [information] on Facebook may be housed in servers in many different countries around the world and sometimes the exact location is not disclosed to the client so that's a problem where, because data is stored in another country, it's under another jurisdiction."

"[That means] people such as the Privacy Commissioner and the Courts of New Zealand are limited in what they can do to bring somebody to account so this is a problem because if technical implementation is in the cloud, it is stored all over the world, it falls in a different jurisdiction and basically New Zealanders are sitting ducks."

However Privacy Commissioner John Edwards told Nine to Noon there were some important differences between Facebook's social media product and its business offering.

"Facebook is free and always will be because you're paying with your information. The other product is a commercial product and one of a suite of cloud services increasingly being embraced not only in government but across the economy and that's not inherently a bad thing."

Mr Edwards said public agencies should make sure they were meeting the requirements set by the government's chief digital officer, including not to post on any public cloud service information classified above a certain security level and also to look closely at the provider's terms and conditions.

"When my Norwegian counterpart looked at [Workplace By Facebook] in 2016 he said although [it] encourages dialogues on terms and conditions, the standard terms are at times unclear and may allow Facebook to use personal data for commercial purposes.

"So it's really important for a company or government agency to understand what's going to happen with that data and then to limit what can go on it according to that."

Mr Edwards said it would be utterly unacceptable for third parties to be able to access government information to assist with lobbying or a business pitch, so it was up to agencies to do thorough due diligence and impact assessments before using any such product.

He said organisations using the Facebook tool also had other protections besides legal ones.

"There's technical protections as well so you can enquire about how the data is stored, is it encrypted at rest, is it encrypted in transmission, who holds the keys for that encryption."

"Those are the kinds of enquiries the government's chief digital officer invites any government agency to go through and assess according to their risk."

Mr Edwards said a planned reform of the Privacy Act would have more focus on the obligations of agencies when they transferred information out of jurisdiction, which meant the liability chain would be even more clearly linked back to the New Zealand-based agency.

© Scoop Media

Top Scoops Headlines


Gordon Campbell On Labour’s Timidity:

What an odd post-Cabinet press conference that was yesterday, from PM Jacinda Ardern and Finance Minister Grant Robertson ... More>>

Gordon Campbell: On The Prevailing Media Narratives About The Govt Coalition

The media reports the facts…. but that’s not the end of it, and nor should it be. It also marshals those facts and creates a story from them, usually one with a moral that’s implied or explicit. After six months though, it is still unclear just what the dominant media narrative is of the coalition government. Is it Idealistic But Impractical? Is its Heart in the Right Place, but is it Taking On Too Much? Is the coalition proving to be Fractious And Unstable, or is it Surprisingly Adept at Keeping Its Inherent Rifts Out of the Public Eye? More>>

RNZ Explainer: Why You Should Care About Cambridge Analytica

Facebook's shares have lost billions of dollars in value after something to do with data used by Cambridge Analytica. Confused? Here's what it means, and what could come next...More>>

Gordon Campbell: On The (Looming) Nurses’ Strike

It is (almost) possible to feel a bit sorry for the DHB negotiators engaged in the current nurses pay round. Come next Monday there’s every sign that nurses will resoundingly reject the pay offer the DHBs have put on the table, as being totally inadequate...More>>

Gordon Campbell: On A Trade War With China

As things currently stand, the White House has NOT included New Zealand on its list of allies whose steel and aluminium exports to the US will be exempted from US President Donald Trump’s recent hike in tariffs. More>>

Gordon Campbell: On Credibility In Politics

Credibility is always such a fickle, unstable element in politics. You know it when you see it, though. More>>

Video And Report: Cory Doctorow Talks Machine Learning And Big Data

International internet and digital technology commentator Cory Doctorow talked about machine learning and big data at the Privacy Commissioner’s PrivacyLive event on 13 March 2018 in Wellington. More>>