Beneath stress to regulate spiralling Covid circumstances in July 2020, the Victorian authorities despatched contact tracing knowledge to the Australian Prison Intelligence Fee within the hope a controversial knowledge mining platform would possibly assist establish the supply of thriller circumstances.
Knowledge safety consultants described the transfer as “doubtful” and “outrageous”.
The platform, Palantir, was based by US tech billionaire Peter Thiel, considered one of former US president Donald Trump’s greatest donors in 2016. It has beforehand attracted criticism over its use by the US navy, immigration businesses and spy businesses, and its software in predictive policing techniques.
A Victoria division of well being spokesperson confirmed that in July 2020 the division investigated utilizing the Palantir platform for a brand new contact tracing software.
“A pattern set of de-identified mobility knowledge was used to analyze whether or not this system may obtain what was required, with strict situations in place about its use, accessibility and destruction,” the spokesperson mentioned.
“The division didn’t proceed with this system and as a substitute developed an in-house software, which efficiently supported contract tracing all through the pandemic.”
Dr Suelette Dreyfus, a lecturer and digital safety skilled with the College of Melbourne’s college of computing and knowledge techniques, described the info sharing as “outrageous”.
“That the federal government saved this info from the Australian public says to me that they knew very properly what they had been doing was extraordinarily doubtful,” she mentioned.
“This knowledge was very personal knowledge, and folks had been advised to belief the federal government with it throughout a pandemic. Individuals had been promised the info can be used for one function, and the truth that we have now needed to discover out from the media that this knowledge was in truth despatched to the prison intelligence authority is a shock. Individuals deserved to learn about that on the time.”
An ACIC spokesperson confirmed the Victorian division of well being sought its help “to exhibit our analytical capabilities to analyse Covid-19 clusters”.
“The information met all authorized necessities,” she mentioned.
Guardian Australia understands the settlement with ACIC included strict knowledge safety provisions, together with that the info be transferred through a safe portal that solely restricted workers had entry to and that no Palantir cloud storage system was used.
It’s understood knowledge was saved in a separate a part of the ACIC server for the only use of the venture, however the knowledge remained well being division property, and the contract included provision for destruction of the info on the finish of the one-month proof of idea. The Palantir software program was put in on premises.
Dreyfus mentioned she is worried that even when the mobility knowledge was destroyed on the finish of the venture, it’s unclear whether or not extra datasets or evaluation had been generated in the course of the trial, and what grew to become of these.
“Did any by-product works really find yourself figuring out particular person individuals? We have to know.
“Palantir software program being put in on premises could also be helpful,” Dreyfus mentioned.
“However was it air gapped? If the Palantir software program related to Palantir databases off premises then there could have been some knowledge matching or knowledge evaluation that was achieved and that Palantir could have collected. We’ve acquired no assurances that any by-product analyses or databases have been destroyed.
“What the Medibank and Optus knowledge breaches train us is that it’s harmful to permit firms to collect extra knowledge than they want and maintain it longer than they want as a result of there’s a threat that it could get stolen and used for different functions.”
Vanessa Teague, a cybersecurity skilled and an affiliate professor with the Australian Nationwide College’s analysis college of pc science, mentioned de-identified mobility knowledge is “a very unacceptable factor to share” with ACIC and Palantir.
“The thought of de-identified knowledge is an oxymoron,” she mentioned.
“Chances are you’ll not be capable of re-identify knowledge by taking a look at particular person knowledge factors. For instance, hundreds of different individuals might need additionally been on the MCG with you. However in case you additionally went to the pharmacist on a selected day, after which to the seashore on the weekends, the probability that others went to all those self same locations on the identical occasions as you is zero.”
Teague gave the instance of the Victorian authorities launch of anonymised knowledge from greater than 15 million Myki public transport customers in 2018, which College of Melbourne researchers had been capable of re-identify and match to people.
Teague mentioned Victorians who offered knowledge for contact tracing functions, or who checked in to venues, did so on the premise of “a really robust promise from the federal government that this knowledge was not going for use for something apart from contact tracing and notifying individuals who’d been uncovered”.
Dr Megan Prictor, a senior lecturer in well being, regulation and rising applied sciences with the College of Melbourne’s regulation college, mentioned legally if the info was appropriately de-identified then the organisations should not topic to state or commonwealth privateness legal guidelines.
“The adequacy of the de-identification is unattainable to find out … however as the info weren’t launched publicly, and topic to strict controls, it appears to me to current affordable use within the context of the state of the pandemic in Victoria in 2020,” she mentioned.
Dr James Scheibner, a regulation lecturer with Flinders College, mentioned if the database was not situated in Australia there could be points across the cross-border switch of non-public or well being info.
He mentioned there are strict restrictions on cross-border switch, and that this requires both the consent of the people included within the dataset or the recipient jurisdiction to supply equal knowledge safety to Victoria.
“If the ACIC and the division had been purely utilizing this dataset for contact tracing, it’s possible that the sharing can be lawful underneath Victorian laws,” Scheibner mentioned.
“If it had been shared for another function, corresponding to regulation enforcement, the division would want to depend on the choice grounds to justify the use and disclosure of non-public or well being info.”
Sven Bluemmel, the Victorian Info Commissioner, advised Guardian Australia that his workplace was not conscious of contact tracing mobility knowledge being despatched to ACIC.
“There’s all the time a threat that de-identified knowledge could also be re-identified – that threat can by no means be zero,” Bluemmel mentioned.
“That is notably the case if de-identified knowledge is shared with third events who’ve entry to different knowledge units with which to match the de-identified knowledge, to establish people’ identities.”
“[The Office of the Victorian Information Commissioner] would anticipate the Division of Well being to make sure that any de-identified contact tracing mobility knowledge offered to ACIC would have travelled with robust protections and governance round who may entry it, the way it might be used, how it could be saved, for a way lengthy it could be retained, and restrictions across the on-sharing of the info.”