American technology giants’ surveillance capitalism model of exploiting the personal data of individuals is “unconscionable” and will be increasingly curbed through regulation in Australia and abroad, Home Affairs secretary Michael Pezzullo says.
Mr Pezzullo, one of the nation’s most powerful public servants and whose department is home to AFP and intelligence agencies, also flagged more onshoring of Australian data as a cybersecurity measure, as attacks from state-based actors and transnational cyber criminals intensify.
The commercial data models of the tech giants were also having a health impact on citizens, he said.
“It’s unconscionable that for private monetary gain, effectively these platforms are creating highly addictive systems and processes, they’re starting to affect the neural shaping of generations as they’re coming through,” Mr Pezzullo said.
“They’re draining that data which they generate through that those addictive behaviors, and then they’re on-selling us back to ourselves. So, something’s going to have to be done.”
Mr Pezzullo told an Australian Financial Review Business Summit that Australia had “led the way” on Big Tech regulation to protect public interest journalism through the government’s News Media Bargaining Code.
There would be “more to come” in other areas, he said.
The Australian government and its counterparts in the US and UK would increasingly hold tech platforms to their “original promise” to their users.
“[Tech platforms’ original promise] is about creating a connected experience, which is about providing customer service. Not to, in a sense, monetize our privacy, to scrape it out and then to on sell it, which effectively it’s become,” Mr Pezzullo said.
Australian regulators have already established an ongoing monitoring program for digital platform companies following a landmark 18-month inquiry.
The competition regulator is currently probing the advertising technology ecosystem while the Attorney General’s department is leading a review of Australia’s Privacy Act, widely expected to lead to significant reforms.
Mr Pezzullo also said, in the context of more sophisticated cyber threats, Australian businesses would need to onshore and secure more data than many would expect given the boom of international cloud computing providers.
“We don’t get too hung up on all data being on shore, but I think realistically over the next few years we’re going to be onshoring more data than perhaps we might have thought of a few years ago.
“Why? Partly it’s where the data stored from the sovereignty and privacy point of view, but partly the infrastructure is not always as invulnerable as what you might think it is.”
Mr Pezzullo questioned the security posture of leading data service providers, citing concerns over the vulnerability of data as it transitions between various systems and where it ends up.
“Where [data is] routed, where it’s housed, where it passes [through] can be exploited and scraped, and so there is a discussion that we’re having with the large data companies.”
Mr Pezzullo said his department is working closely with the Treasurer and new Digital Economy Minister Jane Hume on the digital economy initiative expected to be a “centerpiece” of the May Budget.
A successful digital economy creates great upside for the Australian economy but will also attract a new wave of cybercriminals and state-based attackers, Mr Pezzullo warned.
He said Home Affairs is focused on three key areas to combat them: appropriately locking down data; cybersecurity at both the perimeter and device level; and identity security.
Do you know more? Contact James Riley via Email.
The remarks of Mr. Pezzullo are thought provoking, to say the least.
That Major Cloud Vendors would struggle to deal with intrusions/breaches at scale is a risk that I’ve always entertained personally. Their Infrastructure may also be a honey-pot. However, in every case where I’ve enquired at depth, the security accreditations of the vendor were comparable or superior to those in-house.
That the vendors would attempt to “Monetise our Privacy” is I believe a given. However, given the Aggregation/De-identification that the Vendors would purport to do prior, it would very hard for Mr. Pezzullo to or any-one else to counter their data-monetisation processes, IMO.
The only possible option is for the Govt. to support/encourage a class of local Cloud-vendors, who may be Legally prevented from Data-monetisation; in any form.