Should Govt agencies adopt Facebook’s business tool?

Published: Thu 12 Apr 2018 03:55 PM
From Nine To Noon, 9:09 am today
A cyber-security expert is sounding a warning about government organisations use of a Facebook business tool, 'Workplace by Facebook'.
Click a link to play audio (or right-click to download) in either
MP3 format.
The New Zealand Transport Agency has adopted Workplace by Facebook as its internal communications tool, and other agencies, including the Social Development Ministry are trialling it.
However the Privacy Commissioner said those using it had to abide by strict safety rules set by the government's chief digital officer.
Photo: Supplied
Director of Waikato University's Cyber Security Research Lab, Doctor Ryan Ko, said while Facebook claimed to be compliant with international standards, users could never know exactly how their data might be being harvested by the company.
"On [Facebook's] websites they mention they are compliant with several standards so they are accountable to several global standards like ISO 27,001 and American standards SOC 2 and SOC 3."
"But the way the data is being harvested internally can never be known directly to the users at this point because the ... software they are providing for the users, is just telling them the real-time activity monitoring and so on but doesn't provide a full provenance of what has happened to the data of the entire lifetime, [for example] what you have clicked on."
"Those things are just collected and the scary thing is when someone malicious uses the data, that's where the mess starts."
Dr Ko said if he was in the government's shoes, he probably wouldn't be considering non-New Zealand companies for the storage and processing of data.
"The [information] on Facebook may be housed in servers in many different countries around the world and sometimes the exact location is not disclosed to the client so that's a problem where, because data is stored in another country, it's under another jurisdiction."
"[That means] people such as the Privacy Commissioner and the Courts of New Zealand are limited in what they can do to bring somebody to account so this is a problem because if technical implementation is in the cloud, it is stored all over the world, it falls in a different jurisdiction and basically New Zealanders are sitting ducks."
However Privacy Commissioner John Edwards told Nine to Noon there were some important differences between Facebook's social media product and its business offering.
"Facebook is free and always will be because you're paying with your information. The other product is a commercial product and one of a suite of cloud services increasingly being embraced not only in government but across the economy and that's not inherently a bad thing."
Mr Edwards said public agencies should make sure they were meeting the requirements set by the government's chief digital officer, including not to post on any public cloud service information classified above a certain security level and also to look closely at the provider's terms and conditions.
"When my Norwegian counterpart looked at [Workplace By Facebook] in 2016 he said although [it] encourages dialogues on terms and conditions, the standard terms are at times unclear and may allow Facebook to use personal data for commercial purposes.
"So it's really important for a company or government agency to understand what's going to happen with that data and then to limit what can go on it according to that."
Mr Edwards said it would be utterly unacceptable for third parties to be able to access government information to assist with lobbying or a business pitch, so it was up to agencies to do thorough due diligence and impact assessments before using any such product.
He said organisations using the Facebook tool also had other protections besides legal ones.
"There's technical protections as well so you can enquire about how the data is stored, is it encrypted at rest, is it encrypted in transmission, who holds the keys for that encryption."
"Those are the kinds of enquiries the government's chief digital officer invites any government agency to go through and assess according to their risk."
Mr Edwards said a planned reform of the Privacy Act would have more focus on the obligations of agencies when they transferred information out of jurisdiction, which meant the liability chain would be even more clearly linked back to the New Zealand-based agency.
New Zealand's public broadcaster, providing comprehensive NZ news and current affairs, specialist audio features and documentaries.
Radio New Zealand is a Crown entity established under the Radio New Zealand Act 1995. Radio New Zealand News are vital elements in our programming, providing impartial news and information to New Zealanders every day. Radio New Zealand (RNZ) provides listeners with exciting and independent radio programmes in accordance with the Radio New Zealand Charter.

Next in Comment

Mission Accomplished
By: Ramzy Baroud
Lyndon Hood: On Civility
By: Lyndon Hood
On National’s dangerous ‘pharmaceutical cannabis’ approach
By: Joseph Cederwall
Deported Freedom Flotilla activist Mike Treen returns
By: Pacific Media Watch
NZ union leader detained by Israeli military
Mike Treen repeatedly tasered by Israeli Occupation Forces
By: Unite Union
Mike Treen imprisoned in Israel after violent attack
By: Unite Union
Boats to Gaza a Violation of International Law
By: Embassy of Israel
End the failed war on drugs and save lives
By: Green Party
Genuine action medicinal cannabis needs collaboration
By: Green Party
Support surge for cannabis use proves need for law reform
By: Green Party
Reti’s Private Members Bill giant step forward for National
By: Medical Cannabis Awareness NZ
Ruatoria company supports medical cannabis bill
By: Hikurangi Cannabis Company
View as: DESKTOP | MOBILEWe're in BETA! Send Feedback © Scoop Media