The use of warranties and warranty periods in on-premise software licences is long-standing. Typically, a supplier would offer a period after delivery (or, if the customer was able to negotiate this, acceptance of installed software) during which if the software contained major bugs or failed to meet its specifications, the supplier was in breach of the warranty and had to fix the problem - usually entirely for free. Negotiations often centred on the issue of whether, assuming the defect/non-compliance was fixed, the supplier had any liability for losses that might be incurred in the meantime - with many suppliers insisting that the fix was the customer's sole remedy.

Warranties in relation to tangible goods have obviously been around for a long time and a short warranty period often makes a lot of sense. You might expect a product that you buy in a shop to work as promised for a relatively short period of time before normal wear and tear impacts on its operation. But these historical justifications for warranty periods arguably makes less sense for software - while software wear and tear/'software rot' may indeed occur, it tends not to happen over a short period of time.

Rather, the key objective/purpose of a warranty period in a traditional software licence could alternatively be viewed as essentially giving the customer a benefit of a period of free support/maintenance to fix any errors - in turn incentivising the supplier to make very sure, at the point of delivery or acceptance, that the software is correctly installed and in good working order.

This benefit can fast be eroded in the terms of SaaS/cloud contracts. This is because the support/maintenance services and fees are often wrapped into the subscription service and are payable from day 1 - there is no period of free support or maintenance - and supplier standard SaaS terms often provide that fixing the warranty breach is the customer's sole remedy for the breach. 

From the customer's perspective, this approach doesn't offer any additional benefit for a period after delivery/acceptance - in fact the warranty period sometimes presents more risk to the customer than the ongoing subscription term once the warranty period has expired. This is because:

• The customer may be already paying for support/maintenance in the form of a bundled subscription fee.  In such circumstances, it can be unclear whether the customer is actually getting for free (as opposed, for example, to a situation where support and maintenance is charged for on a time and materials basis but time spent on warranty fixes may not be charged)
• If the warranty fix is expressed to be the sole remedy, then the customer can't recover additional losses in the form of damages (should it wish to do so) - although of course in practice additional losses may be difficult to prove and recover
• Often the supplier will argue that the service levels don't apply during the warranty period but rather the supplier has a 'reasonable' period to fix defects in breach of warranty.  The customer can therefore end up with less certainty about when a fix must be provided than when it is in the BAU support phase after the warranty period has ended.

We've been involved in projects where:

• The customer expects the solution to be near perfect at go-live so that if there are any problems in the warranty period, the supplier should bear the full risk of these (both the cost of fixing them and any losses the customer suffers as a result) and should meet all the service levels as it does so
• The supplier expects there to be bugs and problems in the period after go-live that need to be ironed out and, so long as they act to fix these in a professional manner within a reasonable timeframe from discovery, doesn't expect to have any further liability.

Clearly these are quite different philosophies. What is a reasonable position to take will often depend on the nature of the solution, the level and structure of the fees payable, the parties' appetite for risk, and the development methodology.

In our view, there isn't actually any right or wrong answer to the question posed in this article. The 'point' of a warranty period depends very much on what the parties negotiate it to be and how any warranty terms interact with the other clauses of the contract (eg termination rights and general performance obligations) and rights and remedies which exist at law (eg the right to damages).

What is important is that contracting parties realise that warranties in IT contracts don't necessarily have any 'magical' qualities - the benefits of warranty periods may be largely illusory. It is important to:

• Understand at the outset what you are seeking to achieve by having a warranty period
• Identify whether the parties are actually on the same page about this
• Ensure that the contractual provisions (including the interaction with other rights and remedies) actually achieve the agreed objective.

The Buddle Findlay legal team consists of Allan Yeoman, Amy Ryburn, Philip Wood, Renee Stiles, Alex Chapman, Damien Steel-Baker, Keri Johansson Reposted with kind permission.

Anyone who stayed at a number of sub-brands owned by Marriott over the past four years (including W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points) is advised to check in to the chain's emergency website to check their own details.

Staff at the hotel chain noticed unusual access activity on September 8 and managed to lock out the intruder within two days, but the true scale of the attack wasn't really understood until November 19 and wasn't reported to the public until this week.

While any payment transactions were encrypted and should be secure, the loss of so much personal data, data that is difficult if not impossible to change, is as worrying as the scale of the hack. Half a billion records, some of which may be duplicates for guests who visited repeatedly during the four-year period, puts this among the top three notified breaches, according to Associated Press. The largest, the Yahoo security breach, is now estimated at three billion records.

Marriott says it "deeply regrets" the incident, and has informed US law enforcement agencies about it, but that may not be enough to placate European agencies, particularly since the introduction of the GDPR regulations which came into effect earlier this year.

The last time the Act was revisited, in 2011, it resulted in the controversial "three strikes law", which means that if an internet user is served with three infringement notices in reference to peer-to-peer file sharing technologies, he or she may be liable for a fine of up to $15,000. The law change was hotly debated and after it came into effect in 2012 it was deployed by copyright owners for a only a short time before being largely abandoned. The issues paper released by the Government notes this was due to the cost incurred by copyright owners, mistakes made by ISPs in sending notices to user's accounts, as well as delays and dissatisfaction with the decisions made by the Copyright Tribunal.

The next full review of the Act was scheduled for 2013 but the Trans Pacific Partnership Agreement negotiations put paid to that. So, the National Government agreed to a review it in June 2017, but that Government didn't survive the election and now it is the turn of the Coalition Government. Commerce and Consumer Affairs Minister Kris Faafoi announced the review in a press release issued last Friday.

Documents with the issues paper include the Cabinet paper, in which Faafoi notes: "Although stakeholders' views on copyright are highly polarised, I consider that releasing the Issues Paper to the public is low-risk. This is because the primary purpose of the Issues Paper is to seek information on and evidence of any problems from stakeholders."

He then draws attention to what is likely to be one of the most fascinating areas of the review - the section dealing with the Wai 262 enquiry. "Including the copyright and Wai 262 inquiry section in the Issues Paper will create an expectation among stakeholders and Māori that the Government will develop policy to protect taonga works, taonga-derived works and mātauranga Māori, and that this work will be coordinated with the Copyright Act review."

Given that the Wai 262 decision was released by the Waitangi Tribunal in 2011, many New Zealanders may think it's about time that issues around cultural appropriation are publicly debated.

Other aspects of copyright law that are likely to be canvassed include issues faced by the GLAM (Galleries, Libraries, Archives, Museums) sector when dealing with copyrighted material, the intersection between Privacy Law and Copyright Law, Fair use vs Fair Dealing, and Satire and Parody

There is plenty of time to make submissions to the issues paper, as the cut-off date is 5 April.

Spark, and fellow mobile operator 2Degrees, use Huawei equipment extensively throughout their existing 3G and 4G networks, and parts of the Ultra Fast Broadband fibre network are also built using Huawei equipment, so the decision (apparently based on security concerns) came out of the blue.

Spark has released a short statement saying it was informed of the decision by the Director General of the GCSB.

"The Director-General has informed Spark today that he considers Spark's proposal to use Huawei 5G equipment in Spark's planned 5G RAN would, if implemented, raise significant national security risks."

This raises questions about the use of Huawei equipment throughout existing networks and the potential security risk there, but also throws into doubt the future network builds for 5G deployments throughout New Zealand.

One industry insider told Techblog that while this won't necessarily slow down the deployment of 5G, it plays into the hands of the one remaining national network provider in New Zealand - Nokia.

"They're vastly more expensive than the Chinese and that's going to hurt. It puts them in a monopoly position and that gives them all the cards to play with," says the source who declined to be named.

The GCSB has not released any detail as to why they are concerned now about Huawei equipment. Under the Telecommunications Interception Capability and Security Act (TICSA), any changes or upgrades to networks must be signed off by the GCSB. Since the introduction of the Act in 2013 the agency has processed hundreds of applications - this is seemingly the first to be denied. (UPDATE: There has been at least one earlier instance of GCSB denying a network operator authorisation for an upgrade, but most of the detail is redacted)

This isn't the end of the process, however. Spark and the GCSB will now work on a risk-mitigation plan which will then be submitted to the GCSB for approval. If that is again rejected, the Director can ask to refer the matter to the Minister in charge of the GCSB, currently Andrew Little. At that point the decision is independently reviewed by the Commissioner of Security Warrants who can send it back for more work or refer it to the Minister. Ultimately the Minister will make the decision potentially taking into account consequences with regard to the impact on "competition and innovation in the telecommunication markets" in New Zealand.

The decision only relates to Spark's application around 5G deployment and does not directly affect any other request pending or yet to be received. It also doesn't affect existing network deployments.

Another industry participant, also speaking anonymously, says the industry is upset that the only notification they received about the decision was in the form of Spark's press release. The rest of the industry is still in the dark about what this means in the longer term.

The government, and GCSB, have been under increasing pressure to ban the Chinese equipment maker from its fellow Five Eyes partners, in particular Australia and the US, both of which have refused to allow Huawei equipment in their own tier one telcos. Whether the politics of the matter had any part to play remains to be seen but the debate is likely to continue for some time.

The latest blow to the once unstoppable "we're not a publishing house but we do own the world's advertising revenue" company comes in the form of the UK House of Commons "culture, media and sport" select committee which is threatening to publish the documents under parliamentary privilege.

The Committee has come into possession of documents that allege Facebook not only knew of Cambridge Analytica's access to massive amounts of personal data, but actively encouraged app developers to do just that, and did so far earlier in the story than Facebook has publicly acknowledged.

The documents include personal emails to and from founder and CEO, Mark Zuckerberg, who has steadfastly refused to appear before the Committee and has now been summoned to a number of similar hearings around the world.

The chair of the Committee, Damian Collins, took the extraordinary step of seizing the documents from the founder of a US software company, Six4Three, during a trip to London, according to The Guardian newspaper.

"[P]arliament sent a serjeant at arms to his hotel with a final warning and a two-hour deadline to comply with its order. When the software firm founder failed to do so, it's understood he was escorted to parliament. He was told he risked fines and even imprisonment if he didn't hand over the documents."

The documents form part of Six4Three's legal stoush with Facebook over the company's decision to revoke access to personal data thus destroying Six4Three's business model. The app was designed to allow users to "find pictures of their friends' friends in bikinis" and oddly enough once Facebook changed its terms and conditions, this feature no longer worked.

Collins says the Committee has been frustrated by Facebook's lack of answers to questions about its activities, and by Zuckerberg's refusal to attend hearings.

"This is an unprecedented move but it's an unprecedented situation. We've failed to get answers from Facebook and we believe the documents contain information of very high public interest," he is quoted as saying in The Guardian.

Collins made this move just days before the fabulously named "International Grand Committee on Disinformation" met - this committee includes representatives from Argentina, Belgium, Brazil, Canada, France, Ireland, Latvia, Singapore, and the United Kingdom, but not at this stage anyone from New Zealand. 

Minister of Justice Andrew Little told The Spin Off that he was keeping a watching brief on the matter and could well take action if the need arises.

The Commerce Commission is seeking views on a Copper Withdrawal Code, which will be put in place to ensure consumers are protected when copper is decommissioned on their street. This could start happening as early as 1 January 2020 - although Telecommunications Commission Stephen Gale assures us that Chorus, the company that owns the network, can't begin to end copper services until "all conditions are met".

"There are consumer protections built into this process. To ensure consumers are not disadvantaged, we will be developing a copper withdrawal code that sets out the rules that must be followed before Chorus can stop providing copper services in neighbourhoods where fibre is available," he says.

"For example, the code will require that before the copper service can be withdrawn an equivalent fibre service is readily available at no additional cost to the consumer. Chorus will also have to provide information about available fibre services and give adequate notice of the withdrawal."

Under the Telecommunications Act the Commission will be required to determine specific geographic areas where fibre services are ubiquitous. "Once identified as a specified fibre area, Chorus will be able to stop providing copper services in them, e.g. VDSL and ADSL broadband and the services it sells to support retail service providers providing voice services."

In addition, the regulator is working on a 'Commission 111 contact code' that will mean Retail Service Providers have to ensure that "vulnerable consumers" can access the 111 emergency service at no cost if there is a power outage.

There is plenty of time for industry and consumer groups to contribute their a view, as submissions to the code close on 14 February 2019. The entire process - cross-submission, draft code, submissions to draft code etc - is expected to take the rest of 2019 with a final code in place by the end of 2019. While this will be in time for the designated start date of 1 January 2020, documents on the Commission's website note that the process can be extended by the Minister of Broadcasting, Communications and Digital Media for another two years.

This week I thought I'd rejoin Facebook just so I could quit again in rage. Something really needs to be done to rein in a company that has combined the utter decimation of the media landscape with the total abdication of responsibility for the content it pumps into people's lives.

It's billions of users, clicking through and seeing hundreds of millions of ads, don't appear to be enough for the juggernaut. Instead of being happy to serve advertising to the masses, the company has decided it needs to also serve up news and other forms of content and, instead of being happy with that, it would also enable wholesale sharing of propaganda and fake news stories.

And *then*, as if that and the tens of billions of dollars that all rakes in, the company decided to open up its borders to third parties and give them access to your viewing and reading habits, to your online lives, to every click and view and let them mine that data as well.

All this without anything beyond a cursory thought given to what this could mean for the democratic process, for accuracy, for ongoing relationships, for those people wanting to use the platform for its supposed intent - to stay in touch with friends and family and to share photos and stories.

The New York Times article linked below rips the scab off the the entire festering sore and makes it clear - none of this has happened by accident. Facebook has gone out of its way several times, and gone beyond its brief of neutral platform that simply provides space to being one of actively promoting deceitful information (and it would appear has also been making up some of the data about how many times people actually view videos or advertising to bolster its coffers even further).

I bailed out of Facebook some months ago although, as someone pointed out to me yesterday, the company still tracks users and non-users visiting sites that have ties with Facebook and so I'm still contributing to the coffers even though that literally is the last thing I want to do.

Facebook has long been the poster child of disruption, of online success, of dropping out of the career track to pursue your dreams, but it's also the poster child for 21^st century abandonment of ideals, of moral standards and of leading by example. Soon it could well become the latest casualty in a long list of companies and organisations that take both users and customers for granted and which fail to secure the social licence needed to operate.

I just hope that's sooner rather than later because with the scale of Facebook today, the damage another round of this manipulative madness could cause is too great to consider.

New York Times - Delay, Deny and Deflect: How Facebook's Leaders Fought Through Crisis

Log off II

While we're speaking of the unspeakable, how about we revisit privacy and the exciting new world of giving all your data away for free whether you know about it or not.

I may have mentioned before that I have no problem sharing my medical health records. I've blogged about it, I've whined about it and if you're unlucky enough to be around when I have a head cold, you've suffered along with me as I list ailments, symptoms, quack remedies and why it is that I'm dying, etc.

But some folks detest the idea of having their medical records exposed for all to see and would fight it tooth and nail. Imagine their surprise to wake up and discover that DeepMind, a company set up to develop AI capability in the health sector, and which has access to huge amounts of UK's National Health Service data, is now being swept up into Google Health and will no longer be arm's length from the mother ship.

For some, this is just a consolidation, a branding exercise. The products will still exist, the company still exists, but it's now part of Google rather than Alphabet (the parent company to all Google and its ancillary organisations).

But for others it's yet more evidence of the ongoing move to commercialise a public resource that will then be sold back to the public for a fee, especially when you remember back (thanks, Google) to DeepMind's initial promise that it would never merge its products, and their associated data, into the Google parent company.

This is, of course, standard operating procedure for a lot of US companies. Acquire data based on one set of rules, slowly change the rules and then make a break from the old world order with nary a backward glance.

But of course it's not just the US companies that do it. Below you'll find a link to an amusing tale about the Australian telecommunications data retention regime and the way it has crept away from "we're using this to fight the worst crimes such as terrorism and paedophilia" and is now more a case of "give us your data or die in a ditch".

The Australian Communications Alliance has discovered that "scope creep" is now more like "scope landslide" with 80 different government bodies now asking for metadata on individuals' online movements.

Alongside the police and tax office we also find Australia Post's Corporate Security Group, a number of local councils, the Department of Agriculture, the Fair Work Building and Construction Commission and the Taxi Services Commission all of whom think it's OK to ask telcos for private data.

If only there were some rules, perhaps even laws, that were able to oversee such activity and ensure that private data isn't treated with a cavalier attitude. Some kind of Privacy Act or similar. Because once you've handed over the keys to your privacy kingdom, it's rather hard to get them back.

The Verge - Privacy advocates sound the alarm after Google grabs DeepMind UK health app

CNBC - The new Google Health unit is absorbing health business from DeepMind, Alphabet's AI research group

The Register - Oz telcos' club asks: Why the hell do Australia Post, rando councils, or Taxi Services Commission want comms metadata?

The Register - Alexa, cough up those always-on Echo audio recordings, says double-murder trial judge

The internet of things that shouldn't be on the internet

To round out this week's "old man shakes fist at clouds" column, my electric toothbrush has died. 

But fear not for my halitosis riddled corpse - I have been using a manual one while we research, source and purchase a replacement. So I'm good.

The replacement (highly recommended by Consumer New Zealand) was really just an updated version of the old electric toothbrush, and was ordered on the basis that what is familiar is good (and we have some toothbrush heads that will fit the new handle, so why waste them).

Unfortunately, I did not read the fine print.

This toothbrush is Bluetooth enabled, and comes equipped with an app that you download which will provide you not only with a handy timer, but also a pressure/angle of attack sensor capability, a toothbrush tracking schedule tool, some toothbrushing games for the kids (sorry, "kids") and an unpleasant eagerness to tell me news snippets carefully selected for me by … well, I can only presume by my toothbrush. It will send out tweets on my behalf, presumably to a breathless-with-anticipation audience.

I am appalled.

I've turned most of it off - no gamification of dental hygiene for me. I can't turn off all the little messages the app will push (although I got rid of the weather, sport, amusing factoids and toothbrushing tips which is good) but it still irks me that this giant leap forward is nothing more than a complete waste of everyone's time.

The dead toothbrush came with an external unit that would synch with the toothbrush and tell me how long I'd been brushing for.

That was fine, because when I'm brushing my teeth of a morning, my phone is occupied. It's playing music, plus I'm scrolling through emails and potentially making witty and cutting quips on Twitter, so there's not really any scope for it to also connect to my toothbrush to update me on stuff I don't care about.

But the new toothbrush really wants me to pay attention, and so it doesn't have the external unit, nor will it talk to the old one.

And so it is that this new, improved (and more expensive) brush has a host of features that I neither want, nor will use, and which at best have been turned off and at worst will get in the way.

Welcome to the Internet of Things and our new world order.

Trusted Reviews - Oral-B Genius 9000 Review

Rhodri GIlber has a problem similar to my own

The IoT is the name given to networks of devices that have components that allow them to connect to the internet, and that communicate with each other via this internet connection. IoT networks allow businesses and consumers to automate the completion and co-ordination of tasks (including making transactions) via the interconnected devices to make businesses more efficient, and domestic life easier. IoT-connected devices have been widely available on the consumer market for several years, and further commercial applications for the IoT concept are continuing to be developed. Recent reporting indicates that the value of transactions conducted through the IoT will experience a compound growth rate of 13.6% over the next five years, meaning that some $1.2t US may be transacted via IoT devices annually by 2022.

With the popularity of IoT-enabled devices (and with it, the amount of money being funnelled through IoT transactions) rapidly growing, the need for protecting users through effective regulation has already become apparent. A recent report by research firm Gartner found that nearly 20 percent of organisations that had deployed IoT-capable devices had experienced at least one IoT-based cyber-attack in the past three years. In January 2015, the US Federal Trade Commission (FTC) released a report that outlined the inherent privacy and security risks associated with mainstream IoT adoption, and urged manufacturers to (among other measures) build security hardware into IoT devices from the outset to insulate against third party attacks.

At the time that the FTC issued its report, it seemed that it would be in the best interest of IoT stakeholders to adopt the recommended 'best practices' when it came to security protocols in IoT products, even without a regulatory mandate. After all, it was essential that consumer confidence could be maintained in order for mainstream consumers to embrace IoT technology, and even one major security compromise could have a stifling effect on the burgeoning industry. However, for economic reasons, this has not been the unanimous response from manufacturers.  For many manufacturers, consumer demand for IoT devices is not yet at the level so as to enable significant investment in security features. As a result, there are still many devices on the global market with little to no built-in security, which could have the potential to compromise the whole of any network that such devices are connected to.

The California legislation is drafted broadly, both in the scope of its application and in its requirements for compliance. The regulations will apply to any devices that are manufactured in California and are "capable of connecting to the internet, directly or indirectly", and require manufacturers to equip all captured devices with "reasonable security features that are appropriate to the nature and function of the device … [and] the information it may collect, contain or transmit… [to protect] from unauthorised access, destruction use, modification, or disclosure". While on one hand the non-specificity of the requirements for compliance allows for manufacturers to flexibly apply their own interpretation of what is 'reasonable', some manufacturers have called the wording 'egregiously vague', and have criticised the advantage that it gives to parallel importers of goods manufactured elsewhere, that are not subject to the same restrictions.

The latter point may become less of an issue in coming years, as it is expected that other jurisdictions will follow in California's footsteps. Though falling short of placing obligations on manufacturers, a federal bill is currently before the US Senate that would require US state departments to have certain clauses relating to security in any contract for the procurement of IoT devices, which would theoretically give manufacturers a commercial incentive to adopt robust security protocols. In the European Union, some IoT devices fall under the jurisdiction of the General Data Protection Regulation (GDPR) due to their data sharing and processing function. This means that not only are IoT device manufacturers compelled to consider security due to the GDPR's 'privacy by design and default' requirements, but also that IoT manufacturers or operators may need to provide facilities that allow users to communicate their consent to certain data being shared.

The application of the latter requirement may be difficult to pinpoint, given the connected and automated nature of the IoT.  The EU also has in place a general directive aimed at cyber security which may impact IoT. The Directive on security of network and information systems (NIS Directive) does not place specific obligations on IoT device manufacturers, but does create a framework at the European community level for cyber-security notification processes, which may allow EU member states to more easily implement and enforce mandatory security requirements such as those now in place in California.

In New Zealand, the regulatory response has been slower to materialise. At present, an association of industry stakeholders (the New Zealand IoT Alliance) is administering a series of working groups that are aimed at developing industry standards and guidelines for a number of facets of IoT, including cyber security, data/privacy, and device certification. In the meantime, the New Zealand Cyber Security Strategy published in December 2015 (NZCSS) essentially promotes a 'buyer-beware', reactive approach to security of internet-connected devices, including IoT devices. The NZCSS also established the Computer Emergency Response Team (CERT), which serves as an industry watchdog, issuing public warnings of cybersecurity threats, and working with businesses and organisations that are affected by cyber attacks.

As is common with emerging technologies, the regulatory response to IoT security has struggled to keep pace with the development and adoption of the technology itself.  In some places (including New Zealand), we are seeing this widening gap being filled by self-regulation from industry stakeholders, while other places serve as examples of the struggle to reconcile 'industry best practice' with harsh market realities. The new California legislation, through its deliberate vagueness, arguably serves as an indicator that regulatory development of the IoT space will continue to be industry-led for the time being, until a clearer picture of the risks and dangers can emerge. In the meantime, it seems likely that lawmakers around the globe will continue to monitor the early legislative efforts of places like California - while using their available tools to promote the development of their domestic IoT industries without putting consumers at undue risk.

The Buddle Findlay legal team consists of Allan Yeoman, Amy Ryburn, Philip Wood, Renee Stiles, Alex Chapman, Damien Steel-Baker, Keri Johansson. Reposted with kind permission.

That's just one of the revelations that Stats NZ shares in its online content inviting New Zealanders to participate in a public consultation process that is part of a review of the Act. It also makes much of the year 1975, with a quiz about what it was possible to do in that milestone year for numbers (hint: not much). Could you make an international landline call? Was there more than one channel on TV? Did the Allblacks play more than one game? Really, it's a wonder we weren't all bored to tears in 1975!

The approach taken by Stats NZ in the consultation process over changes to the Act that governs it - fun and approachable - is in keeping with how it makes available its public data. As a Techblog contributor I often find myself on the Stats NZ site, impressed by its thoroughness (for example, my annual check-in on dial-up users). If you can't find what you need on the website the people at Stats NZ are very helpful in tracking down the numbers for you.

It is an excellent approach to making data open and available to all New Zealanders, which is exactly how it should be in a democratic country.

Meanwhile, the current Statistics Act might not contain the word data, but the consultation document is filled to the brim with it, noting that data collection is a balancing act.

"We need to find the right balance between delivering increased value to New Zealanders through data availability and use, and ensuring data is shared and used in a way that keeps people safe and is acceptable to society. If we don't get this right, data may not be used safely, and public trust and confidence will decline. But if we are too cautious, we could miss out on new insights with the potential to change lives."

While the public consultation document is 46 pages, the core of what the legislation refresh sets out to achieve is on page 15. Respondents are asked if the following outcomes are the "right ones for data and statistics legislation".

The Statistics Act is part of a suite of laws that govern data collection, management and use which include the Official Information Act 1982, Public Records Act and the Privacy Act 1993/Privacy Bill 2018. As data becomes more intrinsic to decision making - both in public and commercial decision making, these laws are becoming even more critical in ensuring that we live in a fair, equitable and democratic society.

Public submissions close at the end of the week (Friday 9 November) and you can check out the full document here.

The tech sector is the country's third largest export earner behind dairying and tourism - and I know which sector I'd rather my kids got interested in. Neither dairying or tourism pay particularly well. Both are well below the OECD wage average metric that Sir Paul Callaghan used to wave around in front of politicians' noses. Yet ICT and the wider tech sector pays far more than the average. If we want a successful economy we need more of this, not less.

The companies that make up the top 200 tech sector companies now employ more than 43,000 people and pay on average $84,000 per year. Federated Farmers estimates the average New Zealand dairy farmer earns between $67,000 and $71,000 per year although MBIE suggests that's a tad high, and puts the figure at between $46,000 and $53,000. There are roughly the same number of dairy farmers as IT and tech employees in New Zealand - I'll let you do the maths as to which makes more sense from an employment point of view.

The report also makes it clear that there really is a crisis of understanding among our investment community as to the value of New Zealand tech companies.

After a few disastrous listings on the stock market, and a notable number of companies failing to even get to that point, most privately owned New Zealand tech companies seek investment outside the stock market and away from the public. Private equity is eager to buy our companies and typically that involves the companies being swallowed whole, closing down or moving offshore. Rarely does that investment benefit New Zealand as a whole and this is a crying shame and something that should be addressed in the very near future. We've already lost a lot of talent and IP this way - we should be nurturing early companies not sending them on their way.

But for now we should raise a toast to the tech sector. Finally we are developing that second string to our economy and one that doesn't rely on fertiliser, rich tourists giving us generous tips or getting up at 3am to move the animals about. Long may it continue.

NZ Herald - Report reveals our largest tech companies - and how many are being sold offshore

Techblog - TIN report highlights thriving tech sector

Computerworld - Top 200 tech companies boost revenues, profits and exports

NBR - NZ's top tech companies generate $10b in annual sales in 2017: TIN100 report

NBR - Tech as New Zealand's key export earner? You're joking, mate

Careers NZ - Dairy Farming

It's that time of year again

Yes, just when you thought we'd sorted this out for a goodly length of time and we could all get on, the copyright owners are at it again.

The copyright law is outdated, you see, and needs to be overhauled because OMG we've done a survey and some company reckons we're losing $50 million a year to piracy. No wait, it might be $100 million a year. Either way, it's high time legislation caught up and we want to see ISPs held liable and forced to block websites.

Lather, rinse, repeat.

Yes, if this all sounds familiar it's because it is. Last time round we ended up with the three strikes law which was roundly cheered by the copyright folk until they figured out the government wanted them to pay (gasp) $35 to the ISP involved to send a letter to the pirate they'd identified.

The music industry did this for a bit and there were several cases brought before the Copyright Tribunal. The movies and TV industry did not do this at all because nothing says you've got the courage of your convictions like not protecting your $100 million movie budget with a $35 legal challenge.

But the industry didn't want to set any kind of precedent because of course in other jurisdictions - those without the fee - the industry sends out a blizzard of notices demanding ISPs take action, and if those ISPs don't act immediately, they get sued to within an inch of their balance sheets.

So having won the war but lost the battle, the copyright holders now want new legislation to tackle this burgeoning threat, despite there being a clear solution: make your content available legally at a reasonable price.

NBR - Music industry pushes for Copyright Act amendments

Digital Music News - 83% of All Music, Film & TV Piracy Is Motivated by a Lack of Paid Options, Study Claims

Oops we did it again

It's long been my belief that privacy will be the next big issue we have to face as a society. You know, once we discount fake news, climate change, re-militarisation and so forth.

I know this to be true because I watched it on an episode of The West Wing and they wouldn't be allowed to run just any old thing on TV now would they?

Privacy is important because once it's gone, there's no getting it back. I say this as someone who watched a successful attempt to recall an email that had gone out containing sensitive information recently - while you might get lucky you're more than likely to be unable to stuff the genie back into that particular bottle.

Now, following yet more revelations about "oops" and "whoopsie" and "meh we didn't think you'd mind" we have none other than Tim Cook standing up at the pulpit to deliver a blistering speech on the need for better privacy laws.

He was talking about the US but it applies equally to New Zealand and indeed to most of the planet. As we move to storing information about ourselves everywhere we need to have some kind of controls that can be applied right around the world.

Cook is calling for regulation at a federal level. That's quite a turn around from last year when most tech companies were rallying to the "we can self-regulate" flag, but it's understandable why Cook has gone that far. The US has become a home to some very unpleasant abuses of private data and between Cambridge Analytica and Facebook, and the number of breaches, leaks and security flaws revealing hundreds of millions of accounts to the world, it's now time for the big boys in the Senate and Congress to step up.

He'd like to see the EU's GDPR used as a template and certainly that's been the push locally as well.

Whatever comes of it in the US, it's a wakeup call to New Zealand legal beagles. We need better protections, we need mandatory reporting and we need to act now, before the genie is completely out of the bottle.

The Verge - Tim Cook warns of 'data-industrial complex' in call for comprehensive US privacy laws

The Guardian - Tim Cook calls for US federal privacy law to tackle 'weaponized' personal data

NZ Herald - Cathay Pacific warns 9.4 million passengers had data hacked, New Zealand helpline set up

It must be about 16 years since we all gathered in Nelson to talk about the future. It was so long ago it hardly makes sense to talk about. Paul Swain was Minister of Communications. We almost had a Telecommunications Act (it might have just come into being) but the role of the Telecommunications Commissioner was so bright and shiny I don't think we'd seen a single decision.

Telecom was in charge of the phones. There was no competition. There was no Google! There wasn't even any wholesale - unbundling was for Communists.

Yet around 200 of us met in Nelson to talk about the future, to provide some inspiration for what we would hope the next steps would be.

The Telecommunication Users Association (TUANZ) put it together - ten industry sector groups, each with a facilitator and a journalist who would write the detail up in a chapter for the book ("The Survival of the Fastest" which beat out my suggestion, "The Haptic Hongi" and cost me a case of pinot noir. The book is still available at the Nostradamus School of Prognostication I suspect) which would then be waved around by futurists and the like.

My sector was tourism - a sector about which I cared very little but hey, it was a paying gig and although it was cold in Nelson it was beautiful.

But we didn't have time to muck about. We only had a weekend and there was a lot of ground to cover.

I've been thinking about that weekend a bit lately after I found a reference to the book when doing some research on something else entirely. Instantly I was transported back to a time when the Nokia 2110 was my phone of choice, my internet was broadband in name only (Thanks, Nokia, For the M1122 router delivering ADSL at 1Mbit/s down) but our minds were full of possibility.

The premise was simple: imagine what a world where internet access was ubiquitous and equitable - what impact would that have on your sector?

So we started imagining. How about an online service that would let us update our photo albums so the folks back home could see our holiday snaps and maybe even (whisper it) video? In real time.

Gasp! (we just invented Facebook)

Or what about goggles that would transmit pictures of what this particular tourist destination used to look like for places of historical importance? You could see Roman London or Victorian London or WWII Blitz London, or turn-of-the-century Nelson!

Gasp! (we just invented augmented reality).

I often wonder why none of us followed up on the work being done (other than Dr Mark Billinghurst, of course, who actually made a career out of doing just that) but we all put it down to youthfully exuberance and came back to earth with a thump.

Thinking about the future is really quite important, especially for a small nation at the far end of the world's trade routes. How we adapt and adopt this new fangled technology is important in many, not just tourism, but right across our lives and none more so than in government.

Pia Andrews is well known to many (probably more so as Pia Waugh but that's another story) and her move to Australia to head up the New South Wales government digital team left something of a hole in the New Zealand digital government landscape.

Of course, that hole was somewhat obliterated by the CTO comet of early 2018, but we've covered that at some length.

Pia has written about the work she's undertaking for the Aussies and her team's approach, with their five tangible goals, make a lot of sense.

For the record those goals are:

1. Delivery of measurable benefits to the people across the whole government ecosystem;
2. Modelling new ways for public service to work more openly and collaboratively;
3. All-of-service transformation including strategy, policy and importantly, culture;
4. Government to be a social and economic platform upon which "individuals, communities and businesses can thrive; and
5. To establish systemic levers to drive a holistic approach from public servants.

These are bold and useful goals that aren't pie in the sky "what if" dreams but should be quite attainable.

It's something we might like to consider for New Zealand's future as well.

Techblog - A better tomorrow requires change today

Beehive - Rocking Ahead With Fast Internet - TUANZ (2003)

Video is demanding

One of the things we foresaw in 2003 was the imminent demise of Sky TV.

Even then it seemed clear that broadcasting television signals over a dedicate set-top box was a mug's game, destined for the rubbish tip of history. TV was just another series of bits and once broadband was fast enough and those Nokia goggles were cheap enough, we'd all be watching TV beamed into our eyeballs from the internet.

We might not have quite got the goggles bit right (although I have high hopes) but we certainly got the beaming bang to rights.

Last month saw a turning point in New Zealand - for the first time more customers watched Netflix than watched Sky TV. The average household in New Zealand uses around 150GB of data a month - equivalent to 60 hours of HD video being streamed each month. No word on whether that figure includes uploading but either way, that's a lot of binge watching.

Today, TVNZ regularly puts its TV shows to air first via its On Demand app and then over traditional broadcast TV.

In our house we watch a lot of television, but almost none of it is in real time delivered by broadcast capability. I'd say somewhere around 99% of it is delivered online and the only time we watch broadcast is when the All Blacks are playing (assuming I haven't gone to the pub). In fact, the biggest problem we face is the kid not liking that she has to wait a week (sorry, "a WHOLE week") for the next episode of Vanity Fair because she's just not used to it. Poor thing.

There's talk now of Sky TV being sold (possibly along with MediaWorks) to US broadcaster, NBC, but frankly it's almost as if we're discussing the buggy whip union annual gathering after Ford launched the Model T. They're still seen to be powerful and controlling but these days most folks just don't pay them much attention.

Where to next for Sky? Well, content has gone digital and that's an area they need to really beef up. But in order to do that they'll have to stop treating it as an add-on feature that mustn't cannibalise the existing customer base and realise that the existing customer base is no longer theirs for the taking. Digital first must be the company's new mantra and given they're starting a long way back, they really need to get a wriggle on. The future isn't going to wait for ever, you know.

Techblog - SKY TV boss on content wars, satellite vs UFB

NZ Herald - Sky TV buyout rumour as AGM looms

NZ Herald - Netflix now bigger than Sky: Kiwi broadband habits reveal growing hunger for online content

NZ Herald - Comment: Five ways to save Sky TV

The Guardian - Netflix and Amazon become more popular than pay-TV services (July 2018)

Broadband TV News - Netflix overtakes Sky Deutschland in customer numbers (October 2018)

NZ Herald - Fog over Sky Television's financial forecasts as it takes shots at Spark

NZ Herald - Derek Handley under fire at Sky Television AGM

Goods and Services

I shop online quite a lot. Much like watching TV, I like my real world goods chosen from my couch, delivered to my couch and I don't want to wait while someone thinks about bringing the product to a local market near me.

Generally speaking, I buy from international websites and there are a number of reasons for this but in my top ten reasons, avoiding paying GST has never been one of them.

However, the retailers of New Zealand have assured the government that the imbalance in shopping behaviours is exacerbated by the lack of GST and the government has responded by introducing a new GST threshold for imported goods.

If the plan goes ahead, the changes will be introduced from 1 October next year, giving everyone plenty of time to get used to the idea. Prices will naturally go up for goods bought overseas, right? That'll need some managing.

But not so fast, because why the government is introducing GST on all goods, it's removing tariffs and border costs on goods that sell for below $1000, so that will also have an impact.

And goods that are between $400 and $1000 have a different treatment again… so they might be cheaper than they currently are.

It's all very entertaining and the Interest.co.nz story below has a handy chart to explain it all.

At the end of the day two things will happen:

1. People will continue to shop online, both locally and internationally.
2. Retailers in New Zealand will continue to complain about customers buying from the wrong source.

The reason for that is because, as I mentioned early, GST is not the largest factor in purchasing decisions.

I was in a bookshop the other day and saw a book I'd quite like to read.

I like bookshops. I want to live in a community where bookshops exist. I like the smell of them, the off-putting sniff of superiority from the staff member when you ask about some trash novel, the whole thing.

I turned the book over for the sticker price -  $38 (including GST).

I put the book back and went home bookless, wherein I picked up my Kindle and bought the book for $7.

The price differential is just too great. I could justify spending double or even triple on a paper-book but more than five times the rate? No.

I still buy paper books, but I buy them from international providers as well, because somehow they can send me a large format hardcopy illustrated edition of The Hobbit to my house at far less cost than I would pay if I bought it locally, and that's assuming I could find the same edition to buy. Typically, I can not.

I shop online because it's convenient. I shop online because the goods are delivered to my door. I shop online because I can buy stuff that's not yet available in New Zealand and I shop online because the same goods are usually vastly cheaper than they are in New Zealand.

I couldn't give a fig about GST. Add it on. Add on another 15% if you like. It's all good. It's still cheaper and quicker to buy online from an international store, and that means this change to a "fairer" system won't make a blind bit of difference.

Interest - Govt proposes law change to require overseas retailers selling goods to New Zealanders online to start paying GST

Stuff - Tax-free internet shopping to end next October

NZ Herald - Government changes tack on online shopping GST to avoid price hikes

IRD - Summary of Proposals

Rather than being a shopping list for would-be hackers and "script kiddies", the report is designed to raise awareness of the issues facing the modern network manager. The report is hosted at the UK's National Cyber Security Centre (NCSC).

The report is designed to provide "network defenders with an insight into some of the incidents that we and our partners are managing, highlighting the tools' capability and examples of use, plus detection and mitigation advice - all linked into published NCSC guidance" and the centre is seeking feedback.

The list includes the usual suspects but oddly doesn't list "wearing a lanyard and looking like a 50-something IT manager" which probably should be on a list of security issues somewhere.

And as if to prove that anyone can be the target of online security issues, the Minister of Police, Stuart Nash, has revealed his wife's credit card was charged more than $1,000 by some nefarious folks keen on Apple iTunes cards. He is in the process of updating all his passwords.

It's OK, Stuart. It can happen to anyone.

News that almost all of the sub-contractors employed by the contractors employed by Chorus to build the Ultra Fast Broadband (UFB) network are exploiting their workers in one form or another has tarnished what should have been a world-class operation.

It was clear from the very beginning that Chorus (initially the network arm of Telecom) had under cooked its bid for the UFB regions and that it was struggling.

The initial months of the build were marred with stories of delay, expense, of poor communication with customers, of unhappy home owners and plenty more besides.

Chorus started work in the leafy green suburbs of inner-city Auckland, perhaps not the wisest place to test out new techniques and new processes. They could have dug up the footpaths on my street and reinstated them with an open pit and some planks and most of the residents would have seen it as an improvement, but no - Chorus had to start in Ponsonby and other well-heeled areas where residents apparently were more distressed by the thought of the footpaths being dug up than they were eager to see fibre to the door.

It went downhill from there.

The first few years of the build demonstrated a clear difference between Chorus's capabilities and those of the other local fibre companies, who were not only rolling out fibre more quickly but were also connecting more properties and offering a better installation process.

I personally watched a Northpower crew connect a house to fibre in under two hours - from the box on the pole to an external connection point, then on to the internal connection point. There was no arguing with the home owner about how far from the road the connection would be - an extra coil of fibre was included with the connection in case they wanted it moved later on. Compare that with Chorus and its unwillingness to connect houses at the rear of a section because they were deemed "non-standard" and you could see daylight between the two deployments.

And then there were the horror stories.

Connections stapled to fence lines. Gardens dug up. The legendary auger punched through the middle of a wall, and also through the sliding door inside the wall.

To top it all off, Chorus had the audacity to put up its hand and demand an extra $600 million to complete the project, although once EY was brought in to review its sums, the company suggested Chorus had more than enough tucked away and if it just got on with the job at hand it would be able to get it done without too much more excitement.

Now, when we look across the Tasman at the farce that is the NBN deployment, we can no longer smugly suggest that Kiwi Know How delivered a better result.

It wasn't Kiwi Know How at all - it was shoddy labour practices, cut-price workers brought to New Zealand with the promise of visas, minimal training and support and wages that would make an independent courier driver red-faced with embarrassment.

Chorus has started an internal inquiry and hired someone to have a look at what could possibly have gone wrong.

I trust they'll be given access to the Telco Carrier Forum minutes from about seven years ago because I distinctly remember raising the question of training for the UFB deployment and being told it was all well in hand.

Apparently that meant passing the responsibility on to contracting companies who passed on the country's largest network deployment since the introduction of electricity or running water to lowest-bid contractors.

Hardly the Kiwi way at all.

RNZ - Exploitative Chorus sub-contractors 'promising visas'

Techblog - UFB contractors breach employment standards: MBIE

NZ Herald - Chorus hires independent investigator after subbie exploitation claims

Newshub - Chorus subcontractors 'exploiting' migrant employees

Computerworld - Almost all Chorus broadband subcontractors breaching employment standards

Otago Daily Times - Chorus broadband subcontractors 'breaching labour laws'

NZ Herald - Why Chorus shares rose to near all-time high amid MBIE's subbie exploitation claims

EY report - Independent Assessment of Chorus' Financial Position (December 2013)

Zen Security Koan

If a tree falls in a forest and no-one is around to hear it, does it make a sound?

Similarly, if a social network closes its doors but nobody uses it, should anyone care?

The answer is probably yes, because while nobody I know actually used Google+, the idea that Google would find a security flaw but then hide that news from its users for several months is too loud a story to ignore.

Google found the flaw in Google+ in March and promptly fixed it. While the bug had been embedded in the code since 2015, it was its actions after the discovery that count. Instead of telling its user base (nearly half a million are estimated to have been impacted), Google kept quiet because its mortal enemy Facebook was at that time in the centre ring defending itself against accusations of its own shoddy security practices alongside Cambridge Analytica. Someone at Google HQ had probably read the adage about never interrupting an enemy when they're making a mistake and thought "we'll stand back".

Unfortunately, while expedient in the short term, this decision has cost Google (sorry, Alphabet) any moral high ground it may have had in the ensuing debate on privacy and, if the US government can fit them in, no doubt will result in Google executives having to explain themselves before a hearing or two.

How the EU handles this will also be interesting, given the introduction of the GDPR with its mandatory reporting laws.

We of course don't have such mandatory reporting in New Zealand just yet, but once the Privacy Act is re-written I would hope it will include some fairly eye-watering provisions for this kind of cavalier approach to user privacy.

Wall St Journal - Google Exposed User Data, Feared Repercussions of Disclosing to Public

NY Times - Google Plus Will Be Shut Down After User Information Was Exposed

NZ Herald - Google Plus to close after bug leaks personal information

Marketplace - Is the Google Plus data breach a threat to Google's business?

Intolerance

I've just had to report yet another muppet for abuse, but I doubt much will happen to them.

At most their social media account may be suspended temporarily, possibly even permanently. That never stops them - they set up another and carry on regardless.

I've been subject to cyber-bullying myself, and while I make fun of it now at the time it was mortifying. I'm not going to link to the content, but someone with no scruples decided the best thing he could do is scare a lot of old people about why I was stealing their retirement savings, and give them my phone number to call. It was all around the Copper Tax and Chorus's begging for more money. It affected their share price and so of course, that meant old dears should ring me to tell me off.

One dear old couple did.

I try to be polite but it was clear they didn't want to listen to me explain why I wasn't stealing their retirement savings (I wasn't, honest). Eventually I did explain the reasons why TUANZ and I (and ITP and InternetNZ, and Consumer and countless other organisations) were arguing with Chorus about the price and they seemed to get it but frankly it was a good hour of time on a Saturday that would better have been spent mowing the lawn, or having a barium enema, frankly.

These days it seems the fun has mostly gone out of social networks. Unless you curate your followers, that is. I spend quite some time trimming, muting, blocking and generally disengaging from those whose only reason for being seems to be to pick a fight.

Initially I was concerned that this would leave me in a bubble, a consensus-cluster of like-minded folk, but that's not the case. I follow plenty of people that I disagree with and often engage in useful and entertaining discussions with them.

But the cyber-bullies (there are other words for them, but this is a family show so let's use that one) aren't interested in improving anyone's world view, they're only interested in harassing and debasing people they scarcely know.

Netsafe has published a report into the impacts of cyber-bullying (the real stuff, not old dears ringing me up at home) and even before you take into account the flow-on effects of time off work, of having friends and family spend time with you to support you, without the impact on your own ability to get on, the cost is a staggering $444 million a year.

It's worth reviewing your own company's policies with regard to this kind of behaviour. There's a lot going on that isn't all right, that simply isn't acceptable and it's high time we stopped turning a blind eye. It's time to be intolerant of intolerance.

RNZ - Cyber bullying: The growing menace costing NZ $444m

Newshub - Cyberbullying costing New Zealand $444 million a year - NetSafe

NZ Herald - The true cost of cyberbullying to NZ: $444m each year

NZ Herald - Lizzie Marvelly on cyber bullying: a 'tidal wave' of online attacks 

Alex Sims, Principal researcher and Associate Professor of Commercial Law at the University of Auckland says cryptocurrencies are here to stay and that this country is missing a trick if it doesn't get to grips with the technology.

"New Zealand has fallen behind countries we like to compare ourselves with, including Australia, the United Kingdom and Japan. So now we need to live up to our reputation as nimble, agile and innovative and rapidly follow the lead of those other countries. That's the only way we can maximise the opportunities that blockchain offers," she says.

"There is a lot of denial about how disruptive blockchain will be, but this is not a flash in the pan. It will be more transformative than the internet."

Countries embracing cryptocurrencies are Sweden and the Marshall Islands, which Sims says are looking to introduce their own central bank-issued cryptocurrencies. In addition, large corporates such as IBM are using cryptocurrencies to shift value around the world.

It isn't all about Bitcoin either, which is just one of hundreds of cryptocurrencies - albeit the one that grabs all the headlines.

"Beyond changing the way we pay for things, the use of cryptocurrencies in combination with smart contracts (which also utilise blockchain technology) has the potential to profoundly transform everyday commerce," Sims says.

The research examines the advantages of 'smart contracts', which are self-executing computer programmes embedded in a blockchain. According to the report, smart contracts allow for some cryptocurrencies to be programmed so that they can only be accepted by certain people or organisations, and the limitations can remain for a set period or forever - something which conventional money simply cannot do, says Sims.

"Smart contracts are being used, or are planned to be used, in everything from the secure storage of patient health data, clinical trials, and electronic voting to health and safety. Smart contracts can also be used to track products from source to consumer, offering unparalleled transparency around provenance, food safety, fair trade and sustainability."

While the New Zealand Government is currently taking a "hands off" approach to cryptocurrencies, the report's authors propose that it should look to actively encourage blockchain businesses to set up here. Their recommendations include that the Reserve Bank of New Zealand (RBNZ) trials the creation and issuance of a New Zealand cryptocurrency, the Inland Revenue Department accepts cryptocurrencies for the payment of taxes and cryptocurrency exchanges be encouraged, with clear and detailed guidance provided as to their anti-money laundering/counter-terrorism financing obligations by both the Department of Internal and the Financial Markets Authority.

The full report is authored by Sims, Dr Kanchana Kariyawasam of Australia's Griffith University Business School and the late David Mayes, Professor of Banking and Finance from the University of Auckland Business School, to whom it is dedicated. You can read more details here.

For a 90 second refresher on blockchain, go here. 

A spotlight is being shone on online harm - and along with it, discussion around societal expectations of how we behave online.

Ultimately, we should all be looking for ways to provide protection for people while maintaining balanced and respectful public discourse. However, the complexities of the problem and the intricacies of finding practical solutions means that approaches to address the problem needs careful consideration. Online safety is a space where many factors intersect and intertwine - wellbeing, education, technology, regulation, entertainment, industry and enforcement are just some of these.  

Conversations around online safety often revolve around what more can be done or who isn't doing enough, with the providers of the technology often finding themselves in the firing line. But keeping yourself safe online is not simply a case of permissions and passwords - it's a complex series of events and actions that can have far reaching repercussions for those involved, and can manifest themselves a long way from the platforms in which individuals may be engaging or sharing with others. If a safe online experience can be supported by the technology, then the technology industry itself has to be given the opportunity to be involved in the conversations around what online safety should look like, rather than simply be expected to fix the problems after they have appeared. The idea of "safety by design" in the products we all use must be central to the conversations that we all have as we strive to improve individuals online experiences. 

For this to happen, the online safety community needs to ensure that we are able to guide the technology industry based on our knowledge and experience to help make sure the technology responds to the changing safety needs of individuals. We need to clearly define where the issues lie in order to deliver the "safest" possible experience for those that use the next generation of online tools and services. We all need to talk more.

One of the largest meetings of those involved in these intersecting fields is Netsafe's 2018 Trans-Tasman Online Safety Conference being held in Auckland later this month. The conference includes local and international speakers covering some of the biggest topics in online safety right now.

A post-conference statement will be produced from the discussions being held and the expertise being shared. Our hope is that the statement will capture a large portion of the issues, challenges and solutions identified by the conference attendees.

Event Details

The Crossroads conference is co-hosted by Netsafe and the Australian Office of the eSafety Commissioner and tickets are available now. We encourage anyone who has an interest in the conversation, issues and solutions around online harm to join us at the conference. 

• The Crossroads Trans-Tasman Online Safety Conference
• 10 - 11 October 2018 
• Hilton Hotel Auckland, New Zealand 
• 50+ local and international speakers
• View the full line up and get tickets here.

Conference Keynote Speakers

• Rachel Madden - Google, Public Policy and Government Relations Analyst (USA)
• Anja Dinhopl - Research Manager, Facebook (USA)
• Tessy Ojo - The Diana Awards (UK)
• Justin Patchin - University of Wisconsin-Eau Claire (USA)
• Shamubeel Eaqub - Economist and Author (NZ)
• Michael Berson - Professor and Chair, Department of Teaching and Learning at University of South Florida 
• Dr Ilene Berson - Professor of Early Childhood, University of South Florida (USA)
• Georgie Harman - CEO of Beyond Blue (AUS)

Sean Lyons is responsible for Netsafe's work in the Education sector, public education and strategic partnerships. Sean comes from a background in the IT industry and the education sector having spent part of his career as a classroom teacher and school leader. He is incredibly knowledgeable about online challenges and is responsible for Netsafe's programme to combat child sexual exploitation material.

Of course, with Facebook, that's probably just the tip of the iceberg because of the massive amounts of data Facebook stores on its user base.

This vulnerability is unlike the Cambridge Analytica breach - which was based on a third party company using access to Facebook's data incorrectly, according to Facebook.

This time round, Facebook has no-one else to blame as it appears the breach is via up to three security holes in its own API software.

The flaws, which have been in place since July 2017, weren't spotted until unusual activity alerted Facebook to the problem in August 2018 - presumably the hackers have had some time to do whatever it is they set out to do.

While 50 million have been told they have problems, a further 40 million have also been forced to reset their passwords as a precaution. While 90 million affected users make this one of the biggest security breaches in recent times, with a user base measured in billions it is a small part of the Facebook base.

The timeline of the Facebook hack may prove challenging for the company, especially in Europe where the General Data Protection Rules (GDPR) require any such data exposure to be reported within 72 hours.

Facebook uncovered the attack on Tuesday last week, notified the FBI on Wednesday and on Thursday fixed the vulnerability. Whether it also reported the breach to EU officials remains to be seen.

Facebook has also reported declined to publish links to a Guardian story about the breach, defining them as spam. Facebook threatened to sue the Guardian after it reported on the Cambridge Analytica breach, but did not follow through after the company was fined for the breaches.

Stories about the current breach published by other outlets were able to be shared by Facebook users.

A few weeks ago we talked about the EU and its plan to introduce new copyright laws in the shape of Article 11 and Article 13. I suggested the EU would be stupid to do so because they don't understand what they would mean for the internet. I hoped they would be watered down or rejected entirely and that saner minds would prevail.

Reader, they did not.

So the EU now has a new approach to copyright which will entrench existing businesses as leaders in their fields (think Google, YouTube, Facebook et al) and make it cost prohibitive for any new provider to enter the market. The Two Pauls' World of IT will, I am sorry to say, not be coming to a web browser near you any time soon.

The two articles are in and of themselves quite laughable really but put together they spell out the end of the internet as we know it.

The internet is, as one pundit said so eloquently, a giant copying machine. Everything we do is copied and shared around. My email doesn't travel, despite our terminology, it isn't 'sent' anywhere. I have the original on my machine, a copy is made by my ISP, it's copied to the recipient's ISP, from there to the machine they use to receive it, and so on.

However, now if we're sending and receiving materials that may be copyrighted (that is, if I talk about Mickey Mouse or post his likeness for example) my ISP is liable to do something about it.

Of course, I'll be using acceptable and commonplace laws to defend myself. It was free speech. It was parody. It was a quote for review purposes. It wasn't actually their copyright to begin with.

But none of it will matter because the ISPs and those responsible for hosting content will strike first, lest they be sued as a co-defendant. And knowing the American legal fraternity as I do (motto: sue them all, let god sort it out"), we're likely to see attacks on free speech, on parody and on content that isn't actually owned by the attacker, but which they might try to secure a fee for "protecting".

So that's Article 13. And to be fair, I can live with that. It's stupid but it's unpoliceable. The meme police will never keep up. I'm a social media addict and I can't keep up. Forget it. As the Bard famously, said "THIS CONTENT REDACTED FOR LEGAL REASONS".

But Article 11 is the really stupid, kick in the teeth. This is the article that says if you link to something copyrighted, you'll have to pay a fee. The "link tax" is going to cripple sites like Wikipedia (which is infuriating but so very valuable as a resource) because every man and his dog will charge a fee to connect to materials. Google will absorb the cost and grumble but carry on as before, but the aforementioned Two Pauls Site of Fun and Frivolity won't be able to do the most basic thing on the internet - share information - because the fees will cripple the plucky little start up.

And let's not forget, sharing links to content is what the internet is. CNN, the New York Times, this newsletter, the BBC, NBR, the New Zealand Herald, Stuff, every movie that's been released since The Phantom Menace, they've all made use of the internet as a marketing tool, to share links as a way of encouraging attendance at, or purchasing of, content.

Scroll to the bottom of this page and you'll find dozens of links. Every underlined sentence is a link. It's ubiquitous and essential and now the EU says it's taxable.

I shall have to take it further. Every time I'm quoted in a news story, every time a tweet is taken by a newspaper and shared as if it meant something, every time a newspaper refers to another source of information, I shall issue a takedown notice and see how far I get.

That's just silly, you say. And you're absolutely right. It's absurd.

Wired - What is Article 13? The EU's divisive new copyright plan explained

The Hollywood Reporter - What New EU Copyright Law Will Mean for Media, Tech Companies and Users

The Verge - EU approves controversial Copyright Directive, including internet 'link tax' and 'upload filter'

Gizmodo - The End Of All That's Good And Pure About The Internet

This statement is untrue.

It's 125 years since New Zealand women were given the vote.

I've written that sentence several times this week and every time I've had to re-write it, because of course "New Zealand women" were not "given" the vote: the fought for it, and wrestled it off the patriarchy.

So it's 125 years since women won the right to vote in New Zealand, but we still use the passive voice when talking about women and we still refer to women as if they were something else (even this sentence assumes you're male).

And we still have a skills shortage in New Zealand and indeed around the world because women don't like to do maths or software development or engineering, it's not our fault but they don't want to.

Except that's not true either.

I know plenty of women in technology. I've seen plenty of women who can code, who can run teams, who can own businesses, who can compete in online games, who can work for multinationals and deliver results. I know women who fly planes for a living and who are far more capable at tech-related activities than I am.

But somehow we still don't seem to have many women joining the ICT field.

At TUANZ I was a regular attendee at tech events. I would always count the crowd (old habit as a journalist - count the front row to get a base, count the number of rows of seats, report accurately on the number of people) and would count the number of women on one hand. Always it was on one hand. When you exclude the conference organisers (nearly 100% women) and the PR people (at least 75% women) there were generally only enough to fit on one hand, regardless of the size of the audience.

Surely this year, I thought, we'd see an end to all that, but then of course Facebook reared its ugly head.

Facebook (motto: it's all our money, you can't have it) has of course become an advertising behemoth and as has been discussed before, those who pay get priority over your aunty's holiday pictures or that post from the group you belong to about saving the whale.

Those who pay get a tremendous dashboard to fiddle with. You can target advertising at a geographical region, at an age group, at fellow racists, at left handed New Zealanders living in the US who earn more than $45,000 a year.

You can also target your advertising at men, and exclude women, if you so wish.

This is of course discriminatory and arguably illegal or, as Facebook would have it, a feature not a bug.

Guys (and I do mean guys) we need to get past this. We need to address the elephant in the room and 99 times out of 100 that elephant is us. Let's figure it out, eh?

Stuff - Claim Facebook let US companies target men, exclude women, in job ads

Wired - ACLU says Facebook ads let employers favour men over women

Facebook Business - Why can I only target ads to men and women when folks can select other genders?

Stuff - Cracking code all in an afternoon's work for the girls at CodeCamp

Trees and wifi

I do like that old adage about "if trees provided wifi we'd all be out planting them everywhere but they don't, they just provide oxygen" which is funny because it's true.

Now of course trees that get in the way of the wifi (or, in this case, the fixed wireless signal) are up for the chop because one court believes internet access is some kind of basic human right or something.

It's quite a conundrum.

I like trees, but I also like wifi and internet access, but if my neighbour chopped down one of my trees (I have a gorgeous "dwarf" pohutukawa that will never grow more than 3m high. Currently it's about 12m and about to turn a gorgeous red) I would burn his house to the ground or some other excess of hyperbole.

While the judge in this case said no, you can't chop the trees down (they mostly block the view and the internet interference could be resolved with a receiver on a pole) she did say: "undue interference with a wi-fi signal caused by trees could constitute an undue interference with the reasonable use and enjoyment of an applicant's land for the purposes of s 335(1)(vi) of the [Property Law] Act" which is legal code for why not try it and see what happens.

I'd like to think we could live in harmony, our trees and our wifi receivers, our fibre connections and our driveways, but this is not to be. Not yet, at any rate.

Speaking of driveways (ED: I see what you did there), it's time to update you all on the seemingly never ending saga of Getting Fibre Put On At Home.

Astute readers with good search engine skills may recall that I had fibre put on at home quite some time ago. Despite setting a time when a chap would visit to assess the property, some fellow turned up at random and started walking around wearing his high-viz vest.

With rat-like cunning I went out there to derail his plan to claim I wasn't home. We talked about how the connection would go and it went like this:

Me: I'd like the connection to come in at the back of the house where the home office is.

Him: No. It will attach overhead at the front where the old phone line went.

Me: Ah but I have a star-configuration CAT6 network throughout my house and the access point is at the back.

Him: I don't know what that means but I'm not connecting there, it's going in overhead to the front.

Me: But that just won't do.

Him: If you reject my design you'll go to the back of the queue and we'll revisit your connection after we've done the rest of the Auckland peninsula.

Me:….

Him:….

Me: Fine. You win.

The connection is in and works well but it means that at one end of the house I have poor internet because reasons.

So now that we're ripping up the driveway to put down one that isn't made of crazy paving and tree roots I thought "Great, I'll get in touch with my RSP who will arrange it all and I'll just grit my teeth about the cost."

Sadly, that cost is, apparently $4500 for a connection that's roughly 15m in from the kerb, and which won't be buried under the new drive but will have to be micro-trenched across the damned thing.

Maybe wifi isn't a bad option after all.

NZ Herald - Property owner can be forced to cut trees if they interfere with a neighbour's Wi-Fi, judge says

Stuff - Court rules trees blocking broadband can face axe

Privacy is usually treated as a fundamental human right, but in New Zealand at least it's not part of the Bill of Rights.

There isn't a single mention of the word "privacy" in the bill.

Yet most people will tell you they have a right not to have neighbours take photos of them in their home, that they should be free from surveillance and should be allowed to get on with their lives without having to worry about being spied upon.

Of course, many New Zealanders will tell you they don't have anything to hide and so they don't care about our privacy laws. I like to ask them what their bank account number is to see if they flinch - they generally do - because privacy issues aren't about whether you've got something to hide at all. The issue is about consent.

Having a Facebook page doesn't mean you've given up the right to decide who gets to look at your information at all. You haven't sold away any right to say "now hang on a minute" and demand that an agency or dodgy neighbour or stranger in the street do the right thing by you in terms of your private life.

Fortunately we have the Privacy Act which is nice and easy to understand (always a plus in legal circles) and which requires government departments in particular make obvious what information they're storing, why they're storing it, how they collected it and that they will give you access to that information so you can amend it should it be inaccurate.

I have an Official Information Act request in to one such government department at the moment - a request for information relating to whether data was gathered and how it was collected. The agency has failed to respond so I've complained to the Ombudsman's Office and they're currently investigating for me. If that doesn't work, it'll be the Privacy Commissioner as my next stop because government departments are accountable.

So too are any other organisation that collects data and in this day and age there are a lot of them. They collect data you freely give (name and email address for example) and they collect data you didn't know you were sharing ("to see what kind of Star Wars character you are, simply give this app access to your Facebook account - we promise not to post anything without your permission" failing entirely to say that you've just shared all your contacts, what you like to read, what you've liked and countless other snippets of valuable information) and they collect data you didn't know you'd generated (where you were standing when you sent that text message, what time of day you sent it, what type of device you used and so on).

Our Privacy Act is quite old and in need of more than a lick of paint - it needs major renovations, if only so we can hold those agencies that gather data to account when they fail to secure that data. It only takes one company to tell the world your IRD number, your mother's maiden name and your bank account details and your identity and credit rating are compromised for the rest of your days.

InternetNZ's James Ting-Edwards has written a nice piece (see below) about the need for an upgrade and the need for local politicians to understand why it's important. Feel free to tell your MP you'd like to see this progressed with due care and attention because it'll be a long time before we revisit this particular piece of legislation I'm sure.

And if you need to understand why we need robust privacy protection, check out the two Boing Boing articles on Facebook and the reach one company can build in the time since the last Privacy Act was passed into law.

The Spin Off - NZ's privacy law is covered in dust. We need a reboot for the internet age

Boing Boing - Young people finally fleeing Facebook, say researchers

Boing Boing - Find out who's manipulating you through Facebook political ads with ProPublica's free tool

OMG not this again II

You can always tell how desperate a government is to introduce things by how quickly they point the finger at terrorists and child pornographers.

Need new laws to stop people buying stuff in other currencies? Terrorists! Child pornographers!

Need to introduce new laws requiring networks to hand over information about customers? Terrorists! Child pornographers!

Want to terrify little old ladies in their homes about the evils of bitcoin? Terrorists! Child pornographers!

This time round it's the governments of the Five Eyes group (Australia, New Zealand, Canada, the UK and USA) who have once again started talking about how dangerous encryption is and how paedophiles use it to steal babies or something much like that.

It's a story they've trotted out before and is a cause to which they continue to rally, despite little evidence of a clear and present danger to life and limb.

Osama Bin Laden, it should be remembered, was tracked down not because he used text messages or Facebook but because he used human messengers and one of them dobbed him in.

Yet we're still told that encryption is bad and only used by terrorists and child pornographers.

The latest ministerial meeting of Five Eyes' nations saw the group release a lovely statement calling on IT providers to "voluntarily establish lawful access solutions to their products and services" or face having these countries introduce legislation forcing them to break their own security standards.

Australia, it should be noted, has bought into this hook line and sinker, and introduced legislation that will require service providers to allow Australian officials access to the content of messages should they want them. This isn't so much a back door into encryption-secured messaging services, but a front door. Give us the key, they say, or we'll force you to do so.

Cory Doctrow has a nice piece (link below) that outlines why this is such a stupid idea.

"Use deliberately compromised cryptography, that has a back door that only the "good guys" are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption."

I use encryption-based software all the time. So do you, probably.

I use it for chatting with friends, but also to chat with business partners, clients and colleagues. I use it to conduct online banking transactions, something I want to be very secure, and I use it when I shop online and spend money. If I transact with my government I want that to be secure so when I ask for a passport they know it's me and not someone next door having a laugh. I use encryption when my computer talks to other computers on the internet and I use it when I make phone calls because unless you have a very good reason to be listening in (that is, get a warrant) you shouldn't be given access to the tools to breach my privacy.

Once again, none of this means I have anything to hide, but it does mean I don't want to broadcast my private conversations to the world at large. I am sent confidential information that I have a duty to look after, and I've signed many serious-looking documents that say I will do what I can to ensure the integrity of my clients' information.

How can I, or any of us, operate in a world where that is all secondary to the ongoing hunt for terrorists and child pornographers and is the price we'll pay actually related to that and actually worth it?

TechBlog - Five Eyes calls on tech sector to 'do the right thing'

Boing Boing - Oh for f***'s sake, not this fucking bullsh*t again (cryptography edition)

New York Times - 'Five Eyes' Nations Quietly Demand Government Access to Encrypted Data

InternetNZ - InternetNZ is calling for debate on Five Eyes recommendations

Stuff - Prison boss fired for illegal spying

NZ Herald - Ministry staff misconduct claim as inquiry into government agencies' use of private investigators Thompson and Clark widened

OMG not this again III

Speaking of governments doing stupid things (ED: Not another rant about the CTO role, surely?) here's the EU being stupendously stupid in a way that beggars belief.

Normally the EU is a bastion of calm and rational thought (ED: Not another rant about Brexit, surely?) and has managed quite well to navigate the waters of fast-moving tech despite being a cumbersome, slow moving, multi-headed bureaucracy.

Just look at the way the EU regulated telcos to introduce competition. Just look at the General Data Protect Regulations, that make a lot of sense and are the gold standard for privacy discussions. Just look at the way they're not part of the Five Eyes consortium (Ed: That's probably enough about Brexit for one week).

But sadly, even the EU with its grey-suited mandarins from Belgium have managed to hang their hat in the hall of shame that is "hey, this thing is new and we don't understand it: let's regulate it!" that is technology in the early 21^st century.

The EU wants to break the internet as we know it in the name of saving copyright.

The EU has been mulling over an update to the EU Copyright Directive (which is a bit old and dusty since it was written 17 years ago) and all was going along quite normally until earlier this year when Article 11 and Article 13 (two components of the regulation long since rejected for being unworkable) were reintroduced.

Next week the EU will vote on whether to introduce the new Directive with both articles in place.

Article 11 is the so-called "link tax" which says online services are banned from allowing anyone on their site (think Facebook or Twitter or pretty much any blog or presumably email) to link to a news service story unless they get a licence to do so.

The article does not define what a news service is, or indeed what a link is, so expect a lot of legal battles over whether or not My Dodgy Blog is news or just the meanderings of a madman accidentally protected under the new law.

Article 13 requires anyone who posts video, audio or indeed anything that can be copyrighted to send these posts to a copyright authentication unit (!) before publication. The unit (basically an algorithm because they Know Everything) will decide whether or not your content breaches someone's copyright and act accordingly.

"This post has been APPROVED by the copyright machine."

Given the US legal industry's love of filing legal challenges to tie up competitors in court, and the reluctance of YouTube, Facebook, Google, Twitter and all the other US companies to actually think about these things (if they receive a takedown notice they usually just remove content even if you happen to own the copyright to the thing you put online) you can easily see where this will all lead.

Now think about how Wikipedia will look if either of these Articles is introduced. How would a not-for-profit organisation survive when faced with a tax on every link ("you must buy a licence before you can link to my content") or having takedown notices served constantly about content that may or may not actually be posted illegally.

In case all this sounds eerily familiar, it should. Article 13 was rejected in July this year but has made a stunning return from the dead and is alive and kicking once more.

If you think this isn't a problem because New Zealand isn't in the EU and we don't abide by such laws anyway, just remember that the internet is a global beast but two main factions (the EU and the US) are home to much of the content we consume and if the EU changes its laws the rest of the world is likely to introduce similar laws to maintain an even playing field.

And that playing field will be laid over the top of what remains of the internet of old. RIP.

EFF - Why the Whole World Should Be Up in Arms About the EU's Looming Internet Catastrophe

EFF - 70+ Internet Luminaries Ring the Alarm on EU Copyright Filtering Proposal (June, 2018)

Boing Boing - Wikipedia's warning: EU copyright changes threaten the internet itself

Wired - The EU's dodgy Article 13 copyright directive has been rejected (July 2018)

CNet - Article 13: Europe's hotly debated revamp of copyright law, explained (July 2018)

Without any irony, Trump blasted Google and the "fake news media" for consistently reporting negatively about his term in office, while apparently tucking away any positive coverage during a search for "trump news".

Google's algorithms for search results are, reportedly, based on the web of links to and from websites, so mainstream media, such as CNN, NBC, Fox and others, tend to dominate the first page of results in any search for high-profile news stories.

That hasn't deterred the president from calling on his office to investigate whether or not it can regulate search engine results. Larry Kudlow, Trump's economic adviser, says the White House is "taking a look at it".

In a statement published in the Washington Post, Google, says its searches aren't politically biased.

"When users type queries into the Google Search bar, our goal is to make sure they receive the most relevant answers in a matter of seconds. Search is not used to set a political agenda and we don't bias our results toward any political ideology."

Three news stories this week mean we must surely give pause for a moment and reflect on what is going on with the internet.

The three stories relate to Microsoft and Facebook policing the internet.

The first story - Microsoft shuts down a dozen sites that would potentially have been used for phishing attacks on people trying to connect with US senate organisations or with right wing think tanks.

The second is that Facebook (motto: no content too shameful) has introduced a reputation score so it can try to assess whether those people complaining about fake news are real or just trying to get real news black listed.

And the third is that Facebook is shocked, shocked! to discover that there are hundreds of fake pages posted by Iranian and Russian organisations cluttering up the otherwise pristine landscape of social engagement and cohesion that is the book of face.

Each on their own speak to a certain move by these giants of the tech world to better manage the internet. Yes, it's the wild west out there, but more importantly these days, it's the wild west with cold war propaganda and PsyOps campaigns flooding our timelines.

So good on them for cleaning up a bit and doing what's right.

Sure, Facebook could go a lot further and do something with the billions of dollars it has sucked out of the mainstream media market by way of providing some kind of editorial control over its posts (and once again, this isn't a free speech issue, this is a "abide by the law regarding defamation and don't pass off fiction as fact" issue) just as the newspapers of old used to do.

But it's good to see them do something, I suppose, even though I do still have the cynical view that this is the bear minimum in no small part because Facebook relies on people clicking on stuff in order to make a buck and if it limits the stuff, fewer people will presumably make few clicks and the coffers will run dry (for a very very wet definition of the word "dry").

And Microsoft clearly still has a role to play in terms of seizing domains and working with The Authorities to ensure this Doesn't Happen Again and so forth.

And they're both doing more than Twitter which is about to implode if it doesn't figure out how to please the people who use the service while simultaneously not upsetting the Nazis (I don't know it's a well-thought-out business model but hey, what do I know?).

But it does leave me wondering: just who is going to police these mega-corporations in their quest to police the internet?

I am reminded of the Curious Case of Sterling Ball, a small but lucrative guitar string maker in the US that found itself a poster-child for Linux deployments in corporate America.

Sterling Ball was raided by the BSA and found to have more PCs running Windows than it had licences for. In this case, the BSA is not the Broadcasting Standards Authority, but rather the Business Software Alliance, a Microsoft-led initiative designed to work with law enforcement agencies like the FBI to root out those nefarious scoundrels that were stealing copyright works from under Microsoft's nose.

In 2000, Sterling Ball pleaded guilty to having unlicenced copies of Microsoft and settled the case for US$100,000. The CEO of the family run business then told his IT manager to uninstall everything Microsoft and find an alternative.

"I said, 'I don't care if we have to buy 10,000 abacuses, we won't do business with someone who treats us poorly.'"

That story always stuck with me because Microsoft had set up its own enforcement arm that was quite happy to kick in the door and arrest customers. What happens in an online world if we abdicate responsibility to our tech partners? Will we find Amazon removing books from our Kindles? Will Apple remove music from my iPhone? Will Facebook uninstall me so nobody can ever talk to me again?

In many respects what we're doing by allowing or even requiring these companies to take on such roles is a continuation of what's gone before. We allowed Facebook to devastate the mainstream media with its un-edited, un-moderated content which it called news and ended up in a pickle. Now we're asking them to fix the problem for us. It's yet more abdication of responsibility, another way of saying "we can't do this, it's too hard. You do it for us," and hoping they play nicely.

Given they're all corporates hell bent on running our lives forever, I can't see how it will end well.

Techblog - Microsoft moves to shut down alleged Russian phishing sites

BBC - Facebook gives users trustworthiness score

Washington Post - Facebook is rating the trustworthiness of its users on a scale from zero to 1

Ars Technica - Facebook: Iran has been posting hundreds of fake pages since 2011

CNN - Facebook takes down 652 pages after finding disinformation campaigns run from Iran and Russia

The Spin Off - The real ratings of NZ's news sites shows some have a big problem

CNET - Rockin' on without Microsoft (August, 2003)

Top Gear

All around the telco world, loins are being girded as the need to plunk down some serious cash to buy spectrum licences to operate 5G networks looms large.

It's a constant conundrum in the telco world - how best to balance the need to keep customers satisfied (typically these days this satisfaction is measured in terms of network speed) with the cost of providing that service (billions to roll out a new network) divided by the price you can charge a customer for that exciting new network (slightly more than you charge today, but with massive upgrades in terms of data limits and so on).

Given the razor thin margins telcos operate under, is it any wonder there's already a lot of noise about the impending price governments will ask them to pay for spectrum rights?

Now before you start feeling too sorry for the telcos (I know, unlikely but still plausible) do remember that they make a lot of money and if they can afford fancy downtown offices they can surely afford a few mill for the licence they need to operate a network.

Plus of course they'll need some pinga for the new network gear they'll have to buy.

In the old days this was a foot race between Nokia and Ericsson until along came Alcatel-Lucent to provide a bit of competition. But that was in the 3G world and frankly we haven't lived there for a long time. These days, network kit comes typically from China and in particular from Huawei which has long since taken the reins of the network industry and now drives it along at a fair clip.

Huawei has a problem, however. The Americans don't trust them and claim they're part of a Nefarious Plot to gain access to all of America's secrets.

Putting aside for a moment the idea that America's secrets aren't being played out for all to see one tweet and one plea bargain at a time, and putting aside the idea that other network equipment makers haven't been siding with various national governments for years (looking at you, Nokia), you have to wonder if this concern is real or if it's an excuse for a swift round of trade exclusions using security as a cover.

But that's America for you, and in the rest of the world Huawei has pressed on regardless. In the UK it even offered up a software lab wherein sceptical UK folk could analyse the software and firmware of all its network gear to determine whether there's anything underhand going on.

But in the US tier one telcos (the big guys) aren't allowed to use Huawei gear. In Little America (aka Australia, motto: We can replace our Prime Ministers just as often as the Italians if we want) they've followed suit and introduced a "Huawei cannot work here" rule that means Australian networks will be free of any possible Chinese spying unless of course you count all those phones that are built in Chinese factories, all those wifi repeaters and routers that are built in Shenzhen or any of the other bits of kit that may or may not be riddled with spyware on behalf of everyone else.

Good work.

ZDNet - Australian government bans Chinese vendors for 5G

Financial Times - Why the UK has national security fears over China's Huawei

The Register - Australia blocks Huawei, ZTE from 5G rollout

The Guardian - Huawei P20 Pro review - the three-camera iPhone killer

The attack was conducted apparently by the group known as Fancy Bear, the Russian group with ties to the attack on the Democratic National Committee in 2016. The group is said to have ties with the Russian GRU intelligence agency, a claim the Russian government denies.

Microsoft seized six phishing domains that appear to be aimed at spoofing US government targets. Addresses include "senate.group" and "adfs-senate.email." 

In a statement, Microsoft president Brad Smith says the company had no evidence the domains had been used in any successful attacks to this point.

"Nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains." However, the company seized the domains as they follow a familiar pattern of activity.

"We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week's order fit this description."

There has been no comment from the Trump administration on the matter at this point.

Not really. Sadly, the Lucky Country is in the middle of a monster drought which shows no signs of letting up any time soon. It's also apparently willing to elect a man who can't accept that calling for a "final solution" to migration could be taken at least two different ways, and it's also a country where the government is so pig headed it won't accept that it can't legislate its way out of encryption.

This government, you may remember, is the same one that thought it was OK to not pay too much attention to personal health records and made a bit of a pig's ear out of that process.

Well the same people have brought you a new law (the Assistance and Access Bill) that ensures the government doesn't just have a back door into your private data, it has the front door as well.

IT providers, ISPs and oh pretty much anyone you can buy a service off has to conform to the law and hand over anything you might have stored there if asked for it. They also face fines if they tell anyone that the government has asked for the data.

Still, if you've got nothing to hide you'll be fine, eh?

The law presumes that anyone who wants to secure (or "hide") data must have some reason for doing so and those reasons don't extend to "it's none of your business" or "it's my client's data" or "it's personal" but rather start and stop with "I'm a criminal, come at me".

The upshot is, anyone doing business with a company based in Australia should be very cautious about what materials it shares with the Australian business because as it stands they may well have no recourse but to hand it all over to an Australian government official with little or no regard for the real ownership of that data.

And just to reiterate the main point: it's not about having something to hide, it's about having control over your own personal information.

I don't have anything to hide, but I also don't share my bank account number online. I don't have anything to hide but I close the blinds when I go to bed. I'm not hiding anything, I am enforcing my right to privacy and to decide what I will share and when.

In Australia, you aren't quite so lucky.

The Register - Australia's Snooper's Charter: Experts react, and it ain't pretty

The Register - When's a backdoor not a backdoor? When the Oz government says it isn't

CNet - Facebook, Google, WhatsApp in the firing line as Australia reveals encryption laws

Reuters - Australia plans law for tech firms to hand over encrypted private data

Australian Legislation - The Assistance and Access Bill 2018

Bot begone

Speaking of rights, last week's discussion about what is and isn't free speech isn't getting old any time soon.

Twitter has yet to figure out quite what it's doing about polarising accounts that may or may not abide by the social media company's terms and conditions, but that hasn't stopped it ditching a whole bunch of robot accounts.

Many users have noticed the number of accounts that follow theirs has dropped sharply (this editor kissed goodbye to 85 such followers) but it's not a sudden chilling effect brought on by the communists in charge. No, it's a clean out of fake accounts that have been set up for various reasons.

Some are pretty benign - they beg you to click on a link to see some product or other that you might wish to purchase.

But others are more of a problem. Spouting fake news, lies, defamation and other indignities, or worse, offering you content that is illegal or contains viruses or other security breaching baddies just to keep you on your toes.

Twitter is also in the throes of working out just what it is and how it will operate and that's proving to be something of a problem for any third-party apps that connect with Twitter because the parent company is clamping down on how these apps connect with the mother ship.

The problem is, these apps generally offer the kinds of functionality that users want to see. Chronological ordering. Advanced search capability. The ability not to see the ads that Twitter believes are its lifeline.

That's lead to Twitter acting and instead of saying "these are all features users want, we shall embrace the user and build this features into our own offering" they've said "these are features users want but which we don't want to offer, we shall ban them" and that's pretty counterproductive.

Twitter is different from Facebook and Instagram and all the other social media platforms and there's a reason why that's a good thing. Making Twitter into Facebook Lite isn't going to work as a service because the users don't want Facebook Lite - they want Twitter.

The problem is that Twitter has no business model. Nobody will pay for ads if the users can avoid them and so Twitter feels obligated to force users to watch them. And we're not just talking "Buy Burma Shave" ads - those I would actively seek out - but rather paid, placed tweets that may or may not look like advertising.

Propaganda, in other words.

Users do not want this disruption to their timelines. They don't want to see materials from people they don't follow pushed on them. They do want to see tweets from those accounts they do follow and they want to see them in chronological order, but sadly that may not go on for much longer.

All of which is a crying shame because Twitter is incredibly useful, and is a source of great amusement to me. But if it goes, it goes and there will be something else I am sure.

Nothing is forever, whether it's a bot or a service, and life carried on for many years before the advent of social media - I'm sure we'll do just fine without it.

Washington Post - Twitter is sweeping out fake accounts like never before, putting user growth at risk

Twitter blog - Tweet updates

TechCrunch - Tweetbot loses several key features

ViaGoneGone

Alleged dirty rotten ticketing shysters, Switzerland-based Viagogo has been the bane of many people buying tickets online for some time.

The site has done a great job of securing the top spot in just about any search for tickets to shows and manages to lure in unwitting customers, many of whom subsequently complain of being fleeced, charged more for the tickets than the venue charges, added on hidden fees, not had GST or other duties disclosed until too late and often they allegedly don't even actually have the tickets it says it's selling you.

I've just gone online to buy tickets to see Bill Bailey next month and got suckered in by Viagogo's top spot listing, but thankfully my ESET firewall said "thou shalt not click" and stopped me from doing something stupid, like giving them money.

I'm not alone - the Commerce Commission has revealed it has received more complaints about Viagogo than any other company in New Zealand - even the telcos! And on top of that, it's also going to sue the publicity-shy company, and has launched proceedings in the High Court for breaches of the Fair Trading Act.

The company faces similar action in parts of Europe and even in Australia.

This is not a concerted effort to block Viagogo's right to say whatever it likes either, by the way. This too is not a free speech issue but is, rather, about not telling lies when you advertise products (or when you talk about vaccines or the Holocaust for that matter) and so yes, I'm all in favour of them being taken out and slapped around until they start to behave in a civilised manner.

Given they're based outside New Zealand, this is also going to be an interesting test case of the Commerce Commission's powers to regulate a company that is outside New Zealand but selling into our fair land.

Now if only we could get Ticketmaster to deliver a website that just let you buy tickets...

NZ Herald - Commerce Commission sues ticket reselling site Viagogo

NZ Herald - Bay of Plenty woman 'one of the lucky ones' to get $1700 refund for fake Adele tickets from Viagogo

Stuff - Viagogo heading to court, but Kiwi ticketing horrors continue

NZ Herald - Revealed: New Zealand's most complained about companies

While some are truly innovative, and can lead to huge improvements in technology and the lives of those who use them, some patents are clearly rather odd, pie in the sky, hopeful attempts to cash in on the work of others or even of half-baked dreams that seemingly occur during a fever.

And then there are others that really are quite alarming.

Google has its own share of patents on all manner of thing - it's latest is "A method and system for automating work pattern quantification" which seems pretty straightforward until you read that it will deliver "the process of quantifying work patterns and provides feedback on worker focus". That's right, the next Google app might tell your boss you're "slacking off".

Amazon has also famously been granted a patent over the "one-click" shopping experience, which surely must beg the question of what is patentable and what is simply a series of instructions (such as sheet music or software) and has also gone down the path of managing workers with its vibrating bracelet. Staff in the giant Amazon warehouses will be guided towards goods they need on a shelf via a bracelet that buzzes as the user moves the hand in the right direction, much like the kids game of "getting warmer". But as a byproduct it also lets management know when you're taking too long to get stuff done. No word yet on whether it will up the dosage and give you a bit of a slap if you're really playing hooky.

New Zealand has, thankfully, avoided the trap of software patents but these real-world contraptions are still on the books and may be coming to a warehouse, or computer, near you.

"You're an egg."

No, worse. "You're an egg and you smell funny."

OK, that's not so bad. Easily dismissed. But how about this?

"You lied on your resume, you're incompetent and you've been cheating on your significant other."

Well, now we're in a whole new world and that's not as easily waved away.

So what about this?

"You've broken the law, you've stolen money from your employer, you owe me money and you're a danger to society."

Well, at this point you're probably talking about defamation, certainly libel and slander and several other legal terms and it's time to call in the lawyers.

Free speech is not free, but nor is it what we've been discussing ad nauseum (and ad nauseasness) for the past couple of weeks.

A lot of people are confused about what free speech is. They seem to think anyone can say whatever they like and be given a platform to say it, and that there's nothing you or I can do because it's their right to say it.

That's untrue.

You are free to say whatever you like, about whatever you chose, but nobody has to host your content, nobody has to listen to it and if you tell lies and defame (that is, bring someone's character into disrepute without proof or legal fallback) then you can be sued.

It's not a "breach of your freedom of speech" to kick someone off your network for abuse of your terms and conditions. Far from it - those platforms that don't police their own T&C and don't police their own legal requirements are in for a world of pain, probably from the offices of Sue, Grabbit and Runne but also from the court of public opinion.

Yet for some reason this month we've seen nothing but chatter about what is and what is not free speech.

Locally it's been a confused issue, and it's not really part of the remit of this newsletter to get into whether Don Brash should have been turned away from Massey University or similar.

But internationally, this is critical in the tech world, because the world's publishing model has been totally overhauled in the last few years and now "new media" is in charge.

Facebook, Twitter, YouTube and all the rest are the new kings of all they survey, and they refuse to accept that they are in any way responsible for the content that is published on their platforms.

But if the publishers of content are the people that use these platforms, and mostly they're anonymous (even the ones who include their real names aren't verified generally speaking), then the model of libel we have in play today doesn't quite work.

And if these platforms want to continue making billions of dollars a day as they currently do then they need to ensure they have that social licence to continue to operate. But they claim they don't need to - they're totally agnostic and make no judgement on the content they provide.

This is patently and provably untrue. Germany, for instance, has a range of laws about content relating to Nazi memorabilia and all the social media platforms make sure to abide by those laws. China has laws relating to publication of a raft of various things (Air New Zealand has been hauled over the coals for referring to Taiwan as a country when clearly it's a breakaway republic and should be treated as such, or something) and the social media players either abide by them or they are not operating within China.

They can and do police their networks for content that will make operations difficult, when it suits them.

Many years ago I was given a blindingly insightful insight into the insightful world of sales. There is one rule for sales people - they are coin operated. Give them money and they'll do stuff. Take the money away and they'll stop doing stuff.

All companies are sales-based organisations and that's how they respond.

Forget the fine words and rhetoric - if they are able to make money by doing something, they will, right up to the point where they're either told it's illegal (and they wail and gnash their teeth and rend their garments) or they're fined for doing it (and then they tend to back off if the fines are of a certain proportion of their earnings).

Facebook, Twitter, YouTube and all the rest need to learn that they cannot continue to operate with any kind of social licence if they continue to use (or allow) content to be delivered via their platforms that break the law.

That's not a free speech issue. That's simply the way the law works.

It's high time we encouraged our governments to remember who's in charge of the way we live our lives. Hint: it's us.

This issue shouldn't be considered a tech issue, but it is. ICT has created a fabulous jewel in humanity's crown. A network of content that is so rich, and so powerful it has swept all other content before it. As important an innovation as the printing press, the internet has enabled anyone to be a publisher of content, anywhere, any time. This is the kind of power that has toppled empires and deposed dictators and rightly so. When the Soviet military staged a coup and tried to lock up Mikhail Gorbachev in 1991 it failed because the people had this new fangled technology called cellphones and they used them to get organised. Communication must be free and open, but it must also be truthful. As soon as fantasy masquerades as truth, it's no longer a question of freedom of speech but of defending the bastions of society.

The Verge - Apple crushed Alex Jones - then tossed him a lifeline

Vox - Apple banned Alex Jones's Infowars. Then the dominoes started to fall

The Mercury News - Twitter defends giving Alex Jones a platform

Engadget - Twitter doesn't have the spine to ban Alex Jones

Fast Company - Brand WTF of the Week: Twitter decides to help Alex Jones spread lies

Huffington Post - Alex Jones' Lawyer Seeks To Make Sandy Hook Parents' Home Addresses Public

NY Times - With Alex Jones, Facebook's worst demons abroad begin to come home

XKCD - Free Speech

Vote early, Vote often

Speaking of cartoons, this week XKCD has a lovely toon on the perils of online voting (see below).

We've canvassed this subject pretty fully at Techblog over the years and the camps are as ever fully entrenched in the "Sure, why can't we" and the "ZOMG no never do this" and never the twain shall meet.

Internationally there is a lot of discussion about the use of online voting, and given the level of interference in voting in the US (and potentially in the UK as well, among others) at both a social level but also apparently at a technical level, this is something we haven't seen the last of.

One US electorate is, however, pressing on and not content with just putting votes into the electronic realm, they're now looking at smartphone voting systems.

West Virginia is apparently looking to introduce legislation that would allow some citizens to vote via cellphone and comments range the full gamut from "ghastly" to "unthinkable".

While influencing voter choice is one thing (and we've covered that elsewhere) the idea of hacking in and changing votes is something else entirely and despite all the noise about Russian interference in the US election, there's scant evidence of that kind of interference taking place.

Before the 2016 election, the FBI did alert the public about possible attempts to hack state election offices after intruders hacked voter registration databases in Illinois and Arizona, but that's about as far as it goes. Hacking the actual vote count seems not to have taken place. Which is not to say what went on was a good thing, but it's not quite in the same league. And it's also not to say that such hacking hasn't been planned for the mid-term US elections or others.

Concern has also been raised about Russian investors buying into a company that looks after elections for Maryland - although the company is quick to point out the investors have no access to any of the voting machines directly. Tensions remain high over the issue, particularly as the US moves towards the mid-term elections later this year.

All told it's safe to say now is not a good time to be introducing novel, untested election processes unless you've got deep pockets to tackle the ensuing legal challenges.

XKCD - Voting software

Security Boulevard - That XKCD on voting machine software is wrong

Techdirt - Voting By Cell Phone Is A Terrible Idea, And West Virginia Is Probably The Last State That Should Try It Anyway

USA Today - Senate report: No evidence that Russians changed vote tallies in 2016

CNN - Could Russia hack California's elections? It would be hard, but not impossible

CNN - 2016 Presidential Campaign Hacking Fast Facts

The Baltimore Sun - Data firm says Russian investors had no access to Maryland's voting system

No CTO but

While the search for New Zealand's Next Top CTO goes on (might be time to pull the plug on this one chaps) there is light at the end of another government tunnel - the one that lures local companies into the tender process and gently throttles them.

For those who aren't familiar with the current way government agencies select vendors for work they need completing it appears to go something like this:

1. Develop long list of potential candidates.
2. Remove New Zealand companies from said list to create short list of US vendors.
3. Chose large US vendor, preferably one with three letters in its name.
4. Discover huge previously undeclared issues that will of course drive up the cost of the project.
5. Realise your contingency budget was spent on booze at the first all-hands meeting.
6. Decide to adopt an agile process and issue a new tender looking for a different solution to the original problem.
7. Go to step 1.

I jest, but having heard from a number of parties about the procurement process, this would seem to be part of the game that is played. The deck was stacked, goes the view, against smaller providers, against local providers and doubly so against smaller, local providers.

A new "digital procurement marketplace" has been tested and is set to go live shortly. It's about time too - this one (originally the "Cloud Marketplace") has been in the pipeline for literally years.

To begin with, the marketplace will provide government agencies with a smorgasbord of Cloud-based services from which to pick and choose. Eventually it will include other products and services, but it's ready to go with the basics and that's as good a launch as any.

Minister of all-things tech related, Clare Curran, says the new model should create a step-change in the way government agencies do business.

"It will dramatically reduce barriers for suppliers engaging with government - and make procurement easier for agencies."

Perhaps they need to tender for a new CTO and see what they can find in the new marketplace?

Reseller News - Government ICT marketplace poised for go-live with cloud catalogue

Stuff - Bigger slice of $3b government ICT spend could go to small, young firms

Several matters have been referred to other UK authorities for further investigation, including hacking, bribery, possible money laundering, the company's involvement in the murder of an investigative journalist and its involvement with inciting racial hatred in Burma.

The report also points the finger at Cambridge Analytica's involvement in the UK's Brexit vote, as well as the US presidential election, not to mention the company's owners' alleged bribery of a politician in the Caribbean island nation of St Kitts.

The report also recommends sweeping changes to the way tech companies are treated in the UK including new auditing powers, sweeping reforms of "targetted" political advertising, tighter liability regulations, a new category for tech companies like Facebook which redefines social media operators that claim to be neither "platform" or "publisher".

While Facebook's role in New Zealand's political scene has been viewed as far more benign, the platform (or publisher) is New Zealand's most popular social media platform, with 80% of respondents to a Nielsen New Zealand study saying they engage with Facebook at some point in the past four weeks. Instagram, a Facebook entity, comes in at number three just behind YouTube.

Meanwhile, Facebook has apparently continued to decline to front up to the parliamentary committee, and continues to assert it did nothing wrong, despite the report's findings.

Facebook's shaes, which were as high as $US217 a share are now trading at $US177 each, and will possibly have more of an impact on Facebook's management of the situation than anything the UK parliament can throw at the company.

Pop quiz: You open up your laptop and discover all your files are encrypted and a mysterious message says you're not getting your data back unless you give someone $5000 via an anonymised service. You quickly check all the other computers at work and they're in the same boat. What do you?

What do you do?!

Well the simple answer is: NOT pay the ransom but that doesn't appear to always be the flavour of the month.

A Taranaki school has been hit hard by a ransomware attack - sadly, some of the students' work is caught up and so is some of the teachers' assessment work.

The pressure must surely be on to retrieve the data that is lost but sadly there is one thing you can guarantee about any data that is unscrambled - you don't know what's happened to it since last you saw it.

Sure, on the one hand it could be simply encrypted and then decrypted when you've paid up. Yes, that is entirely possible.

But it's also possible that a secret payload has been added, something that tracks your keystrokes and reports back to base. Or something that collects your contacts and addresses and sends them similar ransom attack packages as the one you got. Or it could be that in a year's time the system will lock you out again and they'll demand $50,000 this time.

Never pay the ransom.

Instead, you're better off putting the money towards a time machine, travelling back in time to an era before you got hit and making sure you've backed up all your data to a secure off-device location.

And since I am from the future, I can tell you I'm here to remind you all to do that at once. Right now. Don't wait - off you go.

Because the only way to defeat a ransomware attack is to say "meh, I don't care", wipe the machines and start over. It's the only way to be sure.

Questions will be asked about how a school can be hacked in such a way - questions that will need good answers - but for now, Hawera High School is our Cautionary Tale of the week.

Stuff - Schools promised better protection from ransomware as Taranaki school falls victim

Techblog - Schools doubling down on data

Techblog - Road Transport Forum pays ransomware, warns others

Game. Developing

It's great to see New Zealand developing a new string to our economic bow. Not just because of the impending meatpocalypse - the day when the bulk of protein consumers decide the nu-meat tastes just as good, costs a fraction and doesn't need massive paddocks of cows to deliver it - but because we really are quite good at this digital thing and we totally should do more of it.

Now we have the pipes to connect to the world, it's high time we used them to deliver local products and services to market, and so it is great to see the interactive game market surge towards the half billion dollar mark. Game developers earned $143 million - up 43% year on year - in the financial year ended March 31, according to an independent survey by the New Zealand Game Developers Association. Exports made up a whopping 93% of the total sales, which is as it should be.

As an employer, games are lucrative as well. We employ 550 people, up 10% on last year, and that figure is set to grow.

This is tremendously exciting because if there's any area that will attract kids into the profession it's not going to be accounting software, or point of sale solutions, or supply chain management, it's going to be gaming. Sure, many will then veer off into other areas, but gaming will draw them in and set them up.

And having just finished Call of Duty World: War II I can safely say the game industry needs all the help it can get.

NBR - NZ gaming industry revenue up 43% on last year

Techblog - The Flourishing Tech Sector - #itx2018

Looks like a trombone but sounds like a tuba

And finally, a tech story that always makes me smile.

Whistleblowers. Yes, those eager folk who come out of the woodwork to expose nefarious dealings and underhand practices that should be shown the door.

Where would we be without people within organisations who are willing to stand up and air their dirty linen in public?

Well, we probably wouldn't have had Watergate, the Iran-Contra deal or any of the other "-gate" exposés of recent times. Locally, Whale Oil would still be considered a viable source of information and we'd be no closer to knowing what actually happened with our troops in Afghanistan.

But ensuring a whistleblower blows the whistle to the right people and doesn't get caught has often been a difficult business. Typically they tend to go to the media because a: more bang for your buck and b: more likely to retain your anonymity.

But that doesn't necessarily present the best outcome, so how to encourage good behaviour from someone who is trying to stay secret while doing the right thing?

The Commerce Commission has decided to launch an online tool for whistleblowers so they can report cartel activity (think smoky backroom deals conducted in the dead of night, much like the Telco Carriers Forum but without legal protection) without getting spotted.

Nice one, ComCom. Now to see if it lives up to expectation and whether anyone can ask for the information under the Official Information Act.

Commerce Commission - How to blow the whistle 

Data centres. Big fat juicy data centres, serving up the world's content, from right here in New Zealand.

You need a few things to make that a reality. You need cheap and relatively green electricity. You need cheap real estate. You need a stable democracy that won't suddenly go "you know what, we're going to read all of your content and cut you off from the internet". You need cool weather so you don't have to chill all those racks. You need a tech savvy population in order to service said data centres, and you need cheap and diverse lines of communication out to the world.

As of this week, New Zealand has all of that. Our electricity is mostly produced by hydro schemes. Our land is cheap by Californian standards. Our democracy isn't likely to produce a toxic avenger any time soon (no, seriously now) and we are irreducibly pluvial, so we're unlikely to need a lot of power for cooling. We can swap out a hard drive with the best of them and we now have the Southern Cross Cable network, the Tasman Global Access network and now Hawaiki Cable connecting us with North America.

Sadly, we are far too late to establish New Zealand as a home for any of this because if any content provider was setting up in this part of the world they've already done so and they're in Sydney.

Sydney sucks, insofar as a data hub goes. It's hot, it's costly and it's not terribly central, but unless we invent time travel and go back several years and get Pacific Fibre off the ground, we're pretty much stuck.

Still, it's nice to see connectivity finally arrive on our shores because while we might not be the chosen host for content for the region (which wouldn't have provided that many jobs directly) we now have the internal infrastructure and the external connectivity to deliver something the world really does want: solid technology delivered sustainably and at a cost effective price.

Now to nurture that tech industry to deliver on the promise.

Techblog - Hawaiki goes live - brings diversity and capacity to market

Techblog - OECD broadband stats - how NZ compares

NZ Herald - Hawaiki Submarine Cable begins commercial operations

Stuff - $445m NZ internet cable opens for traffic

Not Invented Here syndrome need not apply

Speaking of inventiveness, I've spent a few days this week helping to judge the local end of the James Dyson Award for 2018.

Dyson, for those who don't know, invented a new way to build a vacuum cleaner and was rejected by a whole bunch of fools who didn't see that his new device was going to sweep (arf arf) all before it. So he built his own company and changed the market entirely.

From there he went on to build a multinational company that is taking innovation and new ways to do old things like vacuuming or cooling, or drying, to the world.

Along the way James decided to host a series of innovation awards, to encourage inventors and inventiveness. Open to students and recent graduates, applicants have to identify a problem and go about solving it.

This, it seems, is harder than you would think, but the end results are quite awesome.

Past winners have designed sustainable fishing nets, clothes that expand as the child grows, extremely fast and cheap ways to identify melanomas, disposable bicycle helmets made out of paper for those bike rental operations and an inflatable portable incubator for use in refugee camps, among dozens of others.

I've promised not to reveal my favourites or talk about the Kiwi entries from this year so you'll just have to go and have a look yourselves, but past finalists include a vein-finding device to help patients and nurses draw blood without too much anguish; a concussion management system that provides real time data about head injuries; an electronic log drum that really must be seen to be believed (trust me, it's astonishingly cool); a prosthetic limb for swimmers that allows them to walk to the pool under their own steam and then fold down the flipper for swimming activity, and so much more.

The finalists get passed up to the international judging panel where they'll compete against entries from more than 20 countries and go on to compete for international honours. Having seen what this year's crop have done, I have high hopes for them and even if they don't get the top spot I am sure we'll see more than one or two of them in market under their own steam in the years ahead.

The finalists are announced later in the year so stay tuned.

James Dyson Award 2018 - Dyson Award (click on the flag to change countries, or use the filters if you want to see past winners from around the world)

NZ Herald - Award yourself an opportunity

Idealog - Paul Brislen on why design and innovation are crucial to New Zealand's future success (sorry about the headline)

Phar Lap, Pavlova and proper record keeping

Australia might be the chosen country but I wouldn't chose it to produce a coherent digital plan, just quietly.

The country is in turmoil (that is, the twitter communities of Australia that I follow are in turmoil) following the hamfisted launch of the health data initiative that is supposed to provide a digital platform for all Australians to use for their medical records.

To say they haven't full appreciated the need for simplicity, security, privacy and several other key factors (not least of which is accessibility) is an understatement, and the peasants are revolting.

This is a shame because digital medical records are essential if we're to continue being a migratory species that moves around a lot.

As it stands, if you move overseas even getting the apps on your devices to work properly is going to be difficult as both Apple and Google have struggled with people who move from one copyright region (formerly known as "country") to another.

But medical records are in a league of their own. Being able to supply a new medical practitioner with detailed medical notes is essential for ongoing healthcare and unfortunately this news out of Australia is likely to simply fuel the "not on my watch" brigade who already think we should all go back to reading books and watching the telly.

We have to get these things right and in a fit of tying all three of these stories together might I just say we apply some Kiwi inventiveness, our problem solving and our rational thought to the problems and perhaps become a home for data that's just too important to stuff up?

Techblog - Fallout from health IT projects continues

The Guardian - Parliamentary library deletes post confirming police can access My Health Record

NZ Doctor - Australia: What could a My Health Record data breach look like?

ABC - My Health Record undermines teens' right to medical privacy, critics fear

Australian health minister Greg Hunt says he expects up to 10% of eligible patients to opt out of the MyHealth Record programme, following widespread concerns about privacy issues. 

It's not only patients who are concerned - doctors and health care practitioners are expressing concern over possible interference in the doctor-patient relationship, and privacy advocates are pointing out that the rules governing the programme seemingly allow police to access medical records without needing a warrant or other court order.

MyHealth Records is a patient record system that has been in place for six years, but which will automatically generate records for every Australian unless they opt out by 15 October. Several social media campaigns are underway warning Australians to check their records for accuracy after mistakes have been revealed in records. Patient records in the system cannot be deleted for 30 years.

Vision Australia, an advocacy group for visually impaired Australians, has warned its members to opt out as the service doesn't appear to meet a number of vision accessibility requirements, making it impossible for its users to verify data or to make use of the service.

The Australian government has also come under fire from the UN for its privacy rules during a panel discussion at an Australian Human Rights Commission's technology conference in Sydney. The UN Special Rapporteur on the rights to privacy Professor Joseph Cannataci suggested Australia needed to beef up its domestic privacy laws before it tells other nations how to run their own country.

CIO Magazine quotes Cannataci saying, "In order to be able to set an example on the international front you can no longer be in a position where Australia [is] without a bill of rights, without remedies for privacy on the domestic front, without a whole range of safeguards which exist in other places," something he says the Australian Law Reform Commission has also recommended. However, the Australian government rejected such suggestions.

Meanwhile, Singapore's largest health care provider, SingHealth, is reeling following the discovery of a data breach which may affect as many as one quarter of Singaporeans. 

SingHealth reports that "non-medical personal data of 1.5 million patients" had been "accessed and copied", including their national identification number, address, and date of birth.

Lots going on in the telco land this week. First off, the Commerce Commission has reasserted its rights to oversee roaming into the future.

Roaming - the ability to acquire regulated access on to a competitor's equipment - is the cornerstone of a competitive market and without a strong co-location and roaming agreement, 2degrees wouldn't have been able to launch a national network in New Zealand.

There was plenty of opposition to the idea in the early days (some going so far as to describe roaming as a form of government mandated theft of private property) but since 2degrees launched the market has gone from competitive strength to strength, so it's important that the Commission retains the right to intervene to ensure a fair market for all as we move into a 5G world.

And if you need evidence of the need for regulated pricing in this area look no further than the current agreement between Vodafone and 2degrees which is described by the Commission as containing "anti-competitive clauses" that would allow Vodafone to invoke sanctions against 2degrees if the Commerce Commission started an investigation into the roaming regime.

Ah, no. Bad.

So that's good.

But on top of that we also have Hawaiki Cable finally bringing true competition to the international leg of our internet connection.

This is tremendous news because for far too long New Zealand has been reliant on one provider - Southern Cross Cables.

SCC is partly owned by Spark, which also has a hand in the trans-Tasman cable (Tasman Global) built by Spark, Vodafone and Telstra, meaning we have a lack of commercial opportunity in the international space. Hawaiki will keep both SCC and the Tasman Global honest.

High time to brush off my plans for world domination and mega-data centres in the South Island.

Finally Vodafone has joined the Unlimited brigade with a new mobile plan that offers unlimited calls and TXTs but also unlimited data.

Well sort of.

Unlimited is of course a very broad term and all these unlimited data plans have asterisks by them because of course there are limits.

The first is the most painful - no tethering of devices. So you can use your mobile data plan on your phone but not your laptop or tablet.

That seems like a limit to me, and I'm sure the Commerce Commission is going to take a look at just what's going on with an unlimited plan that is limited in terms of use.

But that peskiness aside, it's very interesting to see all three mobile operators now offering unlimited plans for around the $70/month mark. This is the start of the commoditization of mobile connectivity and the next step is of course the price war to win customers followed by the inevitable slide from being a full-service operator to being a dumb pipe. As a customer who just wants connectivity and isn't at all interested in the bells and whistles and marketing hype that goes with it, this is a good thing. If you're an investor in telco stocks and expect dramatic returns each year, you might need to reassess your portfolio.

TechBlog - ComCom keeps its eye on mobile roaming

NBR - Vodafone's unlimited mobile plan, like those of its rivals, has plenty of limits

NBR - Broadband barney: three universities terminate REANNZ contracts

The Spin Off - The new Hawaiki cable is doing what Sam Morgan and Peter Thiel could not

NBR - ComCom files charges against Spark for alleged over-billing, misleading customers

Bill Bennett - Potential entrant means ComCom wants to keep roaming power

Privacy

The Privacy Commissioner has been in to see the select committee about changes to the Privacy Bill and is confident he's been heard. This despite one MP musing out loud about "well if we have changes to the bill perhaps we should just send it back to be re-written" which would take at least a year and gets a firm NO from this reporter.

Part of the select committee's role is to make suggestions to improve the bill so let's just do that, eh?

It's timely we consider the Bill because Facebook and Cambridge Analytica have just been served with the first fines handed down in the UK over breaches to the Data Protection Act. The companies have been hit with the maximum penalty (£500,000 each) which Facebook will pay out of the petty cash drawer without losing its stride. It takes Facebook roughly *THIS* long to make that much money and the company won't lose any sleep over it. I suspect it's already paid its legal advisors at least that much so the actual fine isn't a problem.

That's set to change if the company (or any company) does something similar in the future because the EU's new General Data Protection Regulation (GDPR) sets the fines at either €20m or 4% of the company's global turnover. In Facebook's case, that would deliver a fine of £1.4bn which might make even the mighty Facebook sit up and take notice.

Data protection is going to be critical to the future development of our digital age. If we can't trust our agencies with our data at this level, nobody is going to be too happy about health records, bank records, insurance records, or indeed anything at all. Failure to protect user data devalues the entire digital ecosystem and that's not good for any of us.

NBR - Privacy Commissioner confident of winning greater powers

The Guardian - Facebook fined for data breaches in Cambridge Analytica scandal

Piracy

Arrrr, the high seas, the adventure, the cannonballs.

Oh, sorry. Wrong kind of pirates.

No, these days of course we mean copyright pirates and those ratbags who download content without paying for it.

Sky TV has been pursuing a Christchurch couple through the courts for selling "Kodi TV" boxes (basically a set-top box that let users circumvent Sky's legal rights to certain copyright materials. The District Court has ruled that yes, Fibre TV's sale of these set-top boxes is a breach of both copyright and the Fair Trading Act and sales of the boxes should halt immediately.

For Sky this is a victory, albeit a minor one, in the battle against piracy. The company has released the results of an online survey of 1009 New Zealand adults which suggests 29% of respondents are "regular" pirates (that is, people who stream, download, use VPNs or other piratical devices at all in a six-month period) and that up to 10% of users would "normally" stream content from a piracy website.

Putting aside the definitions for a moment (they would appear to be a little odd), the survey says 18% regularly stream pirated movies or TV, 14% regularly download pirated movies or TV, 8% regularly stream pirated live sports and only 3% regularly use some form of set-top box to watch pirated content.

Given how many paid services there are these days, this is far too high to be acceptable.

My opposition to "making your customers into criminals" is based largely on the business model that we are fast leaving behind. Until Netflix and Quickflix burst on our scene, New Zealanders were told they wouldn't be getting content delivered online any time soon and they should just sign up for a Pay-TV service.

At that point, running online marketing promoting content that wouldn't be available for months if at all was a ghastly way of upsetting customers and basically driving them to piracy.

Today, the world of content is almost completely different (sport notwithstanding and even there we're starting to see changes with Spark winning rights to rugby in a limited form). There is little excuse for piracy when a subscription to Amazon Prime can be had for less than the price of a coffee each month (for a limited time, obviously).

Piracy served a role in encouraging the content owners to realise they couldn't and shouldn't tightly control access via traditional channels, and that the market was ready for high speed, high quality content delivered online. But now we have those services, it's vital we support them.

NBR - Sky TV wins ruling over Christchurch Kodi box sellers

Stuff - Court ruling says Kodi boxes that cache copyright-infringing material are illegal

The user (@s7nsins, whose screen name is Flash Gordon) has published excerpts from the subpoena on his or her account, and regularly tweets about data breaches and security issues with unprotected servers. Judging by the account, the user is active in the security space and was partly responsible for uncovering nearly a million US patient records backed-up without security controls to an Amazon Web Services account.

The subpoena requires Twitter hand over the account information for @s7nsins including address, phone numbers and email addresses associated with the account, and any credit card information associated with the account. The user was understandably shocked by this, and approached his local police station, who told him or her it was probably a hoax and to ignore it.

Twitter revelled the existence of the subpoena to the user as per its policy. The user is now seeking legal support to challenge the request.

No explanation was given for the subpoena's issuance, and approaches by media to the DHS spokespeople were rebuffed.