How silent signals from your phone could be recording and tracking you

How silent signals from your phone could be recording and tracking you

 

File 20180423 94149 i384la.jpg?ixlib=rb 1.1
Advertisers may track a customer’s shopping preferences within a shopping centre by using ultrasonic beacons emitted from their mobile phones.
Mai Lam/The Conversation NY-BD-CC, CC BY-SA

 

Richard Matthews, University of Adelaide

My lounge room is bugged. My phone is broadcasting an ultrasonic signal to my blu-ray player via an acoustic side channel beyond human hearing.

The channel networks the two devices, similar to how a dial-up connection used to get our computers online before the days of the NBN. The same technology is behind Google’s Nearby API through their Eddystone protocol, and is the basis of products sold by the startup Lisnr. It’s also the reason more and more apps are requesting access permissions to your microphone.




Read more:
Can sound be used as a weapon? 4 questions answered


Aside from networking, companies use ultrasonic signals (or beacons) to gather information about users. That could include monitoring television viewing and web browsing habits, tracking users across multiple devices, or determining a shopper’s precise location within a store.

They use this information to send alerts that are relevant to your surroundings – such as a welcome message when you enter a museum or letting you know about a sale when you pass by a particular store.

But since this technology records sound – even if temporarily – it could constitute a breach of privacy. An analysis of various Australian regulations covering listening devices and surveillance reveals a legal grey area in relation to ultrasonic beacons.

How does ultrasonic data transfer work?

Google Nearby enables Android phone users who are in close proximity to each other to connect their devices and share data, such as documents or media. Google says:

To share and collaborate in apps, Nearby uses Bluetooth, Wi-Fi, and inaudible sound to detect devices around your device. (Some people can hear a short buzz.)

These inaudible sounds are ultrasonic beacons transmitting data that is then picked up by your phone.

To demonstrate this technology, I recorded such a beacon being broadcast in my lounge room while watching Netflix. In the below image you can see the audio ends around the 15kHz mark with the ultrasonic beacon beginning at 20kHz, the point at which average human hearing ends.

 


Audio capture demonstrating the different frequencies over a 71 second period while watching Netflix. The ultrasonic beacon is apparent in the right hand side of the waterfall diagram.

 

 

Since these ultrasonic sounds are the only relevant section of the data signal, it is necessary to remove the lower frequency audible signals (such as speech) that are also captured. This is done by using a high-pass filter. A high-pass filter extracts high frequencies to remain in the data and eliminates the lower frequencies.

This means, in theory, that while the device could be recording sound, it isn’t keeping the parts of the recording that might include conversation.

Different filters process signals in different ways. While filters constructed from basic electrical components do not require any storage of the signal, digital software filters require the signal to be stored temporarily.

Is this kind of recording legal?

In South Australia, where I am based, a listening device is precisely defined as:

a device capable of being used to listen to or record a private conversation or words spoken to or by any person in private conversation (…) but does not include a device being used to assist a person with impaired hearing to hear sounds ordinarily audible to the human ear.

There is no exemption provided for recording sounds and then removing the audible portion.

It is generally unlawful “to overhear, record, monitor or listen to a private conversation” unless you have the express permission of all parties involved. Since audio is being recorded using a standard microphone in the course of an ultrasonic data transfer, the full audio spectrum – including any conversation occurring – is being sampled at the same time.




Read more:
Your mobile phone can give away your location, even if you tell it not to


The type of filter used is therefore critical. If a digital filter is being used to extract the ultrasonic data, the temporary storage of the full audio spectrum could be considered a recording. And that requires consent.

Google gives users the chance to opt-out the first time notifications are made using the Nearby service. However, this could only be construed as consent for the phone owner, not all parties to a possible conversation being recorded in private. Also, by the time the notification happens, the recording has already occurred.

 


Google’s FAQ explaining the opt-out process for the Nearby API.

 

 

What about location tracking?

Advertisers can use ultrasonic signals that speak to your mobile phone to establish where you are within a store. They can also correlate this data with other advertising metadata easily obtained from cookies to track your broader movements.

This further complicates matters regarding their legality.

In South Australia, a tracking device is explicitly defined as:

a device capable of being used to determine the geographical location of a person, vehicle or thing and any associated equipment.

Since it is generally illegal to track someone without their consent – implied or otherwise – if an advertiser is using an app combined with an ultrasonic beacon to track you and you are unaware that they are doing so, they could be breaking the law.

Google says the Nearby protocol is battery-intensive due to the use of Bluetooth and wifi. As such “the user must provide consent for Nearby to utilise the required device resources”. It says nothing about the legality of needing permission to record sound or track users.

Google does warn that the Nearby service is a one-way communication channel with your phone never communicating directly to a Nearby service on its online support page.

But since users are required to opt-out of the service, it’s hard to argue that they have given informed consent.

 


Google explains that the Nearby devices do not connect directly as Lisnr technology does, however, nothing is specified about what happens to data from your phone to Google or other third-party servers.

 

 

What can I to protect my privacy?

Users need to be aware of the potential to be tracked from ultrasonic beacons such as Google’s Nearby service.

Since this is a built-in feature of Google’s Pixel phone and other Android phones, users need to have informed consent regarding the Nearby service and the dangers of revealing data about themselves. Merely blocking app permissions which request to use your phone’s microphone will not be enough.




Read more:
7 in 10 smartphone apps share your data with third-party services


One research group has released a patch that proposes to modify the permission request on phones requiring apps to state when they want access to your microphone to track inaudible signals individually. This doesn’t solve the built-in problem of Google’s API though.

Google and other mobile phone companies should do more to ensure they are adequately gaining informed consent from users to ensure they do not fall foul of the law.


The ConversationThanks to reader feedback we’ve updated this article at the author’s request to remove references to Apple’s iBeacon, which does not use an acoustic side channel for data transfer.

Richard Matthews, PhD Candidate, University of Adelaide

This article was originally published on The Conversation. Read the original article.

Posted in Uncategorized | Leave a comment

DNA facial prediction could make protecting your privacy more difficult

DNA facial prediction could make protecting your privacy more difficult

 

File 20180416 540 1s9cc4l.jpg?ixlib=rb 1.1

The science of DNA facial reconstruction is advancing rapidly.
Composite from Parabon and PNAS

 

Caitlin Curtis, The University of Queensland and James Hereward, The University of Queensland

Technologies for amplifying, sequencing and matching DNA have created new opportunities in genomic science. In this series When DNA Talks we look at the ethical and social implications.


Everywhere we go we leave behind bits of DNA.

We can already use this DNA to predict some traits, such as eye, skin and hair colour. Soon it may be possible to accurately reconstruct your whole face from these traces.

This is the world of “DNA phenotyping” – reconstructing physical features from genetic data. Research studies and companies like 23andMe sometimes share genetic data that has been “anonymised” by removing names. But can we ensure its privacy if we can predict the face of its owner?

Here’s where the science is now, and where it could go in the future.




Read more:
Is your genome really your own? The public and forensic value of DNA


Predicting hair, eye and skin colour

DNA phenotyping has been an active area of research by academics for several years now. Forensic biology researchers Manfred Kayser and Susan Walsh, among others, have pioneered several DNA phenotyping methods for forensics.

In 2010, they developed the IrisPlex system, which uses six DNA markers to determine whether someone has blue or brown eyes. In 2012, additional markers were included to predict hair colour. Last year the group added skin colour. These tests have been made available via a website and anyone who has access to their genetic data can try it out.

Trait predictions are being used to address a number of questions. Recently, for example, they were used to suggest that the “Cheddar Man” (the UK’s oldest complete human skeleton) may have had dark or dark to black skin and blue/green eyes. The predictive models are mostly built on modern European populations, so caution may be required when applying the tests to other (especially ancient) populations.

The full picture

Research on DNA phenotyping has advanced rapidly in the last year with the application of machine learning approaches, but the extent of our current capabilities is still hotly debated.

Last year, researchers from American geneticist Craig Venter’s company Human Longevity, made detailed measurements of the physical attributes of around 1,000 people. Whole genomes (our complete genetic code) were sequenced and the data combined to make models that predict 3D facial structure, voice, biological age, height, weight, body mass index, eye colour and skin colour.




Read more:
How cops used a public genealogy database in the Golden State Killer case


The study received strong backlash from a number of prominent scientists, including Yaniv Erlich, aka the “genome hacker”. The study seemed to predict average faces based on sex and ancestry, rather than specific faces of individuals. The method of judging the predictions on small ethnically mixed cohorts was also criticised.

Even with accurate facial predictions, Erlich noted that for this approach to identify someone in the real world:

an adversary … would have to create [a] population scale database that includes height, face morphology, digital voice signatures and demographic data of every person they want to identify.

Because without a detailed biometric database you can’t get from the physical predictions to a name.

A database to match?

It turns out that the Australian government is in the process of building such a database. “The Capability” is a proposed biometric and facial recognition system that will match CCTV footage to information from passports and driving licences. Initially billed as a counter-terrorism measure, there are already reports the service may be provided for a fee to corporations.

At the same time, the Australian Tax Office has just initiated a voice recognition service. It’s easy to imagine how this kind of system could be integrated with “The Capability”.

And it’s not only Australia establishing the capability to become a biometric, face-recognising surveillance state. India is deploying the Aadhar system, and China leads the world in facial recognition.

 

The Australian Government is building a facial recognition system called The Capability that will match CCTV footage to information from passports and driving licences.
Queensland Government

 

DNA mugshots

At present, most forensic DNA profiling techniques rely on “anonymous” markers that match identity to a database, but reveal little else about a suspect. With advances in genomic technology, forensic genetics is moving toward tests that can tell us much more about someone.

There are a number of companies that offer DNA phenotyping services for a fee. One company, Parabon NanoLabs, claims to be able to accurately predict the physical appearance of an unknown person from DNA. Police forces already use their services, including the Queensland police in a recent case of a serial rapist on the Gold Coast.

The Parabon system is also based on a predictive model. This was developed by applying machine learning tools to their genetic/trait reference database. The company predicts skin colour, eye colour, hair colour, freckles, ancestry, and face shape from a DNA sample. These predictions, the confidence around them, and a reconstruction made by a forensic artist are used to make a “Snapshot” profile.




Read more:
New cryptocurrencies could let you control and sell access to your DNA data


There is scepticism about the capabilities of Parabon. It is difficult to assess Parabon’s system because the computer code is not open, and the methodology has not been published with peer-review scrutiny.

As with any type of DNA evidence, there is a risk of miscarriages of justice, especially if the evidence is used in isolation. The utility of DNA phenotyping at this point may be more in its exclusionary power than its predictive power. Parabon does state that Snapshot predictions are intended to be used in conjunction with other investigative information to narrow the list of possible suspects.

Where will this all end up?

We only need to look at identical twins to see how much of our face is in our DNA. The question is how many of the connections between DNA and our physical features will we be able to unlock in the future, and how long will it take us to get there?

Some features are relatively easy to predict. For instance, eye colour can be inferred from relatively few genetic variants. Other traits will be more complicated because they are “polygenic”, meaning that many gene variants work together to produce the feature.

A recent study of hair colour genetics, for example, examined 300,000 people with European ancestry. They found 110 new genetic markers linked to hair colour, but the prediction of some colours (black or red) is more reliable than others (blonde and brown).

 

Twins can show us how much of our face is in our DNA.
Clard/Pixabay

 

The way that DNA codes our physical features might be different in people from different ancestral groups. Currently, our ability to predict modern Europeans will be better than other groups – because our genetic databases are dominated by subjects with European ancestry.

As we employ increasingly sophisticated machine learning approaches on bigger (and more ethnically representative) databases, our ability to predict appearance from DNA is likely to improve dramatically.

Parabon’s services come with a disclaimer that the reconstructions should not be used with facial recognition systems. The integration of these technologies is not impossible in the future, however, and raises questions about scope creep.

What does this mean for genetic privacy?

Despite the controversy around what we can do now, the science of DNA phenotyping is only going to get better.

What the rapidly developing field of DNA phenotyping shows us is how much personal information is in our genetic data. If you can reconstruct a mugshot from genetic data, then removing the owner’s name won’t prevent re-identification.

Protecting the privacy of our genetic data in the future may mean that we have to come up with innovative ways of masking it – for example genome cloaking, genome spiking, or encryption and blockchain-based platforms.

The ConversationThe more we understand about our genetic code the more difficult it will become to protect the privacy of our genetic data.

Caitlin Curtis, Research fellow, Centre for Policy Futures (Genomics), The University of Queensland and James Hereward, Research fellow, The University of Queensland

This article was originally published on The Conversation. Read the original article.

Posted in Uncategorized | Leave a comment

Can your boss sue you for fighting for proper wages?

Explainer: Can your boss sue you for fighting for proper wages?

CHARLIE LEWIS / Wednesday, May 2, 2018

cafe public holiday

Melbourne cafe made headlines last week for alleged underpayment of staff and threats to sue. It may be common in hospitality, but what laws are at play here?

Last week a Melbourne cafe, Barry, joined the long long list of employers under fire for accusations of underpayment.

To recap: it was revealed that employees at Barry were underpaid by around $5/hour and didn’t receive any penalty rates. A picture of the, shall we say, spartan contract circulated which detailed the agreement:

barry cafe

The employees who came forward now claim they have had their shifts indefinitely cut, and after protests followed, the cafe owners have reportedly threatened to sue their workers for harassment. The circumstances are not unique — as a glance at the Fair Work Ombudmsan media releases will tell you — but for workers, Barry is a particularly useful box-checking exercise, for figuring out your rights at work.

Can I sign away my minimum wage?

Nope. Under the Fair Work Act any agreement to conditions below those set in the National Employment Standards or the applicable award has no effect.

A workforce (usually with the help of a union) can negotiate a collective agreement that varies those conditions but it must be assessed and registered with the Fair Work Commission, who assess it against the relevant conditions and makes sure the affected employees are not worse off. Although, the last few years has shown this system to be far from foolproof.

Can I get paid in food?

Nope. You can’t be paid “in-kind” — not in goods, services, lodgings, food, nor fawning or flattery. It has to be those real-life dollarydoos, that hardcore scratch, that real-time moolah.

Can I get fired, or lose shifts if I ark up about my pay?

Nope! The Act sets out certain protected workplace rights and you can’t be disadvantaged if you exercise them. They are wide and varied (taking in freedom of association, freedom from discrimination) but they include “the capacity under a workplace law to make a complaint or inquiry”.

Thus Barry staff have the right to enforce their minimum conditions without suffering what the Act calls adverse action — for example losing shifts, or being fired, or being coerced with the threat of legal action. Like a lot of employment law, it’s great in theory, but hard to prove; how can you illustrate what was in your employer’s heart when they cut back your shifts?

But can they sue you?

Harrassment, the word used in Barry’s email to their staff, is like bullying — there is a colloquial understanding that doesn’t necessary reach the legal definition. Whether this is a clumsy misuse or not, as it happens there is currently no Commonwealth harassment act, nor an established civil cause of action for harassment established by the courts. That a harasser has trespassed, or committed assault or nuisance has to be established.

The email says the “harassment” is hurting and devaluing the business — however as a company, Barry cannot sue for defamation.

Original article found HERE at SmartCompany.com.au

Posted in Uncategorized | Leave a comment

Melbourne business ordered to pay worker $20,000 for firing her after she resigned

Melbourne business ordered to pay worker $20,000 for firing her after she resigned

EMMA KOEHN / Thursday, May 3, 2018

nails manicure

A former nail technician at a Melbourne beauty salon has won $20,000 in compensation after her employer tried to fire her two hours after she handed in her resignation, which she says she was forced to submit because she was being bullied for chasing unpaid wages.

The staff member at Solene Paris Beauty, a salon in Melbourne’s Stud Park Shopping Centre, brought unfair dismissal proceedings against the business after her employment ended in March 2017.

She said she had resigned on March 22 after being “bullied” by the business for raising concerns about her wages. The Fair Work Commission accepted this and recognised that she had contacted the Australian Taxation Office (ATO) and Fair Work Ombudsman (FWO) to attempt to recover $7000 in superannuation payments and $17,000 in backpay from the business.

Two hours after the worker tended her resignation, the business sent her an email saying she was actually being fired. The employer claimed she had backdated a medical certificate to cover a work absence and this caused her dismissal because it amounted to a “fraudulent offence”.

However, the staff member rejected that suggestion that she had changed any medical certificates and the Commission found the business produced limited evidence to prove this had ever occurred.

In deciding the case, Fair Work Commissioner Michelle Bissett found the business had given no solid reason or procedural fairness by writing the worker a dismissal letter. She instead found that the company had opened itself up to unfair dismissal proceedings by firing the worker after she had resigned.

The Commission accepted the worker had resigned but said the employer’s decision to send a dismissal note after that happened rendered the resignation invalid, meaning the employee had a right to launch an unfair dismissal claim.

Finding the dismissal was harsh and unjust, the Commission ordered the business to pay the former worker $19,206 plus 9.5% superannuation.

Staff member resigned? Document everything

This case highlights that no matter the reasons for a staff member’s resignation, a business should never counter a resignation with a dismissal letter, says director of Workplace Law, Shane Koelmeyer.

“This kind of thing is very rare — but once you go down the path of termination, you are opening yourself up to unfair dismissal proceedings. If you get an employee who resigns, you should just grab it and go, ‘okay’,” he says.

Businesses should take care to follow due process if they are planning on dismissing a worker, including documenting any performance issues over a period of time so that workers have a chance to respond, he says.

In this case, the worker claimed they had been forced to resign and this was ultimately accepted by the Commission.

However, Koelmeyer says there are cases where a business may strongly disagree with the reasons a worker is giving for a resignation, which means they should read all correspondence carefully and record any objections to a worker’s claims at the time they resign.

For example, if a worker says in their resignation letter that they have been “forced” to resign but you disagree, it’s possible to accept the resignation but reject the reason for it, he says.

“Read any resignation and the reasons for it carefully. If someone says they are planning to resign, ask for it in writing,” Koelmeyer says.

It’s essential for a business to respond to any claims — such as a manager forcing a worker to resign — with a rebuttal at the time the worker resigns. This information is very valuable if the case does come before the Fair Work Commission, because the employer can demonstrate the reality of the situation and outline why they believe they were in the right, he says.

“If you do this, you can then later say, ‘we rejected those claims at the time’.”

Original article found at SmartCompany.com.au HERE.

Posted in Uncategorized | Leave a comment

Counting the costs of illness and injury on Australian workers

Counting the costs of illness and injury on Australian workers

 

File 20180419 163975 28ki6i.jpg?ixlib=rb 1.1

It’s good for the workers, their employer and the economy to support them to stay in, or return to, paid work.
Dmitry Kalinovsky/Shutterstock

 

Alex Collie, Monash University; Michael Di Donato, Monash University, and Ross Iles, Monash University

Many Australians become ill while they are in the workforce. Common health problems such as back pain and depression can limit their ability to work.

But it’s good for the workers, their employer and the economy to support them to stay in, or return to, paid work. It improves workers’ health, maintains employer productivity and reduces the costs of support and health care to the state.

A report recently released by a new collaboration of Commonwealth government, private sector and not-for-profit organisations found Australia’s complex system of income support provides financial assistance to a huge number of ill and injured workers.




Read more:
Dying for work: the changing face of work-related injuries


Around 786,000 Australians experienced a health condition resulting in time off work and income support from a government or private source during the 2015/16 financial year. This is about 50,000 more than the number of unemployed people in June 2016.

At least a further 6.5 million people access sick leave for short-term illness.

We estimated the cost of income support alone amounts to A$37.2 billion for the 2015/16 year. This excludes other direct costs such as health care, and indirect costs resulting from lost productivity.

While most workers return to work after a short absence, some have longer periods of time off and receive income support from multiple systems in Australia. These include employer-provided sick leave, workers’ compensation, motor vehicle accident compensation, life insurance, defence and veterans’ compensation, superannuation and social security.

This “system of systems” is our national social safetynet for people with disease and injury that limits their ability to work. It’s a complex policy jigsaw puzzle.

So what’s the problem?

Each system has a unique set of rules and processes for determining who is eligible to access income support, the level of support provided, and the duration for which support will be provided.

There is wide variation in both the types of services funded and the models of service delivery. Only four of the ten systems we reviewed directly fund health care to support recovery, and the rules around health care provision differ markedly.

The variation means personal circumstances and the way in which the health condition is acquired both have a major impact on the support provided.

A Victorian injured at work, for instance, can receive up to two and a half years of income support through the state workers’ compensation system, at 85% of their pre-injury wage.

If the same injury occurred to the same person at home rather than work, they may be eligible for either life insurance (usually 80% of wage for up to two years) or one of the Centrelink benefits (typically a much lower rate of income support).




Read more:
GPs struggle to manage patients with work-related mental health problems


If the person has a partner, their spouse’s income will partly determine eligibility for Centrelink, but won’t have a bearing on a life insurance claim. The precise nature of the injury may have a bearing on eligibility for the life insurance claim but typically won’t affect access to Centrelink benefits.

To make things more complex, there’s usually a three to six month waiting period for access to income protection through life insurance, during which time the person may access unemployment benefits from Centrelink, assuming they no longer have a job.

But if they receive a lump sum payment from their life insurer for “total and permanent disability”, they will be excluded from receiving Centrelink benefits for a period of time.

This sounds like a bit of a mess. And it is.

How can it be fixed?

These systems have been designed in isolation. The rules around who can access benefits and when change regularly. The systems are regulated by an array of government authorities at Commonwealth, state and territory level.

Payments and services are provided through a large number of private sector insurers, superannuation funds, claims management organisations, health care and rehabilitation organisations, employers and government agencies.

But this policy disorder also means there are some big opportunities to improve work and health, through better cross-system collaboration.

The opportunities to make the greatest impact are in the “upstream” systems, when people are still connected to an employer and are early in the course of their illness or injury.

Interventions at this point can also have positive impacts “down stream”, for example by reducing the number of people who have long periods of time off work, become detached from their employer, and then seek financial support from another source.




Read more:
How employers can design workplaces to promote wellness


We identified several key opportunities for injury and insurance systems to streamline the system:

  • share data so income support claims don’t have to be reassessed when people move between systems. Thousands of people with long-term health conditions move from one system of support to another every year. The transition can be daunting and can worsen their health
  • develop consistent rules and forms. Each system currently requires people to provide different forms of evidence to support a claim for income support. These could be rolled into a nationally consistent program
  • redesign insurance products and income-support benefits to reduce gaps in financial support. Lump sum payments could be made in instalments, for instance, to assist with financial management during the Centrelink preclusion period.

The ConversationStreamlining Australia’s approach could reduce inequity based on personal circumstances or the nature in which an illness is acquired. It could also lead to better health and work outcomes for the many Australians who become sick or injured each year. And ultimately, it may reduce the amount of income support and improve workforce productivity.

Alex Collie, Professor, Monash University; Michael Di Donato, PhD Candidate / Research Officer, Monash University, and Ross Iles, Senior research fellow, Monash University

This article was originally published on The Conversation. Read the original article.

Posted in Uncategorized | Leave a comment