Human rights and technology - Submission to the HRC

One of the things that I think is worthy of discussion here is the damage able to be caused to a business’ reputation like this: activists decide that they don’t like a business’ owner’s political views and use Facebook / Google Reviews etc. to leave negative reviews, ruining their online reputation.

It’s basically tyranny - i.e. agree with my views or we’ll destroy your business, and the business owners have very little power to stop it…

It happened a number of times during the SSM debate, where groups supportive of the ‘No’ campaign booked hotels to hold their meetings and all of a sudden, the hotels had hundreds of one star reviews left for them. The hotels were forced to cancel the bookings to salvage their reputation.

Human rights are about the rights of humans. Not businesses. It’s not a human right to have your business protected from bad reviews.

What businesses ARE protected from is slander and defamation. If someone spreads false information to hurt a business then the business is able to take them to court. In the example you gave the information left in reviews was true.

I have only looked at Choice’s response, and read the great contributions so far.

Access to tech: Making sure no-one is left behind. - I think that people with no “fixed abode” need to be mentioned as separate category. There is an inherent bias believing that everyone has a single address home. For example, the homeless don’t have access to the internet because 1. they can’t afford data plans, and 2. they have to find free wi-fi to connect. That’s limiting. The ones that do, only have a phone. Nothing with a larger screen to read or to be able to respond with.

Finance and General Insurance. There is a total power imbalance in this. The consumers have to disclose everything and be totally transparent, or have your loan/policy voided. Yet the businesses don’t have to disclose anything to the consumers about… well, anything really except the most rudimentary information. The information power imbalance needs to be redressed.

Consumer Data Right
Businesses should have to divulge and provide all the information (plus the derivatives and indicators this produces) that they hold about a consumer, whether they are a client or not.

Consumers should also have the absolute right to have any erroneous data held about them corrected or deleted as they choose.

There is nothing in there about a business “creating data” as opposed to collecting and storing real information. This could be done to discriminate/exclude.etc, or to facilitate/help/etc. This needs to be regulated and penalised.

There should also be protections which ensure that the data held actually pertains to the person it is held against. I have read of a case of mixed up phone bills where both the people had the same surname, first name and birthday day and month. They did have different middle names, and lived on opposite sides of Australia. Yet they were mixed up, and the onus was on them to prove that they weren’t who the biller erroneously claimed even though it was apparent at a glance.

We are expected to prove who we are when they call us, by giving our personal details, yet they are not required to prove who they are. Surely this too should be a two way street. There should be a way that they can pass some sort of validation (token) to us to prove who they are before we have to prove who we are.

Another thing that hasn’t been covered is the storage and backing up of our data. Where it is initially stored, are there copies, how it’s backed up, the security applied to the data, how long it’s stored, where it’s stored, jurisdictions etc… For example: if we give our data to an Australian based business, what happens if they store it in the cloud, or in a foreign country. What rights do we have with our data? What about if we give our data to a foreign business; do we have any rights at all? Can or would the Australian Government enforce any our data rights held by a foreign entity?

What about the linkage of data across Government Departments? Many years ago the idea was mooted to set up a Government data centre where all Department’s data would be merged and stored. With advances in technology, one day this may be feasible.
What rights do we have to oppose Government Departments sharing data as does the ATO and Centrelink? What about if the HRC shared data with other Government entities? What if Our Health Record shared data with Centrelink and the ATO? All of a sudden very sensitive and private matters could be open to view by people who have no need to see it. Many people will say if you have nothing to hide… etc, but equally many people would not want their data spread about.
There needs to be some sort of checks and balances process to go through before the Government can go ahead with such sharing.

Speaking of Government Departments, what rights do we have in relation to very poorly written computer programs unfairly discriminating against people, like RoboDebt did? Again there should be some checks and balances. What quality controls were implemented? What testing was carried out? What rights did the average person have to have a determination reviewed quickly?

Another thing to think about: The recent High Court determination that correspondence from a computer could not be relied on even though it came from an authoritative source, because no thinking had gone into it. How is a average person in the street to know if a computer generated letter has had thinking behind it or not? So when do we rely on a letter and when do we ignore it? It appears that the concept of ‘duty of care’ stops when a computer gets involved. Should ‘duty of care’ not extend to cover computer generated material?

Which leads me to ask: in the future will we see people in organisations hiding behind technology and refuse to accept responsibility for what the technology has been programmed to do (as happened in the ATO case)? Will we be able to rely on technology to do the right thing? My answer is no, we can’t rely on technology The thinking about human rights and technology must hold organisations’ most senior people accountable for organisation’s technology now and in the future.

Any appeal rights relating to our data need to external to the organisation in question to avoid perceived and potential bias. Internal reviews can be too easily manipulated to suit the organisation. Even external review organisations can get too close to those they are meant to monitor, as seen in the Financial Services Royal Commission. Therefore the external review entity must be completely independent and at arm’s length to those being being appealed against.

Depends what the hundreds of one star reviews said, doesn’t it?

The number of stars is itself “information” and could be false.

The person making the review may never have stayed at / visited the hotel and hence there could be an intrinsic falseness to the review.

In the context of cmpmal’s story, this is a human rights issue even though, as you say, a business does not per se have human rights - because the owner of the business is exercising his or her right to freedom of expression (and, even more specifically, expression in the political sphere) and an organised campaign is successfully silencing that person.

There is an obvious nexus to technology since this kind of attack would not be possible without the technology.

I wouldn’t worry too much about this though because those review sites are fairly dubious at the best of times. The example that cmpmal gives is the tip of the iceberg.

What if the technology is Commercial Off The Shelf? Which organisation is accountable? The creator or the user?

If the technology was developed in house it would be fair to ask whether the software was operating as specified by the senior people (they are accountable) or otherwise (the bad programmer is accountable)?

That’s an issue with the platform though. There are lots of false reviews on those sort of platforms. That’s not a human rights issue. That’s an issue with those review sites failing to verify reviews are legitimate.

As for the politics of the owners, I’m guessing you’ve never worked for a large company. The vast majority of businesses ban their employees from making political representations for the company or being involved in politics where they are publicly identifiable as an employee. It’s a human right to have your own beliefs and opinions. It’s not a human right to express a political opinion as a business representative and then not have it impact your business.

The other issue with your argument is where would you draw the line? You want to prohibit people from spreading negative publicity when a business/business owner is publicly involved in politics. What counts as politics? Can a company request the takedown of reviews that talk about the mistreatment of their workers? Can a company request the takedown of someone complaining about political donations they made? You seem more interested in protecting businesses from speaking than people from speaking

We are both saying that.

I didn’t offer a solution. I didn’t suggest anything about prohibiting people. I only supported cmpmal’s idea that this is an area where technology and human rights intersect - and hence should be within the scope of this submission - and I suggested ways in which the reviews could be false.

Fair question. I was thinking about in-house.

In the case of off-the-shelf tech, both the creator and the user must be accountable. Buyers must consider appropriateness when buying and using. Think of the security cameras from China which were recently deemed to be potentially ‘leaky’ through a back door, and therefore a security risk so Defence, and other organisations had to remove them rather quickly. Obviously, there were insufficient checks done by organisations who should have know better, and should have checked, and rechecked. That was a major systemic failure that senior people should be accountable for.

Well you suggested it was an issue that businesses were criticized publicly for political decisions of themselves or their owners. Was I wrong to draw the conclusion you want that prevented in some capacity?

Regardless I stand by my point. If I stood up and publicly identified myself as an employee of X company and made a controversial political statement, I’d be fired. I’m not sure why you’re so concerned for business owners who do the same. It’s a human right to believe what you want and support whatever politics you want. It’s not a human right to express a political opinion as a business representative and then not have it impact your business/job.

I think I’ve explained everything I can so I’ll probably leave it at that

I don’t see how you can check for a backdoor, particularly as the Australian government, and thereafter “every” other government, will soon be mandating backdoors in potentially everything.

I agree though … no checking should have been needed in order to reject Chinese security cameras from being installed in sensitive government departments etc.

However I more had in mind accidental bugs rather than deliberate bugs.

Ah I forgot about that whole issue. Mandating a backdoor in technology is surely a human rights issue in the digital age. The ability to be monitored by anyone with access to the backdoor without a court order or notification…

I think that every complex computer program has accidental/unintended bugs. Accidental bugs in s/w are a different matter to badly written software like the Robodebt algorithms which shouldn’t have gotten past alpha or at worst beta testing.

Accidental bugs can still cause major problems; here’s some more.

Sometimes it’s hard to tell if it was a bug, or badly written s/w; like tripping breakers which cut off a State’s electricity when it wasn’t necessary.

Well anyway the discussion highlights that dodgy review sites are something that Choice should be interested in, in as much as it relates to consumer rights and technology.

Things I’ve heard about include

• competitors putting in falsely bad reviews
• the business itself putting in falsely good reviews

We can add to that

• inadequate protection against an organised campaign of false reviews by a third party.

I was in fact referring to people who’d left untrue reviews (i.e. they’d never actually stayed at the hotel), simply because they wanted to punish the hotel for hosting a political event whose message they disagreed with.

It may surprise you, but businesses are run by humans, the vast majority of them in Australia by a single human, who may have spent 10s of years building up goodwill / contacts etc.

All of this can be destroyed by the sort of attack that I described.

And no, most one person small businesses do not have the money and certainly not the time to fight a court action over slander, particularly when those doing the slandering hide behind anonymous usernames online…

I would like to see the HRC looking after the Humans that run small businesses…