Oracle used untouched phone in anti-Google presentation to Australian officials, showing it collected data without permissions, documents show
06 Sep 2019 12:00 am by James Panichi
US technology company Oracle presented Australian competition and privacy officials with a phone using the Android operating system to demonstrate that the device communicated with Google, even though it contained no SIM card and had no apps running, according to documents obtained by MLex.
According to an account of a 2018 meeting prepared by Australia’s privacy watchdog, Oracle managers visiting from the US presented the phone to officials of the Australian Competition & Consumer Commission, or ACCC, and the Office of the Australian Information Commissioner, or OAIC.
“The phone had no apps running, and had never emailed or used any other features,” the official account of the meeting says. “[Oracle] then demonstrated that the phone was communicating data. The phone was running for 13 minutes while we had been meeting and had talked to Google at least 418 times.”
The redacted documents, obtained by MLex under Australia’s freedom-of-information laws, show that Oracle executives used the May 10, 2018 meeting to lobby the officials on the degree to which the Android operating system sends information to Google, Android’s US-based owner.
In the summary of the meeting prepared by the OAIC, the privacy watchdog said that Oracle had told officials that even when all of a phone’s location-data settings were turned off, a device using an Android operating system “still emits an ID ping.” “How do you turn it off?” Oracle is reported to have asked the officials.
The OAIC officials then asked the Oracle managers, who were accompanied by a team from law firm Clifford Chance, whether they had been in contact with other data-protection authorities and privacy regulators. The following pages were redacted.
Subsequent email exchanges between Clifford Chance and the OAIC reveal that Oracle had also alerted the Australian watchdog to the issue of “red lining” — explained as “when data is collected in relation to ‘demographics’ which [are] more about socio-economic issues, which is viewed as highly problematic.”
Call for data portability
The parts of the documents obtained by MLex left unredacted appear to suggest that Oracle managers had two, separate meetings in Sydney: one with officials from both the ACCC and the OAIC; another with officials from the OAIC.
Attending the first meeting were Morag Bond, the general manager of the ACCC’s Digital Platform Services Inquiry, and Abby Aldana, at the time an assistant director for the OAIC’s Privacy Dispute Resolution unit.
Hand-written notes of that meeting suggest that Oracle lobbied for data-portability laws that would take control of data collected by Google away from the company. “Data cannot be traded — does not benefit competition,” the OAIC notes of the meeting say.
“Data belongs to user — should have the option to keep data privacy/sell it to another company,” the notes say. “Who owns what kind of data?”
“Most of Google’s products suck up data,” the regulator’s notes report an Oracle lobbyist as saying. “YouTube — knows exactly what you watch; Google Docs — indexes keywords.”
The documents add context to emails previously released to MLex by the OAIC. That communication had confirmed that the privacy officials had met with Oracle managers, as part of the company’s global efforts to raise concerns about Google’s data-gathering processes.
Google had responded to those claims as a “sleight of hand” and denied Oracle’s claims that the search engine had been secretly piggy-backing on data permissions provided by Android mobile-phone users to gather marketing information.
MLex requested the documents shortly after the meetings took place on May 10, 2018. Oracle challenged the release of those documents, forcing the matter to Australia’s Administrative Appeals Tribunal, where it remained until the beginning of this month.
On Sept. 3, the tribunal informed MLex that Oracle had withdrawn its application to oppose the release of the documents. Oracle’s lawyers, Clifford Chance, offered no explanation on Oracle’s decision not to stand in the way of the documents’ release.
After the Philippine privacy regulator issued another harsh warning against privacy violations, members of a data protection group began raising questions.
The UK already had a high wall to climb for it to win an adequacy decision that will let it continue data flows to the EU after Brexit.
Canadian tech companies will soon be subject to tougher privacy laws as lawmakers face intense pressure to keep pace with European privacy standards.