Inland Revenue has admitted to providing Facebook owner Meta with the names, addresses and other contact details of 268,000 taxpayers in 'raw' unencrypted form.
This news comes after an investigation into the IRD's use of social media companies to target taxpayers.
Queenstown employment relations consultant and initial complainant David Buckingham was surprised by this development.
"I did actually think they had some pretty good processes around at least hashing it - that wasn't really the focus of my initial complaint."
LISTEN ABOVE
See omnystudio.com/listener for privacy information.
Episode Transcript
I'd either due to see our.
Speaker 2 (00:01):
Now Land Revenue has admitted it gave Facebook the names,
the addresses and other contact details of almost two hundred
and seventy thousand taxpayers. So you remember, IID has already
got itself in a little bit of trouble because it's
been given these these encrypted bits of information, hashed bits
of information. But then when they went and looked at it,
they realized they were also giving out some raw information.
David Buckingham is a Queenstown employment relations consultant who first
(00:23):
complained about this, and he's with us.
Speaker 1 (00:25):
Now, hey, David, hey, good evening.
Speaker 2 (00:28):
This is mental. I mean, we thought that they were
at least trying to hide the stuff. Now it turns
out they're just giving the information over completely in the
raw form.
Speaker 1 (00:35):
Did this surprise you? Look, it actually did a little bit.
I did actually think that they had some pretty good
processes around, at least hashing it. That wasn't really the
focus of my initial complaints. It was the fact that
information was being matched against databases that were in some
of the biggest data brokerages in world, people like Meta
(01:00):
that has a checkered history in terms of the way
that they deal with data. And look, I'm not suggesting
that I have any smoking gun evidence that they've done
anything illegal or wrong, but I want this is wrong
to you, and morally I think it's wrong, but I'm
not suggesting legally wrong. What I do say is is
that when you upload hashed information, and this is a
(01:22):
way of scrambling things so that there's almost like a
game of snap, sort of a digital game of cryptographic snap,
so that if a face has already has the information,
they can kind of make the inference that that's who
they want to target. The problem is this number one
is identifiable to somebody with this level of data. Second
(01:42):
of all, these were small batches. These were little batches
of data that were identified as being attached to particular
taxpayer behavior. So let me just give you a really
a good meta for if I gave you twenty ring binders,
small lit ring binders with a whole attached information on
the side of it, and you could say, well, that's
(02:04):
sort of secure. I mean, I still don't think it's right.
But let's just say that we run with what ID
you've said, which is that this data's scrambled. Now le's
assuming that they are twenty ring binders of the scrambled information,
and on the binder, on the outside binder of each
one of these ring binders, it's got a label on
it with very specific taxpayer behavior. That's what they've done.
(02:26):
This report talks about what's in the binder, and we're
saying the breach of privacy was the fact that their
data was included within one of those folders, right, and
the label on the outside.
Speaker 2 (02:36):
Now, can you explain something to me, David, because I
don't get this, okay, Ird, If there are a specific
taxpayer behavior that they're trying to stop, which is, let's
say I haven't paid my taxes and they're trying to
get a hold of me, why don't they just take
the information they've already got, which is my name, my email,
my contact phone number, my address and give me a call.
And so you haven't paid your taxpayer, why do they
need to go to Facebook to pay Facebook to run
(02:59):
an ad at me?
Speaker 1 (03:01):
There's a brilliant question. But I get my notifications from
in the revenue by way this thing called my IR
I can open up and I can read it. And
the way I discovered this was that I went digging
inside the privacy settings of Facebook. When I was on Facebook,
iviousally deleted my account. But when I was on Facebook,
(03:22):
I was going through the number of companies that were
disclosing my personal information two meta, and by way of
doing that, I had this big, long list of companies
that had approached me. Look, i'll tell you something. When
I first actually emailed in the Revenue about this, and
I think it was March, the initial response internally, because
(03:45):
I was asked for this information under the privacy, their
first response was to say, well, we're just wondering if
these are just some sort of unfounded accusations. Well, today
in the Revenue we've not only had to concede that
they're not only doing it, but that's under pressure to
stop this practice.
Speaker 2 (04:01):
Yeah too, Right now, do you know if we can
find out if we're part of the two hundred and
seventy thousand taxpayers who just had our information handed to
meet it.
Speaker 1 (04:10):
What in their Revenue is said at the press conference
and then their media communications todays is that they're going
to be contacting those people in the next twenty four hours.
They say also that the other many hundreds of thousands
of people who may have got caught up in some
of these previous uploads of data. However, which way they
want to frame it that they don't even know they
(04:31):
don't know. The Commissioner that day has been saying, by
all reports, they're actually not sure and it would be
too hard together.
Speaker 2 (04:40):
Interesting, David, thanks for runningus through to really appreciate that.
Buckingham Queen Sound Employment Relations consultant.
Speaker 1 (04:46):
For more from Hither Duplessy Allen Drive, listen live to
news talks they'd be from four pm weekdays, or follow
the podcast on iHeartRadio
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!