Australians can now register for the beta version of Australia Post Digital Mailbox. The service allows mail to be sent to you digitally, to pay bills, and aims to be your go-to storage solution for the business of life, so to speak: Copies of official documents, receipts, and family records, for example.

AusPostDigMail01

It's convenient, to be sure, but is this just making it a lot easier for the government to access sensitive data? Or, perhaps, non-governmental agencies, not to mention a ripe honeypot for hackers. Given recent revelations about US, UK, and Australian government surveillance privacy issues, what can we expect from Australia Post Digital Mailboxes? Now that the beta is open, we are taking a look at the service, starting with its Privacy Policy.

Good

EFA approves that the policy starts by at least citing and linking to Australian privacy legislation:

AusPostDigMail01a

The policy requires you to agree to share data as necessary to a very wide range of people, including marketers. However, EFA also approves that it claims, at least, to not sell or rent the information:

AusPostDigMail03-Replacement

Neutral

The policy also claims that the service will use industry standard SSL and TLS security protections, and the site runs in https by default. These security architectures are used by most e-commerce sites and most users trust them. EFA uses them and we certainly prefer them to more limited schemes. That being said, there are a lot of issues along the SSL/TLS chain that can be compromised, and Australia Post has suffered security lapses in the past:

AusPostDigMail04

It is also claimed that the service will be run on Australian servers, but given the news about the new server complex at HMAS Harman, this is not really a cause for comfort:

AusPostDigMail05

Bad

Let's start with accessing the privacy policy itself. The policy is not directly linkable not easily directly linkable or searchable. You need to go to the site and click on Privacy Policy at the bottom of the page. That opens a pop-up window which can not be directly accessed through a standard simple hyperlink unless you dig through the source code of the site to find this pretty URL (found by commenter trog): https://beta.digitalmailbox.auspost.com.au/content/marketing/en/fancybox/fancybox_footer_privacy.html. But you won't find that URL from a plain link on the site, nor in a Google search. Here, let me Google that for you to show you that the policy does not turn up in search results. Why prevent direct linking? It seems to be an aesthetic choice, but most other large companies, particularly those named in the Prism revelations, at least provide a direct and plain link to a plain page rather than a "fancybox". Further, searching for the privacy policies of FacebookGoogle, and Microsoft turns them up as the first link in a search. EFA would like to know if it's good enough for them, why not Australia Post Digital Mailbox, especially given that Australia Post itself has a direct and plain link to its privacy policy?:

APDMPP

The new service's privacy policy follows the lead of for-profit web services more than it represents the public good. While consumers agree to these kinds of policies every time we sign up for a new service or app (if you use Facebook you've agreed to similar conditions) the Australia Post Digital Mailbox is a wholly-owned subsidiary of Australia Post. Australia Post is a Commonwealth statutory corporation of which the government is the sole shareholder. Although it must operate as a separate for-profit entity, including paying all company taxes etc., it is still the country's official mail carrier and has special government privileges and carries out special government services. As such, it has the trust of Australians, and it should aim very high to maintain that trust.

EFA finds it concerning, then, that the policy requires you to agree to the collection of aggregated data, claiming that it will be de-identified and thus not personal. Aggregation does not necessarily equate with protection if it can be used to aid profiling and other pattern-based surveillance strategies:

AusPostDigMail06

Admittedly EFA's own privacy policy has similar clauses, but we are not asking to store your most essential digital files, nor are we so very closely aligned with the Commonwealth government.

The policy also requires you to agree to some invasive tracking technologies. Beyond cookies, which EFA also uses, the privacy policy also refers to the use of web beacons. In 2007 Facebook faced a backlash when it introduced web beacons into its service, because they can be used to track you outside of the service. EFA is concerned about the use of web beacons, and specifically a lack of detail as to whether or not this will occur with Australia Post Digital Mailboxes:

AusPostDigMail07

EFA is also concerned that the policy does not even make many guarantees about misuse of information beyond stopping spam, an intention to not use its own communications to users as direct marketing, and asking third parties undertake reasonable measures to protect the information from disclosure:

AusPostDigMail08

Even if we considered such reasonable measures reasonable, EFA considers it unreasonable that despite this undertaking, the privacy policy requires you to opt out of marketing, and that opting out is not an online process, you must call or write a letter:

AusPostDigMail02

Finally, EFA is concerned that if you want to find out what the service knows about you or change it, you might be charged an access fee or be denied. The policy says that you will be given reasons for the decision, but does not provide any detail:

AusPostDigMail09

Your Eggs. Their Basket

Summary: Adequate; Some concerns; Room to improve

  • Good: Cites Australian privacy legislation; Won't sell or rent your data.
  • Neutral: Industry-standard security.
  • Bad: Policy itself opens in a pop-up window that can not be directly accessed; non-online opt out of marketing only; allows for web-beacons; will aggregate data; might charge money or deny you the ability to view/change what they know about you.

We believe that Australians should demand a much higher standard of privacy for entities that are so closely perceived as related to the government, even if they are for-profit. There are few indications that this entity holds itself uniquely accountable based on its central and (usually) trusted part of Australian life.

The new Australia Post Digital Mailboxes may not, yet, deserve our trust. While features and usability are important, if Australia Post really wants to compete against Digital Post Australia, it could win the trust of Australians by working to both market-leading and world-leading privacy and security.

UPDATED

  • 19 June 2013: The paragraph about the indirect link has been amended to note that a commenter, trog, found a hidden but direct link to a plain version of the privacy policy.
  • 20 June 2013: Clarified the precise legal status of Australia Post as a Commonwealth statutory corporation.

4 comments

  1. FWIW, the privacy policy can be accessed directly via this URL:

    https://beta.digitalmailbox.auspost.com.au/content/marketing/en/fancybox/fancybox_footer_privacy.html

    I suspect it was just an aesthetic choice to load it in that in-page popup window, but it still loads from a directly accessible URL (...that is not published anywhere obvious).

    Comment by trog on 19 June 2013 at 13:53
    • Yes, that's true if a user inspects the source in such a way as to dig that URL out. However, as both of us note, this aesthetic choice does not allow direct linking from the most obvious hyperlink, can not be found in a standard Google search, and is very tucked away. I will amend the post to include your point, though, as it is a good find. Many thanks!

      Comment by Sean Rintel on 19 June 2013 at 14:01
  2. I'd also add the password field on their registration form does not allow copy/paste.

    I assume this is for some "security reasons", but the practical effect for me was that I ended up putting in a much less secure password.

    My usual practice for creating passwords for new services is to open up my password manager application (PWSafe) and let it auto-generate me a nice secure complicated password. I don't even look at it, I just copy and paste it directly into the field for the new service. When I need to log in again, I just copy/paste it out of PWSafe.

    This AusPost service has onerous password requirements - must use one upper case letter, one number, can't use spaces, etc - and users have to type their password in manually into the password field and then /again/ into the password confirmation field.

    What's more likely - people coming up with a long, complicated password that they can type in twice (into obscured password fields where one mistake means you have to start again) or people coming up with a really basic, easy to remember password just so they can fill out the stupid form?

    Then, of course they end up with a basic, easy to remember password that is presumably much less secure. Argh!@#

    Comment by trog on 19 June 2013 at 14:45
  3. FWIW all of the points raised suggest to me that it isn't something that I'm even slightly interested in using. Whilst that may not be true for everybody, many people are using online services simply out of sheer laziness about backing up, but in my humble opinion this does not equate to a reasonable place to leave my documents.

    I suppose if one considers the normal Australia Post process which is to make life difficult as they can and then every three weeks into a survey asking how good they are it's difficult to be surprised.

    Comment by Daemon on 19 June 2013 at 16:32