Australia Post Digital Mailbox’s privacy policy is adequate

digital mailboxThe Australia Post Digital Mailbox’s privacy approach is, well, adequate – according to Electronic Frontiers Australia.

The Digital Mailbox service  “lets you manage and receive your mail in a digital format. You can receive and pay your bills from participating service providers in one place. Plus you can store important documents anywhere, anytime using your iPhone, iPad or any computer when you connect to the internet.” The documents go into the box and Australia Post takes a cut of transactions when you pay bills.

I must say I’ve treated the Digital Mailbox idea with some skepticism ever since it was first announced. Basically I’ve questioned why I’d trust Australia Post with my very sensitive information. Even if Australia Post was the Government, which it isn’t, I’m skeptical that they’re the right place to put sensitive materials.

Now that the system is in beta testing, Electronic Frontiers Australia has had a thorough look at their privacy policy. They particularly point to several weaknesses:

  1. The privacy policy itself is hard to find and not linkable.
  2. More significantly the policy allows for the collection of aggregated data – think PRISM here. While many other services also do that, those services are not pitching to be the repository of your sensitive private information.
  3. The policy allows Australia post to use the rather nasty web beacons on you. A step beyond cookies, these little beauties are very hard to disable.
  4. If you sign up for a mailbox you can only opt out of marketing through it by writing a letter or making a phone call – way to remain at the cutting edge Australia Post.

None of this is necessarily fatal to the service. But ultimately Australia Post is trading on its name and reputation here, and especially the erroneous idea in many people’s minds that it is part of the Government. It’s a shame that they did not take a less traditional route and make every effort to ensure the privacy and security not just of the mailboxes from intrusion and hacking but also of the system from tracking and marketing abuses. But that’s not realistic because the whole reason Australia Post is doing this is so that they can market at you.

Then again I’m not sure that is a privacy policy for good, old-fashioned snail mail.

Leave a Reply