Category Archives: Other Computing

Data Belongs To The Individual

The Vice President of the European Commission, Viviane Reding, believes this mantra and it is irrevocably enshrined in European law. Following the ruling by the European Court of Justice yesterday (13MAY2014), it is a concept which has gone mainstream.  The ECJ have decided that “[a]n internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties”.

Unsurprisingly, that has prompted intense, and sometimes quite passionate, debate on the subject. This essay is, just for the sake of it, my two penn’arth on the subject.

Mario Costeja González

The case had been referred to Europe’s highest legal authority following an appeal by Google against a decision made by the Spanish Data Protection Agency (an organisation known as the AEPD). A Spaniard by the name of Mario Costeja González had found that when he Googled his name the results included links to an advertisement in a local newspaper. This advertisement showed that his house had been put up for sale to recover debts he owed to the social security agency. Given that was six years ago and his debts had long been settled, he wanted this information deleted under Europe’s Right to be Forgotten law. This EC Directive No.46 of 1995, is a part of the panoply of European Data Protection measures and requires “irrelevant or outdated” information to be deleted on request. 

Screen Shot 2014 05 14 at 15 42 17

The newspaper refused to delete the page and Google refused to remove the links. The AEPD decided that the newspaper had lawfully published the advertisement and so were justified in refusing to delete it. Google’s case was that by merely linking to it rather than hosting it, they had no control of, or responsibility for, the data. This didn’t wash with the Spanish authorities and they were ordered to “take the necessary measures to withdraw the data from their index and to render access to the data impossible in the future”.

In considering Google’s appeal, the first question the ECJ had to consider was whether Google’s link to the newspaper constituted personal data and they clearly thought it did. They further decided that Google ‘collects’, ’retrieves’, ‘records’, ’organises’, ‘stores’ and ‘discloses’ the data it trawls from web sites. Throughout Europe, these actions are all regulated when the data concerned is Personally Identifiable Information. Anyone with any knowledge of the UK’s Data Protection Act will know that a Data Controller must ensure that the personal data they hold “shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed” and “…shall be accurate and, where necessary, kept up to date”.

That the information about Sr. González was old is beyond doubt, but was it irrelevant or  outdated? That he once owed money and his house was put up for sale is as true today as it was six years ago. That statement of fact was, it seems, something the newspaper could rely on as the “relevancy” criteria was evidently true when they “processed” the personal information of Sr. González. However, the ECJ seem to have taken the view that Google’s “processing” is an ongoing thing and therefore now fails the relevancy test.

Where EC/46/95 is enacted in domestic legislation, as it evidently is in Spain, this all means is that the Data Controller is obliged to delete the data when the Data Subject asks. Incidentally, the UK’s Department for Justice still refuses to sign-up to this Directive, suggesting it raises unrealistic demands on companies and unrealistic expectations in the minds of individuals.

The Big Picture

Clearly Mme Reding has strongly held beliefs and honourable intentions. Similarly, the judgement of the ECJ doubtless follows thoughtful consideration of the interests at stake. However, when the dust settles, will what we are left with be of benefit to society as a whole?

There is a much wider point to the ECJ judgement than just considering one result in isolation, and I suspect that is one more reason why they have ruled as they have.

The Court points out in this context that processing of personal data carried out by such an operator enables any internet user, when he makes a search on the basis of an individual’s name, to obtain, through the list of results, a structured overview of the information relating to that individual on the internet. The Court observes, furthermore, that this information potentially concerns a vast number of aspects of his private life and that, without the search engine, the information could not have been interconnected or could have been only with great difficulty. Internet users may thereby establish a more or less detailed profile of the person searched against.

In other words, one search result is bad enough, but taken as a whole, a collection of results could allow wholesale snooping into a person’s life.

The Backlash

An individual’s privacy can normally be safeguarded without cries of censorship. Yet here, Jimmy Wales, the founder of Wikipedia, is quoted by the BBC as describing it as “one of the most wide-sweeping internet censorship rulings that I’ve ever seen”. The ruling clearly put the concepts of privacy and censorship in direct conflict. 

The global fall-out of their ruling wouldn’t have been in the forefront of the judges’ minds, but given it is the internet we are talking about, global it most certainly is. Compare and contrast these two commentaries on the case, one from the BBC the other from the LA Times.

In the UK, the Rehabilitation of Offenders Act allows convictions to be “spent” after a certain period of time. For instance, for anyone sentenced to less than six months in prison, their conviction has become spent after seven years. Spent convictions typically do not need to be disclosed to employers, but it’s easy to see how a Google search result could void any possible benefit from the act.

http://www.bbc.co.uk/news/magazine-27396981

 

Though the idea of such a right has generally been well-received in Europe, many in the U.S. have criticized it as a disguised form of censorship that could, for example, allow convicts to delete references to past crimes or politicians to airbrush their records.

http://www.latimes.com/business/la-fi-google-eu-20140513-story.html?track=rss

To be fair, the BBC correspondent tempers their stance by suggesting that “It’ll be harder, for example, to have a story from the 1990s about an arrest for assault removed if you’re a politician than if you’re a plumber”. Indeed, even Mme. Redding asserts that “It is clear that the right to be forgotten cannot amount to a right of the total erasure of history”.

Therein lies the problem with the “Right to be Forgotten”.

The Data Protection Act is a tried-and-tested concept and most businesses are now adept in dealing with its principles. However, when it comes to the Right to be Forgotten, there are very obviously shades of grey and, as the politician-and-plumber comparison hints at, the graduations are near-infinite. Instead of simply considering what is factually accurate against what is demonstrably incorrect (admittedly itself an area with potential for murkiness), the Data Protection Principles have far vaguer concepts like Relevancy. Muddying the water still further, the Right to be Forgotten principle is that deletion at the request of an individual should occur “unless there is a good reason to retain data”.

The question has to be who decides what is a “good reason” as it is surely a concept which cannot be tied-down in words, even less so than “relevant”. The individual concerned can’t be an objective voice and nor can the host site. Presumably, if they were, they’d have already edited or removed the offending page. The ECJ’s ruling is that the role of adjudicator falls to each and every search engine linking to the page in question (almost by definition, any given page will be linked-to not just by Google, but all search engines). Whilst Google et al’s objectivity toward the complainant and the linked site is unlikely to be questioned (unless the site is an advertiser?), there would seem to be little incentive fully consider each side of the argument. In many cases it will inevitably be left to the Data Protection Registrar – or the courts – to decide. All of which is great news for lawyers.

There are other issues I don’t have time or inclination to get into here, such as the market in ‘dark net’ search engines which are bound to spring up – if, indeed, they don’t already exist.

Is This Really a Problem?

Back to the BBC…

Victims of domestic abuse often face a situation where a violent ex-partner is trying to track them down. The victims are often named in media reports about their partners’ crimes. Details about unhappy relationships and harrowing tales of violence can be permanently associated with their names, even as they want to move on to a new life of independence and freedom.

http://www.bbc.co.uk/news/magazine-27396981

This seems to miss the point that the exact same information would be very helpful for the perpetrator’s new partner. Or are we saying that in order to keep the perpetrator’s name visible, only the victim’s name should be excised from the search engine database? Except that the full link will regenerate when the search engine “web crawlers” find the page again – unless some sort of cross-checking takes place against a vast database of complainants. Fair enough, but how does that work with a celebrity or someone whose name is regularly in the news… 

My point is that this whole ruling seems to spectacularly under-estimate the scale of what it implies. To simply shrug ones shoulders and say that it is Google’s problem is, well, fairly typical arrogance on the part of the European Commission.

In many of the commentaries I have read on this subject, the example of “the drunken photograph posted to social media ruining a teenager’s future career” gets trotted out. This is surely a completely different issue. More often than not, the poster will retain direct control of such postings.  I recognise that — because of search engines or possibly a mean spirited ex-partner — images may propagate around the web making it virtually impossible to track down all copies. Surely in such circumstances, however, the search engines are a useful tool in finding and approaching sites hosting copies with a ‘take down’ request?

If the original page is altered or deleted, then search results will reflect this. Sure, there are caches kept and the WayBack Machine will likely as not have a record of the offending page, but the reality is such search techniques are not in the toolbox of everyday web users.

Targeting the search engines in pursuit of this Right to be Forgotten is rather like taking down road signs as an attempt to reduce urban congestion. Those who already know the way won’t notice and those who want to get there will find the place anyway – and if they don’t, their friends and colleagues will send them directions.

And Finally…

As a final thought, going back to the intricacies of Mario Costeja González’s tangled web. He complained that the local newspaper still made his shameful past available for all to see and that Google facilitated that. Because it is Google, I suggest that the most common reaction (mine included) has been something like, “well, that’s what they do, where’s the problem?”. 

However, imagine if the company that was collecting, storing and – on request to anyone who asked – distributing, a comprehensive and indexed dossier of your personal history which would otherwise be almost undetectable, wasn’t Google. Imagine it was a credit reference agency, or a debt collecting company, or a private detective… Would that be alright?

What the ECJ have said is that there is no difference.

Advertisements
Tagged , ,

One Little Green Light

Timing is everything.

The Blinking Green Light of Frustration

The Blinking Green Light of Frustration

After many more years than I care to count spent with Demon, I swapped broadband to BT about eight months ago. The reason for the swap was plain and simple – a binge purchase of a box set on iTunes meant I exceeded my ‘Fair Usage’ download quota, so my connection was throttled for the rest of the month. That hurt. I’m not so naive as to believe BT’s Totally Unlimited package is without its Fair Usage policy, but I’m fairly confident the bar is higher than Demon’s.

All of which is by-the-by for this particular exercise in venting, save to say that until Thursday of this week I’ve been perfectly happy with BT’s internet offering.

Then an odd thing happened. My broadband connect went down. Actually it must have gone down while I’d been out as I came home to find no connection. I performed the usual finely tuned and deeply researched suite of diagnostic processes (turned everything off and back on again!) and still nothing. I delved into the settings of the router, changing nothing, simply (blindly) looking for something that didn’t look right, watching the ADSL connection status go from Handshaking, to Training to – eventually and not always – “Show Time”. Even then, despite the status page assuring me all was well and the router was ready to connect – it stubbornly refused to do so.

Then, suddenly, it connected.

For a good ten minutes it remained connected – enough for my Twitter timeline to update and a few spam emails to find their way into my inbox.

Then, just as suddenly, it was gone.

Handshaking – Training – Show Time – nothing – Handshaking…

Then it came back.

It was gone again not much later.

Clearly a hardware issue, I thought. Luckily, in the elephant’s graveyard that is my back bedroom, I was able to resurrect another ADSL modem. This time it happened to be a BT branded one (whereas the one which had served me well was a cast-off Netgear router which, if everyone had their own, was Kay’s from when she had a Post Office broadband account). I hooked it up, tinkered with the IP address and user name to mimic those I had by now learned by heart from the old one. Then, nothing.

A few rants & raves at no-one or anything in particular, then I happened to notice Twitter had refreshed and I was on line. A breakthrough. Not for long though; the same pattern repeating itself with this lump as the first, but it was enough to tell me it wasn’t a hardware issue.

Having swapped everything back (I  prefer the Netgear lump – it’s decently compact), I rang Kay to commiserate and generally whine about my lot. It was then that I noticed the loud buzz on the landline. Kay confirmed she could hear it at her end, and a later call to my mobile confirmed it indeed originated at my end. Kay made the eminently sensible suggest that I could use my iPhone’s Personal Hotspot feature to tide me over for as long as I needed. Except that my carrier, Three, in common with most mobile services, seem to regard my village, and my part of it in particular, as not worth pointing an antenna toward. I get one bar of service and a 3G signal – but only if I position myself at a window. If I hang out of an upstairs window at the back of the house, I get two whole bars.

At least that was enough to get onto BT’s website and – veerrryy sllloooowwwwwllllyyy – go through their online diagnostic tools. That assured me there were no faults on my line nor any issues with their service which would be causing my problems. There was a link to a series of self-help pages which, when distilled to their core themes, can be summed up as “turn everything off and back on again”. There was another link which kindly offered to connect me with BT’s technicians, but as I had the temerity not to use their Home Hub (I have a perfectly good Apple Airport set up for my WiFi, why would I want BT’s kit), I would have to pay for their “help”. No thanks.

Somehow, I found another line test link, this time solely related to voice call issues, but as I legitimately have a noisy line, that’s what I went with. Success (of sorts) in that this tool reported that it had indeed found a fault and — wonder of wonders — it was in the BT exchange. The OpenReach engineers would be dispatched to deal with the problem without delay, the report told me – adding that this would be within Three Working Days. Given that this was Thursday evening before Easter, Three Working Days equates to the end of business on the following Thursday. 

The subsequent weekend (it is Sunday lunchtime as I type this – in a Stabucks, so as to get a consistent net connection!) has followed a pattern of unpredictable connectivity. Friday morning I awoke to nothing, but when I came in on Friday evening it was back up, and remained so all evening. Thankfully it remained up long enough to watch the last two episodes of Season Two of the fantastic House of Cards (I knew I was taking a risk, but imagine the temper tantrum if the connection fell down ten minutes from the end!). Saturday morning I awoke to discover (based on the Twitter timeline) that it had gone down pretty much straight after I’d gone to bed.

I spent Saturday at home, trying to get something written, thankfully most of the material I needed being either in paper form or on my laptop, but it was immensely frustrating trying to do any fact-checking. The evening followed a similar pattern of mostly-up-but-occasional-short-drops, so I rediscovered my DVD collection. This morning it has mostly been down.

What I hope that my unnecessarily verbose commentary has conveyed is the indescribable sense of uncertainty all this has engendered. All weekend I have found myself instantly swivelling around to stare daggers at the little green light which signifies a connection every time a web page so much as stuttered as it loaded. All too frequently I was rewarded by the sight of its notable absence. My life has become subservient to a green light!! (ok, gratuitous melodrama, I know!).

Roll on the end of Three Working Days.

Tagged , ,

Windows Depression

I went upstairs and started up my Windows PC this lunchtime. Then the afternoon evaporated, as did my spirit.

I have a job to do on someone’s PC and wanted to copy a file from WindowsXP. That, pretty much, is the reason I keep my WinXP box going – oh, and it saves me a journey to the tip as I’m told you can’t just chuck these things in the bin nowadays. As is typical when I start this machine, it launched into interminable disk thrashing and an endless run of updates. Obviously I don’t hold that against it, it is doing me a favour after all, and it can’t update when it is unplugged.

One of the updates today was Java. As it updated, I was presented with a dialog which told me “Windows: Disc not found. Insert Disc” followed by around 20 question marks. Mmm, I think the software designer behind that one has some personal issues?

A little later, my Firewall warned me with an endless stream of dialogues that “FIU” was acting suspiciously by trying to access pretty much every critical file on the machine. Irritating at best, malicious at worst. It could be I’d been duped into downloading a trojan, but if I had, it was incredibly clever as it was a pop-up from the Java icon in the Notification tray. In any event, my Anti Virus app had decided it was going to take over the machine and do a scan as it hadn’t had a run out in a while, so the disk thrashing was like a sawmill in full production. Nothing found though.

The aforementioned Firewall had also been nagging me for an update, but to be fair, it had been easily put off thus far. After the saga with the Java installation, though, I thought I’d better let it have its way this time. Its installer duly launched and presented a dialogue asking my permission to allow it to take over my browser’s home screen with its own page, as well as replacing my default browser search with its variant. The dialog explained that this was their way of paying for the software development and imploring me, the user, to support them by agreeing. Fair enough, except it turned out that by not agreeing, the software wouldn’t install. OK, so no choice at all then, so why bother “asking”?

Having given my “informed consent” to their Ts & Cs, the installation commenced.It got to 46% fairly swiftly, then stopped there for — I kid you not — a full 15 minutes (apparently installing Microsoft .NET distributable. Classy). Resisting the urge to simply turn the damn thing off or at least crash out of the installation, I stuck with it. 47% to completion, eventually, took a few seconds. Not exactly a linear progression!

My Java scare, caused me to investigate what this FIU thing was. I had to use -financial -investigation modifiers to remove the obvious (to me!) connotations of that acronym in the search results, but I did find a few links to the warning I’d received. The top one took me to a forum run by the firewall software vendor. The person who’d asked a perfectly reasonable question (I would say that, it was exactly the question I wanted answering) had been given the bum’s rush by the forum regulars as he’d had the temerity not to say precisely what version, release and build of the software he was using … which had nothing at all to do with the question, but Forum Rules Is Forum Rules. I never really did get to the bottom of it.

A few other links and a couple of wild goose chases later (mainly researching the job I’d turned the damn thing on for in the first place) I found myself investigating a piece of software called Super Anti Spyware. I wanted to know if it was legit, so scanned the dozens and dozens of links which extolled this suite’s apparent virtues (several on sites I’d actually heard of!). Then this one caught my eye:

Superantispyware is the name of a Misleading Application (rogue software) designed to display false information, such as claiming your system is infected with 

This is the entry in the ‘glossary’ of the Symantec (a.k.a Norton Antivirus) web site. Bitter, are we chaps?

 

I mention all this as I found the entire experience frustrating and in no small way, depressing. Is this truly what the PC users of the world have to put up with; suspicious behaviour, amateur hour dialogs, bloatware, spyware, ransomware, scareware… developers openly disparaging one another…  This isn’t an anti-Windows rant, it really isn’t. I recognise WindowsXP is now an old OS and my machine is long past its cutting edge days. None of what I’ve moaned about here was the fault of the OS. It is the world which has grown around it. My shock comes from having been shielded  from this world for so long.

Boy, am I grateful.

When “Free Wi Fi” may not be entirely free – and what’s the problem?

John Gruber’s ‘Daring Fireball’ links to a blog post on the New York Times web site which reports the experience of a technically savvy web user staying at a Courtyard by Marriott in the US. It appears this establishment offer free WiFi but employ a mechanism which can theoretically inject banner adverts into all pages the user visits. Note that, so far at least, they are not actually putting adverts on pages, they just can if they choose to.

Outrage! I present two choice quotes from the story…

“Imagine the U.S.P.S., or FedEx, for that matter, opening your Amazon boxes and injecting ads into the packages”

“Imagine the hotel delivering complimentary issues of The New York Times to every room, except some articles have been accidentally blacked out, all the ads have been cut out, and on every page there’s a new ad that’s been stuck on top”

Er, actually, neither of those scenarios bothers me in the least – especially not in the case of the shipping if it’s Free.

This is a story that only techies — specifically professional web designers and professional blog authors — can get upset about. To the user, there is a long history of “free” translating to “free so long as you don’t mind adverts which you’re most likely going to ignore”. The issue for the angry mob is at worst that someone else is getting money for the adverts and they’re not, or that it may marginally muck up carefully designed web pages. To the remaining 99.99% of the populace, this is simply not an issue.

Yes, given the choice between “Free” or “Free with advertising”, the former is obviously preferable. However, if the other option is “£5 per hour – enter your credit card number here”, which most British hotels seem to prefer as their business model, well…

Gruber observes “Yet another reason to bring your own 3G or LTE hotspot with you when you travel”. Fair enough, except that isn’t a Free option by any means (and leaving aside the conspicuous lack of LTE technology in the UK – or indeed any iPad compatible LTE outside the USA).

Life’s No.1 rule: You Get What You Pay For.

Tagged , ,

BBC News – HTC ‘investigating’ security flaw uncovered by blogger

It seems that if you’ve recently bought an HTC device running the latest flavour of Android, thanks to a ridiculously simple exploit, bad guys can relieve you of all manner of private information. Compare and Contrast the below quote with the hullabaloo that followed the “revelation” of the existence of a list of cell towers an iPhone had – at any unspecified time in its life – been in range of.

“They didn’t anticipate that kind of information would be of interest. It’s a lack of foresight rather than lax programming, I think. It should be something relatively easy to fix.” – Rik Ferguson, director of security research and communications at Trend Micro.

Just so we’re clear, this is the information that Mr. Ferguson doesn’t think “would be of interest” to people with dishonest intent:-

  • The list of user accounts, including email addresses
  • A log of recent GPS locations
  • Phone numbers taken from recent call logs
  • SMS data, including recent numbers and encoded messages

via BBC News – HTC ‘investigating’ security flaw uncovered by blogger.

Tagged
Advertisements