DPI red herring

First off, apologies for the slightly confusing discrepancies between the dates above my previous posts and their stated publication dates. I migrated my nascent blog from another site and wanted to show exactly when I’d written them.

Right, to Capitol Hill now, where the House Committee on Energy and Commerce has for the last couple of weeks been investigating Internet companies’ approach to privacy. The Committee is focusing particularly on behavioural targeting - the practice of inferring Internet users’ interests from their browsing behaviour and using this data to serve them more relevant (and thus more profitable) online advertisments.

The House Committee sent a letter to thirty-three Internet companies on the first of this month questioning them about their privacy policies in regard to concerns raised by behavioural targeting.

‘Questions have been raised regarding the applicability of privacy protections…and whether legislation is needed to ensure that the same protections apply regardless of the particular technologies or companies involved’, read the letter.

While, of course, all the companies vigorously defended their privacy policies, Google’s approach is worthy of note. This behemoth of the Internet made a point of denying that it uses deep packet inspection (DPI) technology, and used this claim to evade answering a number of the Committee’s 11 questions.

Deep packet inspection is a technology which examines the data in individual packets travelling across the Internet. This technology can be used by ISPs to analyse traffic passing over their networks and the analysis used to serve targeted ads to their users.

Google don’t use DPI, so that’s any concerns about user privacy out the window then, eh? Well, up to a point, Lord Copper.

For every search made through Google, the company retains the URL, IP address, time and date, operating system and browser used. It also delivers advertisements dependent on the search term entered.

My problem with this is twofold. First, I don’t really want Google to know exactly where I’ve been on the Internet and what search terms I’ve entered. Secondly, I don’t want them to know who I am which, given that they have my IP address, they effectively do.

So whether or not Google uses DPI or not, they still hold an unnecessarily large amount of personal information on me which they keep for 18 months. I don’t like that.

So really, DPI is a red herring. It’s not how you get data, it’s what data you gather and whether you store it or not.

I’ll still use Google though, but not under the misapprehension that they can be trusted to “do no evil”.

Government Goes For Incompetence Gold

The Government is on course to break its record for the largest loss of citizens' data in a single year. After a particular strong showing in the 2007 data loss competition when it managed to mislay some 36,989,300 pieces of personal information, the Government is setting its sights on smashing its own record for rank incompetence and utter farce.

The latest step towards this unprecedented target was announced by a beaming official from the Ministry of Justice who proudly revealed that 45,000 people had been affected in nine separate data loss incidents within the Ministry.

"I am proud to announce that we are well on our way to making 2008 another record breaking year for data loss," said the gurning beancounter. "This latest data loss shows that Britain excels not only in sailing, cycling and rowing, but also leads the world in risible ineptitude."

The best individual figures for the department were achieved in a single incident, when 27,000 people working for department suppliers were affected after information from badly protected electronic storage devices was disclosed without authorisation.

Names, addresses and bank details were taken, while the MoJ made no efforts to notify the people involved.

And in January 14,000 people were affected due to the theft of a poorly-protected laptop from secured government premises. Names, dates of birth and some national insurance numbers were lost.

US analyst Brad Oysterburger says that there is still scope for the UK government to improve on its already phenomenal record for data loss. “If the government goes ahead with its plans for compulsory ID cards for all UK citizens and a centralised database recording all electronic communications, then these data loss figures could soon be considered a mere bagatelle. Britain looks in strong shape to cement its position as the greatest laughing stock in the world of data security.”

Privacy-tards

This may be a cynical PR story, but to my mind it's a great one.

A major ISP, the identity of which I have absolutely no intention of revealing, has carried out a survey showing that while 84 per cent of internet users in the UK claim to be guarded about their privacy, 90 per cent of the same users are prepared to hand over their private data to any Tom, Dick or Harry on the interweb.

This doesn't surprise me at all. In my experience, it's those incapable of distinguishing between genuine and imagined privacy threats who bleat loudest about supposed online privacy violations.

This is more or less the conclusion of the ISP conducting the research: "...[it seems that] the more that people understood about the risks of online privacy violations, the less concerned they were about them," says the release.

For example, they found that 84 per cent of all respondents (and there were over 1,000) said they would not give away income details online, yet also found that 89% of the those surveyed were willing to do exactly that.

“Our research identified a significant gap between what people say and what they do when it comes to protecting sensitive information online,” was the rather obvious quote written by a faceless PR for the ISP's chief privacy officer.

I rather admire the brazen way in which they carried out this survey. They asked lots of questions about attitudes to privacy, before asking them personal questions such as income. More than 87 per cent of respondents who said they guarded their income details actually gave them away in the second part of the survey.

This is hypocrisy born out of stupidity. I would not be at all surprised if some of the respondents to this survey were the same self-righteous, self-important and self-appointed "privacy campaigners" who whine about Google Street View but are incapable of seeing the true threats to citizens' privacy in the modern age.