And Phorm saw that it was good…

Glad to see that this blog’s starting to have a bit of influence. Phorm has taken my advice (see previous post) and has drawn up a list of incentives for customers who opt-in to their Webwise targeted ad service.
Suggestions include:
An upgrade to a faster broadband package at no extra cost
£1 off monthly broadband bills
£1 cashback per month
A cut of advertising revenues
A free premium technical support line
Free music download vouchers
Free anti-virus software
Parental content controls
Donating a sum to charity
(More information here: http://snipurl.com/3xi6t)
My next blog posting will contain details of how to solve the worldwide banking crisis, rid the world of HIV/AIDS and how to achieve a lasting resolution of the Israeli / Palestinian conflict.

An Englishman’s house is his castle. Entrance £5

A few Christmases ago, I was given a fascinating little book in my stocking. It was a facsimile of a booklet given to every American GI posted to Britain during the Second World War.
“Instructions for American Servicemen in Britain” is a wonderful, humane and charming insight into the British character and a revealing portrait of how the Englishman is perceived by his cousins.

For example, under the heading ‘British Reserved, Not Unfriendly’, the book warns that Britons will not strike up a conversation on a busy train because “…[living] on a small, crowded island, the British have learned to guard their privacy carefully.”

Not much has changed since then, has it? Britons are as apt to strike up a conversation with a stranger as the French are to take daily baths. And in the Internet age, with the perceived intrusions into our private lives and threats to our personal data, we’ve learned to guard our privacy even more jealously than before, haven’t we?

Not exactly. A new survey has found that 60 per cent of those questioned were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher.

In return for the voucher, Joe Public happily divulged how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. Almost half of respondents (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

What we learn from all this is that the Englishman, rather than keeping a tighter grip on his privacy than a Scotsman keeps on his wallet, is more than happy to whore out his sensitive private data for a derisorily small pecuniary reward. This has important implications for many in the technology sector.

In this blog I’ve mentioned several companies and services which, fairly or unfairly, have had obloquy heaped upon them by so-called privacy advocates who claim (often in the face of overwhelming evidence to the contrary) that it impinges on their privacy. The answer for these companies is simple: gain consent for a “controversial” new service by offering a small financial enticement. Hell, there are people out there willing to hand over their banking passwords to a clipboard-wielding survey monkey in exchange for a lunch voucher. I’m sure the same people would find “controversial” new technologies much less objectionable if they were given the smallest of incentives.

Road Rage

The British are, we are told with mind-numbing regularity, the most watched people in the world, with more CCTV cameras per head of population in the UK than any other nation in the world. (Though I hear the Chinese are catching up – the city of Shenzen will soon have two million surveillance cameras watching over a population of 12 million.)

Now, I read today in the paper (a real newspaper which you have to buy, like a grown-up) that the police are to expand their car surveillance operation that will allow them to record the details of millions of journeys every day, and to store this data for up to five years.

I don’t have a visceral, knee-jerk antipathy to surveillance cameras. I do find them somewhat creepy and I am concerned about the centralisation of data detailing exactly where I’ve been all day. (Yes, I do have an Oyster card and yes I am aware that this too tracks me.) I’m also concerned about who has access to this data and how it’s used. For example, I’m not particularly impressed with councils using hardcore anti-terrorism legislation to snoop on litter droppers.

But unlike the witless graffiti vandal Banksy, I don’t think all surveillance is a bad idea. Cameras do occasionally help the police to foil a crime in progress; it has been known for CCTV recordings to lead to successful prosecutions in court. I would argue that this is not altogether a bad thing.

I’m sure that the cops’ plan to record 18bn number plates in 2009 will probably help them to solve and prevent more crimes. What I doubt is whether the scheme is proportionate, value for money or safe. If the database goes ahead, it will store a colossal amount of information on the private lives of identifiable individuals. Of course, GCHQ listens to our phone calls and if they cared to they could probably reveal you penchant for dirty phone calls and casual drug use. But they’re spies and are pretty good at keeping hold of information. (Rather too good at keeping hold of information, if the Omagh story is to be believed…)

My point is that before the Home Office implements a new, massive repository of citizens’ data, it must first show that they can be trusted with large amounts of highly sensitive information. Or small amounts, for that matter.

While I don’t necessarily deny a need for the police’s car surveillance plan, I do think the government needs to win the public debate on the need for such surveillance. Whether they will even engage in such a debate on this issue remains to be seen.

Wankster’s Paradise

This week we’ve seen lots of talk about two flashy new browsers that have recently been launched in beta versions. First up, we have the latest iteration of Microsoft’s Internet Explorer, IE8, with which it hopes to gain ground on – among others – Mozilla’s successful Firefox application.

Hot on the heels of Microsoft comes Google’s first foray into the browser market with its own beta, called Chrome. (Chromium is the name of the open-source project which led to its development, for all you curtains-closed bed-sit dwellers out there.)

Of course, both these betas come with spangly new features and functions – higher speeds, more robust security, clearer user interfaces and so forth. It’s a shame, then, that most of the public and press have focused on their respective privacy features: Google’s Incognito and Explorer’s InPrivate modes. When activated, these settings prevent the browser from storing any history information or cookies from websites visited. Inevitably, this has been dubbed “porn mode” by…well, everyone.

Of course, both companies attempted to re-define their “porn modes” with spurious alternative reasons for use. Quote of the week comes from a spokesman for Google who (presumably sticking a needle into his thumb to stop himself from dissolving into giggles) straight-facedly claimed Incognito was “…for times when you want to…plan surprises like gifts or birthdays.”

No – it’s to stop the wife from knowing, rather than merely suspecting, that you look at some of the most repulsive pornography on the web.

Hairy-palmed husbands will no doubt welcome both browsers, as will the latest generation of gangly girl-shy teenagers who still use their parents’ Internet connection.

But will the “porn modes” prevent Microsoft and Google from storing your search terms and IP address? As we know, search engines already store records of who you are (IP address), where you’ve been (URLs) and what you’ve looked for (search terms). What’s to stop, say, Google from identifying you and your browsing behaviour for definitely-not-evil-at-all uses?

Er…nothing. Users who leave Chrome’s auto-suggest feature on and have Google as their default search provider will be giving Google access to any keystrokes that are typed into the browser’s Omnibox, even before they hit enter. Google have been good enough to admit to this: a representative said that that about “two per cent” of the data would be stored along with the IP address of the computer that sent the information.

In theory, that means that if one were merely to type the address of a site into the Omnibox, even without hitting enter one could leave incriminating evidence on Google’s servers.

I’ve got no problem with anyone – website publisher, search engine, browser – knowing where I’ve been. My problem is in them knowing who I am. Since they store IP addresses – and God knows what other personally identifiable information – that’s exactly what they do know.

Google says that turning on the Incognito mode will prevent it from harvesting your search queries alongside your IP address. If that’s true (and why would anyone doubt good-guy-Google’s word?) then the privacy modes could have an audience outside of the dirty mac brigade; I for one.

http://www.theregister.co.uk/2008/09/02/google_chrome_comic_funnies/

Another day, another data loss

This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.
I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.
Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.
The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.
Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.
To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.
On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.
Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.
You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.
The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.
Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…

How to disappear completely?

Another day, another data loss. This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.

I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.

Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.

The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.

Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.

To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.

On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.

Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.

You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.

The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.

Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…

(The full Register article is here, in all its complexity: http://www.theregister.co.uk/2008/09/01/gov_data_standards_arent/)
Posted in Uncategorized Edit No Comments