The Human Factor

There are some pretty thankless jobs out there, several of which we at Data Grub have experienced directly. And, while it can't match the indignity of chicken sexing or the sheer slog of meter reading, working in a bank comes pretty high up the list of crap jobs.

(Obviously, we're talking about working behind the counter of a high street retail bank. The "master of the universe" type banking jobs - with its private jets, champagne, corporate boxes and complete lack of conscience - sounds quite a laugh.)

What's so bad about working in a bank? Well, aside from the constant pressure to sell massive amounts of debt to the sort of people who shouldn't be trusted with real cutlery, there's also the Data Protection Act to deal with. Banks workers have to watch an achingly-bad training video - which looked dated when it was made in 1998 - about the Act, and how to stay on the right side of the law with regards to customers' data.

No doubt this is a video that'll get dusted down and rewatched by the staff of HSBC, after the bank was fined a mammoth £3 million by the FSA yesterday for taking a laughably cavalier attitude towards customers' personal data.

Another depressingly familiar story of data loss, sure, but it did remind us of that lame old video, in which a harrassed data protection officer pours out his worries about the new Act to a psychiatrist. At one point, the shrink tries to calm him down by saying: "It's really just a matter of common sense."

Quite. Unfortunately, the global supply of common sense has been waning since around 1860, and it's currently rarer than platinum.

But ultimately, it's humans who have the biggest bearing on whether a company successfully fulfills its data protection requirement. With all the talk of encryption, virtual private networks, network and site security, it's easy to forget that technology is only as useful as the human operating it - or forgetting to. Organisations spend time and money communicating their privacy policies; here at Data Grub we'd like to see organisations showing exactly what steps they are taking to ensure that their employees are following best practice at all times. People as a rule are pretty stupid, but when there's a corporate culture of sound data protection processes this cuts regrettable incidents to a minimum. And, with data loss stories in the media almost every week, there's also a business case for having a public and comprehensive data protection policy, in the same way as firms boast about their CSR credentials.

Anything to declare?

Ah, America! The world's brightest beacon of democracy and freedom; the New World of limitless opportunity, where hard work and fair play are rewarded with the fabulous bounties of the American Dream.

And who can forget that America was built upon the exertions and human capital of the millions of immigrants - themselves often refugees from war, slavery and famine?

Modern day arrivals in the USA have a slightly different experience from these pioneering immigrants. Gone are the humiliating medical inspections, where those suspected of illness and physical defects were marked with chalk symbols. Instead, visitors are subjected to a terrifying ordeal of interrogation by customs officials, including such charmingly naive questions as "Is it your intention to overthrow the government of the United States?" (WS Gilbert famously answered: "Sole purpose of visit".)

But now it's not just fearsome feds with sunglasses and ear pieces that travellers have to worry about: they could risk having their personal data compromised, including fingerprints, employment history and credit information.

It all stems from a company called Clear, which used to speed its customers through customs for an annual payment of $200. To do this, they asked their customers for the personal data that customs officials need to know about travellers. A quarter of a million customers signed up to Clear's service and, for a while, enjoyed VIP treatment at US airports, being rushed through customs and immigration while the plebs queued and sweated.

Unfortunately, Clear shut down its operations last week, and the fate of customers' personal data hangs in the balance. What's interesting is that the company says that it will continue to hold onto this sensitive information, which could still be used by another Register Traveller programme. In other words, the data is a business asset that could be parcelled up and sold on to another firm - as long as that company is in the same line of business.

This is proof - if proof be needed - that personal data is no nothing more than another commodity to be bought and sold. It's worth noting that Clear's privacy policy states that "We do not sell or give lists or compilations of the personal information of our members or applicants to any business or non-profit organization." Unless, that is, we go bust.

We've noted before that companies often rely on burying objectionable practices deep within their Terms and Conditions, but if bankruptcy means companies can ignore their own privacy policies, that's a huge blow to data protection. Even if Clear's successor abides by the most stringent data protection policies, the transfer of such large amounts of sensitive information from one organisation to another is a fraudster's paradise, with plenty of opportunity for data to go missing.

Google fails

Congratulations students of the globe! For anyone from the ages of 5 to 15 can enjoy Google’s new attempt at structured data search: Google Squared. And that’s presumably the only group of people that would ever consider using it. Remember when you were eight and your teacher asked you to make a pretty table on British Monarchy with all the monarchs of Britain including their children, spouses and important dates? How you pored over huge encyclopaedias to get all the information? Well, Google Squared officially heralds the end of early education as all these tasks are completed in a matter of seconds for our burgeoning historians and other putative scientists.

If only it were that easy. Just as Babel Fish translate could only ever get a student 12/20 on French translation homework after its launch all those years ago, Google Squared fails to achieve… well anything it’s going for really. A search for the British Monarchy in an attempt to tabulate a chronological factfile brings up a table with the following order – George VI, George II, George V. The genius that is Squared then goes off on a little jaunt that includes the Act of the Union, the Irish Free State, Buckingham Palace and the House of Orange. This just gets embarrassing: the picture accompanying the House of Orange? Why of course! Its Gemma Arterton arriving for the ‘Orange’ BAFTAs at the Royal Opera ‘House’. This is surely Google gone mad. Actually we shouldn’t really be surprised; to be fair to Google, nowadays the Bond Girl must get more hits than the Dutch royals.

It’s rather life affirming to know that even the great god Google isn’t completely infallible. This is an exciting day indeed. This revelation is like those wonderful moments when that beautiful woman who walks like she is better than everyone else trips and falls flat on her face on Oxford Street. At the Christmas Light switch on. On the podium. And the woman is Kate Moss.

One must presumably conclude that the only reason Google released this in such an awkward condition was to distract attention from somewhere else: another attempt to make searching intelligent recently arrived in the form of Wolfram Alpha, the computational knowledge engine. It proclaims to ‘generate output by doing computations from its own internal knowledge base, instead of searching the web and returning links.’ This means, instead of producing lists of useless links or grids of questionable information, it creates pages to answer your search, to the best of its ability. When asked, ‘How many roads must a man walk down before you can call him a man?’, the clever engine replies, ‘The answer, my friend, is blowin' in the wind. (according to Bob Dylan).’ Indeed.

The lady's for turning

We've taken the odd swipe at Jacqui Smith over the last few months, so it only seems fair to applaud her decision to scrap the Home Office's planned über-database of communications data.

The database would have collected data on all electronic correspondence, such as the time, date and length of communication (and, of course, who contacted whom).

Humble Jacqui said that she recognised the public's concerns that a giant database would be a further step toward a surveillance society. And, in a nice little turn of phrase, she said, "To be clear, there are absolutely no plans for a single store."

No longer any plans, Jacqui, no longer.

Of course the cynics will say that Labour couldn't possibly get away with ploughing hundreds of millions of pounds into a deeply un-popular government IT project in light of last week's austerity budget.

We couldn't possibly comment.

Anyway, the upshot of all this is that ISPs are now responsible for intercepting and storing the data that crosses their networks. To this end, the Home Office have earmarked £2 billion to help ISPs to expand their storage capabilities.

Mobile and fixed line operators will be required to process and link the data together to build complete profiles of every UK internet user's online activity. Police and the intelligence services would then access the profiles, which will be stored for 12 months, on a case-by-case basis.

Don't be surprised if even this plan is quietly dropped by the Conservatives after the 2010 election.

A final point - John Reid, the frankly terrifying former Home Secretary, argues in an opinion piece today that communications data is vital to identifying serious criminals. In his short but predictably manipulative piece, he kicks off with a tear-jerker about a murdered 17 year old whose killers were brought to justice by communications data. This, he says, happened in 2007.

So you see, Reid shoots himself in the foot before he's reached the end of his first paragraph, by showing that police then already had adequate access to communications data.

He then comes up with a classic piece of patronising lip service: "Used in the right way, and subject to important safeguards, communications data can play a critical role in keeping us safe."

Presumably, these would be the safeguards that ensured only 36,989,300 pieces of personal information were lost by the government in 2008. As for using it in the right way, it's as if he hadn't heard of the scandal of local authorities using the RIPA legislation to spy on dog fouling and catchment areas.

If we really do need a giant central database, they'll need to do a lot better than this to convince the public.

Facebook moves the goalposts

This week we've heard more rumblings of discontent from Facebook users - they're unhappy that the social networking site has moved the goalposts over the much-hyped "user vote" on changing Facebook's Terms and Conditions.

The story first emerged last February, when Facebook casually mentioned that it had granted itself a licence to all its users' content in perpetuity, even if they deleted their account. Cue a predictable collective wailing and gnashing of teeth from millions of users who, almost by definition, are pretty clued up on the web.

The backlash prompted a partial backdown from Facebook, who attempted to mollify its members by saying that it would agree to drop the proposal if 25 per cent of users voted against.

This week, that threshold has quietly been raised to 30 per cent. What's more, a significant number of Facebook users have been disenfranchised by the decision to allow votes only from those who've used their accounts in the last thirty days.

Simon Davies of Privacy International is so confident that the 30 per cent threshold won't be achieved that he's promised to eat his shorts if he's wrong. (As if there wasn't already a good enough reason to get voting - Ed.)

At the time of writing, 73.11% of respondents have voted against Mark's Terms of Use, but unfortunately "only" 284,473 have voted in total - barely a tenth of one per cent of Facebook's 200 million regular users.

So Zuckerberg is really expecting 60 million users to vote? And isn't he concerned that the respondents, while still so "few", should be so overwhelmingly opposed to his plan?

Here at Data Grub, we're rather disappointed with the preternaturally young Facebook CEO. Changing the rules like this is pretty childish, after all, and we reckon he could do much better.

Zuckerberg really needs to take lessons from a master manipulator, such as the late Saddam Hussein or even the Dear Leader Kim Jong-il himself. We'd love to see the People's Democratic Republic of Facebook announce that 99.8% of members had voted in favour of the rule change, on a 100% turnout.

Read Zuckerberg's plans for Facebook here.

Construction firms to mount the scaffold?

The information commissioner Richard Thomas has come down like a ton of bricks on a group of British builders who allegedly bought secret personal data about potential employees.

Construction companies Balfour Beatty, Sir Robert MacAlpine, Laing O'Rourke and Costain are among those alleged to have bought data about workers' trade union activities from one Kerr, Ian, operator of the shadowy-named "Consultancy Association".

Kerr has apparently spent 15 years amassing an "extensive intelligence database" of thousands of construction workers with details of union activities stretching back to the 1980s. Samples of comments on these workers include: "Poor timekeeper, will cause trouble, strong TU [trade union]"; "Sleeper, should be watched"; and, simply, "Do not touch!".

Workers could not challenge inaccurate information because the information was held without their knowledge or consent.

Richard Thomas says that more than 40 construction companies paid Kerr a retainer of £3,000 a year for his "consultancy services", with a further fixed fee for each worker they wanted checked.

The good news is that officials from the Information Commissioner's Office (ICO) raided Kerr's office and removed the entire contents of the database, as well as invoices - up to a value of £7,500 - from companies in the construction business.

Steve Acheson, an electrician from somewhere north of Watford, believes he was one of the workers on the database, and that this was behind the fact that he's only had 36 weeks' employment in the past nine years. "It affects your character and demeanour," he said. "I'm hoping that because of this brilliant success I'll be able to get my family life back and it will open the doors for me and others to get back to work."

Of course, this is all still sub judice, but the commissioner will be bringing a prosecution against Kerr. We'll keep you posted.

Data Grub is sure that Mr Kerr will be found innocent, because we cannot believe that anyone would be capable of such repugnantly unethical behaviour as robbing people of their livelihoods for personal profit.

(We should point out that some of the construction firms, including Laing O'Rourke and Morgan Est, say that they "inherited" payments to Kerr after they had bought up other constuction companies, and have since ceased paying him. Data Grub.)

IAB's Guide To Good Behaviour

We're pleased to see that the Internet Advertising Bureau (IAB), the trade body for online advertisers, has finally launched its Good Practice Principles for behavioural advertising.

Drawn up in collaboration with companies like Google, Phorm and NebuAd, the IAB's best practice guide is, remarkably, the first set of self-regulatory guidelines to set good practice for companies that use users' online browsing behaviour to target ads that are relevant to individual users' interests.

An accompanying website, http://www.youronlinechoices.co.uk/, will help consumers to understand what online behavioural advertising does and (crucially) doesn't do.

The core of the Principles is formed by three commitments: Notice, where companies that collect online data must inform users that data is being collected; Choice, which says that companies must provide an opt-out; and Education, whereby they must let consumers know exactly how the information is being used and how they can opt out.

And not before time, think we. The debate surrounding online behavioural advertising has for too long been dominated by single-issue campaigners relying on hearsay, misrepresentation and misinformation to argue that behavioural targeting infringes individuals' online privacy.

That's not to say that some developments (not least BT's secret and most-probably illegal trials of Phorm's Webwise technology without users' knowledge or consent) haven't done real damage to the industry in the eyes of the general public.

That's why we welcome the IAB's Good Practice Principles which, as well as advising on best practice approaches to online behavioural targeting, provide consumers with the information they need to make an informed decision about whether they want to take part in any new service.

The Information Commissioner's Office (ICO) have voiced their support, saying that 'a joined-up approach to promoting transparency, choice and education makes good sense.'

Getting the thumbs up from the ICO, who know their stuff, is one thing; changing the public's perception of online behavioural targeting is quite another, especially given the bad press that it's garnered over the last couple of years. Whether or not it succeeds in its aim of educating the public about behavioural targeting, the code of conduct is certainly a step in the right direction for the industry.

Taken along with another piece of recent news, we could be seeing something of a fightback from the targeted ad industry. Last week, Phorm unleashed its lawyers on Which?, which had published a press release highlighting opposition to their service. Nothing very surprising there, except that following the legal intervention, Which? immediately pulled the offending release from its website (though not before the story had been covered in several publications). It seems that some of the information in the release was inaccurate enough to be defamatory; Which? is now "working with Phorm" to correct the release.

If consumer champions and all-round experts Which? can't get its facts right, what hope for your average Internet user? That's one reason, at least, to welcome the IAB's new code of practice.