Originally set for April 2014, the launch of a plan to suck all our private medical data into one central NHS database has been put back six months

NHS-LogoSee NHS database launch plans delayed.

In common with many, many people and organisations, I am not convinced that access to the data will be restricted to bona fide “researchers”, and I am not convinced that the data will be “anonymised” such that I can never be identified.

Furthermore, I am not convinced that the leaflets have been sent out informing us of this new development and telling us how we can opt out. Note, by the way, that the default position is that we are opted in until we take action to opt out. If you do nothing about it then the data that you thought was private between your GP and yourself will be sucked into cyberspace and made available to “researchers”. I have not yet met a single person who has received the leaflet that the NHS claim has been sent to every household in the country. Maybe the information on the leaflet is roughly the same as on this NHS Choices web page on sharing your medical information.

Why don’t I believe that my data will remain anonymous? Two main reasons:

1) The combination of specific items in my medical record could be linked together with other specific items known about me (such as records of purchasing specific drugs/medications from a particular source) so that the possessor of the second set of data items would know the details of my medical record. This is a very real possibility: it’s known as a “jigsaw attack”. The data that the NHS is collecting will be made available to “researchers” including private companies. I think it’s safe to assume that we can take “researchers” to include the global pharmaceutical companies and, possibly, insurance companies.

2) Unless I’m being really dim about this, the “anonymising” of my medical history before it gets uploaded to the NHS database can not possibly be foolproof. The idea is that certain unique pieces of information (such as date of birth, NHS medical number, gender) are used to link together the known details about a specific person’s medical history and this history is then uploaded with a newly generated code instead of the identifiable information (date of birth etc). This is supposed to make the uploaded data “anonymous”. But – and it’s a big “but” – if they are going to maintain an ongoing history of that person then they need to update the information. To do this, they need to know – now and forever – how to link the identifiable pieces of information with the “anonymous” code. That ability to link the person with the “anonymous” data must always exist. If it exists, then it can be exploited and abused.

Filed-RecordsThe idea of creating a huge database of the medical history of the entire nation is great when kept in the abstract. Over time it will yield no end of data that will be incredibly useful for healthcare planning, research on disease development and prevalence, monitoring of health outcomes, and goodness knows what else besides. The problem is that I have no confidence in the NHS being able to keep my data secure. This is further undermined by the way they are going about introducing this :

  • Requiring us to opt out instead of opting in
  • Failing to inform us properly of the plans
  • Failing to inform us properly of the way to opt out

.. and I haven’t even mentioned the NHS record in the past for losing or mishandling our data. This is from The Daily Telegraph:

…NHS statistics, revealed over the weekend, showed that health services were losing or breaching the safety of 2,000 patient records every day. More than 2 million serious data breaches by the NHS have been logged since the start of 2011, the figures reveal, with records dumped in landfill sites, left in shops and even sold on eBay.

NHS-Choices-LogoAm I going to trust these people to take all of the private information about me that has been recorded by my GP, and put it in a central database available to “researchers” (including pharmaceutical companies, insurance companies and hackers, of course)? No way, Pedro. I am not.

As soon as I had written the above, I hied off to my GP surgery to ask them how I can opt out. The nice lady there gave me a copy of a letter attached to a very simple form, that recorded my instruction not to have my data included in the database. I filled it in and gave it back to her. I don’t know who wrote the letter attached to the form, but it states the case so well that I have scanned and uploaded it. You can download it here – NHS-database-Opt-Out

All of this makes me feel very small and almost – but not quite – powerless. Who knows: maybe they will cave in completely and abandon the idea before we reach the postponed start date. The Daily Telegraph (not one of my usual haunts in cyberspace) seems to have got their teeth well into this story. If you are of a mind to investigate further, try this item, in which they summarise the risks v benefits of the NHS patient database.

Just for the record, I am not an NHS basher. I think it’s a wonderful service that we should be proud of, and I am very grateful that it is there for me and for everyone else. I just don’t trust the NHS – or anyone else – to be able to safeguard my medical data if it goes into one huge database floating around in cyberspace and available to private organisations with a financial interest, and all the other cyber rogues who wouldn’t be able to resist a goldmine when they see one.

Oh, and here’s a parting thought: would the American NSA be interested in its contents? I wouldn’t bet against it.

Are our expectations regarding online privacy changing?

I may be wrong about this, but in the last few weeks I seem to have noticed a weary acceptance from many of my clients that online privacy is now known to be a myth, so “why bother trying to keep private information private?”

Large eye through a magnifying glassThis often crops up when I am installing, upgrading, or registering something online on behalf of one of my computer support clients. When it comes to the impertinent questions asked on web forms, I get vaguely embarrassed. I don’t want to ask the client for the information and I don’t want them to give it up to cyberspace. In the past, the client would often ask things such as “what do they want it for?” or “do I have to complete it?”. This has never been universal, of course. There are lots of people whose attitude has always been “I’ve got nothing to hide, so why shouldn’t I give them the information?”

Nevertheless, I do have a feeling that things are changing from two directions:

  • The client now seems to be more likely to say something along the lines of “Why not give it to them. We now know we’re being spied on by our own and other governments, so why try and keep information private now”. And even if they are not overtly aware of it, I think most people have some vague idea that behemoths like Google are pooling together the data they have on us from several sources and using it for ever more sophisticated marketing purposes. It feels as if we’re losing the battle to keep private information private, so why bother trying?
  • The organisations seeking the data seem to be getting cheekier in what they ask. It’s now becoming common for information such as “date of birth” to be compulsory when filling in forms. Why? What possible justification is there for this? It may be very useful for the marketing departments of these organisations to know exactly what “market segments” to place us in, but that’s just for THEIR benefit. It’s not for the user’s benefit. Unless there’s some obvious reason (such as relevance for medical or insurance reasons), I really don’t see why they should be so presumptuous as to INSIST that this information be provided. As I’ve said before, in these situations I just lie.

I was gobsmacked by the sting in the tail of an offer by Dropbox that I came across recently. Regular readers will know that I am a great fan of Dropbox. I have it on all my computers and devices. It means that a huge percentage of my most important data is always available to me wherever I am and whatever computers and devices I happen to have with me. And being just a tad nerdy (?!), I have been happy to go along with Dropbox’s clever marketing strategy whereby they give extra free online storage space for introducing new users (use this link, for example, to gain extra free space when joining Dropbox. If you do, I will also get some more free space.) and for taking part in other promotions. That’s fine. The nerd in me is quite chuffed that my free 2gb Dropbox account has now swelled to 13.8gb.

So, I followed the link when I recently discovered that if I installed an email program called Mailbox on my iPad and then “joined” it to my Dropbox account, I could instantly earn another gigabyte of free online storage. I just couldn’t believe my eyes, though, when I saw the terms and conditions attached to this offer (see figure 1).

Mailbox Permissions Dialog Box

Figure 1. Give Mailbox (owned by Dropbox) access to all my Dropbox data? I think not.

Are they really saying what it seems they are saying? Are they really asking me to give them access to all of the data in my Dropbox account? All the private, business, medical, professional, and random data that is in my supposedly safe, secure account? I’m staggered at the thought of the implications of giving all this personal information away. I’m staggered at the cheek of Dropbox in asking me to do it. I’m yet more staggered at the thought that they wouldn’t have put this cunning plan together unless they thought that at least some of their users would go along with it.

I think I probably need some kind of reality check, because I’m about as staggered as it’s possible to be while still capable of standing. Is it just me? In the article in which I first learned about this wheeze, there was mention of the condition of opening up one’s data, but no expression of surprise, disapproval or anything else.

By the way, I should just add that I know that all of the above behaviour only applies to computer users over the age of forty. Anyone younger than that seems only too happy to spew all their private and personal stuff out online. That will no doubt end, eventually, when it finally sinks in that this is a very bad idea. It will be too late for an entire generation but, hopefully, the following generation will have learned that something said on Facebook at 12 years old may rule them out from a job interview ten years later.

Or have Dropbox got it right? Are we all – young and old – just going to give up on our privacy?

Not me. I can live without another gigabyte of online storage.

Why is our media getting upset by the NSA and not by our own Snoopers Charter?

The recent storm over data privacy – The Guardian 06/06/13 – has not been caused by the US government accessing private data (it does) but by the fact that it has been receiving wholesale, comprehensive data of Verizon customers, sanctioned by a court order that is not specific to suspected wrongdoers. The customers whose privacy has been breached are US customers. Wholesale access to private data is probably illegal in the US just as it is here.

Verizon Logo

Verizon appear to be complying with a secret Court Order demanding that data on all users be continually handed over to the NSA

So why the massive interest over here? Because this has fuelled speculation that the large, global, companies such as Facebook, Google, Microsoft, and Twitter, have also routinely made all their data available to the US Government. If that is the case then UK citizens are, of course, caught up in this illegal data gathering. All of these companies have denied that they have given access to their servers (computers) to the US government, but they acknowledge that they hand over data in accordance with court orders. See this CNet article of 12/06/13.

The twist that this was then given in the UK media is the speculation that the UK Government (in the form of GCHQ) has been the beneficiary of information about UK citizens that may have been illegally obtained by the US government in this way.

It appears that all the pundits and commentators and politicians are wringing their hands and saying how dreadful it is that the US government may be accessing all this data indiscriminately (instead of requesting specific data relating to specific circumstances relevant to national security, terrorism and so on). And yet, in the very same week, we now find that ex Home Secretaries and other political grandees of all stripes and vintages appear to be banding together to back the “Snoopers Charter” here in the UK whereby internet providers will be legally obliged to keep historic records of all our internet activities so that retrospective trawls of all our private data will be possible by our own government. See The Guardian, 13/06/2013.

St Stephen's Tower - not Big Ben!

Will Labour now support the Tories in revivifying the Snoopers Charter?

So, why should we in the UK be condemning the US government for doing what we are not condemning our own government for contemplating? OK, so the US government is probably acting illegally whereas our own government is planning to give themselves permission first. But that doesn’t make any real difference. The result is still the same: both governments are giving themselves permission one way or another to snoop on ALL of us – every single one of us – who uses the internet or (in the case of Verizon) telephone services.

By the way, time and time again in the last couple of weeks I have heard politicians and commentators refer to the likes of Google, Facebook, Twitter, and Microsoft as “internet providers”. They are not internet providers. It gives me a queasy feeling to hear the most politically powerful people make such fundamental errors. Have they any grasp at all of what they are talking about?

“Internet providers” are the companies responsible for providing the service that gives us access to the internet – eg British Telecom, Talk Talk, PlusNet, Zen. All of the data that makes up our online activity passes through these providers’ servers (computers). It is this data that our government is seeking to make the internet providers keep and store (at their own expense) so that our government can retrospectively spy on us. This is the essence of the Data Communications Bill (commonly known as the Snoopers Charter).

In contrast to internet providers, Google, Facebook, et al are providers of specific programs and services. As a necessary part of providing those services they collect, and sometimes store, the data that we give them. They do this legally and in accordance with the EULA (End User Licence Agreement) that we all fail to read when we sign up to a new online service. It is this sort of data that governments both here and in the US can request by a legal process in specific circumstances, but which the US government is now suspected of gobbling up indiscriminately.

Nick Clegg

Nick Clegg – opposes the Snoopers Charter

In the long run, the outcome is the same in that the government can cause data to be stored and made available for analysis by the authorities at any time in the future. OK, this week they may be looking for ramifications to the murder in Woolwich a few weeks ago, but who is to say that next month or year they may not start searching for, say, protestors against Boris Island (assuming that Boris will continue his crusade when he becomes PM), or trades unionists, or people with ginger hair, or anyone else that the government of the day deems to be “a threat”.

If you agree with this increased surveillance by the state, then that is your right. On the other hand, if you are worried about the recent revelations in the US then you should also be worried about the Snoopers Charter. My own opinion is that giving a hostage to fortune by blurting it all out on Facebook or Twitter is just a tiny part of the trouble that we are, literally, storing up for the future if the Snoopers Charter becomes law.

I was recently setting up a new computer for a client, and kept seeing Google ads relating to a particular theme

There was nothing wrong with the theme, but it did relate to something highly personal, and I wondered if the client realised that this gave an indication of something that had clearly been on her mind recently. I do realise – and appreciate – that my computer clients place trust in me with respect to the parts of their data that I can’t help seeing, but there must be many things that we treat as belonging very much to our private sphere that are now “leaking out” into a more public space. Even within the confines of her own home, this client may have preferred other members of her family, for instance, not to know what had been on her mind recently.

As time goes on, this sort “leaking” or “bleeding” of our private pre-occupations into wider domains is likely to increase, thanks to computers and the internet. I know I’ve banged on about this kind of thing before, but this incident set me to thinking about how all this tracking and information-gathering may change us as humans and society as a whole.

Paris Brown

Paris Brown – lost her job before it had started, thanks to things said on Twitter years earlier.

I hear that there is now software available that analyses the language used on Facebook pages and comes to conclusions about likely personality traits of the page’s owner based upon the actual words they have used. Unfortunately, I couldn’t find any, but I’m not going to let that get in the way of a good story! Assuming it’s true though, (or soon will be), how do people working in HR feel about using such tools for candidate selection? How do the people analysed feel? I don’t know. I do know that I wouldn’t like it happening to me. Are potential job seekers being more circumspect on Facebook since the highly publicised case of the Youth Commissioner losing her job before she’d even started because of some rash statements a lot earlier on her Facebook page? I do know that there are people earning a living by “cleaning up people’s online reputation”, but I suspect that the average computer user is still way behind in appreciating just how much information they are giving away and how this is being used.

George Orwell

George Orwell

Modern internet browsers come with a setting called “Do Not Track”. It is hoped that the writers of the software that tracks our movements around cyberspace will honour our expressed preference not to be tracked, but it’s too early to say how many will be honourable in this way. In the meantime, tracking software can follow us around cyberpace and build its own pictures of who we are, what we care about, what motivates us into action, and so on.

George Orwell predicted our being watched by technology, of course, in his novel 1984. The motivation he ascribed was political control. The way things are going, we will achieve the same results but the motivation will be money and we will have sleep-walked into it because we want a free internet. Once collected, the data can then be used by others who can claim legitimacy to see it. For example, the police can already access our recent travel history if we use an Oystercard.

The Hardy Tree

The Hardy Tree

Thomas Hardy was mindful, while writing the Wessex Novels, that he was recording a way of life that was soon to be ended by the advent of the railways. The communities about which he wrote would soon no longer be self-contained: they would be joined to everyone and everywhere else by the railway. I dare say he had a lot of time to ponder the implications of the coming railway as he worked as a surveyor before becoming a full-time writer and was responsible for overseeing the proper re-location of bodies in St Pancras Churchyard to make way for the coming railway. On a side-note, many of the gravestones were temporarily re-located around a tree and have been left there for so long that the tree has grown into them. This is now known as the Hardy Tree. The church and churchyard are also noteworthy for other reasons.

Is the internet doing exactly the same thing as the railways but on a global scale and at a much deeper level? Will it change the way we see ourselves and behave as individual humans? I don’t know. Personally, I shudder at the thought of the loss of privacy and independence that all of this portends, but, on the other hand, I’m sure that we are all creatures of our own time and grow up embracing the realities of the world that we see at the time. Even if it does change us as humans, we’ll probably just accept change as it happens, and crusty old antedeluvians like me will continue to tut and say “where will it all end”. “you wouldn’t get me in one of those” and “it’ll end in tears”.

PS: for an irony of publishing in the digital age, see this link on how Amazon disappeared 1984 from countless Kindles

Passwords (again), silly Twits, and more…

Test Your Passwords

Click here for a link to a Microsoft page that tests the strength of your passwords. Yes, I know I’ve given a link to a site like this before. I don’t apologise because I’ve seen how much upset can be caused by a malicious person guessing a client’s password. See this blog on the subject of stolen Gmail passwords, for instance. Even if you don’t change any existing passwords, please use strong ones in the future. In the meantime, find out how good that one password (that you use for everything!) actually is – or not.

A Plug for Low Cost Names

The LCN (Low Cost Names) logoIf you find yourself wanting to register a web domain, then I definitely recommend doing it with LCN. I’ve been using them for years and never had a problem, but hadn’t realised before just how good an example they set in communication and online support. This week I needed to register a domain for some testing I was doing. I needed to speak with someone and was very pleased to find that they prominently publish their telephone number on their website. Not only that, it is a normal, non-premium, UK landline number. Even better, the normally-elusive technical support people were available from option number one on their automated telephone menu system. Then they told me how many were in the queue before me. Then, within a minute or so, they answered me with a knowledgeable, UK-based adviser. That’s the way to do it!

Who Said You Could Share My Data?

Twitter and Linked In Logos merged together

Is it just a coincidence how snugly the Twitter and Linked In logos merge together?

I was rather miffed last week to receive an email from Twitter suggesting people that I might like to “follow”. Apart from the fact that I’m perfectly capable of deciding for myself whether my life is so empty that I want to fill it by “following” anybody (it isn’t and I don’t), I was annoyed by the unsolicited intrusion into my inbox and by the fact that two out of the three suggestions were people who had figured in my Linked In connections (one of whom I had deleted). I hadn’t realised before that Twitter and Linked In were connected and I certainly hadn’t knowingly given them permission to share information with each other. When I looked at the privacy policy of Twitter I learned:

Links: Twitter may keep track of how you interact with links across our Services, including our email notifications, third-party services, and client applications, by redirecting clicks or through other means. We do this to help improve our Services……

Well, I for one do not consider sharing data this way and then sending me unsolicited emails to be “improving…. services”. Instead, it just reminds me of some of my worst nightmares of these large organisations sharing more and more data amongst themselves, and then coming to computer-generated conclusions about who I am and what I want.

And still on the subject of Twitter…

Screen grab from Don't Blame FacebookDid you see the Channel 4 programme last week called “Don’t Blame Facebook”? It told tales of how injudicious tweeting and posting on social network sites can cause unforeseen problems. It’s amazing just how shortsighted and, frankly, stupid people can be in giving away too much information on these sites. Nevertheless, even I had to feel sorry for the the couple who were refused entry into the USA and sent back home without having their holiday just because of the paranoia of the spooks who monitor everything that is shared on Twitter. Apparently, the male half of the couple had tweeted that he intended to “..destroy the US” while on holiday. He just meant he was going to have some fun, and maybe a drink or two. Nevertheless, they were stopped by the US border guards on their way in, spent a while in jail, and then returned to the UK.

At the time of writing, you can still watch the programme “Don’t Blame Facebook” by clicking here.

The latest version of Chrome allows you to request that websites do not track which other sites you have visited

Homburg and binocularsIn my blog post of 12/08/12 – “What is “Do Not Track“”, I wrote that Chrome does not support “Do Not Track”. Well. they have now included it in the latest version of the browser. This is version 23.

To find out whether you have the latest version of Chrome:

  • Click on the “settings” button. It looks like this:
    Chrome Settings Button

    Chrome Settings Button

  • Click on the “About Google Chrome” option on the menu that pops up:
    Chrome Settings Menu

    Chrome Settings Menu

    Continue reading »

Are you happy for organisations to be logging which websites you visit?

You might assume that if you visit one website and then a completely different (and seemingly unrelated) one, there is no connection between the two and that neither of them would know about your visit to the other.

Homburg and binocularsAfter all, if you walked into one shop and then another, it would never cross your mind that your movements were being tracked. If you thought about it at length then it wouldn’t be difficult to work out that marketing people at John Lewis could tell if you’d bought something at Peter Jones in Sloane Square and then gone to Oxford Street and bought something at John Lewis. If you use the same credit card in both stores then they could work it out as they are the same company. If you didn’t want them to make the connection then you could have paid in cash.

Suppose, though, that you’ve merely walked in and out of HMV in Oxford Street (without even buying anything), and then yomped off to Muji in Whiteleys. You wouldn’t expect them to know in Muji that you’d just been in HMV (as far as I know they wouldn’t, so let’s not go overboard with the paranoia).

But that can happen in cyberspace. If a piece of software on one website has recorded your visit (on your own computer!), then a different website can access that information if the same software is installed on the second website as well as the first. The information is stored on your own computer in a small file called a “cookie”. I congratulate the inventor of that word for a magnificent piece of doublespeak. The word “cookie” conjures up ideas of pleasure, treats, sugar hits. The reality, though, is that a cookie is simply a text file containing information about a visit to a website.

Anyway, there is a growing unease about the way that far more information is being recorded about our web habits than we are aware of. This is why the EU introduced the badly-thought out “Cookie Law“.

Apart from the Cookie Law, a method is now being built into web browsers (Internet Explorer, Firefox, Chrome, Safari, etc) whereby we can state our wishes as to whether websites track our activity in this way. The theory is that this preference is then sent by the browser back to the website that we are visiting and that the website then behaves accordingly. This expression of preference is being called “Do Not Track”.

There are, however, a few rather nasty big flies in the ointment:

  • There is no agreement as to what “tracking” means.
  • Most websites don’t take any notice of the stated preference.
  • There is no rule or law that forces the website to take any notice.

Hmm…

The possible definitions of “tracking” could, for instance, embrace these ideas:

  • Do not track what I do on a website that can provide information for targeting me with advertising (eg I’m male, interested in books, and live in London).
  • Do not track the different sites that I visit (as this could allow inferences to be made about my behaviour, preferences etc).
  • Do not even track my movements within one site (eg which pages did I visit, in what order, and how long did I spend on each page).

BloodhoundThe World Wide Web Consortium (W3C) is currently thrashing out the details of a standard agreement as to what tracking actually means. When that has been finalised there is likely to be legislation requiring websites to conform to the tracking preferences of website visitors.

At the moment, though, even if you are using a browser that enables you to set a preference for DNT (“do not track”) then it’s probably not switched on. In the next version of Internet Explorer (version 10) it will be switched on by default. In the meantime, Microsoft have published a web page that tells you whether the browser that you are using (and its version) includes the feature to request “DNT”.

If you visit this Microsoft page on Do Not Track, it will tell you if the browser you are using supports DNT and whether it is on. If your browser is IE9, for example, it will show that DNT is “supported”. Assuming that you are using Internet Explorer 9 to access this web page, you can then follow the instructions further down the same page to “express your preference not to be tracked in IE9″. Nothing will seem to happen when you do this. However, if you then hit the F5 button (which causes the screen to be refreshed) then you will see that it is now saying that DNT is “detected” rather than supported. This means that “DNT” is now switched on.

In other browsers:

  • If you are running IE8 with Vista or Windows 7 then it’s a good idea to upgrade to IE9. That option is not available if you are running Windows XP. IE8 does not support DNT.
  • To turn on DNT in the latest version of Firefox, go to Options, Privacy pane, and tick the box as illustrated.
  • Chrome doesn’t currently offer DNT.
  • In Safari, open Preferences, then Privacy, then tick the box next to “Ask websites not to track me”.
Firefox "Do Not Track" Control

The “Do Not Track” setting in Firefox

Despite all the shortcomings listed above, it wouldn’t do any harm to set your preference if you don’t want to be tracked.

The so-called “Cookie Law” came into effect on 26/05/2012.

EU stars inside a cookieSo, what are cookies? They are small text files placed on your computer by the website you are viewing. They are used by the owners of that website for various purposes:

  • Analysing their web visitors and what they do on the site.
  • Managing on-line shops (eg, remembering what’s in a visitor’s “shopping basket”).
  • Personalising the way the visitor sees the website (remembering preferences).
  • Tracking the online behaviour of the visitor to target advertising.

And what is the new law about?

It says that a website must seek “informed consent” before placing cookies on a visitor’s computer. This implies that the site must explain what cookies it sets and what their uses are (to ensure that the consent is “informed”), and that the user must agree to the cookies being placed (the “consent” part).

How will websites comply?

Aah, now it gets difficult. It’s been estimated that only about 5% of sites that need to comply have done anything about it. This is probably because no-one wants to use the most obvious solution. This is the introduction of a popup window explaining about consent and requiring the user to click on a button, thereby granting consent to place cookies. It would seem that everyone is watching everyone else to see who comes up with a better way of dealing with this.

And why is it stupid?

It will alienate web visitors rather than help them. They have to click to confirm acceptance of cookies EVERY TIME they visit a site. This, of course, could be repeated dozens of times a day as the visitor goes to different sites.

It’s about as blunt a tool as you can imagine. You won’t get to choose which type of cookies you accept or what the website can do with your cookies or anything like that. It’s simply a question of the website saying (in effect) “if you want to use this website you’ll have to agree to accept ALL the cookies I place on your computer”.

No-one’s going to take the slightest bit of notice of the information that websites will have to provide to ensure that consent is “informed”. Do you EVER read the “terms and conditions” that you have to agree to before you can install/update software? Of course not. It won’t be any different with information about cookies.

There are better ways of dealing with the privacy issues connected with cookies. Settings in the browser (Internet Explorer, Firefox etc) are better placed to deal with cookies in a way that suits the individual user (eg, by deleting all cookies when the browser is closed, denying acceptance of “third party” cookies, etc).

A cartoon of an ass (donkey)Even the authorities appear to think it’s stupid

The government has said that their own websites do not conform.

The ICO (Information Commissioners Office) is responsible for enforcing the new law, but even they appear to be saying “don’t blame us, it’s not our fault” when they say “The Information Commissioner is responsible for enforcing the law, and can’t change the legislation which was passed by the EU, and later implemented by the Department for Culture, Media and Sport (DCMS).” (source).

There is evidence that the government is already trying to wriggle out of having to enforce this law by suggesting that all that websites need to do is rely on the idea of “implied consent” – ie, all the website owners have to do is – nothing. The ICO site says “Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.” The ICO guidance booklet states that “implied consent” can be inferred from the mere act of visiting a website and moving from page to page! Honestly. I kid you not. Page 7 says “For implied consent to work there has to be some action taken by the consenting individual from which their consent can be inferred. This might for example be visiting a website, moving from one page to another or clicking on a particular button. The key point, however, is that when taking this action the individual has to have a reasonable understanding that by doing so they are agreeing to cookies being set. “ Duh!

See this Guardian article for further information on implied consent.

Conclusion: Like almost everyone else, I am not rushing into ruining my website by forcing visitors to respond to popup messages. I am recommending to my own computer clients that they don’t spend time and money making their own websites compliant at the moment as the ICO have made it clear that they are not going to be fining anyone in the forseeable future.

If you get annoyed by such popups on other sites, please have some sympathy for the site owner: they’re just trying to conform to a stupid law introduced by the same government that brought us Pastygate!

And just in case you’re inclined to defend this law by saying it’s only the UK enactment of an EU Directive, then I suggest reading the Guardian article referred to above: it appears that the rest of Europe is not taking this Directive seriously.

Here’s an online petition calling for the scrapping of the cookie law.

I realise that I do go on a bit about what I see as the dangers of Facebook, but, while acknowledging that fact, I don’t apologise for it. This week I spotted something that is not directly Facebook’s fault, but is a consequence of collecting all that personal data about people’s lives, thoughts, beliefs, actions, and which is surely a gross misuse of that data. Click here for the full article, but here’s a precis:

Young person through a magnifying glass with a superimposed Facebook logoUS colleges and even government departments are more-or-less forcing students and job applicants to open up the most private data in their Facebook accounts to prying, official, eyes. They do not need hacking techniques to get into the accounts on the quiet (although I’m sure such techniques exist and are available to any organisation that wants them enough). Instead, they just use bullying tactics – such as forcing a job applicant to open up their Facebook account in front of the interviewer, or making it a condition of application that a student “befriends” a snoop paid by the college to spy on students via their Facebook accounts.

If I ever try to have a conversation about online privacy to anyone under about 30 years old they just think I’m insane. They “don’t get it”. They can’t see why it’s potentially a bad thing to trust your most personal secrets to websites over which you have no control. Well, surely no-one can be oblivious to the threat to personal liberty that’s obvious in the tactics described here.

It’s easy to say “that’s in the USA, it wouldn’t happen here”, but why wouldn’t it? The way I see it is that the very fact that all this data exists constitutes a threat in itself. There are bound to be people out there keen to exploit the power that is latent in the data itself. I doubt very much that people on the receiving end of such bullying could plausibly deny that they have a Facebook account, so what are they to do?

One of the positions often taken by people who don’t care about personal privacy online is to shrug their shoulders and say “I’ve got nothing to hide. I don’t care what people see”. To my mind, that’s an attitude taken by people who haven’t thought it through. We all present different facets of ourselves to different people in different situations. Imagine a typical eighteen year old enjoying herself on an evening out with friends. She is doing nothing wrong, nothing to be ashamed of, nothing to “get found out about”. Nevertheless, would that eighteen year old feel comfortable if she thought that an authority figure such as a parent, teacher, employer, or policeman, could listen in to every word of every conversation, record it, replay it, analyse it? In effect, that’s the kind of thing that’s happening if people are being bullied or forced into opening their Facebook accounts to authority figures with no right to be there.

Most of my computer support clients are more likely to be the parents of such bullying victims rather than the victims themselves, but maybe that makes this topic more – rather than less – relevant to you. Here’s that link again.

And remember what they say – just because you are paranoid doesn’t mean they’re not out to get you!

© 2011-2014 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha