In case you're wondering, the missing line says "areyoukiddingmewhatseriously?" It's not my password.
As any celebrity – and certain governments and law firms – will tell you, there are risks as well as benefits in being connected to publicly accessible networks. Individuals and collectives such as Wikileaks, Anonymous and LulzSec have embarrassed the US government, the law firm ACS:Law, and now Scarlett Johannson and Jessica Alba by exposing their private, err, “data” online for public consumption.
This is not a new phenomenon, but still far few of us take data theft and cyber (or “digital”, if the word “cyber” scares you) threats seriously. Perhaps it’s because we don’t really understand them. Hacks happen for different reasons – which is perhaps the best insight into how to prevent them in the first place – different targets experience different damages, and different victims have different tools at their disposal to try to fix what has gone wrong. For example, secretions of government data are often carried out in the name (or at least under the pretense) of civil rights and accountability; disclosures of usernames and passwords, credit card details, and private photos, on the other hand, are often carried out opportunistically to humble a giant or for no more than purient voyeurism.
Rules, regulations and even physical obstacles can only go so far in preventing illegal activity
How would it feel to know that people were listening in on your private conversations and were selling the stories they heard so that you could be targeted with junk mail? Would it make a difference if those conversations, discussing an illness or trying to find comfort after a tragedy, took place remotely, rather than in person?
Well, surprise, surprise, it’s already happening online. The Wall Street Journal has a good article on companies that are collating all the data you are posting online, even the private stuff you put up in password protected areas and thought no-one else but your friends could see, and are selling it to marketing companies. One company has even applied for a patent on a method of uncovering who you really are and linking all of your data, including your “private” posts, together so that the information can fetch a higher price.
The WSJ article looks at some high profile examples of how this is happening. But, scary as it is, the practice itself is old news. Screen-scraping, a way of collating the data on a webpage via a robot, is pervasive and so easy to do. Search engines do it. Price comparison sites do it. I do it (with my own pages). But not everyone is a fan: recently, Ryanair caused controversy by canceling all tickets booked via websites that had “scraped” pricing data from the Ryanair website (see my article here).
Two things about the article struck me. First, there is no mention of copyright infringement, which is surprising given that screen-scraping usually involves the unauthorized copying of protected works. There is only a passing reference to “anti-scraping” laws which exist in some jurisdictions but not others. Second, there is my constant refrain: other people are doing this. Think of all the information that Google has about you, spread across its more than 1,000,000 servers. How does it make you feel to hear the head of Google say: “If you have something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”?
The truth is, many people have unreasonable expectations of privacy when it comes to the Internet. When you post something online, you put it onto a third party server which can be accessed both legitimately and, sadly, illegitimately. As to the legitimate uses, when was the last time you looked at the terms and conditions of any site you uploaded photos, comments, videos or anything else to? Chances are, the site will have taken a right to use your work and to share your data. And with regards to illegitimate access, there’s very little you can do if someone breaks the rules and misuses your content. Do you know, and can you trust, every person who has the ability to access that content?
So when doing anything online you should always bear in mind what sort of information about yourself and others have are putting up for grabs, because some people can make a lot of money by making sure they find it.
If a picture paints a thousand words, and the pen is mightier than the sword, just how dangerous is an iPad?
At first glance, it looks safe enough. From a design point of view, it’s hardly adventurous, looking very much like Dom Joly‘s Trigger Happy iPhone (I think my favorite is at 3mins15seconds, but watch to the end if you can). From a trademark point of view, “iPad” shares obvious conceptual and visual similarities with “iPod” too. And if you’re from the right part of Belfast, the two names might even sound identical…
Most applications now work on the iPod, the iPhone and the iPad, so what’s the big difference?
Well, the big difference is that it’s big and is being used differently. Consider the following.
Whereas the iPod and the iPhone are usually (although by no means exclusively) used in a leisure capacity, the majority of people I have seen using the iPad are doing so in a business capacity, taking down customers’ details or conducting market research in the street and recording names etc. These iPads are therefore very likely to hold commercial levels of sensitive (and therefore valuable) data that can be used by hackers and spammers.
And the size of the iPad, with its bright, clear, visible-from-all-angles screen, makes the risk of inadvertant disclosure of these sensitive details all the more likely. A few years ago I reviewed some new technology for a feature in the Law Society Gazette. As part of the test I was given a 17in widescreen laptop to use on my commute. I found that not only was it cumbersome, but I had real difficulty trying to keep what I was doing confidential. It became impossible for me to review any papers or witness statements since people beside me, behind me and walking past me were all able to read what I was doing. You can read the review here.
So how dangerous is the iPad? Well, if you’re careless about how it is being used, commercial users could easily disclose personal, sensitive data about their customers in the most low-tech of ways: peeping Toms looking over your shoulder. On the other hand, if users are careful then all you have to worry about is whether you’re one of the 114,000 people whose iPad user accounts were compromised by a security breach, although you can take some comfort in the fact that the breach was so bad that the F.B.I. are now involved.
It’s uncommon for stories to keep going for much longer after they’ve hit the front pages, but the recent Google wifi-spying story looks like it’s got the legs to run and run and that it’s nowhere near over yet.
In the most recent development, Google has apparently decided not to hand over all the data to European privacy and information commissioners. Their reasons? They’re blaming “privacy concerns”…
Seems like there’s a bit of a catch-22 going on here: can Google find a way to say that a private company collecting and storing data is lawful, but handing it over to comply with a government’s request is not? Apparently Google have even been given assurances from the state prosecutor, so can a German lawyer help explain what the (legal) problem is?
a criminal investigation into all of this has now begun in Hamburg;
Hong Kong has upped the ante by threatening “sanctions” against Google if they fail to allow their privacy commissioner to inspect the data, referring to Google’s “apparent lack of sincerity”;
the “relatively small amount” of data Google has collected was 600 gigabytes (i.e. over a billion (1,073,741,824) characters of data);
Google has offered to destroy the data, but without allowing data officers to verify their account of what was stored and how “inadvertent” it was.
This looks like it’s going to rumble on for a long time to come and you have to wonder what’s going to come next. One commentator has even gone on record to say that if Google refuses to hand over the data “it will be seen as an act of war” against European data regulators.
I just watched an interesting video about Google and the various markets they have (and/or might have) a finger in. According to the video, Andy Graves, CEO of Intel, says Google is a company “on steroids” with “a finger in every industry”. I’m not sure that the “steroid” analogy is a good one, and the video seems to embellish the facts to make its point, but there is some interesting stuff in here. For example, it was news to me that Google has a venture capital arm and that some of its earliest investments were in biotech and healthcare. I also didn’t know that they are trying to get into generating the electricity needed to power their broadband plans.
I often discuss with others what the privacy implications are of a single company doing all they can to obtain as much information as possible about the “real” me, not just the “me” that I allow into the public domain. According to the video, Eric Schmidt, CEO of Google, recently said:
“If you have something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place” – Eric Schmidt, CEO, Google
This appears to suggest that the default position is that by doing something at all you make your actions public, shareable, sellable and exploitable.
But that is not the way governments treat information, so why should a private, profit-driven company? For example, in the UK the Data Protection Act 1998 places heavy restrictions on how personal data can be used. “Personal data” is defined widely, as “data which relate to a living individual who can be identified (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller [etc]” (section 1(1)). This is a really broad definition and there is nothing to say that the information has to be private in order to be protected; in fact, before information can identify an individual it will usually have to have at least some element of publicity about it.
But even aside from any legislative regime, you don’t need to think too hard to see that the “maybe” in Mr. Schmidt’s statement has to be a very big “maybe”: the person photographed on Google’s Street View entering a clinic to be treated for a condition of which no-one else is aware; the person who has GMail correspondence with their legal adviser; the friends who exchange messages of support on Buzz over a partner’s infidelity; the desire to let courtship flourish between the two of you alone.
With something like 97% of Google’s revenue coming from the sale of adverts for use within their products, they have a strong financial incentive to finding out not just what our peers and social groups like, but who each of us really is as an individual. And they have plenty of means by which they can start building a profile: cell phones (Android); web browers (Chrome); social networking (Buzz, YouTube, Picasa); and email (GMail), to name their most popular products. Privacy issues have been raised with various governmental bodies about Google’s activities and what they do with the data they hold (never mind the implications of simply holding that much data when it could be hacked by an outsider or sold by a rogue employee). In some cases these enquiries are ongoing, and sometimes they go nowhere (and it’s helpful to always keep an open mind when any public entity is the subject of criticism).
The video (which, ironically, is hosted on YouTube) is below. Have a look and see what you think. I’ll post some concluding comments underneath.
As I mentioned above, I do think much of this is exaggerated. But even from a theoretical point of view, two things might be of interest. The first is such a large company, with the power to lobby government (as Google has been increasingly doing), adopting the attitude put forward by Eric Schmidt in relation to the things which I simply “do”. That’s not to say that they are doing anything illegal; it’s just an attitude that I’m not at all comfortable with (and, in case you’re wondering, I don’t have an Android phone and I don’t use Chrome).
The second thing is, actually, a bigger deal, and it’s this: Google’s not the only company with an interest in finding out who we are. They make the headlines as the poster / whipping boy for the search world, but other companies do the same thing (albeit perhaps not in so many areas all at once) and no-one seems to notice that…
So where does that leave ordinary people like you and me? For a start it leaves us with a lot to think about. But one thing is certain: we must acknowledge that whether or not we use a paricular technology, others do, so that everything we say and do and every interaction we have with others has the potential, within a very short space of time, to become information accessible to anyone anywhere in the world.