Tag Archives: GDPR

EU fart bit, Google Fit Bit

Yes, we leap left, we leap right and as we see options for choice, we also see options for neglect. In Reuters we see “Google’s parent company Alphabet agreed a $2.1bn (£1.6bn) takeover of the wearable tech firm last year. However, the deal has yet to be completed”, we see that at https://www.bbc.com/news/technology-53647570, and as we see the BBC article, we wonder about a lot more. Yes we acknowledge “While the European Commission has said its main concern is the “data advantage” Google will gain to serve increasingly personalised ads via its search page”, and in the matter of investigations we see:

  • The effects of the merger on Europe’s nascent digital healthcare sector
  • Whether Google would have the means and ability to make it more difficult for rival wearables to work with its Android operating system.

From there there are two paths, for me personally the first one is Competition Commissioner Margrethe Vestager, to be honest, I do not trust her. I will admit right off the bat that this is personal, but her deal relying on what was requires her to get a win, any win. The setting is founded on “officials acknowledge that the EU’s competition enforcer faces hard choices after judges moved to quash her order for the US tech company to pay back €14.3bn in taxes to Ireland”, which was a juridical choice, but in all this she needs a win and I reckon she will do whatever er she can to get any of the FAANG group. For the most I would be on her side in the tax case, but on the other side the entire sweep of the Google Fitbit leaves me with questions.

The first point is on ‘effects of the merger’, so how is this in regards to the Apple Smart Watch, the Huawei smart watch (android), and a few other versions, how much investigation did Apple get? How much concern is there for Huawei? Then we see the second part ‘Whether Google would have the means and ability’, it is not a wrong position for Margrethe Vestager to take, but as he does it upfront, in light of the EU inactions regarding IBM and Microsoft, it seems weird that this happens upfront now (well to me it does). And as we see ‘difficult for rival wearables to work with its Android operating system’ I see Huawei and the solutions they have, Android solutions no less, so why is Google the problem? 

Then there are two other parts. The first one is “Analysts suggested part of the attraction for Google was the fact that Fitbit had formed partnerships with several insurers in addition to a government health programme in Singapore”, the second one is “Google has explicitly denied its motivation is to control more data”, in all this there is less investigation in regards to what data goes to Singapore, or better stated the article makes no mention towards it, and as I see it, there is no mention on it from the office of Margrethe Vestager either. The second part is how Google explicitly denies its part, yet that denial does not give us anything towards the speculated “its motivation is to have access to more data”, and when you decide on a smart watch, data will end up somewhere and the statements are precise (something that worries me), I have no issue with Google having access, but the larger issue is not Google, it is ‘partnerships with several insurers’, the idea of privacy is not seen remarked upon by Margrethe Vestager and her posse of goose feather and ink-jar wielders, the focus is Google and is seemingly absent from investigations into Fitbit pre-Google in an age where the GDPR is set to be gospel, so who are the insurers and where are they based? Issues we are unlikely to get answers on. Yet when we consider “John Hancock, the U.S. division of Canadian insurance giant Manulife, requires customers to use activity trackers for life insurance policies in their Vitality program if they want to get discounts on their premiums and other perks”, so what happens when that data can be accessed? Is the larger stage not merely ‘What we consent to’, but a stage where the insurer has a lessened risk, but we see that our insurance is not becoming cheaper, there is the second stage that those not taking that path get insurance surcharge. So what has the EU done about that? We can accept that this is not on the plate of Margrethe Vestager, but it is on someones plate and only now, when Google steps in do we see action? 

So whilst the old farts at the EU are taking a gander at what they can get, I wonder what happens to all the other parts they are not looking at. Should Google acquire my IP, with access to 440,000,000 retailers and well over 1,500,000,000 consumers, will they cry murder? Will they shout unfair? Perhaps thinking out of the box was an essential first requirement and Fitbit is merely a stage to a much larger pool that 5G gives, but as they listened to the US, they can’t tell, not until 2022, at that point it is too late for the EU, I reckon that they get to catch on in 2021 when they realise that they are losing ground to all the others, all whilst they could have been ahead of the game, lets say a Hail Mary to those too smitten by ego. 


Leave a comment

Filed under Finance, IT, Law, Media, Politics

The day after the day before

I just noticed a story on Reuters, which came a day after I gave the lowdown on the GDPR. In their story ‘Companies need immediate rethink on U.S. data transfers, says watchdog’ I see “Companies seeking to transfer data to the United States must revert to new arrangements with immediate effect after the Privacy Shield transatlantic pact was declared invalid last week, a European Union watchdog said on Friday”, OK, we know that, but Reuters gives a little more, with “The European Data Protection Board (EDPB) said that companies that transfer data to the United States via standard contractual clauses would have to self-assess whether these have suitable safeguards and inform their national privacy enforcer” we see a part I had forgotten about (Yes, I forget things too), when we consider ‘via standard contractual clauses would have to self-assess’, I am confronted with a thought I had in 1998 in another station. You see there is an issue with ‘self-assess’ and ‘backups’. The self assess part is to ignore that small little data cruncher, whilst the global standardisation of back-up systems give a larger implied stage that for US Intelligence, it remains business as usual, with the optional larger workflow. Did anyone consider that?

So when we see “The EDPB, together with the European Commission, is now looking into ways to beef up standard contractual clauses and binding corporate rules that could be legal, technical or organisational”, I wonder how many delays back up solutions are given before that train ends, I reckon that it will take a while. And the situation is not new, ITProPortal gave us in 2018 “The legislation gives customers the right to be removed from the records of companies even if they have previously agreed to the collection and storage of their data. It’s called the ‘right to be forgotten’ and could be a potential stumbling block as organisations keep backup copies of their data. A request to have personal data removed, technically means that it should be removed from all copies including the cloud, or tape kept off-site in deep storage. Having to do this each time a request comes in, however, has been deemed excessive by those overseeing GDPR due to the logistical challenges it would throw up” and even if you think that it is something else, think again! We see this in “technically means that it should be removed from all copies including the cloud, or tape kept off-site in deep storage. Having to do this each time a request comes in, however, has been deemed excessive by those overseeing GDPR due to the logistical challenges it would throw up” and consider that there is a situation, we see this in “According to France’s GDPR supervisory authority, CNIL, organisations don’t have to delete backups when complying with the right to erasure. … You should also document policies and procedures for keeping backup data secure. This will include instructions on encrypting backups and where you will keep backup devices”, yes this is still about the right to be forgotten, but there is an absence on tertiary locations for backups and cloud backups, they can still be in the US, as such, the Intelligence conclave (the alphabet group) are still in a stage of business as usual. One source is giving me in 2019 “Rather than backing up everything in bulk as whole systems, organisations may find it easiest to separate systems backups and personal data backups so that systems backups can be kept for much longer retention periods than might be allowed/justifiable for the personal data”, yet the station of ‘organisations may find it easiest’ as well as ‘so that systems backups can be kept for much longer retention periods than might be justifiable for the personal data’, which in itself is not really an answer and I was surprised to the amount of ambiguity towards operational and logistical needs, whilst keeping the limelight away from backups, as such I believe that there is a lot more going on and no real matters regarding privacy will be solved any day soon. In this Curtis Preston, chief technical architect at Druva raised in 2019 “GDPR is not going to be able to force companies to ‘forget’ people in their backups – especially personal data found inside an RDBMS or spreadsheet.” (at https://www.theregister.com/2018/05/31/backup_gdpr_analysis/), and it seems that everyone links it to ‘the right to be forgotten’, so what happens to the off site backups of global databases? Are they still in the US? And why is there such a darkness around the states of backups? I find the comment ‘due to the logistical challenges’ a bit of a joke, they had years to get ready. Even closer to home, last January we see “Although Apple uses end-to-end encryption for both iMessage and FaceTime, it doesn’t do the same for iCloud backups. They are encrypted, but Apple holds the key, meaning that the company has access to a copy of almost everything on your phone – and that includes stored messages. I’d long expected Apple to fix this, but a report today claims that the company has decided not to…” so what else has not been done, and where are all these iCloud backups? If they are on an Apple Server, there is every chance others have access (speculation from my side). Which is actually not the weirdest thought, when we go back to 2018 and consider “authorities also discovered a series of hacking tools and files that allowed the 16-year-old boy to break into Apple’s mainframe repeatedly”, so if a 16 year old has access to the Apple mainframe, do you really believe that US Intelligence cannot enter it? 

So when we consider where our backups are, also consider how up to date your personal records are at 57 Duker Rd, Farmville, VA 23901, United States. To be ‘speculatively more precise’, how about IBM-VA23901-1-3.213.5? I wonder how many other places your data can be found, all for the simple reason of national security, all whilst we see the media take a hard look on all the cyber tools that some agencies have no one seems to be looking at all the access that they have to backups. The fact that several locations are giving us versions of ambiguity, none of them look deeper into the matter, I reckon that the Stakeholders wouldn’t allow it, but that is me grasping at straws.

There is a larger station now that the agreement has fallen apart for the EU, on the other hand, there will be a pool of new talent be required all over Europe, and in the light of the Corona events, I wonder how many are still alive. So, what will we see tomorrow in this regard?


Leave a comment

Filed under IT, Law, Politics, Science

The Fantastic Four and the bully

Yup its Friday! The match is set and also tempered and set against the Fantastic Four, they face it because the people who they are defending against are not that clued-in on the abilities of the digital economy and they merely want better pickings from these four, I am actually surprised that Netflix is missing there on a few stages, but perhaps they promised the not so clued in spectacle seekers to give them all the illumination they are worthy for, it is a dicey call, but when you can lose it all, you can also play it all.

They are up against a congress who has fiddled and played away well over 8 trillion in stupidity, the rest was unavoidable, they are that not clued in and the batter is about to hit the hedges, so they need a play so that they can retire unabated and without accountability. This was not new, there had been announcements and for the most, I actually thought that in light of what was playing now, that US Congress might give this a miss, but no, I was wrong.So as we look t the article (at https://www.reuters.com/article/us-usa-tech-congress/big-tech-ceos-ready-defenses-for-u-s-congress-hearing-into-their-growing-power-idUSKCN24O16K), we notice the lead ‘Big Tech CEOs ready defenses for U.S. Congress hearing into their growing power’, yet did we also notice “The panel is questioning the companies as part of its probe into whether they actively work to harm and eliminate smaller rivals, while not always making the best choices for their customers”, perhaps you remember the old court case, where we get the number one hilarious moment (at https://www.nbcnews.com/video/senate-gop-and-white-house-tentatively-agree-on-1-trillion-coronavirus-relief-88172613521), NBC was not the only one giving us that, but you get the idea on how clueless American Politics seems to be. You see, there are two parts in this. The first is “while not always making the best choices for their customers”. The sides here are 1. ‘Who is the customer?’, and 2. ‘What are the best choices?’, as I personally see it, congress does not have the brightest players in the first place, so there is every chance that at least 20% of that panel is clueless to the digital environment. And that is not all. If we consider “The high-profile hearing, which will bring together Amazon’s Jeff Bezos, Facebook’s Mark Zuckerberg, Apple’s Tim Cook and Google’s Sundar Pichai, will be a key moment in the growing backlash against Big Tech in the United States and is likely to set up a face-off between the executives and skeptical lawmakers from both parties”, we see an optional stage of discrimination. In the first Twitter and Netflix are not there, in the second, as far as I (and others can tell), these players have acted on the letter of the law, the fact that others can’t do that, is not competition Law, it makes it something else (not sure what actually). I agree that I do not have all the answers, but this in the end we need to see that this is optionally not about what they say it is, the European Law and their GDPR is biting hard, as the US privacy shield is falling short by too much, there is every chance that the US government is missing out on terabytes of personalised data as their FISA act opted access for and that is not sitting pretty with them. So where is my evidence?

We see part off this in “Apple is likely to be quizzed about the way it manages its app store after facing criticisms it hurts newcomers. Apple told Reuters it will argue it does not have controlling market share for apps. The iPhone maker views its store as a feature designed to ensure the security and reliability of its phones.” The App Store is a rather large being, but it is amped towards Apple products, and as such security is key. So far the issues we see are a mere fraction of what could be. In this Forbes gave us that part yesterday with “With the July 22 launch of the Apple’s SRD program, security researchers will be able to go and hunt bugs much deeper within iOS. Apple said that the iPhones, which will be dedicated exclusively to such work, and known as security research devices, will come “with unique code execution and containment policies.” What this means, for example, is that the file system will be accessible for inspection rather than just looking at crash log snapshots or using jailbroken devices. The latter being far from perfect as jailbreak vulnerabilities are generally patched quickly, and so any research is more easily denied by Apple as being flawed.” Again, this shows two parts, the first is that Apps are often defined by hardware and Apple hardware is in transit, making most issues moot for Apple, the second part is that we see “the file system will be accessible for inspection rather than just looking at crash log snapshots”, we can argue that this betters the US government access to data, but does not really prove it, the merely get a better look at where to seek what they desperately want. I am still not convinced that this hearing isn’t an option for old goats (oops, I meant members of Congress) to get selfie time wit the 4 most wanted selfie objects in history.

I wil forgo on Amazon, these people have enough problems to set a proper definition of what is a hazard and how to identify it, I briefly discussed that in ‘6 simple questions’ in February this year, where a load of shortcomings, or is that shortcumings? Are set in motion, I never understand how people get their rocks of on bad work, but that might merely be me. I discussed it (at https://lawlordtobe.com/2020/02/03/6-simple-questions/) it also had a link to another article that shows questionable parts of FTI Consulting, as such and quoting CNN who gave us “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker”, all whilst the identity of the hacker is still up in the air, and this is set against a person who has more money than the combined resources of all who live in New York, which is saying something. He is 25% of what Congress faces? To be honest, I feel that the US audience are facing another Mickey Mouse show, which is weird as Disney is not in the dock, but I got extra popcorn, so that I can watch and giggle at the same time. Oh and by the way, I wrote this all on an innovative MacBook Air, as such we see that other players are not up to scrap to show us what is truly innovative. As I see it, this is the first truly innovative piece of hardware since the release of the G5 in 2004, so I wonder what Congress is really trying to achieve. And when we see “in recent weeks the firm has published blog posts and a white paper asserting that it still faces plenty of competition and that the fees it charges ad buyers and sellers are justified.” We see an optional path for Google, all whilst the non US Data centres of Google are being upholstered to avoid GDPR issues, as I see it the US Bully, oops, I mean Congress, are out of their depth in an age where computers and hardware changes quicker then the identity of the average man’s mistress. There are so many tackles and interactions, I have no trust in what US Congress is trying to achieve, but there is an upside for me, a they fail more and more, we see that my IP is still untouched and no one got near it, all this whilst the 5G site is going forward in most area’s, l except the USA. Perhaps Congress should have other priorities, like sorting out the tax laws that these four face, is that a little over the top?


Leave a comment

Filed under Finance, IT, Media, Politics

The time is now

Yesterday, an article in the BBC made me aware of a few items. Now, I was aware to a larger degree of most items, yet I kept it in the second drawer of the third desk of my brain, it was something I took for accepted and then shrug it off, so what changed? Nothing actually changed, but the article seems good enough to take a few items on view.

The article (at https://www.bbc.com/news/technology-51115315) gives us “Google has announced a timeline for implementing new privacy standards that will limit third-party use of a digital tool known as cookies“, now this is nothing new, it was always going to happen, yet we also see: “analysts say the move gives Google more control over the digital ad market where it is already a major player.  To make advertising more personal web browsers collect small bits of information that allow them to create a profile of the users likes and online habits“, the question becomes, is that actually true? And when we see “This presents a core problem from a competition perspective. It is yet another example of Google diminishing ad rivals’ access to data for the stated purpose of protecting users’ privacy“, a quote from Dina Srinivasan, a lawyer focused on competition issues is not really that truthful, is it? Apple made a similar move in 2017 and when we go back in time, we see Google Chrome, Mozilla Firefox, Internet Explorer, Safari, Microsoft Edge, and Opera. Most will have forgotten Netscape who became defunct in 2003, and basically stopped making a blip 2 years before that. We seemingly forgot about the exploitative market that Microsoft had in those days with Internet Explorer and all the crap it added to our HTML files (as did Word when we saved as an HTML file), in those days data in files was still an issue because there was a limit to what we could safe when we were not rich. Chrome was the first to keep our files clean, or at least lacking a lot of rubbish. Netscape was however on a different route, an employee of Netscape Communications, which was developing an e-commerce application for MCI. MCI did not want its servers to have to retain partial transaction states which was a killer for storage, as such they asked the people at Netscape to find a way to store partial options and methods of transactions where it mattered the most, at the side of the buyer, Cookies provided a solution to the problem of reliably implementing a virtual shopping cart, Google found a new way of using that idea and used cookies in the far reaching solution it currently has, they innovated, others merely took on board someone else’s solution and not they are all crying foul. Perhaps when these people had taken the time to innovate, they would have the choice, and the option of two years seems decent, so when I read “advertisers had hoped to have more time before it was implemented” is as I personally see a larger BS issue on timeframes and exploitation, if advertisers are in the now, they would be all about advanced implementation, yet they like their bonus and they seemingly do not like to spend money on investments to counter the timeline (an assumption from my side). 

Google’s director of Chrome engineering, Justin Schuh gives us “Users are demanding greater privacy – including transparency, choice and control over how their data is used – and it’s clear the web ecosystem needs to evolve to meet these increasing demands“, which seems slightly too political to my liking, but there we have it. Business Day gives us “But GDPR also made life harder for a cohort of second-tier adtech players trying to compete with the likes of Google and Facebook. The regulation’s provision to prevent data being shared wantonly with third parties seemed to give the tech giants an opportunity to tighten their control over user data” where we see that this was one of the foundations that led to the end of SizMek, some state that it was DSP Rocket Fuel that ended the heartbeat of SizMek, yet everyone ignores a simple truth, ‘an overcrowded ad tech market with independent vendors with an inability to face serious cost pressures to their pricing structures‘, they all arrogantly believed that THEIR solution was the real one and they all basically read cookies like the ones Google had distributed. You can all claim to have the magic potion that Asterix drinks, but when the truth comes out that he drinks Darjeeling tea from India, the playing field gets overcrowded and when the customer figures out what they get priced for the end is pretty much around the corner of the next door you face.

So as we are told “third-party ad sellers will need to go through Google to get information about internet users. But critics say that is an advantage that makes the market less fair and safe“, in my view my question becomes: ‘Which critics, names please!‘, the problem is that third party ad sellers have no rights, none at all, the rights should be with the owner of the computer, Google (Apple also) are setting (not by their own accord) that stage, Microsoft is using their Azure Cloud to counter the Cookie option on PC and Microsoft Console, but the hard sight is already there, the people who are unable, unwilling and cannot afford to set the stage still want their freebee and they are now starting to complain as they are made aware that their time has ended, even though this was the direction we saw in US politics and EU politics well over three years ago. The EU had their General Data Protection Regulation (GDPR) and everyone shrugged their shoulders stating that it would not happen that fast, yet that was three years ago and now the time has been set back to merely two years to go and the ad sellers are feeling the pinch of the cost they will actually face. Moreover, they are seeing the red lights of career ends. The Verge gave us “an industry that’s used to collecting and sharing data with little to no restriction, that means rewriting the rules of how ads are targeted online“, they gave us that on May 25th 2018, so 1.5 years ago, why is this now a problem? The people wanted this, ad soon it will be here, Google has not been sitting still updating their systems accordingly, and as such we see that the flaccid and non-concerned rest is now looking at a deadline a mere two years away. When we look to the larger field we see Criteo, LiveRamp, Trade Desk, Rubicon, and Telaria, all losing value as ad-tech providers, yet the opposite could also be true when they offer to the customer a value, a value where most ad-tech companies never bothered going. Yet the power of any ad-tech was never the cookie, that was for the most merely the revenue. They had 5 years to consider the power of ad-tech and they didn’t. The power of this is basically engagement. Facebook showed this year after year and now it is out on the larger field, those who engage will survive, the rest will end up on a dog eat dog football field and a few will survive but only as long as they push to the next hurdle and make it, if not they will end up on the obituary page (just like Netscape, however Netscape ended there for other reasons). 

I wonder if that is why Google is so adamant about its stadia? It would get a massive tier of small time developers creating engagement content to be released on mobiles. That i me merely speculating. 

Still the words of Dina Srinivasan are not entirely without merit, she gives the Facebook issue (at https://www.wsj.com/articles/yale-law-grads-hipster-antitrust-argument-against-facebook-findsmainstream-support-11575987274), and she makes a good case, yet the history of certain players need to be taken into account. Even as she was her own misgivings about the evolution of the digital advertising market, history had been clear, some of them basically did not bother, they wanted it handed to them for free and in the beginning they got away with it. And she made a point with “How could a company with Facebook Inc.’s checkered privacy record have obtained so much of its users’ personal data?“, yet equally we need to weigh this with the words of U.S. Attorney General William Barr. He gives us “he is “open to that argument” that consumer harm can exist through the use of personal data, even if a service is free. “I am inclined to think there is no free lunch. Something that is free is actually getting paid for one way or the other”“, which is what I have been saying on my blog for around 4 years, so happy to see people wake up in January 2020. So when I see “Ms. Srinivasan would prefer that Facebook be forced to change certain business practices, including how it tracks users when they are off the company’s platforms“, I wonder when they give account to the small truth that Facebook is a free service for a reason and they are no longer alone in this, you are going after the large players when they are in the largest danger by losing slices of that revenue pie to contenders elsewhere in the world (EU and China). 

Whatever you want to do is fine, but realise that it will put a large group of people in the streets without a job, I am not against them losing their job, but that revenue and that data will also flow in other directions and that is the one part that all players (with political support) are trying to counter as much as possible. I wonder if they will succeed. The weird part is that if this group had been properly taxed 3 out of the 5 major issues would also fall away and in that view a workable solution could be pivoted to.


Leave a comment

Filed under Finance, IT, Media, Politics

London Bridge had fallen

This is not some event involving Mike Banning as the never failing US Secret Agent, it is also not a movie involving Gerard Butler in command of a Nuclear Submarine (Cool movie though). No this is reality!

In 2017, on June 3rd an attack took place, the inquest is still going on 2 years later. 3 people ramming pedestrians and after that ran into the public in the Borough Market area and decided to stab a whole lot more people. They were wearing fake explosives, carrying knives. That pretty much sums it up. In the end 8 died and 48 were wounded, the three ‘terrorists’ were killed in the process.

According to all sources these three were ‘inspired’ by ISIS.

I took notice of it initially, but it was not high on my radar, it got my attention again last week, but i was looking into the Strait of Hormuz issue. It kept at the back of my mind. So let’s start with last week: ‘MI5 admin errors meant attackers link ‘was missed’‘, it got to me as MI-5 does a whole lot of things, errors are actually quite rare and anyone stating that there should not be any errors is an idiot. Anything involving intelligence gathering is prone to issues. The right stage, the right interpretation, the right connections and the right actions. These are all matters that influence the stage. You can check this for yourself, go to any recruiter and apply for a job, what are the chances that he/she places you wrong or gives you less useful advice, considers you not to be the ‘right’ person for the job? That chance is rather high.

So when I see the BBC article (at https://www.bbc.com/news/uk-48626134) giving me: “Youssef Zaghba was stopped at Bologna airport in 2016 after telling staff he was going to Turkey to be a terrorist“, so in the clear setting of a first, a terrorist does not tell anyone he/she is one. The more verbose version is: “Asked why he was going to Turkey, he said to be “a terrorist” before quickly changing his answer to “tourist”, the court heard“, o now we get a person who is basically an idiot and customs has to deal with hundreds if not thousands on a daily basis. This part is already numb and done for. So at best we have a video game wannabe, at worst we have a person with mental health issues. At present neither two score high on the list, at most a police chat would have been warranted.

Regarding Zaghba we also see (at https://www.bbc.com/news/uk-40169985) In 2016, Zaghba was stopped at Bologna Guglielmo Marconi Airport by Italian officers who found ISIS-related materials on his mobile phone. So what materials were they? He apparently was placed on a watch list, which is shared with many countries including the UK, as such is he merely watched when he travelled or 24:7? There is a difference and one does not warrant the other.

Yet now there is a clarity of optional failure that is increased with: “Witness L, who is head of policy, strategy and capability for MI5’s international counter-terrorism branch, told the court MI6 did not translate the Italian request for two months – and then sent it to the wrong person in MI5“, not only is my question:

  1. How could this be send to the wrong person and why was there no return/response on wrongful send information?
  2. Then we get: ‘The optional escalation had 1 year to find corrections and optional change in surveillance. Why was this not done?
  3. How often is the shared list vetted and checked for additional information whether the watch list is still accurate and more important useful?

Three direct questions that now put MI-5 on the radar for a few failings. In addition we also need to enlarge the scope, if SIGINT is GCHQ, how was this optionally missed twice over?

There are also serious questions regarding the Lawyer of the 6 victims. When we see that he had: ‘previously told the court there had been missed opportunities to prevent the attack.‘ It is important to see this part. In another story we get: “Gareth Patterson, the lawyer representing several victims’ families, said there was evidence the attackers had been in contact since January 2017“, here I disagree to some degree, and with ““any reasonably competent investigation” had the chance to detect the planning that was going on between the three men” I disagree even further.

You see, when we look at the elements. The fake explosives means that it could have been made in any way, for the most stuff from a toy store might have sufficed, at most a stroll through B&Q or Wickes would have sufficed. Then there is the stage of interpreting the Zaghba part, a terrorist claiming to be one is not one. I would have been able to do all the needed parts without setting off any flags or alarms. The biggest risk I run is getting a lorry, they did not get one either for mere payment issues that one element also shows that they commenced a terrorist act, but were not terrorists (or almost the worst prepared one). The absence of planning, the absence of dotting the ‘i‘ and crossing the ‘t‘ is what sets them apart. Merely three men with water bottles, pretending that to be explosives, knives that one can buy at IKEA and when we learn that the Guardian (at https://www.theguardian.com/uk-news/2017/jun/10/worse-terror-attack-on-london-bridge-foiled-by-chance-police-say) that the van had “13 wine bottles containing flammable liquid with rags stuffed in them, essentially Molotov cocktails” that were either forgotten, or just ignored by these three, we see a wannabe terrorist who forgot that they had options to increase the death count by a lot. These are all elements that count, because MI-5 is there for serious threats and these three were seemingly ignoring all their options even during the event. Going back to the lorry, that one might be easy when I stalk the right bars and mickey the right person, with him tied up in the back of the van I could start my spree, no flag raised at all. In my case I would have been able to get the stuff that goes boom; I merely needed to change perspective on the how. All issues that would never raise a flag; that is what MI-5 has to deal with and they have the one additional benefit that they are on an island.

We agree that steps were missed on Zaghba, but none of this is still evident that it would have prevented the attack. The higher part is Khuram Shazad Butt, he has enough flags that warrant consideration, his presence is a real issue, yet how much flags did he raise before the attack? We seem to blame after the effect, yet in the UK we see more whingers and whiners on freedom and privacy than in most other places in the world, well, congratulations! If MI-5 had that data this might have been prevented, they did not. You wanted the Data Protection Act 2018, you got it, you wanted General Data Protection Regulation (GDPR) and it was handed to you, you also face additional dangers because of it, so stop crying!

Back to the attack! I see Rachid Redouane as the actual fuse here. An illegal immigrant, a failed asylum seeker and he remained under the radar, also implying he could get a lot of stuff done whilst not being noticed, not getting noticed and working as a pastry chef, so how did he get that job? He was the part that Butt needed, and as such MI-5 had optionally even less to work with.

You see, when we look after the event, we might see issues to blame MI-5 (optionally GCHQ) with, but there are a lot more markers making at least 1 out of the three a dud from the start. And in all this, no one seems to realise that a failed Asylum seeker was hopping back and forth between the UK and Ireland, there is a larger failing in all this, yet I am stating that MI-5 was not it.


The Guardian yesterday (at https://www.theguardian.com/uk-news/2019/jun/17/communication-issues-left-london-bridge-attack-casualties-without-first-aid) gives us the larger failing, but not in regards to the attack. When we see: ‘police waited for help that wasn’t coming‘ we feel anger and frustration, yet in which direction?

The first is seen with: “police and members of the public being left to treat victims of the London Bridge terror attacks and not knowing why paramedics were not coming to their aid“, as well as “when paramedics were told to evacuate the area, the officers in the courtyard were left treating the casualties on their own awaiting help that did not arrive” we get the first gist of it. You cannot send paramedics in a dangerous situation, we get it we understand it and we accept it. I believe that an alteration to the armed response unit is required. I believe that any armed response unit requires a trained medic to give first aid like in a metropolitan war zone. Yes, it would be great to send in the paramedics, but let’s be honest how would you feel when a police officer tells you: “Look, there are three terrorists over there somewhere, can you go into that place ad see if you can treat some of the wounded people?” I get it, plenty of them medics would, but it is optionally super reckless and highly irresponsible. The fact that the police was not properly warned on the spot could have been for several reasons, all unintentional. This is a situation that is not merely fluid, it involves a lot of people thinking on their feet, whilst running trying to scope the size of the issue in absence of reliable information. These are not mistakes made, they are to some extent coming from experience and actual successful attacks have been really rare, besides that at some point you cannot just call for boy scouts (SAS) at any point, time is a factor. So when I see: “Five people died in or around the courtyard, one of whom, Sebastian Belanger, 36, a French chef, could possibly have been saved if he had received swifter, higher-quality medical attention“, I accept the stage and I accept the premise, but the score on getting ‘higher-quality medical attention‘ is optionally not a realistic one, not in a location of armed conflict and so there we see the stage of time versus location versus available intelligence. We can jump high and low, but reality is a factor and I feel that the after the fact Monday morning quarterbacks are now feeding an inquest of what ‘might have been done’, and I accept I am in this view a Monday morning quarterback as well.

For the larger view we need to go to the actual inquest and I noticed something in day 20 (at https://londonbridgeinquests.independent.gov.uk/wp-content/uploads/2019/06/LBI-Day-20.pdf). The transcript gives us a side that was not part of the actual attack, yet it does involve Khuram Butt, it is actually a lot more important than you think for two reasons on opposite sides of the scale. The transcript gives us:

Witness M, you will appreciate that the investigation that you are here to help us with lasted for something in the region of two years, so I ’ ve got a fair amount to cover but I ’ ll try to be as concise as I can be.

You were asked questions by Mr Hough about the Transport for London employment and you told us that there came a time when you and your team learnt about this job that Khuram Butt obtained working at Westminster underground station.

A: That is correct , yes.

Q: So can I be clear : you learnt about this after he had begun working at that station ?

A: I cannot recall at what stage we learnt about him either seeking out employment or having that employment.

Q: Was that something that you – –

A: But we were aware of the fact that he was working at London Underground.

Q: So it wasn’t something that you learned at the application stage before the decision had been made as to whether they should give him the job?

A: I cannot answer that.

Q: Were arrangements in place at the time for the counter terrorism police to be notified by Transport for London of the names of people applying to be employed by Transport for London in vulnerable locations ?

A: I ’m not aware of any such arrangement. That’s not to say it doesn’t exist , but it ’ s not something I’m aware of .

Q: So to this day can Transport for London receive applications by people who might be terrorist suspects, the subject of ongoing investigations , and then a decision made to employ them without you or your partner agency being notified ?

A: So, again, I can’ t categorically say whether that process exists . That sounds to me that it’s something, if it did exist , would be more in the ”protect” side of our business.

It is important, and let us look at both sides of this equation. On the one hand if there was stronger vetting there was a chance that Khuram Butt might have been stronger on the radar, yet the attack would not have been prevented as the London Underground was not a stage and was not used to set the stage, more importantly there was a chance to set off alarms within Khuram Butt making him a lot more cautious, optionally resorting to a different style of attack. On the other hand, we see that this path would have given MI-5 up to 1500% more work, so a lot less resources to deal with optional more serious threats.

We see more in Day 20 (on page 4, paragraph 9, 10). Here we see the flags issue I raised earlier and the questioning party who is seemingly not all up to date on intelligence, more on finding a part to blame. When we see:

Q: In September 2016 the categorisation was downgraded to P2M, so the risk is now a medium risk, you told us?

A: That is correct. Yes, it was categorised down to a P2M.

Q: And when you dealt with this in your report at paragraph 5.9, you linked this decision to the fact that there had been no indications of actual steps to plan an attack.

A: That’s correct, that is in my report.

Q: But as you’ve accepted a number of times, from the very start, this is somebody who had, throughout, exhibited a degree of operational security.

A: We see that across the entire range of individuals we investigate.

Q: Yes. But an ordinary member of the public with nothing to hide is unlikely to be taking steps to avoid surveillance or to hide their activities; would you agree?

A: He’s not an ordinary member — he was not an ordinary member of the public; he was under investigation.

Q: But that of itself rings alarm bells, doesn’t it , if he is positively taking steps to disguise what his activities are?

A: It’s concerning, but it becomes more concerning when it is attached to other intelligence around other activity. And that will elevate the risk and elevate our posture and our response.

Q: After that decision to recategorise as medium risk, he then re-engaged, you told us, with ALM in the autumn of 2016.

A: So that – – that’s correct, that was the assessment at the time that he started to re-engage with other ALM individuals.

Q: He was also identified as having an inflammatory presence around other extremists, wasn’t he?

A: How do we know that?

Q: Well, you confirmed yesterday that you were aware of that and that’s information that reached you via MI5. We see it in the report of Witness L at paragraph 116.

A: Okay. So I can’t say with any certainty I was aware of that before that time, but just the mere presence — the mere fact that he was associating with other ALM individuals or becoming further engaged is of concern

I see this as an issue. The issue is not the interview, the issue is the available resources and the questioning party seems to live in la la land as there is the consideration that at any time all resources are available, that one clear failure makes the inquest a problem to some extent and that is merely looking at one day, merely Day 20. The focus on Khuram Butt being an ‘inflammatory presence‘, we could argue that this is a good thing, we could argue that pushing other extremists before they are ready is one clear sign to botch attacks (MI-5 will be pleased), the two parts in the transcript give rise to a larger failing, in part the inquest is set to a stage it does not comprehend, it does not facilitate a stage of comprehension where it concerns lone wolves and wannabe’s. In the second degree we see the push regarding re-engagement and the consideration of a medium risk person. Even as there is no valid intelligence giving us that direct action was called for (implied at least). So when I see ‘there had been no indications of actual steps to plan an attack‘, my less diplomatic view towards the barrister would be ‘move the fuck onwards barrister‘, if there is no indication of actual steps, there is no indication for acceleration of increasing profile surveillance, the resources are just not there.

It is the largest failing, not merely the fact that there is no SIGINT working on data that could have been worked on, the stretch on resources, what is available, its definition and the stage of recognising on how to use resources are in the wind and that failing matters, because that recognition is essential to stop attacks by an actual terrorist, a lone wolf or a wannabe, and as long as that part is not clearly in play, there will be more successful attacks and here I regard the premise of a successful attack any attack where more than 5 lives were lost.

We need to accept that choices have impact, we need to see that the attacks will continue and until we find a better way to register dangers this is how it will be and we need to see that the failing was larger, but there is no one to actually blame.

Consider blaming customs for allowing a failed asylum seeker (Rachid Redouane) going back and forth between the UK and Ireland, getting other places to live, is that landlord to blame? There are cogs that are not working for numerous reasons and when we realise that ‘the machine‘ is off its mark by a decent amount, we do not get to blame MI-5 (or GCHQ for that matter). When we consider that Youssef Zaghba might have made a claim and if GCHQ had a right at that point to capture all data regarding that person, there might have been a chance that together with the Khuram Butt data there was a decent chance that this could have been stopped (in theory), but that was not an option was it? Here the Data Protection Act 2018, as well as the application of the General Data Protection Regulation (GDPR) stopped GCHQ from getting essential results to report to MI-5, you wanted this so from my point of view you have to accept the dead people too. You cannot get it both ways, it is just not on.

There is, as I personally see it a larger failure in play, it is not MI-5, it is not GCHQ, it is not the police, it is us and the bullshit setting of privacy whilst we hand over all of our private lives to Facebook and mobile game data collectors, we are doing this too, we ourselves. We can optionally argue that there needs to be a better direct action armed response unit with a trained medic in these teams, but that is an optional investigation for another day, one that is far far away.


Leave a comment

Filed under Law, Media, Military, Politics

Want a cake? Buy a bakery!

There was a man (not me) who loved cakes so much (definitely me) that he decided to buy a bakery (not on my income), so he spend £1,475,000 and now he has a cake every day until he dies, and that was the happy ending, or was it?

Consider that at the Cake Store, an outlandishly super cake (birthdays) from £45 onwards (up to £850) which will give you colour choice for inscription, 4 levels of cake (the 4th being a Rubik cube cake), choice of filling and selections of candles and sparklers. So it does not get any better than that. Yet we all agree that the most expensive cake is not a daily choice, anything below that tends to be around £100, so a fair cake and there plenty of cakes are 16″ and a mere £69. So at that stage we see that the man paid upfront for 19,666 cakes, implying that he will have a daily cake for 53 years; and that is when we ignore the interest he could have gotten on the £1,475,000 which in an optimum stage is interest that pays for 983 daily cakes a year, we call that a bad choice when the goal is to have cake every day. Now when it is about government policy it is not that simple.

And this gets us to the actual story, the fact that the Guardian gives us: ‘Government spends almost £100m on Brexit consultants‘ (at https://www.theguardian.com/politics/2019/may/29/government-spends-almost-100m-brexit-consultants), I get that consultant might be needed to some degree, but Brexit is something new, so how would they know? Yes, I very much understand that one of Deloitte, PricewaterhouseCoopers (PwC), or Ernst & Young was needed, but all three? Even if that was the case, for example manpower, the issue is not merely the £100 million; it is the stage of what knowledge did these civil servants not have?

Before we go bashing civil servants left, right and centre, we need to acknowledge that you want consultancy to some degree on international tax issues, on international legislation, yet is that knowledge not available within the government? We apparently have Law lords, we apparently have treasury and tax experts and the fact that they came up short by £100 million in knowledge is a much larger issue than I am happy about.

The fact that the end of this is not near, a premise we see with: “Marked “official sensitive”, the investigation warns Whitehall spending on Brexit consultancy work could hit £240m by 2020, as officials scramble to plan for departure from the EU” should be a larger concern. Then I notice a name which I have stumbled upon. With the mention of the Boston Consulting Group (BCG), I go back to ‘The Repetitive Misrepresentation‘, A May 2016 story (at https://lawlordtobe.com/2016/05/28/the-repetitive-misrepresentation/) where I stated: “The quote in the Business Insider gives you “I got the analyst who wrote one of the reports on the phone and asked how he got his projections. He must have been about 24. He said, literally, I sh*t you not, “well, my report was due and I didn’t have much time. My boss told me to look at the growth rate average over the past 3 years an increase it by 2% because mobile penetration is increasing.” There you go. As scientific as that“, this was at the core of the issue I had with PwC earlier. The final Gem the Business Insider offered was “They took the data from the analysts. So did the super bright consultants at McKinsey, Bain and BCG. We all took that data as the basis for our reports. Then the data got amplified. The bankers and consultants weren’t paid to do too much primary research. So they took 3 reports, read them, put them into their own spreadsheet, made fancier graphs, had professional PowerPoint departments make killer pages and then at the bottom of the graph they typed, “Research Company Data and Consulting Company Analysis” (fill in brand names) or some derivative. But you couldn’t just publish exactly what Gartner Group had said so these reports ended up slightly amplified in message; even more so with journalists. I’m not picking on them. They were as hoodwinked as everybody was. They got the data feed either from the research company or from the investment bank“. This all from an article in The Business Insider from February 18th 2010! (Yes, more than 6 years ago).” I am not stating that BCG did anything wrong, illegal or immoral, I merely wonder how they got their numbers, Brexit is an unseen event and there are no scenarios that fit the bill, so how were their results gotten (or is that begotten?); these are questions that reside with Bain & Company, as well as the BCG. PwC is not out of that firing line, it is for the most only Deloitte who gets a pass (based on previous work), as well as some of the people I know (from) there.

If there is one part I get then it is the entire Defra mess (mess still an optional word). The Department for Environment, Food and Rural Affairs has to deal with all kinds of legal and policy issues that have never been transparent, I would be surprised if there is not a whole range of other issues floating up from there in regards to food matters from all over Europe (France being an obvious first). An example that was seen last year when those reading Wine magazines were introduced to: “It’s made from outlawed jacquez and herbemont grapes, he explains, and is produced by a coop of rebellious vignerons in the Ardéche region of southern France.” Wine that is banned by the EU, so that is one part that Defra might not have been prepared for at present and that is merely a top line result I looked at, when we start looking at the Romanian Equine Beef Burgers the matter becomes truly adventurous. None of it is the fault of Defra mind you, merely the stage in which they find themselves at.

That also raises the issue seen with: “Whitehall report criticises departments for lack of transparency“, at that point, what are the chances that the Border Delivery Group with £10.2m and Defra with £8m have been doubling up on data and reports? More important, if they are from different sources, the data will not match and cannot be compared, or better stated, until the questions and data are not rigorously inspected, there will never be a way to tall on a few levels how valid and optionally how replicated the issues are. There is clear overlap between the two, yet the lack of transparency implies that they are not aware of each other’s work until the final report was handed to all the players.

In addition when I see: the DHSC employed Deloitte for “management support … in ensuring the supply of medical devices in case the UK leaves the EU without a deal”“, questions are shaped in my mind. I get it; there are questions, very valid questions. Yet in all this, Philips Healthcare has 6 locations in the UK, the same for Siemens Healthineers UK. So suddenly they would not be able to provide? They had their tax breaks for decades; as such they are responsible for delivery. It is time to look at these places and see just what tax breaks they got and hold them accountable (to some degree). I am merely mentioning two elements, there are many more where they had the deductibles and now they would walk away? Did the Department of Health and Social Care ever look at that part of the equation? Because if these people ‘walk away’ we can undo these tax breaks immediately, for the next decade or two.

It could be my version of ‘the sun also rises’.

It all comes to blows when we see: “But the report says it has taken an average of 161 days for basic details of Brexit consultancy contracts to be published, compared with 83 days for all consultancy contracts“, the fact that details are withheld for almost 6 months, beckons the question, was that before or after the contract was signed? In addition to this, when we look at “In February, analysis found government and public sector bodies had awarded contracts worth £107m for “professional services” in relation to Brexit planning. Tussell, a private firm that analyses public contracts, said the figure included 28 consultancy contracts worth nearly £92m.” gives me the questions on how much Tussel costs to check all this and are these contracts checked for doubling up, or are the merely checked for validity, hours versus billed, as well as how the contract was set up and what was required to be delivered? Merely the basic stuff and as such, as these contracts are compared, will I find a doubling of data as similar questions are to be answered?

Even as I partially agree with the government spokesperson giving us: “It is often more cost-efficient to draw upon the advice of external specialists for short-term projects requiring specialist skills. These include EU exit priorities such as ensuring the uninterrupted supply of medical products and food to the UK.” I do end up with questions on the arrangement of short term contracts and the fact that the treasury coffer is now out of £100 million. The fact that we see ‘such as’ is also a problem, the people were so over the moon on being a member of the EU, the fact that the government never looked at contingency issues within any government since the UK became a member of the EU is also a failure on several levels, especially when we consider the fact that this looks like an impairment of national security (or is that on levels of national security) whilst we see unproven Huawei accusation left, right and centre, an issue that does matter as you are about to find out.

The Washington Post gave us two days ago (at https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking) ‘It’s the middle of the night. Do you know who your iPhone is talking to?‘ with the added: “Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week“. It relates in a simple way, we accuse Huawei whilst apps are according to the Washington Post: “On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with. And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes.

It seems that there is a flaw, not merely in transparency and regarding the consultancy groups, there is a flaw in the way we think, the government is set to a stage, what would we have to do, whilst the tax breaks have been ignored to the stage where companies have a responsibility to deliver, which of these reports takes a look at that part and when we see that Apple did not do enough, when we are told that the user should not have installed a certain app, the fact that the app should not have been allowed in the apple store (or android store) is equally a setting to look at, the lack of transparency implies that this was not done, not once.

So when we divert (for a moment) to: “According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T.” I made a similar mention in January 2017 (at https://lawlordtobe.com/2017/01/30/taking-xbox-to-court/) where in ‘Taking Xbox to Court?‘ where Microsoft uploaded almost 6 GB in a fortnight whilst playing single players games. The fact that Microsoft hid behind: “we have no influence on uploads, that is the responsibility of your ISP!“, as response the Xbox helpdesk (read: party line) that their support gave me when I called still makes me angry. But now it is not merely consoles, it is happening all over the place and the government either does not care, or has no clue, so when we see ‘privacy’ driven issues, I wonder who they are trying to fool. Especially when I was confronted with ‘possible civil contingency need‘, there are optionally so many contingency needs transgressed upon (as I personally see it), how about recognising that in all the elements clear transparency was an essential first, the fact that the large players are not willing to be transparent, we see a much larger issue all over the place.

Even as part of one of the DHSC reports gives us: “It is difficult to prepare detailed predictions or plans for such unpredictable concerns“, so if we see the impact of ‘unpredictable concerns‘, at what point do we ask more serious question on where the foundation of £100 million came from? And it is not merely the spending, those who asked the questions and the exact questions themselves would also need to be scrutinised, because the private firms merely facilitated and they did nothing wrong, the other side needs to be looked at, to a much higher degree than ever before.

Now consider a paper by DLA Piper (at https://www.dlapiper.com/en/uk/insights/publications/2019/04/no-deal-brexit/data-protection/) only a month ago where we see: “UK data protection law is governed by the General Data Protection Regulation (GDPR), which came into effect across all EU member states (including the UK) on 25 May 2018, and creates a harmonised legal framework regulating the way in which personal data is collected, used and shared throughout the EU. Should the UK leave the EU, the GDPR will cease to have direct effect in the UK. However, as the UK is committed to maintaining an equivalent data protection regime, a UK version of the GDPR will effectively apply following the departure date (exit-day)“. This is fair enough, yet as the Washington Post two days ago and I was able to show (850 days ago) that the collection of personal data is already off the wall, so at what point will we see recognition that the point of no return was passed a few hundred days ago?

So at what point are there questions on DLA Piper (who did nothing wrong) regarding; “The GDPR imposes restrictions on the transfer of personal data to a ‘third country’” and as the Washington Post gives us an iPhone example, we see that Huawei is clearly 0% guilty in that part, so how is the entire: ‘President Trump is clueless on true national security in the first place‘ not directly on the mind of all, especially when the transgressions are seemingly global. Perhaps when we realise that these are American Apps there is optional no national security infringement and privacy is merely a concept for all the players of that issue in town. At what point will the UK realise that they have much larger issues?

Even as there is complete acceptance of: “It is important to be aware that SCCs cannot be used to safeguard all transfers – for example SCCs do not exist for transfers between an EU-based processor and a UK-based controller (ie where a UK controller hosts personal data with an EU processor). This is a known area of risk to regulators, which impacted organisations may decide to ‘risk manage’ where data repatriation is not a realistic options“, I am willing to state that not only is ‘data repatriation is not realistic‘, it was not an option well over two years ago and the loss of data  (read: data copy transfer) under 5G will merely increase by a speculated 500%.

It is the realisation of these elements where we need to revisit: ‘those who asked the questions and the exact questions themselves would also need to be scrutinised‘.

I wonder if that was done and more important to what degree. We can agree that investigation on what might happen might have a steep price, I get that, yet overall there are larger issues regarding the exact question what was asked, the model, the data, the collection and the integrity of data regarding the question that needed to get answered. I wonder (because I actually do not know), how far did Tussel go regarding that part of the equation?

So how did this get from a bakery cake to 4G and 5G privacy?

It is about the cost of doing business, not merely the stage of prepared for what comes next and I feel that in light of what we are shown by the Guardian, the ‘cost of doing business’ and the ‘next stage of enterprising’ is not aligned, when we realise that there is a large non-alignment of issues, how large is the gap in these reports, not merely on legislation and policy, but on operational levels that will get hit first. The DLA Piper part makes perfect sense, yet when you realise that the mobile application status is already nowhere near it needs to be, how useful is the DLA Piper part, which is technically speaking flawless? When we see that part of non-alignment, how many reports costing £100 million have an operational discrepancy when tested to the actuality of the events?

In equal measure we get the additional question, would transparency have solved that, which is likely to give the answer that require us to take a hard look at those phrasing the questions. One led to the other, and I merely looked at the digital part, when we look at actual shipping (and ships), we see the realisation that the UK is still an island, one tunnel does not solve that, how do we see the filling of the prospect of the danger that a lot more contingency plans are missing, not because of Brexit, but because they already should have been there, the IOS data tracking part is evidence of that.


Leave a comment

Filed under Finance, IT, Media, Politics, Science

Grand Determination to Public Relation

It was given yesterday, but it started earlier, it has been going on for a little while now and some people are just not happy about it all. We see this (at https://www.theguardian.com/technology/2018/may/25/facebook-google-gdpr-complaints-eu-consumer-rights), with the setting ‘Facebook and Google targeted as first GDPR complaints filed‘, they would be the one of the initial companies. It is a surprise that Microsoft didn’t make the first two in all this, so they will likely get a legal awakening coming Monday. When we see “Users have been forced into agreeing new terms of service, says EU consumer rights body”, under such a setting it is even more surprising that Microsoft did not make the cut (for now). So when we see: “the companies have forced users into agreeing to new terms of service; in breach of the requirement in the law that such consent should be freely given. Max Schrems, the chair of Noyb, said: “Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the agree button – that’s not a free choice, it more reminds of a North Korean election process.”“, which is one way of putting it. The GDPR isd a monster comprised of well over 55,000 words, roughly 90 pages. The New York Times (at https://www.nytimes.com/2018/05/15/opinion/gdpr-europe-data-protection.html) stated it best almost two weeks ago when they gave us “The G.D.P.R. will give Europeans the right to data portability (allowing people, for example, to take their data from one social network to another) and the right not to be subject to decisions based on automated data processing (prohibiting, for example, the use of an algorithm to reject applicants for jobs or loans). Advocates seem to believe that the new law could replace a corporate-controlled internet with a digital democracy. There’s just one problem: No one understands the G.D.P.R.

That is not a good setting, it tends to allow for ambiguity on a much higher level and in light of privacy that has never been a good thing. So when we see “I learned that many scientists and data managers who will be subject to the law find it incomprehensible. They doubted that absolute compliance was even possible” we are introduced to the notion that our goose is truly cooked. The info is at https://www.eugdpr.org/key-changes.html, and when we dig deeper we get small issues like “GDPR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not“, and when we see “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it” we tend to expect progress and a positive wave, so when we consider Article 21 paragraph 6, where we see: “Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest“, it reflects on Article 89 paragraph 1, now we have ourselves a ballgame. You see, there is plenty of media that fall in that category, there is plenty of ‘Public Interest‘, yet when we take a look at that article 89, we see: “Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject.“, so what exactly are ‘appropriate safeguards‘ and who monitors them, or who decided on what is an appropriate safeguard? We also see “those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation“, you merely have to look at market research and data manipulation to see that not happening any day soon. Merely setting out demographics and their statistics makes minimisation an issue often enough. We get a partial answer in the final setting “Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.” Yet pseudonymisation is not all it is cracked up to be, When we consider the image (at http://theconversation.com/gdpr-ground-zero-for-a-more-trusted-secure-internet-95951), Consider the simple example of the NHS, as a patient is admitted to more than one hospital over a time period, that research is no longer reliable as the same person would end up with multiple Pseudonym numbers, making the process a lot less accurate, OK, I admit ‘a lot less‘ is overstated in this case, yet is that still the case when it is on another subject, like office home travel analyses? What happens when we see royalty cards, membership cards and student card issues? At that point, their anonymity is a lot less guaranteed, more important, we can accept that those firms will bend over backward to do the right thing, yet at what state is anonymisation expected and what is the minimum degree here? Certainly not before the final reports are done, at that point, what happens when the computer gets hacked? What was exactly an adequate safeguard at that point?

Article 22 is even more fun to consider in light of banks. So when we see: “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her“, when a person applies for a bank loan, a person interacts and enters the data, when that banker gets the results and we no longer see a approved/denied, but a scale and the banker states ‘Under these conditions I do not see a loan to be a viable option for you, I am so sorry to give you this bad news‘, so at what point was it a solely automated decision? Telling the story, or given the story based on a credit score, where is it automated and can that be proven?

But fear not, paragraph 2 gives us “is necessary for entering into, or performance of, a contract between the data subject and a data controller;” like applying for a bank loan for example. So when is it an issue, when you are being profiled for a job? When exactly can that be proven that this is done to yourself? And at what point will we see all companies reverting to the Apple approach? You no longer get a rejection, no! You merely are not the best fit at present time.

Paragraph 2c of that article is even funnier. So when I see the exception “is based on the data subject’s explicit consent“, We cannot offer you the job until you passed certain requirements that forces us to make a few checks, to proceed in the job application, you will have to give your explicit consent. Are you willing to do that at this time? When it is about a job, how many people will say no? I reckon the one extreme case is dopey the dwarf not explicitly consenting to drug testing for all the imaginable reasons.

And in all this, the NY Times is on my side, as we see “the regulation is intentionally ambiguous, representing a series of compromises. It promises to ease restrictions on data flows while allowing citizens to control their personal data, and to spur European economic growth while protecting the right to privacy. It skirts over possible differences between current and future technologies by using broad principles“, I do see a positive point, when this collapses (read: falls over might be a better term), when we see the EU having more and more issues trying to get a global growth the data restrictions could potentially set a level of discrimination for those inside and outside the EU, making it no longer an issue. What do you think happens when EU people get a massive boost of options under LinkedIn and this setting is not allowed on a global scale, how long until we see another channel that remains open and non-ambiguous? I do not know the answer; I am merely posing the question. I don’t think that the GDPR is a bad thing; I merely think that clarity should have been at the core of it all and that is the part that is missing. In the end the NY Times gives us a golden setting, with “we need more research that looks carefully at how personal data is collected and by whom, and how those people make decisions about data protection. Policymakers should use such studies as a basis for developing empirically grounded, practical rules“, that makes perfect sense and in that, we could see the start, there is every chance that we will see a GDPRv2 no later than early 2019, before 5G hits the ground, at that point the GDPR could end up being a charter that is globally accepted, which makes up for all the flaws we see, or the flaws we think we see, at present.

The final part we see in Fortune (at http://fortune.com/2018/05/25/ai-machine-learning-privacy-gdpr/), you see, even as we think we have cornered it with ‘AI Has a Big Privacy Problem and Europe’s New Data Protection Law Is About to Expose It‘, we need to take one step back, it is not about the AI, it is about machine learning, which is not the same thing. With Machine learning it is about big data, see when we realise that “Big data challenges purpose limitation, data minimization and data retention–most people never get rid of it with big data,” said Edwards. “It challenges transparency and the notion of consent, since you can’t consent lawfully without knowing to what purposes you’re consenting… Algorithmic transparency means you can see how the decision is reached, but you can’t with [machine-learning] systems because it’s not rule-based software“, we get the first whiff of “When they collect personal data, companies have to say what it will be used for, and not use it for anything else“, so the criminal will not allow us to keep their personal data, to the system cannot act to create a profile to trap the fraud driven individual as there is no data to learn when fraud is being committed, a real win for organised crime, even if I say so myself. In addition, the statement “If personal data is used to make automated decisions about people, companies must be able to explain the logic behind the decision-making process“, which comes close to a near impossibility. In the age where development of AI and using machine learning to get there, the EU just pushed themselves out of the race as they will not have any data to progress with, how is that for a Monday morning wakeup call?


Leave a comment

Filed under IT, Law, Media, Politics, Science

Physical vs Virtual (part2)

In part 2 we look at the virtual aspect in all this and for that we need to take a look at the other part of the equation, and see where the interaction ended up, because that is also a matter that truly counts.


It started way before now, but the now gives us ‘Facebook moves 1.5bn users out of reach of new European privacy law‘ (at https://www.theguardian.com/technology/2018/apr/19/facebook-moves-15bn-users-out-of-reach-of-new-european-privacy-law). You see the law is one thing, yet in all this, when we see “Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally“, was anything illegal done? When we see: “when asked whether his company would promise GDPR protections to its users worldwide, Zuckerberg demurred. “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he said“, did he lie?

Those are the immediate questions. The General Data Protection Regulation (GDPR), the EU in this gives us “replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy“, so the people created their account long before these privacy issues were there. They never cared for the longest time, as long as the US government didn’t get any data and when we respond to pornographic images and videos on social media, oh no, that was not us, that was merely Gavin Barwell (see part 1), in a time when his mind should have been all other kinds of matters. Ah well, we all have an itch now and then. Yes, it is that itch, because we are all on social media for some reason, to share, to look, to listen and to judge. Some of them actually communicate, and that has also been proven so communication on social media is not a fab. So when we see the EU site on the GDPR: “the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process ‘in context of an establishment’. This topic has arisen in a number of high profile court cases. GPDR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not“, the first thing we see is that social media has no business having offices or processing data in the EU, that basically is the signal for Facebook to vacate using the ASAP protocol and they did just that. And Mark Zuckerberg did it all in the spirit of it all, it is just not what was expected and the Senate hearing just gave themselves (allegedly) access to de data to nearly all the European users. the second part gives us “The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU“, so with ‘monitoring of behaviour that takes place within the EU‘, is a much larger issue and Alex Hern makes no mention of this anywhere in the article (that is not an accusation), merely that Facebook has moved the data and that the people in the EU have less rights under US law. Was that not always the case? Was that not the initial setting when Facebook started? So when we read “This is a major and unprecedented change in the data privacy landscape. The change will amount to the reduction of privacy guarantees and the rights of users, with a number of ramifications, notably for consent requirements“, which we get from Privacy researcher Lukasz Olejnik, we actually do not get anything new, because the GDPR would not have been enforced until next month, so there! (OK, not an entirely justified outcry, but I am feeling batty)

In all this the missed issue of monitoring is actually a lot larger for some and those boasting on what they bought on the dark net (some people remain simple on every level) will have a few repercussions, yet in all this when it regards Cambridge Analytica, we see all kinds of media exploitations, rumours, alleged actions, yet no arrests, no one in the dock and still the entire mess is merely focussed on Facebook. We have seen news on a massive amount of apps collecting data, smart toys, and with the upcoming 5G, the RFID and mobile tag as well as device tags will be an exponentially growing data market with the entire Fortune 500 chomping at the bits to get their fingers on that data, yet at present the legislation has been faulty at best and nominally missing completely. All that because the people give it all away willingly, that is what the next fridge with a £250 discount will warrant, as did the 2016 Sony Smart TV as just about all following models. that is not a joke, you agreed to this when you bought the TV,

it is in the end users license agreement and they are not alone, it is a massive list of corporation that are doing this and the media was, yet they were largely silent about it and the Sony issue in 2012, where the media is what I would personally label as: ‘whoring for advertisement options‘ instead of informing 30 million consumers on the change and its impact, is what still has my nostrils flaring 6 years later and I am an actual Sony fan.

So as we see how we are singularly focussed on where our personal data is and not what we allowed it to be used for, especially as it came with the free use of Facebook, we all need to accept that nothing is for free and the corporation requires its return of investment, well in the case of Facebook merely 60 billion. Where did you think that value came from? Watching advertisement? In that Facebook and google are largely alike. So in these issues in the physical and virtual side, we are short on memory, too large on emotions and unclear on how to make the houses of Lords and Commons more accountable for the matters at hand. Even as they cannot prevent you from staying with Facebook, we all have been failed by legislation that was too slow and MP’s that are showing to be lacking the necessary skills to do something successfully. It would be so lovely if Sir Martin Moore-Bick would be kind enough to show both matters, because it would have a much larger impact. Even as we see, (what I would personally call) the failed false promises of Jeremy Corbyn regarding housing, with: “One million new “genuinely affordable homes” over a decade, mostly for social rent. That’s not quite 1m new council houses – a chunk of these would be delivered by housing associations – but it gets very close” is also a Porky Pie of the largest order. You merely have to look at google Maps to see that there is no place for even 30% of that in London, so will they mostly be in Wales, Penzance, Brighton and Scarborough? In addition, none of the sides of the houses
(Lords or Commons) have successfully done anything to make a change, regarding leasehold which will drive the entire social housing matter further and 1,000,000 houses will not nearly be enough. So, back to the Virtual part, because that is still central in this. In that part I have to thank the realtor Harcourts for bringing the juice.

You see, with: “NPP1 – Collection of Information; Agencies are prohibited from collecting personal information unless it is necessary for one or more of its functions. Personal data should only be collected in a lawful, fair, and not unreasonably obtrusive way. The agency must disclose certain information at the point of collection“, yet in all this the terms: ‘unless it is necessary for one or more of its functions‘ gives a much wider scope, does it not? In addition, with ‘only be collected in a lawful, fair, and not unreasonably obtrusive way‘. So when they (the real estate in general) offer a £199 rebate for registering you as the leasehold owner, how many people do you think that will consider it necessary and not unreasonable? It merely needs to satisfy one function and the deed is covered with the mantle of opportunity. In addition we see “Personal and sometimes sensitive information may be collected and stored on standard real estate industry forms, such as tenancy applications, listing forms, etc. These need to be secured and available for inspection by customers“, so when did you look at what some call the RP Database? In Australia there is a firm CoreLogic and it has a product called RP Data Professional. In all this we see: “RP Data Professional is the leading property data solution used by property professionals in Australia. Prepare reports for prospects and clients, generate value estimates, verify information and conduct valuable research and highly targeted marketing. Packages starting from $150 / month“. It is widely used by debt collecting agencies as well as realtors. You would be surprised to see all that data and what every address offers. Do you think that they are the only ones? Data is gold, it is the printer that allows you to print your own money and for the most it is massively unchecked. Now, I know that RP Data is merely a facilitator in all this, all perfectly valid, and nothing illegal. Yet when we consider ABC in 2016 with “The Reserve Bank has taken the highly unusual step of switching its preferred home value data, arguing that CoreLogic’s figures overstated price growth in April and May due to a methodology change“, so as you see the data goes a lot further and for the most the people, the tenants and Real Estate seekers are totally unaware of such parts and in all this do you think that the UK does not have its own options. In all this, with the explosive cladding issues, did you not think that the clad dealers were not tailoring to ‘property value increase at minimum costs’? This goes a lot wider in several lanes and the sudden much larger issue of cladding is almost not looked at (I did say almost).

So when we see “CoreLogic’s head of research Tim Lawless acknowledged that the changes to the index may have temporarily bumped up the figures for a couple of months. However, he said other data indicate that those two months were still relatively strong for Sydney and Melbourne housing sales” we forget to look at the aligned indications and what else is setting the pass in all this. Even as the last parts were the Australian side of this, CoreLogic is also active in the UK. In this no one seems to have talked to CoreLogic to see if the cladding industry has been given (through subscription) access to the UK RP Database. Is that not interesting too? You see, when we accept the January setting of “Just three tower blocks out of almost 300 with the same “dangerous” and “flammable” cladding as Grenfell Tower have had panels taken down and replaced“, how come the number of buildings is so high? Are all cladding providers so very bad, or was there a very intelligent salesperson selling cladding to the right people, when the timing was just right? I am fairly certain that this part of the conversations has not been showing up anywhere.

The virtual side to the Grenfell disaster was not seen, perhaps that part was immaterial at that time, yet when we see 297 tower blocks in a serious setting of harm, with the initial setting of finding the proper candidates, have we considered that corporate social media (like LinkedIn) could be used to get the goods (in alleged Cambridge Analytica style) to create fear in other ways? A lack of value versus a larger valuation set against a minimal investment. You show me a person who turns that down and I will introduce you to a person who is very aware of the concept of dishonesty.

You see, we have seen for the better part of 5 years the notion of taking fear from the workplace, usually in the style of ‘Corporate Leaders Must Remove Fear Factor from the Workplace‘, which we get from the Huffington Post (at https://www.huffingtonpost.com/mary-prefontaine/corporate-leaders-must-re_1_b_1437445.html) as early as 2012, so when we see “As reported in the Harvard Business Review, employees faced with incivility are likely to narrow their focus to avoid risks, and lose opportunities to learn in the process. Obviously this impacts their level of personal success and the success of the organization“, yet in equal measure, those actors never considered to take the fear factor out of the boardrooms, which are forever ruled by the bottom line and in that respect there is very little difference between a corporate boardroom, or places like the Kensington and Chelsea TMO, which has one bottom line, which is the value of housing and the rise of values of upcoming new housing. So now, the entire Metro section we saw in part one with ‘Cladding added to Grenfell Tower to ‘improve view for nearby luxury flats‘ it makes a whole lot more sense does it not? It is my personal view and opinion, yet in all that data was at the very Core and Logic of it all (pun intended). So when you think the Facebook data is an issue, guess again. The issue is a lot bigger, wider and more exploitable at the expense of yourself of course) than you would have thought.

All within the considerate view of those not looking at any of this, and you think I went deep here? I merely touched the surface and I will be very surprised if the public inquiry touches on any of those matters, not because they do not want to, but because the legal scope is unlikely to be there, as it would have been in the emotional seeking justice side. I guess that it is one of the questions that certain councils do not want to answer, so making sure that the question is not asked will be a first priority for all of them, because if it does get to the table, those who want to stiff Leaseholders with a £40,000 bill might optionally end up being not so successful and there is every indication that a fair chunk of those 297 tower blocks are currently facing a similar dilemma.

That is just my thought on the matter, and in all this, when you start realising the issues at hand and the time that this has taken, in addition that I saw some in minutes a few more in hours and one or two through my decades of data experience, are you not surprised that the elected officials remained in the dark? I know I am one of the better ones on the planet, but I know close to a dozen equal or better than me, many living in London. Do you actually think that some were in the dark or are they allegedly keeping themselves ignorant? In that case, if more happens, how many lives was the price of that ignorance? Can we afford to find out?

I’ll leave you with those questions, have a great Friday and do try to enjoy the weekend!


Leave a comment

Filed under Finance, IT, Law, Media, Politics