ZX81
I started on a ZX81s, an astounding machine, even in retrospect.
The products this man developed created & shaped my career.
So sorry to hear of his passing.
524 publicly visible posts • joined 10 Mar 2008
Just another one to concatenate to a very long list of ICO excuses...
"We lost your complaint".
"We are not adequately funded".
"We don't have any enforcement powers".
"We are not IT experts".
"It was only a technical offence".
"There was implied consent for this processing (the processing no one was informed about)".
"It was a small scale trial".
"The solicitor with the Rolls Royce and Surrey mansion house told us he has no money to pay a fine, so we let him off with a £1 fine".
"The GPRS doesn't apply so 5p per offence is the best we can do"
Now
"We are going to fine the crooks! Unlimited cash! (but lets not rush into it eh? we have agreed to an extension so they can suggest a better excuse we can use)".
Always bemused by arguments like this.
Its not the end-user's fault if a developer can't find a sustainable, legal, business model.
If the developer can't or won't charge for a product, and people don't value it enough to buy it, the product will fail... and no one will care.
If the developer can & will charge for a product, and people value it enough to pay, they they succeed.
That model of commerce served IT for decades, without secretly screwing over users, and without betraying them to adtech and organised crime.
I have come to understand the Home Office and UK Judiciary (for they are not independent, whatever they might claim) strategy is a 'long game' of endless delay & obstruction.
Any contrary opinion with which they disagree is deemed "unclear".
While the current law is being challenged, a new law that is different is enacted... and the cycle starts again. RIPA > DRIPA > IPA >..
And Brexit? That neatly eliminate the risk of EU enforcement action.
In effect, unlawful UK mass surveillance carries on regardless.
Applying the ICO going rate for "fines per person affected" ... 0.2p/person... the total fine for Equifax would be 400,000x0.2p = £800.
And even that figure is assuming the ICO opt to issue a fine.
They are more likely to
- blame the victims for not opting out of something they didn't know about,
- claim 'the ICO are not IT experts' and unable to understand the technology,
- claim the leak was 'small scale and technical in nature',
- suggest it was 'too difficult to obtain consent from theory customers for the processing',
or some other utter nonsense.
The ICO are, absolutely, as useless as an ashtray on a space rocket (.. never mind a motorbike).
That would mean BT's fine for covertly using Phorm would be 79x nothing at all.
See, unfortunately, the ICO staff still get to choose which bunch of criminals get fined, and which don't.
And the ICO staff "are not technical experts", we are only "theory customers", and Phorm was only "a small trial [on thousands of people and thousands of businesses that served them over three years by a bunch of foreign spyware developers]".
When Nebuad attempted to do the same as Phorm in the US, it did result in an outcry and congressional hearings.
You might recall this;-
https://www.youtube.com/watch?v=l0AN-UhzsNs
"Just because I belong to an ISP, doesn't give you the right to track me. If I want to be tracked it should be affirmative... it really should be opt in. Why do I have to opt out. Why should the burden be on the American consumer?" said Bart Stupak.
Now, as I understand it, you have no option at all.
Quite apart from the personal intrusion, it also affects the other party to the communication. It is automated industrial espionage / intellectual property theft that will strip hard working law abiding content creators of their business.
The current vacuum of political opposition in the US (and the UK) is truly terrifying.
In short... the woman who was supposed to regulate the Intelligence Services is rewarded for her service to the Intelligence Services with a job at the Intelligence Services.
After the Phorm affair, the Regulation of Investigatory Powers (Monetary Penality Notices and Consents for Interceptions) Regulations 2011 were introducted, with the IoCCO given explicit responsibility for investigating instances of 'unintentional interception' by ISPs.
Yet Jo Cavan stifled every single complaint. No investigation was conducted. No penalties were imposed. No statistics have ever been published (transparency? we've heard of it).
In short, she isn't a "champion" I recognise. If you work for telcos or the Intelligence Services, YMMV.
Phorm was an industrial espionage scam... designed to extract economic intelligence from private/confidential communications.
It really was genuine spyware, GCHQ should have killed it with fire, and the people responsible for installing it should have been tried for treason.
>Think of IOCCO as the police. They do the investigation, and then pass on the prosecution to the court system.
Except they don't. IoCCO claim they do not have the power to refer an offence to the IPT.
So after a finding of fault, or even "recklessness" in this case, IoCCO simpy dump the responsibilty for redress back on the victim, and tell them go forth and multiply.
There is no consequence unless the victim then complains *again* to the IPT and they find in the complainant's favour.
But the IPT reject 99.7% of all complaints they receive. So buena suerte amigo.
"a detailed action plan was put in place as soon as the issue was highlighted".
A detailed action plan document written by the same force that "recklessly" ignored the detailed Code of Practice document.
I can't see that plan being very successful unless it includes reading lessons, and/or a note that the IoCCO are not to be invited for dinner again.
Mozilla could, for example, ask before taking that information. Rather than simply taking it.
And they could offer a user facing preference, rather than expecting the user to navigate past warnings to set the unintuitive option "extensions.getAddons.cache.enabled" to "false" to suppress it.
It is symptomatic of the disregard Mozilla have for their users.
The thing that once differentiated Firefox was the freedom & control offered to users & developers.
Mozilla seem to have abandomed much of that ethos in favour of restrictions and features that favour the interests of the marketing industry & government.
Undoing all of that on a new installation takes time. Lots of preferences to disable, features to restrict, back channels to knock out.
Meawhile, from an extension dev's perspective, to create an extension for FF now requires dev's to register details with Mozilla and have code approved before it can be distributed. In addition, the browser quietly reports back to Mozilla a list of the add-on installations chosen by users. I resent that, it is intrusive and unnecessary. So I've dropped support for FF.
Given alternatives like SeaMonkey, Iceweasel, PaleMoon, continue to respect the freedom of user's & extension developers' I can't see Mozilla recovering that market niche without a dramatic change of focus.
At present, there is little to differentiate Firefox from the default browser installed by OS makers, and little to motivate most users to replace the default with Firefox.
You're hoping Labour might reform surveillance? Good luck with that; Phorm, Communications Data Bill, Jacqui Smith, Lord West, Gordon Brown, DRIPA, UKCCIS etc.
Not forgetting that most of the programmes revealed by Snowden manifested themselves under a Labour government.
Sadly, the only reform you are likely to get from Labour is yet more surveillance, not less.
... GCHQ or Privacy International... while PI's director remain silent about his involvement in Phorm.
So far the net effect of the PI action against GCHQ has been to make "lawful" anything that GCHQ do. (Great, thanks for that PI, with friends like you...).
NB... Lawful in quotes because mass surveillance by GCHQ is clearly illegal under the ECHR article 8.
The excuses...
"We are not IT experts"
Then... "ICO are not IT experts and we lack the power to fine"
Then... "ICO are not IT experts and have the power to fine, but the fines are not big enough to make it worth bothering"
Then... "ICO are not IT experts and have the power to fine, and the fines are now big enough to hurt offenders, but we are still not going to do it because it might hurt offenders"
And now they wonder why, despite 97% public awareness of data protection, only 1% of respondents would bother complaining to the ICO when a data protection offence occurs.
The ICO are absolutely pointless. The truth is there is effectively no data protection in the UK at all. It doesn't matter what the law says any more. Doesn't matter what you think your rights are. No regulator will protect you. No law will be enforced.
Do not trust the ICO to defend your privacy rights against crooks. It never happens.
Begging the crooked frauds running the advertising industry not to track you is just micturating in the direction of the prevailing wind.
Even the ICO don't comply with DNT requests. So who are you going to complain to if the ad industry laugh in your face when you discover you've been taken for a fool?
Like the ludicrous cookie law.
There is a much simpler solution that the ad industry don't want... Outlaw the creation of surveillance databases of personal data & communications data without the explicit consent of data subjects.
" there is little evidence, or none, that the data retained has been or is being [[misused]"
BT/Phorm?
There is plenty of evidence that this data is being misused with impunity. Vodafone + Bluecoat replay attacks. TalkTalk + Huawei surveillance + replay attacks. UK Parliament + Bluecoat.
The intrusion begins the moment a third party obtains a copy of a private/confidential message with the intention of retaining some or all of the content. Subjecting the whole population to intrusive surveillance is simply undemocratic, offensive, and illegal.
The only thing "likely to cause annoyance, inconvenience or anxiety" to the ICO data protection racket is the fear that they might actually have to do some proper work for a change.
Instead of photocopying boilerplate rejection letters fobbing off complainants, and always refusing to enforce the law.
Watch as they do nothing with their new powers, and find a new excuse for inaction.
The telco that allowed the Californian company Bluecoat to covertly monitor their UK network, engaged in replay attacks launched from Bluecoat's offices in California, and all done without knowledge or content from either party to the communications... that one?
See,
Vodastalk; Vodafone and Bluecoat Stalking Subscribers
https://nodpi.org/2011/06/22/vodastalk-vodafone-and-bluecoat-stalking-subscribers/
They are the content of an HTTP GET request.
They are not addressing data. They also reveal the content of the likely response to the request.
Addressing data is the IP address (clue in the name) and nothing else.
That is, co-incidentally, how it was specified in the 'invalid' EC Data Retention mass surveillence regulations too.
Some examples...
BT/Phorm - no ICO enforcement despite covert trials of Russian supplied spyware monitoring the content of customers' private/confidential web browsing, without consent from sender and recipient.
BT/ACS law - no ICO enforcement action despite BT sending an unencrypted email full of sensitive customer data, and despite a court order requiring that data to be encrypted and sent on physical media.
BT/email - again... no ICO enforcement action despite months of security failures that put customers at risk of identity theft.
I'm not sure what it would take to cause the ICO to enforce the Data Protection Act against BT.
... the ICO blamed BT's own customers for the Phorm affair (claiming there was a measure of "implied consent" for private/confidential telecommunications to be covertly intercepted & secretly sold to Phorm).
And also the same ICO that blamed ACS:Law for *receiving* unencrypted emails from a lawyer in BT (whereas BT were supposed to comply with a court order instructing them to encrypt the data *before sending* it via CD/media). Not that ACS:Law were blameless, but if the data had been encrypted as instructed by the judge, it would probably never have been hacked. BT escaped any penality in that instance too.
So sadly... I expect the ICO's conclusions to be that BT customers were somehow to blame... and BT Directors to be completely exhonerated :(
I call it Muffins Law (cf Tea & Muffins at the ICO).
There *is*. And there is something wrong with that in law.
TalkTalk are non entitled to divulge the content of a lawful private/confidential communication (a url) to a third party without explicit consent from sender & recipient (or a warrant for surveillance). (UK RIPA).
TalkTalk are not entitled to retain the content of a communication or anything revealing the content of a communication (EC Data Retention directive).
TalkTalk are not entitled to commercially exploit the content of communication without a licence from the author (UK CDPA).
TalkTalk are not entitled to interfere with the operation of a computer without consent from the operator (UK CMA).
When did it become GCHQ job to spy on *law abiding* citizens unencrypted, let alone encrypted, private/confidential communications?
Or rather, 'adversaries', to use the new colloquialism?
These revelations, or rather the fact of the corrupt co-operation between IT industry leaders and these fascists, will do huge damage to public trust in IT people & products.
Already been done;
www.dailymail.co.uk/news/article-2276344/Adultery-website-Out-Town-Affairs-received-52-000-hits-seven-months-Parliament-computers.html
It would appears MP's communications are being filtered and monitored by an unnamed 'third party', thought to be Bluecoat in California, with URLs being categorised, analysed, and censored (even if legal).
See also;-
https://www.whatdotheyknow.com/request/surveillance_of_internet_use
Sadly. the pres (including the Register) won't report it.
We need to outlaw the unauthorized creation of personal profile databases/communications databases... or in the alternative.... face the unpleasant truth that evil people will create these databases regardless of any signal sent by a web browser if they think they can get away with it.
"It is grossly disproportionate to the crime it allegedly counters"
Approximately the same number of people are killed in the UK after falling out of trees.
On average 5x as many people die every year in UK police custody (~30) as die from acts of terrorism (6).
Meanwhile, 100,000 people die from the effects of smoking every year. Around 2,000 die in road traffic accidents. And 800 from murder. To offer a few popular preventable terminal scenarios.