* Posts by subject

19 publicly visible posts • joined 14 Feb 2015

ICO probes use of data analytics by politicos following Brexit vote


Re: Tricky but important

Excellent points.

That said, re the extraterritoriality point (2) the GDPR was enacted PRIOR to the referendum. By the time the ICO gets around to enforcement, we'll be in the enforcement phase anyway. New territory, but the ICO has options. Of course Cambridge Analytica would never interfere in elections, but if they were considering doing so then a 4% bite of worldwide revenues per election might put them off their stride.

If that won't fly, then even under existing English anyone (from your first point) feeling they've been conned might be able to do them for a couple of thousand quid each. (Since Woolley v Akram Scots law also has come up to the mark). Group litigation, anyone?

Likewise a 20 million fine of each and every manipulative political party might slow them down too. (Or else increase taxes to pay for the fines)

Sir Tim Berners-Lee refuses to be King Canute, approves DRM as Web standard


1. This promises to be a massive boon to those wishing selectively to destroy internet access to any chosen individuals or classes of individuals: namely, every nation-state in the world (not just the usual suspects, but also nations such as the UK which already has internet-associated court orders in law and would love to do the same things less visibly outwith the law).

2. Independently of that, if executed the proposal permanently will end anonymity on the internet.

In fairness, apart from those minor issues, it's all peachy. Beyond the catastrophically expensive lunacy of DRM itself, and the entrenchment of mercantilism, and the undetectable but illegal discrimination by commercial interests, and the final death-throes of the free market in digital services, which of course are mere economic problems. But I guess these last things are the real purpose, and the first two points are just collateral damage.

'Hey, Homeland Security. Don't you dare demand Twitter, Facebook passwords at the border'


Re: This has been a policy since at least 2008

Be fair. Mr Trump only wants your Twitter password so he can log on to your account and force you to follow him. And what's wrong with that? Anyone on Twitter deserves to follow Mr Trump. It's a benefit, not an punishment. And listening to Mr Trump's pearls of wisdom is simply joyful.

New Royal Navy Wildcat helicopters can't transmit vital data


This is extremely unkind. Plainly the users are inadequately trained in security and this is a belt 'n braces security precaution to prevent enemy hacking the feed and sending ship-killer SSMs down the channel.

It was, after all, a similar security lapse that led to the Beyond the Fringe expose of the British stealth Seaslug nuclear deterrent, relying as it did on teams of highly trained runners carrying it deep into enemy territory, literally under the radar! Later technically improved with new systems such as "sleeper" cells of British Olympic relay runners infiltrated into enemy territory 40 minutes in advance of the primary delivery platoons.

If that is insufficient to allay your fears, let me remind those doubters and doomsayers that it was the same service, the Fleet Air Arm, that crippled the Bismarck with its stealth Swordfish torpedo bombers, cunningly disguised as targets for German AA guns. German ingenuity and technological superiority yet again outwitted by British cunning, pluck, and stupidity at its best.

And if there are still any gutless frog-eating reverse-gear-tank-driving whining white-feather Bremoaner merchants, there are still a few zero-electronic-signature radar-proof stealth Tiger Moths in service somewhere to give the lie to all your cowardly Europhile technological nit-picking.

Brexit will happen. The EU GDPR will happen. You can't avoid either


Re: «Accomodating» is the word

@mhenriday: don't worry, I think Mr Winton is utterly wrong on both the ICO's accommodation and the ICO's relevancewhen push comes to shove (he ain't ever seen automated litigation). Of course I'm a lawyer too, so neither of us have a clue ;)


Re: Tearing ourselves away from endless Brexit analysis for a moment

@Seajay: don't get too excited! The new anti-profiling rules are just a recycled version of the old Directive rules (cf section 12 Data Protection Act 1998). Just like the so-called "right to be forgotten" is just the recycled right to erasure (cf section 10 DPA). Plus ca change on the rules.

Remember: nothing has been suddenly made illegal - in fact all data processing has been illegal by default (ie unless you can justify it) since 1995. Indeed that's the British way, not just the EU way (just look at Copyright Designs and Patents Act 1988), as my US intellectual property lecturer sardonically put it years ago. On top of that, look at British Gas' excuse "it was our computer wot done it not us guv!" in Ferguson v British Gas, one of the funniest Court of Appeal judgments I saw last decade.

On your specific query, it's quite simple. Part of what you have to do to legitimize use of profiling algorithms is to disclose to your customers the substance of what the algorithms do (see for example Article 13). As someone working on profiling algorithms for "big data" decades before it was called that, I heartily endorse this approach.

The real differences are: now they'll be enforced. And everyone and his dog can enforce them. And now the fines are existential. At last people will be dragged kicking and screaming into the late 20th century...

And don't worry about startups. The GDPR will supercharge the internet of things by (inadvertently) destroying all the barriers to competition in that field. I leave it as an exercise for you to work out how... :).


Well done Mr Bradbury: by far the most insightful article on Brexit and the GDPR I've seen in a trade journal. There are some extra reasons nobody in the UK is likely to touch the GDPR for a while (associated with means, motive and - as a Home Office project - opportunity), but that's just icing on the cake.

That said, the GDPR is already embedded into UK law and it provides many commercial opportunities as well as threats. The mere fact it doesn't come into force in May 2018 doesn't mean parts of it (notably some of the Recitals) can't be exploited right now by companies - whether defending themselves against e-discovery in foreign law cases brought in civil and criminal jurisdictions (in my experience the "usual suspect" governments and competitors are found in the USA and Australia), or seeking to damage bigger competitors (as Google recently discovered), or taking advantage of the way the GDPR will eliminate many barriers to IoT startups.

Three non-obvious reasons to Vote Leave on the 23rd


Re: Didn't British lawyers draft the original European Convention on Human Rights back in the 50s?

@Xamol: SPOT ON. Drafted at Churchill's instigation by the Scotsman David Maxwell Fyfe, later Tory Lord Chancellor, formerly Britain's chief Nuremberg prosecutor, the man who found the way to rip apart Herman Goering's defence in cross-examination.

The ECHR is English natural justice in drag, rammed down the throats of the European nations' legal systems so that fascist governments in Europe could never rise again. The UK was the founding signatory. Stuff like Right to life. Right to Property. Non-confiscation. Non-enslavement. non-torture. Even fair trial! Freedom of expression! Privacy! How refreshingly novel!

Cute irony isn't it? Both parties, under Thatcher and Blair, tore up English natural justice along with what was left of the constitution. Now they chafe under our last brake on tyranny, the ECHR. Churchill's greatest legacy. Well done, Conservative Party! Slow handclap!


"Erdogan's Turkey has no chance." ?????????

@LDS: That's only half true. Because actually Turkey has EVERY chance to join the EU. Simple mathematics. They started ONLY 29 years ago, and they've ALREADY satisfied one of the key Chapters (on science and technology research iirc?). So they ONLY have 34 chapters to go. At that rate they'll be done in JUST... 34 x 29 = 991 years! So they'll be swarming our borders as early as January 3007! We must stop them! Start the clock! Lock up your women and children! Arm yourselves! Vote Leave!

But, unless he adds a bit of future medical technology, or brings some Romanian ancestry to the party, Erdogan might not live to see it. So, in fairness, what you said was half true.

Patent trolls, innovation and Brexit: What the FT won't tell you


Re: So why is Brexit the answer?

@Voyna: indeed. And Britain used to punch well above its weight in the EU bureaucracy. However, during the last decade we've gone from "winning" over 97% of the council votes all the way down to a disastrous 86%. No wonder our politicians are upset, we're now beating even Germany in our dissatisfaction. On the bright side, I suppose it's good we can still beat the Germans at something...

Note about half of that 14% shortfall are abstentions - if our politicians remembered to vote on proposals for European legislation we'd have some clarity on the final figure. A bit like the way we often don't bother exercising our right as a Member State to make submissions in European Court of Justice cases, and then whinge about the result after the fact... How convenient.

And so in fairness much of the reason for the colossal public ignorance in Britain of all things EU (including both sides of the Brexit "sham debate") is the fault of our politicians, media, and chattering classes.

(At least our business sector isn't so bad - for example, in respect of the recently enacted General Data Protection Regulation, British business is only the second most ignorant in Europe)


Re: So why is Brexit the answer?

If anyone cares to get a neutral "reality-check" on their voting decision, the Bar Council has released four non-partisan papers on all things Brexit and non-Brexit. http://www.barcouncil.org.uk/media-centre/news-and-press-releases/2016/june/barristers-publish-non-partisan,-fact-based-report-on-european-union-membership/

I think many, perhaps all, of the contributors on both sides of this discussion could benefit from checking out the parts that interest them.

You won't believe this, but… nothing useful found on Farook iPhone


Re: Honest

No. They're above the law - well above it. The test is whether they can and will be prosecuted for any unlawful decisions. And that's why the so-called "war on terror" already has been catastrophically lost. In response to relatively trivial death tolls we turned our own nations into moral wastelands, destroying the rule of law and with it everything for which we thought our nations stood, even before we started turning the "wrong" nations (never Saudi Arabia) into physical wastelands. The problem is not the surveillance agencies - it's the policing agencies and local government that convert all petty crime into national security issues.

We, of the moral high ground, bombed the people of Syria over 22,000 times last year. And we whine when one or two of them go all entrepreneurial and bomb us back. It'll get much worse when our own people start using our own asymnetric warfare techniques (first deployed in acts of war against Iran by the USA and Israel) against us. Nothing to do with religion. When enough people with a grievance, including the non-religious disaffected middle classes, learn cyber-warfare, God help us. The Panama papers is just an appetiser. Who needs foreign enemies when we make enemies of our own people? Without the consent of the governed, governments are nothing.

"I have seen the enemy, and he is us".

Data protection: Don't be an emotional knee jerk. When it comes to the law, RTFM


Interesting. Whatever the vendor might think "ownership" means in this context, it can't impact data protection law or criminal law. Perhaps it's assignment of copyright.


Could you please identify the relevant law?

Here's one obscure little EU data protection rule that would be good


Re: Patriot Shield

Privacy Shield and the Investigatory Powers Bill close cousins in that both of their predecessors (Safe Harbour and the first Snoopers' Charter) have been struck down by the Courts (the CJEU and the English High Court respectively), and *for the same reasons*. Interestingly, the first Snoopers' Charter is coming up before the CJEU.


Re: Patriot Shield

No, this is just the annual game between HMG and the High Court.

1. We pass a snooper's charter

2. You strike it down.

3. We go to 1.

MP resigns as security committee chair amid 'cash-for-access' claims


Something is very wrong with this reporting

If (strictly hypothetically of course) you could get 25k for hosting a parliamentary dinner, or 50k for organising one, why on earth would anyone mess around with the (relatively!) penny ante sums being mentioned in the context of Rifkind/Straw? Is a journalist just making some of this up?

Increased gov spy powers are NOT the way to stay safe against terrorism


The stupid thing about the Gloucester fiasco is that the police don't need to examine anyone's computers to prove whether or not they've been downloading files from monitored web links. They can do all that simply by passive surveillance, looking at browser fingerprints. After all, the constabularies buy and sell Big Data. Used to be called business intelligence but tomato/tomayto, the media catch them buying, and from information they themselves have put in the public domain they sell the data from their (unregistered, unaudited, and undisclosed to the parliament) "intelligence" databases at vast profit. By inference they can buy the information if they don't already have it. Remember the Snowden-Schneier conversation: "It's not that the NSA woke up one morning and said, 'We want to spy on the Internet.' They woke up one morning and said, 'Corporations are spying on the entire Internet; let's get ourselves a copy'“.

Conclusion: paying swarms of police to go around arresting people based on IP addresses and confiscating their computers is just inept and costly bastardisation (unless of course it's intended, thus an act of terrorisme (sic), pour encourager les autres...)

I'm thinking of writing a pro bono app for the UK constabularies to identify automatically whether data subjects' computers have been compromised in the Gloucester fashion; and then automatically to email the subjects as to the fact. Would cost the police nothing in labour or money; and would be a very valuable public service. This of course is a subversive proposal, as it would put the police to strict proof as to whether their objective is to protect the public, rather than ramping up the politics of fear. The only downside is it would require the police/security services to plug in the relevant data (via API, not manually) thus exposing the scope of data processing operations, so it would be still-born. So I probably won't do it... In fairness to use it as evidence it *might* (I'm not updated in this area) also require the special judge's formal permission to collect the subject's browser fingerprint, which would mean actual paperwork, but that's bound to be cheaper than running around arresting people at random.

However, it also might exacerbate exemplary damages in wrongful arrest, and its siblings false imprisonment and kidnapping, if it subsequently emerges they already had proof of non-involvement. Likewise if they even had the ability to determine non-involvement: interestingly, matching browser fingerprints is not a difficult technique to learn manually, I could teach it to laypeople such as coppers in 5-10 minutes. Any other lawyers or IT developers are welcome to develop these ideas.

Don't use Charlie Hebdo to justify Big Brother data-slurp – Data protection MEP


Re: Without even a hint of irony

There's certainly a distinction, but (quite apart from your being wrong on hate crimes) it may be the opposite of what you think. You mention two religions, let's add weight by throwing in my own religion, Christianity, as well. In all three religions killing Jews (or anyone else) is prohibited absolutely as a sin against God. So is drawing a picture of the Prophet. These could even be regarded as equally sinful, as both are prohibited in precisely the same place: the Ten Commandments (for the picture, see Exodus 20:4).

So the true equation, with saying threatening, abusive or insulting things about killing Jews, would be saying threatening, abusive or insulting things in respect of drawing a picture of the Prophet. Which, I trust, was not your intention? English domestic law likely would regard both as hate crimes contrary to various sections (eg 4, 4A, 5, 19) Public Order Act 1986 as amended - saved only by the European Convention on Human Rights, as in Percy v DPP.