Categories
Business LAW

GDPR is so stupid it is scary

I can picture the scene.  Some EU bureaucrat, on his low tech EU email client, had to go through the EU complicated way of reporting yet another viagra spam email.  “This has to stop!” he righteously  complained loudly to other EU bureaucrats twiddling their thumbs.  “I cannot receive that email I need from Nigeria because the damn system keeps thinking it is a fake prince sending it!”  The rest of us don’t know why they didn’t just use Gmail instead.    We hardly remember what spam is here in the rest of the world, because Google’s AI deals with it so effectively before it ever gets near us.

But the EU bureaucrat did what EU bureaucrats do.  He made a committee that started a process which made national committees which authorized funds to research a topic which needed researchers to hire more bureaucrats to end up with a massive nonsensical blurb which they eventually got other EU bureaucrats to vote for and announced to the world in what is easily the grandest proof of how far behind reality they all are.

GDPR is so broad in its scope it is legally practically trash.  The more you read “experts” analyze it, the worse it gets.  Since when can a legal requirement from one group of countries force the entire planet to do something?  If I, a euroloving citizen, travel to a remote tropical island with 50 inhabitants and one computer and the hotel there asks for my data without doing all the GDPR it needs in IT infrastructure and communicating, can I then sue them?  It seems I can.

For anyone with the slightest experience in IT and database infrastructure, the more you look at GDPR, the more you despair.    Because unlike the counter productive cookie banner which simply wastes a little time, GDPR was implemented using what looks like knowledge of current IT practices.  Some of those well paid committees and their well paid experts actually did some work this time and hashed together a semblance of what they think a modern IT infrastructure should look like.  Which is even more problematic.

This is a big planet and a “legal entity” is an extremely fluid notion.  You are reading a personal blog where I publicly air all sorts of complaints about things I see and don’t like.  Do I have to prove I don’t make money out of this blog?  What if you are subconsciously impressed enough to hire me as a consultant as a result of all this wisdom?  Sure there are enormous companies with legal departments and big IT clans.  Even those however have very different approaches to how they are organized both in terms of the role of marketing departments and in terms of IT philosophies.  And of course probably 99% of “legal entities” on Earth have no IT department and no marketing department.  Or if they do it is one person struggling to get the basics done.

I am really curious to see the first case of someone being charged under GDPR.  What sort of “experts” will be called upon and what sort of “standard” they will retrospectively demand.  “Sure, you used double opt in for the past ten years, but look, here on page 2536 of GDPR, clause 7d stipulates that….”  And then you will counter with by analyzing entries in your database from eight years ago.  And then some sort of IT wizard judge will be able to come to a conclusion?

If GDPR was designed to curtail Google and Facebook it is the most ridiculous and destructive indirect way to do it.  The EU can slap penalties on these companies anytime it wants to anyway.  It doesn’t need to cripple everyone else in the meantime.  If anything, Googlem Facebook and other big U.S. platforms will come out stronger from all this as millions of small companies will prefer to use their cloud infrastructure rather than try and figure out how to be GDPR compatible.    If GDPR was made in order to promote specific types of marketing and penalise others it is high time Euro bureaucrats crawled out of their holes and visited the real world.  Marketing has moved a long way since those Viagra emails only you keep receiving. because your email infrastructure was built by a committee.

The EU put up a nonsensical, needless roadblock to doing business in Europe.   Legitimate Nigerian princes with large inheritances will simply do their business somewhere else.

 

Categories
Business

GDPR – Things you want to learn from this latest EuroFAIL

  1. American companies just laughed in the face of GDPR legislation.  Their legal departments probably had a whole load of other stuff ready to roll out anyway.  “By continuing to use this website…”  and whatever too long scroll down you never bothered looking at just got longer.  Amazon already has a segment referring to the zombie apocalypse.  In essence, they treated it like the completely counter productive cookie acceptance button.
  2. Smaller companies struggled to understand it and comply.  In essence all such regulation plays into the hands of bigger companies.  They have IT departments, marketing strategies, legal eagles and everything you need to understand and deal with it.  Small businesses are now weighed down by one more hurdle.  The European Union shot them in the foot of any plans they had to get more digital.
  3. A whole ecosystem of advisors had a field day.  Some of us are old enough to remember that the same thing happened with Y2K and every other end of the world scenario.  Marketing “specialists”, legal “experts” and IT “consultants” love this sort of thing.  You are paying for them to prove you need them.  To make you feel safe.  To cover your ass when the boss asks if everything is OK.

Let me be clear.  I am in no way a Euro skeptic.  I love the way they managed to ban roaming charges.  When they facilitate trade or movement of people in Europe.  But not this. This is too little, too late.  So late that it isn’t even relevant.  If they want to beat Silicon Valley, this approach will not work.  If they want to levy enormous fines on Google or Facebook they don’t need to invent pitiful excuses like this.

Innovation.  These days, even in the legal department tricks you have to do much much better than GDPR.

Categories
Business Society Technology

How to really beat Facebook or Twitter either as a competitor or as a legislator

The whole privacy debate around Facebook is a joke. I mean literally, Zuckenberg must be laughing privately about it. While it avoids the real issue, he rests assured that legislators have no idea what Facebook is really about: lulling you into a false sense of security so that you will unwittingly give away private information in the wrong context. If that sounds too devious to you then you probably don’t use Facebook a lot. Or you use it and don’t think. Which is exactly what it wants you to be like.

Www.Personaldna.com was a great idea and it offers an intelligent, possibly automated solution to this privacy problem. I used it at work to build teams’ awareness of the different characters, strengths and weaknesses and team dynamics. It is a shame it hasn’t developed at all but this is probably because the people that made it have been hired by Google. Which is the only company that understands what this article is about. Personal DNA built a psychographic profile of you based on multiple questions. It is accurate and, better still, you can invite someone to take the test and see what he or she think you are like. This is also very accurate and offers valuable insights. And it is a million times more useful than trying to clump your friends into categories like Facebook pretends to suggest we should do.

When you post a status update, you can select that “Everyone” sees it. Or “Friends” or some category of friends. Only the first two make any sense. If you select “everyone” or you have forgotten status update in “everyone mode” Google and various tools we social engineers use be able to easily see what you are up to in real time privately. If you select “friends only” Facebook has fooled you. Because what sort of homogenous bunch of friends is the correct forum for this message you are about to deliver? That picture of you in a swimsuit on the beach. You want your uncle to see it? Might your ex boyfriend take it the wrong way? And what about that ex co worker who now works at a company you are hoping to get a job but is a bit conservative? Think before you post it.

“No, don’t think.” Facebook’s interface is like the little cartoon devil that sits on your shoulder to make you forget all these complicating factors. Privacy is either on or off. “Don’t think” it echoes like a ghostly voice. “We want the world to be more open” says Mark as if privacy is like piracy. “Information wants to be free” and other mindless, out of context slogans are catchy.

Privacy, the ability to choose which contact see which information is in fact the basis of all human interaction, probably the reason our brains are as big as they are in our social state of being homo sapiens. And this is how I, a bunch of psychologists, sociologists, programmers and enough funding, can beat Facebook within two years.

All it takes is a few Facebook apps that we will sneak past them. One will monitor everything you post and make a double check for you by throwing random people in front of you as a pop up window. “Before you post that status are you sure Mary Johnson is someone you want to see this?” followed by a few possible reasons. Based on this information it will build the intelligence of PersonalDna over time. PersonalDna actually exists on Facebook as an app but it is way to much like hard work to spend half an hour filling it in.

We would have to invent smarter interface tweaks to keep you interested while getting useful psychographic information off you. I won’t give them all away here. But every time you do something on Facebook, every “like”, every comment, every YouTube video you post, we will be intentionally collecting data about you. Facebook can’t stop me doing this because if worse comes to worse, I can do this as a virtual friend. You will befriend my personal psychologist and I will send you my advice.

The whole thing will hinge on the presentation of the information to you and I will borrow know how from the astrology industry. We will tell you how likely you are to score with that boy or girl you are poking, before you actually poke. We will tell you who in your network to try and impress to get a job. Other applications will tell you which groups to join or leave to improve how your profile looks to specific friends. We will make it all fun, free and cheerful. And accurate.

If it is too accurate it will be scary. That is the whole point of Facebook’s deception in it’s current design. So we will make it accurate enough and fun enough at the initial level of contact. If you want to go to the next level you will have to read a lot and think a lot, so you probably won’t go there unless you are serious.

Of course this platform I will build is much, much better than either Facebook or Google at serving advertising content. Because I will not just know what your are interested in. I will know how you like content served. And which of your friends are likely to buy the product or service too. With much much greater degrees of accuracy.

The accuracy of a self respecting homo sapiens in 2010 and true human development.

Categories
Technology

Open sourcing privacy: my master plan

The advances in neurology are fascinating right now. MRI scans no longer limit themselves to one brain.  It is the interaction of people which ups the ante.  How do my mood changes affect you?  If you don’t want to get bogged down in mirror neurons and spindle neurons and the detailed science of it all, I thoroughly recommend “Social Intelligence” by Daniel Goleman.    Snap judgements on whether or not we like someone or a product are well worth analyzing because the same principles are even more important online.

I famously wrote that I would sacrifice one of my hands for access to the raw data of Facebook or Google.  Well, I just thought of a good way of keeping all my hands and still getting those invaluable insights!  While the media suddenly get excited about privacy online, projects like Diaspora are a good idea.  Yes, I don’t like the idea of giving away my personal information, my thoughts, photos or anything else to someone else.  Of course they will try and make money out of it!  But what if we could establish a research cause worthy of being a part in?

Remember when everyone installed SETI screensavers to help crunch data from alien-looking observatories?   Or the global appeal to help process human genome analysis?  (The idea was we would help discover solutions to global diseases, turns out we just helped pharmaceuticals get richer!)  But we can use the same principle, that same altruistic sensibility to get people’s personal data.  Heck, we can beat Facebook at it’s own game!

Here’s how it would work: a set of totally trustworthy institutions throughout the world, something like the United Nations, runs the show.  OK, we don’t really trust anyone and we all think that once data is digitized it can and will go anywhere, but we will have to settle for the best available trust levels.  Then we get widgets, could be in the browser, could be anywhere else on your computer or mobile phone, that monitor what we do.  Facebook, Twitter, email, whatever we feel comfortable sharing.  Here’s the catch: the data is whitewashed of our names and other personal details from the beginning.  I may choose my data to be shared as “a guy in Greece”.  In fact I, and many others I suspect, would be more willing to give really private information to such efforts, stuff I would never put online otherwise.

Open privacy policy from the beginning because the whole point of this tool is to help you understand how much information you are giving away with everything you do.  (Yes of course Symantec or some other security company could attach it to their antivirus but it wouldn’t be the same, read on.)   And here is where I get my data at last:  universities or other researchers from private or public institutions can apply for access to your data.  They write up a proposal, what they will do, what they will look for and what insights they will give us.  Maybe they will give whoever gives their data up more detailed information to make it worth participating.  So in fact, I won’t even have to do the research, I will just install the browser plug in and choose whichever scientist makes nice proposals!  Then they will give me their findings to mull over.

We will effectively be breaking the monopoly that large institutions like Google or Facebook have over user data this way.  Sounds hard to sell but simply getting the academic community involved would be a huge leg up; in fact they would sell it for me as they would all need the platform to get their research done.   We could even make sneaky Facebook apps for it!

Categories
Technology

An insane privacy bug in Facebook for Blackberry

So I am at  party and someone is really interested in an event I heard about on Facebook.  In fact she is so keen she wants to go asap.  She insists and we are in the middle of nowhere so she logs out of her Facebook account on  her Blackberry and hands it to me.  I log in, find the event, send her the info and log out myself.   Seems straightforward.   We continue the other discussion and she shows everyone how cool it is that her brand new Blackberry shows up pictures of her friends when one of her friends calls.  “It did it all by itself!”

Two days later I log in to my Facebook account and I am greeted by a message.  Facebook noticed that I have been using Facebook for Blackberry.  Would I like to import my contacts?  What contacts?  Her contacts!   All I did was click “yes” and all her Facebook contacts came to me!

I realise that for any American reading this I am already way off the mark.  This shouldn’t be a blog post, this should be a law suit already!  (OK, it is all documented with screen grabs etc just in case I change my mind…)  With the amount of negative publicity they are getting these days about privacy problems, this could make me a fair amount of money.   It is almost a media frenzy right now without adding one of the most popular mobile platforms for accessing Facebook to the mix.

The beauty of this one from a litigation point of view is that nobody can escape the blame.  I looked over the technical aspects of setting up Blackberry Enterprise Server and the options for social networking integration and sure, we could blame Vodafone (the service provider) for anything mistakenly set up in her account.  But then it was the Facebook application on my computer that offered me her contacts!  And she had done everything “properly” by logging out before handing it to me.

But no, I won’t add to the calls for everyone to delete their accounts from Facebook.  Yet.  In fact I just started a second Facebook account for myself in English.   I will just be more careful not to post any information more personal than I do on this public website.  And for sure I won’t be handing my Blackberry to anyone at parties…