Still want Alexa?

[Ed P]

Richard – I did not miss your point about commercial data collection and I thought I answered it – when I use a credit card or store card I do so knowing that the information goes into the great data crunching engines of commerce. I also know that my purchase will be subject to cluster analysis as another data point in the customer profile. I also know that if my name appears on certain Government (bureaucratic) agencies then it too may be used for raising flags etc. Do I care, hell no, if I wanted to hide something then I’d pay cash or trade something. I have the luxury of being able to make a knowing choice.

I don’t actually really care about the Government’s surreptitious collection of meta data. However what I do care about is the control and access to any retrieval algorithms that spit out full profiles on individuals is subject to full independent judicial oversight. When someone asks for a full profile on Nigel Faragh (say), then they better have a damned good reason that will stand up to Judge scrutiny before that access is authorised.

There have already been published breaches where Police Officers have used such access to stalk celebrities – these were caught AFTER the event. I’d like to see controls (warrants) that stopped them before they reach that stage.

[Richard]

Ed, I had written a response to your message and was profoundly surprised not to find it listed here, perhaps it was my fingers.

Two points,

1. Anyone, no make that everyone who accesses and uses data without good, authorised cause should be subject to legal action sufficient to ensure no repetition and to discourage anyone else being stupid. I do not care from whence they came or for whom they think they work. I am not sure that I am so committed to requiring Judge scrutiny before that access is authorised. There are many cases in which a primary actor is under legally sanctioned observation but their contacts come into view as a result. Some judgement is required in such cases, a single contact my be vital or of no consequence but so might frequent contact. Should every follow up also be subject to some form of warrant?
2. Thinking that no data will ever be collected or that by locking down your mobile and ‘protecting’ your web access you will stop anyone knowing anything about you is at best naive.

The HMRC project has a huge appetite for data and collects large amounts every second of the day, it is normally machine processed and as far as I know data only becomes accessible to humans if the machine finds doubts. In a way this is better and more confidential than the old system that was processed by humans and existed as far back as the early 1950s and probably before then. I understand that this and other collectors also gather data from such as the credit reference agencies, one would hope that is in part to stop some of the excesses of the loan sharks.

Social, (antisocial?) media is developing software to allow anyone to take a snapshot of a person anywhere and map that to anything and everything found on the media database. Facebook are expressing some limited concerns but I expect this is to make sure they can take their cut.

There are far more cases than just legal and financial, the murky area of medical data is also important. I have family reasons for wanting advanced research into a range of conditions, illnesses and the way to rule out unsuitable treatments. However, we have also withheld agreement to mass collection and dissemination of medical data. There will be times when medical access to such data will be vital, there are other times when research access to data patterns might be of huge value, and yes, both could be affected by our choice. However, the sloppy handling of data is the weakness so yes it should and must be subject to controlled access with heavy penalties for those who breach the access rules. It would be helpful if the screening processes are also vastly improved. Those with mental health issues, those with mixed allegiances, etc. should in my book not be allowed anywhere near such data.  This is something the Americans appear woefully bad at dealing with  at the more intense levels while we allow those whose balance of mind can suffer due to domestic issues and encourage them to track those who should not be tracked, etc.

Where the heck is the active audit alarm system and who the heck is monitoring the alarms. It is all pretty basic stuff when you consider the activity with a moment’s thought. If I was in personal contact with some deviant* character I would certainly expect to be investigated.

*Deviant in this context covers all possible forms from a common fraudster, via terrorist through to the more common use of the term.

This time I hope I post correctly!

 

[Ed P]

The medical data of the UK has already been sold off. link

I have now lost the links but at one time it was possible for anyone to peruse (dummy) data at each level of authority. While I was initially outraged at UK health data being sold off to the Yanks, I was less concerned once I had a play with it. I think it would probably be possible to identify individuals in some rare circumstances but only if the individual had a fairly rare (but obvious) complaint or lived in a very isolated area.

[edit] I do not think I have a major disagreement with you on the accumulation of data by the Government. Where you and I differ is on ‘trust’. You appear to believe that deterrence is a sufficient control, whereas I want an independent person of known probity  to hold the access keys – and certainly NOT Government appointed toadies. I want this not so much because I distrust politicians (though any sane person should), but because information is power, and power corrupts. I therefore distrust anyone and everyone associated with the processing or oversight of these systems.

Anyone who has done a night-shift in a computer centre and witnessed the ransacking of HR files that takes place will know why I have such little trust in human nature or sanctions that apply only IF the perpetrator is caught.

[Richard]

I did not want to place my trust in deterrence alone, I consider that vetting needs to be taken to a whole new consistently high level. Put another way how can you trust the ‘independent’ person unless they have passed a vetting to an acceptable standard? We have seen and heard of so many cases of unsuitable staff gaining access to the keys of the kingdom, Snowden and Manning, (especially the latter who apparently had huge personal issues and needed help not guilt free access to material he should not have been able to access) have been named but what of the unknowns who rifled through the naked snapshots some unwise people had posted them, via something like Yahoo was it not? Several ‘management’ issues arise, how come the large and indeterminate number of people had the access permissions, the time to access and in many cases copy materials for which they should not have had the time, authority and facilities to copy?

I understand your concerns, but I should ask, were those watch-keepers ever vetted, supervised or had action taken for any malfeasance? Were there any access logs and were they ever checked? Did the system have any checks to confirm how many different data sets were being accessed in a short period of time by authority codes that suggested a limited need for such activity at the time. Did anyone even care? Should easy access be provided to display human readable data to such operatives in the first place? I suggest the watch staff were simply gathered on the basis of minimal pay for a usually boring task and one that sadly is frequently not done very well, unchecked back ups that fail, etc.. HR records are usually only accessed for set periods of the day from known job related and defined points.

The sort of live data that I was more used to accumulated constantly during all hours of the day, though it was typically buffered and often batched. It was a rather different animal to HR records anyway. The ‘buffers’ took a range of forms and no one had easy access to them. The more OLTP activities checked data in live form as it streamed into systems and spat out exceptions via dedicated routes according to predefined and vetted triggers, they were not set as a trivial action. Deep scans were more of a batch form and took a whole lot of machine time. In one case I was quoted two full days while nothing else could process. The normal use ran for only about 6 machine hours per day. That study, into machine performance, (nothing personal at all) was at a very detailed level; it was amended!

[The Duke]

Think you’ll find manning blew the whistle on the personal picks being sent round the offices.

The sentence on him was disgusting and an all time US low, well not quite slavery, but still unbelievable,and was all just part of the war on free speach that the Americans have been under for the last decade.

The sentence was unbelievable given Coldwar spies was give a small fraction of jail time that he got. The whole Obama administration was discussing and has many echos of TB and new labours stint her.

Llickilly for manning and Obama commuted the sentence and they look like to be out in may. I still think he will of spent more time behind bars than any other US convicted spy/traitor

Hopefully now Snowdon gets welcomed home by his country as a hero for outing the illegal non constitutional dealings of an un policed, above the law NSA. The people should of been positioning his treatment long ago.

Ad an ex service man I understand the diffence between whistle blower and traitor.  and greatly respect a person then stood up for what they believed live,know it will come a personal costs. Bit it should have to.

Manning staggers the line, of the two, but by giving the docs to an outside forign agency, in the way he did, I think he does come under traitor even if he was doing it for good reason, just cos how he went about it. Though his sentence is no in line with any president set before him.

[Richard]

I have never been an active service person. Most of the people with whom I have dealt over the years served in special roles which in many cases bypassed the normal training. Father spent the war blowing things up and dismantled things that might go bang. He operated to very specific rules, basically never leave anyone behind when blowing things up and try not to blow up anyone on the disassembly line! Everyone encountered later operated to the same rules and knew they had to rely on their comrades at all time.

I still make the point, no one should ever be put into a role where they cannot be reliably allowed to operate. Vetting is vital to ensure that is met. Sadly I have to agree that the NSA has been staffed with too many I would not trust to cut the grass in an abandoned field. That was my point all the way through this stupid saga. No one in the NSA ever appeared to yet the job right, from head to toe, and that includes Snowden, who like all of the other failures, should not ever have been employed by the agency.

Sorry, I should have said as far as I was aware Manning was on ‘active service’. Intervention should have happened a long time before he flew so far off the rails. It is one clear case in which deterrence could never work. He needed vastly better HR management – and he should possibly never have been taken on in the fist place.

Should heads roll, yes, have they? Do not bother to look. That is the indefensible bad news, all in one package.

[Richard]

A late and hopefully closing question.

Question: Why do departments such as the NSA resemble fish?

Answer: Because they both rot from the head.

Hopefully that is something that we can all agree about.

Edited to remove drafting errors

[The Duke]

The main issue with these covert services is if they go rouge, which the NSA did, the director lied to a senate committee months before Snowden leaked what he did about prism, is if all the bosses are actively g illegally, to fulfill their own agendas, there is nobody that a true patriot can report to.

So they have to take the issue public. Now if prism was legally sanctioned by Congress then Snowden has to suck it up and get on with his job. As he knew it was illegal, he was right to bring  it to the public.

Alot of good has come from what he did, encryption is now almost right across the board for instance now.

[Author]

Posts