This coming week the European Justice and Home Affairs Council (ie, national ministers from the individual national governments) will meet in Brussels. There are several items on the agenda.
Top of the list in a memo released by Viviane Redding is reform of the data protection laws. She says,
I am confident we will be able to build on the momentum injected into the negotiations by the Greek Presidency at the last informal Council meeting in January. Seeing the latest progress, I will continue working with Ministers for an adoption of the data protection reform before the end of this year.
Bottom of the list in a ministerial statement from Theresa May is reform of the data protection laws. She says,
There will be a state of play/orientation debate on the Proposal for a General data Protection Regulation. The UK continues to believe that this proposal is far from ready for a general agreement, and that no such agreement can occur until the text as a whole has been approved. The proposal remains burdensome on both public and private sector organisations and the Government would not want to see inflexible rules on transfers outside the European Economic Area which do not reflect the realities of the modern, interconnected world.
And yes, they really are talking about the same thing. Most of Europe has already agreed the data protection reform proposals; but the UK doesn’t like it and won’t play.
The problem is, providing more protection for our personal information is difficult for the UK. It would upset the three most powerful organizations in the country: GCHQ, Google and Facebook. GCHQ would have its ability to collect our private messages, photos, home videos and internet browsing habits severely curtailed — and of course nobody would want to see that.
Google and Facebook would no longer be able to ship our personal information to servers outside of the UK; that is, the US, from where the NSA/FBI could demand access while declining to allow us to be told (assuming they need to since GCHQ will probably have already intercepted the data via its taps on the fibre cables that run between the two continents and simply handed it en masse to the NSA for storage and safe keeping).
Since these negative arguments would not prove popular to the British public, they are being hidden in spurious and frankly false claims that data protection will cost business. Yes there will be some cost in protecting our data (not nearly as much as the government would like us to believe); but that will be more than compensated by the lower cost of doing business with dozens of different data protection regimes. The net effect of reforming data protection will be greater data protection at a lower overall cost.
But Theresa May doesn’t want us to understand that. She and David Cameron would like us to believe that they are protecting us when they are really just protecting vested interests and actually selling us down the river. They are willing to trade our privacy to keep GCHQ and big American business happy.
The home page for Google France from a few days ago. It’s been removed now; but just in case anyone missed it…
Do no evil is best known today as a Google reference; but it occurs earlier in the Bible (2 Corinthians 13:7 King James):
Now I pray to God that ye do no evil; not that we should appear approved, but that ye should do that which is honest, though we be as reprobates.
Do as you would be done by is an immediately recognisable biblical reference (Matthew 7:12 King James):
Therefore all things whatsoever ye would that men should do to you, do ye even so to them: for this is the law and the prophets.
Google has claimed the former, but ignores the latter.
It recently removed two extensions from its Chrome webstore: Add to Feedly and Tweet this Page. This was a good thing. Although the extensions originally did what’s described on the tin, they had been bought by advertising companies of the worst sort. Those advertising companies subsequently slipped in, via automatic updates, adware engines.
Automatic updates are a double-edged sword. In the hands of a supplier you trust they can be a tremendous boon — security patches and software improvements just happen. But in the hands of a dubious firm, automatic updates are a troublesome problem. They can, and in the case of these two extensions, did covertly install all manner of things.
To get round the problem Google has changed its terms of service. In future, extensions will need to be clearly defined — the new terms state that extensions must have “a single purpose,” and be “narrow and easy-to-understand”. Adding a new function secretly, such as adware, clearly breaches these rules.
Google invoked these rules to remove the extensions. In general, however, the company says the new terms won’t be enforced widely until the summer. That implies there will then be some form of enforcement methodology — extension auditing, for example.
Again, this is a good thing. Google is saying that its users should know what the software they use actually does, and it should be easily understood, and their privacy should not be abused.
Which is more or less what the European Union is saying to Google itself. Two European data protection regulators (France and Spain) have already fined the company the maximum possible for breaking privacy laws. Four others (Germany, Italy, The Netherlands and the UK) have agreed that the privacy laws have been broken. Germany, Italy and The Netherlands are expected to levy fines. The UK is more likely to discover some weasel way to avoid fining Google (because of the UK’s traditional thrall to big business), but nevertheless holds Google in breach of the law.
Google is doing unto Europe what it won’t allow its app providers to do unto Google: confuse, break the rules and dissemble. It is clearly hoping and expecting that its sheer size will prevent Europe smacking it in the same way it smacked those that disobeyed its own rules. Here’s hoping…
On Friday Laurie Penny wrote a piece in the Guardian’s Comment is Free: David Cameron’s internet porn filter is the start of censorship creep. The gist is that under the guise of protecting children, Cameron’s government is intent on controlling adults.
For example, she wrote:
The category of “obscene content”, for instance, which is blocked even on the lowest setting of BT’s opt-in filtering system, covers “sites with information about illegal manipulation of electronic devices [and] distribution of software” – in other words, filesharing and music downloads, debate over which has been going on in parliament for years. It looks as if that debate has just been bypassed entirely, by way of scare stories about five-year-olds and fisting videos. Whatever your opinion on downloading music and cartoons for free, doing so is neither obscene nor pornographic.
But we should not be surprised. Filtering has always been used as a disguise for censorship – and not just by governments. For example, I recently emailed Alexander Hanff, a well-known privacy expert and advocate, for his views on the GDPR (specifically for an article I was writing at the time). He replied, but with this surprising comment:
‘Nothing to do with me, guv,’ I quickly replied. Well, he looked into it, and to cut a long story short (you can read the full version on his blog: Gmail scanning becomes censorship), he came to the conclusion that Google is effectively using ‘privacy’ as a trip for its spam block.
Alexander gives several reasons why this email could not be considered spam by any half-decent filter: it was clearly a reply; it included his PGP key; and it included both a delivery and a read receipt. His conclusion:
What makes this even more ironic, is the email content was all about an EU Regulation of which Google would be one of the corporations it impacts most – an email about privacy, scanned by a filter which goes against privacy and run by a company that has declared war on privacy because this single, fundamental right interferes with their illegitimate and unethical revenue model.
Alexander’s conclusion is that this was incompetence, ironic incompetence, bordering on censorship. But it’s a fine line – and personally, I’m not so sure. Google’s filters are essential to its business model. It cannot afford to get them wrong. And its revenue record demonstrates that it doesn’t get it far wrong. A little tweak here, and a little tweak there, and Cameron’s ability to censor anything he wants becomes a simple reality.
And as far as I can see, Google is already testing out its model. In this instance it was an inoffensive email to a journalist about the GDPR. But filtering and blocking emails to journalists is a worrying trend with worrying potential.
I have come to the conclusion that all of this targeted advertising is a load of bollocks, and Google’s ability to grab, store and analyse my personal habits is worthless.
Android has just recommended a Coldplay album, which it says is ‘popular with similar listeners’.
- I had to use Wikipedia to find out what Coldplay is
- I have never knowingly listened to Coldplay; and don’t intend to
- I have never listened to any music via Android (apart from a few accidental YouTubes where I have never succeeded in listening to completion).
OK, so they got that wrong.
But maybe it’s other people who are similar to me who like Coldplay… No, that’s no good either, because that means that I’m like people who like Coldplay — and that, frankly (no disrespect) is insulting.
So this ‘targeting’ is way off beam. Which means it’s simple old-fashioned promotional advertising. I just hope for Coldplay’s sake they aren’t paying over the odds for targeting that doesn’t exist.
The Electronic Frontier Foundation has a fascinating graphic on which companies are doing what things to protect their customers’ – our – data in the post Prism/Snowden era.
What really leaps out is that the companies is that provide consumer cloud services are on our side (Dropbox, Facebook, Google and Twitter); telecommunication companies are on their side (AT&T, Comcast, Verizon); and the main OS providers (Microsoft and Apple) aren’t really sure which side their bread is buttered.
That’s rubbish. Google said what it said – it’s there in black and white and they all quote it. It was said by lawyers, so of course they meant what they said. And how do you take a motion to dismiss a class action out of context?
The question is not what Google said, but why it said it. OK, here’s my layman’s take.
This is big. It’s not a court case that Google can afford to lose. If it did, it could potentially jeopardise the entire business model for Gmail. And without Gmail, where is Drive?
Google almost certainly will not lose this case. But the ‘what if…’ doesn’t bare contemplating. Google has to be absolutely certain of winning. And that’s where the invocation of the ‘third-party doctrine’ comes in. It’s the nuclear option defence.
Now the three Google apologists all say, wait a minute, Google is only talking about non-Gmail plaintiffs. So? It still cites the third-party doctrine – and show me where in the Smith v. Maryland ruling it says, “this ruling only applies to non-Gmail email users.”
But Google is being more clever than this. By invoking Smith v Maryland, Google is saying to the government, if you take me down, I’m taking you down as well. The government relies too much on this doctrine in its own surveillance practices to allow it to be overturned in a case against Google. So this statement by Google is a form of insurance to make sure it doesn’t lose the case.
What Google is saying very clearly is that users do not have a legal expectation of privacy and that it has the legal right to be a right bastard. The only bit where The Next Web, The Verge and TechDirt have got it right is that Google is not saying it is or will become a right bastard – only that legally it can.
Usually I like The Next Web. But this is a bit strange. It says that news reports give the wrong weight to something Google lawyers argue in a motion to dismiss a class action. TNW’s headline is, No, Google did not say that there is no privacy in Gmail.
Excuse me? That is, conceptually, exactly what Google said — and TNW proves it by reproducing the content:
Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
TNW misses off the legal reference, but then helpfully explains it. TNW then adds:
The same is true of email sent through an ECS provider…
So, TNW, I’m afraid you’ve got it wrong — that’s exactly what Google said, and exactly what Google meant.