UPDATE: Carphone Warehouse Caught Not Wiping Personal Data AGAIN?

Hey all

Yesterday we popped back into the behemoth mall that is Bluewater and as a follow up to my post about Carphone Warehouse thought I might just have another quick look see.  Sure enough there on the display stand was a fairly shiny Samsung Galaxy II logged into someone’s Google account with all their stuff on full show.

Obviously I wiped the phone just to be sure, but this time I’ve emailed the person asking for confirmation as to how their email account ended up on that phone on full display; they may or may not answer.  We will see.

On a plus note the rather nice HTC Titan (?) running Windows Phone 7 comes complete in demo mode with dummy email account, calendar entries, music – in fact the whole shooting match so well done HTC/Microsoft for thinking ahead.

Carphone Warehouse You Have a Duty of Care With Customer’s Privacy!

Filling time whilst in a shopping centre with one’s family is a well learnt male skill. For those with more middle of the road interests it’s off to WH Smith’s for a browse of the car magazines, for those of us with more geek’fu it’s a trawl of the mobile shops to toy with the latest shiny goodies.

At the weekend I happened to be in Carphone Warehouse’s big open store at Bluewater for one such time wasting fondle session and happened upon a wall full of working phones ripe for a quick look see.  It is all too rare to find phone shops with a happy attitude towards breaking boxes and sticking real working phones out there for customers to try, sadly reverting to the stock compressed cardboard or hollow shell imitations. So given such choice it the  HTC Sensation was an obvious place to start, it is basically an updated version of my current Desire HD so a comparison seemed fair.

What didn’t seem right was that when the screen came to life it was showing someone’s Facebook wall.  Odd but not it’s not unheard of for a fellow fiddler to have used an instore demo device to have a sneaky poke and forget to log out.

I did the decent thing and left a “you muppet” type post on his wall and logged the phone out.  But when the homescreen came up it was obvious something far more worrisome was going on. 

The homescreen wasn’t a stock HTC Rosie layout with loads of widgets and apps being moved, there were update and email notifications in the status bar, their were matched contacts awaiting approval.

A quick and very discreet look around pointed to this phone having actually been setup from new by someone. Not setup as in just having a play in a shop, but setup by someone sitting around with enough time on their hands to get the phone how they wanted it.  This was obviously a customer returns phone that had been stuck back on display with no thought.

There were of course a number of things I could do. I could have notified one of the half a dozen bored looking staff chatting to each other in the middle of the store whilst customers stood around idle; but honestly if those same staff couldn’t have been bothered to check a returns phone what hope was there now.  I could have had a proper play with his “Scott’s” accounts or even hijacked a few of them. I didn’t, I took the kinder option and hit the magic half a dozen keys strokes to wipe the SD care and factory reset the phone.

The point of this is our smartphones contain a wealth of personal information from our intimate sharings with loved ones through to our TV preferences through to the keys to our email and bank accounts.   It’s all too easy nowadays to pick up a new phone, log into the cloud and for the handset to be automagically populated with our stuff.  BUT retailers have a duty of care when handling those devices, whether it’s for repair or return in ensuring that personal information goes no further.

What appears to have happened here is akin to giving your plumber with house keys to fix a leaky tap and them walking away leaving the front door wide open.

It’s not acceptable.

Anyone from Carphone Warehouse around because I’d love to hear your thoughts?

I Exercised My “Right to Opt Out”

After two months of waiting today I finally had the opportunity to sit down with an orthopaedic consultant and discuss the state of my injured knee.

I thought it worthwhile commenting on the Darent Valley Hospital’s outpatient self-service check in process where you will be greeted not by the (still in attendance) bored looking receptionists but rather one of these natty embedded Windows terminals in one of eight languages (presumably tailored to locale) linked through to the appointment booking system.

Nothing particularly remarkable about that but I was a little perturbed by the terminal’s insistance that I should answer both personal and demographic questions as part of the check in.  What had the demographics to do with anything?  Certainly none of the questions I saw (I went back later and quickly ran dummy personal data through for a look see) had any relevence to my visit.

I say insist as by refusing to accept the “disclaimer” (right) I was booted straight back to the entry screen with no further path; i.e. unless you hand over the information you could not check in.  Quite how this fits with the NHS’s long held “free to the point of delivery” stand if I am being directed to trade personal information in return for seeing a doctor or consultant I am unsure.

Needless to say when I asked the bored receptionists if there was a way of checking in without answering they offered to do it manually but did say they would probably ask me the same questions.  I made my point that I would therefore probably just not answer those bits.

Maybe that’s why I had to wait an hour for 90 seconds of appointment.

Your data, your rights: Safeguarding your privacy in a connected world

In a most timely release Viviane Reding, Vice-President of the European Commission & EU Justice Commissioner has posted her speech from today’s “The Review of the EU Data Protection Framework.”

In it, Reding sets out the EU Charter of Fundamental Rights and how this pertains to personal data, being built upon four pillars;

1. The right to be forgotten,
2. Transparency,
3. Privacy by default,
4. Protection regardless of data location.

I won’t go over each, aside from being faily self explanatory the full text can be viewed here.

Given my last post on the whole cookies issue it is the fourth tenet I will quote;

It means that homogeneous privacy standards for European citizens should apply independently of the area of the world in which their data is being processed. They should apply whatever the geographical location of the service provider and whatever technical means used to provide the service. There should be no exceptions for third countries’ service providers controlling our citizens’ data. Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules.

For example, a US-based social network company that has millions of active users in Europe needs to comply with EU rules. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.

Other than some local concern over the ICO’s willingness to pursue US based organisations enough said methinks.

Afterthought: Of  course there are full on discussions in the US today over the “do not track” issue which is very very closely aligned.  Surely a transatlantic push back on abuse of privacy must get the message across.

Jumping the EU Ship for Cookies, Really?

Cookie Cutters

I consciously decided to not post on last weeks “suprise news” that after several years of consultatation the EU has gone ahead and published it’s directive on browser cookies.

Firstly there are plenty of great bits of analysis written by those far more eloquent than me.  Secondly I really don’t care that much about the guts of the directive, that’s not to say I am not for what it is trying to achieve – consumer protection is a good thing, rather that I have long voiced concerns over the approach and think there are better approaches available. Thirdly as I firmly believe ALL businesses operating in or with the EEA and using/sourcing personal data online should have long been aware of the likely impact.

But apparently companies weren’t aware and the online bitching and scaremongering raged for a good day or two until the usual ADHD crowd had their attention grabbed either by SXSW or the far more important happenings in Japan.

What did suprise, but probably shouldn’t have, me was the number of high profile tech journalists and data centric online businesses that chose to use their platforms to complain long after the stable doors had been bolted.

Thinking of Jumping Ship?

Of all those comments one of the most poignient for me came from an old school pal Nick Halstead over at Tweetmeme / Datasift; companies which are both built and are relient upon personal data.  In a widely picked up Tweet Nick said,

“This is the sort of crap that makes me want to move business to the US.”

It was a genuine reaction to a perceived threat to his business albeit, I suspect, one based more on emotion than rational dissection of the facts.  And why not?  After all from an uninformed standpoint the directive summaries certainly do seem to be potentially unworkable (more from a Usability Experience perspective than a technical one) and seemingly restrictive of current business practises.

The thing is the reaction of moving to the US really isn’t going to help anything.  Back in July 1999 the Belgian courts set precident in a ruling against Yahoo! for refusing to hand over user data to Belgian law enforcement authorities under Belgian law.  The court found that by making it’s services available to Belgian residents (combined with what it believed to be the use of Mail in connection with criminal purposes within Belgium) was sufficient to find that Yahoo! Inc. has a commercial presence in Belgium. Therefore, Yahoo! was subject to Belgian laws.

The obvious outcome being that no matter where you base your business, no matter where you claim to have jurisdictation based in your Terms & Conditions the Belgian authorities have a higher level of claim.

Today in the European Parliament during the review of the EU Data Protection Framework, Commissioner Reding took things a step further in stating that EU DP rules shall apply

“whatever the jurisdiction of the service provider”

and that,

“US based social network service companies need to comply with EU DP rules.”

So to Nick’s subsequent Tweet

“you think the EU will try and make it apply globally? not a chance”

the response was and still is, the EU don’t need to apply it gloabally but if you want to trade in/with the EU hell yes. Basically the Belgian ruling has been given legs and in essence if you make your services available to EU residents you need to comply.  Moving a company to the US makes not a jot of difference, the EU will prosecute empower member states to prosecute for breach.

The only escape will be to give up on EU business, and let’s be honest no one is going to do that now are they?

CCTV Snoop Internet Eyes loses high profile customer

Way back in late 2009 a number of people in the security, privacy and identity spaces picked up on a rather disturbing business proposition from startup Internet Eyes.  In essence they provide a kind of managed CCTV, allowing shop operators the ability to have their CCTV feed monitored live by “volunteers” based online who will flag suspicious behaviours.

After a number of promises to the ICO, Internet Eyes finally broke in to the market in 2010 and only a week or so back the Eastern Daily Press heralded the installation in to what were probably the highest profile client sites so far; 3 Budgens stores in Norfolk, UK.

Today the ever vigilant Big Brother Watch has reported that after receiving a number of complaints from his regular customers Budgens owner Jinx Hundal has pulled the service saying,

“The last thing I wanted to do was upset my customers. I have spoken to customers via our customer forum and there have been concerns raised, with customers saying they were uneasy about being viewed by members of the public. I made a mistake and I am genuinely sorry for that.”

As BBW point out, the negative consumer reaction is a powerful one and something few owners would wish for their businesses.  Rather obviously Internet Eyes have spent plenty of time pointing out how much industry loses out to theft as justification for their solution but nothing is said on the cost of losing those customers who just don’t want random strangers watching their every shopping move.

A small #win hopefully on the route to a much larger one.

Personal Data: The Emergence of a New Asset Class

I haven’t had time to read the whole thing yet but the World Economic Forum can be found over here.

Personal data is becoming a new economic “asset class”, a valuable resource for the 21st century that will touch all aspects of society. This report finds that, to unlock the full potential of personal data, a balanced ecosystem with increased trust between individuals, government and the private sector is necessary.

Research CMD » Blog Archive » Privacy Part 1: The Stop and Go of Data Flow

“IT’S PERSONAL, BUT I’LL SHARE…MAYBE.” IT DEPENDS.

A superb piece of data visualisation over at at Ball State University’s Center for Media Design looking at the rather curious privacy decisions made by their college students when sharing certain types of information.

“What do you consider personal information?” This is how we began our ideation sessions with college students.  This seemingly simple question generated much discussion, elements of which are captured in the graphic (above), the first of our research outputs (see part 2 as well).

User Control May Not Be THE Answer to Privacy Concerns

It’s been an interesting week in global outlooks on privacy with two widely discussed stories doing the rounds (amongst a whole heap of other less publicised stuff). We have had Facebook once again pushing the boundaries (read: trying to reform social/cultural norms) of what people will accept. The US Supreme Court finally acknowledge that whilst corporations are legal entities they do not actually have the same right to privacy as the individual.

On the face of it they are two fairly disconnected stories; one a company wanting the right to retain control over what they consider their private information, the other a company wanting you to control and share more of your private information with others.

Both stories are linked though by one of the oldest cornerstones in protecting privacy – the individual’s rights and abilities to control information about themselves.  In 2002 The Privacy Commissioner of Canada gave a definition of privacy as being;

“…the right to control access to one’s person and information about one’s self. The right to privacy means that individuals get to decide what and how much information to give up, to whom it is given, and for what uses.”

So grounded is this notion of individual’s control that it is enshrined in much of the Western societies legislation and has laid the groundworks for not only much debate but also technologies for helping people retain control over their own information; the most obvious of which is Vendor Relationship Management stemming from work by Doc Searls post his co-authored seminal work The Cluetrain Manifesto.

Indeed I and a great many other privacy wonks have always believed to some degree the thinking that by affording the individual control (which of course requires greater transparency of data, technologies and education) that privacy was doable, it was an achievable goal to the point where people no longer felt abused by third parties taking advantage.

This despite i) acknowledging our own interests in the field meant we were far better equiped to manage our own data and ii) there being a great raft of academic work posturing that user control was actual an instrument of deceipt and therefore self destructive.

Indeed only yesterday Anna Maria Virzi ran a piece over on ClickZ (a marketing news website) on Consumer Privacy.  In it reports on Microsoft’s VP of Advertiser & Publisher Solutions Rik van der Kooi’s talk during the IAB‘s Annual Leadership meeting on Monday.  In the talk van der Kooi said,

“Data gets bartered, traded, corralled, bought, sold and used in a myriad of different ways without one central actor being part of the conversation – and that is the user,”

“…businesses stand to benefit if they empower consumers – and let them know what information is collected about their website activities and how it’s being sold or exchanged. By doing this, businesses could earn a consumer’s trust – and a consumer might decide to share even more information with a brand.”

It is the last part that cements the control aspect.

BUT…

Last week my admitedly rose tinted and optimistic outlook on the prospects of this approach to privacy was knocked a little sideways at The Future of Consumer Protection forum in Thun, Switzerland – and I do so love having my thinking challenged and even changed.

Presented was a summary of research undertaken recently at the Carnegie Mellon CyLab by Alessandro Acquisti, Laura Brandimarte & George Lowenstein.  Entitled ‘Privacy and the Illusion of Control‘ it sought to;

“Test the hypothesis that control over publication of private information may influence individuals’ privacy concerns and affect their propensity to disclose sensitive information even when the objective risks associated with such disclosures do not change or worsen.”

“Outcomes: Our findings suggest, paradoxically, that more control over the publication of their private information decreases individuals’ privacy concerns and increases their willingness to publish sensitive information, even when the probability that strangers will access and use that information stays the same or, in fact, increases. On the other hand, less control over the publication of personal information increases individuals’ privacy concerns and decreases their willingness to publish sensitive information. Our findings have behavioral and policy implications: they highlight how technologies that make individuals feel more in control over the publication of personal information may have the unintended consequence of eliciting disclosure of more sensitive information.”

So the more control people are given the more risks they are willing to take exposing personal information.  Hardly an endorsement for user control being THE route to ensuring privacy and certainly cause for concern with developments in the ongoing Facebook race for personal information exposure.

Some brief talks with Acquisti did highlight that user control is important but,

1. people are just not ready to assume the levels of individual control being touted,
2. other techniques such as reducing the types / quantity of information available for control might afford greater privacy in the short term, and
3. that there is still a great deal more research and thinking to be done.

For me the research helped answer that strange niggle I have held, especially with VRM in its most militant guises, over expecting the user to assume full control and affirms my well discussed thinking on Facebook’s constant push forward; it’s a good thing because it raises awareness and if anything actually forces people to change their behaviour.  It’s a nudge in the right direction.

Is there value to be added to location data?

Last night I was involved in a brief Twitter conversation with the inimitable Tony Fish, author of “My Digital Footprint” about mobile operators adding value to location data.  Personally I don’t see any (intrinsic) value in location data, that horse bolted years back (totally disrupting Alcatel et al’s monopoly at the switch level for location data).  The value in location data come from what you do with the data.  Anyway…

Tony’s thinking raised the question over placing delay on location data as a privacy guard.  His blog post on the subject is over here.  I have taken the liberty of posting my response here and on his blog.

Hey Tony

I can totally see where you are coming from but a couple of points if I may;

The notion of applying a “false” location to things is of course technically feasible but to be caught deliberately falsifying one’s location would probably do one’s reputation more harm than any good it might achieve.  Far better to merely omit the location data in the first place than try to put people of the scent as it were.

I don’t want the operator to take control of my location.  Firstly if one lives in a low signal area or indeed a highly built up and populated (read cell overloaded) area then the operator’s true understanding of one’s location is actually pretty coarse.  Sure they could get all clever and pull timing data from each cell and trilaterate back at a central point BUT as you have already stated the API is silly expensive – it’s already been disrupted by the handset itself.

Secondly, and you’ve eluded to the privacy enhancing nature of such a service, even with a user-pays service provided by an operator I would have little faith that my location data would not be aggregated and mined for their own purposes.  Far better to leave the collection, aggregation and control with the user methinks.

So how would I approach this? Well…

Certainly the handset is the right place to gather the location information. Assisted GPS (aGPS) utilising any number of beacons from cell towers to wi-fi nodes to locate the phone is easily the most reliable method of getting an accurate location.  It’s what you do with it next that counts.

If one looks at the Fire Eagle service from Yahoo! (one of the first true identity information brokerage services IMO)  it allows one to post and update an accurate location from any number of applications.  Then the user is able to decide to which location gobbling services that location is shared and more importantly to which degree of accuracy is exposed.  In fact Google Latitude does this fine:coarse sharing but to a far lesser degree.

From a single metre accurate location update to Fire Eagle it would be possible to see one location service getting your locale (as opposed to location) being at a City level when another service gets it down to the street.

That then brings me on to the notion of time-shifting or delayed location.  It would be entirely possible to build a service that sits as a layer on top of Fire Eagle (with permissions for fine grained access probably) and allows one to add delay (or even decay) to the outgoing location sharing.

However to me it would seem a feature so valuable (not in monetary terms but in usability) that it would be far better baked straight in to Fire Eagle.

I’m certain this conversation has been had before however it seems to have sunk back into the murky waters of location based services as they all vie for superiority and control of the user’s data.  To that end I tip my hat and thank you for bringing it up again.