MI5’s poor surveillance data handling

It’s not often a data protection or records management news story gets this much press attention.

MI5 accused of unlawful handling of surveillance data
MI5 has been accused of “extraordinary and persistent illegality” for holding on to data obtained from members of the public. The human rights organisation Liberty has taken the security service to court over the way that it gathers and stores information under the Investigatory Powers Act.

MI5 ‘unlawfully’ handled bulk surveillance data, lawsuit reveals
“The documents show extraordinary and persistent illegality in MI5’s operations, apparently for many years,” said civil liberties organisation Liberty, which is bringing the case. “The existence of what MI5 itself calls ‘ungoverned spaces’ in which it holds and uses large volumes of private data is a serious failure of governance and oversight, especially when mass collection of data of innocent citizens is concerned.”

MI5’s use of personal data was ‘unlawful’, says watchdog
The security service MI5 has handled large amounts of personal data in an “undoubtedly unlawful” way, a watchdog has said. The Investigatory Powers Commissioner said information gathered under warrants was kept too long and not stored safely. Civil rights group Liberty said the breaches involved the “mass collection of data of innocent citizens”. The high court heard MI5 knew about the issues in 2016 but kept them secret.

Liberty’s challenge to UK state surveillance powers reveals shocking failures
The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament.

This was first reported last month …

MI5 slapped on the wrist for ‘serious’ surveillance data breach
Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of “certain technology environments used to store and analyse data,” including that of ordinary Britons spied on by the agency. In a lengthy Parliamentary statement made last week, Javid obliquely admitted that spies had allowed more people to help themselves to its treasure troves of data on British citizens than was legally allowed.

Sajid Javid admits MI5 committed serious safeguard breaches
In a written statement to parliament last week that was not widely noticed, Javid said he was notifying MPs of “compliance risks MI5 identified and reported within certain technology environments used to store and analyse data, including material obtained under the Investigatory Powers Act”.

… but now the story has been picked up by everyone, including the Middle East Eye

UK’s MI5 spy agency handled surveillance data unlawfully, court hears
An internal agency review warned more than three years ago that storage systems may have become “ungoverned spaces”, which would mean that they were operating in breach of both UK and European law. Despite this, MI5 continued to build new electronic storage systems which did not allow the agency to review its contents and decide what material should be deleted, as the law requires. The problems were withheld from the official watchdog, the Investigatory Powers Commissioner, until earlier this year, the High Court was told.

… and even Russia Today and Sputnik News are getting in on it.

‘Extraordinary & persistent illegality’: UK’s MI5 accused of mishandling bulk surveillance data
MI5 has no control of its storage of vast volumes of people’s calls, messages, web browsing history, as well as other personal data that the agency has managed to obtain on the basis of surveillance warrants, which were often issued under false pretext, the High Court heard on Tuesday in a legal challenge brought by the human rights organization Liberty.

Outcry as High Court finds MI5 engaged in ‘unlawful’ storage, handling of bulk surveillance
Ten internal documents from senior MI5 officials, including an 11 March letter from director Sir Andrew Parker, revealed significant non-compliance issues in how citizens’ data had been kept and used, including a subsequent cover-up of internal failures and that “data might be being held in ungoverned spaces in contravention of our policies”.

Let’s hope some good comes from all this.

Setting precedents for privacy: the UK legal challenges bringing surveillance into the open
These debates highlight the importance of collective efforts to assert respect for privacy and other rights as a core part of public life. We are on the cusp of a positive shift in power towards open public debate and accountability about data and the way it is used against us.

Excel timesavers

I sit and stare at Excel for a significant proportion of my day. I can’t believe I’ve not been aware of this simple trick with copying formulas without messing up cell references. It’s saving me an immense amount of time.

Copy Excel formula without changing cell references (or without file references)
It’s quite simple actually!

  1. Highlight the are you’d like to copy
  2. Go to Home / Find & Select / Replace (or press Ctrl + H)
  3. Search for = and replace with a text that’s not in your file – in this example I chose “notinfile” (note as mentioned in the comments in YouTube, you can also replace with ” =”, i.e. a space before the equal sign)
  4. Go back to Home / Find & Select / Replace (or press Ctrl + H) – search for your text – in my example “notinfile” and replace with =.
  5. That’s it!

Here are a few more tips and tricks.

10 easy Excel timesavers you might have forgotten
Microsoft has packed Excel with all kinds of different ways to get things done quicker. However, you can’t take advantage of these features if you don’t know about them. These ten techniques may only save you a few seconds every time you use them. That might not sound like much, but if you can integrate them into your workflow, you’re sure to reap the benefits over time.

Ta ra, Theresa

The press are keen to analyse her political legacy (blah blah blah blah), but I’d rather look at Prime Minister May’s time at Number 1O via two of my favourite things – photos and charts.

The political life of Theresa May – in pictures
A look back over May’s political career, from being elected as MP for Maidenhead in 1997 to Brexit, the snap election that backfired and her onstage dancing at the 2018 Tory conference.

ta-ra-theresa-2

ta-ra-theresa-1

Theresa May: Premiership in six charts
1. She hasn’t been in office long
Mrs May has developed a reputation for surviving in almost impossible circumstances, but she is still among the UK prime ministers with the shortest time in office.

ta-ra-theresa

Google’s GDPR probe

A year on from GDPR Day, and Irish eyes are staring in Google’s direction.

Irish regulator opens first privacy probe into Google
Google’s lead regulator in the European Union, Ireland’s Data Protection Commissioner, opened its first investigation into the U.S. internet giant on Wednesday over how it handles personal data for the purpose of advertising.

The probe was the result of a number of submissions against the company, the Irish Data Protection Commissioner said, including from privacy-focused web browser Brave which complained last year that Google and other digital advertising firms were playing fast and loose with people’s data.

Ireland’s Data Protection Commissioner launches investigation into Google’s advertising and compliance with GDPR
Dr Ryan [Chief Policy Officer at Brave] said his evidence to the DPC “revealed a massive and ongoing data breach” in which Google’s DoubleClick/Authorized Buyers “leaks intimate data about the people visiting these websites to thousands of companies every day”.

I noted The Register‘s footnote on this story, about that “privacy-focused web browser Brave”.

Irish data cops are shoving a probe right into Google’s ads
There is some irony in Brave being built on Chromium, the browser engine built and maintained by – who else? – Google. Ryan told us that Brave had “certainly not” seen any pushback from Googlers involved in the Chromium project.

It could be an extremely expensive problem for Google though, as all the reports are keen to point out, although I can’t imagine it would come to that.

Google is facing its first GDPR probe from Irish privacy regulators
If found guilty, the potential penalties for Google would be enormous. The GDPR authorizes fines as high as four percent of global annual revenue, which would total $5.4 billion in Google’s case. Even more damaging, the company would have to fundamentally reshape its ad system in order to avoid future fines.

There’s quite a lot of attention on Ireland’s Data Protection Commission already.

Ireland sits idly by as GDPR goes unenforced
Politico shares an investigation into why the GDPR’s lead regulator Ireland has failed to bring a single enforcement action against the big tech companies it is supposed to watchdog.

These are hugely complex cases, that will be setting precedents that may redefine how these companies operate.

Irish data official defends tech investigation record: ‘They’re not overnight’
Helen Dixon said the reality is it will take time to produce results from the 18 major technology investigations her office is pursuing — 11 of which involve Facebook or its platforms WhatsApp and Instagram.

“These aren’t matters where we can take in a complaint today and tomorrow make a conclusion on it,” Dixon, Ireland’s data protection commissioner, said during an interview at POLITICO’s Washington-area headquarters. “They’re not overnight, and anyone who understands anything about the process understands it takes time.”

Others agree.

Is Ireland too soft with GDPR enforcement, or just being prudent?
Jules Polonetsky, CEO of the Future of Privacy Forum (FPF), comes down on the side of patience. In fact, he argues that while fines tend to get most of the headlines, they aren’t as important as the major precedents that regulators will be setting – precedents that will “redefine business models.” That, he said, takes time to be done right. […]

Danny O’Brien, international director of the Electronic Frontier Foundation (EFF), an aggressive privacy advocacy group, also isn’t troubled – at least not yet – about GDPR enforcement taking some time to get in gear. “There’s a lot about how the whole system was going to be organized that was left unsaid in the GDPR, so I think it’s fair to say that no-one was expecting anything to happen very quickly,” he said. “It’s not necessarily the Irish DPC’s fault.”

Let’s wait and see, then.

Remember buying music?

Here’s a simple but very effective chart showing the rise and fall of various music formats. This brings back memories.

Visualizing 40 years of music industry sales
For people of a certain age group, early memories of acquiring new music are inexorably linked to piracy. Going to the store and purchasing a $20 disc wasn’t even a part of the thought process. Napster, the first widely used P2P service, figuratively skipped the needle off the record and ended years of impressive profitability in the recording industry.

Napster was shut down in 2002, but the genie was already out of the bottle. Piracy’s effect on the industry was immediate and stark. Music industry sales, which had been experiencing impressive year-over-year growth, began a decline that would continue for 15 years.

remember-buying-music

(Via Cool Infographics)

A typical day, comically speaking

Via FlowingData, here’s a witty visualisation of how we spend our days, on average. It’s just a stacked bar chart, but turning it into a comic “can allow the audience to identify with the story, sparking self-reflection: “Is this how I live my life? How am I different?””

A day in the life of Americans: a data comic
There are three settings in this comic (a bedroom, an office, and a bar), each serving as a metonym for an activity (sleep, work, and leisure). I have also included colors and positions as redundant, but clarifying, codes of classification. Such scenes allow for a novel method of highlighting data; a setting inside a panel is “lit up” by a light source if the activity for which it stands occupied those two hours of Americans the most.

a-typical-day

Self-improvement

The Economist’s charts are usually very clear and helpful, but that’s not to say they can’t be improved – as they themselves show.

Mistakes, we’ve drawn a few
At The Economist, we take data visualisation seriously. Every week we publish around 40 charts across print, the website and our apps. With every single one, we try our best to visualise the numbers accurately and in a way that best supports the story. But sometimes we get it wrong. We can do better in future if we learn from our mistakes — and other people may be able to learn from them, too. […]

Misleading charts
Let’s start with the worst of crimes in data visualisation: presenting data in a misleading way. We never do this on purpose! But it does happen every now and then. Let’s look at the three examples from our archive.

Mistake: Truncating the scale

self-improvement-1

 

Another data protection failure

Hot on the heels of Facebook’s latest password problem, TechCrunch has news of another online service with a very shoddy approach to data protection – i.e. there wasn’t any.

The app, Family Locator, allows families to track each other’s movements, similar to the location sharing option in Google Maps. But it seems the backend database for their nearly a quarter of a million users wasn’t protected at all.

A family tracking app was leaking real-time location data
Based on a review of the database, each account record contained a user’s name, email address, profile photo and their plaintext passwords. Each account also kept a record of their own and other family members’ real-time locations precise to just a few feet. Any user who had a geofence set up also had those coordinates stored in the database, along with what the user called them — such as “home” or “work.”

They tried to get in touch with the developer, React Apps, but to no avail.

The company’s website had no contact information — nor did its bare-bones privacy policy. The website had a privacy-enabled hidden WHOIS record, masking the owner’s email address. We even bought the company’s business records from the Australian Securities & Investments Commission, only to learn the company owner’s name — Sandip Mann Singh — but no contact information. We sent several messages through the company’s feedback form, but received no acknowledgement.

On Friday, we asked Microsoft, which hosted the database on its Azure cloud, to contact the developer. Hours later, the database was finally pulled offline.

What makes good governance?

In an attempt to get rid of the sour taste left in our mouths from yesterday’s post about the rise of populist politics, here are some more award-winning data visualisations via David McCandless and the Information is Beautiful people.

The winners of the World Data Visualization Prize
Conducted in partnership with the World Government Summit, the prize focuses on how governments are improving citizens’ lives. We asked entrants to use the power of data-visualization to illuminate data on the innovations and decisions – seen and unseen – that drive progress.

Here’s my favourite, an interactive overview of the different factors that contribute to happy countries (or not).

GOV|DNA — Discover the DNA of a good government
This interactive visualization enables the exploration of the DNA of a good government. You can analyze and compare multiple indicators to investigate their influence on countries and the related behaviour and performance of governments.

what-makes-good-governance-1

Where is everybody?

Each six months Andy Kirk of Visualising Data highlights some of the significant developments in data visualisation. It’s a great collection, but this one in particular caught my eye.

10 significant visualisation developments: July to December 2018
2. ‘Human Terrain’: A genuinely captivating project from Matt Daniels of ThePudding, ‘Human Terrain’ is a staggeringly detailed, explorable prism map of the world’s population that can trap you into browsing for far longer than you can realistically afford. It evokes memories of a classic graphic from 2006, created by Joe Lertola for Time magazine. There is also a wonderful companion piece, ‘Population Mountains‘, where Matt walks through ‘a story about how to perceive the population of cities’.

When you fly from one part of the world to another, it becomes very quickly apparent just how crowded some places must be, compared to others.

visualising-populations-2

Human Terrain: visualizing the world’s population, in 3D
Kinshasa is now bigger than Paris. Guangzhou, Hong Kong, and Shenzhen are forming an epic, 40 million-person super city. Over the past 30 years, the scale of population change is hard to grasp. How do you even visualize 10 million people?

visualising-populations-3

It puts those incredibly dense housing schemes in Hong Kong I mentioned earlier into context, doesn’t it?

Population growth, like charity, starts in the home, so here’s an animated chart on family sizes in the US.

How many kids we have and when we have them
The chart above shows 1,000 timelines, based on data from the National Survey of Family Growth. Each moving dot is a mother. Age is on the horizontal, and with each live birth, the dot moves down a notch. The green bubbles represent the total counts for a given age.

visualising-populations-1

It’s interesting to watch the chart populate. You’ve got to wonder about the stories behind those outliers though.

GDPR is still a thing, right?

Some recent data protection stories that have caught my eye.

French data watchdog dishes out largest GDPR fine yet: Google ordered to hand over €50m
The French agency, CNIL, ruled today that the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation. […] The CNIL concluded that Google had breached the General Data Protection Regulation in two ways: by failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.

Amazon, Apple and Google face data complaints
General Data Protection Regulation (GDPR) rules say EU customers have the right to access a copy of the personal data companies hold about them. However, privacy group noyb said it found that most of the big streaming companies did not fully comply. It has filed formal complaints, which if upheld could result in large fines.

Google accused of GDPR privacy violations by seven countries
Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.

The NOYB organisation gets mentioned a number of times there.

Max Schrems: The privacy bubble needs to start ‘getting sh*t done’
After years locked in numerous long, drawn-out and often bitter legal battles, Schrems decided to launch a nonprofit aiming to help people bring their own consumer privacy cases to court.

The plan is for NOYB (None Of Your Business) to take advantage of the incoming European Union General Data Protection Regulation, which offers more options for collective redress across the bloc, and harness the momentum Schrems has built up with various high-profile court cases.

Seems to be working. (Via)

The best data visualisation work of 2018

Another end of year roundup, this time looking at data visualisation design.

Information is Beautiful Awards 2018: The Winners
Let’s raise a glass to dataviz that pushes boundaries, illuminates truth, and celebrates beauty. Thank you to everyone who joined us on the Information is Beautiful Awards journey this year – now see which entries took home trophies at tonight’s spectacular ceremony.

There is so much to pour over, here. Two that stood out particularly for me was this visual representation of a Beethoven string quartet and this unusual view of our lively planet.

Dynamic Planet Interactive Scientific Poster
The Interactive Scientific Poster „Dynamic Planet” was designed and developed for the exhibition „Focus Earth” of the GFZ German Research Centre for Geosciences in Potsdam. One of the main advantages of a digital poster is that it can display dynamic content. This is at the same time the essential statement of the scientific poster “Dynamic Planet”: our earth never stands still, is permanently shaken by earthquakes. These tensions are measured by three measuring points of the GFZ and their data is visualized in real-time in an interactive poster in the exhibition context. The viewer is given a direct impression, he can be a “witness” to current measurement and research.

data-visualisation-2018

This video demonstrates how people can interact with the poster, to navigate the large amount of data presented in an intuitive, visual manner.

Dynamic Planet – Scientific Poster
The challenge for the interface design was to ensure a clear overview, despite of the massively many events. The solution consists in an interactive graphical representation of the events by filtering the earthquakes by eg. magnitude and depth. A special visual feature of the scientific poster “Dynamic Planet” is the representation of the earthquakes depth in a transparent, rotating globe.

Introducing children to data visualisation

The economist and dataviz blogger Jonathan Schwabish took on an unusual challenge, to introduce his son’s primary school classmates to data visualisation.

I wouldn’t know where to start — I’m still not sure of the difference between a histogram and a bar chart — but cleverly, Jonathan begins with examples of diagrams everyone is familiar with. Maps.

Teaching data visualization to kids
I then introduced the term “choropleth” and showed them this map of graveyards in the US and this map of McDonald’s (a couple of kids actually tied the two together!). I also showed them a clip of Aron Koblins’ Flight Patterns project (my son loves this one)—the simple and intuitive animation, and black and white color scheme make it easy to follow. I also showed them a video of Martin Wattenberg and Fernanda Viegas’ Wind Map, again, something I think they could all relate to.

He then asks the children to draw their own maps, of their homes rather than the whole world, and to add in any data they liked.

I then passed out tracing paper and, bringing up the graphs I showed them earlier in which color, dots, lines, and bubbles were placed on top of the map, I asked them to plot any data they liked. … Could they add differently-sized bubbles to their favorite rooms? Could they draw lines showing their paths through the house? What about smiley faces for the most fun room?

children-data-visualisation-1

What a fantastic idea. I hope others are similarly encouraged to spread the word in this way. As he says in his conclusion, helping children to understand graphs is a good thing for many reasons.

I’d love to see a way to make data visualization education a broader part of the curriculum, both on its own and linked with their math and other classes. Imagine adding different shapes to maps in their Social Studies classes to encode data or using waterfall charts in their math classes to visually demonstrate a simple mathematical equation or developing simple network diagrams in science class. The combination of the scientific approach to data visualization and the creativity it sparks could serve as a great way to help students learn.

(Via FlowingData.)

Stolen millions

More announcements of company data (our data) being stolen. The numbers involved each time are just incredible.

Hackers breach Quora.com and steal password data for 100 million users
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. […] In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

Whenever these stories are reported, the articles often end with a little summary of other recent snafus. The one above ended with:

Quora’s post is only the latest disclosure of a major breach. On Friday, hotel chain Marriott International said a system breach allowed hackers to steal passport numbers, credit card data, and other details for 500 million customers. In September, Facebook reported an attack on its network allowed hackers to steal personal details for as many as 50 million users. The social network later lowered the number of accounts affected to about 30 million.

A post from The Register, about that massive Marriott breach, concluded with this reminder of previous losses.

Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years
Few hacks of individual firm’s customer data have come close to the scale of this one. The Yahoo! breach in 2013 saw three billion email accounts breached, while Carphone Dixons, the UK electronics retail chain, managed to lose control of 5.9 million sets of payment card data. In the US, the US Government Office for Personnel Management (which handles sensitive files on millions of government workers) had the personal data of 21 million employees’ breached by hackers.

Another day, another data protection issue

We’re generating data all the time, without realising, and without really knowing where it all goes.

Users told to ditch OneDrive and Office 365 to avoid ‘covert’ data harvesting
Microsoft Office and Windows 10 Enterprise uses a telemetry data collection mechanism that breaches the EU’s General Data Protection Regulation (GDPR), according to a 91-page report commissioned by the Dutch government, and conducted by firm Privacy Company.

It’s not just Microsoft in the firing line, of course.

With GDPR now several months into play, data watchdogs across Europe are beginning to take their first steps in the new regulatory landscape. Microsoft is the latest in a line of major companies accused of breaching GDPR, with Oracle and Equifax among seven firms reported for violations by a data rights group last week.

And that story about Google’s AI company having access to NHS data is still rumbling on.

Google: Our DeepMind health slurp is completely kosher
DeepMind told The Reg: “It is false to say that Google is “absorbing” data. This data is not DeepMind’s or Google’s – it belongs to our partners, whether the NHS or internationally. We process it according to their instructions.”

That claim, echoed by DeepMind Health chief Dominic King, brought a swift correction from legal experts. “It doesn’t belong to DeepMind’s partners, it belongs to the individuals,” Serena Tierney partner at lawyers VWV. “Those ‘partners’ may have limited rights, but it doesn’t belong to them.”

I wonder if we’ll be seeing more of these issues, what with one thing and another.

What the potentially useless draft Brexit agreement means for tech
One of the big questions for Brexit is data protection, and the agreement seeks to hold onto the status quo. Scroll through to Article 71 for the text, which says that EU data protection law will continue to cover the UK before and after the transition period, which runs until the end of 2020. That means personal data can continue to flow between the UK and the EU.

“This issue is critical to the tech sector and to every other industry in a modern digitising economy,” says Tech UK CEO Julian David in a blog post. Data’s the oil that greases tech, and all that.

That doesn’t mean that GDPR will continue to apply in the UK post Brexit. Christopher Knight, privacy lawyer at 11KBW, notes that the UK will become a “third state”. That means the UK won’t be required to apply GPDR and other data laws to “wholly internal situations of processing”.

Update: Well, here’s a thing. I’m still getting used to this new Android phone, with its Google news feed thing, and some time after first drafting this post I was browsing through it and came across the article below. How did it know to surface stories about DeepMind? I’m sure I hadn’t searched for it, but came across it in a newsletter. Is Google reading what I type into WordPress?

Inside DeepMind as the lines with Google blur
Last week, the line between the companies blurred significantly when DeepMind announced that it would transfer control of its health unit to a new Google Health division in California. […]

In March 2017, DeepMind also announced it would build a “data audit” system, as part of its public commitment to transparency. The technology would allow NHS partners to track its use of patient data in real time, with no possibility of falsification, DeepMind said. Google did not comment on whether it will finish the project.

Straightforward data science intro

This looks to be an interesting response to the call to be more data literate. Via Flowing Data, a straightforward and potentially free way to get skilled up with R, without needing to install any software, it seems.

Chromebook Data Science – a free online data science program for anyone with a web browser
The reason they are called Chromebook Data Science is because philosophically our goal was that anyone with a Chromebook could do the courses. All you need is a web browser and an internet connection. The courses all take advantage of RStudio Cloud so that all course work can be completed entirely in a web browser. No need to install software or have the latest MacBook Computer.

Here’s some info on what the courses cover, including introductions to R and GitHub. Worth a look?

Excel’s getting interesting. No, really

News that Excel will soon be expanding its range of data types, enabling a much richer and more dynamic experience.

Excel Data Types
AI powered Excel Data Types will transform the way we work with Excel by enabling a cell to contain much more than text, numbers or formulas.

There are currently two Excel data types available to Office 365 users; Stocks and Geography. Let’s start with the Geography Data Type that can take a table of countries and return rich data that can be referenced in Excel formulas and expand into further columns.

excel-getting-interesting-2

Mynda takes us through many other examples of how these new data types can be used and referenced in our spreadsheets. And it seems like this is just the beginning.

The Excel team have big plans for Data Types with more coming, including the ability to create your own data types unique to your organisation. Imagine data types for Employees, Products, Stores, Regions… the list is endless.

Remember the hacking cough?

More hacking schadenfreude, but with an added GDPR element this time.

First, the hapless Tories.

Major security flaw in Tory conference app reveals users’ data
Commentators said the flaw raised questions over the ability of the government to harness technology to solve issues around the Irish border and customs checks. The app may also have breached data laws. Its privacy policy states that it “complies with … the European Union’s general data protection regulation (GDPR)”.

Boris Johnson’s profile immediately vandalised with hardcore pornography in Tory conference app security blunder
The highly serious blunder allowed anyone to access details of hundreds of MPs including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson – who have police protection and warn regularly of the hacking threat from Russia. But it also gave pranksters an opportunity to have fun with the profiles of prominent Conservatives.

And then Facebook. Again.

Facebook says at least 50 million users affected by security breach
Facebook said the FBI is now investigating. Because users in Europe are also affected, the company said it has informed data protection authorities in Ireland — where the company’s European headquarters are located. The Irish Data Protection Commission has asked Facebook to clarify the breach “urgently.” If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

Facebook hack: Here’s what you need to do to secure your account
Critically, for European users, Facebook has been in touch with the Data Protection Commissioner in Ireland – where it is registered – to inform it of the breach. This will be the first data protection incident from one of the major tech companies since the enforcement of Europe’s General Data Protection Regulation (GDPR) in May. GDPR gives regulators the power to issue huge fines but this is yet to be tested. In a statement the Irish Data Protection Commission said Facebook hasn’t given it many details yet. It is “concerned” that despite Facebook discovering the breach on Tuesday, it hasn’t been able to “clarify the nature of the breach and the risk for users at this point”.

Follow the data

I’m hearing more and more about data ethics. It wasn’t ‘a thing’ before, was it? But it certainly is now. Here’s a very interesting take on it: flow.

The ethics of data flow
In Privacy in Context, Helen Nissenbaum connects data’s mobility to privacy and ethics. For Nissenbaum, the important issue isn’t what data should be private or public, but how data and information flow: what happens to your data, and how it is used. Information flows are central to our expectations of privacy, and respecting those expectations is at the heart of data ethics.

It’s not what they’ve got, but what they do with it that matters.

The infamous Target case, in which Target outed a pregnant teenager by sending ad circulars to her home, is a great example. We all buy things, and when we buy things, we know that data is used—to send bills and to manage inventory, if nothing else. In this case, the surprise was that Target used this customer’s purchase history to identify her as pregnant, and send circulars advertising products for pregnant women and new mothers to her house. The problem isn’t the collection of data, or even its use; the problem is that the advertising comes from, and produces, a different and unexpected data flow. The data that’s flowing isn’t just the feed to the marketing contractor. That ad circular, pushed into a mailbox (and read by the girl’s father) is another data flow, and one that’s not expected.

[…]

Everyone who works with data knows that data becomes much more powerful when it is combined with data from other sources. Data that seems innocuous, like a grocery store purchase history, can be combined with geographic data, medical data, and other kinds of data to characterize users and their behavior with great precision. Knowing whether a person purchases cigarettes can be of great interest to an insurance company, as can knowing whether a cardiac patient is buying bacon.

The article is written by and for data developers, primarily, and poses more questions than it can answer, especially around the thorny concept of data deletion. It’s an interesting read, but it left me wondering if those GDPR data protection principles will ever be fully put into practice.

We all need to be data literate

This article from Harvard Business Review doesn’t mention schools once, but I think it fits perfectly well in that setting.

The democratization of data science
Intelligent people find new uses for data science every day. Still, despite the explosion of interest in the data collected by just about every sector of American business — from financial companies and health care firms to management consultancies and the government — many organizations continue to relegate data-science knowledge to a small number of employees.

That’s a mistake — and in the long run, it’s unsustainable.

It goes on to outline the three steps necessary to create a more data literate organisation; share data tools, spread data skills, and spread data responsibility. Couldn’t agree more. It’s well worth a read.