Google, The Law and Your ‘Right To Be Forgotten’

A businessman has won the “right to be forgotten” by Google after taking his case to the High Court, because he wanted a past crime he had committed to be removed from Google’s search engine results.

What Crime?

The (un-named) businessman was hoping to remove details from Google of a conviction from 10 years ago, and of the six months jail sentence he was given for ‘conspiring to intercept communications’. The businessman was forced to take Google to court after Google refused his requests to have the information removed from its search engine results. The man’s legal argument was that the details of his past conviction were disproportionately impacting his life, and were no longer relevant, and therefore, it was not it was not in the public or the man’s interest for Google to show the details in searches.

What Does The “Right To Be Forgotten” Mean?

The legal precedent for what has become known as ‘the right to be forgotten’ was set by the Court of Justice of the European Union back in 2014. It was the result of a case brought by Spaniard Mario Costeja Gonzalez who had asked Google to remove information about his financial history from its search engine results.

In this particular case, the ‘right to be forgotten’ means that Google has to remove all search results about the businessman’s conviction, including links to news articles.

Had Shown Remorse

The judge ruled in favour of the businessman, stating that he had shown remorse. Google has said that it will respect the judgement made in the case and pointed out that it has removed 800,000 pages from its results following ‘right to be forgotten’ requests.

Not So Lucky

Another businessman who also brought a ‘right to be forgotten’ case against Google, and who had committed a more serious crime of ‘conspiring to account falsely’ was not so lucky, and lost his case. It was decided, in the High Court, that the man, who had spent four years in jail for the crime, had “mislead the public”, and that it would still be in the public interest for Google to keep the information about the man and his crimes in the search engine results.

Less Than Half

Google’s own Transparency Report from May this year revealed that of the 2.4 million requests made since 2014 to remove certain URLs from its search results, Google has only complied with less than half. Google doesn’t actually have to comply with a request, and can refuse to take links down if can demonstrate that there is a public interest in the information remaining in the search results. Google can also re-instate links that it has already taken down in a previous request if it can show that it has grounds to do so.

What Does This Mean For Your Business?

It is good news that powerful international tech companies whose services are widely used, and who have the power to influence opinion and affect lives can sometimes be held accountable to national courts. There is a strong argument that they should not be a law unto themselves, and that they may not always be the best party to judge what is in the public interest.

The ‘right to be forgotten’ is particularly significant because it is something that all EU citizens will have when GDPR comes into force next month. This will impact businesses, many of whom may expect to receive ‘right to be forgotten’ requests, and will need to get their data management in order to both comply with GDPR generally, and to be able to respond quickly to such requests and avoid possible fines.

Tech Tip – Emails: ‘Undo Send’ … !

If you use a Gmail account, and if you’ve ever sent an email and then experienced the terror of immediately wishing that you hadn’t, you could find the ‘Undo Send’ feature very useful.

The Undo feature allows you to set a buffer / cancellation time period between the time that you hit the send button to when the email is actually sent, during which time you can decide instruct Gmail not to cancel the email. Here’s how it works:

– On your computer, open Gmail.
– In the top right, click Settings.
– In the “Undo Send” section, check the box next to “Enable Undo Send.”
– In the “Send cancellation period” section, set the amount of time you want to decide if you want to unsend an email.

Facebook Notifies People Affected By Scandal

Facebook has begun notifying any of those users whose data is known to have been harvested and shared with data mining firm Cambridge Analytica.

On Your News Feed

If you are one of the 87 million people whose data has been shared, 1 million of whom are in the UK, when you log into your Facebook account, you will see a detailed message beginning with the words “We understand the importance of keeping your data safe.”

It is now understood that the data of 2.2 billion Facebook users was actually shared by Facebook, and all of these users will be receiving a message entitled “Protecting Your Information”. This message will include a link which will allow them to see what apps they use, and what information they have shared with those apps. Users will also be given the option to stop sharing information with the apps or to stop any access to third-party apps altogether.

It should be noted, however, that Facebook stopped allowing third-party apps from gathering data about the likes, status updates and other information shared by users’ friends back in 2015. Also, Facebook has taken action recently to make information such as religious and political views out-of-bounds to apps.

If you don’t trust Facebook to notify you if your information has been shared with Cambridge Analytica, you can check for yourself by following this link: https://www.facebook.com/help/1873665312923476?helpref=search&sr=1&query=cambridge

What Happened?

This relates, of course, to revelations that Facebook shared the data of its users with London-based data mining firm Cambridge Analytica via a personality quiz app, called “You Are What You Like” (later replaced by the “Apply Magic Sauce” app), that had reportedly been developed for legitimate academic purposes. Revelations that the website from the original quiz re-directed uses to a new one with different terms and conditions, thereby enabling users data to be harvested and reportedly used for political purposes by Cambridge Analytica (the same company used by the Trump election campaign) and by Canadian data company AggregateIQ (AIQ) who were involved in the Vote Leave campaign in the UK referendum, have caused wide-scale outrage.

Facebook is also reported to have suspended a data analytics firm involved with targeted advertising and marketing called Cubeyou. Cubeyou is reported to have collected data for academic purposes, and allegedly used it commercially, as part of a partnership with Cambridge University in the UK (who have also found themselves implicated in the scandal).

Game Changer Says ICO Chief

The head of the UK’s Information Commissioner’s Office (ICO), Elizabeth Denham, has said that what happened with Facebook’s data sharing with Cambridge Analytica can be seen as a game-changer in data protection. The ICO has revealed that Facebook is now one of 30 organisations under wider investigation for the sharing and use of personal data and analytics with political campaigns, parties, social media companies and other commercial organisations.

Denham has said that although the Facebook scandal has drawn attention to the ICO’s ‘Your data matters’ campaign, it is too early to say whether the changes the social networking firm is making are sufficient under the law.

What Does This Mean For Your Business?

If you have been directly affected by Facebook’s data sharing you will have been informed in your Facebook account, and you can follow the link (given earlier in this article) to check for yourself.

As ICO Chief Elizabeth Denham has rightly said, this is an important time for privacy rights, particularly since the introduction of GDPR is little more than a month away. The widespread outrage and condemnation of Facebook’s data sharing with Cambridge Analytica highlights how important data protection and privacy rights are to us all. This should serve as a reminder to businesses and other organisations that as well as making sure that they comply with GDPR to avoid negative consequences, GDPR preparation is an opportunity to fully examine the important issue of how data is being used and stored, and where vulnerabilities are, and how simple improvements could be made that could protect and help the business as a whole.

Apple Claims 100% Renewable Energy At All Data Centres

The latest energy report from Apple has stated that the company has hit a new milestone in green energy usage by making all of its 43 data centre sites across the world operate using 100% renewable energy.

Not Quite What It Seems

Although the effort is admirable, the claim that has led Apple’s CEO Tim Cook to stress that the company is committed to leaving the world better than it found it, is not as transparent as it appears.

It is not possible for all the data centres to be connected to a completely renewable energy supply at the moment, so what Apple actually means is that the data centres can be 100% ‘renewables powered’, thanks to the clean energy that Apple buys and puts back into the power grid that can be offset against its global power consumption.

For example, Apple has explained that, where it can’t create new renewable energy projects due to local constraints, the tech giant purchases renewable energy from newer projects in nearby markets, or through available utility green energy programs.

What About The Manufacturing of Phones and iPads?

Some critics have pointed out that the manufacturing of iPhones, iPads and other machines creates carbon emissions. Apple is reported to be taking steps to tackling this less environmentally-friendly aspect of its work by sourcing lower-carbon materials, and by making suppliers commit to using green energy when making Apple hardware.

6 Years of Effort

Apple’s announcement is the culmination of six years of financing, building, or locating new renewable energy sources e.g. solar and wind farms, near the company’s facilities. According to Apple, it now has 25 operational renewable energy projects, and 15 more in construction, spread across in 11 countries. In contrast, 8 years ago, only 16% of its facilities were powered by renewable energy. That number had increased to 93% by 2015, and to 96% by 2016.

Lisa Jackson Hired To Help

One of the ways that Apple has been able to steer itself to its current position on the environmental high ground was to hire former EPA administrator Lisa Jackson as VP of environment, policy, and social initiatives. Lisa Jackson was better known at the time for serving under President Barack Obama 2009 to 2013 to tackle matters such as climate change, improving air quality, and expanding the conservation of environmentalism.

Goal

Apple’s goal of going 100% green has meant reducing its greenhouse gas emissions (CO2e) by 58% since 2011, thereby preventing 2.2 million metric tons of CO2e from entering the atmosphere.

Growing The Clean Energy Market Around The Facilities

One of the key ways that Apple has reached its latest milestone target is by growing the clean energy market around the facilities of the company. This has involved working with local utilities and regulators to build places such as new solar or wind farms that pump new green power onto the public grid. This method has worked well in markets where most of the existing energy comes from ecologically unfriendly sources like coal or oil.

What Does This Mean For Your Business?

Some critics would say that with $285 billion in cash reserves, Apple has the money to plough into working towards this environmental goal. However, even though it could afford to buy up existing green power to get to the 100% goal, it has chosen to take adopt an “additionality” standard, which is a preference for sponsoring the creation of new renewable power sources. This, and the idea that it can grow clean energy market around the facilities of the company have been real environmental benefits rather than just paper exercises. Apple has also hired-in expertise to help guide its efforts.

This story is an example of how businesses, albeit a giant (wealthy) tech businesses can choose to operate in a more value-led, socially responsible and ethical way that has wider benefits for society, as well as for the company’s brand image. A greater focus on reducing environmental impact and working to develop more renewable energy sources are things that more companies will need to adopt in the future, and is something that is likely to be valued by customers and other stakeholders.

Digital Number Plates

Dubai is once again in the news for being an adopter of new technologies after an announcement that it will be hosting a trial of digital vehicle number plates next month.

Smart Plates

The ‘smart plates’ will have digital screens, GPS and transmitters, and according to the head of the Vehicle Licensing Department at Dubai’s Roads and Transport Authority (RTA), the digital plates will make life easier for drivers.
The trial of the new plates is scheduled to start next month and end in November, and one of the key things that is being tested, as well as the Roads and Transport Authority’s (RTA) Tag2Connect (T2C) platform, is thought to be whether any issues / problems may be caused to the hardware and operation of the plates by Dubai’s desert climate.

The smart plates system incorporates Blockchain technology, the same technology behind the Bitcoin cryptocurrency.

Why Have Digital Number Plates?

In reality, the plates will have benefits for Dubai’s government as well as for drivers e.g. through being able to track vehicles (via transmitters in the plates), and for the police to gather detailed information quickly about cars and their drivers.

Ways in which drivers could benefit from using the plates include:

  • Allowing real-time communication with other drivers about traffic conditions or any accidents ahead.
  • Contacting the police and ambulance services if the vehicle is involved in a collision.
  • Enabling plates to be changed using the RTA’s app or website.
  • Enabling automatic deductions from users’ accounts for e.g. payment for fines, parking fees or renewing registration plates.

Other Technologies Adopted In Dubai

Dubai is making a name for itself internationally as a place that is proactive in adopting the latest technology. For example:

  • Back in February 2016, Dubai committed to putting all its documents on Blockchain’s shared open database system by 2020 in order to help to cut through Middle Eastern bureaucracy, speed up civic transactions and processes, and help bring a positive transformation to the whole region.
  • In February last year, it was announced by Dubai’s Roads and Transportation Agency, that passengers could be able to use Ehang 184, electric-powered, pilotless, self-flying drone taxis. The app-hailed taxis can travel at 100 mph / 160km/hr top speed, this means that it can travel 31 miles in one trip.
  • Plans for high-speed Hyperloop pods to open by 2020. These pods should be able to transport passengers to the UAE’s capital Abu Dhabi in just 12 minutes (covering distances of over 120km / 75 miles).
  • Plans to expand the use of technology in transport, and hopes for self-driving vehicles to be making a quarter of all journeys by 2030.

What Does This Mean For Your Business?

Some may say that given the wealth of Dubai and the speed of its development in recent years, it is not a big surprise that it is able to afford trials and adoption of the latest technology, and that its road network and geography make it well-suited to driverless vehicles, drones etc.

Some commentators, however, have expressed concerns about the tracking of drivers, and potential issues surrounding privacy and information security.

New transport technologies that are planned for Dubai, such as driverless vehicles, have also experienced some bad publicity recently with the woman killed in Arizona last month when she was hit by an autonomous Uber car.

Smart number plates are an example of how smart technology is providing business opportunities, and bringing simpler, more centralised systems around the world. For example, it is thought that the smart plate system in Dubai will bring together on a single platform all stakeholders e.g. manufacturers, dealers, workshops, insurers, licensing authorities, police and vehicles owners. This could be an example of how greater transparency could be brought to an industry using technology.

1 In 10 Fooled By Social Engineering Attacks

A new report by security firm Positive Technologies shows that 1 in 10 employees would fall for a social engineering attack.

What Is A Social Engineering Attack?

Social engineering cyber-attacks rely upon the element of human error e.g. convincing / fooling a person into downloading malicious files, unwittingly corresponding with cyber-criminals, sharing contact information about employees and transferring money to hackers’ accounts, or clicking on phishing links.

Test

The results of the report are based on ‘penetration tests’ which involved sending 3,300 emails to employees containing links to websites, password entry forms and attachments. As the name suggests, a penetration test is an authorised simulated attack on a computer system, which is performed in order to evaluate the security of that system.

Tricked

The results showed that, worryingly, 17% of the messages were successful in convincing the recipients to take actions that would have resulted in a compromise of a workstation and potentially the entire corporate network if the attack was real.
The tests showed that 15% of employees responded to emails with an attachment and link to a web page, while only 7% responded to test emails with an attachment. The most effective method of social engineering identified in the test was reported to be sending an email with a phishing link. In this case, 27% of recipients clicked on a link that led to a web page requesting credentials.

Real Company Names Convincing

The study showed that messages received from what appeared to be the account of a real company resulted in 33% or risky actions being taken by recipients, whereas messages from fake companies only resulted in 11% success.

Emotional Response Sought

Cyber-criminals often use methods that are designed to produce an emotional response that will make people forget about basic security rules. For example, in the tests, an email subject line of ‘list of employees to be fired” resulted in a 38% response, and “annual bonuses” brought a 25% response.

Overly Trusting If Not In IT

One interesting finding highlighted in the report was that 88% of those outside of IT work (and presumably less aware of the risks), such as accountants, lawyers and managers, opened / clicked on suspicious links and even corresponded with attackers. However, 3% of security professionals also responded.

Kept Trying To Open

The study found that some recipients who couldn’t open the malicious files even resorted to trying to open the files or enter their password on a fake site up to 40 times!

What Does This Mean For Your Business?

Clearly, there is a case for better education and training among employees about the variety of methods, and the level of sophistication that cyber-criminals now use in attacks. Employees need to be able to spot potential attacks, and have clear policies, instructions, and help on hand about how to proactively protect the company, and how to respond to certain types of attack. One of the simplest forms of defence against threats entering the company via email is to make it policy never to open suspicious emails / emails from unknown sources.

In reality, attackers now use a combination of methods to breach the defences of companies, plus there are evolving new threats, such as fileless hacking and fileless malware attacks facilitated by the PowerShell scripting language that is already built-in to Windows. Some basic ways that your business can improve security against social engineering attacks are :

  • Blocking delivery of email attachments with extensions that are executable e.g. (.exe, .src), system (.dll, .sys), script (.bat, .js, .vbs), and other files (.js,.mht, .cmd).
  • Authenticating the domain of an email sender e.g. using the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols.
  • Authenticating a sender’s identity using other protocols e.g. Domain-based Message Authentication.
    Conformance (Dmarc) protocol.
  • Regularly updating the operating system, anti-virus, and other software patches.
  • Implementing an on-demand malware detection system.
  • Scanning files before and after opening them.

Killer Bot Boycott

Reports that the state-run university-based ‘Korea Advanced Institute of Science and Technology’ (KAIST) has been working on military robot research with defence company Hanwa have resulted in threats of a boycott by more than 50 AI researchers from 30 countries.

Killer Robots?

Although the threat of the boycott of KAIST appears to have been effective in exposing and causing KAIST to agree to stop any work related to the development of lethal autonomous weapons (killer robots), the story has raised questions about ethical red-lines and the regulation of technology in this area.

KAIST opened its research centre for the convergence of national defence and artificial intelligence on 20 February, with the reported intention of providing a foundation for developing national defence technology. It has been reported that a now-deleted announcement about the work of the centre highlighted a focus on areas like AI-based command and decision systems, navigation algorithms, large-scale unmanned undersea vehicles, AI-based smart aircraft training systems, as well as smart object tracking and recognition technology.

Fast Exchange of Letters

It has been reported that almost immediately after a letter containing the signatures of more than 50 AI researchers expressing concern about KAIST’s alleged plans to develop artificial intelligence for weapons, KAIST sent its own letter back saying that it would not be developing any lethal autonomous weapons.

The President at the university, Shin Sung-chul, went on to say that no research activities that were counter to human dignity, including autonomous weapons lacking meaningful human control, had been conducted. Shin Sung-chul is also reported as saying that KAIST had actually been trying to develop algorithms for “efficient logistical systems, unmanned navigation and aviation training systems”, and that KAIST is significantly aware of ethical concerns in the application of all technologies including AI.

Who / What Is Hanwha Systems?

Hanwha Systems, the named partner from the defence / military world in the project, is a major weapons manufacturer based in South Korea. The company is known for making cluster munitions, which are banned in 120 countries under an international treaty.

Outright Ban Expected

To accompany the welcome re-assurances from KAIST that it will not be researching so-called “killer robots”, it is widely expected that the next meeting of the UN Security Council countries in Geneva, Switzerland will call for an outright ban on AI weapons research and killer bots.

Already Exists

As well as the Taranis military drone, built by the UK’s BAE Systems, which can technically operate autonomously, ‘robots’ with military applications already exist. For example, South Korea’s Dodaam Systems manufactures a fully autonomous “combat robot”, which is actually a stationary turret that can detect targets up to 3km away. This ‘robot’ is reported to have already been tested on the militarised border with North Korea, and is reported to have been bought by the United Arab Emirates and Qatar.

What Does This Mean For Your Business?

Many of the key fears about AI and machine learning centre on machines learning to make autonomous decisions that result in humans being injured or attacked. It is no surprise therefore, that reports of possible research into the development of militarised, armed AI robots play on fears such as those expressed by Tesla and SpaceX CEO Elon Musk who famously described AI as a “fundamental risk to the existence of civilisation.”

Even with the existing autonomous combat turret in Korea there are reported “self-imposed restrictions” in place that require a human to deliver a lethal attack i.e. to make the actual attack decision. Many fear that the development of any robots of this kind represents a kind of Pandora’s box, and that tight regulations and built-in safeguards are necessary in order to prevent ‘robots’ from making potentially disastrous decisions on their own.

It should be remembered that AI presents many potentially beneficial opportunities for humanity when it is used ethically and productively. Even in a military setting, for example, an AI robot that could e.g. effectively clear mines (instead of endangering more humans) has to be a good idea.

The fact is that AI currently has far more value-adding, positive, and useful applications for businesses in terms of cost-cutting, time-saving, and enabling up-scaling with built-in economies.

Tech Tip – Identify Objects In Your Phone Photos With Google Lens

If you’d like a handy way to search your photos and identify important buildings / landmarks, places, names, Wi-Fi passwords and other valuable contextual information depicted in them, Google Lens may be for you.

For example, take a photo of a router’s password sticker and you’ll automatically connect to that network, take a picture of an unknown plant and automatically identify it in Google search results, or take photograph of foreign text for a translation.

This photo scanning smart camera feature for all Android and iOS users works through the official Google Photos app. Here’s how:

– Get the app – Android users are likely to already have this app on their devices, and iOS users can download it from the App Store.

– Make sure that ‘English’ is set as the local language on your phone.

– Open the app and select any photo to view.

– Look for the Google Lens button shown, tap it, and tap ‘Get Started’.

– You will be shown a brief animation on your photo that indicates it’s being scanned.

– After the scan, you will see information Google Lens found for your image.

Wearable Tech Could Help Solve Murder

Police in Australia are reported to be using data recorded by a murder victim’s Apple smartwatch to help catch her killer.

Murder

The victim and owner of the smartwatch was Grandmother Myrna Nilsson, who was found dead in the laundry of her Valley View home in Adelaide’s north-east in September 2016.

The prime suspect in the murder case is daughter-in-law Caroline Dela Rose Nilsson, who was found gagged and distressed at the scene, and who told Police that her mother-in-law had been followed home by (and had argued at length with) a group of men in a car.

How Could The Watch Data Help?

The Apple watch contains sensors that can measure fitness signals such as heart rate. The watch can also track a person’s movements and, being a watch, it can link the other signals to the exact time.

It is believed that this data could indicate when the victim’s heart rate indicated a loss of consciousness as well as the actual time of death.

Contradiction

Reports about the case so far indicate that while the daughter-in-law’s testimony puts the time of death at around 10pm, and that her mother-in-law allegedly argued with the men for 20 minutes, the data from the watch is not consistent with this version of events.

Reports about evidence uncovered by the Prosecutor in the case, Carmen Matteo, show that watch data shows activity consistent with the victim being ambushed and attacked as she walked into her home just after 6:30pm. The watch is also reported to show activity and heart rate measurements consistent with her body going into shock and losing consciousness.

According to the Apple watch, the deceased must have been attacked at around 6:38pm and had died by 6:45pm, some 3 hours earlier than the time stated by the daughter-in-law.

Bail Denied

The strength and apparent reliability of the watch data has been enough to lead Magistrate Oliver Koehn to deny bail to Ms Nilsson.

What Does This Mean For Your Business?

Our phones and gadgets are now tracking devices, and can store or transmit a lot of data about us and our activities. In the right hands, as in this case and in situations where mobile phone signals have been used in legal cases, this information can be valuable for some very important reasons i.e. in the interest of justice for victims and their families.

In the wrong hands e.g. ‘sports wearables’ possibly leaking our login credentials and transmitting our activity tracking information in a non-secure way such as that identified back in February 2016 in Canadian research by Citizen Lab at the Munk School of Global Affairs, could make us more vulnerable to crime.

This story should also, therefore, be a reminder to manufacturers of wearable technology that security and privacy of the data stored and transmitted about us should always be a priority, and it is in the interest of the manufacturer and the customer that correct safeguards are taken. After all, as this case proves, you never quite know how useful the secure, uncorrupted data from a mobile or wearable device could turn out to be.

Half Of Households Have Broadband Problems

A survey by consumer watchdog ‘Which?’ has revealed that more than half of UK customers across 12 providers, are having problems with their broadband service or price.

Which Providers?

The survey looked at the experiences of 1,900 customers of providers that collectively serve about 90% of UK broadband customers. These providers include BT, Sky, TalkTalk, Virgin Media and Zen Internet.

Price A Big Issue

The company that most respondents (47%) felt most dissatisfied with was Virgin Media. The key complaint with their service appeared to be last year’s price increases. As well as price, Virgin Media customers were also found by the survey to be the most likely to face router issues, and to be left with no internet at all for hours or even days at a time.

30% of respondents also complained about price rises by BT.

SSE – Connection Dropouts

The survey found that broadband provider SSE was the worst offender (25% of its customers) when it comes to the frustration of connection dropouts.

Automatic Compensation Now Available

Although we as customers can essentially do nothing at the time when our broadband goes wrong, or to protect ourselves from price increases (apart from switching providers), one thing that could help us to feel a little better after the event is to receive at least some compensation.

Back in November 2017, the good news was an Ofcom announcement that broadband and landline customers would automatically be able to get money back from their providers when things go wrong, without having to make a claim for it. It was predicted at the time that, under these new rules, the amounts paid in compensation to customers could be nine times higher, and customers could receive an estimated £142 million in payouts.

The bad news was, however, that automatic compensation won’t be available until early 2019.

What Does This Mean For Your Business?

Ofcom research shows that nine in ten adults report going online every day and three-quarters of internet users say it is important to their daily lives. Broadband is now an essential service for business, and many business owners may feel that it doesn’t take a survey for them to know that broadband services in the UK can sometimes be patchy, and often expensive.

Some commentators argue that instead of offering automatic compensation, customers would be better served if broadband providers invested more in making sure that their service was more reliable and offered greater value for money in the first place.

Nevertheless, since current levels of compensation are low, and don’t come close to reflecting the harm caused, when automatic compensation becomes available it will at least be some improvement, particularly for small businesses.
At the moment, better broadband services, particularly for businesses in rural locations, still seem a long way off as the reality is that the UK ranks only 31st in the world for average broadband speeds, and we may only actually have 7% full fibre coverage by 2020.