Control

[snowychap]

6 minutes ago, bickster said:

Exercise your right to be forgotten after May 25th

The right isn't absolute.

There appear to be a lot of get outs including, for example, a refusal ' to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature'.

It all sounds a bit like FoI. Most places will probably comply without issue. Some won't and it'll be a real ballache to get them to do so.

[bickster]

1 minute ago, snowychap said:

The right isn't absolute.

There appear to be a lot of get outs including, for example, a refusal ' to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature'.

It all sounds a bit like FoI. Most places will probably comply without issue. Some won't and it'll be a real ballache to get them to do so.

ICO has vastly beefed up powers and they've been gearing up for a while to use them. They will no longer even need a court order or even announce they are coming. They turn up, you have to comply

[snowychap]

5 minutes ago, bickster said:

ICO has vastly beefed up powers and they've been gearing up for a while to use them. They will no longer even need a court order or even announce they are coming. They turn up, you have to comply

This is the same ICO that doesn't appear to have enough people or resources to cover the limited powers it already has?

Also, the get-outs are from their own website:

ICO info:

Quote

At a glance

The GDPR introduces a right for individuals to have personal data erased.

The right to erasure is also known as ‘the right to be forgotten’.

Individuals can make a request for erasure verbally or in writing.

You have one month to respond to a request.

The right is not absolute and only applies in certain circumstances.

This right is not the only way in which the GDPR places an obligation on you to consider whether to delete personal data.

...

The right to erasure does not apply if processing is necessary for one of the following reasons:

to exercise the right of freedom of expression and information;

to comply with a legal obligation;

for the performance of a task carried out in the public interest or in the exercise of official authority;

for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or

for the establishment, exercise or defence of legal claims.

The GDPR also specifies two circumstances where the right to erasure will not apply to special category data:

if the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or

if the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).

For more information about special categories of data please see our Guide to the GDPR.

Can we refuse to comply with a request for other reasons?

You can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

If you consider that a request is manifestly unfounded or excessive you can:

request a "reasonable fee" to deal with the request; or

refuse to deal with the request.

In either case you will need to justify your decision.

...much more on the link

 

Edited March 27, 2018 by snowychap

[bickster]

Yep seen all that on the very rubbish ICO website (The Isle of Man's is far better)

The actual problem with the GDPR is that it comes into force on May 25th and WP29 haven't even finalised huge chunks of it yet. For example the list of countries you are allowed to share data with hasn't even been decided yet and they only meet every two months!

We already know we can refuse the right to be forgotten as we have a statutory duty to retain the information for between 6 and 12 months, our plan is to them delete this on a rolling weekly basis once it becomes obsolete but what I don't see is how Google and FB etc fit into any of the reasons given

[snowychap]

1 hour ago, bickster said:

We already know we can refuse the right to be forgotten as we have a statutory duty to retain the information for between 6 and 12 months

What statutory duty?

[snowychap]

1 hour ago, bickster said:

Yep seen all that on the very rubbish ICO website (The Isle of Man's is far better)

Does the IoM have a different ICO? (I have no idea)

Will the ICO on the mainland operate according to its website or the IoM's website?

Quote

The actual problem with the GDPR is that it comes into force on May 25th and WP29 haven't even finalised huge chunks of it yet. For example the list of countries you are allowed to share data with hasn't even been decided yet and they only meet every two months!

So, it's not likely to actually be 'in force' from 25th May?

Quote

We already know we can refuse the right to be forgotten as we have a statutory duty to retain the information for between 6 and 12 months...

So, there is no absolute right of erasure and it is contingent upon may different things not least the decisions of those who actually hold that data.

[bickster]

6 hours ago, snowychap said:

What statutory duty?

Taxi Licensing regulations require that journey records be kept between 6 to 12 months dependant upon local authority

[bickster]

5 hours ago, snowychap said:

Does the IoM have a different ICO? (I have no idea)

Will the ICO on the mainland operate according to its website or the IoM's website?

So, it's not likely to actually be 'in force' from 25th May?

So, there is no absolute right of erasure and it is contingent upon may different things not least the decisions of those who actually hold that data.

Yes, it has it own

They will both act the same, it’s an EU regulation 

it'll be in force on May 25th, in terms of the right to be forgotten, yes as that has been decided 

[Chindie]

Daphne Caruana Galizia, the Maltese journalist who mysteriously had her car blow up with her in it last year, who in completely unrelated matters had gained a reputation for looking for stories many would rather not have found, was looking into Cambridge Analytica as well.

[snowychap]

From a different perspective on the Wylie/CA/Kogan stuff (longish read):

Why (almost) everything reported about the Cambridge Analytica Facebook ‘hacking’ controversy is wrong

Quote

If you follow the Guardian or the New York Times, or any major news network, you are likely to have noticed that a company called Cambridge Analytica have been in the headlines a lot.

The basic story as reported is as follows:

A shady UK data analytics company, with the help of a 24 year old tech genius developed an innovative technique to ‘hack’ facebook and steal 50 million user profiles. Then they used this data to help the Trump and Brexit campaigns psychologically manipulate voters through targeted ads. The result was Vote Leave ‘won’ the UK’s Brexit referendum and Trump was elected president in the US.

Unfortunately, almost everything in the above summary is false or misleading.

First, There was no hack.

The data collected was scraped from Facebook user profiles, after users granted permission for a third party app to access their data. You know those little confirmation windows that pop up when someone wants to play Candy Crush or use Facebook to log in, rather than make a new password, for a random site? Yeah those.

A Cambridge academic called Aleksandr Kogan — NOT Cambridge Analytica and NOT the whistleblower Christopher Wylie — made a ‘Test Your Personality’ app, helped to promote it by paying people $1 to install it on Amazon’s Mechanical Turk crowdsourcing site, and used the permissions granted to harvest profile data. 270,000 users installed the app, so you might expect that 270,000 profiles were collected but the app actually collected data from 50 million profiles.

50 million?!?

Yes. You see back in the heady days of 2014, Facebook had a feature called ‘friends permission’ that allowed developers to access the profiles of not only the person who installed their app but all their friends too. The only way to prevent this from happening was to have toggled a privacy setting, which few Facebook users even knew existed (here is a blog from 2012 explaining how to do so). The friends permission feature is how Kogan multiplied 270,000 permissions into 50 million profiles worth of data.

That Facebook users were having their data shared by their friends without their knowledge or permission was a serious concern that many privacy advocates noted at the time. So in 2015, facing growing criticism and pressure, Facebook removed the feature citing a desire to give their users “more control”. This decision caused consternation amongst developers as the ability to access friends profiles was extremely popular (see the comments under this 2014 post from Facebook announcing the changes). Sandy Parakilas, an ex-Facebook manager, reported to Bloomberg that “tens or maybe even hundreds of thousands of developers” were making use of the feature before it was discontinued.

To review, there are two key points to remember at this point:

1. None of what I just described involves ‘hacking’ Facebook or exploiting a bug. Instead, it all revolves around the use of a feature that Facebook provided to all developers and (at least) tens of thousands took advantage off.
2. The data collected was not internal Facebook data. It was data that developers scraped from the profiles of people who downloaded their apps (and their friends). Facebook has a lot more data on users than is publically available and it has it for everyone who uses their platform. No-one but Facebook has access to that data. This is a point that almost all the journalists involved seem unable to grasp, instead they repeatedly equate ‘Facebook’s internal data’ to ‘data scraped from Facebook profiles using a third party app’. But these are VERY different things.

The importance of this second point becomes apparent when you read exchanges like this one:

Simon Milner, Facebook’s UK policy director, when asked if Cambridge Analytica had Facebook data, told MPs: “No. They may have lots of data, but it will not be Facebook user data. It may be data about people who are on Facebook that they have gathered themselves, but it is not data that we have provided.

This exchange is being reported as evidence that Facebook lied to politicians about its relationship with Cambridge Analytica. But when you understand the difference between Facebook’s internal data and data collected on Facebook by outside developers it is clear that what Facebook’s policy director is saying is very likely true.

So where does Cambridge Analytica come in to the story?

Well, they paid Kogan to collect those 50 million profiles. Whose idea that was originally is currently a matter of ‘he said, she said’. Kogan says Cambridge Analytica approached him and Cambridge Analytica says Kogan came to them. Whatever the case may be, this is the part of the story where there was an actual breach; not of Facebook’s internal data but of Facebook’s data sharing policies. Developers were permitted to collect all the user data they wanted from their apps, but what they were not allowed to do — even back in 2014 — was take that data and sell it to a third party.

And yet, regardless of Facebook’s official policies, it seems that they did not expend much effort to police their developers or track how the data they collected was being used. This is likely why, when Facebook first uncovered that Kogan had sold some data to Cambridge Analytica in 2015, they were content to receive written confirmation from both that the data had been deleted.

The fact that there were (at minimum) tens of thousands of developers with access to such information meant that it was inevitable that data harvested on Facebook was being sold, or otherwise provided, to a wide array of third parties. Again, the disgruntled ex Facebook manager confirmed as much:

Asked what kind of control Facebook had over the data given to outside developers, he replied: “Zero. Absolutely none. Once the data left Facebook servers there was not any control, and there was no insight into what was going on. Parakilas said he “always assumed there was something of a black market” for Facebook data that had been passed to external developers.

So given how prevalent Facebook data harvesting was and that there are many developers with more than 270,000 users to harvest from, why is Cambridge Analytica receiving so much media attention?

The answer to this seems to primarily be how journalists, particularly Carole Cadwalladr at the Observer, have framed the story. The majority of coverage has pushed two angles. First, that a whistleblower from Cambridge Analytica revealed ‘a major breach’ of Facebook’s data, an issue covered above, and second, that this ‘breach’ was linked to the success of Trump’s presidential campaign.

This second angle is as dubious as the first and relies heavily on bombastic claims made by Chris Wylie—the pink haired ex-Cambridge Analytica employee pictured above. Carole Cadwalladr, who spent years on the story, has explained in various interviews that she approached the story not as an investigative journalist but as a features writer. This meant that she focused on delving into ‘the human side of the story’, or put another way- Chris Wylie. There are pros and cons to such an approach but the biggest drawback is how invested and reliant it made her and subsequent coverage in accepting Wylie’s narrative, which just so happens to paint him as a young mastermind at the center of global political conspiracies.

Cadwalladr fully endorses Wylie’s presentation and fawningly describes him as: “clever, funny, bitchy, profound, intellectually ravenous, compelling” … “impossibly young” … “His career trajectory has been, like most aspects of his life so far, extraordinary, preposterous, implausible” … “Wylie lives for ideas. He speaks 19 to the dozen for hours at a time” … “when Wylie turns the full force of his attention to something — his strategic brain, his attention to detail, his ability to plan 12 moves ahead — it is sometimes slightly terrifying to behold” … “his suite of extraordinary talents include the kind of high-level political skills that makes House of Cards look like The Great British Bake Off.”

Wow… what a guy.

Cadwalladr’s person-focused approach might make for more accessible articles but it also helps to obscure the relevant technical details in favour of providing sensationalist quotes and personal anecdotes from Wylie and his friends and coworkers. Presenting these kinds of details could be insightful, if they were subjected to sufficient critical examination but this rarely occurs. Cadwalladr, instead, seems to have entirely bought into Wylie’s narrative: “by the time I met him in person, I’d already been talking to him on a daily basis for hours at a time.”

So let’s address the oversight and take a bit more of a critical look at what Wylie’s narrative claims:

• That Steve Bannon wanted to weaponize big data… No difficulty believing.
• That Cambridge Analytica claims to be able to provide effective tools for psychological targeting and manipulation… Certainly true.
• That Chris Wylie, himself, was involved with some shady business and views himself as partly responsible… Sure.
• That the self-promotional claims of Cambridge Analytica actually equate to how effective the services they provide are… Hmmmm.

This last point is the most important and yet it is also the one lacking almost any supporting evidence.

The temptation might be to point to Trump’s surprising victory but there are a lot of confounding factors there. Trump won, yes. But he won against the most unpopular Democratic candidate in modern history, who was vying for a third Democratic term (something which had not been achieved since the 1940s). Furthermore, he won by a very slim margin and actually lost the popular vote.

Could all that just be evidence of how precise Cambridge Analytica’s psychological targeting was? Maybe, but we start to run into the perils of dealing with an unfalsifiable hypothesis. A better approach would be to look at Cambridge Analytica’s relative record of success and failure. Unfortunately, we do not have access to their full client list but we do know that when they first rose to prominence they were working for the Ted Cruz presidential campaign. That’s right, Ted Cruz — the Republican senator who was crushed by Trump in the Republican primaries, despite having the power of Cambridge Analytica at his command. I am not the first to notice this apparent contradiction, Martin Robbins made the same point on Little Atoms last year:

So the story of the Republican primaries is actually that Cambridge Analytica’s flashy data science team got beaten by a dude with a thousand-dollar website. To turn that into this breathtaking story of an unbeatable voodoo-science outfit, powering Trump inexorably to victory, is quite a stretch. Who else have they even worked for? Without a list of clients it’s very easy to cherry-pick the winners.

The techniques that Cambridge Analytica purport to use involve using social network data to build algorithms that can accurately predict what kind of messages will be effective given an individual’s personality and psychology. This is what the stories mean when they talk about using psychographics to micro-target voters. But a lot of the claims being made about the effectiveness of such techniques is widely exaggerated. Kogan — the Cambridge academic at the heart of the controversy — has made similar arguments. He claims that he is being scapegoated and argues that the personality profiles he gathered turned out to not be particularly useful for making the predictions needed for micro-targeting:

In fact, from our subsequent research on the topic,” he wrote, “we found out that the predictions we gave SCL were 6 times more likely to get all 5 of a person’s personality traits wrong as it was to get them all correct. In short, even if the data was used by a campaign for micro-targeting, it could realistically only hurt their efforts.

Kogan is hardly an impartial source but his claim accords with various studies that have shown less than stellar results for nefarious social media manipulation. Take, for instance, the controversial Facebook ‘mind control’ study, which I’ve heard several journalists reference in recent days. What always seems to be missing from reporting on this study is just how underwhelming it was.

Facebook ran an experiment on almost 689,000 users in which it tweaked the algorithm running their news feed to display slightly more or slightly less status updates from friends that contained positive or negative words. As any researcher knows, with such a large sample you are guaranteed to find statistically significant differences between groups. A more important criteria with such massive groups is how large the effect observed was. In the Facebook study this equated to a truly terrifying difference: those who saw less negative updates used around 0.05 more positive words out of every 100 words in their status updates, whereas those who saw less positive updates used around 1 less positive word per 100 in their status updates. That’s right Facebook might have been able to manipulate people to use around 1 less positive word for every 100 words in their updates. It would be wrong to paint this as Facebook being powerless, bigger interventions would have bigger effects, but it is important to keep things in perspective.

 

Note the starting point of the x-axis. There is a reason it isn’t 0.

The real story then is not that Kogan, Wylie, and Cambridge Analytica developed some incredibly high tech ‘hack’ of Facebook. It is that, aside from Kogan’s data selling, they used methods that were common place and permitted by Facebook prior to 2015. Cambridge Analytica has since the story broke been outed as a rather obnoxious, unethical company- at least in how it promotes itself to potential clients. But the majority of what is being reported in the media about its manipulative power is just an uncritical regurgitation of Cambridge Analytica (and Chris Wylie’s) self-promotional claims. The problem is that there is little evidence that the company can do what it claims and plenty of evidence that it is not as effective as it likes to pretend; see the fact that Ted Cruz is not currently president.

No one is totally immune to marketing or political messaging but there is little evidence that Cambridge Analytica is better than other similar PR or political canvassing companies at targeting voters. Political targeting and disinformation campaigns, including those promoted by Russia, certainly had an impact on recent elections but were they the critical factor? Did they have a bigger impact than Comey announcing he was ‘reopening’ the Hillary email investigation the week before the US election? Or Brexiteers claiming that £250 million was being stolen from the NHS by the EU every week? Colour me skeptical.

To be crystal clear, I’m not arguing that Cambridge Analytica and Kogan were innocent. At the very least, it is clear they were doing things that were contrary to Facebook’s data sharing policies. And similarly Facebook seems to have been altogether too cavalier with permitting developers to access its users’ private data.

What I am arguing is that Cambridge Analytica are not the puppet masters they are being widely portrayed as. If anything they are much more akin to Donald Trump; making widely exaggerated claims about their abilities and getting lots of attention as a result.

 

I don't think he begins very well with the whole 'it's being reported as a hack and it wasn't a hack' thing but I do think he makes some points when discussing Wylie and CA and when looking at the whole process of how the Observer/Grauniad have come at it that are worth considering

 

I've taken out some of the picture in the article but had to reformat it afterwards so I hope I haven't cropped any of the text, too.

[blandy]

WTAF!

 Dunno if this is exactly the right place, it could go in the TTPYO thread. Welcome to the Matrix.

[limpid]

5 minutes ago, blandy said:

WTAF!

 Dunno if this is exactly the right place, it could go in the TTPYO thread. Welcome to the Matrix.

Most customer service requests are initially fielded by a chat bot. I'm a little surprised you haven't noticed  

[blandy]

45 minutes ago, limpid said:

Most customer service requests are initially fielded by a chat bot. I'm a little surprised you haven't noticed  

You think I do customer service requests on the twitter?

[limpid]

8 minutes ago, blandy said:

You think I do customer service requests on the twitter?

We have them on voice lines.

[blandy]

I saw this on that Twitter. Nice benign Facehole.

 

[Dr_Pangloss]

Zuckerberg is a very dangerous man, the world would be a better place without him.

[Xann]

9 hours ago, blandy said:

I saw this on that Twitter. Nice benign Facehole.

Like Toutiao. Though you're not so surprised by totalitarian China employing such methods.

 

[peterms]

9 hours ago, Dr_Pangloss said:

Zuckerberg is a very dangerous man, the world would be a better place without him.

He's just done it on a larger scale (because he struck lucky) while espousing values of community, respect and stuff that he clearly doesn't believe, but which was the vibe at the moment and therefore preferred by the marketing peeps.

The core of what his crew are doing, widespread and ruthless exploitation for personal gain,  follows a very long tradition, as I'm sure from your other posts you fully appreciate.

So, yes, he is dangerous, we sould be better off without him, but a large number stand with him and will quickly fill his place.  If it was down to him, if he was some kind of evil genius, it would be so much easier to deal with.

[snowychap]

Zuckerberg: Facebook will apply EU data privacy standards globally

Quote

Facebook CEO Mark Zuckerberg said today his company intends to implement Europe’s beefed-up privacy standards across its entire global network.

The move would give Americans and other Facebook users outside of the European Union access to some of the world’s toughest data protection rules, including the potential for people to revoke how data is used by the social network if they believe their digital information is being misused.

“We intend to make the same settings available everywhere, not only in Europe,” Zuckerberg told reporters.

“We need to figure out what makes sense in different markets with the different laws and different places,” he added. “But let me repeat this, we’ll make all controls and settings the same everywhere, not just in Europe.”

...more on link

So he claims - though if you believe him, ...

[MickeyC_UTV]

On 28/03/2018 at 17:13, blandy said:

WTAF!

 Dunno if this is exactly the right place, it could go in the TTPYO thread. Welcome to the Matrix.