Posts by Mike 137

Re: Study philosophy!

"A computer that understands text becomes Artificial Intelligence"

A computer that could understand anything at all would possess intelligence. As we don't really know what understanding is, it's proving (and always going to be) hard to replicate, but there's evidence that it's intimately tied to emotion and motivation, which is an interface between the body and the universe around us. For this reason if no other, just as the disembodied 'brain in a vat' of the horror movies is unrealistic, expecting a transistor circuit (however complicated) to exhibit emotion and motivation (other than as a limited simulation of the human traits based on our extremely partial understanding of them) is not foreseeably feasible.

BTW as a qualified translator, I've watched "machine translation" since the mid-70s, and to date it's never been as good as a competent bilingual person who knows the subject of the text.

In any case, why are we so keen to replace people with machinery? I note (anecdotally) that it's always someone else in line to be replaced, not the AI worker.

Re: That was nice

"The GDPR applies globally to the information of EU citizens"

Actually it applies to data subjects in the EU, so US citizens (and other non-EU nationals) while present in Europe are also protected - insofar as anyone is actually protected. The GDPR is emerging as having very small teeth except where mega-corporations or massive data breaches are concerned. As always, de minimis non curat lex and most individuals seem to be minimal as far as this law is concerned. Here in the UK, enforcement is so poorly resourced that it not only takes some 3 months for a case officer to be assigned to a complaint, but (I would hazard) the majority of complaints by single individuals are apparently not pursued.

Re: Misguided

"When I taught computer science some of my best students were women"

Yes, and when I worked in physics research there were about equal numbers of brilliant post-docs of both genders, despite the majority of post-docs being guys. In ecology research there were more female post-docs than male, but the proportions of brilliant post-docs was again about equal.

One of the unnoticed problems that might contribute to the current imbalance is the shallowness of our general exposure to "technologies" - we're encouraged to be primarily passive consumers of complex technical artefacts created by supposedly smarter magicians, delivered on the basis that you don't need to know how it works, just use it (aka toys).

I've spent many years trying to reverse the trend by creating simple but useful digital systems that users can understand and build for themselves, but it's always been an uphill struggle. The high integration black box modules still dominate the market and the funding. 99% of crowd sourced electronics projects are in the too complex to understand category for the young folks we would hope to engage with and inspire to become engineers.

There's a noticeable progressive decline in the median quality of electronics hardware and software, which may at least in part derive from the building blocks now considered the norm being too complex and abstracted. We're increasingly relying on the equivalent of flat pack assembly that sidesteps (and thus does not inculcate) understanding of principles.

Re: Dumb community

"the entire community has been dumbed down to the role of copy and paste bots"

and these copy & paste bots are creating the next release of the software you rely on for your business or your online security.

As I've mentioned a few times before both here and elsewhere over the last few decades ;-) anyone who tries to solve a computing problem by immediately launching into coding has completely failed before they started. Engineering consists of [1] first defining the problem, [2] then defining an approach to solving it, [3] then creating a solution using that approach, [4] then testing it to make sure it not only works but is robust and safe and [5] finally packaging it in a convenient presentation. Ever since "Visual <whatever_language>" step 5 has come first, and since pseudo-agile took off, only steps 5 and 3 (in that order) seem to be conducted at all.

Re: Good riddance!

Stalin thought up the infamous law that rendered you liable to arrest for not having reported someone who was subsequently arrested. The prison camp population burgeoned, which was useful as a source of forced labour. <sarc>So nothing's wasted...</sarc>

Re: Already in use?

And take a look at the "reviews" on Source forge. Typical - "nice app!"

I am old fashioned, but I expect a review (or a comment) to impart some information I can consider making use of in forming a judgement of my own. However, as far back as 1942 Erich Fromm wrote "We are proud [...] that we are free to express our thoughts and feelings, and we take it for granted that this freedom almost automatically guarantees our individuality. The right to express our thoughts, however, means something only if we are able to have thoughts of our own."

This is becoming difficult as the information we can gain access to is increasingly both homogenised and "personalised" by crude automated filters under the control of faceless behemoth business. So this comment generator is just another small step for mankind. We'll all finish up like the protagonists of E. M. Forster's "The Machine Stops" (1928).

Re: GDPR?

You're right in principle that an email address can be personal data (not "PII" - there's no such definition under the current legislation), but only if it can be associated with a personal identity by the data controller.

So AB12345@some_free_mail_service.com is probably not personal data unless combined with other information to uniquely identify a person. However, aggregating other data associated with that email address would make the entire aggregate become personal data the moment the aggregate is sufficient to identify the individual. On the other hand, an email address such as Anne.Other@some_free_mail_service.com is more likely to be personal data in its own right.

But the name is not the necessarily the issue. If I live on a street with a common postcode for 20 houses, that postcode is not personal data. Supposing I restore steam engines, that's not personal data either. But both these pieces of information together may be personal data if I'm the only one in the street that restores steam engines, even if my name is not included in the record.

Re: Crapita

This goes to the crux of the issue - the "personal service company". Some clever person decided that if the directors also deliver the company's service to clients it's a different kind of company from that where the directors sit on a board and employ others to deliver the service. Capita et al fall into the latter category. We individual contractors fall into the former. There's no rational or logical reason for the distinction, nor is it (as far as I know) grounded in company law, but the makers of regulations have never been concerned about that kind of thing. However I wouldn't be very surprised if someone found out that the big consulting firms had a strong influence on the decision. All is fair in love, war and capitalism.

Re: Regardless of which side of the fence you are on.

It's not statute, but it is law. Our legal system is grounded in Common Law, which is essentially accumulated precedent. Of course we also have Statutes (written laws reviewed and passed by Parliament) and also Regulation (written law created by ministerial fiat and not reviewed by Parliament). It's overall a bit of a mess, but it's worked (more or less) for at around 300 years so far. However there's an increasing and worrying drift towards Regulation. This Supreme Court decision (although not setting any precedent) is a strong and welcome indication of resistance to the trend.

Re: Not really Amazon's fault

Given the approximately 90,000 pages of UK tax "guidance", simplification is indeed an excellent idea. However I don't hold out much hope for improvement.

Re: Bobbies on the Beat

What they actually seem to be saying is that an uneven distribution of bobbies on the beat (more in some areas than others) will inevitably result in higher detection and prevention rates where there are more of them than where there are fewer. If, in an ideal world, PC Dixon and colleagues pounded the beat everywhere at the same rate, the differential would not occur. The problem is that policing has got too costly (like a lot of other societal goods) so there aren't enough bobbies to go round. Hence the (unfortunately flawed) notion of trying to predict where they'll be most needed. Its origin is little different from that of the robotisation of contact centres, self service checkouts, online "help" systems etc. - people have got too expensive, so we try to replace them with "technologies" we assume to be perfect until we find out too late we were wrong.

So this is just a badly thought out part of a desperate attempt to make do with inadequate resources. There's no hidden agenda in it, but that doesn't mean it won't backfire spectacularly if it gets to be the norm.

You're lucky Lazlo!

I get 400 kilobit at best over a copper last mile, and that I'm not remotely rural - 4 miles outside the M25. There's a fibre cabinet within a three minute walk, but my "last mile" apparently runs all the way back to the exchange on the other side of town. I don't know how true it is but I've been told that to connect to the cabinet I would have to be a BT broadband customer - no thanks, higher prices, worse service.

Re: If only...

"GDPR adopted in the US would [...] provide great consumer protection"

Unfortunately GDPR is turning out not to provide as much consumer protection as was hoped. There are numerous examples already of it being almost completely ineffective. Quite apart from widespread actual neglect of the law, it's easy and common to circumvent its intent while still appearing compliant, e.g. by invoking "legitimate interest" as a blanket basis for processing.

The greatest weakness of the legislation is that it's not policed. Enforcement relies on complaints, which means that most instances of non-compliance remain under the radar. Only a tiny proportion of actual instances of non-compliance are ever proceeded against. Plus, the sheer complexity and invisibility of multi-tier data sharing (e.g. via "web analytics" and automated ad broker trawling) can make establishing a supportable complaint well-nigh impossible.

Adoption of the GDPR in the US would make data transfers between the EEA and the US easier to justify, but would not in any sense make them safer unless compliance with the sprit and purpose of the legislation by all parties concerned were ensured.

Re: Fahrenheit?

Actually, decimal is based on most people having 10 fingers. Metric is a decimal system but that's not what makes it metric. Although the definitions of the standards have been "refined" progressively in terms of objective physical constants, the fundamental basis unit - the metre - started out (in 1793) as a ten millionth of the distance from the equator to the north pole. This standard was adopted from 1801, but in 1858 the distance was found to be incorrect (and thus the metre not based on absolute science). The adopted definition was nevertheless left unchanged. The metre is to the present thus an arbitrary standard. As most of the other metric units are derived from it, they are essentially arbitrary too (just like the king's foot).

Re: Actions not people?

It's difficult to understand the mechanism of the search these days. Even for non-commercial sites, the results returned vary day to day from the same search terms, and Google interprets your search terms in what seems an arbitrary manner - e.g. sometimes, adding a search terms can increase the number of returned results. One can only assume that they're not responding directly to your search terms, but to some local interpretation of what they think you intended to mean. Ergo, Google is trying to do your thinking for you.

Re: Odd decision.

The GDPR doesn't require the data subject to consent unless the data falls within the Article 9 categories.

If a "scraper" collects personal data other than from the data subject, they have to inform the data subject under Article 14. In such a case as this, working out how to do this in accordance with the regulation might require some thought, but collecting the data in this way is not intrinsically unlawful.

The database right might not apply in this case. As the data subjects (not LinkedIn) provide the data, and only under T&Cs requiring accuracy, Linked would probably have difficulty arguing a substantial investment in either "obtaining" or "verification", so the only basis open for claiming the right would likely be "presentation". It would be interesting to consider whether that right were applicable if the data were scraped without preserving the presentation.

Re: Irrelevant

As a Data Protection consultant I can absolutely confirm your comment. And in many cases (over 90% of a random sample we're shortly reporting on) those changes are not fully compliant with the legislation.

The key purpose of compliance to most businesses is to periodically satisfy the auditors, who mostly examine paperwork, not practice. The difference here is that, unlike ISO and similar compliances, there's no auditing until after the fact (a data breach or a complaint), which means your performance is only investigated from an adversarial position. Unless your documentation is watertight and accords with your practice and both comply with the law, you'll fail the audit and be penalised.

Re: What a complete plonker!

"The more the system does, the less likely a driver is to be inattentive"

do you really mean this (more automation, more attentive driver) or do you mean "the more likely a driver is to be inattentive" or "the less likely a driver is to be attentive"?

Re: "4G still remains patchy in large parts of the country"

10 miles from Watford Hertfordshire I can only get a mobile signal by hanging over the bathroom sink, and even that can drop out if I turn my head.

I also get 450kb/s broadband, so despite Gt. Bernera being given Gb/s, the real propsect of generally available high speed communications seems remote.

Re: Irony

The key question has to be whether the primary benefit of cross site profiling is to the advertiser or the ad broker. I have a strong suspicion (based on extensive observation) that the advertiser is frequently quite disengaged from the actual serving of their ads - they buy a service "fire and forget" and pay the invoices as they arrive. The broker, on the other hand, obtains a huge demographic database it can use as bait to attract new advertisers. So the primary benefit is to the broker, and both the individual profiled and the advertiser become merely grist to its mill.

Not by chance are these ad broker behemoths the valuable companies on the planet. But because nobody dare stop advertising in the cutthroat world of commerce, the risk is too great to try alternatives to the snake oil. That is indeed the epitome of irony.

Re: Hydrogen? Seriously?

"and charge it at home every night"

More than half the cars in Britain are parked on public roads as the owners don't have a drive or garage. In many places there are sufficient cars that no specific parking place is ever guaranteed - coming home from work, I frequently have to park a couple of streets away from where I live. So who gets the public overnight charging point? Those rich or lucky enough to have their own drive and afford to put in a charging point won't be affected, but they're the minority, and by the way converting your front garden into a parking space has other detrimental effects on the environment. Quite apart from which, this and the article it links to (and indeed some of the comments) reveal another important side to the "electric good - fossil fuel bad" question.

The big problem about all these green policies is that each only looks at a small part of an extremely complex problem. Because of the way our society has evolved, for a large proportion of the population it's practically impossible to manage without a car - distance to adequate shops, the need to carry tools or goods, or commute where public transport doesn't run or is impractical. When they pedestrianised Oxford, a partially disabled colleague who used to drive for less than five minutes to work finished up having to change buses twice with a typical journey time of up to an hour.

Reducing car usage would therefore have to be accompanied by re-localisation of shops and services, huge reduction in the need to commute, and a wealth of other major changes, and all this must happen at once to be effective. And parties with vested interests (e.g. transport providers who rely on the "rush hour" for a major part of their revenue) will have to be accommodated somehow.

So unless we re-organise the entire way we run our societies, with all the implied conflicts of interest somehow ironed out, we won't ever fulfil the "legally binding targets for 2023 to 2032". Legally binding does not necessarily equal feasible. What we will more likely do is impose increasingly heavy restrictions on personal freedoms that bite hardest for the less well off. This is already happening - a friend suffered the ruin of his small business a couple of years back when his local council deemed his van too old to be parked in the borough without payment of a massive daily fee. Not because of its emissions (which were within legal limits), but just due to its age. At the same time, many of the local buses were belching black smoke without penalty.

To much far reaching policy is currently being driven by emotional appeal rather than by realities, and that approach has a better than 50/50 chance of resulting in costly failure.

Re: Why no whistle blower’s?

The ignorance, though deplorable, is not necessarily wilful.Some businesses employ lawyers as DPO, but the training of many of the others currently consists of little more than a one-week crash course and a multiple choice quiz. The UK DPO pay rate for the non-lawyers is also typically in the £25k bracket, which doesn't exactly attract the brightest and best informed. The real DPO role is a C suite position with a wide range of required expertise and responsibilities and a duty of independence, but this is not yet been widely understood. The very fact that the crash courses can publicly masquerade without challenge as adequate training for a role that could render a business liable to crippling penalties indicates the current inadequacy of public understanding, official guidance and regulation.

Re: "mobile versions will be easy to scale quickly"

Anonymous? Probably not. See When the cookie meets the blockchain and, with the prevalence of trackers (see Third Party Tracking in the Mobile Ecosystem), not just when making payments.

The fantasy of the single secure handheld all purpose device is mere Star Trek. It can never become a reality, if for no other reason that multiple purposes are bound to conflict with each other.

Re: because users barely took notice

They're in good company. Microsoft hid file extensions (ironically originally a Microsoft invention) "to avoid confusing users" decades back, opening the floodgates to malware.

Re: Missing the point

It's already allowed for:

Recital 10 "This Regulation also provides a margin of manoeuvre for Member States to specify its rules, including for the processing of special categories of personal data (‘sensitive data’). To that extent, this Regulation does not exclude Member State law that sets out the circumstances for specific processing situations, including determining more precisely the conditions under which the processing of personal data is lawful."

Articles 9.2(g) and 9.2(i) implement this.

Allowing that once the UK leaves the Union "member state law" becomes "domestic law" (see the Keeling Schedule to the GDPR), the powers can decide that almost any processing is "in the national interest".

Re: Well, you're leaving

""La République n'a pas besoin de savants [...]" 1794

That was a mistake too.

Genuine weaknesses of the GDPR

Quite apart from the right of access under Article 15, Article 14 requires a data controller obtaining personal information from sources other than the data subject to inform the data subject of the processing and their rights (as under Article 13 where the data subject supplies the information) and also of where the data were obtained from. So far all well and good, as the data subject should in principle have been informed, either by the data controller they provided their data to (under Article 13) or the recipient of a data sharing (under Article 14).

However Article 14.5(b) provides a discretionary get out clause (that I guess most behemoth data slurpers might choose to rely on) if "the provision of such information proves impossible or would involve a disproportionate effort".

Furthermore, it appears so far (there being very little precedent yet) that where a data controller shares personal data with a third party data controller on the basis of legitimate interest, the responsibility of the sourcing data controller is limited to the actual process of sharing (as a joint controller for that process) unless the sharing involves a "transfer" to a third country. Otherwise, the sourcing data controller is not responsible even for checking whether the recipient processes the data in accordance with the legislation.

Consequently, you've asked the $64,000 question. How indeed?

The ideal answer would be enforcement of Article 14 with strict attention to abuse of 14.5(b) to facilitate evasion. Given an enforcement regime that essentially relies on complaints (policing by data subjects) that's not likely to happen soon.

The position is in principle different if the third party is a data processor for the sourcing data controller, in which case the obligations are well defined. However even in that case two major problems have not yet been solved:

[1] Most of the behemoths that provide "processing" for data controllers under the GDPR nevertheless impose their own unilaterally defined non-negotiable contracts on the data controller. This inverts the status of the controller/processor relationship and should in principle be unlawful, but has not yet gained sufficient attention;

[2] Many of the behemoths providing "processor" services currently include in their privacy statements to data subjects AN assumed right also to act as data controllers for for their own purposes of the information provided to them in their capacity as processors. Whether this could be considered unlawful is still an open question, as the lawful basis usually relied on is the much abused "legitimate interest".

The greatest weakness of the GDPR is that it has not been in force for long enough. It is likely to take many years of precedent before all these issues are considered properly and ruled upon conclusively.