Google Data Protection Audit Report Published

Have you ever seen the the ICO auditers? If your company was to receive a call from them, how well do think you would fare?

This week the UK Information Commissioner’s Office (ICO) has published an Executive Summary of its Data Protection Audit Report on Google, following the revelation that Google were inadvertently collecting wi-fi signals while mapping the country. According to their website, the ICO carries out consensual audits with data controllers to assess their processing of personal information.

Last year the ICO became aware that that Google Street View vehicles, which had been adapted to collect publicly available wi-fi radio signals, had mistakenly collected a limited amount of payload data, likely to include a very limited quantity of emails, URLs and passwords. Google agreed to facilitate a consensual audit by the ICO.

The framework that was included in the audit scope is as follows:

Framework: Google will conduct an internal assessment and provide a confidential written report (“Privacy Report”) to the Commissioner. This Privacy Report will analyze Google’s implementation of the privacy process changes it outlined on October 22, 2010 as it applies to Google’s UK operations. The Information Commissioner’s Office may then validate the Privacy Report’s accuracy and findings via an in-person meeting to review the Privacy Report at Google’s U.S. headquarters or at the offices of Google’s UK subsidiary. Google shall provide the Privacy Report to the Commissioner before such meeting.

Google has responded to the ICO report citing that the findings provided “reasonable assurance that Google have implemented the privacy process changes outlined in the Undertaking.” This was posted on the European Public policy Blog by Alma Whitten, Director of Privacy, Product and Engineering, whose appointment was announced on 22 October 2010.

While there are a few areas for improvement noted in the executive summary, there are none that would warrant the description of Earth shattering proportions. We would consider that any company that had been subject to a consensual audit by the Information Commissioner’s Office would be quite satisfied with the report. Knowing how good Google are at marketing, they will probably want to make capital out of it too.

Before we leap to judge Google, it is worth pointing out that in UK, the Data Protection Act 1998 requires every data controller who is processing personal information in an automated form to notify the ICO, unless they are exempt. Failure to notify is a criminal offense, and entries have to be renewed annually. If you are required to notify but don’t renew your registration, you are committing a criminal offense. Do you need to register?

If your company was to receive a visit from the Information Commissioner’s auditors, even with nine months notice like Google, how well do think you would fare? How many pieces of personal data has your company inadvertently collected over the years, and are still retaining for no legitimate purpose? Perhaps it would be worth a visit to the ICO website to find out if you need to do something now?

For more on the story:

Beware of Emails Bearing Gifts

Have you seen an email entitled UPS notification? Have you received an unexpected email telling you about a parcel sent your home address, when you have nothing on order? Do you feel excited at the thought of getting an unexpected gift?

Unfortunately, that is not a mysterious present in the post, but a piece of malicious software, or malware, called the UPS Notification Virus. This is an automated attempt to install a Trojan on your computer, which is a piece of software that would connect to a medium risk domain in Russia and subsequently download all manner of undesirable additions to your computer.

If you are fortunate enough to operate behind a corporate firewall and email gateway this will be intercepted by the mail scanning software, and all you will get is an email with the subject line something like: WARNING. Someone tried to send you a potential virus or unauthorized code. If you see this message you need to do nothing further; the threat has been eliminated by the software.

At home, if you have up to date anti-virus software installed, you may see the email with an additional marker like [Quarantined], or a message from the anti-virus software manufacturers indicating that the threat has been removed. In this event you need to do nothing further except keep your anti-virus software current.

However, if you access your email by a webmail client, and do not subscribe to an anti virus service, then you may see an email in your inbox with the subject of UPS notification. Preview of the email will show you something like this:

Dear customer.

The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.
© 1994-2011 United Parcel Service of America, Inc.

In this event, DELETE the email and do not attempt to open the attachment. UPS may sometimes send emails, but generally does not include attachments. If you see this email on a company computer then please additionally inform the local ICT helpdesk, to alert them so that they can investigate how the message reached you.

Remember

  • Only disclose your email address to known individuals and organizations
  • Only open email and attachments from known and trusted sources
  • If in doubt, check with your local IT department or support person if you are not sure that an email is genuine

Why We Should All Stop Using IE 6

It has been just about six months since we mentioned the dreaded IE6 in a blog post, so it is again time to let rip on the subject.

In this instance however, instead of just ranting about the state of senior management and decision makers who chose to ignore the problems caused by continual use of IE6, it is time to adopt a different tack! The way to change the way people think is to give them the facts and allow them to reach the conclusion themselves. Rather than berate, let’s educate!

To that end we are collecting sound reasons why any business, organization or government body tied to IE6 might like to consider moving away from the obsolete browser. If you like, we are quietly going to collect the facts for the business case for updating from IE6 to a better browser.

Just for starters, the three most common responses to the question “Why Should We All Stop Using IE 6?”we get from web developers are:

  • Security vulnerabilities which make it a target for crackers worldwide
  • CSS support is problematic (doesn’t support newer CSS and HTML features)
  • JavaScript support is Microsoft proprietary nonsense.

OK, we had to clean up the comments a bit to make them publishable!

Then from the user’s point of view, what about tabbed browsing? Tabbed browsing facilities makes users more productive as they can work more efficiently. But what other advantages to the users are there?

If you want to contribute to the business case for ditching IE6, is there anything you can you do? Well, you can start by sending us the list of your pet IE6 hates. If you are a developer, tell us the features that are missing in IE6 which hold back sites you are developing for your customers. If you are a user, forced by company policy to stay on IE6, what way are you disadvantaged? If you are a business with an Internet presence (and what business doesn’t?) how much extra does it cost you to maintain backward compatibility with IE6?

Are you still clinging to the mistaken belief that there is plenty of life in the old IE6 dog yet, then consider that IE10 is not that far away; The IE10 Platform Preview Guide for Developers provides an early look at the developer features coming to the next version of IE! Check it out and see the Internet Explorer Platform Preview Guide for Developers (opens in a new window).

Other anti IE6 sites and additional resources (all open in a new window):

To do your bit for humanity, post your constructive comments below and we will collate them and make sure that they are taken to the authorities responsible for holding on to IE6. Please don’t bother spamming, as spam comments will never be published.

Are Automotive Autopilots The Future Of Personal Travel?

Just for a change, let us venture away from the technology of personal computing and productivity, and into the automotive area. On-board computers have been getting smarter, just like hand held technology, so automotive manufacturers have had plenty of scope for adding new features like smart cruse control, automatic breaking and auto-park. Now those features have been taken a stage further so it is possible to see automotive autopilots becoming the future of personal transport.

Since it became known that Google has been using using driver-less cars for some time, a few things have happened. Firstly people have divided into two camps, those vociferously against the idea on all sort of grounds, and those for whom this technology could be start of the brave new world. Secondly, legislators have started to take notice. The US state of Nevada has set in motion Assembly Bill 511, which requires the state’s Department of Motor Vehicles to write rules of the road for self-driving cars.

According to news announcements, Google’s fleet of six Toyota Priuses and an Audi TT drove more than 140,000 miles and almost all of them were on auto-pilot, though Google staff manned the cars but not the controls. The only incident occurred when a car driven by a person rear-ended one of Google’s cars. The trials were conducted with safety as paramount, and having informed local law enforcement, and each trip was preceded by a normally driven car recording the route to be traveled. Never the less this is a significant step forward in motor transport technology.

The knockers have had plenty of ground for resisting this particular advancement, including potential loss of jobs, issues of safety, challenge of unpredictable circumstance and personal resistance. One commentator puts it succinctly when he said (in the style of the American NRA) “You’ll have to pry my 5-speed manual transmission from my cold, dead hands.”! This attitude has been captured by marketing types, as one automotive manufacturer, Dodge, have even incorporated this resistance into their commercial for the new 2011 Charger, see below.

On the plus side, the expected advantages of this technology include potentially safer roads, less pollution, higher traffic density due to the elimination of human response times, and freeing up of personal time for the driver. It could even allow for platooning, which is a concept of grouping vehicles into platoons which decrease the distances between cars using electronic, and possibly mechanical coupling, as a method of increasing the capacity of roads. The idea is attractive to local government organizations responsible for roads as it does not require expensive road sensors to be be built into the carriageway, or special trackways like some earlier attempts at driver-less cars.

Whatever your point of view, this is a technology which has the potential to change the way we use the roads, and may make the future for personal transport completely different to everything which has gone before. Automotive Autopilots may be the future of personal travel.

For more on the subject of Google and their auto-piloted cars, see the following links:

If you want to see the 2011 Dodge Charger Commercial check out Dodge Rebels Against Robots in New 2011 Charger Commercial