For years data protection watchdog the Information Commissioner’s Office (ICO) was regarded as a toothless tiger.
It sounded big and scary and delivered stern warnings about the importance of data protection, but it could do very little about any data breaches, except perhaps wag its finger.
Then in 2010 everything changed. It was given fining powers to the tune of £500,000 and since then it has levied over £4m against organisations. But some may now consider it something of a heartless hound.
The latest to fall foul of the ICO’s desire for justice is the British Pregnancy Advisory Service (BPAS). The charity provides help and guidance for women with an unplanned pregnancy, from abortions to counselling and more besides.
For some its work is contentious and in March 2012 an anti-abortion hacker used his computing skills to wreak havoc on its website, defacing it and stealing details about those who had contacted the charity for help.
The hacker – James Jeffrey – got almost three years in prison as a result of the incident.
As the hack affected personal details of members of the public, the ICO got involved and its investigation found several technical lapses at the BPAS that made the incident worse than it should have been.
The long and short of it is that the BPAS now faces a fine of £200,000 for an incident which, as its CEO Ann Furedi understandably points out, was caused by a hacker who is now almost seeing his actions rewarded.
“We accept that no hacker should have been able to steal our data, but we are horrified by the scale of the fine, which does not reflect the fact that BPAS was a victim of a serious crime by someone opposed to what we do,” she said.
“It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way."
Furedi also said the fine was “out of proportion” when compared with others the ICO has handed out, especially when those organisations’ breaches were not caused by criminal behavior.
- Glasgow City Council fined £150,000 after losing 74 unencrypted laptops, including one containing more than 6,000 people's bank records.
- Aberdeen City Council fined £100,000 after a member of staff inadvertently posted data relating to the care of vulnerable children online.
- Islington Council fined £70,000 after details of over 2,000 residents were released online due to a basic misuse of Excel by a staff member.
Even if the BPAS pays its fine early – by the end of March – it still faces paying £160,000, more than any of those listed above.
None of this is to say the ICO has acted unreasonably though: it has to enforce the law and if it encounters incidences of poor data protection – as in this case – it must take a stand so others sit up and take notice. If other firms and charities up their game after seeing a fine being levied, the public are better protected.
Conversely, if it does not issue a fine, it will be seen as weak and unwilling to take a stand, while any organisation that is fined can make a claim to being harmed. A council delivers vital frontline services and a fine will hamper its efforts to do this, it could be argued.
Clearly, this is a controversial case, driven by the scale of the fine. The fact this money will end up in government coffers – having been given to charity – is also questionable, as noted by Stewart Room, partner at law firm Field Fisher Waterhouse.
“The users of the BPAS charity services have high expectations of privacy and any security weakness that could expose them is bound to trouble the regulator,” he said.
“But the financial penalty regime here is moving money from the collection jar direct to The Treasury. Perhaps the cash could be better spent on improving security and data protection at the charity?"
The BPAS is now appealing the fine in what could prove a fascinating case to see if the ICO's desire to fine can be tamed.
By V3's Dan Worth
Ever since revelations of mass spying, data gathering and web surveillance broke last summer there has been shock and outrage at the government's intrusion into the lives of innocent web users around the world.
However, amid the entirely justified furore caused by the documents leaked by Edward Snowden, there has also been an underlying tone of ‘quelle surprise’.
We all used to joke that governments were spying on us and – hey presto – they were. And as they insisted on telling us, the data they gathered was only metadata, nothing that made citizens identifiable. Yes it was wrong, a bit over the top, but it wasn’t that bad, and after all, it was in our own security interests.
However, things have taken a darker, more insidious twist this week with the news that Yahoo webcam users were spied on by GCHQ and millions of images were taken and stored, many of which caught people in a state of undress.
This isn’t metadata. This is taking photos of people inside their own homes. MP David Davis said the revelations "exceeded even the worst Orwellian nightmares".
"Even in 1984 the citizen was aware that they were being watched,” he added.
It’s worth repeating to really drive this home: the UK government has taken photographs of millions of people inside their own homes, without their knowledge, in order to create a giant mugshot database of innocent citizens.
How on earth did such a system come to be in place? Who devised it, designed it, created and approved it? Who oversaw its operation? Did anyone ever raise a concern that this could be ever so slightly immoral, illegal, outrageous?
To date, the security services have managed to avoid any true scrutiny of their work, hiding behind bland stock statements or the classic ‘that’s a national security issue’ line.
Still, while it is unrealistic to expect spy chiefs to tell all about their efforts to protect us grateful citizens – What would they say anyway? Yes, we take naked photos of you, sorry – there are some with the power to keep the spies in line.
One of these people is the intelligence services commissioner, Sir Mark Waller. His role is to provide “independent judicial oversight” of MI5, MI6 and GCHQ and is appointed by parliament.
So his role should involve monitoring these agencies, and reporting on their work and how it is being conducted whenever he is asked to do so by those in the parliament that appointed him.
But in order to get Waller to do this, a committee of MPs – the Home Affairs Committee – have had to force him to do so, so they can find out more about what it is he’s actually overseeing. It’s positively Kafkaesque, to add to the Orwellian reference earlier.
Not only that, but Waller had tried to palm off the Committee by pointing its members in the direction of a report that covered the work of the services between January and December 2012, published in July 2013.
This was at the same time as the Snowden revelations were just appearing, and the report is no help seven months later, when the world’s understanding of the spying being carried out by governments is still only just being understood.
Waller will now give evidence on the 18 March, in a session that is likely to prove testy, and will no doubt feature the phrase ‘I can’t discuss that’ once or twice.
For the rest of us, we are now living in a world that is ever-reliant on digital communications, but where our own government is monitoring it all, from phone calls and emails, to taking photos of us in a state of undress, while those in charge are seemingly immune to any scrutiny.
Orwell may have been 30 years early in his predictions, but he was right. Terrifyingly right.
By V3's Dan Worth, who hears a clock striking thirteen
With much of the south of the UK currently underwater and suffering from storm damage and power cuts, things are pretty bleak for many.
So anything that can make a small difference is to be welcomed and the good folks at Tech City have done exactly that by co-ordinating a ‘hackathon’ session in the capital to try and develop apps for those in flood-hit areas.
On Sunday around 200 developers, both individuals and employees from the likes of Twitter, Microsoft and Google, got together to use open data about the floods provided by the government to cobble together quick and useful apps that could prove helpful for those affected.
Teams were formed and each put together a two-minute pitch for judges from the Cabinet Office. Those picked out included UKFloodAlerts, which can be used to warn users of risks from burst rivers, power cuts or impassable roads.
Another chosen as a winner was called ViziCities that uses data from the ViziCities platform to make 3D maps of the flood level to make it clearer how areas have been affected.
Joanna Shields, Tech City UK chairman who led the initiative, praised the efforts of those involved and said it proved the “power of government opening up data”.
“In a meeting on Friday convened at No. 10 Downing Street, [the] government called on the tech community to best use its wealth of flood data and the response we’ve seen from developers has been fantastic,” she said.
“Over the course of the weekend we had hundreds of people volunteer their time to produce genuinely innovative apps that are testament to the creativity, imagination and generosity of our local tech community.”
The hope is that the apps will now go live and those in affected areas can get them on their phones and have a little more information about what's happening in their area. It may not be much, but it all helps, and underlines the potential of open data to help the public.
By V3's Dan Worth
The director of the government's Year of Code Lottie Dexter, who will be taking charge of the latest computing education scheme, does not know how to code.
In a performance best described as uncomfortable, longtime Newsnight interrogator Jeremy Paxman set about attempting to understand exactly why children should be taught to code.
"I'm going to put my cards on the table, Jeremy, I can't code," she said with a smile. Perhaps this is fair; maybe the Year of Code scheme's ambassador should go through the experience of learning to code along with the rest of the nation.
"Perhaps I could be the next Zuckerberg," she quipped.
Sadly, however, there is also a worrying lack of awareness about the new curriculum. "How long does it take to learn to teach to code?" Paxman asked, sitting back in his chair.
"I think you can pick it up in a day," she responded. Now, even for experienced secondary school teachers, we can safely say this isn't true. Simply understanding the broad wording of the new curriculum will be challenging enough, let alone understanding how to best turn a fairly dry topic into something exciting.
For primary school teachers, who likely have little to no experience in the field of computing whatsoever, the challenge will be even steeper.
It continues a long-running trend of the government overlooking the huge effort teachers are going to have to make this year. A little bit of humility is all that's required to show us that the government truly understands the difficult months ahead.
"I started a campaign last year," said Dexter. "And if I had learned code at school I could have done a website, I could have done an app and I would have saved a hell of a lot of time and a hell of a lot of money and could have done it a lot better." To be fair, though, if she had, she probably wouldn't have had time to actually run the campaign.
By V3's Michael Passingham, who believes neither Rome nor Facebook was built in a day
As noted by myself and numerous big-name figures in the public and private sector, the damage the PRISM spying scandal could inflict on the global economy and key industries, such as the cloud, is catastrophic. By being caught snooping not only on foreign firms, but also a number of political figures in countries that are supposedly allied with the US, the NSA seriously damaged international trust.
This was showcased to great effect in 2013 when Deutsche Telekom said it was considering re-routing all user information through German data centres and servers, in a bid to protect its customers from NSA snooping.
For this reason, I was overjoyed last week when president Barack Obama promised he was going to explain what new measures and safeguards he planned to put in place to ensure a scandal like PRISM does not reoccur.
However, come the big day when he took the stage and began outlining the new measures, my feelings towards his proposed reforms were at best mixed.
On the one hand Obama got a lot right. The US president said he would work to change the way PRISM requests could be handed to companies and increase the amount of information that the businesses involved can disclose to the public.
Specifically Obama pledged to put in place a series of fresh measures created by the attorney general, on how requests using the US Foreign Intelligence Surveillance Act (FISA) and National Security Letters can be made.
FISA and National Security Letters were used by the NSA to force numerous companies, including Google, Yahoo, Apple and Microsoft, to hand over vast amounts of customer data. The nature of the requests means the companies are not allowed to disclose what information was handed over without risk of arrests. The secret nature of the requests is one of the key reasons many people and businesses are still concerned about the safety and sovereignty of their data.
Even better, Obama also promised to make sure the public sector and general public would be represented in the approval process of data-gathering campaigns. He pledged to create a new independent, non-governmental panel of advocates to appear at the secret courts, which will approve or deny operations such as PRISM. Candidates for the new panel of advocates will be approved by congress.
All this sounds great, right? Well on one level it was...until Obama went on the offensive against PRISM critics, boldly saying the US would not apologise to groups or countries affected by PRISM.
"Many countries, including those that feigned surprise following the Snowden revelations, are trying to penetrate our networks. Our agencies will continue to gather intelligence on foreign governments' intentions. We will not apologise for doing it better," he said.
Worse still, in a move all too familiar to those that lived through the Bush era, Obama resorted to constantly mentioning 9/11 as a justification for operations such as PRISM. For me, this is serious cause for concern.
After all, Obama failed to disclose key details, such as what information, or how soon after receiving FISA requests companies will be able to reveal to their customers that they handed information to the NSA. Additionally, by vetting candidates for the new independent, non-governmental panel of advocates through congress – a body full of individuals that serve the US – it's unlikely that European businesses' concerns will be high a high priority.
As a consequence, while the new reforms have the potential to help ensure scandals such as PRISM don't reoccur, they also have the potential to be completely ineffectual; the outcome will be determined by how the US government choses to implement them. As a result, for now at least I can't see Obama's reforms winning back the trust of any concerned European business or governments.
By V3's Alastair Stevenson
"Turn around where possible," your satnav says when you're doing something silly. The Department for Transport (DfT) looks to be under similar instruction with its stance on Google Glass.
In August, the DfT said that it would be "in discussion with the police to ensure that individuals do not use this technology while driving" before anyone from the department had even had the chance to try out the tech for themselves. Now, according to Sunday Times Driving supplement, they may be having a change of heart, and the possibilities are exciting.
"We have met with Google to discuss the implications of the current law for Google Glass," it is reported as saying. "Google are anxious their products do not pose a road safety risk and are currently considering options to allow the technology to be used in accordance with the law."
That's a pretty big change of heart, although it remains to be seen whether it will be legal in the UK, more importantly, the rest of the world. The state of California is currently debating the legality of Glass, for example, and we hear there are a lot of cars in that neck of the woods. Meanwhile, Nissan is developing its own '3E' glasses for in-car use.
So, assuming Glass is actually legal, what can we hope to do with it? Well, Mercedes has a few ideas. In-eye and in-ear satnav is a given, and is already in the very early stages of development. Another, less obvious use for the hardware is the displaying of a car's rear-facing parking camera to allow people with neck pain not to have to turn their heads.
At the moment, more in-depth info about your car such as fuel, mileage and speed doesn't work with Glass, but with Google having announced a partnership with firms such as Audi, Honda and General Motors, we can't imagine Android and Glass compatible cars being far away.
Sunday Times Driving reports that manufacturers are justifying the legality of Glass by saying the superimposed images displayed don't require drivers to look away from the road, similar to a windscreen-mounted satnav.
Road safety organisations want to make sure users are given ample choice as to the level of interference posed by their headwear, asking for what would in effect be a "driving mode" for headwear that connects to a smartphone.
There's certainly a line to be drawn between apps that are suitable for driving and those which are not. Playing Angry Birds on your Glass using eye and head movements, for example, would be utterly inappropriate.
We still don't know how much Google Glass is going to cost, and its uses while walking around town are questionable. In-car headwear looks like a much more exciting proposition, although whether it's anything more than a gimmick remains to be seen.
By V3's Michael Passingham, who will drive you round the bend
In fair Euston we set our scene, where news has emerged that author Mark Forsyth discovered that newly installed WiFi filters at the British Library have banned possibly the greatest work in the history of the English language: Shakespeare's Hamlet.
The filters were acting overzealously to some of the more bloody elements of Hamlet, which is about murder and revenge, after all. The British Library acknowledged the error, blaming the newly installed WiFi service, which it offers free, for being set too strictly.
"We have recently introduced a new WiFi service. It’s early days in the implementation of this service and we are aware that the new filter has been blocking certain sites erroneously. We are actively working to resolve this issue," it said in a statement.
There’s a nice element of irony in this, as it shows just how ridiculous filtering can become, especially as the government attempts to impose this upon internet service providers, claiming it will protect people from horrible content. The filters may protect them from a few dodgy sites, but they will also stop them reading the nation’s greatest writer.
In honour of this story, and with our deepest apologies to The Bard, we humbly offer this sonnet, telling the tale in rhyme.
In the halls of the British Library
An institute of learning and knowledge
Filled with scholars and students from college
A man uses the WiFi, offered free
He searches ‘Hamlet’, the Bard’s finest tale
Told with wit, charm and artistic license
But also filled with death and violence
So much so it is deemed beyond the pale
By the WiFi filters that have been set –
So nasty and evil sites can be blocked
And rightly too, so users are not shocked –
But they have ended up banning Hamlet!
Shakespeare would laugh at our filter terrors
Calling it a comedy of errors
By V3's Dan Worth, who hopes his creative writing teacher would be proud
The organisation that represents the concerns of mobile network providers has lashed out at EC commissioner Neelie Kroes' comparisons between the dairy industry and mobile network operators.
Tom Phillips, chief government and regulatory affairs officer for the GSMA, said Ms Kroes' comments were "beyond the pail". He was referring to a press release published by the European Commission earlier this week, which inferred that the prices consumers pay for mobile services differ far too much throughout the EU.
"There are much smaller price differentials in other categories of basic goods and services in the European single market. For example a litre of milk can be bought for between €0.69 and €0.99 wherever they are in the EU, a price difference of 43 percent," it said.
Philips was intolerant to this comparison, striking back with some dairy comparisons: "Dairy producers are not rolling out 'next-generation' milk infrastructure that is central to European economic competitiveness," he stated.
He then continued to milk the issue: "Nor are they meeting consumer demands by offering people 'all you can drink' contracts."
Kroes wants EU consumers to have free choice over where they make calls, and suggests that the pastures in the US are much greener, with a single market policy for mobile network providers. After poring over the press release, Philips decided it curd not be a fair comparison, adding that that instead of moo-ving forward with even stricter regulation, the EC should consider "co-ordinating the release of spectrum made available through the digital dividend".
Also, after (semi-)skimming over the data the EC presented to make the point about price differences, we found that the information was also a couple of years past its sell-by date; only statistics from 2011 were available to make the point. We contacted the EC to see if any fresher data was ready for market, but there was none.
All we can say is that this issue has turned rather sour.
By V3's Michael Passingham, who thinks the EU is in a glass of its own