Re: Unwarranted Trumpanzee
Hopefully you're a troll. If not El Reg should probably have better moderation, but Elon probably won't sue.
2010 publicly visible posts • joined 18 Jun 2009
This is going to be the "I heard it from a friend who read it on an Internet forum" level of proof. Possibly based on the dubious syllogism issued by the Welsh police - "There are more bike thefts. More cyclists are using Strava therefore Strava causes bike thefts".
It might be true, and possibly is in a few cases. Being seen wheeling an expensive bike into your shed is a much more likely explanation.
"Well they get paid a lot more than I do. A little common sense isnt too much to ask surely?"
The only cases that make the headlines are the ones where common sense went missing. The other x thousand get no press attention at all.
However the specific problem is that *if* Bloggs goes on to do something naughty then the Daily Mail, Guardian and El Reg readers will all go "why was he allowed out at all when the computer said he should be arrested". And the PC will then go on trial for misconduct in a public office. Or manslaughter if the naughty thing involved someone dying.
So much, much less risk to just make the arrest.
Whilst we don't have Police false positive stats we do have research papers from Facebook, Google and university researchers and they show false positive rates on a par with humans (although not trained ones). So it's reasonable to assume the Police face recognition will be as accurate as a human spotter.
Nobody much complains about human Police spotters identifying trouble makers at football matches. So is this just luddite objections? Or are we concerned about effective enforcement of rules we're unhappy with and picking on the wrong target?
Read his CV please. He, and his friends, wrote most of the instruction manual being used by the UK security services. Or, more accurately, collated what they were/are doing into one place and brought it into the open.
Now if he is such a smart person (and he does seem to be) then you have to ask whether he's doing this because he's seen stuff that makes it clear these measures are justified, or that he's pushing as far as the political realities allow.
"He seems to actually know what he's talking about."
He's one of the finest legal minds currently alive. And, as a barrister, is very good at appearing convincing!
"So I fully expect uk.gov to try and discredit him and ignore every word he says."
Quite the reverse. He claims, and the evidence backs him up, to be the inspiration for large quantities of the Investigatory Powers Act, including the mass surveillance provisions.
And also NHS England:
"GPs or GP Practices are “data controllers” and have a legal duty to ensure all processing of personal data of their registered patients complies with all eight data protection principles of the Data Protection Act, Failure to do so carries significant risks.
"A data controller may assign some or all of the responsibility for data processing to another person, but their overall legal responsibility cannot be delegated or contracted out."
The BMA disagrees with you:
"GP practices are data controllers for the information they hold about their patients. Most practices will have 'data processing' arrangements with third parties, for example IT system suppliers carry out a wide range of clinical and administrative processes within the practice, but it is the data controller who retains responsibility for compliance under the Act."
"If those doctors record confidential patient data into a system then they cannot be held responsible by the GMC for it being shared in bulk at an organisational IT level."
Absolutely they can. Any Data Controller who uploads sensitive data into any system is responsible for having adequate contractual clauses in place to protect that data.
If doctors don't have those clauses in place with the NHS then they shouldn't be uploading data.
Otherwise doctors could upload sensitive data to Facebook, and then claim innocence when Facebook share it with the world.
A mild punishment that doesn't prevent him getting an honest job.
In some cases it may have a rehabilitation benefit too because it reduces the probability of offenders associating with trouble makers or being in a position to commit opportunistic crime.
In this case we don't know from the reporting if that's relevant, but it does look like just a cheap sentencing option.
"They are a processor of sensitive data (where someone is) "
You can look up sensitive data on the ICO website:
https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/
It doesn't include location.
Excluding home addresses *is* part of the Strava sign up process. And Strava's privacy policy explicitly acknowledges that people may be identified from aggregate data:
"If you make information or content publicly available on the Services, such information, even when aggregated, is capable of being publicly viewed and possibly associated with you"
There are plenty of bad boys in the industry, but Strava isn't one of them.
They have consent under current DPA for everything they do. They have consent under GDPR, although I don't think they need it (because storing location and deriving profiles from it is the whole reason for the service existing).
Need to go now, time for my daily catch-up with the GDPR lawyers.
It's a cool thing, just as a work of art.
It's a nice little way to boast about the scope of their services.
It's handy for traffic planners to see how runners/cyclists move about a city.
I tend to use it when going somewhere new to find out where the good cycling is, and I've used it to get off the bog of a bridleway I was on onto something decent.
"And, no, opt-out is not enough - people should at least have to opt-in to any data collection"
Strava is a data-collection site. That's what it does. You opt-in by uploading your stuff to jt, it doesn't magically track you without consent.
When I signed up the privacy zone was in the initial setup wizard, so it's a little deceptive for the article to call it off by default. It has to be off as far as it is, because Strava doesn't know where to put it unless you tell it.
Heatmap is just another example of it being really hard to anonymise through aggregation.
"If you're incompetent enough to post your keys to github"
When it comes to posting keys to source control, there are those who have and those who have yet to.
When you do it yourself, remember who you called incompetent.
(no, I haven't, but members of my team have and so have the people who laughed at them).
GDPR allows collective action for damages. So a law firm can try to collect, for example, damages for everyone who Facebook tracks without consent.
These guys already exist to "manage" the ICO complaint process, but with GDPR their options are greatly enhanced. In my view they are the biggest risk if you have lots of disgruntled customers, not the regulator. Two billion subject access requests, all needing to be completed within one month could take out Facebook (I dream).
Civil action for damages is completely unrelated to the fines.
B2B was/is different under the current regulations. What was permitted under the rules (marketing to business email domains without consent) won't be any more.
Unless you have an ongoing relationship with them, where it's reasonable to assume implied consent.
Organisations have no additional rights under the new rules but the people within those organisations are now treated as people in their own right, not as parts of the organisation. Does that makes sense?
That's how the lawyers explained it to me this morning when I asked!
We are taking advantage of the current rules to ask for consent now - before we aren't allowed to even ask.
At the moment, just as everyone is about to start their commute (obviously moderation delay means you'll see this lunchtime), the UK is generating 37% from gas and it's the only really short-term scalable option. So short-term the additional load will be taken up by burning gas, ignoring micro-generation. Long-term maybe we'll get more wind or nuclear. Solar isn't really going to help this time of year.
"a deep learning system ... cannot see something it has not been pre-trained to recognize."
That's just not true. You'd expect a classifier to pick out the things it recognises just like a human. So even if it had never seen a fire engine then you'd expect it to say vehicle even if it's not sure what type of vehicle.
Pretty much the same way as a two year old human will classify all construction vehicles as "digger".