Sometimes Life offers you two equally appealing choices. Both on Thursday June 12.

On the one hand, at 6.30pm the crew (of which I am a member) is presenting in Sample Studios' auditorium a John Henry Donovan talk about the Designer-Developer relationship. you see, the line between the Web Designer and Web Developer has become slightly blurred over the last few years with both roles having to take on extra skills to keep up (dang you HTML5). But has this led to contention in the ranks?  More news following the talk which also includes talks on Angular Classy and the IBM BlueMix project.

Meanwhile downriver in the Clarion Hotel the ISACA is presenting Emerging Trends in IT security which presents insights on the ever-changing threat analysis scene. Interesting stuff, and I would really like to see if my droid aps can alert me to the pwonpads and other attacks almost guaranteed to be going through the hotel wi-fi.

Not that I'd be doing any of these…
Decisions and indeed decisions.?

18 Dec 2012

About Instagram

Author: will | Filed under: creativity, data, data retention, identity theft, kerfulle, photo

If you are going to sell my pictures without me getting a cut and not call it piracy… Bye.

Google + introduced games (possibly to compete with Facebook games and apps) and they messed up.

Trust is not something you give freely and still expect to survive. I hate it when it appears that my trust in someone or something is being abused. That potential abuse is abundant in Facebook games.

watching robot

Harsh, I know, but when you give your trust to any Facebook app, including games, you are granting them permissions to pull in your details, write to your wall, hover up your friends list and so on. While Facebook application developers can limit what they have access to, you can create a fully evil application that copies everything from your Facebook account, including private information.

I’m being particularly harsh on Facebook at the moment as I discovered that their Facebook app for Android did not take the contact details my friends on Facebook had publically posted (or granted to their friends) and copy them to my handset, but it copied my entire mobile phone contact list off my handset and uploaded them to Facebook. I never put my phone number in Facebook, and it copied it from my phone and made it public.  The iPhone version does something similar.

Google + rolled out their games… their attempt at competing with the highly popular Facebook games. And they did some things right.

Firstly, if someone plays  game, their “achievements” don’t appear in your main stream of news, but they appear only in a separate games notification page. This page only shows up if yo want to play a game.

This is useful purely because it stops the people in your circles, who don’t play the games, being annoyed by your updates. I for one block games notifications when they crop up in Facebook, after all, since I don’t trust the Facebook games I’m not about to play them.

However when I start to play any of the Google + games I get a pop-up window asking for permissions.

  • View basic information about your account
    • View your name, public profile URL and photo. View your gender and date of birth. View your country, language and time zone.
  • View a list of people from your circles, ordered based on your interactions with them across Google
    • View a list of people from your circles that you may want to engage with
    • The list is ordered based on your interactions with these people across Google
    • View public profile information for these people

Some of the games also want your e-mail address. That’s a lot of information just to try out a game!

I have issues with this list. Social gaming is sometimes akin to nagware. Nagware was a nickname for free software that kept displaying a message, or advert, before you could play unless you paid for the game (and entered a “stop nagging” code). The difference is that, for many games, you nag your friends with how well you are doing. Sorry, that might be “friends” if you nag them too much.

I can understand a game wanting my name, Google + public profile URL and photo. This stuff is public, and there are probably access reasons they want it for. I can forgive it asking for my gender as its part of the public suite too. My date of birth should only be an issue if I am playing “adult” games, games related to controlled substances (I’m talking about legal drinking age) and gambling. Given the legal limits are different in each country they’ll need the country too. For localization reasons they may want my language preference (if over 50% of the players speak German, do the German version first).

I can’t figure out why they want my time zone.

Actually the “basic information about your account” details aren’t that worrysome.

I object to them wanting to harvest my friends at the start!

Wouldn’t a better option be, ask about me, and only me. Be able to add custom information to the permissions notice. The android apps allow this, and knowing “why” something wants access makes it more acceptable. (Of course they might lie *cough* Facebook sucking my phone book out of my phone *cough*).

Let me try the game. And if I want to get past a certain level, I have the option of leaving or sharing. Its sort of similar to the way arcade games work on Xbox Live. You download a trial and you can only get to the first (or another arbitrary) level. If you want to go further you have to buy the game. Also, only people who have bought the game can share their high scores. I’m sure the download statistics (and maybe some profile information) is shared with the games developers. Something like numbers of bought without trailing, trial downloads and purchases after the trial along with basic demographics.I suspect they also get level information, as in what point you stopped playing the game.

In this case, they get some of my information (some, just the public stuff, if there isn’t a reason for an age limit then they don’t need to know where I am and my age. They may have a good reason to know my language so I’ll grant that one) and is I want to play past the first level / screen / puzzle then I have to grant more permissions.

By then they have earned a bit more of my trust. And lost some of my animosity.

This is a Loose Bloggers Consortium post on the theme of “Animosity”; chosen by Padmini. To find out that the others in the consortium think, check out, Anu, Ashok, Conrad, Delirious, gaelikaa, Grannymar, Magpie 11, Noor, Padmini, Ramana, Rohit, The Silver Fox Whispers, The Student Diaries and joining us this week for the very first time are Nema, Paul & Plain Joe.

I was glad to see Alannah re-started blogging, but to took me seconds to realise that it wasn’t her; she wouldn’t blog about premiership football. Now that the New Year is comfortable over, I have a resolution I’d like you to consider; update your blog at least once this year, even if its just to say “I’m closing this down”.

And now, the long-winded meat of this post.

I am subscribed to over 900 blogs in Google reader. That is a seriously silly amount of information flowing in to my brain. Or at least it would be if they were 900 actively updated blogs.The sad truth is that for a lot of reasons, blogs die. Sometimes its because life gets in the way of a keyboard. Sometimes its because a death stops typing. Sometimes its because the blog was tied to a company position and the blogger has moved to keyboards new.

A silent blog gathers no feed. Or rather, its feed sits in silence. Polls are ignored and it takes up very little attention.

But recently three things happened which makes me question that.

First was the apparent hacking of Tom Raftery’s blog feed. Or rather the feed in Google reader. It appeared as if his blog’s output was replaced by a very spammy list of products. A few hundred a day. I confirmed that he knew about it, but I didn’t want the firehose of, well, DVDs in stock so I un-subscribed while he was trying to figure out its source.

I’m not too sure if the problem was at his servers now, but let me go on.

The next feed to suddenly spring to life was the life of the knitter Alannah of “Over a Cup of Tea”. But her feed was full of the minutia of the UK Premiership Football League. This wasn’t a spam stream of products, it was a stream of valuable (to the fantasy football players I know) information. It was tied to a site called “Over a Cup of Tea”, but that wasn’t the girl I was following. So I unsubscribed.

Then, since many things happen in threes, a third blog sprung to life. This time the technology blog “Its a Feature, not a bug” was replaced by details of a Japanese dance school.Yet another dead blog sprung to life in someone else’s hands, or in this case, shoes.

So what happened.

I have two possible answers, and both lie in Google Reader feeds.

Sometimes Google creates a feed for the blog, this usually turns up if I try to share a link from my phone. The format is something like followed by a id string for the page. However, some names occur more often than others. If you don’t blog for a while, I suspect that the name get re-cycled to another blog of the same name.

The other possibility is that, while I wasn’t looking, the blog shut down. The domain expired and was reassigned, and a new blog started up in its place. Google then saw “” with a new feed and assumed that it was a continuation of the previous one, and reassigned it the old feeds it had in place.

Either of them is interesting. Just think, how often do blogs and domain expire? And if a once popular blog goes dark, and then off, if you get that old name or domain, would you suddenly find yourself with an automatic audience (and they aren’t interested).

Personally, I don’t clear out old silent feeds because, since they are silent, they don’t show up. It would take me quite a while before I noticed that someone was silent, unless their quarterly blog posts always began with “must blog more”.

Which is something I need to do more of.

take care… with the feeding of you blog,

8 Sep 2009

Touching the past

Author: will | Filed under: 2009, change, changes, identity theft, personal information

When my grandmother died the family decided to sell her house. At the back of a wardrobe they found an old photograph slowly fading away. The photo was scanned and restored and copies, both electronic and physical were handed around the family. That photo was a family portrait taken in 1910. Thanks to the release of the 1911 census data I am currently looking at the signature of my great-grandmother and the rest of the family in that shot.

1910 photograph

By the way, we have no record as to who took the photo almost 100 years ago.
Well almost. My great-grandfather died between the taking of the photo and the census, however it is my great-grandmother who is the head of the household and not her brother-in-law who is also in the house.

Staring at her signature suddenly made that photo come to life. You see, with the exception of the baby on her knee (my grandfather) I never met the people in the photo, however I can see element of her in my aunts and cousins. Seeing how the family changed. How they lived after that photo made this old image come to life.

A similar reaction happened when I tracked down the other side of the family. Something my father must have done, and some day I’ll figure out where he put his archives of the Knott family back to the 12th Century. Seeing proof of life of my own bloodline means I’m seeing elements of my history I never thought of.

Having said that, while the documents make my past more real, I know my history. I knew that my mum’s side were blacksmiths (the long disused forge was later converted to a kitchen, and I used to play with the inbuilt bellows) and I knew that dad’s side were farmers. However both houses have changed in the course of my lifetime. One renovated (twice, the forge is now the living room of the new owners home) and one destroyed. For the next generation, this will be the main record of the family past.

The families were very different. One one side was a widow shortly after 11 years of marriage, working as a seamstress raising the three surviving children of the seven who survived childbirth (no record of those stillborn) while the Knott’s raised nine of nine born alive and after 33 years of marriage were in the house with two adult sons (interestingly listed as being “domestics”, a category presumed for females). Yet despite their differences, the cursive style of writing are amazingly similar. That and the fact that every over the age of four was listed as being able to read and write.

You know the swooping style of the Coca-Cola logo or the Arthur Guinness signature? Well those swoops are there for every capital letter. The expansive swirls of the lead in and lead out “W” of Will and widow. The two families were many miles apart, but the learned writing style is nearly the same throughout the country. Redmum has reproduced her ancestor’s census form and you can see the writing style there. I’m not reproducing mine. I’m keeping some
secrets. After all a census search for “William Knott” shows quite a few results spread through the country. But even checking out the neighbours show fingerprints of a writing style which died out a long time ago here.

I would put money on the guess that I’m related, somehow, to all of them.

Something else of interest is that neither side admitted to being able to speak Irish. Was it a political thing then?

“Was given chocolate. That’s a far better freebie than bloomin’ memory sticks!” — Jemima Kiss via Twitter.

College Green, DublinImage via Wikipedia

By now everyone has heard the old story about people giving up their passwords for chocolate. Although Bruce Schneier has pointed out that he would gladly give a fake password for chocolate. Which is a little better than loosing a lot of information about your customers. Yes I’m typing about Bank Of Ireland.

This is an interesting problem for the Bank. In 2006 Bank Of Ireland agreed to refund phishing losses suffered by customers of their internet banking service. And later updated their terms of service to include

13 Indemnity

13.2 Without prejudice to the generality of Clause 13.1 above, the Bank shall have no liability whatsoever in respect of any loss suffered by the Customer as a result of their breach of Clause 4 [jm: Security/Authentication] by way of knowingly, negligently or recklessly disclosing the Security Devices or any of them.

— via Justin Mason.

Richard Burrows, Governor of the Bank of Ireland, has declared on a news report that

  1. monies lost will be refunded and that
  2. the laptops were secured with a password.

However I reply

  1. What hoops do victims of this loss have to jump through? After all some of the stolen information was not from BOI customers, but also those who had approached the bank for a life assurance quote. Besides, the usual procedure is to create a new account somewhere or getting credit cards in their identity, not touching the victims bank accounts directly, but ruining their credit rating in the process.
  2. This concerns data not the laptops. Its possible that the OS requires a password to be provided, however it is quite easy to remove a hard disk and attach it to a separate machine. Completely by-passing any password requirements of the OS. Either encrypting the customer data on the disk (as happened in the IBTS incident) or making the entire disk an encrypted file. The data was unencrypted.

The information on the four BOI laptops contained the names, addresses, financial details and some medial records of its life assurance customers. Gosh that is a goldmine of information for identity thieves, phishing operators and even the odd blackmailer (if the medical information reveals things). I’ve written about this before, and I don’t think things have gotten any better.

And it happened some time ago.

Bank of Ireland said the four laptops disappeared between June and October 2007 and contained the names, addresses, bank account details and medical histories of about 10,000 holders of the bank’s life insurance policies. Ireland’s second-largest bank made the admission after the chief regulator, Data Protection Commissioner Billy Hawkes, told Irish broadcasters RTE he had been informed of the lost customers’ data only last Friday.

via IHT

It’s the silence that is slightly worrying. The Irish Banking Federation hasn’t said anything. True that these were probably €900 laptops. But the information on them do open up the bank for potentially billions of damages; not that, given the statement by the Data Protection Commissioner, such punishment is likely to happen.

Now I’m hearing rumours that the banks are now encrypting customer data, but do you trust a bank with your data that can’t even link correctly to the page with the information about the incident on their own site? Hopefully someone will notice that correct things sooner than they noticed that the missing customer data might be important.

take care of your data,

UPDATE – April 28 2008
Number affected by BoI laptop thefts trebles – “The technical investigation has identified that details relating to 31,500 policies, policy applications and a small number of mortgage customers were contained on the stolen laptops.” So the numbers are worse that previously announced, and the fact that not all of those at risk are customers of the BOI. If the Data Commissioner can’t deliver punishment via a 4×2 then his remit should be altered.

Death comes to us all. And from a legal perspective, death doesn’t stop data. Data is property. Digital photographs are the same as physical photographs from an ownership perspective.

However, the law and reality split.

Getting your hands on your data

Lets assume that Aunt Bessie has died. What now… well as her only heir you get everything.
All her encrypted files. All her data accounts. All her data is yours, but you can’t get to it.

Unless Bessie provided something for you…

As Ellybabes pointed out in her Death and Divorce in the Digital World presentation, unless you leave someone the password, they are going to stay locked out.

There is a method… as was pointed out in the ‘Security Now!’ podcast (episode 72):

Today, while alive, I don’t want to give my sensitive stuff or passwords to anyone, including my wife. But when I eventually die or become very ill, I need to make sure that my family has access.
But I know my wife wouldn’t be able to figure it out to save her life. If I have TrueCrypted all of my data, have complex unguessable password schemes and so forth, how do I unwind all of that for the benefit of other people I care about in my life?

So what you could do would be give to your attorney who has your will, or in a safety deposit box, something where access will be granted in the event of something bad happening to you without your taking any action.
Here’s what I’m thinking is that you separate the information out. So one of the things TrueCrypt lets you do is have an image file and a password. You need both; right? Maybe give the attorney the password, maybe even put it in your will, and store the image file in a safety deposit box. Separate the two, to be opened on your death or whatever.

But if you change your password regularly… then the copy with the attorney is probably out of date.
You could always try to break in to the machine, or maybe you don’t need to, after all, if the hard drive is not encrypted, you just need to put it in another machine. Right?

What if the machine isn’t local. What if the data is on a remote server. Do you need to go get a wig and break in somewhere.

Well, if you want to keep the data, the answer might be yet.

No right of survivorship

Under the terms of service of Yahoo, which includes the photograph sharing service Flickr,

(section 27 Paragraph 4)No Right of Survivorship and Non-Transferability. You agree that your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.

Or if you prove that she’s dead, you loose access to all her stuff permanently.

For the record, a spokesperson detailed how their system works…

Flickr works with the Yahoo! Legal Compliance team to resolve these types of situations. You’ll need to send them a copy of the death certificate in order to have the Flickr
account closed. Please include their Yahoo! ID as well as their Flickr screen name for removal of the Flickr account. Compliance can be reached [via telephone and fax].

After a death certificate is received we are not able to
give access to the account but we can close it.

Memorial State

Sites like Facebook are a little more accommodating. According to a Facebook spokesperson

When it comes to our attention that a user has passed away, put the profile in a Memorial State. In the Memorial State, certain profile sections and features are hidden from view to protect the privacy of the departed. We encourage users to utilize groups and group discussions to mourn and remember the deceased.

I don’t know what “Memorial State” means, but it does mean that the data is retained.

Not everywhere has such a formal response… I contacted the Irish based life data and the photo and social network

When I posed the question to Marcus MacInnes of he replied…

We do not have a specific policy dealing with the death of one of our users. Our policy on account access however is as follows:
We provide access to a user’s account only under one of the following conditions:
1.via our automated password recovery method;
2. if instructed to do so by a user’s legal personal representative (which may be the user themselves);
3. if we are required to do so by law.

In the event that the owner of an account dies, upon request, we would be obliged to surrender that account to the user’s legal personal representative (usually the executor of their will). The legal representative would then act in accordance with the wishes of the deceased and may for instance request deletion of the account.

And Joe Drumgoole of explained that

we haven’t put the legal framework in place yet. Our intention is that all content gets assigned to the probate or estate and the executor gets to do his stuff. In situations where no estate exists or legal structures don’t support it we will allow appropriate next of kin (spouse, children, siblings, parents etc.) with supporting documentation to take over the account. We will support an alternate contact to allow somebody else to recover the account but we depend on the user to keep this up to date.

Its definitely a tricky area and something we will be coming across more and more in the future.

Messages from beyond

Another complicating factor is that with more and more of s spending our lives on line. Frequently out virtual network of friends and “friends” are the only ones that the next of kin cannot contact, because all this data exists on remote servers. Do you have a local or hard copy of all your friends contact e-mail addresses or IM names? (Actually do you have a list of all your accounts?)

If you got access to Aunt Bessie’s social network account, should “she” be the one sending the funeral notice. Is parking the account in a “Memorial State” the answer? Marcus MacInnes of explained

[the] moral issue which until your question, we had not fully considered. How would friends react to receiving an on-line message from someone whom they knew had recently died. We cannot assume that the custodian of the account would act in any given manner and it is not clear whether or not we have a moral responsibility to provide reasonable protection to our users from receiving messages via our platform which are likely to cause distress. An example of this may be when a custodian acts irresponsibly, either intentionally or unintentionally.

Because of my questions, their policies are being reviewed.

I would have loved to include details of the policies of other vendors, but only the above companies contacted my in time. If I get any more details I’ll include them in the comments.

Take care,
William Knott

With kind thanks to John Looney of Google (for the tech and social angles) and Simon McGarr of (for the legal questions and answers) and for all the people quoted above for providing their perspectives.

tags : , , , legal, , , , , , , , , , , , , , , ,

I have the nasty feeling that I have more questions than answers but here goes…

The old days

Before technology, life in the office was simple. You have documents, and you filed them away. They were big, bulky and paper based (once stone, velum and papyrus had their days). Sometimes documents got lost (down the back of the filing cabinet), sometimes documents were destroyed (blessed be the shredder despite projects to restore shredded documents using software). Rarely did physical documents end up in the hands of the wrong person (but it happened). The came easy duplication. And then came electronic records.

Electronic records, or data to give it an even more generic name, are everywhere. Data can be automatically collected and stored. When I first raised “data loss” I simply assumed I would stay on simple technical grounds such “hard disk crash” or indeed loosing the financial data of 25 million people in the post. Some of the issues are technical, some and legal, but all are social.

Never enough

Disk drives get larger to cope with the torrent of data. Much in the same way that “you can never be too rich” it’s true that “you can never have too much disk space”. However… As data volume grows, our ability to weed out the what from the chaff declines. It’s easy to say ‘never throw out anything, in case it’s needed’. It also lets you avoid the boring (and possibly compromising) task of deleting data you don’t need. However, then your operational budget bloats – it costs as much to look after useless data as expensive data. If it goes on long enough, you can’t do anything about it; it’s possible you won’t never remember what most of it is.

This is where one part of the legal framework stands. If you are, say, automatically collecting all the web sites that a certain IP address connects to, how long should you hang on to it? How long is it legally useful for? And worth keeping for? ( Digital Right Ireland have a few things to say on this.) There is also a technical problem… If an Internet access node is unsecured, is the owner of the node liable for something posted using it? At the moment, yes, but that is because it hasn’t been tested in an Irish Court

Sealed with a click

Another part of this is content. Google have an archive of a precursor to the web, called Usenet on archive. This is data. Public data? Well everything was considered public a the time. So this archive is publicly available.

But what about you diary? Not your blog, but your diary. Currently you have automatic copyright protection on everything you write. The contents of your diary become public domain 75 years after your death. Does the same apply to your e-mail? Private musings are supposed to become public domain after a time. If you turn out to be a famous person (at the time of your death) someone will hang on to every scrap of paper in the hopes that it will be worth something.
However every e-mail you write is technically protected under copyright, and replying or worse, forwarding an e-mail is technically in breach of a dozen copyright laws. When should your e-mail become public domain? If that data is on your hard drive, there is some hope that it will be forgotten about, but as a Microsoft anti-trust cases showed, e-mail has a habit of copying itself in other places than your drive. After all, there are the recipients, and all the server between (and a few that shouldn’t have gotten it in the first place).
When should this mail become public domain? 75 years after your and every contributor’s death? Something like that is impractical. 100 years after the message is sent? 50 years? And what if the message contains still confidential information (like the secret recipe for Snickerdoodles & Chocodoodles)?

Silly idea? Old medical records do go “public”, but these are usually stored in archives of interest to few (usually medical students and researchers who would be qualified to have access to the information in the first place).
“Would it be morally right to give public access to email & messaging accounts 100 years after they were last accessed ? How interested would the historians of the future be in a copy of from 2005 ? Or the contents of the mailbox of a famous serial killer 50 years after they died ? I don’t think we have the option of letting that sort of data lapse. It will be the clearest echo of society’s global digital consciousness.”

This is the first time that the general public have had their personal messages (not just) information stored. Should I be retailed for your grandchildren (but hidden from your prospective employer)? When should an e-mail be considered an orphaned work?

Backing away

Along with the problem of how long data should be retained, lets look at the actual retention problem. If you ‘never throw out anything, in case it’s needed’, you have an increased storage problem. I hear the call of “backups”?

“As data volumes grow, you either have to put all your eggs in one basket, or have multiple baskets. From experience, it’s so tempting to try consolidate your data in one place, to reduce admin overhead. Hopefully that one system won’t have a buggy motherboard that’s silently corrupting everything it writes. And it’s really painful if someone accidentally deletes a few petabytes of data – copying from backups takes ages, for a start.”
Or “bugs in archival software (“Yup, that’s archived. Oh, wait. isn’t. The machine had a bad disk, software crashed, and reported ‘everything OK’ when it restarted…”) and freaky network instability (guys doing rewiring, restarting cluster routers and maybe some dodgy cables) resulting in more than one machine reporting as being the ‘one true repository’ for a certain type of data.”

So the backups might be a problem….

But let’s assume that the backups are valid. Then you have 2 format problems.
We don’t have the hardware which can read the tapes anymore.
This actually happened to me professionally. I remembered when the archives were made, and indeed the data was found. Documented in place A where where the off-site storage utility had the backups. However, the tape drives had been scrapped years before.
And those of you that remember the Domesday project know tha the BBC fell in to a similar problem.

But let’s assume that the anarchic backup archive tape could get it’s contents loaded on to a system you can use… can you read the data format?

Earlier this year, Microsoft released a service pack which purposefully disabled older file formats. So your carefully restored data might be unreadable to the world, and worse, yourself. In a business case, the original specifications (or recipe) might be needed. Or your great grandfather’s proposal on an on-line forum to the woman you’ve come to know as your great grand aunt.

Is there a “fix” for this? Well making the older formats fall in to the public domain would help. After all, if you’re not using them…

So who deserves the credit, and who deserves the blame

So the disk has crashed, who do you sue? It should be simple, but it ain’t. Much like a delayed or canceled air flight is not the cause of refunds if the cause of the problem is beyond the control of the airline, there are ways a disk can go. Legally.

Usually a hard disk will crash in infancy (within a day or two of starting life), meaning little if anything has been lost and it’s under warranty of the manufacturer. Or the disk will die was it approaches the end of it’s predicted life (well after warranty). The fact that the computer is usually obsolete long before you take it out of the box isn’t something to be considered.

And while I’m sure that back-up software and hardware has warranties, the legal click through probably covers some lost data. But since the cost a new hard disk is usually less than the lost of the backup measures… home backing up is rare.

In a corporate setting, the party that looses the data should be held liable, but I don’t know of any cases in Irish law on data crashes. Data gong missing however…

it’s a steal, it’s a loss

Credit card data gets stolen. It’s an identifiable crime. Who (other than the criminals) is liable?
Well was a reasonable attempt made to protect the data? If so, was it reasonable enough? Can you sue for loss of data? (and given the ability to reconstruct shredded credit card bills (cited at the start) are you the cause of the data breach?)

Apparently no. If data is lost (in the post) or stolen, there is no case until the data is used and a victim can be shown to have damages (or have lost money) from the act. If personal data goes missing, is there a lawsuit? Liable or slander is not applicable since the data suggests if not proves that the information about the victim is true. There are privacy charges, but currently there is no privacy law in Ireland. Direct financial damages are possible, but the cost of the case is usually more than the loss? And there is the time it takes…

In the case of the recent UK financial data loss a lot of the data is personal data pertaining to minors. In fact everything needed for identity theft for then the minor becomes an adult. So someone sitting on the data would wait 10 to 18 years to strike. Is there a statute of limitations (or similar) for data theft? Or in this case, identity stolen almost a generation ago?

Well, I have asked more questions than I’ve answered…

Anyone able to answer some of these too?

Take care,
William Knott

With kind thanks to John Looney of Google (for the tech and social angles) and Simon McGarr of (for the legal questions and answers)

tags : , , , , , , , , , , , , , ,

I’m coming a little late to this party so excuse the recap.

First off, what on earth was 10cc thinking when they wrote that title of the post in 1976.

The time line seems to be as follows…
On June 1 2007….
Irish A list blogger and all round rights guy Damien Mulley went to the reboot 9.0 conference in Copenhagen, Denmark. On his return, the company handling the luggage for Cork Sky Handling Partners Ltd, formerly known as “City Jet Handling”, lost his luggage.

Mulley being Mulley complained (with extra crunchy profanity).

And so it seemed to be over.

On June 20 2007…
Around lunchtime (and quoting starts here) he …”started getting email confirmations from dating sites, including gay ones saying [his] account for their site has now been created. Seems someone was creating profiles saying [he] was looking to meet men and had rather interesting profile descriptions. One of the emails disclosed the IP address where the person submitted the details from:

inetnum: –
descr: City Jet Handling Dublin.

City Jet Handling is the former name of Sky Handling Partners. ”

IP spoofing not withstanding, it seems a little dumb to not cover your tracks.

Damien gives a fuller description on this post, which may have to be pulled because Handling Partners Ltd’s lawyers have served him with a take down notice.

If this was an attempt to harass Mulley, it’s backfired a bit. This news has spread out so much that a Google searchshows lots of details on the incident, from the humorous, to the business, including the telecoms business, the media to the legal. The other reason it might not work is that you don’t silence an openly gay man by adding his profile to a gay dating site.

It’s going to be interesting.

take care,

tags : , , , , , , , , , , , , , , ,