Police Requests for New Internet Powers Could Cost You Big

19-Nov-16 07:29 pm EDT Leave a comment

datalegislation

C

anada’s CBC (a leading media and news organization in the country) promoted a story this past week concerning a very public request to the senior politicians for greater investigative powers.  This was followed by a poll that showed a degree of support for the police requests – seemingly predicated on a desire to curb child pornography among other crimes.  While civil libertarians and technology professionals raised the alarm on hearing this request, there was only limited consideration given to the cost of granting powers of this sort to police – tied largely to the cost of potentially onerous data warehousing by ISPs.  (As a footnote here, I want to cite the case of the UK which, this past week, saw Parliament enact legislation that would be largely in-line with the kinds of legislative change the RCMP would like to see enacted here in Canada.)

“Two parliamentary committees examined this issue.  Then there was the unanimous Supreme Court [of Canada] decision.  What part of ‘unconstitutional’ doesn’t [RCMP] Commissioner Paulson understand?”

Michael Harris, iPolitics.ca, November 25, 2016

Privacy and Internet Commerce

C

anadians (and people generally) can still be very reluctant to share their personal information online.  A recent website delivered by The AppRefactory — the Edgewater Tenants’ Community Website — has been off to something of a slow start with the administration fielding questions about why an end-user’s address is needed as part of the signup process.  This is done with the awareness and limited support from the property management company that acts as the landlord which has data about every tenant’s address, yet that same information is not so readily volunteered when it takes digital form.  The information in this case is used to simply verify that an end-user signup request is for a tenant as opposed to some random user from the Internet; in order to ensure that any information a tenant elects to access or share on the site is kept within the tenant community only.  As such it is a measure intended to protect tenant privacy, but there can still be reluctance about sharing it.

This is just an example of how users have adapted over the years to safeguard their privacy.  Yet now the police want measures taken by Internet Service Providers (ISPs) to circumvent privacy to such a degree that they will never again be aware of who exactly has access to their information.  (We saw in another article posted this past week how police could access computer records without appropriate authorization or authority.)  And should police officers once again demonstrate how human they can be and make a mistake, suddenly the information they’ve been entrusted with is available to parties unknown.

Such cases, once known to the public (as they will tend to be, thanks to our free press), could easily put end-users further on the defensive about their information.  And, despite poll results suggesting some support for increased police powers, there remains the likelihood the average person in Canada (which, historically, tends to be a person that trusts police authority) hasn’t thought the issue through very thoroughly and certainly not technically.  The regime Canadians will be confronted with, whatever their decision about the powers police should have online, could easily be one business is less well-able to thrive in and would find it harder to operate in without being less able to solicit end-user consent and confidence meaningfully.

And they wouldn’t know it until it really was too late.

New Powers Add Onerous Burdens on All Business (Not Just ISPs)

T

he legislation in the UK does not specifically distinguish nor give license to ISPs to operate or grant any special legal distinction to them apart from providers of Internet-facing services generally.  As such it would seem to stand as a matter of law that anyone providing Internet-facing services could be compelled to maintain logs concerning end-user activity.  From a technical perspective, the law wouldn’t be all that meaningful if it couldn’t extend, for example, to providers of Virtual Private Network (VPN) services which are frequently used to both secure corporate communications online as well as anonymize network access to  BitTorrent media sharing sites or “Deep Web” network traffic.

msazurelogoSo the law must apply to businesses using the Internet equally (or at least be seen to apply as such).  And how will the small business be impacted when they’re suddenly required to maintain a database documenting (as the RCMP want) up to two years of end-user activity?  One approach we could use would be to use Microsoft Azure’s service calculator to take a service that uses a very modest 5GB of data monthly to track data transfer activity for a service, numbering just 10,000 transactions.  Without any service connections, charging just for the storage of table-based data only, we get an added cost of $409.00 per month, including a $364.00 Standard Support feature on local redundancy only.  (Nothing could immediately be found on legislative requirements for backing up this data, but a vendor support feature seemed logical to imagine in this scenario.)  That’s a not-so-inconsiderable $4,900 per year and is getting pricey for the average small business.

Now if you run a big business, things get interesting: scaled up to 5TB of data and 1 million transactions, the costs at the same level of support (with local redundancy only) balloon out to $5,223.68 per month or a whopping $62,684.16 per year.

These costs are certainly something to consider when it comes to determining who is paying for all this extra monitoring.  One thing is clear, it won’t be coming out of the RCMP’s budget!

And although this is the costs according to one vendor, it is an industry leader in a space oft-credited with reducing the costs associated with maintaining large warehouses of data (a main selling point behind “the cloud” movement).  One shudders to think how much more onerous these costs could become if one is required by law to maintain hardware and software of their own, in a facility that is solely under their own control.

Final Analysis: Restrain Police Powers Online

W

ith passage of the UK legislation this past week, the Government of Canada may be best-advised to stay the course for now and weigh its options again at a later date if it chooses.  While I suspect both in the wake of Brexit and their now police powers law (called the “Investigatory Powers Bill”) will lead the UK (and England in particular) into a self-made socio-economic crisis, there remains the question as to what exactly the impact of their measures will have.  The opportunity here isn’t to regulate early and hopefully stop child sexual abuse — a cause I’m very sympathetic to and have even had occasion to assist police with.  Rather, it’s to gain the wisdom about whether the impacts of these measures will simply drive it further underground or make a meaningful difference (as opposed to being an issue cited simply as a political red herring to grant powers that will be used for other purposes).  To discover whether the economic impact is too burdensome.  And to learn comprehensively if there will be the promised ‘greater good’ worthy of the limits a free and democratic society — a just society — places on itself and its citizens.

Post-Modern Electioneering: Back to the Future

09-Feb-17 08:11 am EDT Leave a comment
Robyn Urback | Columnist

Robyn Urback Columnist

Written in response to CBC News: “Millennials finally fall out of love with Justin Trudeau after he abandons electoral reform: Opinion by Robyn Urback

A

s a member of the vaunted (yes and cynical) Generation-X, I’ve got to just roll my eyes once more….. Millennials are doing precisely what the generations before have done as youth – not voted as a block….at least – not for long.

But if there is really a block here to be won (and – let’s be clear – there isn’t), it would be easy to take yesteryear successes and use ’em again. We need more IT staffers (like me!) to explore service industries like software development or network engineering. And offering a bit of money for vocational training here (alongside some success stories) would really go a long way toward making up for lost ground on the FPP voting fiasco. Trudeau, God bless him, should’ve known better than to try saying “well we tried, but you know in government – you can’t always do what you thought you could before being elected” routine. Even if you believe it, it’s kind of a crappy reason to go back to the public with.

The real worry I have isn’t the loss of some fictionalized Millennial solidarity. It’s the potential for cross-demographic populism and fascism to take hold in this country! And while O’Leary isn’t Trump, maybe the best we can hope for it the short term is that fascism will pass us by and that Trudeau’s over-promise, under-deliver showing so far somehow reverses itself the more experience he gets as our Prime Minister.

I’m about the same age as he is – but it’s obvious to me while he might be better at leading the country than I’d be….his father he is not. And there is plenty for him to learn yet!

Doomsday Clock: It is now 2 minutes before midnight!

30-Jan-17 07:30 am EDT Leave a comment
B

efore I had entered high school (back in the late 1970’s), I can remember the periodic ominous warnings of the world’s “Doomsday Clock” scientific group.  And I was greatly relieved (as I’m sure we all were) when the pressures of a looming nuclear apocalypse seemed to disappear with the collapse of communism in what is now called “The Russian Federation”.  We got all the way back to 15 minutes before midnight (or just about) and then with the rise of terrorism it started to creep back toward midnight again.

So now it almost seems shocking to hear the clock is nearly as close as it’s ever been to midnight (surpassed only by periods of extreme political tension when nuclear war between Russia and the U.S. seemed an ever-present threat)!  Last week’s article on the subject is worth a read as is taking a moment for each of us to reflect on what we can do to save our planet.  At the moment, things are looking especially apocalyptic again — climate change, the rise of fascism, threats of war on multiple fronts (as was pointed out over the weekend by the last President of the USSR, Mikhail Gorbachev)…we need to stop allowing apathy and mediocre leadership to drive us all over a cliff.

 

 

 

Yelp E-Mails Rooking in Small Business!

18-Dec-16 10:47 am EDT Leave a comment
O

perating as a small business owner, on a couple of occasions in the past I’ve encountered people that are something less than honest.  This is not the norm by any means — and yet one realizes early on to keep a wary eye for those few wolves who fashion themselves guardians of the hen house, so to speak….

yelp

A bit of research can be an eye-opener too, which is why I’m kind of kicking myself for not seeing these folks coming from a mile off: Yelp.com

 

 

I recently received a $300 advertising coupon, alike the sort I’ve received from advertisers like Google.com in the mail.  You enter a coupon code somewhere and get to try out the service.  I took advantage of such an offer from Yelp in late October of this year — only to start getting transactions mysteriously showing up on my credit card earlier this month, contrary to expectations.

I had taken advantage of the coupon at the time, which did not explicitly advertise there would be debits automatically starting once the $300 had been used up.  Nor was I able to readily determine at any point how much of the credit was used.

Finally, when a December bill appeared, I immediately contacted Yelp to cancel any advertising services that might have been procured.  I was concerned that it wasn’t generating any business for me and that they were keeping records of user credit card numbers (a practice with which I have issues for both reasons of personal security and privacy).

Contact with Staff was Terse and Unhelpful

The amount of the bill wasn’t too substantial – less than $100 in Canadian funds.  However, despite taking this as an opportunity to build a positive customer experience, they responded to my concerns as “threatening” them (when I mentioned I would be describing my interactions with customer service here on my blog) and trying to get out of paying the bill, stopping short of calling me a thief outright.  This attitude was evident despite my attempts to voice my concerns to two different parties by phone – the only emails I could receive from them seemed to be automated messages aimed at billing.

After encountering two highly confrontational staff I thought it incumbent to characterize my experience as objectively as I could for the benefit of others seeking a review of the Yelp service.

 Doesn’t Follow its Own Advice on Handling Complaints

Yelp’s own advice on the subject of end-user reviews is as follows¹:

Either way, when responding to reviews it is important to have good practices established to make sure your organization and your [customer]’s privacy are protected. In both scenarios, the goal should be to take the conversation offline and to a private channel.

It’s my considered opinion Yelp did not follow it’s own advice in my particular case, nor does it do so when it comes to the privacy of others; whether they are customers or simply users of its service(s):

  • retaining credit card information can be a license for the unscrupulous to simply debit amounts indefinitely regardless of customer intent; such as when a company doesn’t bother to take the spending intentions of customers into account and charges for services they don’t want; effectively taking a nickel-and-dime approach to earning profit rather than promoting & selling services on the strength of their own merit, and
  • allowing customer service staff to become confrontational with customers is both unnecessary and inexcusable.  Worse still, Yelp made virtually no effort to “take the conversation offline”, instead calling my intention to review my interactions with them a “threat” and insisting they’d continue with the charges.

It’s certainly accurate to say I can’t describe my own experience with Yelp as necessarily representative of those one would have with the company and it does appear many have had positive experiences with them.  However, I can equally accurately say that my experience was anything but positive from the perspective of a customer and there are many on Facebook and other alternate online sources who report difficulties as well.  I can also state with certainty that given my concerns, treated as they were, will result in my never considering business with them again in the future.

Epilogue

My experience also left me with the impression that Yelp is a company governed less by technology innovation and more by a very single-minded focus on earnings from its advertising business.  (Although it was not necessarily my intention at the outset to demand no-cost settlement of the bill they sent me, this became an issue when they declined to discuss my concerns in good faith.)  In the future, I’m likely to seek out Microsoft, Google or WordPress when considering online advertising.  Even should this prove to be more expensive, both companies seem to be paying a lot greater attention to their advertising clientele.

Follow-ups to this story may appear here, should any occur.

¹ See https://www.yelpblog.com/2016/12/experts-guide-patient-privacy-online-reviews near the subheading “Example 1” for source.

Project “ARTeRMis” Site Published

15-Nov-16 12:25 am EDT Leave a comment
spedgewaterico1024

Link to “Edgewater” Tenant Site Prototype

P

roperty Management Application(currently code-named Project “ARTeRMis”) moved a step closer to delivery of a much larger property management tool based on Microsoft SharePoint today with publication of one of the trial components: “Edgewater“. This component is simply an amalgamation of a number of different elements native to SharePoint, but hosted in the Office 365 environment and is setup to product test the suitability of them for inclusion in the TRM (Tenant Relationship Manager) application delivery going forward.

Artermis will ultimately be heavily dependent on Office 365, SharePoint and ASP.NET MVC when it ships; currently forecast for initial delivery sometime in 2017.

Facebook Move May Cause Greater Secrecy About Data (Ab)Use

08-Nov-16 04:04 pm EDT Leave a comment
D

ata use in violation of Facebook’s licensing agreement for developers has prompted the company to intervene to halt distribution of an insurance industry app that would have used end-user data (shared by consent) to track social media behaviour and qualify some for discounts on insurance rates.  Facebook claims it has a policy to prohibit such use — but the move raises questions around privacy and whether or not Facebook acted in its own interests; possibly masking a hidden intent to mentize similar apps later itself.  Regardless, one consequence is likely: nothing stops an app developer from not disclosing the true intent behind acquiring user data nor even offering a misleading or untrue rationale for data capture.  This could simply mean England’s “Admiral Insurance” is last case of this kind we hear about.

For more information, see the attached segment from Canada’s CBC News:

Terry Glavin

CHRONICLES

Techno Manor

Geek's Corner

VM.Blog.

an IT blog.. and an occasional rant

Yammer Site Status

Is Yammer down? Offline? Broken? Undergoing scheduled maintenance? When will it be back? Find out here.

jalalaj

A journey full of wonderful experiences

Azure and beyond

My thoughts on Microsoft Azure and cloud technologies

TechCrunch

Startup and Technology News

Ottawa Citizen

Ottawa Latest News, Breaking Headlines & Sports

National Post

Canadian News, World News and Breaking Headlines

Targeted individuals's

One Government to rule them all.

Joey Li's IT Zone

Everything about IT

jenyamatya

Unravelling the magik of code...

The Bike Escape

Adventures on a road bike

The Ross Report

Now you know where you need to know more...

Lights in the Dark

A journal of space exploration

ottawatraining.wordpress.com/

Using strength to improve and eliminate injuries.

The Ross Report

Now you know where you need to know more...

Little Girl's Mostly Linux Blog

Nothing to see here. Move along...

David Eedle

Geek, tech, programmer, business owner. Serial starter of things. Occasional finisher. Oh, and please don't call me Dave.

%d bloggers like this: