Gee… DPR on Profiling

This again about that pesky new legislation that just won’t go away not even before it will be legally-effectively enforced [as you know, the thing has been around already for a year and a half, but will only be enforceable, in pure theory, per upcoming May 25th but your mileage may (huh) vary greatly – when Risk = Impact x Chance [don’t get me started on the idiocy of that, as here of 2013, Dec 5th – Gift time!] the chance is Low of Low and Impact can be easily managed down, legally yes don’t FUD me that will be the truth, the whole and nothing but it. So it will be legally effective but not in any other sense let alone practically].

For those interested, there’s this piece on Profiling. That has, on p.16 last full para (‘systems‘ that audit ..!?), p.19 3rd para from the bottom “Controllers need to introduce robust measures to verify and ensure on an ongoing basis that data reused or obtained indirectly is accurate and up to date.“, p.30 in full and many other places, pointers towards … tadaaa,

Auditing AI

with here, AI as systems that process data – as close to ‘systems’ in the cybernetic sense as one may get even when needing the full-swing wormhole-distance turn of the universe consisting not of energy but of information to abstract from the difference between info and data.

Where I am developing that auditing of AI systems as a methodologically sound thing. And do invite you to join me, and bring forward your materials and ideas on how to go about that. Yes, I do have a clue already, just not the time yet to write it all up. Will do soon [contra Fermat’s marginal remark].

Oh and then there’s the tons of materials on how anyone (incl corporate persons) will have to be able to explain in no complex terms (i.e., addressing the average or even less clever) how your AI system works…

So, inviting you, and leaving you with:
[What corks are good for, well after having preserved good wine – decoration. Recycle raw materials, don’t re-use data! Ribeauville]

ennials Nuisance

Yeah, got it, something seems amiss.
That thing being X. As per here.
Only question now is: Why for Pete’s sake (that’s not a good answer) would anyone want to be binned into any category like that!?
As if you’re nothing if not reduced to the furthest bland’ed statistic ..? As if you have no life except for what you’re told to have to the broadest of consumerist-dunce craving marketeers ..?

I don’t know. If you seek utter stupidity to be poured over yourself, feel free to be an <whatever>ennial or so. To the sane (which might be the few): Run away!

Oh, and:
[Case(not -mate) in point; France]

One nation

Just a side, very far side, note on the whole celeb news going round: Where did the masses not see the One Nation Under Wood reference in that last word ..? And wasn’t the character perfectly portrayed by an actor that kept secret what the character kept secret too ..?
[At least, the double layer became apparent now that the actor showed the IRL part of it. Maybe not showed his part. Maybe not too pub(l)icly. Etc.]

Oh well I’ll leave it at that. And:
[For the completely zero reason: Torún]

Stop dads

When you read too much (ahead) into it…
By means of this court ruling. Where a father was forbidden to post pics of his (was it 2- or 3-yr old) son on Facebook or any other socmed platform, by request of the kid’s mom, since even when the father posted in quite tightly closed circles, Fubbuck has in its terms and conditions that it might use the pics for commercial purposes. Since the latter can not be ruled out and in the interest of protecting the child’s interests, the court ruled such, advising the dad to show the pics to friends op his home compu if he’d really want to.
[What need would the father have to do that? one can ask. Benign or perverted?]

From which we learn, if – very very big if – that indeed we should consider the need and purpose of posting on socmed in the first place. If it is content that one wants the world to see, it’s OK. If some part of that content, or the purpose of the post, would not be OK → get out. If the purpose of the post would be to show off (e.g., one’s cool-dadness – pityful! but see how the other 99.999% of posts anywhere are for that purpose and that alone…), really nothing may cure you (sic).

So now, what about this post …? And:
[Since it’s no longer the site banner: Rightfully and intentionally out in the open; Barça]

Culpably deaf

All that work for a private sector organisation who take (wrong) decisions based on false information – or, essentially, dismiss accurate, helpful information that would have steered to other decision alternative(s) – will be fired when the truth of the bad decision comes out.
Which would be helpful if applied to sectors where people’s money is so abjectly abused, too. E.g., like this one. Or this one (in English, some info here, and the whole idea of usefulness of having more and more data is debunked endlessly everywhere (you search)). Or this one, completely debunked here. The list is endless.

All of which points to a serious problem. The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt (Bertrand Russell) AND the stupid (to which, ‘immensely’) seem to be masters at picking the wrong advice. Once ‘immensely’ is indeed added, one recognises the ‘politician’. Playing the role of the Fool (not the Jester), unsurpassibly perfectly.

But how now can we get those stupidestest ideas go to die, sooner rather than later ..?

The fact that an opinion has been widely held is no evidence whatever that it is not utterly absurd; indeed in view of the silliness of the majority of mankind, a widespread belief is more likely to be foolish than sensible (BR again). That’s completely true; moreover, it’s Maverisk’s motto.

Oh, and:

[To defend the Truth; Châteauneuf not the -du-‘ish or so]

OM als tooltje

Wat ik me bij deze link nou afvraag:

  • Het genoemde risico van concurrentie-pesten / uitschakelen (het Internet vergeet niets, en daar kan heel de rijksoverheid of wie dan ook geheel niets aan doen) is levensgroot, ondanks de minieme en volledig transparante schaamlap van eigen beslissing die bij de betaaldiensten wordt gelegd – die zullen zich zeker (ontkenning diskwalificeert van handelingsbekwaamheid) verschuilen achter het OM. Wat gaat het OM daartegen doen?
  • Zoals in het commentaar bij bovenstaande link; de ‘bewijslast’ is een aanfluiting en treft de kleinere webwinkels veel zwaarder dan de grotere die veel meer middelen hebben om hun ‘onschuld’ (juist daar: quod non!) te ‘bewijzen’ afgezien van hun marktmacht richting betaaldiensten. Drie klachten voor de grotere, drieduizend voor de kleinere wellicht ..?;
  • Als het OM informatie doorgeeft waarvan volslagen duidelijk is dat doorgifte disproportioneel is (hoeveel aangiftes van véél kwalijker zaken werden/worden ook alweer geseponeerd omdat dozijnen ambtenaren gewoon geen zin hebben om hun werk te doen?), zijn zij mede aansprakelijk voor de gevolgen. Gemiste omzet, gederfde levensvreugde (juist bij de kleinere webshops die door de groten aan de kant zullen worden geschoven – dát zijn pas onoirbare praktijken, maar ja die groten hebben de willoze lendepop het OM in hun zak – zal een blokkering wegens de minste aantijging van ongeoorloofd gedrag, hoe onterecht later ook zal blijken, al snel tot volledige sluiting leiden, met alle faillisementskosten en afwikkeling op privévermogens van dien – het leven van de eigenaar zal nooit meer hetzelfde zijn. De aanzet die eerst blokkeren, dan uitzoeken inhoudt, is een regelrechte omkering van de bewijslast, en treft zéér onevenredig veel onschuldigen (valselijk beschuldigd, onevenredige en onherstelbare schade) terwijl de schuldigen gewoon verder zullen shoppen; die hebben de plan-B betaaldiensten allang opgelijnd.
  • Het OM legt dit betreffend onderdeel van haar taak naast zich neer, derhalve dient het evenredig te worden gekort op het budget. Ad infinitsimum. Het OM laat zich willens en wetens als ‘conduit’ misbruiken door de grotere webshops, en verspeelt daarmee haar gezag en rechtsgrond van optreden. Sluiten die tent dus ..?

Het is duidelijk: Als dit wordt doorgezet, failleert het OM zichzelf. Toch ..?
[Van bastion tot ruïne; Cardona]

Arms / race coming to an end ..?

When this is still necessary and (counter)x-measures will continu to be developed, for sure, how will this little nugget of WP29 change things?
Because it has power. That may lead to a throwback. For how long? The harder the throwback, the longer to recover. But the more powerful will be that rebound ..? We’ll see. For now, canvas blockers are still the way forward, so implement them, right?

This post was brought to you as a public service announcement from the sanity of browsing for information security and privacy blog you’re reading.
But seriously, why is there so little analysis of the WP29-on-Profiling stuff ..!? And:

Alasdair MacDuck

Just a Friday’s folly about Alasdair MacIntyre who, in his seminal and, when you’re into it (finally) quite pleasurably readable, After Virtue, has on pp. 243-244 (I have another edition 😉 ) “The name of the common wild duck is histrionicus histrionicus histrionicus.” – apart from this, it also is not true. The Mallard is; Anas platyrhynchos it is.
And now, I do challenge thee – was this ‘error’ on purpose or not, and if so, either to dare you to check it, or to pass off some signal to some kabal that reads his work and had put him under pressure ..? (As may be the reference close-by of secret passwords/passphrases of spies and double agents, and the three spelling errors in the book.)

Now, it’s weekend… plus:
[Now that’s low-light analog-to-digital conversion… decades ago, at Les Ménuires]

The logic of automated decisions;
ransparency through audits ..?

Not bashing, nor FUDhyping…
Was triggered by various treads, e.g., The Book on the subject (or, het boek in Dutch), and scores of elucidation (yes. be happy finally there is some truly) from the legal perspective, on GDPR article 15.1h and article 22.

The latter two not being conclusive, however. They are about requirements of transparency on the logic underlying automated decisionmaking. But there is no clarity about how deep that should go. Will “Hey your data is processed by some AI system [literally, factually incorrect statement because it’s only Machine Learning at max, today; does that construe a false statement i.e. fraud ..? ed.] and even we the builders ourselves have no clue what goes on in there – that’s the whole point of using it besides being able to fire a great many inherently expensive humans and we don’t care the least about the biases and other grave errors of the system it works fine for us!” be acceptable? Hint: No. Will “Oh it’s so intricate that we, let alone you, have no clue when looking at the audit trails that the system generates” fly? Same hint.

Because here, we see a new area developing for IS auditors: Auditing ‘AI’ [quod non but read ‘ML’ and you’re good; ed.]. As IS auditors are (supposed to be, I happen to know a fair share of peers … etc.) the experts in gauging systems functioning qua .. reliability overall, too. Which goes way beyond mere C-I-A but still, has Always been part and parcel of IS auditors’ education, right ..? I will come back to you soon, with more definitive info on how IS auditors should go about this all.

Oh by the way yes I did already notice that the more the system in scope behaves, and is constructed to behave, intelligently like the average (sic! statistically you have zero reason to put yourself above that! oh wait you read my blog so you are definitely, way off the right end of the scale) human, the more the audit will have to be like we audit humans today. Uniting psychoanalysis and explicit rules on paper (in procedures, algorithms et al.), very dogue much fun.

[Though a flat, and has iron, legally misidentified as flatiron …; NY – Pic tilted to fit in the pic frame of course]