Tag: Applicable to business

No legalese please, we’re in business

Which translates to: A DPO better be an IT expert who has learnt [for clear thinking, UK English is preferred by far; ed.] the legalese of the GDPR, than a legal expert who has learnt some tidbits of IT. Despite the usual suspects exceptions, you do recognise the former and latter types in practice. And exceptions those are.
And debunking the myth that a legally schooled ‘GRC’ operative might pick up sufficient IT skills in a couple of courses or a bit of privacy practice, needn’t be necessary or you have done zero investigation re this. What a sorcerer’s apprentice of the pastiche kind do they portray. Because the mindset is inappropriate; the mindset of accidentally finding an interesting problem and for once not being dazed by those in the know, studying it extensively, how interesting this all, and then       hardly anything. Certainly (sic) no actual solution to the problem…
The IT side, so often and so extensively underestimated in its intricacies throughout the vast wide scope of it in particular qua privacy concerns even in the GDPR itself that core document around which so many circle, on the other hand is qua background focused on (actively going out and) finding problems and then creating and implementing a solution.
And at the same time, recognising that the legal stuff is not as hard as it is sometimes portrayed (instigated) to be and does not require more than a trade diploma level of intellectual development, if even that.

One could easily remain on the subject but without much gain. We retire, having made sufficient argument why DPOs have no legal basis need in their functional requirement.

Oh, and:
[Feel free to pose and shine – with pretense of superiority through some legal jargon most probably devoid of meaning; NY]

Take me out of the loop, (as I) please

Considering that there is this thing with privacy — where people are getting more and more aware that yes, they do have a legal right to not opt in to any scam’ish spam and Shallows-ing of their filter bubble [where the latter sounds soft and pleasant, pink, instead of crushingly dusty and petrifying your mind, the one thing that so far keeps you human].
Considering, too, that there is a push to have at least a human in the loop of math destruction. Which will fail if it’s a click-yes-or-be-fired job. Which it will, in the current setting and developments, be. Unless the human, and all of hes [her/his; LGBTQ-neutral] superiors all the way up to and including in particular, the Board members individually fully accountable, remain accountable for all that the click-yes leads to. They should be are or else they have to legal title to any income of any kind. But since the legal side is all set but the 0.1% is above the law, this isn’t happening.

At least then, we should aim for something similar to the cookie directive [so villified because it was such a glorious and simple idea it could work. could have.]; I propose:
The right to be left out of (statistical or other) profiling. Since the profiling follows from matching patterns that are different things from the data I providedmost probably to some party other than the one doing the profile extraction out of statistical masses – fitting me to the profile is a direct form of de-anonymisation to identification to which you have no legal right and a legal duty not to. Check your brain to see whether it is capable of the most basic functioning, which is sufficient to understand articles 11 and 12 of the Universal Declarations of Human Rights. Name one set of principles that applies more widely, globally, than that. Doing away not only with the nuisance but also with the filter bubble et al. including the atrocious downsides of false positives as per the link above.

Maybe the online ad markets would crash. Report has it that they already do; imploding under their own emptiness. There is no inherent reason any market should exist per se. The world would a. continue to prosper, so infinitely more so than before when ad markets would crumble; b. be a better place and who could be against that?

So after this bombshell of an idea, I leave you with:
[Peace of mind; at a borgho just North of Siena]

Leaking profiles

Got an attention raiser during an off-the-cuff discussion on data leakage. Qua, like, not getting the first thing about what privacy has been since Warren&Brandeis’ eloquent definition, and subsequent codification in pretty hard-core, straightforward laws.
The problem being, that no theory of firm (incl public) allows subsumption of employees into slavery, of mind or otherwise. Think Universal Declaration of Human Rights, article 12. Hence, tracking and tracing every keystroke of employees, i.e., treating them as suspect of e.g., data leakage before one has any a priori clue about everyone individually actually doing anything wrong, not having been granted any rights of surveillance in this jurisdiction, is a crime in itself.
And no, the comparison with street cameras that bother no-one and make everyone safer, is a lie on two counts. And, in many countries (the civilised ones; a criterion in reverse), such (total or partial) surveillance isn’t outlawed without reason.
So, your data leakage prevention by tracing everyone is an illegal act. Don’t.

No, your security concerns are not valid. Not the slightest, compared to the means you want to deploy. Stego to files of all kinds, when all are aware of its implementation, may help much better. And supplies you with the trace you want; not to your employee that you (but no-one else) suggest is rogue – (s)he knows about the traceabilitry so will be self-censored (ugch) into compliance – but to the third party that spilled the beans. Since stego-cleansing tools may exist, your mileage may vary. Encryption then, the destruction of content accessibility for those not authorised (through holding a password/token/~), will fail when anything you send out, might have to be read off a screen; the PrtScn disabling being undone by good ol’ cameras as present in your good ol’ S8 or P900 (though this at 0:50+ is probably the typical TLA stakeout vid/result).

Conclusion: Excepting very, very rare occasions, your data leakage prevention by employee surveillance will land you in prison. Other methods, might be legal but fail. Your thoughts now on outbound traffic keyword monitoring. [Extra credit when including European ‘human in the loop’ initiatives.]

And:
[No privacy in your prayers, or ..?? Baltimore Cathedral]

Ninety percent

Not in any economic sense you may have thought, given the attention oft given to, e.g., the 1% or 99% (We Are-; Occupy-style) where now the 90% might be the disappeared middle class in the US that extended from the bottom 10% – that was around even in the best of times – all the way to the top — excepting the 0.01% that was in charge all the time …
Here, it’s about a quote slash truism:

90% of everything is crap

Have ever truer things been said. This, of course you knew since prep school, being Sturgeon’s Law.

Just putting it there. See the link for a ‘proof’. Or look around you; physically (co-workers), mentally (in your head, and feel free to assume the others’ heads are not necessarily better…), qua your pay check, your significant other [hey here I can testify I’m lucky with a not-90% specimen par excellence; no she’s not reading this], etc.

Leaving you with:
[In the 10%, definitely. Even when it rains, this one. Baltimore]

Get them ..?

The effectiveness of any system of limitation of random liberty for the common wheal, like, errm, traffic speed limits, where the enforcement hinges on individuals’

  • Weighing of necessity to break, either by being pressed (to arrive in time, or other coercion by others), or by an innate need to show off one’s [purely hypothetical; the more claimed, the more clearly emptily overshouting in vein] individuality;
  • Probability of detection, where of course society needs to balance total surveillance against freedom of movement — without interference even by blanket self-censorship;
  • Leniency of prosecution, i.e., whether one has boobs and cleavage (works with straight male and other-than-straight female cops, I guesstimate) and the happenstance happiness level of the state trooper (F/M/~), squared of course with how much over the limit you were and
  • Penalty — how much you’re charged for if at all

— with the overall effectiveness being helped most, it turns out, by #2 [Used ul in stead of ol on purpose, yes]. Making the societal weighing thing much more serious, (un)fortunately.

But also; how could this help in #ditchcyber space ..? Many more raps on the knuckles …? How? By enforcing time-outs on the use of the (=?) Internet? That would be quite some latter-day equivalent of shutting people out of global society by solitary imprisonment … (way beyond mere forced exile to wastelands (inclusive)or ‘Strailia). Calling to question the humanity of it. Or would it provide a (suggested limit:) day’s worth of re-education on the subject of life out there?

I’d want the latter for the great many … Time for some Multi-million scale entrapment…?

Oh, and:
[Yep that’s the panipticon at work in Penn’s Eastern State Pen — be it Al’s cell all nicely decked (with the wrong radio!); worth a visit ..!]

Being Creative with Trust in Identities

… seems impossible to get right. Since for sure, Identities that can be Trusted are so stable that all Creativity is impossible ..?

What does society-at-large want? If you think about the bandwidth above: Aristoteles’ true middle..! But would you know where that is, in this? Would it be sufficiently on the Fixed side to be able to be used as trustworthy Identity? Or would it be a matter of good-enough reliability, for the task at hand?
Possibly we should like Activity-Based Access Control to pair to this Task-Sufficient Identification ..?

A lot on this will have to be developed further, I’d say, but this could be the beginning of a beautiful friendship
Plus (skewed ‘horizon’-ID intentional…):
[All the ID theft may not get you here…; Amsterdam]

Imminent enrichment through AI — of jobs ..?

Anyone else feels like the breakthrough of AI in all sorts of jobs (yes, most certainly not only the bohrrring repetitive-manual-labour kind — that may be one of the kinds that comes much later in the sequence since it requires extremely sophisticated physical/intellectual (yes) interactions than previsouly thought (by humans))
is imminent?

And anyone see that the horror of replacement of humans XOR your co-workers is to come only (a bit) later, when AI-driven systems have become good enough to replace you, completely — leaving the spoils of labour to the (intensive people-farming) factory owners ..?
With in the shortish mean time, your job being ‘enhanced’ through AI, by the enrichment of having to deal less with the simple stuff and you having more time available to do more Intelligent (parts of) your job. Possile, on conditions of:

  • Such more intelligent parts of your job existing; a great many a manager may find there is no such thing, or the room for manoeuvre isn’t there;
  • You being able, capable, of performing such more intelligent job parts; with the focus on reporting (send/receive; hardly ever anything more than the extremely-simpleton processing in between) probably your capabilities have shrivelled into unusability;
  • Time availability is what holds you back so far; extending on the previous condition, you may find yourself to actually – be honest now! – already have had that time available but used it for busywork, like, being a Manager or so. And/or, by loafing or do I repeat myself. Now that you may get time available for Intelligent stuff, you may not notice that;
  • You getting paid more, or at least the same; as it turns out that the enrichment-by-cutting-out-the-bottom-part, leads to a serious pay cut as your Overlords now see your function as much less time-consuming or bottom-line-feeding. Especially the latter may turn out to be an eye-opener…
  • You getting sufficient time to build a new job; the creeping replacement of You by AI-based systems might speed up significantly as the first rewards transpire — to the Owners again — and hence the cry [not tag; ed.] for More may intensify the efforts to replace you ever more, funded by … your increased utility if at all, or the increasing utility of the you-replacing AI at least.

Suffice to notice that a priori it will be very, very difficult to meet all these conditions, if even anyone would try (apart from you, but you’re too singleton in this to pull that off). So…

Oh well, there’s always:
[A different look at Casa de Musica; Proto]

Nog een / One more on audit culture

U zult weinig genoegen scheppen in zang, dans of vechtsport als u bij de zang de harmonie van de muziek ontleedt in haar verschillende klanken en u bij iedere toon afvraagt: ben ik hier nu echt van onder de indruk? U zou u voor zoiets schamen. Hetzelfde geldt voor de dans, wanneer u elke beweging en houding apart beoordeelt, en voor de vechtsport.
Which translates to, anachronistically:
A pleasant song or dance; the Pancratiast’s exercise, sports that thou art wont to be much taken with, thou shalt easily contemn; if the harmonious voice thou shalt divide into so many particular sounds whereof it doth consist, and of every one in particular shall ask thyself; whether this or that sound is it, that doth so conquer thee. For thou wilt be ashamed of it. And so for shame, if accordingly thou shalt consider it, every particular motion and posture by itself: and so for the wrestler’s exercise too.

Which in turn brings back the discussions on the auditors being of a stratum or subclass that abhors the Cultural stuff, runs away from the Arts. Contrary, statistically, to e.g., lawyers and notaries-public. This was researched some years/decade back here in NL: auditors don’t read books. Don’t go to theaters. Don’t go to concerts. The bores, the bereft of exposure to the Classics, in classical or latest-modern form. They just don’t delve into anything moral, or consider Advanced Excel the ultimate they’ll go to.

As POTUS of the Western world — military and culturally, not just the latter or, much degrading, economically only — Marcus Aurelius saw it right (yes the above is from his Meditationes, book XI / II): Those that focus only on the analytical, tracing the veracity of the True and Fair View to the detail only and not do (moral/ethical-Value) synthesis, are of an ethically overly impoverished, plebeian folk; worth to be (wage) slaves.
Those, on the contrary, that use the nitty-gritty to arrive at some grand, eloquent plea like lawyers do [should do; ed. – yeah that’s me myself ;-] even when not fully in compliance AAARGGGH! Yes I’ll go rinse my mouth with green soap   with the Original “ISO” standard for that, will see their Virtue strengthen…

Never thought that I’d prefer lawyers over … anything.

But it does also refer back to my post of a couple of weeks ago in which I explained the difference between dispassionate conformity checking and invariable fault finding, the robotic way, versus compassionate improvement-issue formulation and risk-based prioritisation, the nothing-like-robotic way.
Now imagine which side I prefer to be on …

Plus:
[Ah, Culture and heritage, much over, higher, than mere systems of record; Edinburgh]

Quote by Book: John’son

Network: Any thing reticulated or decussated, at equal distances, with interstices between the intersections.
Dr. Samuel Johnson, Dictionary

No kidding. Only script kiddies of the worst kind don’t seem to get that. Though it has been around since 1755, as a definition that is. How prescient.

And:
[Mash; London (already some years ago, yes]

Meta / Attrib-ShareAlike- … Commercial

For the following, one would best resort to …
Who are we kidding; are there still believers out there apart from te truly stupid-to-beyond-dysfunctionality-capacity defenders, that metadata is something less bad than just privacy-sensitive data points outright? Well, <spoiler> it’s the other way around— as is exemplified in this here piece. From which I’ve blatantly copied:

  • They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
  • They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
  • They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don’t know what was in the email or what you talked about on the phone.
  • They know you received an email from a digital rights activist group with the subject line “52 hours left to stop SOPA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.
  • They know you called a gynecologist, spoke for a half hour, and then searched online for the local abortion clinic’s number later that day. But nobody knows what you spoke about.

So blatantly I might as well add:

But then the Non element in there warps things. Nevertheless, I’ll use the example in my upcoming pres.

And I’ll leave you for now with:
[Full of info, too, innocious that aint but no invasion on you; Prague]

Maverisk / Étoiles du Nord