What should also be in the GDPR

At least, as an idea: Foreign countries that interfere with privacy in the EU, should be included in the penalisation stuff. Same levels, like; 4% of GDP for e.g., registering political opinions of citizens of the EU even when they’re also citizens of that foreign, alien, enemy country, without explicit opt-in consent. [This happened, happens..!] For every transgression. Then enforce via trade sanctions and import taxes [after checking the trade balance will effect the ‘payment’ of the fines; won’t be stupid].

Oh, and:
[Or the supreme leader goes to jail for a long, long time and is struck by lightning; unrelated, Ottawa]

Common(s) as privacy and vice versa ..?

Remember from your econ class that concept of The Commons, and how problematic it was? Is?
There was this intriguing post recently, on how Free Speech might be considered and deliberated in terms of the commons being exhausted by undue over-use (abuse) — for its use alone ( → ). Leading to aversity of the concept not of the abuser or his (sic) apparent locally recognised but globally not, ‘valid’ reason(s) for over-use.

Which, as is my wont of the moment, driven by personal business interests, I took to be applicable to Privacy as well. Maybe not in the same way, but … This will need quite some discussion between me on the one hand, and peers and others on the other who would actually know what they’re talking about. Throwing in a bit of anglo-american data-isn’t-yours versus European (‘continental’ — will brexit – which starts to sound like a lame Benny Hill kind of joke ever more – change that ..??) data-is-datasubject’s-always divides, and some more factors here and there. Complicating matters, but hey life’s not perfect.

Waddayathink? In for a discussion ..? Let’s start!

And:
[Not so very common-s; Toronto]

Ben still has all the Ayes

There is no end to the need to repeat the, somewhat but simply never sufficiently, quote by the Ben you know best:
Those who surrender freedom for security will not have, nor do they deserve, either one.

How valid today. How utterly moronic in comparison all that would allow crypto-backdoors (for other reasons, too), and covert catch-all dragnet surveillance. Etc.   Etc…

Oh and for the few that are still interested in the United States Constitution, they shall refer to article 1, section 7, clause 2 , that has not ayes and nays but yeas and Nays. Just wanted that off my plate.

Leaving you with:
[You’ll be naked and that will not be pretty; Barça]

Mastodon as a grassy patch

Just one of those things, questions, that swirl into my mind every so (too) often: What if, when, Mastodon is the Woodstock of social media ..? Wouldn’t that be grand. All pick your own Hendrix in this. Suggestion: him ;-|
On the serious side; the festival itself was hardly in mainstream news at the time, but (helped) triggered major societal changes. Let’s hope Big M (not with ac but on AC/DC) does the same, in these times of need. For such change.

Oh, and:
[No, this is not doctored or otherwise edited. Zuid-As, Ams]

Learn you will… Recover, you might.

When your countries largest retailer (primarily F&B but non-F only recently growing as well), has finally heard about something-something-smart-fridge. And wants to do it Right and starts off with a pilot. Of, drumroll, a smart fridge magnet with a mic and barco scanner for adding stuff to your on-line grocery list (on-site self-service pick / pick-up, or delivery to follow separately). Didn’t kno that existed already.
Nice idea, to include not (only) a barco deliberate-scanner (no creepy auto-scans) but also a mic when you don’t have the product at hand (and fresh veggies wouldn’t make it; for a long time already not stickered but weighted at the (vast majority) non-selfscanned check-out).

But what security ..? For fun, e.g., putting reams of alcohol stuff on the to-pickup lists of unsuspecting meek middle-classmen that won’t understand but come home with some explanation to do (bonus for taking the stuff off the list once procured so ‘no’ trace on the shopping list). For less fun, snooping off people’s shopping habits and get rich (by ultra-focused ads or selling off the data, or by extortion-light once you get the Embarrassing Items in view). For even less fun but lulz (grow a pair) when changing the list to violate some family member’s med-dietary choices into harmful variants. And don’t forget the option to (literally) listen in on very much that is said in the vincinity of the fridge. Could be anything, but probably privacy-sensitive.
But what security? The press release point to other countries’ supermarkets already offering the Hiku sensors. Nothing is unhackable. Exploit searches must be under way. People never learn. Reputational (corp) and personal-integrity (clients) damages may or may not be recoverable, at huge expense.

I’m not in, on this one. No need. Plus:
[Where you can learn; Zuid-As Ams]

Full cite of important stuff

This being a complete citation of important stuff, on various subjects in one – meaning, that the brillantly brief once more applies to various trades and aspects, for your information:
With the sound off or on?
If you watch a well-directed film with the sound turned off, you’ll get a lot out of it. On the other hand, it takes practice to read a screenplay and truly understand it.
It’s worth remembering that we lived in tribes for millennia, long before we learned how to speak. Emotional connection is our default. We only added words and symbolic logic much later.
There are a few places where all that matters is the words. Where the force of logic is sufficient to change the moment.
The rest of the time, which is almost all the time, the real issues are trust, status, culture, pheromones, peer pressure, urgency and the energy in the room.
It probably pays to know which kind of discussion you’re having.

By Seth Godin, as you may have derived from the style and profundity. (As per here, which is literally the same text – told you so – but also add the Head to your daily reading list! [Noticed that Head thing, intended to refer to a List structure, is a pun when you see the image to click on his blog…].)

Which all relates to a. Privacy [yes it does, just think it through] and b. your IAM ideas, ever in renewal since … decades; plus c. the ‘GRC’ eager beavers — that at last are pushed back, softly and hardly noticably, by counterforces-undetermined that want their space to innovate back. And d. <fill in yourself and colour the pictures>.

Oh, and:
[Marketing -, or was it Design, Department at some Toronto institute]

Fake your news

So this is your future, part II:
Fake news is (to be – timeframe in question is ..?) battled by platforms that have full control over just about everything out there. By whatever algorithm these might bring to bear, most probably with a dose of ill-aligned AI creating a filter bubble of the most beneficial to the platforms kind for sure which is the most profitable one to their *paying* customers which is the ad industry which hence is by definition detrimental to the users, the global general public (sic).
Thus suppressing Original Content by users that isn’t verifiable against the ever narrowing ‘truth’ definitions that benefit the platforms.
Thus installing the most massive censorship ever dreamt of.
And despite some seemingly (!) benign user support in this

In the olden days, anything of such ubiquity that it was factually (sic) a (inter)national utility, was nationalised to bring it under direct control of the People.
May we now see the appropriation of Fb by the UN due to exactly the same reason ..?

One can hope..? Plus:
[Rosy window on the world ..? Not even that; Zuid-As Amsterdam]

Right. Without -s

So, we’re into this era of giving up control over our lives. Where we’re either dumb pay-uppers, or (also) victims. Which in turn leads to questions regarding who will have any income at all, to pay for the service of being allowed to sit as stool pigeon until shot anyway.
Because the latter is what follows from this here nifty piece; Tesla not giving your data unless they can sue you. The EU push for human-in-the-loop may need to be extended considerably, but should, must. Possibly similar to the path of the Original cookie directive, from weak opt out to strong double opt in plus all privacy requirements (purpose / functional necessity, minimalisation, etc.etc.).

Do we recognise here again the idea that though your existence creates it and would be different for every human on earth (plus orbit), your data isn’t yours ..? Quod non! When someone takes what you produced (however indirectly! – inferred and metadata and all) without payment, that is theft or worse in any legal environment.
Is there anywhere a platform where the consequences of this global delineation are more clearly discussed, between Your Data Isn’t Yours Because We Process It, versus My Data’s Mine Wherever ..?

I’d like to know. And:
[Your fragile fortress…; Barça]

Behaviour is key to security — but what if it’s perfect?

When the latest news on information security points in the direction, away from reliance on technical stuff, of the humans that you still can’t get rid of (yet!), all are aboard the ‘Awareness is just the first step, you’ll need to change the actual behaviour of users‘ train. Or should be, should have been, already for a number of years.
In Case You Missed It, the Technology side of information security has so far always gobbled up the majority of your respective budgets, with all of the secondary costs to that, buried in General Expenses. And the effectivity of the spend … has been great! Not that your organisation is anywhere near as secure as it could reasonably have been, but at least the majority of attackers rightly focus not on technology (anymore – though still a major headache) but on the feckle user discipline. Oh how dumb and incompetent these users are; there will always be some d.face that falls for some social engineering scam. Sometimes an extremely clever one, when focusing at generic end users deep down in your organisation, sometimes a ridiculously simple and straightforward one when targeting your upper management – zero sophistication needed, there.

The point is, there will always be some d.face that makes an honest mistake. If you don’t want that, you’ll have to get rid of all humans and then end up overlording robots (in the AI sense, not their superfluous physical representation) that will fail because those underling users of old held all the flexibility of your organisation to external pressures and innovation challenges.
Which means you’re stuck with those no-good [i.e., good for each and every penny of your atrocious bonus payments] humans for a while.

Better train them to never ever deviate from standard procedures, right?
Wrong.
Since this: Though the title may look skewed and it is, there’s much value in the easy step underpinning the argument; indeed repetitive work makes users’ innate flexibility explode in uncontrolled directions.
So, the more you coax users into compliance, the worse the deviations will get. As elucidated, e.g., here [if you care to study after the pic; study you’ll need to make something of the dense prose; ed.].

So, here too your information security efforts may go only so far; you must train your users forever, but not too much or they’ll just noncomply in possibly worse directions.

Oh well:
[Yeah, Amsterdam; you know where exactly this depicts your efforts – don’t complai about pic quality when it was taken through a tram’s window…]

Maverisk / Étoiles du Nord