Tag: Privacy

VoteChain

A short question: Would anyone have pointers to info on how to use blockchain methodology to have (physical-world) voting on the ‘Net but with integrity, secrecy and (non-)repudiation everywhere, from eligibility registration to tallying and publication ..?

Because I’d say there’s possibilities with said technology ( / process / methodology / application ?).
E.g., what was it again with that Swiss canton that did three votes per voter and newspaper publication of codes, and other such schemes ..?

Otherwise, this:
[youtube https://www.youtube.com/watch?v=PLIVVDmDjDI]
Will return on this subject. For now:
DSCN7683
[Not seen so oft; for no (?) reason; FLlW near Baltimore]

Total priv’stalking

Errrm, would anyone have pointers to literature (of the serious kind, not the NSFW kind you only understand) regarding comparison of real physical-world stalking versus on-line total data collection ..?
No, not as some rant against TLAs but rather against commercial enterprise than not only collects, but actively circles around you, wherever you go. Giving you the creeps.

Because the psychological first response is so similar, can it be that the secondary behavioural response / adaptation is similar, in self-censorship and distortion of actual free movement around … the web and free choice of information ..?

And also, whether current anti-stalking laws of the physical world, would actually work, or need strengthening anyway, and/or would/could work or need translation/extension, to cover liberty of movement and privacy-as-being-the-right-to-be-left-alone i.e., privacy as the right to not be tracked, privacy as the right to anonymity everywhere but the very very select very place- and time(!!)-restricted cases one’s personal info is actually required. Privacy as in: companies might have the right to have their own information but not the right to collect information of or on me (on Being or Behavioural) as that is in the end always information produced by me, through being or behaving. The (European) principle still is that copyright can be granted, transferred, shared out in common parlance by payment for use (or getting paid for transferring the right to collect such payments) i.e., economically, but not legally; the actual ownership of the copyright remains with the author!

See why I excluded the TLAs ..? They may collect all they would want but not use unless on suspicion after normal-legal specific a priori proof; that’s their job. No officially (…) they may not step outside their confined remit box, but they do have a box to work within.
Now, back to the question: Please reply with other than the purely legal mumbo-jumbo that not even peers could truly understand but just babble along with.

In return, in advance:
DSCN0535
[Foggy (eyes), since in the olden days, probably never to be seen again; Bélem]

Coolness 1 – progress 0

Hm, on the face of it, this here is interesting: the director of Europol (no less) saying that TOR and Bitcoin shouldn’t be vilified even if they pose problems for agencies, since they allow cittizzzens to enjoy the freedoms of the Interwebz.

Nevertheless … Claiming that means: ‘may still be needed to trace and convict those colouring outside the boxes’, which would raise suspicion of window dressing. Let’s see how this talk will be walked, shall we ..?

After which dense text you deserve:
DSCN8502
[Typical Zuid-As]

PbD

Suddenly (?), amidst all sorts of ‘backlashes’ to whip the 90%, or 99%, back into sully compliance and complacency, this ENISA report came out. Issuer → importance. Get it and read…

For the effort:
20150109_144328
[Somewhat close to near perfect alignment. But no cigar for the Gemeentemuseum Den Haag …]

ID card house coming down

With the ‘eavesdropping’ or whatshallwecallit of the German Defense Minister’s fingerprint, it seems that yet another card was pulled from the infosec card house of solutions. It looks like a distant relative in infosec land, on the ID side, has faltered. Or, has shown to be not 100% perfect. Dunno if that is newsworthy; apparently is.
Though apparently, in unrelated (?) news reports, not all tools out there have (yet) been cracked by TLAs. With Tor and Truecrypt as shining examples, but haven’t vulnerabilities in the schemes of those been demonstrated (at least theoretically)? So, are the leaked documents just bait to pull in as many ‘script’/privacy kiddies into environments where they actually can be tracked? If the leaked docu are false admittance of uncrackability … who can you trust, then?

Or is it all The Return To Normalcy, where we know all and every tool and method are not 100% perfect, let alone in themselves, and we will have to return to do a risk weighing for every action we take – allowing the Other Side(s) to also be relatively lax and fetch only the clearest of wrong-doer signals. This would require:

  • the boys-cried-wolf to tone down a little. Maybe selling less tools, maybe achieving more by more carefully spending the budget; a Win;
  • the n00b and drone mob users (think @pple users and like meek followers) to raise their constant awareness; a Win;
  • the ‘adversaries’ to not want to be perfect Big Brothers. Hard, to admit, and to not utterly destroy human rights, but necessary and sobering; a half Win.

So, … this card house tumble may turn out to be Progress.
I’ll leave you with:
DSCN1388[Fragile new, sturdy old; Cologne]

Careful times

This day and age, one cannot be too careful with one’s digital traces. To the point where normal functioning in modern society is impacted. And then, that’s not enough. Your mere existence may cause trouble by you not being the only one recording your life. As in this here piece

Which, apart from its many manifest errors of thought on the side of the wannabe good guys that by being absolute n00b sorcerer’s apprentices at best, has this nugget of inhumanity: “The RMV itself was unsympathetic, claiming that it was the accused individual’s “burden” to clear his or her name in the event of any mistakes, and arguing that the pros of protecting the public far outweighed the inconvenience to the wrongly targeted few”. Well, if you think that, you might as well join terrorists in the Middle East; they think the same and wouldn’t be allowed to be at all, in any functioning society.

Well, I’ll stop now before suggesting the ones doing such erroneous thinking should be locked up safely in some asylum of the old kind, and leave you with a calming:
20141101_150551[1][On how life actually is]

Your info – value

Wanted to post something on the value of information. Then, this came out a couple of weeks ago. By way of some sort of outside-in determinant of the value of (some) information… [Oh and this here, too, even more enlightening but for another discussion]

who-has-your-back-copyright-trademark-header
Which appears to be an updated but much shortened version of what I posted earlier. Players disappeared or doesn’t anyone care anymore about the ones dropped out ..?
Anyway.

Yes I wasn’t done. Wanted to add something about information value within ‘regular’ organisations, i.e., not the ones that live off ripping off people of their personal data for profit as their only purpose with collateral damage functionality to lure everyone, would value the information that they thrive on, by looking inside not circling around the perimeter.
I could see that being established via two routes:

  • The indirect avenue, being the re-build costs; what it would cost to acquire the info from scratch. Advantage: It seems somewhat tractable. Drawback: Much info would be missed out on, in particular the unstructured and intangibly stored. Employee experience …!?
  • The direct alley. Not too blind. But still, hard to go through safely. To take stock of all info, to locate it, tag it, among other things, with some form of revenue-increase value. Advantage: Bottom-up, a lot of fte’s to profit from the Augean labor (Hercules’ fifth). Drawback: the same.

OK, moving on. Will come back to this, later.

There’s hope

Though hope has never been solid business planning, as it is what’s left after all rational expectations and handles have vanished and only leaving it to fate remains, this move may, may have some impact in one way or another: Ello mutating into a PBC.

And, for the weekend:
DSCN6157[We have a beautiful prize available for the first to locate this!]

At least, you can have your PIA

Privacy Impact Assessments are treated much too much as an assumption in (new European regulations’) privacy-anything these days. Yes, PIAs are a critical step, on the very critical path towards compliance in substance. Since when they aren’t done well if at all done with any true attention and intention, your compliance effort will fail, if not formally then in practice – with equal serious break-your-business high-probability risks.

First, this:
20140905_201502[Heaps upon Sea again indeed]

The point being; PIAs should be done with an actual interest in privacy (of stakeholders) protection. When done less than full-heartedly, the results have hardly any value. Because that would demonstrate one doesn’t understand the ethic imperatives of privacy protection in the first place. From which would follow all required (other) policies and measures would be half-hearted, ill-focused, and sloppily implemented ‘as well’. Which isn’t the stretch of reasoning you picked up on first reading this…

And then, a great many organisations don’t even start with PIAs, they just jump in at all angles and steps. With PIAs still being required, not full-heartedly carried out somewhere during or after the fact,where all the rest is implemented on assumptions that will not be met.

To which I would add: In the above, ‘you’ regards the ones in control (“governance”, to use that insult) at organisations that would have to be compliant. Not you the advisors/consultants, internally (in 2nd and 3rd LoDs) or externally, that push organisations. [Don’t! Just tell, record, and after the disaster ‘told you so’ them. There’s no use at all kicking this dead horse.]
But oh well, why am I writing this? Why am I hinting at ethics in your governance? That’s an oxymoron at your organization – do you claim to have the one or the other?

Feel free to contact if you’d like to remedy at least this part of your Privacy non-compliance…

Maverisk / Étoiles du Nord