DELIVERING UP YOUR DATA

The DeliveryDemon, like most people, has long been aware that the reason we get ‘free’ online stuff is because the providers are after our data. Few if any providers are clear about what data they gather and how they use it. If they provide that information at all, it’s hidden in Ts and Cs the length of a small, or not so small, novel. And of course, in those Ts and Cs they reserve for themselves the right to make unilateral changes to those Ts and Cs whenever they want.

 

They might sell it on, they might use it themselves. Sometimes they seem to give you some choice, but is it real? There are sites, quite a few, which offer a ‘Reject All’ option. Seems good, the DeliveryDemon still doesn’t feel comfortable. Clicking that button – does it really do what she expects? She can but hope! But some sites are a lot more obstructive when it comes to letting users have control of their data. And once your data gets out of your control, there’s no way to get it back.

 

The DeliveryDemon stopped using Huff Post some time ago, after seeing how they reacted to data protection legislation intended to give data subjects more control. They’re not the only one to take this approach, but they are a classic bad example. So what did they do, and are they still doing it?

 

They did, obviously, provide a mindless ‘Accept’ button. But if the user chose the alternative options button, what happened? A couple of layers down there was a list of third parties that Huff Post wanted to provide data to. And some of those third parties existed to provide that data to yet more third parties. How long was that list? Something like a hundred entries.

 

The options were set to the default of giving away data to each of those third parties. It was not possible with a single click to reset those defaults, that had to be done individually. And that was only a part of the story. Not all third parties had the toggle option. To opt out, it was necessary to go to the site for each of those third parties and SEARCH for how to opt out. Of course such lists are not set in stone, new entries can be added. Is the user, who would normally be using a lot more sites than just Huff Post, to track each site frequently, looking for changes in a long list? And to follow through to all those third parties who can’t be toggled off? Sleazy to put it mildly.

 

The DeliveryDemon has just gone back to see what Huff Post is doing now. No upfront information about permissions now, it was necessary to keep scrolling just to find where the options are. Guess what. Using the site implies acceptance of the Ts and Cs, though to find them requires site usage. The terms aka user agreement have the usual bias of absolving Huff Post of responsibility by shifting it to the user.

 

But the user agreement is only a small part of the story, there’s more hidden in a privacy policy. There are 15 topics in that privacy policy. And 20 products. And 11 ‘controls’ which look very like company names. And a dash board which looks very like the 11 controls. Plus a section on advertising which goes back to the controls, or maybe the dashboard.

 

Eventually some of those sections lead to multiple individual advertisers and the like, all with their own policies and opt out arrangements. The DeliveryDemon CBA to count through them all.

 

The HuffPost user agreement claims to be under the laws of England and Wales. The DeliveryDemon wonders how those laws apply to those many partners whose individual Ts and Cs claim to operate under completely different legal frameworks.

 

Of course HuffPost is not alone in using these underhand tactics to get at user data. Users are being groomed right, left, and centre, to participate in the normalisation of this sort of behaviour by a highly unethical use of nudge techniques. And the more they are normalised, the more readily they will be adopted by newcomers to the field.

 

What may be less obvious is the impact CORVID-19 is having. Yes, a viral pandemic can affect the technology we use, and not in the way of the common or garden computer bug.

 

It’s happening through the massive increase in the use of conferencing facilities at all levels. A lot of people are working from home. Pubs, gyms, and other gathering places have been closed down, depriving people of their normal social contact. The internet provides ways of offsetting that absence of face to face contact. There are well established conferencing apps, some designed for professional use, some embedded in better known social media. Niche apps are suddenly becoming highly popular. They are our work meetings, our social gathering places.

 

What are these apps doing with our data? Rigorous analysis would take so long it would never stay up to date so the DeliveryDemon is picking on one example – the Zoom conferencing app. You can’t sign up without accepting cookies. Even the Required Cookies refer to tracking your orders – with no indication of this being a shopping site. Functional and Advertising options are opted in by default – recognised bad behaviour in data privacy terms. And the Basic Settings option doesn’t actually allow you to change that, it’s necessary to choose an Advanced option to get at it.

 

Try to see Zoom’s privacy policy? It’s greyed out till you go through the cookies rigmarole. And it contains the statement ‘Whether you have a Zoom account or not we may collect personal data from or about you when you use or otherwise interact with our product’. That includes names, user names, physical address, phone number, job title, employer, Facebook information, your device, network and internet connection details. It also demands the right to grab data other users hold about you – and you may not even know what that data is.

 

Zoom is an egregious example, but it’s not the only one. The DeliveryDemon wonders just how many people know how much of their data has been grabbed, and what use it is being put to. Actually, she knows the answer. No-one knows how much of their data has been grabbed and how far it has been distributed. As soon as an app provider starts grabbing one person’s data from that person’s contacts, all control has been lost. It’s been happening for a long time, and the conferencing needs driven by CORVID-19 isolation are an absolute gift to organisations whose Ts and Cs are in breach of the letter and the spirit of common data protection legislation structures.

Can Contingency Plans Deliver?

Back in the long-forgotten days of the Millennium Bug, the DeliveryDemon was involved in a fair bit of contingency planning, basically identifying and documenting the actions which would be needed if a range of adverse occurrences came to pass. Even twenty years ago most large public bodies had pretty detailed contingency plans to draw on and adapt to suit the risks specific to the Millennium hype and scares.

 
Twenty years have passed and the concept of contingency planning is fairly mainstream. Mainstream means routine. Routine means a chore. Routine chores don’t get the same analytical thinking as do novel concepts. They get written, signed off, then put on a shelf and forgotten. It’s not clear to the DeliveryDemon if this has happened to public sector contingency plans. Having a Prime Minister making a maudlin announcement like a B-movie actor, – ‘Loved ones will die’ – does not engender confidence. If the contingency planning material exists, there should be facts to announce, even if those facts are only decision points. Instead we have constant statements which are quickly contradicted. And our irresponsible media love it – headlines galore, each scary enough to be clickbait.

 
What would the DeliveryDemon expect to see?

 
Obviously the NHS ought to have fairly hefty and well maintained plans, since they call on them every winter. Whether they have the resources is another matter, and not one which can be addressed quickly enough.

 
Logistics, as at the Millennium, is another key area. The UK, with its old and twisted road system is not an easy place to plan logistics. That is partially offset by the traffic reduction which has started already as people reduce their social contact. But a whole range of other factors come into play. Food and related goods have to come from somewhere and they are part of the infrastructure a country needs in order to function. That means a lot of HGVs going up and down motorways and through towns and trading estates.  But successive governments have abdicated responsibility for this and left it to ‘The Market’ – the range of competing companies which form the food supply chain – to manage the logistics of getting food to customers. It does not work. Retailers forever look for ways to cut costs, JIT (just in time) supply is the norm, there is cost in reducing expensive shop space to create more storage space. The retail model has little contingency in it and that drives the need for supply logistics.

 

Panic buying and hoarding are human nature, and totally distort the demand side of the equation. ‘The Market’ quite simply cannot control that, not without some sensible support from those who are supposed to be managing the country. Yes, the DeliveryDemon is talking about rationing, but not in the way it was applied during the World Wars of the twentieth century. So far, we are told that there is sufficient food in the supply chain and the problem is the speed with which is leaving the supermarket shelves. That’s a pretty clearly defined problem to solve.

 
Of course it’s not the only problem. Much of the UK’s food comes from abroad and the agriculture and fishing sectors haven’t figured high on government priorities for decades. Dr Tim Leunig, economic adviser to Chancellor Rishi Sunak, is understood to have said the food sector was “not critically important” to the country’s economy – and that agriculture and fisheries “certainly isn’t”. That’s looking like very bad advice now.

 
Already scarce items are appearing on Amazon – 16 rolls of Andrex for £49.99 anyone? Mothers relying on formula milk can no longer find it in the supermarket and the advice circulating is that it can be obtained from pharmacies but only on prescription – further demand on GPs and on NHS finances.

 
Of course, logistics needs people – to move, load, unload, deliver the goods. Two problems here. Those people are as prone as the rest of us to Covid-19 infections. And it’s in the nature of the job that they have contact with other people as well as the goods they deliver. The Army is well supplied with logistics expertise but it is certainly not an infinite resource and there will be a whole range of calls on its manpower.

 
Disruption of utilities and hygiene services has yet to be given much prominence. Households need power, water, sewage, more so when social isolation advice causes people to spend more time than usual at home. Hospital needs are even greater. As is the case for logistics, all these services depend on people, and people can get sick. So can their families and that means healthy people having to drop out.

 

One utility which has become much more critical in the last 20 years is communications. Today the internet is an integral part of most people’s lives. It’s a good way to disseminate news – and false news. It allows people to work easily from home. Social media enables people to keep in touch during periods of physical isolation. It’s also a channel for mass hysteria. That makes it important for the powers to be to have a trustworthy and informative presence through reliable media sources. That’s just not happening.

 

And underlying the need for good communications is a whole range of other functions. Telecomms companies provide the delivery mechanism – in this country still reliant on ancient copper wire technology for the critical last mile to houses. Internet service providers enable individuals to have internet access. Security companies provide all manner of protection for data, financial functions and the like. Banks use the internet to let people and companies manage their money. Online retailers abound – a great benefit to those confined to home. Email and social media create a venue for communication without the need for face to face contact. Content providers are a major source of entertainment when public gatherings in cinemas and at live events no longer happen.

 
In a well-run democracy, the government would have at its fingertips the management status of all these critical functions. Well-established plans would already have been activated to smooth over the most obvious disruptions. Serious consideration would already be given to the actions of other countries in the global economy, and the impact these actions have on this country. There is no sign that this is happening. All we’re getting is bombast and hyperbole and contradiction and obfuscation.

 
The DeliveryDemon has a message for our senior politicians. Think. Plan. Forget the vanity projects of a fortnight ago. Deal in facts, not spin. Drop the B-movie Churchillian speeches. Do the job. It’s hard? Tough shit, you could have thought it through when you went for the job. JFDI!!