Everyone, that is, except for Mr Matthew Brock of Swiss Cottage. I have it on good authority that the gentleman in question, an old friend of mine, is giving Google+ a miss.

It’s not that he dislikes social networking as such. He long ago signed up to Facebook with only a cursory grumble, and he’s frequently to be found sharing photographs on Twitter (@_mattbrock, if you’d like to be friends). But he tells me he’s uneasy about Google’s continued expansion into ever more online markets – and, in this case, about its acquisition of a huge amount of personal information to add to its already vast database. He has therefore decided to be a conscientious objector.

As podcast listeners will know, when it comes to issues like this, my personal privacy policy is “get over yourself”. If Google’s gurus reckon they can make money from me uploading pictures of Mike Jennings in a daft hat then I say good luck to them. Even as I nodded sympathetically along with Brock’s explanation, I admit I felt he was being perhaps a little paranoid. Did he really suppose Google had some evil master-plan?

Little did I imagine that within 24 hours I’d be eating those, er, thoughts.

Changing details

My epiphany began innocently enough that evening, when I decided to change my email address. This isn’t something I do very often, but there comes a point when a mailbox receives so much spam there’s nothing to do but abandon it and move on.

There comes a point when a mailbox receives so much spam there’s nothing to do but abandon it and move on

I should have realised I was opening a can of worms when I discovered there’s actually no way to change a Gmail address. To move to a new address, you must open a new account. That only takes a minute, but I was piqued to find I was unable to migrate my contacts, and to transfer my mail across I had to set up a rather roundabout POP3 transfer.

That wasn’t the only problem, as I realised when I tried to move my Google+ account to my new address. It turns out this isn’t possible either: each profile is permanently linked to the Google account it was created under. Since my Google+ profile was only a few weeks old, it wasn’t exactly stuffed with memories, but it was still irritating to have to ditch it and start afresh.

At that point my phone chirped to tell me I had a new email, and it hit me: my phone too was tied to my old Google account. A quick web search revealed that the only way to set my new address as my primary account would be to perform a factory reset and set the phone up again from scratch.

In the end, moving to a new email address meant losing access not only to my archives and my Google+ account, but also to my Android Market purchases, my Google Docs, my Google Calendar and my Google Checkout history. I also ended up losing all my stars on Angry Birds. (It may have been this realisation that really made me question the wisdom of allowing Google to control so many different services.)

Big mistake

To be fair, the root of the problem isn’t Google’s size as such, but the way it ties its services together. A well-designed database should use some sort of anonymous internal value, such as a serial number, as the key field, so that personal information can be freely modified without breaking the links between tables. Google appears to have ignored this fundamental principle, instead using the email address as the key field. That’s quite literally a schoolboy error – I learnt about key fields way back in GCSE Computer Studies – and Google should be ashamed.

But it wouldn’t be a problem if Google weren’t tying everything together in the first place. Facebook, Twitter and even PayPal accepted my new address without a murmur. If only Android were similarly decoupled from the main Google database, I’d still have my golden eggs right now.

So – to my admitted surprise – I find myself in sympathy with Brock’s position. I’ve never really believed that a big company must necessarily have a malicious agenda; but now I realise you don’t need a plan to cause havoc. With the best will in the world, people – and hence companies – make stupid decisions from time to time. The bigger we allow Google, or any company, to grow, the more scope those stupid decisions have to screw us all.

Update: I’m most grateful to Alan Robertson, in the comments below, for pointing out workarounds for some of the problems mentioned above. The latest version of the Android Market application (which, oddly, doesn’t appear to be available from the Android Market itself) does indeed allow you to install purchased applications from multiple accounts – although this of course means you have to keep your old Google account active alongside your new one, which is a pain.

More usefully, as Alan also mentions, if you have an Android phone or tablet you can configure it to sync your contacts and calendars from your old account – then switch over and resync them to your new account. I’m not sure how you’d do this without an Android device though, as importing contacts directly across Gmail accounts isn’t supported. And it’s still the case that to switch your primary account you must perform a factory reset.

In all, it seems Google is gradually addressing the problems involved in using multiple or changing identities, but there’s some way to go. And, as I mentioned above, the problems are largely ones that in a more diverse market would never have arisen in the first place!

Twitter is having another one of those ‘I’m Spartacus!’ moments. The last one was when the powers that be decided someone making a joke post about blowing up Robin Hood Airport was a potential terrorist and prosecuted the poor sod.

The Twittersphere responded by retweeting the posting in question, on the basis that the police couldn’t arrest everyone. The same thing has now happened following the ridiculous situation where everyone and their dog knows the identity of a footballer who stands accused of doing what footballers seem to do when not kicking a ball around and earning obscene amounts of money.

An MP even used his Parliamentary privilege to suggest the footballer in question was Ryan Giggs. Something the masses on Twitter have been doing for the past fortnight or so, with tens of thousands of tweets and retweets naming the Manchester United player.

Most everyone, including it would appear the Prime Minister, has admitted the situation is such that these super injunctions are dead in the water and need to be looked at again. I say most everyone, as some lawyers who specialise in privacy law (surprise, surprise) think it’s outrageous that people on Twitter have ‘outed’ a poor footballer in this way and have called for every one of them to be prosecuted. Funnily enough, a certain footballer (who I shall refrain from naming) has allegedly instructed his lawyers to chase the Tweeting masses in just this manner.

Will the temptation be to try and control social networks and silence the voices of the tweeting masses?

While High Court Judges are notoriously out of touch with reality, those law makers a few decades younger and who live in the real world can surely not have failed to notice the power of Twitter. Which leaves me wondering which way they will swing: will the temptation be to try and control social networks and silence the voices of the tweeting masses? Or will they realise that free speech and the wisdom of crowds will always eventually expose stupid laws for exactly what they are?

I’m hopeful that it will be the latter, not least as the new Government appointed Twitter Tsar (or to be more precise the Executive Director of Digital Efficiency and Reform Group, Cabinet Office) is one Mike Bracken. While you may not recognise the name, you will recognise the web legacy he has left behind.

Bracken is a founder of the Mysociety Project, perhaps best known for the TheyWorkForYou website. This important site made it easy for ordinary folk like you and I to discover not only how to get in touch with our MP, but also exactly what they had been getting up to, how they voted, what they said in speeches and much more. Bracken has been a pioneering beacon in the world of the online democratisation of politics. As such, surely he would applaud the Twittersphere in helping to expose the daftness of the super-injunction culture that has exploded into the limelight this week?

Mike Bracken was unavailable for comment, unfortunately, so I can only guess that he would adopt a more sympathetic attitude to social networks than many in the corridors of power.  He doesn’t actually start the position until July, and although the fuss may have blown over by then the fallout will most certainly not have vanished. In his own blog  about accepting the new role, Bracken states “I’ve had the great fortune to work with hundreds of digital developers, and I know at heart they want to change the world and improve digital services from the users perspective. Now seems to be the time to give them a chance.”

Let’s hope that changing the world includes users as well as developers…

When we think of data breaches, we remember lost CD-ROMs packed with personal details of tax payers that are lost in the post, Ministry of Defence laptops left in the back of taxis, and USB drives dropped in pub car parks.

Encryption is the key to battling such breaches, we are told, as locking down data helps keep it private in the event of hardware or media loss or theft. Who’d have thought, then, that these days anyone would really send private details out in a readable format without any obfuscation of data should the missive be intercepted?

Yet this is apparently what happens as a matter of course across the UK as the painfully decrepit fax machine lingers on like a paper-spewing ghost of offices past.

Last week, the Information Commissioner’s Office hit Hertfordshire County Council with a £100,000 fine for twice – twice, within two weeks – sending faxes concerning details of child abuse cases to the wrong number.

One recipient was a shocked member of the public, which the council then placed a gagging order on; the other was the office of a solicitor, who wasn’t even working on the case.

A deeper look at the ruling from the ICO reveals a truly lamentable level of amateurishness from council staff tasked with protecting children.

The first 17-page sexual abuse case fax was misdirected because the staff member had manually typed in the phone number after the “auto-dial” pre-programmed number had been engaged.

The ICO ticked Hertfordshire off at the time, partly because there was no procedure in place to protect data. The ICO recommended a system requiring phoning ahead before sending a fax, or the recipient immediately confirming receipt of a fax.

But this fails to address the issue that a ring-ahead system would not have prevented either of the leaks. “Hi, I’m ringing to tell you to wait for a fax. You haven’t got it? That’ll be because I sent it to Joe Noseworthy at 23 The Avenue.”

Less than two weeks later, another member of staff faxed the deeply personal details of three abused children out into the ether. Again, manual dialling was blamed for the leak, but it underlines the fact that faxes are not secure enough for private data.

What’s more surprising than Hertfordshire having no suitable data protection procedure in place for faxes is that it was using them at all. In the majority of offices, the fax machine is a largely forgotten item of equipment, sitting in a corner surrounded by its own papery outpourings that no-one can be bothered to pick up.

Any information sent to this archaic repository is open to the full glare of any passer by, and the sender has no reliable idea whether it has been safely received. Time to take it to the fifth-floor window and drop it to destruction – making sure there are no private papers left in its tray first.

The Information Commissioner’s Office has been telling journalists that it can’t fine Google over the Wi-Fi slurping scandal, saying the ability to apply monetary penalties to companies only came in after the incident in question — leaving its hands tied.

But this is simply not true. At the moment, the ICO does not know if it can fine Google, so the possibility of £500,000 in punishment remains (though it sounds unlikely).

Let me explain.

On 27 April, the German authorities asked Google why its Street View camera cars were scanning Wi-Fi connections. Google said not to worry; it wasn’t picking up any private data.

On 13 May, Google admitted that it was wrong. An audit showed it had indeed picked up private data, and the company immediately pulled its camera cars from roads around the world.

On 29 July, the ICO said the data sample it viewed showed that no “meaningful”  private information was collected by the cars.

On 25 October, Google admitted it had picked up emails, URLs and passwords. The ICO said it would take another look into the incident..

On 1 November, the ICO said it refused to “panic” and rush into action against Google, reiterating to me – and other journalists – that it was unable to fine the company because the incident happened before its ability to fine.

Now here’s the other key date: 6 April. That’s the very day when the ICO was given the ability to fine companies; any data protection incidents that happened after that date can be punishable by a fine.

As the Google Street View data breach occurred before this date, even if it was appropriate, we would be unable to use this enforcement power on this occasion

The data watchdog’s press office stressed to me this very point, also telling it to The Guardian, which quoted: “On 6 April 2010, the Information Commissioner’s Office was given the power to issue monetary penalty notices, requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act. As the Google Street View data breach occurred before this date, even if it was appropriate, we would be unable to use this enforcement power on this occasion.”

You’ll note that date comes three weeks before the Germans raised the issue, and five weeks before Google pulled the cars.

After I asked about these calendar contradictions, I was given this new statement: “The vast majority of the pay-load data was collected by Google prior to 6 April, before our new powers came into force.”

We’ve now gone from all the data being collected prior to the 6^th, to the “vast majority” of it. That suggests some data falls into the fineable category, as far as timelines go, at least.

On the road…

So how much data did Google collect in the UK in those five weeks? How many days were the cars on UK roads after 6 April? A Google rep told me: “I do not have precise dates, I’m afraid, but as announced in our blog, on discovering this mistake we immediately grounded all cars and then removed the Wi-Fi collecting equipment. Cars had been in UK prior to that on and off and varying with the weather.”

I asked if that meant cars were on UK roads between 6 April and 13 May, and got a very straightforward answer:  “Yes.”

With that in mind, I went back to the ICO. Did they have information from Google proving it hadn’t collected any data after the 6^th? It would certainly clear things up if they did. An ICO spokeswoman said: “I cannot comment on the specifics of our investigation – such as what type of data may or may not have been collected after 6 April — as it is still on-going.”

In other words, the ICO is still looking into the matter and can confirm nothing… nothing except the fact that it apparently can’t fine Google. That is the one thing it has consistently confirmed. If the investigation is still ongoing, how can it possibly know whether its legally possible to issue a fine or not? It can’t.

Another spokesman told me: “I understood that it would be part of the investigation, therefore we don’t know yet whether information was collected after the 6th, so therefore we couldn’t say whether a fine was even possible or not, because we don’t know whether information was collected after April the 6th or not.” So why are his colleagues telling other journalists that a fine is a legal impossibility?

What’s going on?

Of course, even if the dates work out and the timeline of events is no hurdle to the ICO fining Google, that doesn’t mean the watchdog should or even could fine the web firm. To issue such a penalty, the breach must have been serious and cause substantial damage, and either be deliberate or negligent.

Now possibly the only “serious” breaches happened before the 6th, but this isn’t about whether or not Google should be fined. It’s about whether the ICO has any idea what date its own investigation started, whether its communications team knows what the commissioner is up to, and whether the watchdog has already decided against fining Google, regardless of what its own investigation shows.

I asked, and got no meaningful response. No matter what the reasoning is, none of it bodes well for the watchdog’s ability to be a useful tool to protect our privacy.

Update: About three seconds after posting this blog, I received a press release from the ICO saying they would not be fining Google, but would file an enforcement notice — which essentially requires Google to promise to never do this again. I suppose that means the investigation is over, so the ICO should be able to reveal if any data was picked up after 6 April. I’ll update the post when they get back to me.

Oh Facebook. You never do learn, do you?

The social networking service has unveiled a shiny new “See Friendship” button on the site, letting users see “the story of their friendships”. But instead of “See Friendship” being a nice little add-on feature, Facebook has again taken it one step too far and hurled itself crossed the creepy line.

To access the new feature, a link shows up next to wall posts from friends (it’s shown up in my account, but not others here at PC Pro, so if you haven’t seen it, give it a few days as Facebook tends to do staggered roll-outs). Click it, and it pulls onto one handy page content from your Facebook friendship, such as wall posts, comments, photos and events.

Facebook software engineer Wayne Kao said in a blog post that he realised a “magical experience was possible if all of the photos and posts between two friends were brought together. You’d remember that first wall post with your best friend or the funny photo from a night out. You may even see that moment when your favorite couple met at a party you all attended.”

Isn’t that lovely? We can all embrace nostalgia and travel back in time to relive those wonderful, magical moments… Even if we weren’t actually there.

With “See Friendship”, I can not only see everything between myself and my friends, but all the content shared between two mutual friends of mine, thanks to a handy search function. It lets you enter in the names of any two friends to reveal their entire Facebook correspondence with each other — even if the content dates from before you added either as friends.

For example, I can see everything our senior staff writer Mike Jennings has said over Facebook to our editor Tim Danton — absolutely nothing, as it turns out.

Of course, all this information is already available to me. I could click around the site and find everything said between my mutual friends by sifting through their accounts. But that would take ages, and eventually — hopefully — I’d either get bored or ashamed of creeping on my friends. This makes it possible to stalk in seconds.

The next time Facebook has the idea for a whizzy new feature, it really needs to find someone normal to try it out on, such as, I don’t know, its users. A few have posted their thoughts:

“How can I disable this so people are NOT able to research which events I attended together with another friend or which photos we’re jointly tagged in? I realise this info was public before but now your ‘labor of love’ has yielded a handy tool for stalkers. DO NOT WANT, please opt me out.”

“It’s a handy tool for nosey people to gain an insight on someone else’s relationships with others which should be kept private.”

And my favourite: “I’ve always wanted this! And yes, I’m a creepy stalker.”

Of course, this being Facebook, all users are automatically opted in, and there’s no way (as of yet) to turn it off.

On a related but rather more serious note,

the press release points out that the cars are now only collecting photos and 3D imagery. This follows the revelation in May that the cars had been caught recording WiFi data and the press release points to an update about WiFi data collection which in turn apologizes for a previous incorrect blog post:

In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

The mistake looks genuine and I believe that Google really did have no intention of picking up such tiny fragments of data (their equipment switched channel five times a second) mainly because the company already processes around 24 petabytes of data a day (that’s 24 thousand terabytes) which is more than enough to keep the nosiest nosey parker busy. More to the point, it would probably already have had access to the full “payload” through its existing technologies.

However it’s clear that lessons need to be learned. According to Google’s update, the main lesson learned, apart from removing the WiFi data collection equipment from its fleet, seems to be

This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today.

which is certainly true, though the ensuing plug for its encrypted Gmail is a bit rich in the circumstances.

What’s really striking is that Google seems to think that the only issue is the payload issue. In particular it makes no reference to the fact that end users might be uncomfortable about the collection of the SSID and MAC info in the first place (I always feel slightly guilty seeing neighbours’ network names knowing that most assumed they would be private), nor to the fact that the cars everyone assumed were designed to collect photos were quietly being used to collect other data entirely.

This is not a black-and-white issue and I’m not opposed to Google’s voracious data gathering on principle. For me it largely comes down to cost/benefit so that for example, despite the personal embarrassment of my uncut hedge, on balance I’d say that Google Maps/Street View is a mind-boggling achievement and a fantastic gift to mankind. I can also see that having an accurate map of open networks could be a real boon – but it can’t be done on the sly.

Google needs to realise that privacy isn’t just a legal issue, but a question of trust. If I catch a neighbour secretly peering in my window I might not call the police, but I will certainly bear it in mind in future dealings. If their main response is to say that they hadn’t planned on keeping all the photos, that really isn’t very reassuring.

Yet, the problems with Buzz auto-following your Gmail contacts and then announcing who they are to the rest of the internet pale into “so what?” compared to what it (and other social-networking sites) are doing on the mobile front.

The Buzz app on the iPhone, for instance, uses the phone’s GPS radio to plot your every utterance onto Google Maps. Click the Nearby button in the Buzz iPhone app, and you’ll see lots of little speech bubbles appearing all over the map, pinpointing where people are issuing their updates from.  And this isn’t only your friends or people you’re following, it’s anyone who’s using the service.

Google’s not alone in this: anyone with the Echofon iPhone client can lookup Nearby Tweets from the search Menu, which I stumbled across on Saturday night, at roughly the same time a young teenage girl who lives round the corner from me was tweeting that she was home alone.  Given the degree of accuracy of today’s GPS, it wouldn’t have taken too much detective work to pinpoint the house she was in.

Part of the problem here is, of course, user error: both Buzz and Echofon both ask explicitly whether they’re allowed to share your location data with the wider world. But I suspect many people just don’t realise that this information is being broadcast to anyone who wants it, and not only their close associates.

At the very least, Buzz and such services should be explaining exactly what your data’s going to be used for when it asks your permission to use it.

Greetings from San Francisco! Back in the UK, I know most of you are probably gearing up to go home for the day; but out here it’s 8.15 in the morning and the Intel Developer Forum starts in 45 minutes. Over the next three days we’ll be learning more about 32nm CPUs, scoping out the successor (already) to Nehalem and – inevitably – enjoying more talk about Larrabee, Intel’s multi-core x86-based graphic system, now coming up to a glorious three years of development with no release in sight.

Still, leaving that aside, Intel’s doing pretty well right now. With Lynnfield barely out of the traps and a die-shrink already rumoured before Christmas, it’s clear that the company is, right now, at the top of its game in terms of innovation and engineering.

Which is why I was amused this morning when my very first interaction with IDF – the registration process – exposed a glaring security slip.

Checking out the check-in

On the face of it, it looked like a good demonstration of “the power of connected computing”, or some similar buzzwordy phrase. The company had decided to use a web-based registration system, and had lined up little kiosk computers, running IE8 and connected to the main server, in the entrance hall for attendees to enter their details.

The trouble was that Intel hadn’t disabled Internet Explorer’s “autocomplete” feature… so when I pressed “G”, to enter my surname, I was surprised to be presented with a lengthy drop-down box showing all the previous surnames that had been entered. It quickly became clear that, if I had the patience – and didn’t mind looking a little suspicious – I could easily use the information stored across the various kiosks to compile at least a partial list of people who’d already registered this morning.

All right, there’s probably a limit to how much mischief I could cause with such a list. But I guarantee you that if you were to ask Intel for this information it would refuse to provide it. Meanwhile, the technology it has chosen is leaking information, and compromising attendees’ privacy, in a wholly unmanaged way.

The moral, if there is one, is probably to be very wary of using general-purpose, off-the-shelf solutions for specific applications – because user-friendly features that are helpful in one context could be disastrous in others.

And since the world’s biggest provider of general-purpose solutions is probably Intel, I think this is quite a poetic start to the proceedings.

Now it turns out this is a slightly over-dramatic first sentence to the Guardian article.

The prime motive behind the concept of every car including a little black box is to keep traffic running smoothly (drivers can be warned of hold-ups and accident blackspots due to black ice, for instance), and there are other benefits too – traffic lights could automatically change as you approached them, you could be warned if an ambulance was heading your way, a parking space could be reserved at your chosen destination as you approached.

The end result of all this should be traffic moving more smoothly and fewer accidents.

But the fact remains that the Government and police would be able to pinpoint not only where our cars are but also where they’ve been. Tie that in with mobile phone records, and it becomes not just the car that’s tracked but us, the British (and European, as this is a Europe-wide measure) population.

We’re all used to having our privacy invaded, but even with the benefits of reduced accidents (and deaths) and quicker journey times, surely this is a step too far? The current set of European governments may be quite benign, but you don’t have to look too far back in history to find totalitarian states and dictatorships in Italy, Germany and Russia.

If we put black boxes in every car, and match that with a network of masts and satellites to track our move, we’re giving a weapon of awesome power to those who want to mis-use it. Sure, it will probably never happen in our lifetimes, but the world is a very strange place.

We should put some protective measures in place to make sure it’s never easy to take control of our lives, and I for one don’t want my every move – however dull – to be tracked.

Google, it appears, will take down any image – without any checks or balances – if you appear to have a legitimate complaint. In my case, I argued the picture of my pretend family and I standing outside our house was a “privacy concern”. Google asked for no proof of identity, other than a contact email address (which was a generic Gmail account, with no surname to cross-reference against the address). On that flimsiest of pretext, we’ve been able to black out part of a Kensington street.

We will, of course, ask Google’s press office to reinstate our deleted image. But our little experiment highlights how effortless it is to vandalise the service. How easy would it be, for example, to remove a photo of a rival business from the high street, by claiming you’ve been caught walking past?  

Google says it has measures in place to deal with vandalism. “While we trust the vast majority of our users not to abuse the removals system inevitably a small number may be determined to do so,” a spokesperson told PC Pro. ”We have controls in place to deal with spam and illegitimate requests and we believe that in the majority of cases irregular activity will be picked up. “

Our fake takedown has also highlighted another problem – it didn’t really work. This is the image we asked to be removed:

Sure enough, there’s now a black hole when you attempt to view the address from Street View. But when you move slightly further down the street and use the zoom function, you can still see the family standing outside the house:

The different pose suggests the family were caught on camera twice by the cameras as the Google van moved down the street, and while the first image has been removed, the second one still remains in the database. So the takedown failed to protect our fake family’s privacy. Indeed, it’s arguably easier to identify the family in the second photo than it is in the first. 

It seems Google has more than a few kinks to sort out before Street View will appease the privacy lobby.