Thursday, 17 October 2013

Google have your granny in their computer



I'm a little disturbed. Those of you who have met me might suggest that's an understatement. It seems Google and others have been harvesting phone numbers and addresses of people from all over the world and the data they are harvesting is for people who do not even own computers. That might include your Granny and it probably includes you and me. If your dog has a land line then it's entirely likely that it has been harvested too.

Back in the spring, when I was preparing to go on the Travelogue Tour I bought myself a tablet computer. I didn't want an Apple so I bought a Samsung tablet that runs the Android operating system. I liked the idea of Android (developed by Google) as it's similar to Apple's operating system in that you can download loads of useful free apps. In May I went off on my trip around the country, visited the 39 historic counties of England, had a good time and realised by the end that I should have done it differently. Still that's life.

speed

One thing I learned was that I would have been better off buying a miniature laptop to write the book while I was on the road. The typing speed on the tablet, even with an external keyboard, was so awful that it generated endless typos that were impossible to correct due to the speed of the whole thing. The other thing I realised was that I should have bought an Android phone (rather than a tablet) to use the apps, as the tablet was too bulky for the purpose. So by the time I got back, six weeks later, I was fairly convinced that one day I would buy an Android phone.

I've been using smartphones for years. I've had a Nokia Communicator many years ago and in recent years an HTC TyTnII. A week ago I bought a Samsung Galaxy, so I'm not new to the issues of owning such devices. One of those issues is that you have an address book and a calendar on the phone and another on your computer at home. Naturally you don't want to type every contact and appointment in twice so you need to be able to synchronize your calendar and address books across the two devices. (Today you might have more than two devices so the issue is more significant.) I've been doing this for years by connecting a cable between the phone and computer, with hardly a hitch so it's not difficult. The cable is secure and private.

fluffy

So when I bought an Android phone recently I decided to buy one from the same manufacturer as made the tablet, that way it would be easier to sync the two calendars and address books. I soon discovered that the way this works on a Samsung product is via their Kies software which you install on all your devices, including your PC. However, the software uses the Google cloud service to store the data and make it available to your other devices. The cloud, for the uninitiated, is a nice, fluffy, inoffensive way to describe massive servers around the world which are offered as storage space for Internet users. (There is a non cloud based version of Kies but it's not very easy to use and it didn't seem to work at all when I tried it.) In a nutshell it's very difficult to sync your Samsung devices without using the cloud. I suspect it's pretty much the same whatever devices you have be they Apple, Microsoft or whoever.

Of course this isn't news. The cloud has been in existence since the nineties and people have been choosing to use it or not use it for years. If you are worried about your privacy you keep your data on your local hard disk. Some people are saying that computing is going to go away from the local storage model and that all data will eventually be on the cloud but up until now we have had some choice.

personal

However, for name and address data it's different. Smartphones create address books with much more than phone numbers. The chances are that you are already in half a dozen of these phones, possibly including your name, address, phone number, employer, job title, perhaps your birthday, etc. It really depends how much use the person you know chooses to make of these facilities on their phone. That's the point, I'm not talking about your phone, I'm talking about the phones of people you know. If you know lots of smartphone users then you are probably on lots of them. Granted many people which such phones won't make full use of such facilities, not bothering to fill them in. However, even if a few people do this—perhaps geeks, smartphone enthusiasts or young people who are early adopters of technology—then many of the people on their phones will be recorded in this way. So if each one of us knows one person with such a phone, then you are recorded in as much personal detail as they care to type in. All it takes then, is for them to avail themselves of these could services for backup purposes or to duplicate their addresses across multiple devices and Google, Apple, whoever, has your data. You didn't give permission, you haven't been told and you may not even have been aware that this was possible.

penetration

With the growing ubiquity of theses cloud services and the with the current penetration of smartphones already in existence, it's entirely likely that large swathes of the population of the developed world have their name, address, email address, phone number and shoe size stored on servers unregulated by anybody.

I feel myself looking around and wondering when we decided to do this. For all those people you know who refuse to be on Facebook because they don't want to be recorded, it's too late, it's already happened.

4 comments:

  1. I've spent a lot of time considering issues like this; am actually speaking at a forum about it in December. (Well, that and related issues.) It's similar to the issue last year when Facebook released a load of data accidentally, and people were in uproar in the first place, but then it turned out that some of the data were about people who weren't even on Facebook, and everyone got very angry.

    The nature of modern life, I suppose. And the reason why I choose to have multiple, unlinked profiles, phone numbers etc. and let different people have different ones. But actually navigating all of this without going slightly insane is very difficult.

    ReplyDelete
  2. Indeed. Since beginning to research this, only for the sake of syncing my own addresses, I'm beginning to understand the magnitude of it all. It seems most Android users (I don't know about Apple or other operating systems) are pretty fatalistic about it. Forum contributors suggest that this has been happening since the telephone directory was first published. However. that couldn't be searched and sifted digitally in seconds. Check out this TED talk published recently.

    See Alessandro Acquisti - Why Privacy Matters on TED dot com
    (I'm not sure how to create a link in a comment and it complained about any HTML.)

    I'm beginning to think that it's all a bit late for me. I've heard that some apps harvest your data but I don't remember giving them permission to do so. If anything this is about informed consent. The Google Play permission feature tells you what you are giving permission to but, when it says, 'Read phone status and identity,' who understands that means it is going to download all your contacts? And why the hell does bloody Bubble Breaker need that information anyway? (Apparently personal data harvesting is one of the primary functions of Angry Birds.) I'm not an expert on the law but with so many people affected I can see a US style class action coming out of this, once people become aware.

    The other issue is obfuscation. I've been building computers for over 20 years, I've performed upgrades and built PCs from component parts. I know my way around the Windows file structure and always launch files from Explorer rather than the application, etc. I learned to code when I was at school in about 1980. I don't do any of this for a living but I have reasonably good IT skills, I just don't have the time or energy to keep up with every development as, at my age, life's too short. However, I can't tell the difference between the various accounts on my Android phone. Apparently there is one for my email address (on my own domain), one for my Google account and I have now discovered one for my Samsung account. It seems each of these accounts has it's own contacts list. (I signed up for a Samsung account in the hope of getting some technical support but when I contacted them they told me to contact Samsung... or my dealer! I mean WTF? And are Amazon--as my hardware dealer--going to offer me tech support? But that's another issue.)

    So it seems that I may have already shared all my contact data with Samsung when I opened my account. Google probably have it too. I have no way of knowing and, it seems, they deliberately make it difficult to tell. Now you might say that I should make the effort to find out but is the average Joe going to make that effort? Smartphones are being sold as consumer electronics so you can't expect every Tom, Dick and Harriet to understand the intricacies of these operating systems.

    I believe this is tantamount to stealing personal data. I would expect that in the UK it would contravene the Data Protection Act. So am I wondering if I should just use Samsung Kies and at least enjoy the benefits of my devices being synced (unless it simply doesn't work as some Android fans suggest). However, if I do that will the big data corporations claim that I was giving consent in the process?

    ReplyDelete
  3. My reply was over the character limit:

    So let me say this now. Despite anything I may do, whatever accounts I may set up to sync my devices, I am not giving consent for anybody to hold my personal data. If my address book and diary ends up on the cloud (as it may have already done so) then that is in spite of my attempts to sync my devices in other ways, as I have been able to do with mobile phones of previous generations. Their products are sold with features such as syncing as a fundamental expectation of the contract that we consumers and the manufacturers enter into. I believe that their provision of cloud only syncing, after implying that sync is available, is an implied promise in that contract. Furthermore, making non cloud syncing so difficult, after spending such a large sum of money for multiple products, is tantamount to financial coercion that can only result in millions of users giving up and subscribing to their cloud sync services, and that such an outcome is their intention when they design the systems in such a way.

    ReplyDelete
  4. Clearly this debate is very current as TED posted this talk within days of me posting this blog. It's unclear whether it's TED or me that is leading the debate.

    ReplyDelete