Archive for World Wide Web

Coronavirus Outbreak: Remote Working For Staff

With the whole of Italy’s 60 million population in lockdown and other countries taking drastic measures to control the coronavirus outbreak, the tech-giant companies are now asking their employees to work remotely.

Google

Due to fears of COVID-19 spreading through large numbers of staff, Google had already announced last week that it was temporarily closing its office in Dublin and asking the 8,000 employees to work from home.  Google has more than 70 offices in 50 countries and back at the end of January, Google also temporarily closed its offices in mainland China, Hong Kong, and Taiwan when the outbreak was still mainly based in China.

Amazon

Amazon, which restricted all nonessential travel in the U.S for employees as of last month has, after an employee tested positive for coronavirus, asked workers from its Seattle and Bellevue, Washington, offices to work from home until the end of the month.

Facebook

In addition to cancelling its annual developer conference which was due to be held on May 5 and 6 in San Jose, California (which attracted 5,000 people last year), Facebook has closed its Seattle office and asked all 5,000 of the office’s employees to work from home until the end of the month. Facebook has also closed its three London offices after an employee was diagnosed with COVID-19 and all 3,000 employees from those offices have been asked to work from home.

Slack

After an employee of Slack returned from travel and was suspected to have contracted COVID-19 (which turned out not to be the case), Slack closed its offices in San Francisco at the end of last week and a deep clean of the premises took place at the weekend.  Meanwhile, employees were encouraged to work from home.

Others

Microsoft has advised its Seattle and San Francisco employees that they can work from home until March 25th, Twitter has encouraged its employees to work from home, and Apple CEO Tim Cook has encouraged employees at several global offices to “work remotely from March 9th to 13th”.

One piece of positive news for Apple, however, is that all but four of Apple’s stores in mainland China, which is a vital market for Apple, have now reopened after being closed there during the main coronavirus outbreak.

Musk Sceptical

Some scepticism about closures and reactions to the coronavirus outbreak has been expressed by Elon Musk who tweeted that the “coronavirus panic is dumb”, a tweet that was liked by around 2 million people.

Pay

In the UK last week, prime minister Boris Johnson announced in parliament that new rules will mean that statutory sick pay (SSP) will come into force on the first day of absence in order to make those who feel they may have the virus and want to self-isolate, by staying at home rather than coming into the office and potentially infecting others.

Tech Industry, Work From Home

On the plus side, the nature of many tech industry jobs means that working from home is perhaps more possible than for many other industries, and for the UK as a whole, a 2019 CIPD Job Quality Index survey reported that 54% of the UK’s workforce works flexibly.

What Does This Mean For Your Business?

For those businesses that can’t easily allow employees to work home e.g. manufacturing, bricks and mortar retail, construction, events and entertainment, transport and logistics etc, the threat of a shutdown of work for what could be an unspecified period creates a real threat to the life of the business. The situation also presents a threat to many small businesses, sole traders, and self-employed people who may not have resources to last-out ‘lockdowns’, self-isolating, disruptions and complications caused by the spread of the coronavirus.

For companies that are forced to close offices, they now need to make sure that relevant staff can access company systems and intranets remotely, and that they have VPNs installed.

This situation is also a reminder of how business continuity planning and disaster recovery plans should have disease epidemic and pandemic scenarios built-in to them for the future, and this situation is likely to expose what work needs to be done by many companies in this areas of planning.

Featured Article – Coronavirus and Tech Shares

Coronavirus is firstly a threat to public health but the impact of the virus hitting the Chinese economy (a centre for tech goods), the threat of widescale illness among workers, the effects of measures to contain the virus and other factors have already had a serious effect on economies and tech share prices.

Biggest Hit Since 2008

The disruption and fear caused by the coronavirus (SARS-COV-12/COVID-19) outbreak meant that end of February saw the US stock markets suffering their worst falls since the 2008 global financial crisis with the three big US indexes ending 10% on the week before and with the UK markets following suit and the FTSE 100 index down 3.2% for the day.

The Governor of the Bank of England, Mark Carney, has also warned that the effects of coronavirus could lead to the UK’s growth prospects being downgraded.

Also, the US Federal Reserve has just slashed interest rates, to between 1% and 1.25%. That’s down from 1.5% to 1.75%, to protect America’s economy from the economic impact of the “evolving risks” of coronavirus.

Contributing Factors and Reactions

From seeing the first news from China to hearing about the rapid spread through Iran, Korea, Japan and Italy, many tech companies are seeing downward pressure on their share prices caused by the coronavirus outbreak and spread. There are many contributing factors and many reactions by tech companies to these factors that have fuelled the fall. These include:

– China, the country which the virus is thought to have come from, and which has seen whole cities and their industries and markets shut down and seriously disrupted is a major tech component manufacturing country for major tech companies e.g. the US. This has caused shortages in supply chains and other knock-on factors to other big economies and markets and the tech companies that operate within them. For example, Apple has major component supply companies in China, and Korea e.g. Samsung Electronics Co Ltd, LG Electronics Inc, and LG Innotek.  Both Samsung and LG Innotek have shut their factories due to a worker testing positive for coronavirus.  Apple is also supplied by STMicroelectronics (chipmakers) in Italy.

– Big tech companies are not attending important tech industry conferences and shows.  For example, Huawei is postponing the hosting of its February developer conference to the end of March, Alphabet (Google) has cancelled its I/O developers conference set for May 12-14, Facebook Inc has cancelled its annual developer conference which was due to be held on May 5 and 6 in San Jose, California (which attracted 5,000 people last year), and Microsoft won’t attend a games developer conference in March.

– Consumers and other tech stakeholders are changing their travelling habits and purchasing habits and are holding onto their money as they anticipate perhaps having to ride-out a work shutdown, store closures, transport cancellations and disruptions and more. Lower revised earnings warnings have been issued by tech companies that are already feeling the pinch and are anticipating a more drawn-out crisis than they had originally thought.  For example, Microsoft has revised its earnings due to fears over how the coronavirus could affect PC supply chains.

– Factory and workplace closures, not just of suppliers, but of the tech companies themselves are causing disruption.  For example, Tesla has postponed Model 3 deliveries due to a closed factory in Shanghai, Google has asked thousands of employees at its European headquarters in Dublin to work from home, Twitter is encouraging its 5,000 global staff to work from home, and cryptocurrency exchange platform Coinbase is asking some employees to start working from home.

– Store closures are also contributing to downward pressures on share prices.  For example, major tech companies have been temporarily shutting down retail stores across China, and in other affected countries and population centres.

Baidu in China

Chinese tech companies are also suffering.  For example, Baidu Inc, China’s biggest search engine company, has warned that its first-quarter revenue could drop by as much as 13% from a year earlier due to the effect of the coronavirus epidemic on economic activity and advertising.

Opportunity?

Whereas the downside of fall in share prices is being seen as a very bad event for the markets generally, some people, such as US CNBC’s ‘Mad Money’ presenter Jim Cramer have pointed out that tumbling stock values can mean that investors have an opportunity to buy tech stocks at a low price now that will grow in value soon.  With this in mind, and suggesting that those stocks that have little China exposure and work in a largely stay-at-home environment are the best options, Mr Cramer has recommended 10 stocks to buy now while the market is still affected by coronavirus.  These include the tech-related stocks of Adobe, Shopify, Square, Zoom Video Communications.

Expectations

Despite the initial huge fall in share/stock prices at the end of February, when panic was reaching its highest point, the news that central bankers from the world’s biggest economies have been speaking to Group of 7 Finance to discuss a response to the outbreak e.g. lowering of interest rates, fuelling expectations among investors that governments might go with a co-ordinated lowering interest rates has given a boost back up to many stocks and led to shares in Europe making somewhat of a recovery from the initial huge losses.

Looking Ahead

For those seeking information about coronavirus in the UK, the latest government information can be found here https://www.gov.uk/guidance/coronavirus-covid-19-information-for-the-public and the NHS advice and information can be found here https://www.nhs.uk/conditions/coronavirus-covid-19/.

The unknown nature of the immediate future as regards the spread (through clustering) and duration of the coronavirus outbreak, coupled with the many reduced growth forecasts, disruption in global supply chains, and many tech and other companies shutting offices and factories and recommending remote working where possible means that tech share prices are likely to be functioning well below expectations for some time yet.

‘Runet’ Test – Russia Unplugs Itself From The Internet

A little later than its original planned date of April 1st 2019, a recent test-run has seen Russia successfully ‘unplug’ itself from the Internet and prove that it can create its own state-controlled Intranet.

Successfully Creating The ‘Runet’

The test, which was first announced back in February last year, is reported to have gone ahead without users noticing much difference and created what is effectively a giant, fully isolatable domestic intranet which has been dubbed the ‘Runet’.

Why?

Officially, the test to be able to pull up the drawbridge on the wider global internet is to ensure compliance with Russia’s new law called the Digital Economy National Program which came into force in November 2019.  This will require Russia’s ISPs to show that they can operate in the event of any foreign powers acting to isolate the country online with a “targeted large-scale external influence” i.e. a cyber-attack. For (state-owned) ISP’s, this will mean having to install deep packet inspection (DPI) network equipment which will allow Russia’s telecoms watchdog ‘Roskomnadzor’ to be able to identify traffic sources, filter content, and block certain sites. It has also been reported that, as part of the project to create and run the Runet, Russia is working on creating its own Internet address books.

Another official explanation for the value of the test to create the Runet is that it helped to show any vulnerabilities in the growing ‘Internet of Things’ (IoT).

Control

Although this is the official explanation, some western commentators see this as a move towards tighter control and authoritarian rule in a way that is similar to some other countries.  For example, China, which operates its own Great Firewall of China (GFW) for Internet censorship to block access to many foreign websites and to slow down and monitor cross-border internet traffic. Also, Iran operates its own National Information Network, run by the state-owned Telecommunication Company of Iran, which controls access to the web and polices content.

Difficult To Circumvent

Those thinking of circumventing the Runet and other censorship are likely to find it difficult as virtual private networks (VPNs) will not work with the Runet in place and many commentators think that it is likely that the Kremlin will try to stop access to end-to-end encrypted apps e.g. Telegram or WhatsApp.

Interfering

It is likely that one good reason for Russia to be able to cut itself off from the wider Internet is to protect itself from cyber threats in what now appears to be an ongoing war of interference, misinformation, and cyber-attacks between many states.  For example, Russia was shown to have interfered with the last U.S. presidential election and has itself been the subject of large-scale cyber-attacks. That said, the Chinese recently accused the U.S. of conducting “large-scale, organised and indiscriminate cyber theft” after it was revealed that since the 1970s, America’s CIA has been monitoring hundreds of countries via the Swiss cryptography firm Crypto AG.

What Does This Mean For Your Business?

For the Russian government, being able to exert tight control and conduct censorship on this scale, and to operate through a small number of state-owned suppliers not only guards against misinformation and cyber threats but also gives the government the opportunity to wield immense political power over its people. The move is, obviously, being greeted with suspicion and criticism from the west, with concern about the rights of Russian citizens.

Also, for non-Russian companies hoping to do business there, an inward-looking, state-controlled Intranet that favours Russian companies, particularly with tech and communications products and services would make trade there very difficult. Many western commentators are now worried that Russia may be going the same way as China in terms of censorship and access to the world by digital means.

Business Leaders Lack Vital Digital Skills Says OU Survey

The Open University’s new ‘Leading in a Digital Age’ report highlights a link between improved business performance and leaders who are equipped, through technology training, to manage digital change.

Investing In Digital Skills Training

The latest version of the annual report, which bases its findings on a survey of 950 CTOs and senior leaders within UK organisations concludes that leaders who invested in digital skills training are experiencing improved productivity (56 per cent), greater employee engagement (55 per cent), enhanced agility, and vitally, increased profit.

The flipside, highlighted in the same survey, is that almost half (47 per cent) of those business leaders surveyed thought they lacked the tech skills to manage in the digital age, and more than three-quarters of them acknowledge that they could benefit from more digital training.

Key Point

The key point revealed by the OU survey and report is that the development of digital skills in businesses are led from the top and that those businesses that invest in learning and development of digital skills are likely to be more able to take advantage of opportunities in what could now be described as a ‘digital age’.

Skills Shortages

The report acknowledges the digital skills shortages that UK businesses and organisations face (63 per cent of senior business leaders report a skills shortage for their organisation) and the report identifies a regional divide in those companies reporting skills shortages – more employers in the South and particularly the South West are finding that skills are in short supply and reporting that recruitment for digital roles takes longer.

One likely contributing factor to some geographical/regional divides in skills shortages and difficulty in recruiting for tech roles in those areas may be the spending, per area, on addressing those skills shortages.  For example, London is reported to have spent (in 2019) £1.4 billion (the equivalent of £30,470 per organisation), while the North East spent the least (£172.2 million), and South East spent only £10,260 per organisation.

Factors Affecting The Skills Shortage

The OU report identifies several key factors that appear to be affecting the skills shortage and the investment that may be needed to address those skills shortages. These include the uncertainty over Brexit, increased competition, an ageing population, the speed and scope of the current ‘digital revolution’, and a lack of diversity.

What Does This Mean For Your Business?

Bearing in mind that the OU, whose survey and report this was, is a supplier of skills training, the report, nonetheless, makes some relevant and important points.  For many businesses, for example, managers and owners are most likely to the be the ones with the most integrated picture of the business and its aims, and if they had better digital skills and awareness they may be more likely to identify opportunities, and more likely to promote and invest in digital skills training within their organisation that could be integral to their organisation being able to take advantage of those opportunities.

The tech skills shortage in the UK is, unfortunately, not new and is not down to just businesses alone to solve the skills gap challenge. The government, the education system and businesses need to find ways to work together to develop a base of digital skills in the UK population and to make sure that the whole tech ecosystem finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive.  As highlighted in the OU report, apprenticeships may be one more integrated way to help bridge skills shortages.

.ORG Silence Continues After ICANN Imposes Temporary Sale Halt

Internet companies are still none-the-wiser about the details of the proposed sale of the .org registry to private equity firm Ethos Capital following DNS overseer ICANN putting a temporary halt on the sale back on 9 December.

What Sale?

The rights to the .org domain registry, one of the largest internet registries in the world, with over 10 million names, was/is due to be sold by ISOC (aka the Internet Society), the parent company of PIR (the organisation that currently runs it) for an as-yet-undisclosed sum to Ethos Capital.

Always Not For Profit

The relatively sudden announcement of the sale caused shock and some dismay within the industry over the thought that a registry that has held its non-profit status since 2003 will now be ending up in private hands. Historically, .org domains have always been the outward sign of non-profit organisations.

About Ethos

Some industry commentators have also expressed concern about the lack of knowledge within the industry about Ethos Capital, and some worries have, therefore, been expressed about how qualified and able they may be to manage the .org registry.

Other Criticism

Other criticisms about the sale, which have been voiced online include:

– Suspicion about possible conflicts of interest e.g. around Fadi Chehade, a former CEO of ICANN who is credited by some with encouraging a free-market approach to internet addresses, and who some appear to believe is connected to Ethos Capital.

– After ICANN lifted the price caps on .org domains for the next 10 years (allowing unlimited price increases on the millions of .org domain names) many high-profile non-profit organisations have rejected ICANN’s claim that the move was simply to make the process consistent with the base form registry agreement and have accused ICANN of disregarding the public interest in favour of ICANN’s own administrative convenience.

– Worries that ICANN’s decision to approve the proposed sale may have been subject to bias and may not have reflected the true strength of feeling against the sale.

– Concerns were even expressed by those who supported the proposal e.g. ICANN’s At Large Advisory Committee (ALAC) and Non-Commercial Stakeholder Group (NCSG).

– Anger that ICANN appeared to move ahead with the decision to lift caps without any explanation, and that there still appears to be a level of secrecy surrounding the sale.

– Suspicion by some that the deal has long been the subject of informal discussion among key players.

Temporary Halt

A temporary halt was placed on the proposed sale of the .org Registry right to Ethos Capital in early December and since then, the Packet Clearing House (PCH) has argued (in a letter to ICANN) that the sale and move to non-profit status would mean less money being spent on .org’s operational costs, and could affect stability and could disrupt “critical real-time functions” of organisations using .org domains.

Silence

There is now a sense of frustration from many parties in the industry over the apparent silence, and the distinct lack of information since the temporary halt was placed on the sale.

What Does This Mean For Your Business?

There are many important organisations that use .org domains e.g. air traffic control, and these, as well as the 10 million others who have .org domains, will be concerned not just about the possible price rises of .orgs due to the lifting of the price cap, but also about the possible disruption and instability that the sale of this kind could cause.

There also appears to be a good deal of anger, concern, and unanswered questions in the Internet market about the decision to sell and the details of the sale, as well as apparent feelings of a possible lack of transparency and feelings that things may possibly have been rushed through with important arguments against the sale not being adequately addressed. That said, ICANN must have seen good enough reason to put a temporary halt on the sale, for the time being.

It remains to be seen exactly what happens next but in the interests of the industry and .org owners, the hope is that there will more communication, information and transparency very soon.

Microsoft Criticised By UK’s Cyber Security Agency Over Dmarc

The UK’s National Cyber Security Centre (NCSC) has complained that it has been unable to compile meaningful statistics and draw meaningful conclusions about email security in its latest report because Microsoft stopped sending Dmarc reports two years ago.

What Is Dmarc?

Domain-based message authentication, reporting and conformance (Dmarc) is a protocol, developed by the Trusted Domain Project, to help provide greater assurance on the identity of the sender of a message, and it builds upon the email authentication technologies SPF and DKIM developed over a decade ago and the work on a collaborative system pioneered by PayPal Yahoo! Mail and later Gmail.

Dmarc allows email and service providers to share information about the validity of emails they send to each other, including giving instructions to mailbox providers about what to do if a domain’s emails aren’t protected and verified by SPF and/or DKIM e.g. moving a message directly to a spam folder or rejecting it outright. Information about messages that have passed or failed DMARC evaluation is then fed back to a DMARC register, thereby providing intelligence to the sender about messages being sent from their domain and enabling them to identify email systems being used by spammers.

Dmarc works on inbound email authentication by helping email receivers to determine if a message “aligns” with what the receiver knows about the sender and if not, Dmarc includes guidance on how to handle the “non-aligned” messages e.g. phishing and other fraudulent emails.

Why Were Microsoft’s Dmarc Reports So Important?

Microsoft’s email platforms form one of the biggest receivers of email, and data from Microsoft about the number of emails failing Dmarc gives a good indication of the number of suspicious emails being sent.  The lack of this data in the NCSC’s Mail Check service means that the NCSC’s ability to monitor and report on email security driven by Dmarc adoption has been hampered. This blind spot could have a knock-on negative impact on email security for everyone.

Public Sector Uptake – Good News

The NCSC’s latest report contains good news, however, about a significant uplift in the public sector adoption of email security protocols.  For example, public sector domains using Dmarc more than tripled from December 2017 to December 2018 to 1,369, and the number of domains with a Dmarc “quarantine” or “reject” policy (to prevent suspicious emails being delivered to inboxes) also tripled.

What Does This Mean For Your Business?

Having a collaborative intelligence sharing and effective protocol and process such as Dmarc that is being widely adopted by many organisations has significantly improved email security.  This is particularly valuable at a time when businesses face significant risks from malicious emails e.g. phishing and malware, and email is so often the way that hackers can gain access to business networks.

Sharing intelligence about the level and nature of email security threats and how they are changing over time e.g. in the trusted NCSC report, is an important tool to help businesses and security professionals understand more about how they tackle security threats going forward.  It is, therefore, disappointing that one of the world’s biggest receivers of email, which itself benefits from Dmarc, is not providing reports which could be of benefit to all businesses and organisations.

Visa Adopts Blockchain For Cross-Border, Bank To Bank B2B Payments

Visa is integrating blockchain technology with its core systems to enable participant businesses to make direct, cross-border, bank to bank payments to other corporate participants.

B2B Connect

The news system called Visa B2B Connect is being built using the Hyperledger Fabric framework from the Linux Foundation, and will mean that, rather than paying another corporate by cheque, automated clearing house or wire transfer, all of which require intermediary banks and exchanges, payments can be made directly and instantly from bank to bank of corporate customers.

This will mean cost and time savings, and the ability to pay and get paid 24-hours a day, regardless of location, local time differences, and other problematic traditional banking anomalies such as data truncation, payment delays and compliance issues.

Suite of APIs

The Visa B2B Connect system essentially provides a suite of Application Programming Interfaces (APIs) which allow participating banks to automate B2B, cross-border and cross-currency payments, by developing an end-to-end B2B payments solution to onboard customers, set up their suppliers, check Visa B2B Connect foreign exchange rates and submit payments. Alternatively, banks can choose to integrate just a subset of the APIs to address more specific needs e.g. checking on the status of certain payments through the Visa B2B Connect site.

Expansion Plans

Although the new system will only work for those corporates signed-up as participants to Visa’s pilot scheme, there are already plans to expand it so that it will cover more than 30 global trade corridors and 90 markets by the end of this year.

Benefits

The benefits that the blockchain-based B2B Connect system offers include cryptographically secured B2B transactions, transaction transparency and predictability, and the peace of mind and security of operating within a trusted network where all parties are known participants on a permissioned blockchain operated by Visa.

Blockchain Lacking Functionality

Recent research by Gartner showed that Only 11% of CIOs have deployed or are in short-term planning with blockchain, partly because of the fact that, at the moment, blockchain is a technology and not a complete, ready to use application, and therefore, lacks business-friendly features like a user interface, business logic, data persistence and interoperability mechanisms.

What Does This Mean For Your Business?

For corporates, Visa’s B2B Connect system appears to unlock some of the long-promised benefits of blockchain in terms of fast and easy cross-border payments, security, transparency, and the reassurance of a trusted name in the payments world.  Also, the fact that a suite of APIs are available to participants means that the system can be set up relatively easily, thereby tackling the issue (as highlighted by the Gartner research) of confusion among corporate tech heads about how best to incorporate blockchain and worries about there being few ready to use, complete applications available.

For smaller businesses the hope of being able to use blockchain to add value, reduce costs and gain competitive advantages is being boosted by a growing Blockchain as a Service (BaaS) market which offers the chance to deploy distributed ledgers without the cost or risk of deploying it in-house, and without needing to find in-house developers.  The cloud-based CRM platform ‘Salesforce’ for example, is adding a low code, blockchain-powered service that will allow enterprise users to share data with third parties in a secure, transparent, and auditable way.

Suspected Russian Disinformation Campaign Rumbled

An investigation by the Atlantic Council’s Digital Forensic Research Lab (DFRLab) claims to have unearthed a widespread disinformation campaign aimed at influencing online conversations about several topics, that appears to originate in Russia.

Facebook Accounts

Sixteen suspected Russian fake accounts that were closed by in early May 2019 led researchers to an apparent campaign which stretched across 30 social networks and blogging platforms and used nine languages. The campaign appeared to be focused away from the main platforms such as Facebook and Twitter and was played out instead on blogging sites, subreddits, and online forums.

Even though the scale of the apparent disinformation operation appears to be beyond the abilities of  a small or ad hoc group (the scale has been described as “remarkable”), and that the operation appears to have been working out of Russia,  the DFRLab has pointed out that there is not enough real evidence to suggest that the Russian state / Kremlin is behind it and that the investigation is still ongoing.

What Kind Of Disinformation?

It has been reported that the broad topic areas of the disinformation appear to reflect Moscow’s foreign policy goals e.g. Ukraine, Armenia, opposition to NATO, although conversations have been started and steered around subjects relating to Brexit, Northern Ireland, the recent EU elections, immigration, UK and US relations, the recent turmoil in Venezuela and other issues. Some of the disinformation is reported to have included:

Fake accounts in 2018 of an alleged plot, apparently discovered by Spanish intelligence, to assassinate Boris Johnson.

Shared screenshots of a false exchange between Democratic Unionist Party leader, Arlene Foster, and chief EU Brexit negotiator, Michel Barnier, which appeared to show a secret negotiation behind Theresa May’s back. Also, false information was spread about the Real IRA.

The publishing of a fraudulent letter in French, German, and broken English, featuring a screenshot of a letter allegedly written by Italian-Swedish MEP Anna Maria Corazza was published on various platforms as an attempt to influence the European Parliament elections in May 2019.

Failed and Discovered

The main reasons why the disinformation essentially failed and was discovered were that:

  • Communications were generally not sent via the main, most popular social media platforms.
  • The campaign relied on many forged documents and falsehoods which were relatively easy to spot.
  • So much trouble was taken to hide the source of the campaign e.g. each post was made on a single-use account created the same day and not used again, that the messages themselves hardly saw the light of day and appeared to lack credibility.

What Does This Mean For Your Business?

The fact that someone / some power is going to the trouble to spread disinformation on such a scale with regard to influencing the politics and government of another country is worrying in itself, and the knowledge that it is happening may make people more sceptical about the messages they read online, which can help to muddy the waters on international relations even more.

If messages from a foreign power are used to influence votes in a particular way, this could have a serious knock-on effect on the economy and government policy decisions which is likely to affect the business environment and therefore the trading conditions domestically and globally for UK businesses.  Some have described the current time as being a ‘post-truth’ age where shared objective standards for truth are being replaced by repeated assertions of emotion that are disconnected from real details.  This kind of disinformation campaign can only feed into that and make things more complicated for businesses that need to be able to have reality, truth, clear rules, and more predictable environments to help them reduce risk in business decisions.

Tech Tip – A Free Online HTML Editor

If you’d like to be able to quickly write or edit a piece of content so that it can be easily used online without having to download or purchase HTML editors, try using a free, online HTML editor.

For example, go to https://html5-editor.net/

Type or paste your text into the right-hand side window.  The HTML appears in the left-hand window.  Both are editable.

You can, for example, select all the text in the right-hand window (click in the window, CTRL + A), select ‘Format’ (top bar), and select ‘Clear Formatting’.  This will clean up the code so that you can add your own formatting, links, bold, etc.

If you’d like to save your work as an HTML page, click in the left hand window and use CTRL + A (to copy the HTML code), open Notepad by typing Notepad the Windows search bottom left, CTRL +V to paste into the notepad file, and save the notepad page as a HTML page.

ICO’s Own Website Fails GDPR Compliance Test

Irony and embarrassment are the order of the day as the Information Commissioner’s Office, which is responsible for ensuring GDPR compliance in the websites of businesses and organisations has been forced to admit that its own website is not GDPR compliant.

Cookie Consent Notice

The problem, as pointed out to the ICO by Adam Rose, a lawyer at Mishcon de Reya, is that the ICO’s website currently uses implied consent to place cookies on mobile devices, which is prohibited under the Electronic Communications Regulations (PECR) 2003.  These Regulations operate alongside GDPR, and as highlighted on the ICO’s own website, consent needs to be clearly given for cookies (e.g. by a tick box) and where they are set, the website needs to give users, mobile or otherwise, a clear explanation of what the cookies do and why.

Article 6

It has been reported that Mr Rose argued that the ICO’s own website’s cookie consent tools were at odds with Article 6 of PECR.

ICO’s Own Guide

For example, in the ICO’s own online guide, in terms of getting marketing consent, it states that “some form of very clear positive action” is needed, “for example, ticking a box, clicking an icon, or sending an email – and the person must fully understand that they are giving you consent”.

Cookies Admission

Under “Cookies” in the guide, and in admission of not being fully compliant itself at the moment, the ICO now states that “We use a cookies tool on our website which relies on implied consent of users.  In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.  This means that we are in the process of updating the tool (Civic Cookie Tool) which, by default, requires explicit opt-in action by users of our website.”

This means that the ICO has yet to upgrade to the version of the Civic Cookie Tool which includes explicit opt-in, and therefore, the ICO isn’t currently compliant with the laws that it is supposed to help implement and uphold.

Why?

Even though the ICO announced back in May last year that it would be upgrading to the new version of the Civic Cookie Tool, this has not yet happened. This appears to indicate a possible failure on the ICO’s part in the planning and implementation aspects of this particular tool on its website.

Also, as some tech and security commentators have pointed out, there is still a lack of clear legal rules on cookie compliance, and this has even led to confusion on some points among data protection experts.

It could also be argued that a lack of regulatory enforcement against cookie compliance breaches may mean that most website operators can still put consent rules to the bottom of the list of business priorities with no fear of consequence.  It’s also unclear if the regulator would or would not be able to carry out some kind of enforcement of the law against itself.

What Does This Mean For Your Business?

Many businesses may be thinking that, aside from the obvious irony of the regulator not being totally compliant, what hope do the rest of us have of getting it right if the ICO can’t?

This story could also act as a reminder to businesses that consent is a complicated area in data protection, and that it may be worth revisiting what cookie consent tools are in place on their websites and whether they are up to date and compliant.  For example, as the ICO has discovered, if you’re responsible for implementing the updated version of tools relating to your GDPR compliance, the planning and implementation needs to be managed in order to avoid unwittingly leaving the organisation open to possible infringements of current regulations.