Tuesday, January 29, 2008

google crime wave

an interersting feature of large systems run by large organisations is that, somewhere, sometime, someone is going to turn out to be bad - an argument used by the security research group in cambridge against many systems that share too much data (e.g. children's data base in UK, the HMRC fiasco, the NHS patient record spine).

So to date, we havnt seen any massive abuse of google (or yahoo or hotmail) huge repository of personal data evidenced by large scale misbehaviour - why is this? the penalties for someone accepting bribes, or being blackmailed would be no higher than those for someone working for a UK government agency that abuses their access to private data.

I don't think the procedures employed by the large scale search engine/mail/socal net systems are inherently immune from misuse of power by an insider especially more than the UK governemtn's "transformational" systems - by the way, what a great phrase
transformational government is ! given what most of the attempts to federate government databases have achieved, there has surely been a transformation
from Blair to Brown....but it has largely been one of rapidly increasing entropy, as the pathetic IT-consultant-ignorati that they contract to for these giant projects screw up again and again...oh well. maybe thats it - maybe most people in yahoo and google are paid well and enjoy doing a good job too much to do a bad thing:)

2 comments:

Richard G. Clegg said...

maybe most people in yahoo and google are paid well and enjoy doing a good job too much to do a bad thing

Probably worth pointing out that most of the govt IT systems were designed and built by the private sector and they've usually been paid quite handsomely for it (especially considering the systems are often late, over budget and don't meet spec).

to date, we havnt seen any massive abuse of google (or yahoo or hotmail) huge repository of personal data evidenced by large scale misbehaviour - why is this?

The question to ask here is, to what extent do we *know* they're better? If google and yahoo lost disks full of data would they publicise it? Have the government ever done anything which *in practice* (rather than potentially) compromised user privacy more than, say, the AOL search leak?

jon crowcroft said...

in my experience, programmers who work on projects that PwC and Accenture secured from the government (e.g. under PFI) have been abysmally paid compared with programmers working directly within the commercial sector (e.g. at Deutsche Bank, Morgan Stanley, Goldman Sachs, or at Google, Microsoft or IBM). The consultants on the government contracts get "handsomely" paid - but the staff at the sharp end are
treated like cannon fodder.

Yes, it is true AOL had a "leak" - but it wasn't any where near as heinous as HMRC (at least they'd anonymized the records, even if they didn't quite get the subtlties of data mining - it wasn't a "leak" either - it was a misguided release without thought of the Netwok Science that could be used to unpick things - AND AOL suffered a lot of flak because of this....but yes, perhaps there are hidden things going on with the commercial sector too....