Domain Names & GDPR
A recent ruling by a German court about GDPR also applies to personal information held in the worldwide whois service, could mean that domain name admin and tech contact details may no longer be needed because of the GDPR ‘data minimisation principle’.
Up Until Now
Laws up until now have required ICANN, the Internet Corporation for Assigned Names and Numbers, to ask its accredited domain registrars to collect and store certain details of people who register / purchase domain names. These details include the owner’s name and address, and the name, postal address, e-mail address, telephone number, and (where available) fax number of the domain’s technical and administrative contacts. Many of these may, in fact, be the same person.
No More Collecting and Storing Details of Owners
The recent German court ruling came about because German registrar EPAG Domain services thought that one important aspect of GDPR, which came into force on May 25th, is the principle of data minimisation.
Under this key GDPR principle, personal data collected by companies should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. In other words, under GDRR, companies should only collect the personal data that is absolutely necessary to provide the service.
The German registrar EPAG Domain services used this GDPR principle to argue that it no longer needed or wanted to collect the personal details for the technical and administrative contacts of domains, although it would still be happy to collect the personal details of the actual domain name owners.
ICANN Still Wanted Details Collected
ICANN didn’t agree with EPAG, and pushed for an injunction to ensure that EPAG either continued to collect administrative and technical contact details, or pay a €250,000 (US$291,000) fine!
The court came down on EPAG’s side, and refused to grant the injunction on the grounds that there was no evidence that the extra information was needed, especially since the same person could be listed as the owner, technical, and administrative contact.
ICANN’s Own Policy Proposal
ICANN had already published its own temporary policy to cover how information gathered by registrars should be made publicly available through the global whois service. ICANN’s policy was for tiered / layered access to personal information, limiting it to users with a legitimate and proportionate purpose e.g. law enforcement, competition regulation, consumer protection or rights protection.
Irony
One ironic aspect of the court’s ruling is that ICANN itself doesn’t register any personal details for administrative and technical contacts, and only lists a single number for both contacts’ phone and fax, which turns out to be the main number for its network operations centre. It could be argued that this is data minimisation in action from a company that appears to have argued against it.
What Does This Mean For Your Business?
This story is a practical example of how GDPR could affect aspects of company operations that may not have really been considered until now. It shows how current ways of doing things can be, relatively easily challenged in some courts, the results of which could spread across a whole industry.
If the ruling, in this case, is taken on board in other European countries e.g. most other EU countries, it could save domain registrars some time, and could cut through bureaucracy while protecting privacy at the same time.
It is still early days for GDPR, and there are likely to be many different challenges and changes to come across many industries as a result.
Tech Tip – Alexa Skills Commands That Could Help At Work
Amazon’s Echo speakers may be used mainly in the home, but putting the listening / privacy fears aside, they can be useful in a business setting, particularly in small business settings / home offices. With this in mind, here are four skills commands that could help you:
Create Reminders – Alexa can act like a personal assistant. For example, you can tell Alexa exactly what you need to remember e.g. business appointments on certain days / times and it will remind you of that task and time. To create a reminder, say the task and its time such as, “Alexa, remind me to review customer accounts 10 a.m. every Monday”.
Create Distinctive Voice Profiles – By setting up voice profiles, Alexa can distinguish who is issuing the command e.g. different people in the office can ask “Alexa, what’s on my calendar?” Ask Alexa for details of how to do it.
ChatBot Skill – By enabling the ChatBot skill, workers can audibly request Alexa to post on their behalf. This can aid productivity. It can be achieved by linking an Amazon account to a Slack account. Users can then post to a specific channel by asking simply Alexa.
Find Your Phone – You can use Alexa to help you find your phone by using your voice. This is a free skill available from Amazon here: https://www.amazon.com/gp/product/B076PHYQD2?ie=UTF8&ref-suffix=ss_rw. The phone should ring even if it is on silent. It may not work if your phone is in Do Not Disturb mode, but you can add multiple people by name to call different phones instead of just one.
Visa Crash In Europe Causes ‘Cash Only’ Chaos
On Friday 1st from 2.30pm, a Europe-wide system failure at Visa that left shoppers embarrassed as their card payments were declined and stores switched to ‘cash only’.
Not Just Visa Customers
To make matters worse, because a range of different banks and other financial institutions use Visa’s payment system, even those making transactions using non-Visa branded cards were affected and were unable to make purchases.
The problem was compounded by the fact that it happened at a time when many people were leaving work on a Friday. There have also been reports circulating that even if some card purchases were declined, the money may still have been taken from accounts, and customers have been urged to check.
What Happened?
There are no precise details as to the reason for the system crash other than Visa’s explanation as a “hardware failure”.
Visa has also been quick to announce that it has no reason to believe that the system crash was associated with any unauthorised access or malicious events.
ATMs Still Working in UK
In the UK, although many customers found themselves in extremely awkward situations e.g. unable to pay for meals or petrol, customers were still able to take cash out of ATMs (if there was one nearby). This led to large queues forming at ATMs in towns and cities across the country.
Queues
Whereas many customers faced the embarrassment and inconvenience of having their cards declined in shops across Europe, others found themselves being forced to wait in queues because of the disruption. For example, in Berlin’s Alexanderplatz, it was reported that Primark customers had to queue for 20 minutes to pay, and staff were unable to note the reasons why transactions were failing. Also, it was reported that the Visa system failure caused a 45 minute wait for those trying to use the Severn Bridge as drivers were unable to pay the toll by card.
Anger
Not surprisingly, many people took to social media to vent their anger at Visa for the embarrassment and inconvenience caused. In Spain, the Guardia Civil tried to calm and re-assure people by sending a tweet urging everyone to stay calm, and used a picture of Captain Jack Sparrow to help explain that if they couldn’t pay, it wasn’t because they had been robbed or hacked.
Visa has apologised, and has stated that its payment system is operating at “full capacity”.
What Does This Mean For Your Business?
Even though the problems only lasted a day, it is only a matter of weeks since TSB’s catastrophic computer meltdown caused misery to customers after the bank tried to migrate its computer systems from its old Lloyds Bank systems to its new core banking system, Proteo4UK.
We are now a society that is moving away from cash, in favour of cards and particularly contactless payments. Also, this move away from cash has meant the closing of many ATMs. Both of these factors mean that system failures of this kind can be particularly disruptive.
For businesses, customers not being able to pay meant that profits were hit, their premises experienced disruption with some staff being left to face angry customers, and unable to offer a clear explanation.
The incident has, no doubt, also illustrated to any potential hackers how interconnected payment systems are across Europe and how many countries could be brought to a virtual standstill if they were able to breach the systems of major payment processing companies such as Visa.
Contact 834% Rise in TSB Customer Attacks
Following the IT ‘meltdown’ at TSB last month which led to chaos for customers who were locked out of their own accounts, research has found that the number of phishing attacks targeting TSB customers leapt by 843% in May compared with April.
Fraudsters Taking Advantage
The statistics, reported recently in Computer Weekly, appear to indicate that fraudsters may have been quick to take advantage of the bank’s IT meltdown.
For example, an investigation by Wandera security found that in May, TSB was the second most used bank brand by scammers attempting to obtain customer details. In April, for 100,000 UK devices using Wandera security, there were only 28 TSB-themed phishing attacks. In May, the number jumped to 236 such attacks.
According to Wandera’s figures, in April TSB appeared in the top five financial services apps to be impersonated for attacks for the first time this year, and this may be an indication that TSB wasn’t a major target for phishers prior to the systems meltdown incident.
All of this information has led security commentators to conclude that the rise in fraud against TSB customers is likely to be linked to the systems problem that the banks experienced May.
What Happened?
Back in May, 1.9 million TSB customers were affected when a migration to a new system didn’t go to plan and resulted in what some commentators have described as a ‘meltdown’ of its banking systems.
Some of the problems experienced by customers included : not being able to access their own money, having no access to any mobile and online services, problems with direct debits, and amounts of money appearing and disappearing. It was even reported that one customer was mistakenly credited with £13,000.
What Does This Mean For Your Business?
This information should give businesses some idea of the ruthless and opportunistic nature of cyber criminals, and how quickly they can focus their efforts when vulnerabilities are spotted. Weaknesses in banking systems would, of course, have been a particularly attractive target.
In the case of TSB, as in the aftermath of many IT system problems, scammers were quick to use the bank’s IT problems as an opportunity to target its desperate customers with mobile phishing attacks. Customers would have been hoping / expecting to hear from the bank at the time, and so would have let their guard down when emails and any communication that looked as though it was from the bank, asking them for personal details / login details.
Google Accused of Being ‘Unethical’ Over Cryptocurrency Ad Ban
Some industry commentators have suggested that Google’s motives for introducing a blanket ban on cryptocurrency ads may not be all they seem, and could make the company appear unethical.
What Ban?
Back in March, Google followed Facebook’s lead (from January) and imposed a blanket ban on all cryptocurrency adverts on its platforms. The ban, which starts from this month, was announced following reports of scammers using adverts on popular platforms to fraudulently take money from people who believed they could cash in on the massive rise in the value of cryptocurrencies such as Bitcoin.
A popular con has been to use scam ad campaigns to sell units of a cryptocurrency ahead of its launch – known as initial coin offerings (ICO). Research has found that 80 per cent of ICOs have been fraudulent.
Also, the cryptocurrency value bubble led to the rise of ‘crypto-jacking’, where devices are taken over by people trying to mine crypto-currencies e.g. using Android phone-wrecking Trojan malware ‘Loapi’.
Why Unethical?
Online tech commentators have been quick to point out that even though Google has said that it made the move to ban cryptocurrency ads to confront criminality, protect web users, and to regulate what their users are reading, Google is also believed to have an interest in cryptocurrencies itself.
For example, back in May, Google is reported to have approached the founder of the world’s second most popular cryptocurrency, Ethereum, to explore possible market opportunities for the two companies. In fact, some commentators believe that Google may be acting unethically by banning cryptocurrency adverts because it is planning to launch its own cryptocurrency and, therefore, wants to give its own product the best chance in the marketplace.
This idea has been strengthened by the fact that Google continues to show adverts with links to gambling websites and other services which some would describe as unethical. It has been suggested that Google appears willing to ban cryptocurrency adverts, but still allows job postings, and adverts for anti-virus software or charities, all of which can also be known entry points for scammers.
Blockchain Ambitions
Google is also thought to have ambitions to make use of blockchain, which is among other things, the underlying technology behind the bitcoin currency. It is interesting that this interest follows Facebook, which is reported to be setting up a blockchain group that will report directly to the company’s CTO, Mike Schroepfer.
Circumvented
Putting a blanket ban on cryptocurrency adverts does not appear to have been an entirely successful strategy for others i.e. Facebook. For example, some advertisers have been able to circumvent Facebook’s cryptocurrency ad ban by abbreviating words like cryptocurrency to c-currency, and by simply switching the letter ‘o’ in the word bitcoin to a zero.
What Does This Mean For Your Business?
Google is a powerful private company, and with other big players in the market, it is looking to make the most of market opportunities e.g. Facebook, and it is only natural that Google is likely to also want to explore the potential of those opportunities, even if it has made an ethical stand in public about cryptocurrency adverts.
This story does illustrate, however, that ethics play an important part in business, and can play an important role in supporting the value of a brand, particularly in a digital world where inconsistencies can be spotted and widely reported immediately.
When you think about it, Google has a trusted brand and is well placed in the market to perhaps get involved in, or even produce its own cryptocurrency, particularly where there are profits to be made and when cryptocurrencies appear to have an important future beyond the initial bubble of bitcoin-mania. The important thing for Google is that it, along with Facebook, was seen to be doing the right thing when cryptocurrency scam adverts began making the news, and there is still no real, firm proof that Google will commit itself to its own cryptocurrency yet.
It is also not surprising that companies such as Google and Facebook would want to explore the huge potential opportunities that blockchain offers. It is worth remembering that blockchain has shown itself to have many great uses beyond just cryptocurrecies e.g. enabling students to share their qualifications with employers, recording the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates, as a ledger to record data about wine certification, as a ledger for ownership and storage history, as a system for tracking consignments that addresses visibility and efficiency, and for sharing information between energy suppliers to speed the supplier switching process. Dubai has also invested in using blockchain to put all its documents on blockchain’s shared open database system by 2020 in order to help to cut through Middle Eastern bureaucracy, speed up civic transactions and processes, and bring a positive transformation to the whole region.
Both cryptocurrencies and blockchain have a long way to run yet, and Google and Facebook will certainly not be the only web giants exploring their potential.
Facebook Losing the Battle For Teenage Attention
A study by Pew in the US has found that Facebook is now lagging behind YouTube, Instagram and Snapchat, as a platform where teenagers spend their time.
Down To 4th Place
The study, which involved 750 teens in one month earlier this year, found that Facebook has experienced a 20% point drop since 2015 in its usage by teenagers. Even though 51% use Facebook, this is still a long way behind the 85% preferring YouTube (Google-owned), 72% preferring Instagram (which is owned by Facebook anyway), and the 69% preferring Snapchat.
What’s Been Happening?
An eMarketer report illustrates what’s been happening. The report predicts that in 2018, 2.2 million 12 to 17-year-olds and 4.5 million 18 to 24-year-olds will regularly use Facebook in the UK, but this is 700,000 fewer than in 2017. Most of the young defectors appear to be going instead to Snapchat.
The same report shows that there has been a surge in older users of Facebook, and over-55s will become the second-biggest demographic of Facebook users this year. For example, 500,000 new over-55s are expected to join Facebook in 2018, and this will bring the number of 55- to 65-year-old-plus regular Facebook users this year to 6.4 million.
Passing Over Instagram For Snapchat
One of the reasons why Facebook bought Instagram was so that it could at least keep some of the young people who were deserting Facebook as customers as of one of its services.
Unfortunately, what’s been happening is that young people appear to have been leaving Facebook, and going to Snapchat instead of Instagram. For example, in the last 3 years Snapchat has more than doubled its take-up rate among UK users of social networking sites and apps to 43%.
Why?
It is an age-old feature of teenagers and young people, because of a need for independence and privacy, they would prefer not to go to the same places as their parents, and this is what has been happening on Facebook to some extent.
Also, many more young people have smartphones, and they use them to go where other members of their age / peer group go i.e. on Snapchat. It doesn’t help also that Facebook has received a lot of bad publicity recently over its involvement with the sharing of user data with Cambridge Analytica, and the part it played in allegedly being used by representatives of certain foreign powers to help sway the election result towards Trump.
Facebook has also proved particularly attractive in recent years to older people who have found that its video and photo features are easy to use, and enable them to keep up with the social lives of their older children, and grandchildren,
Facebook For Kids
Facebook has long known that it has been attracting an older demographic, and that young people have been leaving the platform in pursuit of a new experience, and to stay in touch with other members of their peer group.
Attracting a new, young group of Facebook users looks likely, therefore, to be one of the main reasons why, back in December 2017, Facebook announced that it was launching a kind of Facebook for children the form of ‘Messenger Kids’. Some commentators said at the time that it appeared to be a way for Facebook to recruit its next generation of users, and to capture the attention of 6 to 12-year-olds before Snapchat or a similar social network competitor
What Does This Mean For Your Business?
For Facebook, even though it recognises (and is trying to solve) the problem that it faces in attracting teenage users, it still remains the most popular social networking sites in the UK by a long way, boasting 32.6 million total regular users this year. Also, Facebook’s Instagram is looks likely to grow its user base from 15.7 million to 18.4 million this year, although it also appears to be losing young users to Snapchat.
For businesses wishing to advertise, Facebook is likely, therefore, to be a way to advertise to older age groups e.g. those in their 40,s, 50s, and above. In fact, Facebook has also announced an overhaul of its news feed algorithm to prioritise what friends and family share, and to reduce the amount of non-advertising content from publishers and brands.
Businesses with older customer demographics may also want to keep making the most of their company Facebook business page.