Home > Uncategorized > Guest post: An IT insider’s mistake

Guest post: An IT insider’s mistake

October 19, 2016

This is a guest post by an IT Director for a Fortune 500 company who has worked with many businesses and government agencies.

It was my mistake. My daughter’s old cell phone had died. My wife offered to get a new phone from Verizon and give that to me and then give my daughter my old phone. Since I work with Microsoft it made sense for me to get the latest Nokia Lumia model. It’s a great looking phone, with a fantastic camera, and a much bigger screen than my old model. I told my wife not to wipe all the data off my old phone but to just get the phone numbers switched, and we could then delete all my contacts from my old phone. While you can remove an email account on the phone, you can’t change the account that is associated with Windows Phone’s cloud. So my daughter manually deleted all my phone contacts and added her own to my old phone – but before that I had synced up my new phone to the cloud and got all my contacts downloaded to it. Within 24 hours, the Microsoft Azure cloud had re-synced both phones, so now all the deletes my daughter did propagated to my new phone.

I lost all my contacts.

I panicked, went back to the Verizon store, and they told me that we had to flash my old phone to factory settings. But they didn’t have a way for me to get my contacts back. And they had no way for me to contact Microsoft directly to get them back either. The Windows Phone website lists no contact phone number for customer support – Microsoft relies on the phone carriers to provide this, apparently believing that being a phone manufacturer doesn’t require you to have a call center that can resolve consumer issues. I see this as a policy flaw.

I had the painstaking process of figuring out how to get my phone contacts back, maybe one at a time.

But the whole cloud syncing made me think about how we’ve now come to trust that we can have everything on our phones and not think about adequately backing it up. In 2012, the Wired reporter Mat Honan reported about how a hacker systematically deleted all his personal information including baby photos on his Apple devices he had saved to the cloud. The big three phone manufacturers now (Apple, Google and Microsoft) have a lot of personal information in their clouds about all of us cell phone users. Each company, on its own, can each create a Kevin Bacon style “six degrees of separation” contacts map that would make the NSA proud. While I lost over 100 or more phone contacts, each one of those people would likely also have a similar or more contacts plugged into their phones, and so on. If the big three (AGM, not to be confused with Annual General Meetings) colluded together, they could even create a real time locator map showing where all our contacts are right now all round the world. Think of the possibilities for tracking: cheating spouses, late lunches at work, what time you quit drinking at the local, what sporting events you go to, which clients your competitors are meeting with etc. Microsoft’s acquisition of LinkedIn makes this sharing of information even more powerful. Now they’ll have our phone numbers and email contacts and some professional correspondence too.

I don’t trust Google. Their motto of “don’t be evil”, almost begs the question why do they have to remind themselves of that? Some years ago they were reported as scanning emails written to and from Gmail accounts. Spying on what your customers think of as private correspondence comes to my mind as evil. And just last week Yahoo admits to doing the same thing on behalf of the government, scanning for a very specific search phrase. I hope the NSA got their suspect with that request, and it wasn’t just a trial balloon to see how far they could go with pressuring the big data providers and aggregators. Yes, I can see the guys in suits and dark glasses approaching Marissa Mayer, “Trust us, this will save lives. We believe there’s the risk of an imminent terrorist attack”. I hope they arrest someone and bring charges, even if to justify Marissa’s position.

So why do I bring all that up? I believe we need consumer personal data protection rights. Almost like credit reporting. The big three (AGM) personal data aggregators and Facebook and LinkedIn collect a lot of personal data about each of us. We should have the right to know what they keep about us, and to possibly correct that record, like we do with the credit bureaus. We should be able to get a free digital copy of our personal data at least annually. The personal data aggregators should also have to report who they share that information with, and in what form. Do they pass along our phone contact information, or email accounts to 3 rd party providers or license that to other companies to help them do their business? The Europeans are ahead of America in protecting privacy rights on the internet, with the right to be forgotten, and the right to correct data. We should not be left behind in making our lives safer from invasion of our privacy and loss of personal security.

We need to know. The personal data aggregators need to be held to higher standards.

Categories: Uncategorized
  1. October 19, 2016 at 7:00 am

    Europeans already have the right of access that you describe. For Europeans that are interested, I am building a company to help exercise that right, at PersonalData.IO. In May 2018, a new General Data Protection Regulation brings the right to portability of your personal data, and a general change in the geographic scoping of data protection that Europeans get. This basically means a lot of IT directors all over the world should be working on this, or otherwise face fines of up to 4% of revenues worldwide.
    PS: In Europe, we point at the GAFAM: Google, Amazon, Facebook, Microsoft, and now also the NATU: Netflix, Air BNB, Telsa et Uber.


  2. jmhl
    October 19, 2016 at 7:38 am

    “Spying on what your customers think of as private correspondence comes to my mind as evil.”

    If your email provider didn’t use software that scanned the headers and contents of your email for specific search phrases, there would be no way to filter it for spam. Without a spam filter, your email inbox would be 90% spam — the spam you see in your current ‘Spam’ folder is only a fraction of that which is sent to you, most of which is blocked by your email provider without you seeing it, because it can be labeled with near certainty as spam based on content analysis. Of course such email scanning technology could be used nefariously, but if you prohibit it entirely you will make email unusable. It is Google’s recognition that they must use such technologies, which have the theoretical capability for misuse, in order to provide the services their customers expect, that motivates their “Don’t be evil” motto: they acknowledge that they must apply ethical judgement and make choices about how to behave in such an environment. The internal controls Google applies to prevent its employees from viewing users’ personal data or using it in ways that could result in privacy breaches are exceptionally rigorous.


    • October 19, 2016 at 8:41 am

      I seem to recall having read somewhere that spam is a third of all Internet traffic or was at one point…..


    • October 19, 2016 at 9:11 am

      Oh, one other small point. Google’s “Don’t be evil” motto was originally seen in their job postings. It was a way to give the middle finger to Microsoft and get CS grads to look to Google for their first job rather than MS.


  3. October 19, 2016 at 9:29 am

    Interesting comment on the Windows phone and yes that is true about the phone as it is by comparison the most secure phone out there as it’s been connecting to the active directory and group policy a lot longer than the other phones. I have one myself and hopefully they’ll be around for a while longer too. I kind of laughed a bit as it brought back memories of “Active sync” the most loved and hated software to synch the former Windows Mobile phones:)


  4. October 19, 2016 at 10:55 am

    A few months ago, I turned in my Smart Phone for a dumb phone. No cloud for me. I wonder if the hackers can get into a dumb phone and delete the data. I’m old enough to remember party lines where a dozen neighbors all shared the same line. If the phone rang, a half dozen people could pick up. You kept your phone numbers written down in a little book with tabs for the alphabet. The only way to lose that was to misplace it or the hose burned down and since it almsot always sat next to the phone, losing it was rare and why would a burglar want to steal your address book? I’m not even sure identify theft existed back then or was a serious problem. Most thieves are lazy and if they can stay home and hack enough info to steal your identity and empty your bank accounts, they don’t have to break and enter risk being shot by a homeowner.

    Maybe you could contact one of the major data brokers and see if they’d check the file they have on you to see if they’d be willing to give/sell you your own contact list. The probably have it.


  5. Joe
    October 19, 2016 at 11:28 am

    Bro.basically you can recover your contacts by going to either outlook online or by using Verizon backup assistant. People who don’t know how to use the cloud often times get confused about what you can and can’t do with it. Instead of saving your contacts to outlook, I would suggest saving them to google. Also there is a way to remove the account from a phone. Simply navigate to accounts in setting and remove the Microsoft account. Or just do a reset of the phone and start over.


  6. mathematrucker
    October 19, 2016 at 12:39 pm

    Was just thinking the same thing about Google’s creepy motto the other day. Not for the first time of course, but how do you keep from wondering, “why would they select THAT?” They should really drop it, but then, how do you drop THAT?

    Until a few days ago one of my foundational assumptions about cyberspace was that Google search is a genuine gateway to the internet, in the rough sense that Google indexes as much of the internet as it can get its hands on and then brings that whole internet to the masses, in an astonishingly organized fashion.

    More specifically, suppose Google indexes a page P (that Google detects is in English) and P contains a certain text string S. The assumption is that if anyone in the world who has access to Google (with their search preferences set to English) enters S into Google search, then P automatically gets into the set of matches—it might not rank very high, but it at least gets in.

    Strangely enough this seemingly safe assumption doesn’t hold for P = a recent Math Stack Exchange post of mine. With zero comments and answers so far, it’s out in the tumbleweeds. This explains why Google search might give it a really low rank, but—regardless of Stack Exchange’s importance—it definitely doesn’t explain why Google would completely wipe it from my Google account’s view of the internet! Others have told me they’re still seeing my post in their Google search results.

    Here is a pristine, un-Photoshopped screenshot that captures the situation well:


    The exact same search string Google is saying wasn’t found, shows up in the page snippet for the first search result. Even if this is just due to some bug, it still seems to highlight the scary issue of Google getting to define what the internet is and isn’t to any given user.


    • mathematrucker
      October 19, 2016 at 12:39 pm

      By the way for anyone teaching an elementary topology course right now, that SE post contains a challenging and unique extra-credit problem. It almost seems like a Monthly problem, but not quite so I posted it on Stack Exchange instead. Will be happy to email a link to the solution on request—my email is my username at gmail.


    • jmhl
      October 19, 2016 at 1:06 pm

      @mathematrucker: Never ascribe to malice what could simply be incompetence. I strongly suspect that the reason your math.stackexchange.com post is not being found by google is that the title contains LaTeX \mathbb{R}, which is confusing the search engine. When I search with the query “finite partitions mathbbr saturated closures”, your post is the first result. Bing finds your post as the first result with either mathbbr or just R in the query, incidentally, (kudos to MS for beating Google on this one) so I think your assertion that this failure somehow indicates that Google is “getting to define what the internet is and isn’t to any given user” is a little hyperbolic.


      • mathematrucker
        October 19, 2016 at 9:13 pm

        This wasn’t just a case of some mismatch (yeah I was aware of the LaTeX issue) between my search query and my SE post that was causing it to not show up in a list of search results. The most accurate way I can think of to describe the behavior I observed is that my SE post somehow got temporarily deleted from my Google account’s Google-internet.

        Maybe the following will help you understand why this isn’t just hyperbole. Earlier today before submitting my comment here, to sidestep the LaTeX issue I tried entering (in quotes) the search term “Since quotients preserve so little, finding a counterexample also appears difficult.”

        Google told me no matches were found. But later today while experimenting with your “mathbbr” suggestion, my SE post suddenly started showing up again (at the top). So then I got curious what would happen if I tried that whole sentence again. Now all of a sudden it worked, bringing up my SE post as the lone search result.

        How can any of us know with confidence that its earlier absence from my Google account’s Google-internet isn’t the tip of an iceberg?

        Actually if I am jumping to any conclusions, it’s that what I observed was account-based. For all any of us knows, it was my CPU’s temperature to the nearest decimal integer Fahrenheit modulo 19 that was REALLY behind the variance I observed today.


        • jmhl
          October 19, 2016 at 11:01 pm

          @mathematrucker: If you want to be sure you are seeing results that are not modified with reference to your Google account, simply open an incognito/private-browsing window in your browser and repeat your search. As far as that search is concerned, you will be logged out and there will be no account to personalise the result with.


      • mathematrucker
        October 20, 2016 at 11:05 am

        Thanks for the info/suggestion. It occurred to me after posting that my comments are flawed. The LaTeX does explain the screenshot, so all it did was distract from the main issue of my SE post’s complete disappearance. It was also incorrect to assume everything was account-based (my “Google account’s Google-internet”). But as you indicated, it does work as hyperbole.

        What’s left is the disappearance/reappearance itself, which the whole-sentence query seemed to confirm. The solution is for me to drop my erroneous assumption that Google indexes the whole internet and start adding Bing et al. into the mix to maximize what shows up—one way or another—on whatever screen is in front of me, as the internet.


    • David Wallace
      October 19, 2016 at 3:01 pm

      Note that the “with” in the search result isn’t bolded in the presentation of the individual word search results. That might be because it is a common word, but I suspect a bug that failed to match on that word, blocking the exact phrase search (this could, for example, be an issue in the way the page got stored on Google’s servers – maybe one of the characters in “with” is a look-alike). As a test for my “common word” hypothesis, I searched on words with friends – the with is bolded in the results, whether I quote the phrase or not.


  7. jmhl
    October 19, 2016 at 12:52 pm

    “We should have the right to know what they keep about us, and to possibly correct that record, like we do with the credit bureaus. We should be able to get a free digital copy of our personal data at least annually. The personal data aggregators should also have to report who they share that information with, and in what form. Do they pass along our phone contact information, or email accounts to 3 rd party providers or license that to other companies to help them do their business?”

    We do, we can, and they do report this.

    Here are the links to Google and Facebook’s policies regarding personal data.

    https://privacy.google.com/how-ads-work.html <– (Note the banner headline on this page)

    These answer all of these demands and more. Similar policy statements are no doubt available from the other companies mentioned, try searching on Google.

    I'm a little confused as to how an IT Director of a Fortune 500 company could not know this information or where to find it, since if I wanted to know how the cloud providers' privacy policies related to my company's use of their services, I think I'd ask the IT Director whose job description includes being responsible for knowing such things.


  8. October 19, 2016 at 10:18 pm

    Two TOTALLY different issues here – backup of data that is in the cloud, and security risks of using the cloud at all. On the first: sync is not the same as backup! Data that is synced to the cloud is not really backed up there. It can help you recover data sometimes – but it can also destroy your data in a flash. The problem is: backup and recovery are HARD.


  1. October 19, 2016 at 1:03 pm
Comments are closed.
%d bloggers like this: