Friday, September 28, 2012

Information security, and how not to do it

On the 21st of this month, I received an email from a company*, advertising their upcoming online seminar, and various other online courses they ran, including ones on the Data Protection Act, and information security.
Since I wasn't interested in their courses, and didn't remember signing up to receive any marketing materials from this company,  I clicked on the unsubscribe link. However, when the unsubscribe page opened, the name and email fields were already completed...and none of the information was mine.
In fact, the email address was for a Junior School in Portsmouth (edited version below).


This is not great, in terms of information security...you know, that thing they're running online courses on?
So, I replied to them within an hour, pointing out that the information in those fields was not mine, and they might want to do something about that.
To date, I've not received an acknowledgement of my email, or any form of response.
I was also not alone in receiving this email, and finding someone elses information in the form when following the unsubscribe link.

However, in the days since, the form the link leads to has changed....well, to be specific, the information viewable in the form has changed. Yes, it's gone from being the contact details of the school in Portsmouth, to the address of a private school yesterday, and today, one for a university. The first two times, the emails were admin addresses, but the university address is the work email of an individual, with their proper name in it (instead of, as above "No" and "Thanks" being the name).

Now, mistakes happen, and making a link to a form that shows the details of the last person who's used it was probably an accident. But this is not how you deal with it.

What would I have done if this had been my mistake?

  • When I got the email pointing it out, I would have responded to the person contacting me, apologising for the issue, and thanking them for bringing it to my attention
  • I would have deactivated the link immediately
  • I would have got whatever glitch it is that's preserving the last page user information fixed
  • Once that was done, I would have emailed everyone that had received the previous email, apologising for the issue, and telling them that the unsubscribe link was now secure and anonymous
This company has done none of that. Allowing anyone to view names and email addresses of strangers is not as serious as sharing work or home addresses, or more sensitive personal information, but this is a company which is running a business specifically selling training on data protection, and information security. Hands up who'd feel confident about using their training, if this is how they put it into practice?

*I have not named the company here, but contact me directly if you would like to know who it is.

Monday, September 17, 2012

Things which are not helpful

Today, I've spent a lot of time banging my head against the brick wall of bad or mad search design.

First up was the Scottish Government, with its contribution to "thwarting any attempt at a search", by somehow managing to date various items as being released on October, November and December...of this year. So looking for recent items was impressively pointless. As was the fact that the search was also giving over 300k results.

Looking forward to that Forced Marriage report in December.

Then, I went into the Scottish Parliament website, to try doing a search in the Official Report. Top tip: don't do this. Ever. Use Google to search the Parliament's website instead.

Mainly because, if you can get the report to return hits, then you get to wade through the results, blindly. And blindly it is, because the search doesn't give you any idea of how many pages of results you've got, or any shortcut to get to specific points/leapfrog to a further point. So if you know when something happened, and just want to get to that point in time, you need to click...and click....and click...hoping to get to where you know you want to be, but not knowing how long it will take, to move through the unknown number of pages....

So yeah: just Google it. It's less stressful, I can assure you.


Tuesday, September 11, 2012

It's all in the small print

Quite literally, the small print.

I wanted to try and download voicemails from my phone (call me sentimental, but in years to come, I might be happy to still be able to hear my Mum leaving rambling messages about what insane item she's found for me on eBay today), which appears to actually be quite a difficult thing to do. Multiple forums recommended various techniques involving cables, computers, headphones and microphones, but that's all a bit complex for me, and I decided to try one of the free apps that claimed to be able to manage voicemails.

I did the sign-up, email, password etc, but I thought "hey, since this mini-computerabob that I'm carrying everywhere has access to a LOT of information about me and my life...maybe I'd better actually read the terms and conditions that I have to confirm that I agree with?". After all, there's plenty of stories about what can happen if you allow apps or services access to your phone without considering it.

Now, my phone screen is approximately 3 inches by 2 inches, so these images are approximately the same size as when they're viewed on my phone...hands up who thinks anyone could actually read this?





4 pages worth of small print. Very, very small print. As far as I know, I may well be signing up to donate my body to medical science, while still alive.

So...is the chance to save voicemails worth that risk? Do I sign up, and risk being carted off to a medical facility to be used for terrible experiments, when I least expect it?

Or...do I do what everyone has to do these days - just accept it, and hope that it's not malicious? After all, if I don't accept it, I can't use the service, so it's not really much of a choice, is it?

Friday, September 07, 2012

Kevin the Teenager

We're all normal, sensible adults, right? Inanimate objects should not provoke feelings of rage, or the desire to destroy them. We should be able to laugh in the face of small irritations, while congratulating ourselves on maintaining our inner Librarian Zen.

And generally, we do. We field queries, wrestle databases, and wrangle information merrily, with good humour and cheerful Librarian Face* held firmly intact.

But then comes that day, that terrible, terrible day we law librarians dread. Oh yes...the day that the Yellow Tax Handbooks and Orange Tax Handbooks arrive.

Oh, they are fiendish, fiendish things, yet they merely add to the heap of Evil Books in the Library!

Between the Orange and Yellow (which have some disturbing issues), and the various collapsible Butterworths handbooks with their covers made of paper mache, which are now joined by the massive Chambers UK, the library is awash in schlumpy books, determined to slide slowly off the shelves. Or, in the case of Chambers UK, books that can't actually be put on shelves at all, unless kept encased in their cardboard shells. Books which, for added fun, are so tightly jammed in that it's virtually impossible to remove the guide from the shell without hauling the whole thing off the shelf and shaking it upside down vigorously to break the strange suction effect, while holding one hand over the Bar guide so it doesn't make a break for freedom. Then, when you've figured out how to find anything in it, and want to put it back, it's another wrestle with the cardboard shell, with the bonus of now having to keep perfectly straight and parallel the pages of a 1600 page book with a soft cover with one hand, while using the other to hold the Bar guide out of the way, again.

Meanwhile, in the background, is the soft hiss of tax handbooks, slowly sliding down the shelf...

It's enough to turn anyone into Kevin the Teenager, provoking outbursts of muttered "I hate you", and "This is so unfair!" whenever you're forced to go near the damn things.

Excuse me, I'm off to go sulk in my room.


*Librarian Face - the curse/blessing of librarians the world over. The face that involuntarily says "Can I help you?", night and day. More details here.

Thursday, September 06, 2012

Up, or out?

Tina Reynolds brought my attention to this piece of research on career mobility for young professionals (with a focus on women), the research being based on personnel data from a large American law firm.

In brief, it claims that whether a person stays with an employer or leaves within a certain timeframe, in a profession which requires regular promotion to remain with an employer, depends on whether that person is supervised/mentored by a person of the same gender/demographic. It also says that, when a person wishing to progress is within a work group with a high proportion of the members being of the same gender/demographic, they are more likely to leave, as they perceive the other group members as competition.

Now, I may well work with lawyers, but that doesn't mean I have any insight into the dynamics of their career hierarchies, how supported they feel my their supervisors, or what they feel about competition for promotion. I've also never worked for anything other than women as my line managers, and I've only ever worked within an all-female group. So, I've never really experienced this "move upwards, or move out" scenario myself. The study says the results are "best generalized to other professional service organizations where human capital is critical, senior sponsorship is coveted and competition is intense." Is this something that happens in library teams?  Are they competitive?

Are there library workplaces in which people do feel outcompeted by others of the same gender, e.g. academic libraries or public libraries, who typically have larger amounts of staff and thus more candidates for senior roles? Do female bosses in a female-heavy profession encourage junior female employees to feel they can progress? Do male bosses not inspire junior female staff? Do males feel they're missing out if they don't have a male supervisor?

Or: is the study really just a pile of nonsense, and everyone's always utterly happy in all ways?

Monday, September 03, 2012

National Portrait Gallery images

This blog post from the Scottish Visual Arts Group alerted me to the fact that it was possible to use images from the National Portrait Gallery for non-commercial purposes.

Going to the Advanced Search area of the website, it's possible to perform a search for the profession of the sitter/subject of the portrait. So, of course, I decided to have a look and see what the librarians of the past look  like. After all, today, we're apparently all female, frumpy, and middle aged.

Of the 72 people whose profession was described as "librarian", only 7 were female librarians*. The rest were be-whiskered, elderly white gentlemen of a certain class, with some amazing names: Arundell James Kennedy Esdaile; Luxmoore Newcombe; Harry Tapley Tapley-Soper; Charles Talbut Onions...

Of the 7 female librarians, only one is actually the sole subject of the portrait: the rest are group photographs of National Portrait Gallery staff from various eras, staff of other bodies, or a painting of a group.

So here you go: the rare sight of a portrait of a female librarian! I give you...Alda von Anrep!

Record page at NPG

Yes, it's not exactly a stereotype-busting look, but hey, she's all we've got!


*The full list is: Adla von Anrep; Rosemary Evison; Emma Floyd; Nicole Mendelsohn; Constance-Anne Parker; Lousa Fentham Todd, and Valeria Vaughan Batson.
Web Analytics