Critics of EU ‘red tape’

I subtitle this post, in the immortal words of Lord Kitchener, said as he encouraged men to enlist to fight in The Great War:

“Be certain that your so-called reason is not a selfish excuse”

Using two examples around data protection and privacy that I recently encountered, I will argue against the ever-popular opinion that European Union (EU) regulation is limiting Britain, and that leaving would benefit the majority of us.

Data profiling

At the end of May, fantastic BBC Radio 4 business show ‘The Bottom Line’ hosted a discussion among four British CEOs and a Swiss business advocate about the implications of the EU on business. You can listen to the full programme here.

One of the guests was Christopher Nieper, a manufacturer and seller of luxury women’s wear. He raised an objection about EU data protection laws that he believes threaten to end his business. I have arranged the relevant parts below:

I struggle to see how it is ‘sinister’ to limit the profiling of people’s data. Surely the profiling of data is what is sinister and needs to be restricted!

If this is a business that really would be ended if it could not collect customers (and anyone’s?) data, profile it, and send out direct, invasive marketing then should it be afforded special protection? It sounds very much like this business is parasitic and only economically viable when it’s able to abuse peoples’ privacy to trick them into buying things they don’t want or need. Does anyone ever enjoy receiving unsolicited direct marketing by email, phone or post?

Alright I may be laying into Nieper a little excessively here, but seriously what reason do we have to weaken our right to a private life, free at least in our own homes from the constant barrage of consumer capitalism just to prop up businesses like his?

The argument that follows here is that outside the EU, British citizens would see their rights eroded for dubious economic benefits. That’s certainly what Christopher will be hoping for when he votes ‘leave’ on Thursday.

Cookie Warnings

A few days later I had to view a lot of PDF documents and was getting tired of the excruciating speed with with Nitro PDF opens them. It’s a great editor and converter, but waiting nine seconds to open a 400kb PDF file? For those interested, I have settled upon the open source freeware Sumatra PDF which opens anything in under a second.

Anyway, on my search, I happened to end up on the website AfterDawn, hosting a download of the free version of Slim PDF. Rather than simply complying with EU regulations to display a notice to users that their website uses cookies, the owners of AfterDawn just had to be smarmy, didn’t they?

AfterDawn's Cookie Complaint

A website covered in advertisements. Ad banners are strewn around the page deliberately seeking to trick users into downloading who knows what. Best case scenario yet another ‘PC speed booster’, worst case a virus or keylogger. At least they do show the courtesy to warn in advance that clicking download won’t get you the software you want, but instead a completely unnecessary installer. You’ll just have to trust them that it isn’t going to break your system and harvest all your data. Does this website appear trustworthy?

At the bottom of the page, AfterDawn claim that:

“EU Bureaucrats told us to add this label. Yes, we use cookies. Everybody does. Accept that or go away.”

Cookies and privacy

EU ‘bureaucrats’ didn’t tell you to do anything. The EU commission tabled a piece of legislation and elected representatives, Members of the European Parliament, reviewed it, scrutinised it, and voted to pass it. National governments then implemented the directive. The democratically elected representatives of the users of your website order you to inform users of your cookies and offer them the opportunity to opt out.

Why was this legislation important? Because cookies can be used to track you as your browse the internet. The precise tracking potential is potent, and set entirely by the webhost, not the user. Once a website knows your real name, through a Facebook, Google, Twitter or other login, this can certainly range to ‘on x date at y time, Joe Bloggs, who likes this and that, and is friends with him and her, visited the following webpages on this website. He viewed webpage a for x seconds, webpage b for y seconds, and left the website by clicking link z.’

These are potential invasions of privacy that I believe anyone would demand to know about if they tracked our physical movements about our lives. Why is it any different in the virtual space? A space we are spending more and more of our time in.

AfterDawn’s arrogant rationalisation that “we use cookies [because] everybody does” is also obviously falsifiable. Static websites by and large don’t use cookies and it is entirely possible to run complicated, dynamic websites on ASP.NET without the use of cookies, and businesses do.

Necessary compulsion

As well as informing visitors, the EU directive encourages web developers to think about in what ways and why they are using cookies. Is it justifiable? Are they actually serving a function in a particular role or simply slowing down the loading of the site and irritating users?

These are not frivolous questions, and the response of websites such as AfterDawn to this law show that cookie usage isn’t being thought about enough. I have first hand experience of what happens when web developers don’t consider the actual needs and convenience of their users, or the future of the web. Chinese online banking.

Both Bank of China (BOC) and Agricultural Bank of China (ABC) require the installation of an ActiveX control to log into online banking. That limits users exclusively to Internet Explorer (IE) on Microsoft Windows, because no-one developing a browser for the 21st century will touch the flaming mess of never ending security exploits that is the ActiveX framework. Even Microsoft have dropped support in their new Edge browser.

After downloading, ABC’s control runs permanently in the background, so you’d better hope you got the proper file from the correct website and weren’t spoofed into downloading a keylogger. This really could happen, as the whole instruction and download sequence takes place over unsigned, unencrypted http, which is laughably easy to spoof. Bank of China’s, on the other hand, is so poorly coded and without a verified signature that IE 11 refuses to authorise it until you specifically go in and add BOC’s domain to your ‘trusted zone’.

These are my banks.

I wish I could write ‘this may have been acceptable in 2001, but it’s now 2016’, but honestly when was this kind of web design ever acceptable in Europe?

AfterDawn, you should embrace the spirit of this EU regulation for mandatory cookie warnings and choices. It informs or at least encourages users to understand what web browsing means for their privacy. It also promotes making efficient websites designed with the future in mind that work across all screen sizes, devices and internet connections, load quickly and serve their users securely, transparently and exactly as advertised. You don’t want us to end up like China, do you?

Conclusion

I reiterate, be certain that your so-called reason in opposing ‘red tape’ and supporting a Brexit is not a selfish excuse to abuse citizens’ rights and safety to make easy, lazy money.

1 thought on “Critics of EU ‘red tape’”

Leave a Reply

Your email address will not be published.