Monday, 23 February 2015

Smoke and Mirrors



Websites are part of our lives now. I never buy anything major these days without visiting some sort of website, just to reassure myself about the details. In business, we marketers spend an inordinate amount of time worrying about our websites and driving traffic to them, because we recognise that this is our shop window.

And of course this is where the shadily unscrupulous always make the boldest unsubstantiated claims and deliberately muddy the waters in their own favour. In short, they lie. Advertising standards do not seem to apply to websites. I am sure there is some sort of legal redress if something is totally untrue but who do you sue

But people believe what they read. I spent an unhappy half hour this morning convincing a potential client that CESG baseline software was not totally secure. He had seen it on a competitor’s website and believed that baseline software would remove all his sensitive data, and he was getting this done for free.

Now the author of this little stretching of the truth was quite clever. CESG are the government committee (run by GCHQ) that ‘independently evaluates and certifies the level of trust that may be placed in IT security features.’ So by mentioning them they give themselves a veneer of authenticity I suppose. But CESG do not say baseline software is sufficient. Baseline software basically wipes any hard drive once. It’s like dusting a plate with one wipe in one direction. It is better than nothing and that is essentially what CESG says.

Anyone serious about data erasure uses Infosec 5, which CESG says removes data to the point where it is currently impossible to retrieve it. The wording of Infosec 5 mentions baseline but clearly states that it is inferior to a 3 wipe system, which is what we mean by Infosec 5. So the free service was using basic software and passing it off as sufficient.

And whilst we are on the subject of competitor claims, watch out for when free does not mean free.

I am finding lots of these people who say they will collect for free, but when you get into the details they mean only if you have a lot of stuff (and the right sort of stuff). And they will only do certain things for free. Your data may be dealt with using baseline software so that they do not need to pay any license fees for instance. They may be a bit parsimonious with the paperwork.

And many of the allegedly not for profit organisations offering these miraculous services for nothing but a smile and a handshake are linked to commercial operations standing in the shadows who may not be as green or as reputable as you think. None of which you can see from their websites.

IT Recycling is a mucky business at times. I can’t blame anyone who is only dipping into it long enough to get rid of 10 PC’s and a few old monitors for getting fooled, but we do need to start getting the message across. So for the avoidance of doubt, here is what we are actually trying to do here.

  1. Make the manufacture of IT and electrical equipment sustainable by reusing or recycling all waste with 0% going to landfill.
  2. Keep everyone 100% data secure.
  3. Stop WEEE being exported out of regulated countries to end up in African landfill.

And that’s it. Simples.