Friday, November 24, 2006

When non-IT people make IT decisions

When non-IT people make IT decisions. Hilarious.

Retired Brigadier arrested for bringing tiny toolkit on train

Tom Foulks, a retired army officer, was arrested, detained and cautioned recently for attempting to bring a credit card sized toolkit on to a train, a toolkit which has travelled all over the world with him.

"After nearly four hours of processing and questioning I cheerfully admitted the “offence” in order to terminate this tedious ordeal, get back to Waterloo and resume my journey to Paris. Having signed the necessary forms, I was released on caution."

Now that he has such a caution for attempting to smuggle an "offensive weapon" contrary to "Section 1 of PCA 1953", he might well find himself flagged for more detailed security checks on his future travels.

South Korea and Ireland

Susan Crawford is encouraged by network developments in South Korea and Ireland.

"South Korea made the decision ten years ago to invest in high-speed (competitive) internet access and subsidize cheap PCs -- as a result, they have just about the highest broadband penetration in the world. Not only has the dream come true, but economic growth comes attached.

Meanwhile, someone sent me a Wall Street Journal Europe article about VCs carving up an Irish telephone company to treat transport like a utility. The big guys can watch the model and then think about selling their own networks to raise some cash."

Is Blair exaggerating the threat of terrorism?

Simon Jenkins has been indulging in his favorite sport of Blair-bashing again.

"The west is ruled by a generation of leaders with no experience of war or its threat. Blair and his team cannot recall the aftermath of the second world war, and in the cold war they rushed to join CND. They were distant from those real global horrors. Yet now in power they seem to crave an enemy of equivalent monstrosity. Modern government has a big hole in its ego, yearning to be filled by something called a "threat to security".

After 1990 many hoped that an age of stable peace might dawn. Rich nations might disarm and combine to help the poor, advancing the cause of global responsibility. Instead two of history's most internationalist states, America and Britain, have returned to the trough of conflict, chasing a chimera of "world terrorism", and at ludicrous expense. They have brought death and destruction to a part of the globe that posed no strategic threat. Now one of them, Tony Blair, stands in a patch of desert to claim that "world security in the 21st century" depends on which warlord controls it. Was anything so demented?"

Dear Father Christmas...

Could I have one of these please?

"It's an MP3 player. It's an FM radio. It's video and photo display device. It's an e-book reader. It's a sound recorder. It's a Linux-based personal computer ready for web, email and office usage. Yes, it's Wizpy, the Swiss Army Knife of handheld gadgets announced by Japan's Turbolinux this week."

Sadly they won't be available in my part of the world until February 2007.

Ndiyo: Sharing PCs to bridge the digital divide

Andrew Donoghue at ZDNet UK ZDNet has been interviewing John Naughton and Quentin Stafford-Fraser about Ndiyo. Recommended.

Former UK Diplomat Critical of UK foreign policy

Carne Ross, a former high flyer at the Foreign & Commonwealth Office, has heavily criticised the government in his Testimony to House of Commons Foreign Affairs Committee: Commentary on FCO White Paper "Active Diplomacy" earlier this month. In his conclusions he says:

"In "Active Diplomacy" and in general, the FCO and government proclaim their knowledge of the world and ability to deal with its challenges: here is the world, they say, and here is how we intend to deal with it. It is an illusion comforting to those in government and the public alike. The evidence however suggests that parliament - and indeed the public - is unwise to accord them this responsibility unquestioned. The last few years have been disastrous for British foreign policy, and no one is held to account[3]. The edifice of human rights law and norms, which took half a century of careful work to construct, has been undermined by those who claim to defend it...

14. We are so inured to the rhetoric of anti-terrorism and macho posturing about building democracy while fostering chaos, that it is hard to imagine an alternate direction for British foreign policy. But it is available, as it always was. This alternative lies in consistency of application of international law and a robust defence (including intervention when necessary, as in Kosovo and Sierra Leone) of those under assault or oppression. It lies in remedy to the "diplomatic deficit" whereby those affected by our - and others' - foreign policy have no capacity to influence it while those in whose name policy is carried out - us, the public - also have scant means to affect it. Together, such changes will produce a more just and therefore more stable world...

...the world needs an international system that gives a legitimate voice to all those affected by others' foreign policy... The Prime Minister himself has claimed that Britain stands by the oppressed, wherever they are. It is not too late for the policy reality to match that rhetoric, but it does require change, perhaps even a revolution."

Inspired compromise?

The Guardian's Free Our Data blog reports that:

"The European parliament and council of ministers have finally agreed a compromise wording to the Inspire directive designed to harmonise spatial information around Europe. The directive had become a cause celebre in the movement to make public sector data freely available. Broadly, the European parliament backed our position, while the council of ministers was opposed."

Article 20 Working Party Conclusions on SWIFT

The EU's Article 29 Working Party (the group of EU privacy commissionsers) has publihsed its opinion on the SWIFT financial data transfers to the US intelligence services. It's pretty damning. Here's some of the highlights:

"In this Opinion the Article 29 Working Party emphasizes that even in the fight against terrorism and crime fundamental rights must remain guaranteed. The Article 29 Working Party insists therefore on the respect of global data protection principles...

Article 29 Working Party comes to the following conclusions:
a) The EU Data Protection Directive 95/46/EC is applicable to the exchange of personal data via the SWIFTNet FIN service;
b) SWIFT and the financial institutions bear joint responsibility in light of the Directive for the processing of personal data via the SWIFTNet FIN service, with SWIFT bearing primary responsibility and financial institutions bearing some responsibility for the processing of their clients’ personal data.
c) SWIFT and the financial institutions in the EU have failed to respect the provisions of the Directive...
d) The Working Party is of the opinion that the lack of transparency and adequate and
effective control mechanisms that surrounds the whole process of transfer of personal
data first to the US, and then to the UST represents a serious breach in the light of the
Directive. In addition, the guarantees for the transfer of data to a third country as
defined by the Directive and the principles of proportionality and necessity are
violated.
As far as the communication of personal data to the UST is concerned, the Working
Party is of the opinion that the hidden, systematic, massive and long-term transfer of
personal data by SWIFT to the UST in a confidential, non-transparent and systematic
manner for years without effective legal grounds and without the possibility of
independent control by public data protection supervisory authorities constitutes a
violation of the fundamental European principles as regards data protection and is not
in accordance with Belgian and European law...
e) The Working Party recalls once again1 the commitment of democratic societies to
ensure respect for the fundamental rights and freedoms of the individual. The
individual’s right to protection of personal data forms part of these fundamental rights
and freedoms...

In view of the above, the Working Party therefore calls for the following immediate
actions to be taken to improve the current situation:
a) Cessation of infringements...
b) Return to lawful data processing: The Article 29 Working Party calls upon SWIFT
and the financial institutions to immediately take measures in order to remedy the
currently illegal state of affairs...
c) Actions as regards to SWIFT: For all its data processing activities, SWIFT as a
controller must take the necessary measures to comply with its obligations under
Belgian data protection law implementing the Directive...
e) Actions as regards to Financial institutions: All financial institutions in the EU
using SWIFTNet Fin service including the Central banks have to make sure according
to Articles 10 and 11 of the EU Directive 95/46/EC that their clients are properly
informed about how their personal data are processed and which rights the data
subjects have. They also have to give information about the fact that US authorities
might have access to such data. Data protection supervisory authorities will enforce
these requirements in order to guarantee that they are met by the all financial
institutions on a European level and they will cooperate on harmonized information
notices...
The Working Party also stresses the following:
f) Preservation of our fundamental values in the fight against crime: The Working
Party recalls that any measures taken in the fight against crime and terrorism should
not and must not reduce standards of protection of fundamental rights which
characterise democratic societies. A key element of the fight against terrorism
involves ensuring the preservation of the fundamental rights which are the basis of
democratic societies and the very values that those advocating the use of violence seek to destroy.
g) Global data protection principles: The Working Party considers it essential that the principles for the protection of personal data, including control by independent
supervisory authorities, are fully respected in any framework of global systems of
exchange of information."

Excuse the dodgy formatting. The original press release is only 5 pages and well worth reading in full. The full opinion runs to 29 pages. If you can't find the time to read the full thing take a look at the executive summary and the "IMMEDIATE ACTIONS TO BE TAKEN TO IMPROVE THE CURRENT SITUATION", particularly item 6.6 on page 29, which repeats item f from the presss release:

"Preservation of our fundamental values in the fight against crime: The Working Party recalls that any measures taken in the fight against crime and terrorism should not and must not reduce standards of protection of
fundamental rights which characterise democratic societies. A key element of the fight against terrorism involves ensuring the preservation of the fundamental rights which are the basis of democratic societies and the very values that those advocating the use of violence seek to destroy."

Quote of the day

"Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free." Ayn Rand.

I wonder what Rand would have made of CCTV, RFIDs, biometric ID cards and passports, mass phone tapping, no fly lists, EULAs, electronic voting, children's databases, software filters, NHS type IT programmes, mass warrantless phone tapping, remote mobile and email and web surfing tracking, to name but a few.

Thursday, November 23, 2006

Racial Profiling at U.S. Airways

Talkleft has yet another example of irrational and discriminatory behaviour of an airline triggered by the nervousness generated by the "war on terror."

A passenger concerned about the "6 suspicious Arabic men" - six imams praying before boarding a flight - and they were removed in handcuffs and held in detention for hours.

"U.S. Airways refused to book the imams on another flight to Phoenix. According to the executive director of the Council on American-Islamic Relations, Muslims (both passengers and airline employees) have more complaints about U.S. Airways than other airlines. The incident prompted the Council and the NAACP to ask for Congressional hearings on racial profiling in airports.

Can you imagine the outcry from the religious right if six Christian pastors were removed from a flight because they prayed together at the gate? U.S. Airways would be deservedly out of business in a week."

ARCH on the Children's Index

ARCH have updated their terrific page on the Children’s Information Sharing (IS) Index. Essential reading for parents and anyone else who comes into contact with kids in a professional or social context. The children's index is shaping up to become more database disaster fodder for academics to study for years to come.

Military Documents Hold Tips on Antiwar Activities

From yesterday's NYT: 'Military Documents Hold Tips on Antiwar Activities' A database called Talon, used by the US Department of Defense has entries on antiwar meetings at churches, libraries and university campuses. The head of the counterintelligence unit responsible for Talon says these details should not be on the database and that those recording such details had misinterpreted the remit of the project.

"Mr. Baur said that those operating the database had misinterpreted their mandate and that what was intended as an antiterrorist database became, in some respects, a catch-all for leads on possible disruptions and threats against military installations in the United States, including protests against the military presence in Iraq."

Of course he doesn't want such details, since they amount to more mountains of data hay polluting his already complex task of finding and sorting through useful intelligence in the existing data haystacks he is aware of.

But that is precisely the point about the operation of mass surveillance in practice. It takes on a life of its own. Operators act defensively collecting and recording even useless data because the perceived cost of missing something is so great. In the mass surveillance era, no amount of data, however seemingly insignificant each individual item might be, will be enough. Now the panic will be over recording and retaining data just in case the security services need it.

The people doing the legwork to feed the databases often find they are not properly briefed or have such a range of pressures guiding their day to day activity that even on the rare occasion when the original objective underlying the construction of the database is clear, the actual practice of operating it hopelessly corrupts the ability to fulfil that objective.

As Ross Anderson is fond of saying, you can have scalability, functionality or security and you can even have two of these simultaneously but not three together.

Youtube video "Charles Nesson is insane"

Charles Nesson at Harvard Law School's Berkman Center has long been thinking along similar lines to Martin Weller about integrating the most modern technologies into his courses.

Nesson has been using wikis, blogs, podcasts, webcasts and Second Life in a course on argument he has been running at Harvard. He would like Martin's notion of taking the ten coolest technologies and building a course around them. Find out what these technologies can really do by playing with them.

Wednesday, November 22, 2006

Computer voodoo

Martin has been engaging in some entertaining rituals with his problematic new Toshiba laptop.

"During the whole saga I became aware of two things:

i) The emotional state the rational machine induces in us. I ranged between violent swearing, sobbing, ennui, despair and hysteria as I wrestled over the course of three days with various start-up techniques.

ii) The superstition and irrationality you bring to these problems. At one stage I managed to get it all the way through the start-up process by continually moving the mouse. This became the first of many actions that came to constitute a start-up ritual that any religion would be proud of. Further rites included holding the laptop at an angle (and in one extreme fundamentalist sect even holding over one's head), closing and opening the lid three times and removing the power lead for ten minutes. I can't say these had any objective measure of success, but they had enough promise of success to be worth doing. And computers have become so complex that although I know they were mostly ridiculous, I couldn't be quite sure that they were redundant. They became the IT equivalent of sprinkling the dirt from a grave before midnight over the computer - sure it doesn't work, but hey, it's worth a try."

Hilarious but scary, especially since it brought back haunting memories of my own difficulties with my Toshiba laptop only a few years ago. The magic of the new toy disappeared in the quickly decelerating pace of operations on the machine, the causes of which I never got to the bottom of. In fairness to Toshiba, when the screen blew in the first few months, they quickly replaced it under warranty. If only Martin had videoed some of his more effective voodoo tricks, I might have been able to give them a try.

Vista EULA

Mark Rasch at SecurityFocus is concerned about the end user licence that will come with Microsoft's Vista operating system. Recommended reading.

"The terms of the Vista EULA, like the current EULA related to the “Windows Genuine Advantage,” allows Microsoft to unilaterally decide that you have breached the terms of the agreement, and they can essentially disable the software, and possibly deny you access to critical files on your computer without benefit of proof, hearing, testimony or judicial intervention. In fact, if Microsoft is wrong, and your software is, in fact, properly licensed, you probably will be forced to buy a license to another copy of the operating system from Microsoft just to be able to get access to your files, and then you can sue Microsoft for the original license fee. Even then, you wont be able to get any damages from Microsoft, and may not even be able to get the cost of the first license back...

Now Microsoft will invariably deny that what they are doing is “self-help.” More likely, they will claim that the disabling provisions of the software are mere “features” of the software. They will also argue that the licensee controls whether or not the code disables by either registering, or “getting Genuine.” But what the boys in Redmond are really doing is deciding that you have not followed the terms of a contract (the EULA) and punishing you unless and until you can prove that you have complied.

And what if Microsoft is wrong, and they disable your software erroneously? Well, you can keep buying and activating their software until you are successful. And that means more fees to Redmond. Or, following the movie “Happy Feet,” you can decide to find software with a little penguin on it."

Hands off our fingers!

Henry Porter is in full flight at the Guardian again today, this time regarding the new gadget the police are using to check fingerprints by the roadside.

"It must be clear that if the police are demanding fingerprints today,
they will be asking for our papers (ID cards) tomorrow, a notion that
would have been unthinkable in Britain 10 years ago. Yet now we seem to
accept that the authorities have these new rights over us and that we
must simply roll over and go along with this oppressive behaviour.

Every part of me recoils from these developments. I go on complaining
and making the case that a profound change is underway which is not a
matter of debate, but of actuality. We are living this revolution. Our
apathy and complacency enables it. One day our children and
grandchildren will look back and wonder what on earth was going through
our minds; how we lost our faith in liberty, which when it comes down to
it will be the story of how we lost our self respect as citizens.

Unless many more understand what is going on with the nightmarish
clarity that afflicts some of us, and they start campaigning and doing
everything they possibly can to reassert individual rights, the fight
will eventually be lost. "

Read the original in full.

Lawsuit alleges evoting negligence in Florida

The EFF are amongst the complainants in a lawsuit alleging evoting negligence in Florida. I understand that David Jefferson and Dan Wallach are amongst the technical experts working on the case.

The lawsuit is calling for a re-run of the election in that area because nearly 20000 ballots didn't register a vote in the county's House of Representatives race. Even if independent experts do get to examine the machines involved, they may not be able to determine whether there was malicious code used, since as Ed Felten and others have ably demonstrated, such code can erase itself once the damage is done.

That the ACLU, the EFF and a number of other advocacy groups are putting scarce resources into this case might mean it has the kind of detailed facts making it a good test case to break through significant barriers with evoting, such as the vendors using secret software. It should be an interesting one to watch, as the current state of affairs with evoting in the US is unsustainable.

MacDonalds want patent on making a sandwich

MacDonalds have, according to the Guardian, applied for a patent, in the US and EU (in 55 pages of legalese), on making a sandwich. That deserves a prominent spot at Totally Absurd Inventions.

Thanks to Louise bia the ORG list for the pointer.

Haloscan filtering on this blog

Spyblog has been blocked from posting a comment to this blog by Haloscan. As someone who is forever getting snared by blunt software filters because of the title and url of this blog, I am not pleased. I have written to Haloscan to ask for an explanation.

Children's Databases: Safety and Privacy

The Foundation for Information Policy Research are releasing a report today for the Information Commissioner entitled Children's Databases: Safety and Privacy explaining that the government's blanket surveillance approach to child safety is actually going to put children at risk.

The reports authors are:

Professor Ross Anderson, University of Cambridge,
Terri Dowty, Director, Action on Rights for Children,
Dr Richard Clayton, University of Cambridge,
Professor Douwe Korff, London Metropolitan University,
Dr Eileen Munro, London School of Economics,
Dr Ian Brown, UCL,

so you can guarantee it is worth reading.

Elsewhere on a similar theme, the New Statesman decided not to publish this excellent article from Dave Hill about the Children's Index. It would have been interesting to be a fly on the wall at the New Statesman editorial meeting which decided not to run with the article.

Update: The report is now available and various corners of the media have picked up on it. It highlights five main concerns with the government's mass surveillance "solution" to child safety:

1. The government's strategy will divert resources and attention away from
frontline services;

2. The government hopes that sharing information from health,
education, social care and youth justice systems will enable it to
predict which children will become criminals. But predictions can
be highly fallible, and labelling children can stigmatise them.
Children 'fingered' by the computer as 'bad' may find that their
teachers have lower expectations, while the police may be more
likely to treat them as suspects rather than witnesses;

3. Moving responsibility from teachers, doctors and social workers to
a central system will also erode parental responsibility. Parents
and children's views will be more easily sidelined. The policy
involves micromanaged targets for every child, with responsibility
for achieving them placed on children's services, rather than
parents -- even down to meeting 'performance indicators' about the
amount of fruit and vegetables eaten and participation in
voluntary work;

4. Children will be bullied into providing intrusive data on
themselves, their parents and friends without proper safeguards,
and into giving their 'consent' to widespread data sharing without
involvement of their parents, in contravention of the law;

5. Families' privacy and autonomy will be corroded as the government
puts them under surveillance. The new policy will treat all
parents as if they cannot be trusted to bring up their children
and to ask for help if and when needed.

A Department for Education and Skills (DfES) spokesman is quoted by the BBC as saying: "We have some serious reservations about this report's objectivity and evidence base" which is actually quite funny when you look at the extensive list of government documents, listed in the footnotes, which the authors base their analysis and conclusions on. The DfES is trying to spin it by saying the report was done for the Information Commissioner but does not represent his views yet he has repeatedly made many of the same points when talking publicly about the government strategy in this area. No doubt he is coming under pressure in private to sideline the report but that just wouldn't wash, even in the highly unlikely event that the Information Commissioner was influenced by such pressure. The report is a thoroughly comprehensive, impeccable study by some of the most knowledgable people in the field. The government would do well to reign in its usual reflex response to constructive feedback and take note of the findings. Sadly I fear there will be pigs flying over Whitehall under their own volition before we see such positive engagement from the current incumbents.

Tuesday, November 21, 2006

From 7 laws of identity to 7 laws of privacy

Ontario Privacy Commissioner, Anne Cavoukian, has taken Kim Cameron's 7 laws of identity and derived 7 laws of privacy from them. What a good idea.

Welsh Dragon Sausages worry trading standards

According to IPKat, trading stadards officers in Wales are concerned that consumers might be misled by a food company, Black Mountains Smokery's 'Welsh Dragon' sausages, since they contain pork rather than dragon. Apparently officials have also said they wouldn't want vegetarians to think the sausages were meat free.

Podcast interview with Schneier

Dave Birch's podcast interview with Bruce Schneier is available at the Digital Identity Forum.

Home educator writes to Education Secretary

Home educator, Carlotta, has written a an excellent letter to Education Secretary, Alan Johnson, on the government's list of initiatives related to children.

Suspect Nation

Henry Porter did a nice documentary on More4 yesterday evening giving a broad ranging introduction to surveillance technologies like CCTV, ID cards, RFIDs, no fly lists, biometrics and mobile phones, and the blanket secret wiretapping in the US.

He even got Al Gore to quote Bruce Schneier's line about mass data collection being like trying to find a needle in a haystack by throwing more hay on the stack. Despite having written about the issues for a long time, he seemed somewhat amazed towards the end, when Adam Laurie demonstrated just how easily all the data being gathered can be accessed by a third party. Laurie showed the results of hacking into a CCTV system filming Porter on the streets of London, secretly recording Porter's conversation with another journalist by taking remote control of a mobile phone and breaking the security on the biometric chip on the new UK passports.

The programme is being repeated tomorrow evening at 10pm.

Update: Spyblog has kindly pointed out that I got the timing of the repeat wrong. It is due to be repeated Wednesday, 29th November at 10pm. Unfortunately his comment here got blocked by Haloscan filters. Grrr. I'm getting really fed up again with stupid software filters and will be asking Haloscan for an explanation as well as encouraging them to put the situation right.

Monday, November 20, 2006

The seed gestapo

Jonathan Rowe has been ruminating on grains of rice that are set aside and used as seeds in the next planting season and the impact of modern intellectual property law. Recommended reading.

Videos in cars

Robert Cringely has built a video player for his minivan and wonders why Sony or come like minded tech co. had not already thought of it.

NATO expert on Cyberterror

Ian Brown has been taking notes at a NATO-Russia round-table on cyberterror a couple of weeks ago. Essential reading.

National Academy for Parenting Practitioners

The government are now going to set up a National Academy for Parenting Practitioners.

Meanwhile the childminder is wondering about the government's committment to their every child matters agenda and a group of youngsters are dneied permission to enter the Lowry exhibition in Salford.

The UK has gone barking mad when it comes to dealing with children. Given that kids are growing up in a society that treats them either as total pariahs or innocent victims who need protection at all costs, it is remarkable that we have such a largely well adjusted young populace.

Thanks to ARCH for the links.

This Big Brotherly love is totally misplaced

Simon Davies on mass surveillance. Excellent.

UK copyright term extension proposals

James Boyle has a wonderful article in the FT on the music industry proposals to extend the term of copyright for sound recordings in the UK.

"The whole idea is very stupid. But if this is the stupid idea we wish to pursue, then simply increase the income tax proportionately and distribute the benefits to those record companies and musicians whose music is still commercially available after 50 years. Require them to put the money into developing new artists – something the current proposal does not. Let all the other recordings pass into the public domain.

Of course, no government commission would consider such an idea for a moment. Tax the public to give a monopoly windfall to those who already hit the jackpot, because they claim their industry cannot survive without retrospectively changing the terms of its deals? It is laughable. Indeed it is. Yet it is a better, saner proposal than the one before us. Which tells us something about the current state of copyright policy."

Universal sue MySpace

Universal has sued MySpace over postings of copyrighted music videos. The complaint is available at Findlaw, though not in a particularly user friendly format.