Sunday, December 30, 2007

Beware the state’s ID card sharks

"As chancellor, Brown relentlessly pursued his forlorn vision of a 'joined-up identity management regime' across public services. As prime minister, he continues this vain search, like an obsessed alchemist, for a giant database that his closest advisers ominously refer to as a 'single source of truth'.

"This fixation has not revolutionised public services. It has led to disaster. Brown’s approach combines three flaws: the ruthless pursuit of 'identity management'; a naive faith in computerised solutions; and sheer recklessness in managing the integrity of systems to which he is devoted. This has delivered a massively overcentralised government and a surveillance society." —David Davis MP, shadow Home Secretary

Wednesday, December 19, 2007

This spate of crises speaks of a bloated, broken Whitehall

"Brown's famous ´delivery tool´, e-government, is imploding in a welter of costs. A 2005 survey in the Guardian rated Britain bottom of seven western governments in using computers - everything from procurement to ´scrap rates´ and negotiating weakness. Whitehall's response was to double spending on consultants by the Office of Government Commerce. Government computers are like Hal in the film 2001, with inbuilt self-aggrandisement and self-defence.

"With costs on the ID card and NHS computer projects accelerating beyond the power of audit, there is no sign of improvement. In areas such as child support, doctor recruitment, defence coordination, illegal immigration and farm subsidies, not millions but billions of pounds are being wasted. Next year the senseless ContactPoint computer of all child records will go online, costing £40m a year just to operate. It is a racing certainty that this project will collapse from over-complexity and insecurity." —Simon Jenkins

Monday, December 17, 2007

¡Nos vemos en un mes!

Blogzilla is off to stomp around South America for a month. Hopefully will be able to send some despatches from Brazil, Argentina, Paraguay, Uruguay and Peru — but normal service will resume mid-January. ¡Hasta la vista, boludos!

Privacy as a key system requirement for building trust

Given the data debacle of the last month in the UK — today's episode: Norwich Union fined £1.26m for losing customer data — the engineering of privacy-protective systems is now a lot higher up the policy agenda.

How does one design and build such wondrous systems? Dear reader, I would suggest you start with my slides from last week's Public Services Summit in Stockholm where I described exactly that:

Eindhoven Institute for the Protection of Systems and Information

I am very proud indeed to have been invited to speak alongside Bruce Schneier, Whit Diffie and Andrew Odlyzko at the launch of the Eindhoven Institute for the Protection of Systems and Information. Schneier is the world's leading security guru and author of Applied Cryptography, one of my most favourite geek-out books. Diffie invented public-key cryptography, the foundation of Internet security, and has since authored classics such as Privacy on the Line. Odlyzko is one of the world's top information economists and mathematicians. It should be a fun event!

Sunday, December 16, 2007

Henry Porter's constitutional preamble

These truths Henry Porter (and I) hold self-evident…

"That government exists to serve and respect the people and can only do so by trusting the people; that every individual has the right to privacy and that personal information is exactly that — personal; that every individual has a right to justice — access to proper representation, to know the evidence against them, and be punished only if a normal court of law has decided the law has been broken; that every individual has the right to communicate, move about, assemble and express him or herself without the state obstructing, interfering with or monitoring those activities; that government and the state are not the same thing; that good government is only possible when these liberties are respected and government is fully accountable to the people."

Saturday, December 15, 2007

The Insatiable Appetite for Intellectual Property Rights

“We should be trying to hone the system so that the greatest rewards and encouragement go to those industries which need and deserve them most. Where IP rights perform their function of advancing the sciences or arts, they should be encouraged to do so. Where or to the extent that they do not, they have no justification and the normal discipline of competition should prevail. The gluttony which has resulted in the growth of completely unnecessary or excessively long IP rights undermines the system itself.” —Professor Sir Hugh Laddie QC

World Service on cybercrime

The World Service broadcast a 20-minute debate this lunchtime on cybercrime featuring yours truly along with cyber forensics expert Gary Warner from the University of Alabama and penetration tester Jason Moon. You can listen online, at least for now.

Who is the Justice Secretary kidding?

"In Wednesday's Guardian we had a superlative example of repackaged narrative. With jaw-dropping chutzpah, Jack Straw tells us that not only is it a complete fantasy that Labour reduced liberty — in fact Labour advanced its cause. Well, as my old mother would have said, tell that to the marines.

"This piece of effrontery did not come as a total surprise, as only a couple of weeks ago I was invited to debate the government's record on civil liberties and heard the same load of horse manure fall from the mouth of the former Lord Chancellor, Charles Falconer. It is the new line. 'We gave you human rights so we have actually added to your civil liberties.' He who fashioned it? I can hazard a guess but, dear reader, do not be misled. What it tells us is that spin is alive and well and sadly living in the hearts of some of those we thought had been translated to the new administration unencumbered by the pall of the old." —Baroness Kennedy QC

Friday, December 14, 2007

Is God in the machine?

Recording a Radio 4 spot
This week Radio 4's science show Leading Edge kindly asked me to record a short opinion piece. It was broadcast on last night's programme. You can listen to the audio, and read below my cheery Christmas message.

We are living in the middle of an information revolution. In 1965 Intel founder Gordon Moore first noted the doubling of the number of transistors per integrated circuit roughly every 24 months [1]. Raw computer power has since increased a million-fold. Hard disk capacity and Internet bandwidth are increasing at an even faster pace. Disk information density is doubling annually [2]. We can now fit 160 wavelengths down one fibre cable, with photonic integrated circuits capable of carrying 1.6 terabits per second [3] — the equivalent of over 10,000 television channels.

Surely the UK government must be correct to think this explosion in computing capability can solve some of society's most pressing problems? National databases of 60m citizens' health records, biometrics and children's details are now possible. You could be data matched against the profiles of alcoholics, suicide bombers and delinquent dads before breakfast. Even the estimated £70bn budgeted by the governments of Tony Blair and Gordon Brown on major IT projects and consultancy [4] would seem small change if their promises of a substantially healthier and safer society were fulfilled.

Unfortunately our capacity to design, build and securely operate information systems has not progressed quite so rapidly. In the last decade alone we have seen severe IT problems at the Child Support Agency, Passport Office, Criminal Records Bureau, HM Revenue & Customs, National Air Traffic Services and the Department for Work and Pensions [5]. Revenue & Customs have recently demonstrated the problems of systems that allow 25m child benefit records to be downloaded by junior officials — and who knows how many criminal gangs had already trodden this path before two discs were so unfortunately lost in the post.

The Information Commissioner told Parliament last week he had recently seen a whole stream of top businessmen and civil servants who revealed on a "confessional basis" that many more spectacular data breaches remain to be discovered [6].

We have heard from the prime minister that biometric security based on fingerprints and iris scans would reduce the problems caused by criminal plundering of personal data. This claim is not based on a realistic understanding of the technology [7]. We have recently seen fingerprint scanners fooled by prints reconstructed using gummi bear sweets. Trials have found problems in recording biometrics from several groups such as Asian women and manual workers. And once your biometrics are compromised, you have no way to change your fingers or irises.

In building widely accessible databases describing tens of millions of citizens, it seems that our government is trying to run at the speed of Moore's law rather than walk at the much slower pace of our developing understanding of secure and privacy-protective systems. Rather than risk a continuing stream of Revenue & Customs-scale breaches, the government might be wiser to listen to the computer scientists [8] who recommend a slower and more considered path towards information nirvana.

[1] Gordon E. Moore. Cramming more components onto integrated circuits. Electronics Magazine 38(8), 19/4/1965

[2] E. Grochowski and R. D. Halem. Technological impact of magnetic hard disk drives on storage systems. IBM Systems Journal 42(2), 21/4/2003

[3] Fred A. Kish et al. Ultra High Capacity WDM Photonic Integrated Circuits. Optical Fiber Communication and the National Fiber Optic Engineers Conference 2007

[4] David Craig and Richard Brooks. Plundering the Public Sector. London: Constable, 10/4/2006

[5] Parliamentary Office of Science and Technology. Government IT projects, July 2003

[6] Patrick Wintour. Information chief calls for review of ID card plans. The Guardian, 5/12/2007

[7] Ross Anderson, Richard Clayton, Ian Brown, Brian Gladman, Angela Sasse and Martyn Thomas. Biometrics are not a panacea for data loss. Letter to the Joint Committee on Human Rights, 26/11/2007

[8] Brian Randell. A computer scientist's reactions to NPfIT. Journal of Information Technology (2007) 22, 222–234

Thursday, December 13, 2007

Freedom of speech

"Though liberty is indivisible, regimes of liberties have a structure. The keystone of the arch is free speech. Without free speech one cannot claim other liberties, or defend them when they are attacked. Without free speech one cannot have a democratic process which requires the statement and testing of policy proposals and party platforms. Without free speech one cannot have a due process at law in which one can defend oneself, accuse, collect and examine evidence, make a case or refute one. Without free speech there cannot be genuine education and research, enquiry, debate, exchange of information, challenges to falsehood, questioning of governments, proposal and examination of opinion. Without free speech there cannot be a free press, which although it always abuses its freedoms in the hunt for profit, is necessary with all its warts, as one of the two essential estates of a free society (the other being an independent judiciary). Without free speech there cannot be a flourishing literature and theatre. Without free speech there are limits to innovation and experiment in any walk of life. In short and in sum, without free speech there is no freedom worth the name in other respects where freedom matters." —A.C. Grayling

Monday, December 10, 2007

The Picture Of Conformity

After the hell of being herded for 25 minutes through Heathrow Terminal 1 security on Sunday, this Washington Post article (via ORG) on "anticipatory conformity" struck a real chord. It includes this comment from Paul Saffo:

"As the memory of a world without surveillance disappears, society will just create a new normal, and then you'll see worse horrors. Our whole lives will become like the TSA checkpoint. You walk in there, you don't look mad, don't look upset, don't look distracted. Do nothing to stand out."

Sunday, December 09, 2007

Pepsi to give away 1 billion DRM-free downloads

Interesting news from Pepsi via Rhys Blakely in The Times:

"Pepsi is preparing a year-long marketing campaign in the United States in which up to a billion digital music tracks will be given away. Based on the prices charged by Apple, the largest online music retailer, the offer could be worth up to $1 billion (£490 million).

"Crucially, the drinks group is believed to be teaming up with, the online retailer vying with Apple’s iTunes music store, to distribute the giveaway tracks… It is also thought that the music will be distributed free of the digital rights management (DRM) technology that limits where legitimately downloaded tracks can be played."

This is another nail in the coffin of the artificial scarcity business model for digital music — or, as Cory Doctorow puts it, the "urinary tract infection" experience.

Wednesday, December 05, 2007

Data fiasco keeps getting worse

The lost disc disaster keeps getting worse for the government. This morning the Metropolitan Police have announced that they have finished their primary search with no results, and are therefore offering a £20,000 reward for the discs. Of course, even if they show up, it is highly likely that they have already been duplicated and plundered.

Much more seriously, it appears that the discs contain the names and addresses of up to 350 people who have changed their identities after giving evidence against serious criminals. If one of them is murdered, will we see someone more senior than the chairman of HMRC take responsibility?

The Information Commissioner was rightly on the warpath yesterday. In evidence to the House of Commons Justice Select Committee he said:

"Any massive collection of information like the identity card carries risk … We still have some uncertainties about what the primary purpose of the identity card is … Is it to improve policing, to fight terrorism, to improve public services, to avoid identity theft? I think there is a lot of thinking still to be done on its primary purpose."

Wouldn't it be a good idea for the government to decide what they want their ID database to achieve before they spend £20bn on the scheme?

Tuesday, December 04, 2007

Eunuchs, death threats and copyright

Last week the Social Market Foundation held an event on Intellectual Property Rights and Consumer Rights, sponsored by the Alliance Against IP Theft and with a keynote speech from the Minister for Intellectual Property, Lord Triesman. Muggins here was the token "consumer" speaker in a room packed full with right holder lobbyists and lawyers.

The highbrow tone of the debate did not disappoint. From the floor one IP lawyer asked Lord Triesman whether bands like Radiohead should be banned from trying out new business models. In his presentation, Eighties popstar Fergal Sharkey variously called me a eunuch, ultra-liberal cyberprof and über-capitalist free marketeer. I assume that means I had taken a reasonably balanced position! Still, better than the death threat I got from Nineties crooners Right Said Fred at a similar event organised by JP Morgan in 2001.

If like me you're more interested in copyright policy discussion than ad hominen attacks, you can read through my slides and also Michael Holloway's report on the meeting. Meanwhile, Lord Triesman has more pressing concerns.

Schneier: Security in Ten Years

"Throughout history and into the future, the one constant is human nature. There hasn't been a new crime invented in millennia. Fraud, theft, impersonation and counterfeiting are perennial problems that have been around since the beginning of society. During the last 10 years, these crimes have migrated into cyberspace, and over the next 10, they will migrate into whatever computing, communications and commerce platforms we're using." —Bruce Schneier

Sunday, December 02, 2007

Ready, steady, scrap

"Gordon Brown should announce forthwith that he is putting his three wildest white elephants out to grass: identity cards, the National Health Service computer and the plan to locate the 2012 Olympics in Stratford. All have budgets out of control. Such is this centralist squandermongering that Brown could take 2p off income tax for a decade or give every school, hospital and library in Britain a Christmas bonus of £1m." —Simon Jenkins

Saturday, December 01, 2007

Data protection won't help once all the data is gone

"Data-protection legislation won't help when the data is gone. Biometrics won't help, because it can only secure individual transactions. The Home Office doesn't ask for your fingerprint in order to give your details to someone it thinks is from Revenue & Customs.

"Simply put, the [ID] system will create crime. It will be unworkable. And it will destroy the trust between citizen and state that has existed in this complex, ancient nation — a model of democracy, common sense and decency — for 800 years. The technology has simply not been invented that could keep an entire database state properly secure and give the government the control it aims for." —Christina Zaba

EC High Level Review of the future of networks and the Internet

European Commission Charlemagne buildingI spoke on Wednesday at a closed European Commission meeting reviewing progress on the EU's i2010 agenda. There were several other excellent speakers and a fascinating discussion with the Commission staff and 30 European Economic Area member states' representatives present. If you are interested you can see my short introductory presentation: Openness and innovation in the information society.

Lords Constitution Committee publishes privacy inquiry evidence

The House of Lords Constitution Committee is conducting an inquiry into surveillance and data collection. They have now published evidence submitted to the inquiry, including the response I co-authored in June with colleagues from the Foundation for Information Policy Research. I recommend reading the entire submission, but here is a brief taste:

13. At the level of philosophy, human rights are most commonly founded on the principle of human dignity. Pervasive surveillance will undermine personal dignity, and ultimately support for human rights.

14. There are other theories. A communitarian view is that many public goods depend on social capital — the networks of mutual obligation, reciprocity and trust that exist in society. Diminished social capital increases crime; damages child development; and particularly harms the poor, who have less human or financial capital as a backstop. Social capital is generally built by local action and diminished by central action: involving parents in running a school is vastly preferable to using a government computer as their surrogate.

15. A third view is that privacy is an internalised version of territoriality and serves to order society. This comes from the substantial research literature on the economics of privacy, in which central problems are why privacy remains more of a luxury good than a fundamental right, and why people do not complain more about privacy erosion. We tend to the view that they are starting to, as awareness spreads from the policy and technical elite to the masses.

States flex muscles in cyberspace

On Thursday McAfee published their Virtual Criminology Report 2007, commissioned from myself, Prof Lilian Edwards and Prof Eugene Spafford. Our main finding was that this is the year that states have really started flexing their cybermuscles, with incursions into sensitive government networks by China reported by the UK, US and Germany over the summer and three weeks of attacks on Estonia during May.

While China has rejected our report, MI5 Director-General Jonathan Evans wrote on Wednesday to the CEOs of 300 UK companies warning them of Chinese surveillance. I just spoke to the World Service and Radio 4 about this.

Of course, countries such as the US and UK conduct similar electronic espionage. As the former CIA director James Woolsey said in 2000:

"[A]pproximately 95 percent of U.S. intelligence collection with respect to economic matters, which itself is only one of a reasonable number of U.S. intelligence targets — but with respect to economic matters, 95 percent of our intelligence collection is from open sources. Five percent is essentially secrets that we steal. We steal secrets with espionage, with communications, with reconnaissance satellites."

Dr Brian Gladman has compared the online intelligence battles of the major states and their proxies as the 21st century equivalent of state-sponsored piracy:
"Nations gave up their sponsorship of piracy then when they came to realise that they each gained more from a safe global trading environment than they did in encouraging pirates to plunder the trade routes of other nations. We are now in an analogous situation in cyberspace with some nations claiming to support the global information society — a development which requires respect for the information assets of others — whilst secretly pursuing economic intelligence collection in what amounts to a direct modern analogue of the State sponsored piracy of past ages.

"The global information society (and the associated global electronic trading environment) cannot truly flourish while nations sponsor (or are perceived by others to sponsor) information piracy in cyberspace."

The international law of the sea took centuries to develop. Will we see an online equivalent in our lifetimes?

Tuesday, November 27, 2007

Coming next… an even bigger database

"The parents whose information has been lost may not be happy to hear that their medical history, benefits statements, education details, criminal record, tax information and driving licence facts could all potentially be accessed through a central computer." —Rachel Sylvester

Monday, November 26, 2007

Biometrics are not a panacea for data loss

Along with several colleagues I have been worried by the government's emphasis over the last week on biometrics as a "solution" to data breaches such as those from HM Revenue & Customs. We wrote this morning to Parliament's Joint Committee on Human Rights to point out these problems as follows (now picked up by the Daily Mail, Computing, the Register, New Statesman and the IEEE):

Mr Andrew Dismore MP
Chair, Joint Committee on Human Rights
Committee Office
House of Commons
7 Millbank
London SW1P 3JA

cc: Committee members; David Smith, Deputy Information Commissioner

26 November 2007

Dear Mr Dismore,

The government, in response to the recent HMRC Child Benefit data breach, has asserted that personal information on the proposed National Identity Register (NIR) will be 'biometrically secured':

"The key thing about identity cards is, of course, that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be." - The Chancellor, Hansard Column 1106, 20/11/07

"What we must ensure is that identity fraud is avoided, and the way to avoid identity fraud is to say that for passport information we will have the biometric support that is necessary, so that people can feel confident that their identity is protected." - The Prime Minister, Hansard Column 1181, 21/11/07

These assertions are based on a fairy-tale view of the capabilities of the technology, and in addition, only deal with one aspect of the problems that this type of data breach causes.

Ministers assert that people's information will be 'protected' because it will be much harder for someone to pass themselves off as another individual if a biometric check is made. This presupposes that:

(a) the entire population can be successfully biometrically enrolled onto the National Identity Register, and successfully matched on every occasion thereafter - which is highly unlikely, given the performance of biometrics across mass populations generally and especially their poor performance in the only, relatively small-scale, trial to date (UKPS enrolment trial, 2004). Groups found to have particular problems with biometric checks include the elderly, the disabled and some ethnic groups such as Asian women;

(b) biometrics are 'unforgeable' - which is demonstrably untrue. Biometric systems have been compromised by 'spoofing' and other means on numerous occasions and, as the technology develops, techniques for subverting the systems evolve too;

(c) every ID check will be authenticated by a live biometric check against the biometric stored on the NIR or at the very least against the biometric stored on the chip on the ID card which is itself verified against the NIR. [N.B. This would represent a huge leap in the cost of the scheme which at present proposes only to check biometrics for 'high value' transactions. The network of secure biometric readers alone (each far more complex and expensive than, e.g. a Chip & PIN card reader) would add billions to the cost of rollout and maintenance.]

Even if, in this fairy-tale land, it came to pass that (a) (b) and (c) were true after all (which we consider most unlikely), the proposed roll-out of the National Identity Scheme would mean that this level of 'protection' would not - on the Home Office's own highly optimistic projections - be extended to the entire population before the end of the next decade (i.e. 2020) at the earliest.

Furthermore, biometric checks at the time of usage do not of themselves make any difference whatsoever to the possibility of the type of disaster that has just occurred at HMRC. This type of data leakage, which occurs regularly across Government, will continue to occur until there is a radical change in the culture both of system designer and system users. The safety, security and privacy of personal data has to become the primary requirement in the design, implementation, operation and auditing of systems of this kind.

The inclusion of biometric data in one's NIR record would make such a record even more valuable to fraudsters and thieves as it would - if leaked or stolen - provide the 'key' to all uses of that individual's biometrics (e.g. accessing personal or business information on a laptop, biometric access to bank accounts, etc.) for the rest of his or her life. Once lost, it would be impossible to issue a person with new fingerprints. One cannot change one's fingers as one can a bank account.

However, this concentration on citizens 'verifying' their identity when making transactions is only one issue amongst many when considering the leakage of personal data. Large-scale losses of personal data can have consequences well beyond an increase in identity fraud. For example, they could be potentially fatal to individuals such as the directors of Huntingdon Life Sciences, victims of domestic violence or former Northern Ireland ministers.

It is therefore our strongest recommendation that further development of a National Identity Register or National Identity Scheme (including biometric visas and ePassports) should be suspended until such time that research and development work has established beyond reasonable doubt that these are capable of operating securely, effectively and economically on the scale envisaged.

Government systems have so far paid little attention to privacy. Last week's events have very significant implications indeed for future government information systems development.

We would be pleased to clarify any of these points or provide further information if useful to the Committee.

Yours sincerely,

Professor Ross Anderson
Dr Richard Clayton
University of Cambridge Computer Laboratory

Dr Ian Brown
Oxford Internet Institute, University of Oxford

Dr Brian Gladman
Ministry of Defence and NATO (retired)

Professor Angela Sasse
University College London Department of Computer Science

Martyn Thomas CBE FREng

Sunday, November 25, 2007

We have all the details we need

"It was Junior Civil Servant X, after all, who reportedly downloaded the data of 25 million people onto two unencrypted discs and dispatched it by internal mail to the National Audit Office. Witless, yes: but such data had been sent that way before. For the Government to blame a low-level employee for this fiasco is a bit like allowing a teenage work experience girl access to the nuclear button, and then bleating that she had 'clearly not followed strict rules' when she reached for her skinny latte and accidentally wiped out Tajikistan." —Jenny McCartney

A mass movement against state snoopers

"Each of us should understand that personal information is exactly that — personal — and that the government has only limited rights to demand and retain it. The scale of its operations and the innate weakness of the systems is a very grave concern to us all." —Henry Porter

Saturday, November 24, 2007

The revenge of Googlezon

The media's gaze has rightly widened from the government's data debacle to the floods of personal data being gathered by search engines, e-commerce sites and especially social networking utilities. The Information Commissioner's Office has issued a warning to young people about the potential damage such sites can do to their academic and employment prospects.

I spoke about this last night to Newsnight.

Crisis of identity

"The government has claimed that the cards would combat identity fraud. But the opportunity handed to fraudsters with the loss of the Revenue discs demolishes that argument. Few will trust Whitehall to manage such sensitive data again. There are grave problems with introducing even a well-managed ID card system. Instead, we are being asked to accept one that will drain taxpayers’ money and yet leave no-one sleeping better at night. Mr Brown has displayed relish in tearing up some of his predecessor’s pet schemes. He should now add ID cards to the scrapheap." —The Financial Times

We pay no attention to the man behind the curtain

"Already the pall of platitudes is being spread over both cockups. Identical platitudes, in fact. There will be a 'root and branch' review of management systems within HMRC. There will be a 'root and branch' review of the arrangements around the England team. And yet it doesn't feel awfully like that at present. Vitriol is being poured over the England goalkeeper Scott Carson, just as it will be over the still anonymous junior manager who popped the child benefit database in the post. Obviously, both of them had shockers. But it feels neither root nor branch to be laying the blame on a 22-year-old and a 23-year-old respectively. Then again, deeper chaos is much more frightening to contemplate, let alone deal with." —Marina Hyde

Request and response for child benefit data was incompetent

It is clear from correspondence between the National Audit Office and Her Majesty's Revenue & Customs over the lost files fiasco that this data should never have been requested, nor supplied.

NAO wanted to choose a random sample of child benefit recipients to audit. Understandably, it did not want HMRC to select that sample "randomly". However, HMRC could have used an extremely simple bit-commitment protocol to give NAO a way to choose recipients themselves without revealing any of the data related to those not chosen:

  1. For each recipient, HMRC should have calculated a cryptographic hash of all of the recipient's data and then given NAO a set of index numbers and this hash data.

  2. NAO could then select a sample of these records to audit. They would inform HMRC of the index values of the records in that sample.

  3. HMRC would finally supply only those records. NAO could verify the records had not been changed by comparing their hashes to those in the original data received from HMRC.

This is not cryptographic rocket science. Any competent computer science graduate could have designed this scheme and implemented it in about an hour using an open source cryptographic library like OpenSSL.

Ben Laurie notes that the redacted correspondence itself demonstrates a lack of basic security awareness. I hope those carrying out the security review of the ContactPoint database are better informed.

I never lose things. Bet I'd find those discs

"The notion that a 23-year-old bloke, having whipped up a zip file detailing every child in the nation, puts down his Ginsters scotch egg slice for a moment, calls the courier company, but can't be arsed to fill in the additional labels to send the parcel as registered mail, is as comic as it is tragic. Certainly the jolly Indian lady in my local post office thought so on Wednesday: 'Ha ha ha, dear, yes better post special delivery: else you'll have to send the police looking for it!'" —Janice Turner

Friday, November 23, 2007

The Lovely Mistresses of George W. Bush

Telecom Heiress Eve Stropping
"The Lovely Mistresses of George W. Bush is a classically styled, 13 month pin-up calendar ending on January 20th, 2009, the final day of George W. Bush's presidency. Packed with jaw dropping all-original images by Burke Heffner, The Lovely Mistresses features some of America's hottest burlesque stars and pin-up girls.

"Every stunning girl is a hilarious reveal of the corporations, special interest groups and billionaires who have influenced George the most. Each pin-up includes her vital statistics, important dates and a farewell love letter to the president." (via Boing Boing)

Thursday, November 22, 2007

WIPO vs 1984

"The conclusion you presented to your African brothers, whose support you want for your re-election is a disgraceful fools market. An insult to their intelligence and to their integrity. It betrays your contempt for your interlocutors as well. Do you take your staff, your member states, your NGOs and the press for imbeciles?" —WIPO staff open letter to director Kamil Idris

See my own thoughts on the World Intellectual Property Organisation.

Labour's new lottery: You could be ripped off

"What is so appalling about the present episode is the casualness, the condescending indifference on the part of the state towards the privacy of British people.

"This is how they treat vital personal information — allowing a junior official to burn it on to several discs, and then losing it in the mail.

"How dare these people continue to make the case for ID cards? How dare they claim that they can be trusted with any more of our data?

"The argument is lost, and before the Government wastes £10 billion of our money, it should run up the white flag and withdraw the Bill." —Boris Johnson MP

Steve Bell on the data debacle

Wednesday, November 21, 2007

Why was HMRC sending sensitive data through the post?

According to Computer Weekly editor Tony Collins: to avoid security controls on online transfers.

Second-class and lost in the post

"It is shocking, it is risible, it is hilarious. Someone gave a disc containing confidential data about 25 million people to a bloke on a bike? And he lost it? Of course, a case of mass identity or financial fraud would never happen in this way. It is too chaotic. Fraud will happen through a far more organised infiltration of the official systems; but what yesterday's revelation does is underscore the insecurity of those systems. And allows us to giggle at the po-faced pretence of those in authority that they are any better at protecting us than we are ourselves." —Alice Miles

Tuesday, November 20, 2007

Discs with 15m bank details lost by Revenue

What happens when you put sensitive data about tens of millions of individuals into centralised government databases with atrocious security controls? Go on, take a wild guess

Thank goodness the government isn't making a similar mistake with highly sensitive information about all of the UK's children. Or everyone's medical records. Or indeed, everyone's entire identity.

More from Ross Anderson.

UPDATE: The government has now admitted that 25 million individuals' data was lost. I spoke tonight about this on Newsnight.

UPDATE 2: Also spoke to Five Live, BBC Radio Wiltshire and Fox FM on this.

Monday, November 19, 2007

Happy ORG day!

Support the Open Rights Group
One of the most exciting political organisations in the UK right now is the small but perfectly-formed Open Rights Group. It was founded two years ago based on a promise from 1,000 people to donate £5 per month to a UK digital rights organisation. Ever since, ORG has been exploiting new Internet technologies to massive political effect. Old-skool tech like public meetings, parliamentary lobbying and mailing lists has combined with ORG blogs, wikis, twittering and assorted other 2.0 technologies to:

  • Convince the Gowers review of intellectual property that Cliff Richard was not the leading copyright thinker that he claimed.

  • Expose the shocking electoral problems caused by e-voting and e-counting equipment in May 2007's ballots.

  • Persuade the All-Party Parliamentary Internet Group that Digital Rights Management is not manna from heaven for the creative industries.

I'm extremely proud to have helped found and run ORG. So, why aren't you a member yet? Join now!

PS Danny O' Brien has a nice potted history.

Britain is a US client state and should not forget it

"In his speech on Tuesday the prime minister himself said ingratiatingly: 'I am a lifelong admirer of America. I have no truck with anti-Americanism in Britain or elsewhere in Europe and I believe that our ties with America founded on values we share constitute our most important bilateral relationship.'

"Those are interesting and thought-provoking words. Is it 'anti-American' to regret that we were dragged into the Iraq adventure purely to demonstrate Blair's — and Brown's — fealty to our most important bilateral partner, or even to wonder occasionally whether the last few years may not have raised questions about the fitness of the US for its role as hegemonic superpower? Does the prime minister have in mind the 'shared values' of Guantánamo Bay and Abu Ghraib? Of 'extraordinary rendition' and 'enhanced interrogation'?" —Geoffrey Wheatcroft

Sunday, November 18, 2007

It’s one small step from Brown’s paranoid state into a police one

"Given the fallibility of government computers — the new e-border one is to cost an astronomical £650m — getting into, out of and about Britain will change from inconvenient to sheer hell. If a Brazilian, de Menezes, can be shot for looking Arabic and a normal Briton in a diabetic fit be Tasered and manacled for 'looking Egyptian', the mind boggles at the accidents waiting to happen." —Simon Jenkins

We're trapped in a prison and the walls are rising higher

"How have we allowed this rolling putsch against our freedom? Where are the principled voices from left and right, the outrage of playwrights and novelists, the sit-ins, the marches, the swelling public anger? We have become a nation that tolerates a diabetic patient collapsed in a coma being tasered by police, the jailing of a silly young woman for writing her jihadist fantasies in verse and an illegal killing by police that was prosecuted under health and safety laws." —Henry Porter

Saturday, November 17, 2007

Fortress Britain, a grotesque thought

"If, as Gordon Brown says, 'terrorism can hit us anywhere', then what is the point? Where is the benefit in a mentality at once paranoid and supplicant? If a former iron chancellor is hoping to turn into an armour-plated premier, to create a vision of imminent threat that he alone can protect us from, he is failing. These new measures don't make him rock-like and brave but weak, flappy and overreactive. The term 'helicopter parent' is used to describe the obsessively risk averse, who hover over their children, terrified they will bump heads, scratch legs, wander an inch out of sight. We don't need a helicopter PM.

"But if this is just about creating a fearful hunger for authoritarianism to justify the extension of the 28-day detention limit, in turn so Labour can appear tougher on terrorism than the Tories, if Britain is to be made a citadel in the name of party politicking, it is an unspeakable shame." —Janice Turner

Publisher's plan could spell the end of hardback

Picador and moreIt seems that book publishers are losing their power to price discriminate using versioning in the same way that iTunes has almost fatally damaged the ability of the recording industry to bundle songs using albums. Picador has announced that it will from next year launch 80% of new books in paperback. Publisher Andrew Kidd told The Guardian: "Over the last few years publishers have witnessed sales of literary fiction in hardback reaching new lows. All of us find that depressing, and there are, frankly, no reasons to think the situation might soon reverse itself."

In better news for creative types, the booming live music scene is leading to the opening of a whole series of new venues. This is being driven both by new acts like the Arctic Monkeys, and reunion tours by groups such as the Police (who last year grossed more than £83.8m from 53 shows seen by more than 1.5 million people.) Mintel estimated the 2006 value of the UK's live music industry at £743m.

Recording companies are going to have to move extremely quickly if they are to avoid total disintermediation.

If you've got talent, hide it quick

"Of all the briefings against Lord Malloch-Brown in recent weeks, perhaps the most wearying was some anonymous source's diagnosis that he was 'struggling to make the transition'. Can you bear the faux sympathy? What truly grates is the implication that transferring to contemporary British politics is somehow a giant step up, as though deputy-presiding over the United Nations — or being last off your sinking ship in the heat of war and winning a DSC — are merely the nursery slopes compared with having to sit through a lot of tedious Westminster meetings while allies of the foreign secretary brief babyishly against you." —Marina Hyde

Thursday, November 15, 2007

UK wants Net companies to fight terror

Prime Minister Gordon Brown has set out his new national security plans, including the following:

One central issue is how to balance extremist views supporting terrorism which appear on the internet and media. The Home Secretary is inviting the largest global technology and internet companies to work together to ensure that our best technical expertise is galvanised to counter online incitement to hatred.

As I told Associated Press, this is more rhetoric than a realistic strategy.

Saturday, November 10, 2007

Perugia police find wealth of digital evidence

Meredith KercherThe investigation into the shocking murder of English student Meredith Kercher has uncovered a wealth of mobile and Internet-related evidence.

The main suspect, Raffaele Sollecito, blogged on 13 October 2007 that he wanted to try "extreme experiences". With his girlfriend Amanda Knox he was tracked on the evening of the murder to a meeting with the third suspect Diya Lumumba; they returned to Kercher and Knox's flat, where they switched off their mobile phones. Lumumba's later claim that he was running his bar at the time was shown to be highly unlikely, based on the timestamped receipts in the bar till.

The following lunchtime the Postal Police of Perugia visited Knox's flat because another flatmate's mobile phone (in recent use by Kercher) had been found in a neighbour's garden. They disturbed Sollecito and Knox, whose claim they were waiting for the Caribinieri was later shown to be false based on the timing of their call to the police.

Police searched Facebook for information related to Kercher, in particular to identify friends they could interview. Sollecito and Knox also had a wealth of personal information on MySpace, Facebook and YouTube.

Of course, as Cardinal Richelieu observed: "If you give me six lines written by the most honest man, I will find something in them to hang him." It will be interesting to see if all of the publicity around this case causes any shift away from the self-publicising culture of social networking sites.

If you are interested in finding out more, last year I wrote a research note on the powers that the UK police and other government agencies have to access such personal information. In September I gave a joint conference presentation on Facebook's privacy controls. I also just did an interview for Sky News.

The fame generation needs to learn the value of privacy

"Gradually, older generations are having to adjust to the notion that not only do younger people not really care about privacy; they often don't even comprehend the idea of it. Watch the audition rounds of any television talent show, and it seems as if an entire generation now believes fame to be a basic human right. Maybe one of the other rights had to give. Maybe it was privacy. At this rate, they'll be employing acting coaches to make their CCTV outings stand out from the crowd.

"But the view that this is a cultural shift with which we must all make our peace is wrong. Naive and cavalier is a dangerous combination, and a disdain for their own privacy will leave young people immensely exposed." —Marina Hyde

Friday, November 09, 2007

We can best stop terror by civil, not military, means

"The focus on the civil paths to peace does not ignore, in any way, the basic fact that terrorism and homicide, no matter how generated, are criminal activities that call for effective security measures. No serious analysis of group violence can fail to begin with that basic understanding. But the analysis cannot end there, since many social, economic and political initiatives can be undertaken to confront and defeat the appeal on which the fomenters of violence and terrorism draw to recruit active foot soldiers and passive sympathisers." —Amartya Sen

Thursday, November 08, 2007

Modern killers turn to video to get message out

The murder of seven Finnish students and their head teacher yesterday by a lone gunman is a tragedy. The gunman's YouTube video predicting the event has caught the media's attention, but is I think largely irrelevant. As I told Reuters:

"New technologies like the Internet get used by a very wide range of people unfortunately including in events like this. Previously many people who committed very serious crimes would get publicity through newspapers. This is how the mass media works in the 20th and 21st century."

The Guardian has a good background piece.

UPDATE: Also did interviews on this for Radio 4's PM and BBC Radio Oxford.

Tuesday, November 06, 2007

This morning I met the Queen

The Horse Guards
Well, she waved as she swept by in her carriage to open this session of Parliament :) Unfortunately she also forced me to cycle miles out of my way to get to a meeting at Scotland Yard. Her procession of mounted guards was something to behold; as was the fleet of ambassadors, admirals and peers that glided by afterwards in their Jaguars, Mercedes and BMWs. If you are a fan of British pageantry this is an occasion you really shouldn't miss.

Wits of the week in Guardian letters

"Your front-page headline (Guilty, but Blair refuses to go, November 2) gave me profound sense of deja vu." —David Greig

"I see a leading public figure, Charles Prince, has been forced to go (Report, November 5). A typo short of an abdication." —Keith Flett

Monday, November 05, 2007

So, Mr Cameron, what would you do with our liberties?

"Quoting Locke, de Tocqueville and Mill doesn't mean you have an instinctive feel for liberty. Indeed, Brown's whole belief in the wisdom of big government leads me to believe that he has no feel for liberty at all. And given his seeming lack of concern about extending detention without charge even beyond 28 days, presumably 'the next chapter in British liberty' he so badly wants to write is: 'The End'." —David Cameron MP

Sunday, November 04, 2007

Blair will resign. The only real question is when

"Let us recall exactly what happened to Jean Charles de Menezes on his way to work that morning. Armed agents of the state drilled seven dum-dum bullets into his brain. When police officers kill innocent people someone must be held to account. That principle is what distinguishes a free society from a police state. Sir Ian may not be personally culpable, but he is ethically responsible for his organisation. The moral buck stops with him." —Andrew Rawnsley

Friday, November 02, 2007

Co-designing the future

Designs of the Time 2007
Last week I spent a happy 30 minutes browsing around the Designs of the Time 2007 festival in Newcastle. Lots of fascinating projects including a climate change "weather forecast", OurNewSchool, Urban Farming and accessible sexual health services.

What all of these projects had in common was the involvement from start to finish of the users of their services. You might think this is the obvious way to design new systems, but if so you clearly haven't spent much time in the IT world — particularly in the design of large public sector information systems. The more usual approach is that a system is hacked together to a constantly-changing specification from consultants and officials who may have never used the service in question (e.g. collecting child benefit or jobseekers' allowance), and fine-tuned by programmers who are similarly disconnected from their users.

Interaction design is a key new field between design and computer science. John Thackara and his Dott team have done a sterling job of putting it into practice, both here and in the Juice workshop I attended earlier this year in Delhi. I hope that visitors from the North East and local and central government were enthused and will build co-design into their future projects — as we are doing in Fair Tracing, e-Curator, and hopefully a forthcoming ID management project.

Blogzilla is 2!

Birthday cakeThis week Blogzilla has burst through into the terrible twos. He is enjoying his new home in Oxford while still taking full advantage of life in Bloomsbury.

Favourite subjects of discussion over the last year:

As always, your comments and suggestions are welcome!

The calamity of Iraq has not even won us cheap oil

"Although 'the judgment of history' has a sonorous ring, it doesn't necessarily require the long gestation that phrase might imply: sometimes there's no need for the owl of Minerva to hang around waiting for the sun to go down. When one eminent historian, Sean Wilentz of Princeton, pronounces bluntly that George Bush the Younger is 'the worst president in American history', and another, Tony Judt of New York University, calls the Iraq war 'the worst foreign policy error in American history', not many of us will argue with them." —Geoffrey Wheatcroft

Thursday, November 01, 2007

CCTV is no silver bullet

"If CCTV was an expensive medical treatment, the government would have demanded compelling evidence before farming it out to private companies, which rake in serious cash from its manufacture. But instead MPs clamour for more, egged on by their constituents, because CCTV has been almost unresistingly accepted as an elixir for the low-level criminality and public disorder that most concerns the public, despite the fact that the limited research available does not bear this out." —Libby Brooks

Bloodspell and the Rise of the Machinima

Machinima, movies rendered using a real-time video console graphics engine, is one of the most interesting new composite art forms of the last decade.

I'm delighted that London Metropolitan Business School and the Open Rights Group have organised a free screening of Bloodspell: a feature-length, Creative Commons-licensed machinima film, written and directed by pioneer Hugh Hancock. I'll be one of the panellists at the screening Q&A session afterwards along with Hugh and colleagues Lilian Edwards, Andres Guadamuz and Holly Ayllet. Hope to see you there!

NPfIT went ahead after PM had 10-minute briefing

A new low in news on the National Health Service's National Programme for IT, reported by the ever-vigilant Tony Collins:

"Some in the IT industry may be surprised that the government made a provisional decision to invest billions of pounds in a technology-based programme on an apparently whimsical basis… If news leaked out that a fledging democracy had launched a technology project of enormous cost, size and importance on the basis of the informal style of decision-making that is parodied by the 10-minute presentation to the Prime Minister, its ruling party would, perhaps, be deeply embarrassed. Not the British government."

Tuesday, October 30, 2007

The Last Oil Shock

The Last Oil ShockAfter thoroughly depressing myself with Collapse and Heat, I went for a triple whammy with The Last Oil Shock: A Survival Guide to the Imminent Extinction of Petroleum Man by David Strahan (London: John Murray, 2007).

After the award-winning writing of Jared Diamond and George Monbiot, it is perhaps unsurprising that I was slightly disappointed. While Strahan covers an important topic and has clearly spent a great deal of time on research, much of the book felt forced. It could be the US-style emphasis on personal stories and anecdotes that illustrate every point. It could be the paranoid tone of much of the book, and the anti-Bush and Blair rants that may be partially justified but that will cause many readers who need convincing to put down the book after the first chapter. It could be a general anti-capitalist tone that is merely preaching to many of those already converted.

The only chapters I thought should be compulsory reading were on the public policy options available and the geopolitics of OPEC. Strahan has a cynical and hence realistic view of how difficult it will be to persuade the public and their elected representatives of the dramatic steps necessary to smooth the world's path beyond Peak Oil:

[E]ven achieving complete independence from hydrocarbons by 2030 should be possible, provided policymakers accept that energy consumption must fall massively, and that to achieve this markets must be taken by the scruff of the neck. Extraordinary things can be achieved when society is put on a wartime footing, which would be entirely appropriate to our situation. All it needs is some brave political leadership. What a terrifying thought. (p.237)

Unfortunately even the public policy chapter fixates on carbon rations as a solution. I think rationing is a massively invasive response appropriate only to genuine wartime shortages. Carbon taxes would be a much simpler, more efficient and hands-off market-based solution. And isn't Bush the leading proponent of wars on abstract nouns?

Unless you are a real enviro-junkie I'd suggest you stick to Monbiot and Diamond's books as more interesting considerations of the potential for global eco-disaster.

Monday, October 29, 2007

Sunsets can save liberty

"If we go the route of a written constitution, the case for which is growing, given how our unwritten constitution is being degraded by ad hoc measures in response to terrorism, immigration, crime and new technologies, it should enshrine the principle that anything with negative implications for civil liberties must carry default sunset clauses. Circumstances change; no polity should encumber itself with limitations and prohibitions permanently; the best safeguard for liberty is that anything questionable in light of it should only ever be temporary, if it must be enacted at all." —A.C. Grayling

Police demand doctors report gun victims

It is kind of the police to lobby for outrageous policies such as requiring doctors to breach patient confidentiality when treating knife and gun wounds. It makes those of us worried about the potential abuse of national medical and social care databases look rather moderate. As Shami Chakrabati commented: "It's high time that child crime initiatives moved away from pure policing and back to social services — but forcing doctors to inform on patients is madness. British teenagers should never have to treat their own gun and knife wounds for fear of being reported to the police."

Sunday, October 28, 2007

Small sops to freedom can't hide what Labour has stolen

"[Gordon Brown and Jack Straw] were members of the Blair cabinet which mounted the greatest attack in peacetime on the people's rights and liberties. Having taken what was ours, they now offer it back to us — reduced and compromised — but as though it was somehow their beautiful gift to the people." —Henry Porter

"About identity cards, [Brown] says there will be a 'continuing debate'. You bet there will, Prime Minister, as there will be about extending detention without charge. He has a lot of work to do to persuade many of his backbenchers, never mind the country, that either should be included in 'the next chapter of British liberty'. He will be judged as a Prime Minister not by his grasp of history, but what he does to our country's future." —Andrew Rawnsley

Saturday, October 27, 2007

The UK IT industry and party politics

"What are YOU doing to help educate and interest YOUR MP in why the contribution of our industry to modern society is so important and in what they need to do to help ensure that boring things, like our communications infrastructure (as essential to the health and wealth of 21st century society as clean supply and efficient drains were to Victorian England) are fit for purpose, that policies on issues like Data Protection, Identity Management are based on practical experience not theoretical fantasy and that restrictions on civil liberties, like the extension of detention without trial, are not blamed on ICT (time to decrypt computer files) without evidence that the changes would make a commensurate difference to public safety." —Philip Virgo

Why won't Brown walk his liberal talk?

"Ours is, in the end and in spite of all, the liberal country Brown identifies. It requires liberal solutions to its problems. If Brown steps forward across the threshold and offers the solutions implied in his implicitly liberal analysis, he may become master of the future. If he doesn't he may freeze on the doorstep. And in that case the rebuilding of liberal Britain will fall not to Labour but to its rival parties, who currently seem more comfortable and better equipped for what lies ahead if Labour falters." —Martin Kettle

Friday, October 26, 2007

Govt rejects Lords Personal Internet Security Report

The government has produced an extremely disappointing response to the House of Lords Personal Internet Security report published in August.

The government has completely rejected the report's far-seeing recommendation that liability redistribution is the key to Internet security. The Lords were convinced that allocating some liability to financial services institutions, ISPs and software vendors would drive an increase in the security of Internet-related products and services. The government's response is to sniff that additional burdens cannot be imposed on business. This is short-sighted to say the least.

The government has also rejected advice that the Research Councils should fund significant new security work or a new centre of expertise between universities; that "kite marks" indicating a basic level of security in Internet-related products and services should be encouraged; or even that growing levels of fraud are significantly damaging people's trust in the Internet.

I've been doing quite a bit of work over the summer on e-crime. It is quite amazing just how quickly serious criminals are developing in their use of the Internet for fraud. I had high hopes the UK might lead the world in a long-term response to this problem. Instead it seems the government prefers to stick its head in the sand and hope the problem will go away of its own accord.

UPDATE: The Lords' special advisor isn't impressed.

Excel ate my election!

Excel ate my election! seminar
I'm currently on tour (!) in Scotland, visiting colleagues at Glasgow, St Andrews and Edinburgh universities.

Yesterday I did a seminar at St Andrews on the Open Rights Group's work observing e-voting and e-counting during the May elections. With impeccable timing, the Electoral Commission's independent Scottish Election Review was published this week, allowing me to update my slides.

ORG e-voting coordinator Jason Kitcat has already written about the review. But reading the full report gives an even more jaw-dropping picture of the fiasco that resulted from grossly inadequate planning, design and testing of ballot papers and e-counting systems in Scotland.

I am appalled that the Ministry of Justice is apparently still considering further e-voting trials in the UK.

UPDATE: Interesting response to the review from Secretary of State Des Browne:

"[T]here will be no necessity for electronic counting in elections, either for this Parliament or for the Scottish Parliament."

UPDATE 2: The Scotsman reports (via Open Rights Group): "CITY council bosses have secured more than £100,000 in compensation from the company behind the electronic count at this year's elections.

"The agreement comes almost six months after the fiasco that saw postal votes failing to arrive on time and election results delayed for hours because of problems with the counting software."

Tuesday, October 23, 2007

Microsoft throws in the towel in fight with EU

"Now that Microsoft has agreed to comply with the 2004 decision, the company can no longer use the market power derived from its 95 percent share of the PC operating system market and 80 percent profit margin to harm consumers by killing competition on any market it wishes." —Neelie Kroes, EU Competition Commissioner

Sunday, October 21, 2007

The mantra of the Whitehall Taliban

"The only real defence of Blair’s 'liberty, democracy and freedom' is to demand, constantly and tediously, that each extension of state power be justified as proportionate, cost-effective and consonant with these values. The onus should be on the executive to justify intrusion and repression, not on individuals to resist it. There is no way that ID cards pass this test." —Simon Jenkins

Putting minds in neutral

"Free speech is about the communication of the human experience. Without it, we are diminished: we put our minds in neutral and let others think for us." —Henry Porter

Friday, October 19, 2007

Parliament and the Internet

William GladstoneAn interesting visit yesterday afternoon to the Palace of Westminster for the annual Parliament and the Internet day.

We heard a lot about the new Police Central E-Crime Unit (which will come into existence shortly if the Home Office approves its funding). The Unit will support the 43 police forces in England, Wales and Northern Ireland in investigating the "e-" component of crimes (rather than "e-crime", which most of those present agreed was a slightly dated concept).

We also heard about Alun Michael MP's plans for a "UK Internet Governance Forum", which like its international counterpart will act as a space where government, industry, law enforcement and civil society groups can partner to meet the challenges of the information age.

Most exciting speech of the day was from MIT's Professor Nicholas Negroponte, who gave us an update on his One Laptop Per Child project. The cute green $100 devices are now rolling off the production line, and will be arriving in various developing countries in the next few weeks. Negroponte's vision of the laptop as a breakthrough educational tool was inspiring.

Coincidentally one of this vision's key parts, the LOGO programming language, has just celebrated its 40th birthday. As a LOGO turtlechild myself, I am highly appreciative of programming as a tool to teach thinking. Negroponte did a great job in his presentation of overcoming the wave of cynicism that has hit OLPC. Let's see if the real-world deployment of the machines leads to the step-change in developing world education that he hopes for.

Tech 50 agenda setters

Mark ZuckerbergLast month I was one of the judges for's annual Top 50 Agenda Setters list. We spent the day discussing the tech industries' most innovative and influential characters, and then each voted for our top 20. The results are in — and Mark 'Facebook' Zuckerberg has pipped Steve Jobs to the top spot.

Someone who can drop out of college and build a $10bn business in three years is certainly worth watching. Personally though I think that Jobs deserved the prize for his successful mergers and acquisitions strategy against the entire music industry and well-advanced takeover plans for the movie and mobile sectors. Next year maybe…

Other notable agenda setters include Emily Bell (Guardian Unlimited editor-in-chief), Kim Cameron (Microsoft's Identity Architect), Larry Lessig (Stanford law professor) and Cory Doctorow (Boing Boing co-editor).

The BBC empire must be decolonised

"One day Britain will have a public service broadcasting commission, using public money to purchase and distribute a range of news and cultural programmes across a range of platforms, on the strict criterion that they are not supplied in the marketplace. It will have no licence fee, no palaces, no unions, no meetings and certainly no 23,000 employees. The only question is whether that body will be called the BBC." —Simon Jenkins

Monday, October 15, 2007

Competition regulators ignore Google privacy concerns

Herbert KohlEU Competition Commissioner Neelie Kroes has rejected calls to consider the privacy implications of the Google bid for DoubleClick. She told The Guardian: "We are looking at the influence on competition and that's it." The US Federal Trade Commission is similarly expected to restrict its investigation to anti-trust grounds.

This is both unfortunate and another sign that competition authorities are taking some time to adjust to the new world of winner-takes-all infogopolies. As we have seen with the Microsoft competition enquiries, more traditional competition regulation has not proven up to the task of remedying the monopolistic behaviour of companies taking advantage of network effects to crush their rivals. Regulators need to move faster, be more willing to impose structural remedies, and to act in the spirit of competition law — preventing abuse of dominant positions, whether the impact is on competitors or consumers. As Senator Herb Kohl told a recent US Senate Judiciary Committee hearing:

"Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree. The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers' pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our citizens so essential to our democracy."

National road pricing plans dumped

Stockholm charging zoneToday's Telegraph leads with news that the government is to drop plans for a national road pricing system. Is this the first victory for e-democracy, following the petition on the prime minister's website that drew 1.8m signatures? It's certainly a victory for evidence-based policymaking, with the government finally paying attention to data that showed 88% of congestion occurring in urban areas rather than out in the countryside.

Privacy concerns also played a strong part in the policy reversal, with motorists worried about satellite tracking of journeys. Perhaps the national Automatic Number Plate Recognition system should be next on their list…

Sunday, October 14, 2007

Democracy and freedom will beat terror

"It is ironic that defeat in the cold war should have led Russia to the exuberant self-confidence of Vladimir Putin’s Moscow, while victory has plunged the West into a loss of nerve. In both Washington and London are leaders who have so little confidence in democracy as to regard it as vulnerable to a few madmen, and who have so little respect for democracy’s freedoms as to suspend them at the bang of a bomb." —Simon Jenkins

Saturday, October 13, 2007

Gordon Brown deserves infamy

"New Labour is an empty vessel. The governing party is a political movement without content.It’s all a bluff. It always was. Third-way politics will not be unpicked, it will implode. Gordon Brown will not be countered, he will be debagged. The deserved fate of this administration is infamy. The way to bring it about is mockery, exposure and abuse." —Matthew Parris

Thursday, October 11, 2007

Yahoo to labels: no more DRM, ever

Ian Rogers"I'm here to tell you today that I for one am no longer going to fall into this [DRM] trap. If the licensing labels offer their content to Yahoo! put more barriers in front of the users, I'm not interested. Do what you feel you need to do for your business, I'll be polite, say thank you, and decline to sign. I won't let Yahoo! invest any more money in consumer inconvenience. I will tell Yahoo! to give the money they were going to give me to build awesome media applications to Yahoo! Mail or Answers or some other deserving endeavor. I personally don't have any more time to give and can't bear to see any more money spent on pathetic attempts for control instead of building consumer value. Life's too short. I want to delight consumers, not bum them out." —Ian Rogers, Yahoo! Music (via BoingBoing)

Monday, October 08, 2007

March for free speech!

"It's becoming remarkably hard to escape the feeling we're ruled by people who are basically paranoid authoritarian incompetents." —Iain Banks

If you are in London today and think freedom of speech and assembly are worth something, join the protest march to Parliament Square, which the government has banned using legislation from the 19th century!

UPDATE: great to see that the police were forced to back down and allow the march to take place.

Sunday, October 07, 2007

The dark stain of the Bush presidency

"I am increasingly confident that when the history of the Bush Administration is written, this systematic violation of statutory and treaty-based law concerning fundamental war crimes and other horrific offenses will be seen as the blackest mark in our nation's recent history — not only because of what was done, but because the programs were routinely sanctioned, on an ongoing basis, by numerous esteemed professionals — lawyers, doctors, psychologists and government officers &mdash without whose approval such a systematized torture regime could not be sustained." —Marty Lederman

Who will mourn the passing of copyright?

Neither new nor established artists, who are leaving record companies in the dust and generating new business models based on touring, merchandise, ad-revenue sharing, sponsorship and scoring films and adverts.

Not consumers, who get faster access to a much wider range of music at prices much closer to the marginal cost of distributing works.

Not the City, whose financiers are far too smart to fall for the garbage economics peddled by the recording industry.

Shed a tear only for those members of the recording cartel who feel their industry should uniquely be protected from the creative destruction of capitalism.

All quiet on the leadership front as our troops die in faraway lands

"Under Blair the British government expended its hard-won capital of soft power — commercial, cultural and legal diplomacy — in favour of practising swordplay in the shadow of the Pentagon. This has led to bloodshed and disaster. But were that shadow to be withdrawn and were British soldiers still facing defeat in the deserts of Helmand, who then is to hold their hand, what lodestar is to guide them? Last week answer came there none." —Simon Jenkins

The government trumpets free speech while trampling on it

"The art of government these days is to extend power without people noticing. Gordon Brown proclaims his solemn duty 'to uphold freedom of speech, freedom of information and freedom of protest', yet his ministers steal through the night to attack each one of these rights. We are moving with a sickening speed to a point where the reality of government intentions is the precise opposite of its presentational rhetoric." —Henry Porter

Saturday, October 06, 2007

In the land of oddballs, the fake hardman is king

"There are more unconvincing hardmen in politics than in 500 episodes of EastEnders. George Osborne, scion of one of our finest fabric and wallpaper families, has been jeering blokeishly that the PM might 'bottle it' on the election front. 'Bring it on,' he scoffs. One can only hope the response runs along the lines of 'Time for your pasting, wallpaper boy!'. It would certainly maintain the level of debate.

"Or think back to David Blunkett, forever talking about 'nailing' criminals when he was home secretary. Blunkett, of course, had four houses, was best friends with the Duchess of Devonshire, and seemed to like Annabel's. Yet he appeared to be positioning himself as the SW1 version of Richard Harris in This Sporting Life. Only in Westminster can you get away with this." —Marina Hyde

Tuesday, October 02, 2007

The war on erratic driving

Britten-Norman Islander"The intelligence agencies are using military aircraft equipped with sophisticated surveillance equipment to eavesdrop on and monitor the movements of suspected terrorists, the Guardian has learned.

"The Britten-Norman Islander is already being used by the police to combat dangerous driving, trace missing persons, and find escaped prisoners or stolen vehicles. It was used by the army in Northern Ireland, and is now being deployed in counter-terrorist operations when, it is understood, it is flown by an RAF crew…

"Cheshire police recently revealed they were using the Islander to identify people speeding, driving when using mobile phones, overtaking on double white lines, or driving erratically." —Richard Norton-Taylor (thanks, Gus!)

Netherlands junks voting machines

My friend and colleague Dr. Anne-Marie Oostveen writes from Amsterdam with some interesting news:

Just a quick update on the Dutch e-voting situation. The last couple of days have been quite exciting in the Netherlands with regards to the use of voting computers. As you all might know, the foundation 'Wijvertrouwenstemcomputersniet' initiated a serious debate about the risks associated with the use of the voting machines by approximately 98% of the Dutch population. It wasn't until the foundation showed with a well-documented hack how easy it was to commit fraud that Mr. Atzo Nicolai, the Dutch Minister for Government Reform and Kingdom Relations, decided in December 2006 to set up two committees to investigate the electoral process.

The first committee was led by ex-Member of Parliament L. Hermans and looked back to the early 60s to examine the decisions made surrounding the introduction of voting computers. The second advisory committee was chaired by Minister of State Mr. F. Korthals Altes. The task of this committee was to review the current electoral process in the Netherlands and make proposals to improve or alter it. One point the committee considered concerned the risks of using electronic voting versus paper ballots. The committee issued its 'Voting with Confidence' advisory report last Thursday 27 September 2007 in The Hague. Main conclusions: the ballot paper is preferable to electronic voting since it makes a recount possible and it is more transparent. Internet voting should be limited to people living abroad, citizens resident in the Netherlands will have to cast their ballots in polling stations, making vote selling and coercion very difficult, if not impossible.

The deputy Minister for Interior A. Bijleveld said in a first response that she would accept the committee's advice, and ban electronic voting. She announced that the 'Regulation for approval of voting machines 1997' will be withdrawn forthwith. Elections in the Netherlands will be held using paper ballots and red pencil for a while. After that, citizens will probably be using 'vote printers' and optical scan counting computers.

But this was not all! The icing on the cake came on yesterday 1 October 2007 when a Dutch judge declared that the use of the Nedap e-voting machines in recent Dutch elections has been unlawful. The District Court of Alkmaar decertified all Nedap voting computers currently in use in The Netherlands. The court order is a result of an administrative law procedure started by 'We do not trust voting computers' in March 2007.

More information:

Articles in English:

There will be an English translation of the 'Voting with Confidence' advisory report in a couple of weeks time.