Via Silicon.com, “The Council for Science and Technology (CST) has named six technologies which should be in line for additional government funding. These are carbon capture and storage, disaster mitigation technology, low carbon electricity distribution, medical devices, e-health and plastic electronics.”

Let’s walk through the six and see if the IA components are strong enough to warrant their inclusion in Blindside.

Carbon capture and storage: It does not exist as yet, although the UK intends to pilot a project. The information element could be quite high–monitoring the state of whatever capture vessel is used will need to be accurate. A slow leak or a burst vessel could have high consequences. When they talk about the melting of the peat mass in Siberia (which would release large quantities of methane, 13 times more powerful than C02 as a greenhouse gas), nobody talks about the potential for a short-time frame release, which could have larger consequences than a gradual bleeding into the atmosphere. At any rate, carbon escape from a capture environment would kind of mean the whole project had been worthless. This would indicate a need for a SCADA system on steroids–assuming they sectioned off the capture area to minimise loss, monitoring pressure and inflows will need to be secure and accurate. I think this is a candidate for inclusion.

Hmm. I think I will tackle these in separate posts, to allow for separate commenting. Next up–Disaster mitigation technology.

It’s so easy to get caught up in the protection of data (or lack thereof) that it is easy to forget about the other primary goal of information assurance–getting correct information to the right place in good shape, accurately and on time, to preserve the confidence of the public in government’s ability to manage its own affairs.

“THOUSANDS of servicemen and women, including many fighting on the front line, are being underpaid because of failures in a new computerised pay system.”

…”The computer system, known as Joint Personnel Administration (JPA), was introduced in March last year in the Royal Navy and saw a flood of complaints from sailors not being paid their full pay. The RAF was taken on to the system in October last year, followed by the Army in April this year. The £250m system was implemented by EDS, which was widely criticised for its computerisation of the Child Support Agency.

One of the key problems with the system is that it requires senior officers to log in to authorise payments, which means that if they are away on operations, the whole procedure grinds to a halt. “The system is based on the design for a civilian pay system and takes no account of the complexities of the armed forces pay system,” one officer said.”

It’s a good thing that the British are so patient–these people are armed. It’s a very bad thing that we can’t get JPA right–ADP would have taken this on as an outsourcing project for a lot less than £250 million.

When people write or speak of network capacity constraints, it’s important to remember that, while Internet traffic increased 57% in 2006, network capacity increased 64%.

Nonetheless, when people write or speak about network capacity constraints, this is why: “In the less than four years since its launch, Comcast On Demand is outpacing Apple’s iTunes on about a 2-to-1 basis in about the same timeframe, the cable TV operator claimed. iTunes has recorded three billion music downloads to date, and averages about 58 downloads a second, according to Comcast.” Note that Comcast pipes VOD down their cable channel, which doesn’t affect traffic. But iTunes does. They’re just one provider…

According to Comscore, Americans downloaded 9 billion videos in September. According to this story, China has more broadband users than the U.S. of A.

Considering that most commercial ISP traffic is peer to peer (up to 80%, by some reports), we just have to hope that network builders… keep building. Sadly, there will be legal and technical distractions coming their way, which may take their eye off the ball. Fighting malware, responding to worries about industrial espionage, police ICT forensic investigations, the political fight over prioritized traffic… I’m a bit concerned about capacity.

This was covered in the London papers, but Popular Mechanics has better pictures and more links–I’m writing of course about Qinetic’s firefighting robots. “When you have money to burn, robots are the best kind of first responders: the disposable kind. Bomb-squad bots are already a common tool for local law enforcement agencies and the military, but remote-controlled firefighters are just now making it into the field. A team of robots built by London-based Qinetiq has recently started responding to a very specific threat: fires involving Acetylene gas.”

“The Roomba’s inventors over at iRobot have also explored this territory, claiming that its upcoming Warrior X700, which is due next year, could be used to fight fires.”

On the military side, “When robot-maker Foster-Miller strapped machine guns onto a trio of bomb-disposal bots and sent them to Iraq and Afghanistan in 2007, the company created the first armed robots to be deployed in a war zone. Still, no robot has ever actually fired a shot in combat. “Weaponized robots represent a new technology that is only in the developmental stages,” says Duane Gotvald, a deputy at the Pentagon’s Robotic Systems Joint Project Office.” Er, I have heard that shots have been fired in anger by robots… maybe not theirs…

From the information assurance point of view, the key quote is this: “One thing that won’t change is who decides to pull the trigger. MAARS doesn’t have a mind of its own: A soldier commands the bot through a video-and-map-enabled remote control.”

This generation of robots could be categorized as ‘longer nozzles’ for firefighting equipment or ‘longer barrels’ for the military. They should pose little or no IA issues. It’s when we start programming them that we need to concern ourselves with information security and assurance–but wouldn’t it be better if we were planning for that now?

The Economist’s Quarterly Technology Review is out today, and there are lots of Blindsidey nuggets to chew over.

They note progress being made in using virtual worlds for training and simulations, have a nice article on how DNA samples can be pickled (well use a briney process) for longer storage, and have two articles that I personally hope will be related in the near future: one about how corrective eye surgery is progressing and another about how head-mounted displays (HMDs) are creating a world of augmented reality.

Location-based services gets an article about Bluetooth enabling mobile dating, and another that makes me wonder if anybody is considering the information assurance issues about clustering volunteer computers to look for alien life and cures for cancer.

Surveillance in the stores gets an article–makes me hope this stays in the stores. But it won’t…

Larry Lessig of the EFF gets a nice write-up. Corrupt politicians (at least in the U.S.) should really start evaluating career alternatives.

But the piece I was waiting for, about Unmanned Aerial Vehicles (UAVs) is a real dud–unless you want the history. The present is much more interesting. Maybe they just ran out of space.

Now I have to wait three more months…

The Promise: “We will start with air cards and an in-building modem, then embedded devices will begin to appear in laptops and ultramobile PCs. But then imagine camcorders that display footage on monitors without wires or send files to social networking sites such as YouTube and MySpace; car navigation systems that get Internet access and rear-seat entertainment; Internet video; public safety surveillance. Think Internet tablets, gaming devices, DVD players. You get the idea.” Certainly Sony and Nintendo must be salivating at the possibility of extending online play to future DS and PSP gaming systems.”

The Potential: “That means a potential end to the minute model, and perhaps an end to the cellphone as we know it, since VoIP could be built into anything with a Web browser, speaker and microphone. Earlier this year, Apple gave us the phone that also was a music player, camera and on down the line. But WiMAX may give us the camera or other connected device that is also a phone. Heady stuff.”

Background: Broadband is still patchy in the U.S., and Sprint is trying to use a variant of WiMax (called Xohm) to remedy this. It’s already gotten one CEO fired for being focussed on WiMax instead of traditional subscribers, but they have 10,000 base stations ready to launch. If it works, it will impact a lot of mobile services, enable location-based services and increase the potential of mobile, pervasive and wearable devices.

The story is from the senior tech editor of Popular Mechanics. You can read it here.

This could be smoke–but if it fails, it will be because something better comes along that does the same thing.

BoingBoing points to a piece on the Chinese malware economy:

The researchers set up virtual PCs running Internet Explorer, then visited nearly 15,000 Chinese websites, deliberately infecting their virtual systems with whatever crapware happened to be running on the system. Then they carefully analyzed the infections as they unfurled and encrappified the virtual instances of Windows, and used the results to reverse-engineer the way that the malware economy runs.

Hey Guv,

Just so you know, from what I’ve read (somebody please help me with the source–one of you must know) if you upgrade to WinZip 9.0 or above it comes with PGP encryption. If you then choose a password with 10 or more characters, you’ll probably be okay in regards to common criminals or the curious who come across your disc or file. Zip your files, communicate the password over the phone, send the disc by a trustworthy courier (or electronically), and this will work in the interim until you sort out something for the longer term. Oh–and don’t send more data than you need to.

Update: Ian Brown Says:
December 6th, 2007 at 9:59 am e
No. WinZip 9.0 contains AES (the recent US govt-approved Advanced Encryption Standard) which is secure *if* a password of adequate strength is used. A 10-character password does not qualify and could be guessed trivially by password cracking software. Key management is much harder than just using an appropriate cipher.

Tom Fuller Says:
December 6th, 2007 at 10:35 am e
Hi Ian,

Thanks for this.

How many characters should the password contain, and what proportion should be non-alphabetic–do you happen to know? I think that a lot of mid-level government staff would be able to use this information.

In related news,

“The Information Commissioner, Richard Thomas, said that a number of public bodies and private companies had contacted him over the fortnight since the HMRC incident was revealed to confess that they too had lost data.”

“Hundreds of people in police witness protection programmes have been put at risk by the loss of millions of child benefit records, The Daily Telegraph can reveal.”

Expect to see a lot more of this: “Now imagine that a company that you knew had just lost the details of 25 million of its customers, including some who are at risk of violence because of something they’d done for you in the past, was setting up a scheme to bring all of your biometric details together – every valuable confidential piece of information that identifies you as you – and was going to charge you £100 to join.

Want to sign up? No, me neither.

The National Identity Register is just that, a Government database to be used as the final authority for confirming identity. It will be shared with other Government agencies and even though it’s specifically prevented from holding some information (tax and medical records, for example), we’ve never had an electronic register of every British person before.”

When it comes to data warehousing, it’s becoming painfully evident that bigger is not always better.

Terrific conversation about the technology threats of 10 years hence with Marcus Ranum on the Bruce Schneier blog.

Insert Oscar Wilde quote here, if you wish: “A new fraud alert was issued by the government this weekend as it confirmed that it had lost another computer disc containing the personal financial details of 40,000 housing benefit claimants.”

…”In a separate incident, it was disclosed this weekend that another disc containing the bank details, salaries, National Insurance numbers and home addresses of more than 6,500 public sector workers has also been lost.”

Maybe we can send them all a letter of apology that also contains confidential information.

Seriously, it has to be clear now that the institutional governance mechanisms regarding the safeguarding of personal information have broken down, if indeed they were functional previously. This is all a flagrant violation of the Data Privacy Act. These are all, essentially, crimes.

Government needs to put down tools, get together in a large room, and talk through the implications. To have three further incidents after what happened at HMRC is devastating–as devastating as the first incident, as it means there has been no response. (The third incident I refer to is the letter of appology sent out by HMRC which contained confidential information).

Perhaps it is time to revive TrainerNet–junior employees with trainers who hand carry data discs to the proper destination. But HM Government (as a whole, not as differing bodies) needs to come up with a data transmission protocol that protects our personal information from people who will steal it and injure our reputations, cost us money and time, and have a serious negative impact on our lives. That is what is at stake here. Government is seriously prejudicing the quality of life for half the population. What good are they doing that can overcome this?