Via Kable: “The Land Registry has pulled potentially sensitive documents from its online service. As from midnight on 5 November 2007, online access to documents such as mortgage deeds and leases will be removed. Members of the public wishing to inspect or have copies of any such documents can do so by applying in writing to Land Registry. The move followed a report in The Daily Mail that criminal gangs have stolen £12m over the past two years by exploiting loopholes in the website. They gained access to documents such as title deeds to make it possible to sell properties they did not own.”

It’s a pity legitimate users of Land Registry information will no longer have access to these details, I guess, but what were sensitive documents like these doing lying around in the open air in the first place? Did any review of this take place?

After the fact, the Land Registry tried to ‘put this in perspective,’ saying that the £12 million in fraud was a small percentage of the fee income it generated.

WAKE UP. The £12 million in fraud in all probability represented a very large percentage of the total wealth of the individuals who were defrauded, each of whom had to go through a long and laborious compensation exercise and probably had to get the services of a solicitor to help them. Of course it had minimal impact on the Land Registry. It’s not their money. It’s not their information. It’s not their privacy.

Mobile computing and wireless communications firm Motion Computing is collaborating with US computer chip manufacturer Intel to create a new tablet PC specifically for the healthcare sector called the mobile clinical assistant. It is now on the market.

“The Motion C5, the first mobile clinical assistant (MCA) that integrates technology from Intel® Health, combines durable design elements with key data capture technologies to simplify workflows, increase productivity and improve overall quality of care. Designed based on input from thousands of clinicians, the C5 brings reliable, automated patient data management directly to the point of care. Get a handle on patient care with the C5. It’s highly portable. It’s lightweight. And, it’s ready to work for you. A convergence of technologies allows you to do everything you normally do during your shift such as perform clinical documentation, administer medication and take pictures using a single device. With Intel® Centrino® mobile technology and integrated high-speed wireless connectivity, the Motion C5 integrates key functions that clinicians require to be productive during the course of the day.”

Now back in October of last year, when this was being tested, an interview with the company’s senior executives produced these quotes (notice the priority):

The new mobile clinical assistant will run using Motion’s existing tablet PC products and is being designed to advance the effectiveness of nurses, physicians and other clinicians. Toal told EHI that there were many questions about the ergonomics of the project that were being addressed and the product itself will probably not be released until mid-2007.

“The key thing that we are learning from staff about our plans to launch a mobile clinical assistant is not worry about the IT itself, but to ensure that we concentrate on the care-giving. The tablet needs to be a clinical aid, capable of improving the quality of care and the amount of time spent on delivering that care

“We have also had to address issues where staff here thought the technology we were using wasn’t mature enough and we have had to implement new technology such as RFID [Radio Frequency Identification Devices] and wireless transmissions in order to keep the product as effective as possible.”

However, Toal feels confident that tablet PCs will become the new norm for mobile medicine in the near future despite fears about durability and safety.

“There will always be barriers, but we are working hard to overcome these. Battery life and security issues are topics which will inevitably be part and parcel of the debate surrounding mobile technology, but I do believe that clinicians will soon be able to carry mini-tablets on them to every patient they see and be capable of producing the best patient care possible. ”

Let’s see. Wireless transmission of sensitive information–yeah, we’ll get to that right after we take care of those pesky ergonomic and battery life issues. And preventing hacking and malware to ensure that the information is accurate? Hmm. Let’s put that on the list of things to do after we make sure it doesn’t add to the weight of the tablet device.

I suppose I should pretend I did all the research that produces the following, but I just opened the email from Bruce Schneier’s Cryptogram. If you’re serious about these issues (and why else would you be reading this?), click here to subscribe.

Quotes from this issue:

“Although it’s most commonly called a worm, Storm is really more: a worm,
a Trojan horse and a bot all rolled into one. It’s also the most
successful example we have of a new breed of worm, and I’ve seen
estimates that between 1 million and 50 million computers have been
infected worldwide.”

UK Police Can Now Demand Encryption Keys: “Cambridge University security expert Richard Clayton said in May of
2006 that such laws would only encourage businesses to house their
cryptography operations out of the reach of UK investigators,
potentially harming the country’s economy. ‘The controversy here [lies
in] seizing keys, not in forcing people to decrypt. The power to seize
encryption keys is spooking big business, ‘ Clayton said.

“‘The notion that international bankers would be wary of bringing master
keys into UK if they could be seized as part of legitimate police
operations, or by a corrupt chief constable, has quite a lot of
traction,’ he added. ‘With the appropriate paperwork, keys can be
seized. If you’re an international banker you’ll plonk your headquarters
in Zurich.’”

“Microsoft updates both XP and Vista without user permission or
notification. Microsoft can do this; that’s just stupid company stuff.
But what’s to stop anyone else from using Microsoft’s stealth remote
install capability to put anything onto anyone’s computer? How long
before some smart hacker exploits this, and then writes a program that
will allow all the dumb hackers to do it? ”

London’s 10,000 security cameras don’t reduce crime:
http://www.thisislondon.co.uk/news/article-23412867-details/Tens+of+thousands+of+CCTV+cameras%2C+yet+80%25+of+crime+unsolved/article.do
or http://tinyurl.com/286pab
This is a follow-up to a 2005 article:
http://www.thisislondon.co.uk/news/article-16856213-details/CCTV+’does+not+stop+crime’/article.do
or http://tinyurl.com/2tfjyf

Just go and subscribe, or read them on his weblog.

GENEVA - A new “unbreakable” encryption method will be keep votes safe for citizens in the Swiss canton (state) of Geneva in the country’s upcoming national elections, officials said Thursday. The city-state will use quantum technology to encrypt election results as they are sent to the capital on Oct. 21, said Nicolas Gisin of the University of Geneva.

“If anyone tries to even read the message it will explode like a soap bubble,” said Gisin, the physics professor who led the team that developed the technology.

To paraphrase the immortal line from Poltergeist, ‘It’s heeeeeere.’

Sigh. When it becomes time for government departments to monitor employee activity on computers, networks and government issued mobile devices, do they have the same rights as private sector employers? If you click through and read the story, look at comment #108 before you answer my question…

More prosaic than new robots, less dramatic than Galileo funding (eppur’ si muove), the DfES may compel an answer to the eternal schoolchild’s plaint, ‘Please sir, I want some more.’ Children who don’t want their fingerprints scanned may yet find a school dinner waiting for them.

What alternatives to full compliance are available to citizens who don’t want to be included in databases? The government compels private companies to offer opt-out mechanisms for commercial databases, and strongly prefers that such databases be opt-in only. Does this not suggest that the government understands that participation should not be compelled?

Just asking.

* BOSTON - Dominated by home-cleaning gadgets, the consumer robotics market is expanding with the arrival of ‘bots that can spy inside your home when you’re away or arrange virtual meetings of family or friends.

* TOKYO, Japan (AP) — Orderly, pornography-free and safe for children, “meet-me,” an online interactive virtual Tokyo, is Japan’s answer to “Second Life.”

* WASHINGTON (CNN) — Using a Facebook profile, police arrested a suspect in an attack on the Georgetown University campus.

* SAN MIGUEL, Philippines - It’s Thursday, so 18-year-old Dennis Tiangco is off to a bank to collect his weekly allowance, zapped by his mother — who’s working in Hong Kong — to his electronic wallet: his cell phone.

* SAN FRANCISCO - A thief stole a laptop computer containing unencrypted personal information of 800,000 people who applied for jobs at Gap Inc., the clothing retailer announced Friday.

* TOKYO (AFP) - A research group will be set up in Japan to develop optical technology that will replace the Internet Protocol as the global standard in communications, a report said Sunday.

* (As noted by Wendy below) SEATTLE - Microsoft Corp.’s Excel 2007 spreadsheet program is going to have to relearn part of its multiplication table.

* (It’s not just the UK): FBI’s cybercrime efforts lagging: The growing problem of cybercrimes used by both scofflaws and hostile governments was given the No. 3 priority status by the FBI, but the Washington Post reports that few dollars and agents are assigned to its prevention.

* An online malware measuring tool has unexpectedly rated U.K. PCs as having the lowest level of infection in Europe.

Three stories this week that I think together highlight both the good and bad sides of having the Internet around and the challenge it poses.

The good, user vigilance division: I saw a posting a few days ago on a community board I frequent that eBay was in the middle of being hacked. This eBay forum thread discusses the hack, though I don’t know how long the link will be valid. The story also got Slashdotted and YouTubed (someone made a video of the hack in progress, which involved posting user IDs along with contact and cc information, though eBay said the latter was not associated with the IDs). Someone else logged a list of posted IDs. It’s worth pointing out that this community effort warned people before eBay made an official response - by all accounts it took eBay an hour to an hour and a half to realise what was going on and shut down the Trust and Safety forum, where the information was being posted. How long would it take a government department on a weekend? eBay is, of course, a very big target; large government projects will be even bigger ones.

The good, keeping companies honest division: the comments, here on this week’s Excel bug were, I thought, rather interesting. The MS guy was trying to reassure them by saying that the underlying calculations are correct even though Excel is displaying the wrong values in the spreadsheet. But as the comments point out, this isn’t much comfort. People copy and paste values, and they read aloud and copy from printouts of spreadsheets - an error like this can find its way into all sorts of places. The machines are fine as long as they only talk to each other - it’s crossing the machine/human barrier that’s dangerous. Through the lens of the nanotech conference one might ask whether at some point the machines might decide we’re too risky to talk to. Interesting to speculate what the surfaces of computer programs would look like without the need for human display. (eg, Internet addresses would all be numbers, and there would be no domain name system).

The bad, enabling anonymous distribution of performance-enhancing drugs. This week saw a huge DEA action in the US that took out more than 50 labs churning out steroid pills from powders sourced from China and more than 120 arrests. The pills, which the DEA says were made up in bathtubs and sinks in unsanitary conditions (as much like scare tactics as that sounds - it’s probably true, but it’s not clear how big a risk it is compared to ingesting the steroids themselves), were largely sold over the Internet through Web sites and chat boards to folks like amateur bodybuilders and high school kids, if I’m reading this right. Illegal drug smuggling is of course nothing new, but as much as we make fun of the oft-invoked Four Horsement of the Infocalypse (organised crime, drug dealers, terrorists, and pedophiles) a DEA report from 2003 talks about the setup they’ve since spent two years investigating, and one of the points they make is the difficulty posed to them by services like Hushmail. It dismays me quite a lot that the general answer to this problem overall (and I think if kids are taking steroids to make the football team it *is* a problem) is rampant drug testing with all the privacy invasiveness and presumption of guilt that involves. Going after the distribution network seems to me a better idea, though I doubt long-term it will make much odds. Since WADA’s testing regime began drug use has done little but escalate among athletes at all levels, AFAICT. The Net didn’t make this happen, and correct enforcement is not to shut down privacy-enhancing services or Web forums but to investigate in the physical world. I don’t think, though, that morality plays like last week’s sententious posturing over Floyd Landis’s suspension from cycling, help at all. If anything, they serve to highlight the notion that winners take drugs…

wg

Via Computer Weekly, Gordon Brown’s announcement that 10,000 mobile computers will be given to police to cut down on their paperwork by filing reports online. (Sigh.) I almost hate what’s going to happen next. Expect to see (not necessarily in this order):

1. Belated realisation that there are 144,000 police and that sharing may not be practical on this scale.
2. That training for effective usage may come in at 3 hours per head, which is more than 15 man-years
3. That security for laptops requires planning, practice and execution, and it will not be flawless at first.
4. That police cars, and hence their contents, do go missing
5. That the (mostly male) police force with online access in an often boring and isolated environment may find their thoughts turning to porn
6. That wireless coverage for online work is not universal
7. That laptops break–often at inconvenient times
8. That wireless forms transmitted will probably need to be encrypted

Shoot. I was hoping for 10 top-of-mind reservations–help me out here.

Making mobile technology available to public servants in the field is a really, really good thing and I think the Prime Minister is on to a good thing. But to avoid being blindsided, I hope they prepare a bit in advance. The military might be a good place to start.

Actually, I just thought of numbers 9 and 10–That the media will criticize the cost of the programme and belittle its effectiveness in the early days before it takes hold and police officers will write their usernames and passwords inside their hats.

Two terms still nebulously defined, but impacting on each other in the present day.

Information Assurance: A strategic commitment on the part of an organisation to protect information while providing it to those entitled to receive it, managing risk and reducing it where possible (starter for 10 definition–feel free to improve). Reference point: (None available at this time)

Web 2.0: Low cost tools and applications intended for wide public use to improve communications and allow everyone to participate in a global discussion using the Internet. Reference points: Weblogs, wikis, social networking sites, instant messaging, Skype, memory sticks, P2P resource sharing, etc.

The two currently interact in an undeclared war existing between IT departments and resource users within organisations. The weapons of choice for IT departments are rigid rules and sanctions (e.g., no you may not use Skype or instant messaging in the workspace, you may not send or receive emails of more than x mb, etc.), while the subversive user finds ways of getting around or breaking the rules, usually with the intent of being a more productive worker (and using some of the time saved to goof off a little).

The war is described here, at Tech Republic’s Sanity Check blog. It also links to a Wall Street Journal article that I have stumbled across frequently since its publication, “10 Things Your IT Department Won’t Tell You.”

Before we start discussing the information assurance implications of social networking and other Web 2.0 features, peace needs to break out between IT departments and the people working within organisations. There are serious issues regarding Web 2.0 tools, no question. But if you need to send a graphics-heavy file to someone and cannot do it with your company email, what are you going to do? If your organisation network fails frequently and you are faced with idle time at your workstation, where are you going to go? If your organisation prohibits personal phone calls at work and you are far away from your loved ones, how will you stay in touch?

Rigid rules will trap IT departments more than they will constrain the behaviour of staff. Guidelines and workarounds will go further.

Hat tip (and many thanks) to Ian Bryant for forwarding the Sanity Check posting.