Home Office documents laying out what is probably late-2007 thinking on ID cards have been leaking to the press. Here (PDF) you will find a complete version of a document analyzing options, with extensive No2ID annotation. Interesting reading for those here, and not just because it’s worth understanding how the government is thinking about ID cards these days. The kind of thinking embodied in this document is, I think, a significant reason why citizens do not trust government.

wg

Don’t think anyone’s flagged the Demos pamphlet (PDF) released in November that lays out the need for a new way of thinking about issues of national security. Basically, Demos argues for increased integration within government and also an understanding that the nature of threats has changed since the Cold War. I found the link on Bruce Schneier’s blog; BS also notes that the UK government has decided to stop calling it a “War on Terror”.

Both these points seem important to me. At CFP2000, Neil Stephanson gave a keynote in which he talked about the importance of getting the threat model right. He was in fact talking about privacy - traditional notions of privacy have focused on the state as Big Brother while today’s threats are thousands of Little (or maybe medium-sized) Brothers (like phone companies, credit card companies, supermarkets - but the point is the same.

So I think it’s a good sign for IA that people are thinking seriously about the threat model and rhetoric in common use. Especially if they adapt correctly to changing conditions.

wg

Just adding my two cents to the festivities.

I’ve been following the Hollywood writers’ strike a bit. In one sense, it’s a side issue for Blindside, since it doesn’t affect government IA. But on the other hand…the concentrated power of media conglomerates does affect IA. In theory, the bigger the media conglomerate the more able it *should* be to keep government honest - its traditional “Fourth Estate” role. But in practice what happens is safe choices, cut budgets for news reporting and “difficult” films and TV shows, and corporate pandering. I don’t think any of these things do society any favors. More than that, the WGA/AMPTP battle is, again, about copyright and royalties. If ever there were a situation that proved the utter hypocrisy of the RIAA/MPAA claim that their attacks on file-sharing and pursuit of copyright extension are about getting the artists paid, this is it. We hear a different story come contract time.

Journalists lost the battle to participate in the revenue stream from electronic media more than ten years ago; publishers began demanding all-rights contracts sometime in the mid-1990s. Photographers are in dire trouble from similar demands by Corbis and Getty, and are being squeezed by the mass of amateur material on Flickr, as this recent piece by Andrew Brown talks about (and this earlier one of mine also). Hollywood writers are essentially holding the fort for the rest of us - and it’s notable that the only big-league TV production company that is actually owned by its creators, that is, David Letterman’s World Wide Pants, is also the only organization that has reached an agreement with the WGA. Letterman’s competitors can’t do it: their shows are owned by their networks, and they themselves are studio employees. The official strike blog notes that the Wall Street firm Bear Stearns has estimated that acceding to the WGA’s demands would have a “negligible” impact on the studios’ bottom line. But acceding to the AMPTP’s demands, so that creators do not share in the revenues from tomorrow’s mainstream media will have an enormous impact on the cultural landscape for the rest of us.

wg
P.S. Wondering how many episodes you’ll get to see of your favorite shows this year? Try TV Guide’s handy list.

If what this Times commentator describes is true, somebody should go to jail. The rest of us should take note. As we may have mentioned one or two thousand times before, security technology and security procedures mean absolutely nothing if there is not an organisational commitment to the security of information.

That senior officers of Norwich Union and Avivia would protect their own data following news of the leak without informing their customers is quite simply disgusting. I personally will remember this when making my own banking decisions, especially as all concerned remain in post, for some unfathomable reason.

…Or more specifically, to link to the Washington Post’s 3-page article about the U.S. Future Combat Systems.

It’s so easy to get caught up in the protection of data (or lack thereof) that it is easy to forget about the other primary goal of information assurance–getting correct information to the right place in good shape, accurately and on time, to preserve the confidence of the public in government’s ability to manage its own affairs.

“THOUSANDS of servicemen and women, including many fighting on the front line, are being underpaid because of failures in a new computerised pay system.”

…”The computer system, known as Joint Personnel Administration (JPA), was introduced in March last year in the Royal Navy and saw a flood of complaints from sailors not being paid their full pay. The RAF was taken on to the system in October last year, followed by the Army in April this year. The £250m system was implemented by EDS, which was widely criticised for its computerisation of the Child Support Agency.

One of the key problems with the system is that it requires senior officers to log in to authorise payments, which means that if they are away on operations, the whole procedure grinds to a halt. “The system is based on the design for a civilian pay system and takes no account of the complexities of the armed forces pay system,” one officer said.”

It’s a good thing that the British are so patient–these people are armed. It’s a very bad thing that we can’t get JPA right–ADP would have taken this on as an outsourcing project for a lot less than £250 million.

When people write or speak of network capacity constraints, it’s important to remember that, while Internet traffic increased 57% in 2006, network capacity increased 64%.

Nonetheless, when people write or speak about network capacity constraints, this is why: “In the less than four years since its launch, Comcast On Demand is outpacing Apple’s iTunes on about a 2-to-1 basis in about the same timeframe, the cable TV operator claimed. iTunes has recorded three billion music downloads to date, and averages about 58 downloads a second, according to Comcast.” Note that Comcast pipes VOD down their cable channel, which doesn’t affect traffic. But iTunes does. They’re just one provider…

According to Comscore, Americans downloaded 9 billion videos in September. According to this story, China has more broadband users than the U.S. of A.

Considering that most commercial ISP traffic is peer to peer (up to 80%, by some reports), we just have to hope that network builders… keep building. Sadly, there will be legal and technical distractions coming their way, which may take their eye off the ball. Fighting malware, responding to worries about industrial espionage, police ICT forensic investigations, the political fight over prioritized traffic… I’m a bit concerned about capacity.

This was covered in the London papers, but Popular Mechanics has better pictures and more links–I’m writing of course about Qinetic’s firefighting robots. “When you have money to burn, robots are the best kind of first responders: the disposable kind. Bomb-squad bots are already a common tool for local law enforcement agencies and the military, but remote-controlled firefighters are just now making it into the field. A team of robots built by London-based Qinetiq has recently started responding to a very specific threat: fires involving Acetylene gas.”

“The Roomba’s inventors over at iRobot have also explored this territory, claiming that its upcoming Warrior X700, which is due next year, could be used to fight fires.”

On the military side, “When robot-maker Foster-Miller strapped machine guns onto a trio of bomb-disposal bots and sent them to Iraq and Afghanistan in 2007, the company created the first armed robots to be deployed in a war zone. Still, no robot has ever actually fired a shot in combat. “Weaponized robots represent a new technology that is only in the developmental stages,” says Duane Gotvald, a deputy at the Pentagon’s Robotic Systems Joint Project Office.” Er, I have heard that shots have been fired in anger by robots… maybe not theirs…

From the information assurance point of view, the key quote is this: “One thing that won’t change is who decides to pull the trigger. MAARS doesn’t have a mind of its own: A soldier commands the bot through a video-and-map-enabled remote control.”

This generation of robots could be categorized as ‘longer nozzles’ for firefighting equipment or ‘longer barrels’ for the military. They should pose little or no IA issues. It’s when we start programming them that we need to concern ourselves with information security and assurance–but wouldn’t it be better if we were planning for that now?

The Economist’s Quarterly Technology Review is out today, and there are lots of Blindsidey nuggets to chew over.

They note progress being made in using virtual worlds for training and simulations, have a nice article on how DNA samples can be pickled (well use a briney process) for longer storage, and have two articles that I personally hope will be related in the near future: one about how corrective eye surgery is progressing and another about how head-mounted displays (HMDs) are creating a world of augmented reality.

Location-based services gets an article about Bluetooth enabling mobile dating, and another that makes me wonder if anybody is considering the information assurance issues about clustering volunteer computers to look for alien life and cures for cancer.

Surveillance in the stores gets an article–makes me hope this stays in the stores. But it won’t…

Larry Lessig of the EFF gets a nice write-up. Corrupt politicians (at least in the U.S.) should really start evaluating career alternatives.

But the piece I was waiting for, about Unmanned Aerial Vehicles (UAVs) is a real dud–unless you want the history. The present is much more interesting. Maybe they just ran out of space.

Now I have to wait three more months…

BoingBoing points to a piece on the Chinese malware economy:

The researchers set up virtual PCs running Internet Explorer, then visited nearly 15,000 Chinese websites, deliberately infecting their virtual systems with whatever crapware happened to be running on the system. Then they carefully analyzed the infections as they unfurled and encrappified the virtual instances of Windows, and used the results to reverse-engineer the way that the malware economy runs.