Just adding my two cents to the festivities.

I’ve been following the Hollywood writers’ strike a bit. In one sense, it’s a side issue for Blindside, since it doesn’t affect government IA. But on the other hand…the concentrated power of media conglomerates does affect IA. In theory, the bigger the media conglomerate the more able it *should* be to keep government honest - its traditional “Fourth Estate” role. But in practice what happens is safe choices, cut budgets for news reporting and “difficult” films and TV shows, and corporate pandering. I don’t think any of these things do society any favors. More than that, the WGA/AMPTP battle is, again, about copyright and royalties. If ever there were a situation that proved the utter hypocrisy of the RIAA/MPAA claim that their attacks on file-sharing and pursuit of copyright extension are about getting the artists paid, this is it. We hear a different story come contract time.

Journalists lost the battle to participate in the revenue stream from electronic media more than ten years ago; publishers began demanding all-rights contracts sometime in the mid-1990s. Photographers are in dire trouble from similar demands by Corbis and Getty, and are being squeezed by the mass of amateur material on Flickr, as this recent piece by Andrew Brown talks about (and this earlier one of mine also). Hollywood writers are essentially holding the fort for the rest of us - and it’s notable that the only big-league TV production company that is actually owned by its creators, that is, David Letterman’s World Wide Pants, is also the only organization that has reached an agreement with the WGA. Letterman’s competitors can’t do it: their shows are owned by their networks, and they themselves are studio employees. The official strike blog notes that the Wall Street firm Bear Stearns has estimated that acceding to the WGA’s demands would have a “negligible” impact on the studios’ bottom line. But acceding to the AMPTP’s demands, so that creators do not share in the revenues from tomorrow’s mainstream media will have an enormous impact on the cultural landscape for the rest of us.

wg
P.S. Wondering how many episodes you’ll get to see of your favorite shows this year? Try TV Guide’s handy list.

The Economist’s Quarterly Technology Review is out today, and there are lots of Blindsidey nuggets to chew over.

They note progress being made in using virtual worlds for training and simulations, have a nice article on how DNA samples can be pickled (well use a briney process) for longer storage, and have two articles that I personally hope will be related in the near future: one about how corrective eye surgery is progressing and another about how head-mounted displays (HMDs) are creating a world of augmented reality.

Location-based services gets an article about Bluetooth enabling mobile dating, and another that makes me wonder if anybody is considering the information assurance issues about clustering volunteer computers to look for alien life and cures for cancer.

Surveillance in the stores gets an article–makes me hope this stays in the stores. But it won’t…

Larry Lessig of the EFF gets a nice write-up. Corrupt politicians (at least in the U.S.) should really start evaluating career alternatives.

But the piece I was waiting for, about Unmanned Aerial Vehicles (UAVs) is a real dud–unless you want the history. The present is much more interesting. Maybe they just ran out of space.

Now I have to wait three more months…

Information Assurance almost by definition starts from the top of an organisation and works down. (Well, at least by my definition, which involves a board-level commitment to risk management, smooth flow of information to appropriate resources, and protection of information from those not explicitly authorised to view it).

But can this work in the public sector? Obviously, it currently does not, but is it feasible? I guess what I would like feedback on is if there is an Information Assurance briefing for those who move into senior levels of public service, get elected, change organisations, etc. Is there a Book? (a movie…?) Is there an IA Seminar 101 for those who move into positions of responsibility?

Then moving down, is there appropriate training for mid-level management? Should cover most of the same issues, but in greater depth as they will have to execute the broad strategies developed up above, right? And then, of course, the front lines. What dedicated training do they receive in information security, good data hygiene, etc.?

If it’s all there and up and running, I’d like to know.

Afterthought: On a Toyota assembly line, any production worker can stop the line if s/he suspects something is going wrong. I would wager that similar devolved authority to front line workers in government would stop a lot of these problems, especially if accompanied by appropriate training beforehand.

Here’s the story on the day after…

I have said this before on this blog. There are countries where a national identification card is completely non-controversial. There are possible benefits to society from a well run and properly managed system.

But in my heart of hearts I do not believe that this country’s government (and I do not distinguish between political party here) is capable of building and operating an ID management system at this point in time without disastrous consequences to information assurance.

One weapon in the war for information assurance is enforcing legal penalties: “A hacker has pleaded guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. He could spend 60 years in prison and face a US$1.75 million fine.” Of course, given that so much mischief originates in S. Korea and China, (although contracted for by Western hooligans), those of us concerned with the safety of the Internet would have to consider financing a) legislation, b) enforcement and possible c) incarceration costs for this method to actually work.

The term ‘trusted news source’ takes on another meaning: Visitors to IndiaTimes.com, a major English-language Indian news site, risk infecting their computers with a deluge of malware, according to Mary Landesman, senior security researcher at ScanSafe.
“It’s an entire cocktail of downloader Trojans and dropper Trojans,” Landesman said Friday, putting the number of malicious files involved at 434. This includes scripts, binaries, cookies, and images.

Perhaps from the Stasi memorial files: If everybody is spying, is there any privacy to violate? “Think your wife may be cheating on you? Wondering who your boss might be talking to? “Learn the truth. Spy today.”
So reads an ad for “Bluetooth Spy Pro-Edition,” one of nearly 200 mobile phone spyware products currently listed for sale on eBay.
The software, which costs as little as $3.99, can be used to view photographs, messages, and files on the phone, listen into phone conversations, and even make calls from the phone being spied upon.”

“MPs are set to be allowed to bring BlackBerrys into the House of Commons after rebel members failed in an attempt to prevent their use despite three-and-a-half hours of debate last week.”

I sort of overly-ostentatiously turn off my mobile devices when I walk into a meeting–ostentatiously because I hope the courtesy will be reciprocated. It rarely is. I personally think that they’re making a mistake here, and should check their kit at the door, like Mad Max entering Bartertown. I sort of want my MP paying attention to what’s happening on the floor.

Curious that this debate is occurring at the end of 2007, though.

Mary Meeker was an analyst who, back in the nineties, was accused of over-hyping dot com companies, helping them launch into publically listed existence. Many of her recommended picks failed, a few became the Internet powerhouses we see on the web today. Mary became very controversial for a while. Perhaps failing upwards, Ms. Meeker is now head of Morgan Stanley’s global technology research team.

She is here before us today, ranking countries in terms of their Internet ‘power,’ or who is leading the world in what.

The American news story focusses on America’s declining share of world GDP, which really should be welcome news for all, including Americans. What interests me is her assessment of world leaders in certain areas of Internet practice.

“In terms of the Internet — especially in technologies key to Web 2.0 success — the fastest growth is in non-U.S. markets. For example, Germany leads the e-commerce market, China leads in online gaming, South Korea leads in broadband, Japan leads in mobile payments, the United Kingdom leads in online advertising, Brazil and South Korea lead in social networking, and the Philippines leads in micro-transactions via SMS.”

Nice to know the UK leads in something. Pity it’s just advertising. Sadly, Ms. Meeker does not nominate a country as leader in the areas of IT security, information assurance, etc.

I bring this up because I wonder where people turn when they search for best practice. There was a time when the default might well have been the U.S. for many areas of technology. But I think that time passed around 1990.

There is, or should be, relevance to information assurance efforts in all of this, as a technology that undergoes its growth pains in another country and matures into commercial propositions can be introduced into the UK as a disruptive solution before anybody has had a chance to consider the implications. If it is introduced from a country where legislative and regulatory goals are vastly different, it could have implications for all of us.

Yesterday I posted about a Korean company that allows for mobile phone CCTV coverage of your house (it’s near the bottom of the post). But of course it doesn’t have to be your house. It can be anyplace you can stick a webcam. Great technology. But there are implications for privacy, security, all the things we go on about here at Blindside.

And a long time ago I asked if the UK was ready in any meaningful sense of the word to integrate best practice or leading edge technology currently available in other parts of the world, should they migrate here in full form. I didn’t get an answer… so I’ll ask again, using this as a specific case study.

Is the UK prepared, in terms of existing laws and regulation, in terms of social attitudes and acceptance, in terms of technology infrastructure, to accept a fully-formed technology that allows anyone to stick a webcam anywhere and view the results over a mobile phone?

Three stories this week that I think together highlight both the good and bad sides of having the Internet around and the challenge it poses.

The good, user vigilance division: I saw a posting a few days ago on a community board I frequent that eBay was in the middle of being hacked. This eBay forum thread discusses the hack, though I don’t know how long the link will be valid. The story also got Slashdotted and YouTubed (someone made a video of the hack in progress, which involved posting user IDs along with contact and cc information, though eBay said the latter was not associated with the IDs). Someone else logged a list of posted IDs. It’s worth pointing out that this community effort warned people before eBay made an official response - by all accounts it took eBay an hour to an hour and a half to realise what was going on and shut down the Trust and Safety forum, where the information was being posted. How long would it take a government department on a weekend? eBay is, of course, a very big target; large government projects will be even bigger ones.

The good, keeping companies honest division: the comments, here on this week’s Excel bug were, I thought, rather interesting. The MS guy was trying to reassure them by saying that the underlying calculations are correct even though Excel is displaying the wrong values in the spreadsheet. But as the comments point out, this isn’t much comfort. People copy and paste values, and they read aloud and copy from printouts of spreadsheets - an error like this can find its way into all sorts of places. The machines are fine as long as they only talk to each other - it’s crossing the machine/human barrier that’s dangerous. Through the lens of the nanotech conference one might ask whether at some point the machines might decide we’re too risky to talk to. Interesting to speculate what the surfaces of computer programs would look like without the need for human display. (eg, Internet addresses would all be numbers, and there would be no domain name system).

The bad, enabling anonymous distribution of performance-enhancing drugs. This week saw a huge DEA action in the US that took out more than 50 labs churning out steroid pills from powders sourced from China and more than 120 arrests. The pills, which the DEA says were made up in bathtubs and sinks in unsanitary conditions (as much like scare tactics as that sounds - it’s probably true, but it’s not clear how big a risk it is compared to ingesting the steroids themselves), were largely sold over the Internet through Web sites and chat boards to folks like amateur bodybuilders and high school kids, if I’m reading this right. Illegal drug smuggling is of course nothing new, but as much as we make fun of the oft-invoked Four Horsement of the Infocalypse (organised crime, drug dealers, terrorists, and pedophiles) a DEA report from 2003 talks about the setup they’ve since spent two years investigating, and one of the points they make is the difficulty posed to them by services like Hushmail. It dismays me quite a lot that the general answer to this problem overall (and I think if kids are taking steroids to make the football team it *is* a problem) is rampant drug testing with all the privacy invasiveness and presumption of guilt that involves. Going after the distribution network seems to me a better idea, though I doubt long-term it will make much odds. Since WADA’s testing regime began drug use has done little but escalate among athletes at all levels, AFAICT. The Net didn’t make this happen, and correct enforcement is not to shut down privacy-enhancing services or Web forums but to investigate in the physical world. I don’t think, though, that morality plays like last week’s sententious posturing over Floyd Landis’s suspension from cycling, help at all. If anything, they serve to highlight the notion that winners take drugs…

wg

One of the issues that emerging technologies will be used to address is the changing demographic profile of the UK. It is simple enough to say that the Boomers are getting old and there are a lot of us. It is also simple to say that thanks in no small part to emerging technologies, we can expect to live a lot longer–and that more of this extra allotment of life will be in good health.

Some of the technologies covered by Blindside that have foreseeable impact on this include nanotechnology and location-based services, and we can expect to see new services, medicines and government policies created to cope with this phenomenon.

But the ageing of the Boomers is happening in conjunction with another societal phenomenon that is just as important. Think of it as convergence of two demographic trends.

The second trend is the atomisation of social structures, in particular the family unit. Family sizes have gotten smaller. The mobility of the workforce has led to families being separated by larger distances. The same trend has led to fewer personal connections that are local and physical. Remote working means that there are people who really don’t have to get out of the house except to buy groceries–and now, even groceries can be ordered online and delivered to your door. And there are growing numbers of people living in splendid isolation. Let’s call them the ‘isos.’ Those who remember Isaac Asimov’s R. Daneel Olivaw novels will understand quickly.

The numbers affected by these trends will be large (although they may not constitute a majority of the population). The services they will ask for will be technological ennablement for the continuation of this lifestyle. But perhaps the services they (we) will need may in fact be more sociological, in the sense that the UK may be better served if society works to draw the ‘isos’ out of their shell and back into the world.

While people will be pressuring (mostly local) governments to provide better and more services electronically, those governments that see farther may push to provide neighbourhood watch schemes, better community centres and opportunities to volunteer.

Interesting times ahead. Aristotle once wrote that man is a social animal. If he were to visit the UK twenty years down the road, I wonder if he’d change his mind? Of course, he also wrote, “Man, when perfected, is the best of animals; but when isolated he is the worst of all”

The reaction from (I think) almost everyone who contributes to the Blindside project would be no. However, after hearing our impassioned arguments, many in Government still believe it is in the UK’s best interests to order everyone in the UK to submit DNA to government for inclusion in a national database.

Instead of starting off with my reasons why I think this is a seriously flawed idea, I want to focus on the reasons why some think it is good–or at least necessary. I don’t believe that all who support a comprehensive DNA database are either evil or fools, and some clearly have given thought to this.

A national registry of DNA would help government perform some things more efficiently without requiring structural change. Currently, the national media keeps attention focused on certain major issues–crime, and to a lesser extent (this year at least), immigration. Government supporters of a DNA database evidently believe that it would help deal with those issues.

My argument (FWIW) against this is that a DNA database would help in solving crime and identifying current illegal immigrants, but would do much less in preventing crime and future illegal immigration. Similar arguments were advanced regarding CCTV’s potential for deterrence of crime, and these arguments proved invalid. CCTV has not deterred crime, but has helped identify criminals after the fact. I don’t think DNA DB would play out much differently. Hence, to me it seems a major sacrifice of personal liberty for a false hope. If a DNA database proves ineffective in dealing with crime and immigration, they will not throw away the DB in disgust.

But the current structure of police forces, with fewer cops on the beat actually deterring crime, has shifted its focus to high tech resolution of crime instead. A DNA database would allow them to keep the same structure, beefing it up and increasing their powers. A DNA DB would allow the judicial system, currently fighting a backlog at the same time it resists internal technological change, to be (it hopes) more efficient without, again, undergoing structural change.

The persistence of the desire for such a database in the face of all the problems that have been noted in the concept means to me that government feels besieged, not just by crime and immigration (which aren’t nearly as bad as the effects of media coverage of same), but by all the effects of the 20th and 21st centuries, and are searching for a silver bullet that will allow them to do things the way they want to do them.

There has been considerable reorganisation of government departments over the past 5 years, but it’s hard to avoid the impression that much of that has been name changing and seat shuffling. I think the most passionate advocates of a DNA database are really defending their way of life more than anything else.

I do think every discussion of a national DNA registry should include a brief summary of some of the most important objections to it:

1. Data will be entered incorrectly, lost or sold illegally. As the system gets used for more purposes, the effects will be fatal to some. Lives will be lost.

2. People will learn how to defeat the system, reducing its reliability. The most common means will be via corruption of civil servants.

3. The money spent on such a system, if redirected towards a more visible police presence in city centres on Saturday nights and at the principle points of entry into the UK, would actually reduce crime and illegal immigration to the extent that the DNA registry would not be necessary.

4. As currently constituted, the UK government is incapable of holding this information securely. It will be stolen. It will be sold.

5. Maintaining border security by identifying ‘legitimate’ citizens and assuming anyone not on the list is illegitimate will result in wide-scale violations of human rights and crimes against those who do not appear on the list.

I almost got through that list without mentioning human rights, and I didn’t talk about liberty either. They evidently are not a major consideration in this argument, so why beat a dead horse?

Let me just mention what I would support. A database for the NHS with voluntary contributions of DNA to assist in patient care. Mandatory DNA sampling of criminals convicted of a serious crime. That’s it.

And by the way, it should be obvious that arguments against a national DNA registry transfer without much modification to a National Identity Card Programme. As with a DNA registry, it is being proposed to benefit government, and the burden of proof needs to be placed squarely on the shoulders of its proponents.