One of the issues that emerging technologies will be used to address is the changing demographic profile of the UK. It is simple enough to say that the Boomers are getting old and there are a lot of us. It is also simple to say that thanks in no small part to emerging technologies, we can expect to live a lot longer–and that more of this extra allotment of life will be in good health.

Some of the technologies covered by Blindside that have foreseeable impact on this include nanotechnology and location-based services, and we can expect to see new services, medicines and government policies created to cope with this phenomenon.

But the ageing of the Boomers is happening in conjunction with another societal phenomenon that is just as important. Think of it as convergence of two demographic trends.

The second trend is the atomisation of social structures, in particular the family unit. Family sizes have gotten smaller. The mobility of the workforce has led to families being separated by larger distances. The same trend has led to fewer personal connections that are local and physical. Remote working means that there are people who really don’t have to get out of the house except to buy groceries–and now, even groceries can be ordered online and delivered to your door. And there are growing numbers of people living in splendid isolation. Let’s call them the ‘isos.’ Those who remember Isaac Asimov’s R. Daneel Olivaw novels will understand quickly.

The numbers affected by these trends will be large (although they may not constitute a majority of the population). The services they will ask for will be technological ennablement for the continuation of this lifestyle. But perhaps the services they (we) will need may in fact be more sociological, in the sense that the UK may be better served if society works to draw the ‘isos’ out of their shell and back into the world.

While people will be pressuring (mostly local) governments to provide better and more services electronically, those governments that see farther may push to provide neighbourhood watch schemes, better community centres and opportunities to volunteer.

Interesting times ahead. Aristotle once wrote that man is a social animal. If he were to visit the UK twenty years down the road, I wonder if he’d change his mind? Of course, he also wrote, “Man, when perfected, is the best of animals; but when isolated he is the worst of all”

Via Kable: The Office of Public Sector Information has launched an online forum on the commercial use of government data.

Go here. Register. Comment.

“Our users have posted a total of 0 articles
We have 1 registered users
The newest registered user is admin
In total there are 4 users online : 0 Registered and 4 Guests ”

If those numbers stay the same, I don’t ever want anyone to complain about how the UK government doesn’t listen, isn’t responsive, blah and yet again blah.

Here is your chance.

As everyone has a vested interest in encouraging work at home, would it make sense for a single set of guidelines to be used across government? The clarity would be useful for smaller units and if vetted by someone like the CSIA, might increase take-up. I think the areas to be covered are fairly clear:
1. Prohibition of unsecured wireless access to the Internet
2. Password protection of both computer and government files/data
3. Preference for use of government laptops/desktops for home work
4. Minimum set of physical security requirements for computers, including anti-virus protection, protection against malware, etc.
5. Reporting procedures (not punitive) for loss of data or computer
6. Procedures regarding peripheral equipment
7. End of life turnover of computer or hard disk to controlling authority for destruction

I googled the term and the first return was for the Hertfordshire Constabulary. They seem to have done quite a good job, except for end of life issues for personal computers used for work.

However, the Surrey, Heath and Woking Primary Care Trust merely states that employees must keep equipment secure and bizarrely, that the PCT must inform them of security requirements. Hope there’s another document out there.

The Robert Gordon University policy is much more worried about viruses transported back to the University system than anything else, although they mention the importance of backing up data frequently to avoid loss or corruption, and say that employees must have ‘appropriate safeguards’ for home computing. This is followed by a link to the University IT policy, a series of Word documents that must be downloaded separately, and none of which are labeled ‘Security.’

I really think someone like the CSIA should promulgate a policy for basic home work procedures, and tack on an addendum for those who deal with sensitive information. Clarity and consistency would, I think, go a long way. So would the ability for a small business unit to feel that they have covered all the bases. It could be as simple as their Get Safe Online website…

…especially about the future. (Usually attributed to Niels Bohr)

I’m at the first conference of the Center for Responsible Technology, and while we’re waiting to kick off, there are slides playing of failed predictions from the past. Today’s favorite:

Computers in the future may weigh no more than 1.5 tons - Popular Mechanics, 1949.

Others: in 1901, Wilbur Wright told his brother that man-made flight would not be possible for another 50 years; Science Digest thought in 1948 that it would take another 200 years to land on the moon; some others stressing that when we think something’s impossible we’re usually wrong.

The slide needs another entry: AI founder John McCarthy told me that when he convened the original Dartmouth conference they thought they’d have artificial intelligence wrapped up on about six months.

wg

Hi all,

I have referred in the past to Dave’s Bit Bucket, run by Dave Walker of Sun. His blog can be a bit of a slog as he actually has the temerity to post code up regarding his Trusted Extension work, which just glides gracefully over my head. However, when he turns his attention to other subjects, we have to pay attention. So I will perform a much-needed public service here and link to specific posts relevant to Blindside:

Dave’s earlier post on Microsoft Vista (Why Microsoft Windows Vista cannot be deployed in Government, Critical National Infrastructure, or Battlespace …and I may well have missed a few categories for the sake of a concise subject line, especially where Finance, Aerospace, etc are not specifically included under the banner of “Critical National Infrastructure”. Read this, and be startled. Update: Putting a black hat on for a moment, this also means that Microsoft’s licensing verification servers will be the number 1 target for any actual Black Hat who wishes to cause general chaos, rather than target specific organisations; taking the licensing servers down in a manner which resulted in an outage of significant duration would precipitate a worldwide Vista outage. Also, in battlespace, if you’re running Solaris and your enemy is running Vista, it may be within the rules of war to target Microsoft’s licensing infrastructure (with either electronic warfare methods or, depending on the sphere of conflict, ordnance) and watch your enemy’s C4I infrastructure collapse…)

led to Dave linking to this: “DRM bites again: the Microsoft Windows Genuine Advantage servers (which every XP and Vista install phones home to) all failed sometime earlier today. The result? Every single Windows XP and Vista installation — except possibly those with volume license keys — is being marked as counterfeit when it tries to check in. Installations which are flagged as counterfeit switch to a “reduced functionality mode” which results in features like Aero and DirectX being disabled.”

When it comes time for Dave to renew his passport, he immediately sees a problem: “From the large list presented - and notwithstanding the extending clause of “someone of similar standing in the community” - I suspect that the average person wouldn’t have too much trouble finding someone who could be duped or bribed into providing a false assertion of identity for the Passport Office… ”

And, although we don’t want to stimulate plot ideas for 24, Dave looks ahead to future problems with remote working: With the continued rise in home-based and mobile working, the possibility of staff being forced to access and potentially modify data by suitably-armed ne’er-do-wells becomes a genuine - if niche - security issue. (…) Taking this into account, it’s possible that a well-designed system which authenticates users based on a username and password would require up to 4 passwords per user - one for legitimate login in a non-duress situation, and three more, one for each type of duress!

I guess I’ll never be a comedian–I don’t do things in the right order.

Here’s the punchline: Safety fears over new register of all children. “It will be available to an estimated 330,000 vetted users. Some of those allowed to check records, such as head teachers, doctors, youth offender and social workers, are uncontroversial, but critics have questioned why other potential users, such as fire and rescue staff, will have access to the database.”

Erm, why is this level of access uncontroversial?
Here’s the set-up:

Five civil servants who help run the national DNA database have been suspended after being accused of industrial espionage. It is alleged they copied confidential information and used it to set up a rival database in competition with their employers, the Government’s Forensic Science Service.

A civil servant who was paid thousands of pounds to rubber stamp passport applications for illegal immigrants and a drug dealer was jailed for two years and two months today.

An internal investigation at the Department for Work and Pensions (DWP) has found that civil servants are colluding with organised criminals to steal personal identities on “an industrial scale”. Ministers have been privately warned that the investigation will show that hundreds of thousands of stolen personal details have been ripped off from official databases, often with inside help. Key personal details such as national insurance numbers can be used to commit benefit fraud, set up false bank accounts and obtain official documents such as passports.

More than 200 civil servants in the Department of Work and Pensions (DWP) have been disciplined for surfing the Web for porn during office hours. In the last eight months the staff accessed over two million pornographic images, including 18,000 involving child abuse. The Sun newspaper reports that some of the sites touted images purported to be of kids as young as 13.

Teacher arrested over child porn

And in a different case,

Teacher arrested over child pictures

And in a different case,

Royal News Princess Eugenies Teacher Arrested On Porn Charges

And in a different case,

Ex-teacher charged with sexual encounter with pupil

And in a different case,

College rocked by new sex scandal

I give up–there’s a lot more out there.

I must confess that when I first heard about SCADA-related security issues, the first thing that came to my mind was some of the hype about the Millenium bug. It just seemed a bit too convenient that the people highlighting the issues were the people selling solutions to combat it. (SCADA refers to Supervisory Control and Data Acquisition, proprietary computer control networks used in a lot of industry, such as utilities and chemical plants, etc., etc.)

But Y2K was not all smoke, of course. In addition to providing a key trigger for the Indian consultancies, it prompted a lot of thinking about IT security, and some of it is relevant to SCADA. And we need to take this to the next level of depth.

If you saw Bruce Willis in Die Hard 4.0, you saw the bad guys hijack a lot of SCADA networks in order to generate pyrotechnics and chances for the hero to get out of DC. My understanding is that this is not at all realistic (What? A Hollywood action movie not realistic?) But we need to have this vetted.

My preliminary understanding of this is that security was not built into them when they were implemented and that organisations have been slow to build them in after the fact. As some of the functionality of SCADA networks migrated onto WANS and the Internet, network owners did not build in normal security protocols to protect from snooping, hacking and the same viruses and worms that bedevil all Internet users.

How correct is this preliminary understanding?

My casual reading of the literature suggests that precautions have been advised since 1999, that groups exist to highlight best practice and stimulate awareness of SCADA security issues, and that the problem is not so dire as to require the services of balding Yank action heroes.

Am I living in a dream world? Digital Bond, a security consultancy, would probably have you think so. This article in the August 22 issue of Forbes, the American business magazine, also expresses a level of concern that goes far beyond my preliminary assessment, talking about a successful penetration of a nuclear power plant’s SCADA network. IT Security expert Bruce Schneier wrote that he didn’t think SCADA was as much of a problem now as it would be in future, but in the same blog post he linked to a March 2007 story that detailed a serious hole found in the U.S. national infrastructure. I read this shortly after I blithely wrote on the Blindside wiki that I thought the maximum impact from SCADA issues was in the present, while solutions were being developed but adopted unevenly.

So which is it? Am I living in a dream world and ignoring a serious threat? Is SCADA security being over-egged by security vendors? Is the problem going to get worse?

We could use a little help on this one, folks.

Here’s what we wrote on the wiki.

…at State of Play, Doug Thomas told the story of the mother who emailed him for advice about her son. It seems that the previous weekend she’d gotten somewhat alarmed when he spent six hours straight playing World of Warcraft. She asked him to quit the game, and when he didn’t, she came over and turned off his computer. “But we were on the *final boss*!” Her question to Thomas: What happened? Thomas replied that what she had done was turn off the computer at the moment when his team had reached the final challenge of the day, leaving the 39 people relying on him stranded. Oh.

My friend Barbara used to talk about the ways that games could be made more family-friendly. For example, she and her son used to argue when mealtime or bedtime came along and he simply wasn’t at a stopping place. She felt that games would be a lot less contentious in a lot of families if designers paid more attention to things like making it possible to save the game at *any* point instead of only at certain, widely dispersed points, or making pause available throughout, and so on. I thought these were all good points, and the fact that so many games were not designed this way probably has or had something to do with the average demographic of the designers.

I don’t know what the solution might have been for WoW. The mother’s response to Thomas’s answer was something like, “Isn’t six hours a long time to play a game?” Well, it is. And especially so if you’re 13 or whatever and, as teenagers often do, fail to communicate to your parent in advance exactly what it is you’re signing up for this Saturday.

There has long been a lot of belief in some parts of the computer industry that virtual worlds are the future (or an important part of it). These kinds of issues will continue to resurface. At State of Play, the design panel talked about how architecture affects human behaviour, comparing real-life examples of public spaces with the virtual ones – in one case, they showed the same world with a big, central fountain around which people congregated and then without it, with people just randomly dispersing. Designers clearly think about this when they build their worlds. But there seems to me much less thought for the way the virtual world intersects with the demands of real life. There is no offline mode for Second Life, for example, so there is no way to sit offline on a plane and read the information you’ve collected in the world even though you can save notecards and other documents. The world itself is too big to download, but I don’t really understand why there is no offline mode for your own inventory and small home space. That, of course, gives the game gods complete control over your experience at all times – there’s always a wait when you log into the world while it downloads all the software updates since your last visit.

Via the BBC: “US job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen, says a security firm.
A computer program was used to access the employers’ section of the website using stolen log-in credentials. Symantec said the log-ins were used to harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server.”

Oops. Is anybody keeping score on these things? It’d be great to be a journalist covering this subject. Write the story once, use search and replace on the company name, hit submit.

If this is happening to companies that live or die based on their security, what do we expect to happen in situations (such as some government applications) where security is a ‘tick the box’ annoyance? Don’t get me wrong, a lot of people in government are passionate about information security–but by no means is it universal.

What are the possible consequences? Well, the story continues: “The program used to access Monster.com user data was a Trojan, which are commonly used to gain access to bank details, usernames and passwords. More than 8,000 new variants of Trojans are found each month, according to internet security specialists Sophos.

Last year, a British nurse was blackmailed by hackers who had used a Trojan to access her personal e-mails. They threatened to reveal personal details unless she paid them.

From Computer Weekly,

“Kent Police are pursuing a number of leads following a burglary at Sevenoaks-based Forensic Telecommunications Services (FTS) in which a server containing data on suspicious telephone calls over the past two years was stolen.

A police spokeswoman said, “The computer equipment contained evidence relating to telephone use linked to around 250 cases from police forces and law enforcement agencies across the UK, covering the last two years.

She declined to say whether the data was encrypted.

…A spokesman for FTS declined to provide any details beyond a prepared statement.

However, a Mail on Sunday report said the cases were related to counter-terrorism investigations.”