Via Computer Weekly, Gordon Brown’s announcement that 10,000 mobile computers will be given to police to cut down on their paperwork by filing reports online. (Sigh.) I almost hate what’s going to happen next. Expect to see (not necessarily in this order):

1. Belated realisation that there are 144,000 police and that sharing may not be practical on this scale.
2. That training for effective usage may come in at 3 hours per head, which is more than 15 man-years
3. That security for laptops requires planning, practice and execution, and it will not be flawless at first.
4. That police cars, and hence their contents, do go missing
5. That the (mostly male) police force with online access in an often boring and isolated environment may find their thoughts turning to porn
6. That wireless coverage for online work is not universal
7. That laptops break–often at inconvenient times
8. That wireless forms transmitted will probably need to be encrypted

Shoot. I was hoping for 10 top-of-mind reservations–help me out here.

Making mobile technology available to public servants in the field is a really, really good thing and I think the Prime Minister is on to a good thing. But to avoid being blindsided, I hope they prepare a bit in advance. The military might be a good place to start.

Actually, I just thought of numbers 9 and 10–That the media will criticize the cost of the programme and belittle its effectiveness in the early days before it takes hold and police officers will write their usernames and passwords inside their hats.

What with one thing and another, I forgot about this piece until just now, when I went to update the Web page for that column series (www.pelicancrossing.net/hpkcols.htm - it’s the interviews column I do for the Inquirer). In it, Nicko van Someren, founder and CTO of nCipher, talks about the problem of key management: as crypto systems proliferate, dealing with keys is becoming a major issue.Natiurally, nCipher has a solution it would be happy to sell people, but that’s not the point: the point is more that every new security system we adopt comes with a complex management cost. This is true at all levels, from the major corporation that has a server tied up for a day just changing keys at all its sites throughout the world to the individual at home who locked down their Airport so tightly they now can’t remember how to open a connection for a guest who wants to use the Internet. These costs are part of why humans, who prefer easy lives, bypass security or turn it off rather than be hassled…

wg

As everyone has a vested interest in encouraging work at home, would it make sense for a single set of guidelines to be used across government? The clarity would be useful for smaller units and if vetted by someone like the CSIA, might increase take-up. I think the areas to be covered are fairly clear:
1. Prohibition of unsecured wireless access to the Internet
2. Password protection of both computer and government files/data
3. Preference for use of government laptops/desktops for home work
4. Minimum set of physical security requirements for computers, including anti-virus protection, protection against malware, etc.
5. Reporting procedures (not punitive) for loss of data or computer
6. Procedures regarding peripheral equipment
7. End of life turnover of computer or hard disk to controlling authority for destruction

I googled the term and the first return was for the Hertfordshire Constabulary. They seem to have done quite a good job, except for end of life issues for personal computers used for work.

However, the Surrey, Heath and Woking Primary Care Trust merely states that employees must keep equipment secure and bizarrely, that the PCT must inform them of security requirements. Hope there’s another document out there.

The Robert Gordon University policy is much more worried about viruses transported back to the University system than anything else, although they mention the importance of backing up data frequently to avoid loss or corruption, and say that employees must have ‘appropriate safeguards’ for home computing. This is followed by a link to the University IT policy, a series of Word documents that must be downloaded separately, and none of which are labeled ‘Security.’

I really think someone like the CSIA should promulgate a policy for basic home work procedures, and tack on an addendum for those who deal with sensitive information. Clarity and consistency would, I think, go a long way. So would the ability for a small business unit to feel that they have covered all the bases. It could be as simple as their Get Safe Online website…

Hi all,

I have referred in the past to Dave’s Bit Bucket, run by Dave Walker of Sun. His blog can be a bit of a slog as he actually has the temerity to post code up regarding his Trusted Extension work, which just glides gracefully over my head. However, when he turns his attention to other subjects, we have to pay attention. So I will perform a much-needed public service here and link to specific posts relevant to Blindside:

Dave’s earlier post on Microsoft Vista (Why Microsoft Windows Vista cannot be deployed in Government, Critical National Infrastructure, or Battlespace …and I may well have missed a few categories for the sake of a concise subject line, especially where Finance, Aerospace, etc are not specifically included under the banner of “Critical National Infrastructure”. Read this, and be startled. Update: Putting a black hat on for a moment, this also means that Microsoft’s licensing verification servers will be the number 1 target for any actual Black Hat who wishes to cause general chaos, rather than target specific organisations; taking the licensing servers down in a manner which resulted in an outage of significant duration would precipitate a worldwide Vista outage. Also, in battlespace, if you’re running Solaris and your enemy is running Vista, it may be within the rules of war to target Microsoft’s licensing infrastructure (with either electronic warfare methods or, depending on the sphere of conflict, ordnance) and watch your enemy’s C4I infrastructure collapse…)

led to Dave linking to this: “DRM bites again: the Microsoft Windows Genuine Advantage servers (which every XP and Vista install phones home to) all failed sometime earlier today. The result? Every single Windows XP and Vista installation — except possibly those with volume license keys — is being marked as counterfeit when it tries to check in. Installations which are flagged as counterfeit switch to a “reduced functionality mode” which results in features like Aero and DirectX being disabled.”

When it comes time for Dave to renew his passport, he immediately sees a problem: “From the large list presented - and notwithstanding the extending clause of “someone of similar standing in the community” - I suspect that the average person wouldn’t have too much trouble finding someone who could be duped or bribed into providing a false assertion of identity for the Passport Office… ”

And, although we don’t want to stimulate plot ideas for 24, Dave looks ahead to future problems with remote working: With the continued rise in home-based and mobile working, the possibility of staff being forced to access and potentially modify data by suitably-armed ne’er-do-wells becomes a genuine - if niche - security issue. (…) Taking this into account, it’s possible that a well-designed system which authenticates users based on a username and password would require up to 4 passwords per user - one for legitimate login in a non-duress situation, and three more, one for each type of duress!

I guess I’ll never be a comedian–I don’t do things in the right order.

Here’s the punchline: Safety fears over new register of all children. “It will be available to an estimated 330,000 vetted users. Some of those allowed to check records, such as head teachers, doctors, youth offender and social workers, are uncontroversial, but critics have questioned why other potential users, such as fire and rescue staff, will have access to the database.”

Erm, why is this level of access uncontroversial?
Here’s the set-up:

Five civil servants who help run the national DNA database have been suspended after being accused of industrial espionage. It is alleged they copied confidential information and used it to set up a rival database in competition with their employers, the Government’s Forensic Science Service.

A civil servant who was paid thousands of pounds to rubber stamp passport applications for illegal immigrants and a drug dealer was jailed for two years and two months today.

An internal investigation at the Department for Work and Pensions (DWP) has found that civil servants are colluding with organised criminals to steal personal identities on “an industrial scale”. Ministers have been privately warned that the investigation will show that hundreds of thousands of stolen personal details have been ripped off from official databases, often with inside help. Key personal details such as national insurance numbers can be used to commit benefit fraud, set up false bank accounts and obtain official documents such as passports.

More than 200 civil servants in the Department of Work and Pensions (DWP) have been disciplined for surfing the Web for porn during office hours. In the last eight months the staff accessed over two million pornographic images, including 18,000 involving child abuse. The Sun newspaper reports that some of the sites touted images purported to be of kids as young as 13.

Teacher arrested over child porn

And in a different case,

Teacher arrested over child pictures

And in a different case,

Royal News Princess Eugenies Teacher Arrested On Porn Charges

And in a different case,

Ex-teacher charged with sexual encounter with pupil

And in a different case,

College rocked by new sex scandal

I give up–there’s a lot more out there.

…at State of Play, Doug Thomas told the story of the mother who emailed him for advice about her son. It seems that the previous weekend she’d gotten somewhat alarmed when he spent six hours straight playing World of Warcraft. She asked him to quit the game, and when he didn’t, she came over and turned off his computer. “But we were on the *final boss*!” Her question to Thomas: What happened? Thomas replied that what she had done was turn off the computer at the moment when his team had reached the final challenge of the day, leaving the 39 people relying on him stranded. Oh.

My friend Barbara used to talk about the ways that games could be made more family-friendly. For example, she and her son used to argue when mealtime or bedtime came along and he simply wasn’t at a stopping place. She felt that games would be a lot less contentious in a lot of families if designers paid more attention to things like making it possible to save the game at *any* point instead of only at certain, widely dispersed points, or making pause available throughout, and so on. I thought these were all good points, and the fact that so many games were not designed this way probably has or had something to do with the average demographic of the designers.

I don’t know what the solution might have been for WoW. The mother’s response to Thomas’s answer was something like, “Isn’t six hours a long time to play a game?” Well, it is. And especially so if you’re 13 or whatever and, as teenagers often do, fail to communicate to your parent in advance exactly what it is you’re signing up for this Saturday.

There has long been a lot of belief in some parts of the computer industry that virtual worlds are the future (or an important part of it). These kinds of issues will continue to resurface. At State of Play, the design panel talked about how architecture affects human behaviour, comparing real-life examples of public spaces with the virtual ones – in one case, they showed the same world with a big, central fountain around which people congregated and then without it, with people just randomly dispersing. Designers clearly think about this when they build their worlds. But there seems to me much less thought for the way the virtual world intersects with the demands of real life. There is no offline mode for Second Life, for example, so there is no way to sit offline on a plane and read the information you’ve collected in the world even though you can save notecards and other documents. The world itself is too big to download, but I don’t really understand why there is no offline mode for your own inventory and small home space. That, of course, gives the game gods complete control over your experience at all times – there’s always a wait when you log into the world while it downloads all the software updates since your last visit.

Via the BBC: “US job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen, says a security firm.
A computer program was used to access the employers’ section of the website using stolen log-in credentials. Symantec said the log-ins were used to harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server.”

Oops. Is anybody keeping score on these things? It’d be great to be a journalist covering this subject. Write the story once, use search and replace on the company name, hit submit.

If this is happening to companies that live or die based on their security, what do we expect to happen in situations (such as some government applications) where security is a ‘tick the box’ annoyance? Don’t get me wrong, a lot of people in government are passionate about information security–but by no means is it universal.

What are the possible consequences? Well, the story continues: “The program used to access Monster.com user data was a Trojan, which are commonly used to gain access to bank details, usernames and passwords. More than 8,000 new variants of Trojans are found each month, according to internet security specialists Sophos.

Last year, a British nurse was blackmailed by hackers who had used a Trojan to access her personal e-mails. They threatened to reveal personal details unless she paid them.

Via Bruce Schneier, this story about a test of facial recognition systems in Germany.

“Face Recognition Test Results
For a few months, German police tested a face recognition system. Two hundred frequent travellers volunteered to have their faces recorded and three different systems tried to recognize the faces in the crowds of a train station. Results (in German): 60% recognition at best, 30% on average (depending on light and other factors).”

Perhaps this comment summarizes it best:

“Yawn. Automatic face recognition again. It just doesn’t work except in highly controlled conditions, and as this test shows, not well enough even then: with a self-selecting group of peop;e who wanted to be recognised (or didn’t mind if they were recognised) it could only manage 60% at best.
The face isn’t even a reliable way to identify people, as personal experience shows. On the one hand, people look like each other; on the other hand, people’s appearances change, deliberately or fortuitously, enough to confuse a computer program.
Face recognition is one of the things humans can do better than computers, and even we aren’t 100%”

…is your voiceprint. This article in the Economist seems half smoke (how could a company have voiceprint software that is fit for purpose and not have voice recognition for numbers?) but half-exciting. Comments from those more expert?

Hi all, sorry I haven’t been here to bother you for the past two days.

I’m giving a 20-minute talk at an event tomorrow on IT Security Implications for Network Convergence. Here are my notes–what did I miss?

Implications of Network Convergence

Have we had the right conversations about the right issues?

 Convergence is enabled by technological change, but is not driven by it. The drivers of convergence are mainly commercial.
 Convergence affects not just telecommunications and broadcasting. The scope of convergence is the entire knowledge and transaction-intensive services sector;
 Convergence is structural in nature, but changes to industry structure are the most profound changes associated with it
 Would anybody here wager that all of the commercial sponsors of this event will all have the same corporate governance in 2 years’ time?

Real World Effects of Network Convergence

Lesser Effects
• Fewer network owners (oligopoly), less responsive?
• May require more regulation as a result
• May decrease options for network users
I call these lesser effects because in many countries the regulatory framework exists to effectively deal with these issues—we don’t have to invent ways of treating oligopolies or organisations to protect consumers.
Greater Effects
• Currently, the Internet treats all traffic equally. In future, converged networks will be able to pick and choose messages and send them to recipients more quickly and efficiently based on their value to network owners. It is possible that network owners will make perfect decisions regarding priorities, and that those decisions will align with their commercial needs. Possible, but not too likely
• Convergence on IP networks may render other networks redundant. Sky may not need as many billion pound satellites, choosing to use IPTV to distribute content. BT may finally be able to offload their very expensive business of maintaining copper connections to home and business, and just provide wireless connections to all. Bear in mind that BT would love this, in terms of reducing costs. Television and radio broadcasters may choose to cease terrestrial broadcasting in favour of using the Internet.
o The Internet was invented to be a back-up system to radio and telephone communications in case of a disaster. If the back-up system becomes the only system, what do we do if the network goes down?

IT Security Issues

Network Failure and Degradation
One problem with converged networks and the service-oriented architecture that tends to support them is that the majority of large networks are poorly understood. Traffic has typically been added piecemeal over a long period and much data communication does not require particularly high standards of service.

This is especially true of service-oriented architectures (SOA). Ambitious developments in this area have led to a situation where the precise communications flows are not well known. As this kind of architecture is often built to be tolerant of high latency and lost packets, nobody is aware of issues until the network is subjected to new stresses. Services such as VoIP, Citrix-style thin clients or video are not at all tolerant of low quality networks.

Question 1: Have we designed a ‘Fail and Fix’ into our approach to network problems?

When it comes to security, there are three main areas of focus: Unauthorized access to data and resources (which is where access control and encryption come in); Malware (such as viruses, spam.); Compliance with government and industry regulations.

Question 2: Are these the right areas of focus in 2007, and will they be the right areas to focus on in 2009?

Typically, security is controlled by PINs and access numbers, which, depending on the vendor, can often be customized to a wide degree, and SSL 128‐bit encryption. Organisations can add more layers, depending on their needs and the ability of the applications to accept it. Convergence applications require security in three key areas: user access, data protection, and delivery security.

Those components have been turned into a new discipline, or field of endeavour, called Identity Management. It is new. Standards and agreements on interoperability are still under discussion.

Question 3: Is Identity Management as a concept and practice robust enough to be the linchpin for converged networks?

Those are my 3 questions. What are yours?