Home Office documents laying out what is probably late-2007 thinking on ID cards have been leaking to the press. Here (PDF) you will find a complete version of a document analyzing options, with extensive No2ID annotation. Interesting reading for those here, and not just because it’s worth understanding how the government is thinking about ID cards these days. The kind of thinking embodied in this document is, I think, a significant reason why citizens do not trust government.

wg

Don’t think anyone’s flagged the Demos pamphlet (PDF) released in November that lays out the need for a new way of thinking about issues of national security. Basically, Demos argues for increased integration within government and also an understanding that the nature of threats has changed since the Cold War. I found the link on Bruce Schneier’s blog; BS also notes that the UK government has decided to stop calling it a “War on Terror”.

Both these points seem important to me. At CFP2000, Neil Stephanson gave a keynote in which he talked about the importance of getting the threat model right. He was in fact talking about privacy - traditional notions of privacy have focused on the state as Big Brother while today’s threats are thousands of Little (or maybe medium-sized) Brothers (like phone companies, credit card companies, supermarkets - but the point is the same.

So I think it’s a good sign for IA that people are thinking seriously about the threat model and rhetoric in common use. Especially if they adapt correctly to changing conditions.

wg

I think we tend to pay lip service to the idea that many information assurance issues are rooted in human behaviour. I wonder if we really tend to look at this proposition carefully. We might be reluctant because of the daunting scope of human-caused problems, or we might be reluctant because we understand how difficult it really is to change human behaviour.

“Two-thirds of IT managers don’t stop company employees from downloading music online, and only 1 in 5 block them from social networking Web sites. While a study found managers are worried about lost productivity and security issues, they also are concerned that blocking access to sites might hurt staff morale. The study, funded by antivirus software maker McAfee, also found that about 20% of workers let their friends and family use company computers, about 50% connect their own gadgets to their workstations and about 60% store personal content on company PCs.”

Via Computer Weekly, we see that “The London Borough of Brent is working on a project to provide a single view of residents’ data which will allow the council to improve customer service and the overall accuracy of council records. When complete in November, the project will allow Brent to conduct customer profiling in order to improve council services and offer additional services to residents. It will also help Brent comply with the Data Protection Act, which requires that information stored on an individual should be accurate.”

This could be very good. “The project has involved mapping out which systems hold the most accurate information. Customer data is extracted from the nine core council systems each night. The Initiate tool then matches customer records from each of these systems and links them together to form a master index of all customer information called the Client Index. Aside from building the master customer record the project also includes identifying change of circumstances eg change of address that have been recorded on council systems. All changes are passed back to council departments to ensure their systems are kept up to date. ”

Does anyone else notice that UK local governments have been leading the way for a couple of years?

One of the issues that emerging technologies will be used to address is the changing demographic profile of the UK. It is simple enough to say that the Boomers are getting old and there are a lot of us. It is also simple to say that thanks in no small part to emerging technologies, we can expect to live a lot longer–and that more of this extra allotment of life will be in good health.

Some of the technologies covered by Blindside that have foreseeable impact on this include nanotechnology and location-based services, and we can expect to see new services, medicines and government policies created to cope with this phenomenon.

But the ageing of the Boomers is happening in conjunction with another societal phenomenon that is just as important. Think of it as convergence of two demographic trends.

The second trend is the atomisation of social structures, in particular the family unit. Family sizes have gotten smaller. The mobility of the workforce has led to families being separated by larger distances. The same trend has led to fewer personal connections that are local and physical. Remote working means that there are people who really don’t have to get out of the house except to buy groceries–and now, even groceries can be ordered online and delivered to your door. And there are growing numbers of people living in splendid isolation. Let’s call them the ‘isos.’ Those who remember Isaac Asimov’s R. Daneel Olivaw novels will understand quickly.

The numbers affected by these trends will be large (although they may not constitute a majority of the population). The services they will ask for will be technological ennablement for the continuation of this lifestyle. But perhaps the services they (we) will need may in fact be more sociological, in the sense that the UK may be better served if society works to draw the ‘isos’ out of their shell and back into the world.

While people will be pressuring (mostly local) governments to provide better and more services electronically, those governments that see farther may push to provide neighbourhood watch schemes, better community centres and opportunities to volunteer.

Interesting times ahead. Aristotle once wrote that man is a social animal. If he were to visit the UK twenty years down the road, I wonder if he’d change his mind? Of course, he also wrote, “Man, when perfected, is the best of animals; but when isolated he is the worst of all”

…at State of Play, Doug Thomas told the story of the mother who emailed him for advice about her son. It seems that the previous weekend she’d gotten somewhat alarmed when he spent six hours straight playing World of Warcraft. She asked him to quit the game, and when he didn’t, she came over and turned off his computer. “But we were on the *final boss*!” Her question to Thomas: What happened? Thomas replied that what she had done was turn off the computer at the moment when his team had reached the final challenge of the day, leaving the 39 people relying on him stranded. Oh.

My friend Barbara used to talk about the ways that games could be made more family-friendly. For example, she and her son used to argue when mealtime or bedtime came along and he simply wasn’t at a stopping place. She felt that games would be a lot less contentious in a lot of families if designers paid more attention to things like making it possible to save the game at *any* point instead of only at certain, widely dispersed points, or making pause available throughout, and so on. I thought these were all good points, and the fact that so many games were not designed this way probably has or had something to do with the average demographic of the designers.

I don’t know what the solution might have been for WoW. The mother’s response to Thomas’s answer was something like, “Isn’t six hours a long time to play a game?” Well, it is. And especially so if you’re 13 or whatever and, as teenagers often do, fail to communicate to your parent in advance exactly what it is you’re signing up for this Saturday.

There has long been a lot of belief in some parts of the computer industry that virtual worlds are the future (or an important part of it). These kinds of issues will continue to resurface. At State of Play, the design panel talked about how architecture affects human behaviour, comparing real-life examples of public spaces with the virtual ones – in one case, they showed the same world with a big, central fountain around which people congregated and then without it, with people just randomly dispersing. Designers clearly think about this when they build their worlds. But there seems to me much less thought for the way the virtual world intersects with the demands of real life. There is no offline mode for Second Life, for example, so there is no way to sit offline on a plane and read the information you’ve collected in the world even though you can save notecards and other documents. The world itself is too big to download, but I don’t really understand why there is no offline mode for your own inventory and small home space. That, of course, gives the game gods complete control over your experience at all times – there’s always a wait when you log into the world while it downloads all the software updates since your last visit.

Welcome to those few of you who are not adorning a beach somewhere, and I offer my commiseration. Let’s try to entertain you by persuading you to resolve a dilemma involving rights to information and privacy. My challenge to you is, not only do you have to decide who has the right, but to devise more real world scenarios that bring these new issues and old rights together in conflict. Attend:

You are an individual of mixed race, both races minority (for convenience think Asian and African). You can pass as full-blooded in either race and often do. You have a child or children from a previous relationship. And you are ill.

As part of your treatment you need genetic analysis of predisposition towards several disease pathways. You are frightened that exposure of the results will a) reveal your mixed race heritage and b) prejudice your employability, insurability and sociability. So you agree with your consultant to test under an alias. And your treatment proceeds and you get on with your life.

Unbeknownst to you (does Beyonce have an evil twin called UnBeyonce?), your consultant also treats your child/children from a previous relationship, and recognizes that your genetic results are relevant to them. Your consultant knows that you would refuse to release your information, but their continued good health is dependent on having this information available. Just for the sake of preserving the moral dilemma, getting the genetic information from the children is not adequate, sufficient or practical (they live now in a foreign country, or something like that).

1. Is your right to control of information regarding your genetic history absolute?
2. Does your consultant have ethical responsibilities to act despite your desire for secrecy?
3. If sperm donors are required to disclose identity to their children, is a precedent established for requiring you to yield your genetic information?
4. Who should make the final decision?

Extra points for better dilemmas in the comments.

Via Kable, we learn that “Health secretary Alan Johnson announced on 24 July 2005 that information about patients’ own and other GP practices will eventually be available through the NHS Choices website. Data will cover practice opening hours and the times GPs are available for appointments, results from the national patients survey, core indicators of patient experience from the Quality and Outcomes Framework, and what extended services the practice offers.”

Er, um, no problem about opening hours and services offered, but results from the national patents survey? Lot of trust you’re placing in the hands of an analyst… What’s the difference (and which is better?) between that and having patients use a star rating a la Amazon book reviews?

Think about possible effects on GP behaviour… squeaky wheels and grease, patient selection, practice selection…

Here’s our preliminary assessment of the main categories of emerging technology issues, along with an impact rating. Each is discussed in more preliminary detail on the Blindside Wiki. We will be reporting to the Cabinet Office in mid-July on those that assessed as having an impact level of 3, and need full expert descriptions by that date.

This is your chance to tell us we’re on the wrong track: to add stuff; to argue that somethings missing, over-rated or under-rated. Don’t miss it!

Category Impact (from 3/high to 1/low)
————————
CCTV 3
Convergence 3
Location-based services 3
Mobile and Pervasive Computing 3
Open Standards 3
Anonymity 3
Data breaches 3
E-Voting 3
Human rights (intersection with emerging technology) 3
Identity management 3
NHS IT 3
Non-bank payment service providers 3
People and IT 3
Mission Critical Legacy Systems 3
Rampancy: AI gone wrong 3
Surveillance society effects 3
Semantic Web 3
Self-reproducing technologies: the “GRINs” 3
- *Geno- 3
- *Robo- 3
- *Info- 3
- *Nano- 3
Social media 3
APIs 2
Bandwidth - massive wireless and cable bandwith to the home 2
Shared Service Management 2
Ultraportable devices 2
Automated number-plate recognition (ANPR) 2
Bad sysadmin procedures 2
Bad procedures - other 2
Changes to daylight saving time in the US 2
Public sector databases on children 2
Keyloggers 2
Phishing 2
Phones as bugs 2
Technologies for Non-Repudiation 2
Underground economy servers 2
Unencrypted email 2
Biometrics - unencrypted 2
Windows Vista and other operating systems 2
Government IT projects 2
DNA terrorism 2
On demand computing (ODC) 2
Grid Computing 2
Quantum Computing 2
plus in the lower impact categories (please use the search box if you want to add to these):
Aeronautical cabin services 1
OpenDocument 1
Service-oriented architecture 1
APIs that change without warning 1
Cybercrime 1
Electronic banking 1
Fraud Websites 1
Search Engine Logs 1
Spam 1
Computing Monoculture 1
DRM and its side-effects 1
Environmental side-effects 1
Exploding Batteries 1
Optical Computing 1
User-generated content 1
Virtualisation 1
Generation C - the knowledge nomads 0

Thank you for any help, comments, suggestions.

The chaotic present and hopeful future of information systems exists in a microcosm about 30 minutes by tube from my flat, and I daily watch a stately procession of airliners descending to Heathrow Airport, a beautiful, if not quite silent, parade. It is at Heathrow airport that the current need for better performance on every topic covered in this blog is demonstrated. It is a non-sterile testing environment and the ultimate pilot project to test the ability of information systems and information assurance to integrate modern technology to meet the needs of a mass public. You may have noticed that I ticked every category we use in assigning this blog post its proper place in our own information hierarchy. It’s not a coincidence.

Let’s walk through the daily issues faced at Heathrow from an information standpoint:

1. About half of all tickets to fly are booked via the Internet, and that information must be completely available to several very different systems immediately and be perfectly accurate.
2. Parking systems must provide availability, administrative and financial information.
3. Public transportation systems must send and receive useful information about current operations and schedule changes, and receive and use similar information from several different airport systems.
4. The logistics of welcoming, feeding, watering and moving 67.7 million people per year (and taking care of 70,000 employees) are an interesting challenge, as is maintaining 48,000 square metres of retail space. Private security, first aid, tourist information, all of these have information issues attached.
5. Oh yes–core business–mustn’t forget–90 airlines, 186 destinations, 469,000 ‘air transport movements’ (er, would that translate to flights in English?) annually. Information requirements include weather at each destination, status of all airports and traffic, passenger information (but more on that below…)
6. On-time status of flights relating to connecting flights.
7. Correlating information from HMRC (well, more the C part than the R) with the Home Office (now with both parts of the newly divorced members of what was once one) and probably discreet communications with agencies using numbers as well as initials.
8. Communicating with the Civil Aviation Authority, National Air Transport System, HM Immigration–of course I’m sure they all use the same electronic forms that grab data smoothly from Heathrow systems… right?
9. Communicating with the media–and having the capability of communicating with international media
10. Having co-ordinated disaster preparedness programmes that are up to date as well as up to snuff.

Probably missed half a dozen supremely vital information systems there… but it’s Sunday morning, so it’s okay. (Did somebody say baggage?)

Lots of things to go wrong there. Amazingly, not much does. (Did somebody say baggage–again?) That’s why when things do go wrong it’s news.

Notice they don’t have an uber-contractor trying to integrate all systems and dictate technology standards and usage. Strange, that. And I’ll bet they often use trainer-net(where some employee puts on trainers and walks information to diverse destinations). But that’s how functional communities develop–and despite grumbling and glitches, Heathrow functions as an information community: People get to destinations, planes don’t fall out of the sky. Successful information communities do seem to develop from the ground up, not the top down.

I guess the point I’m trying to make is that information systems and information assurance issues develop in an ecosystem not a vacuum. Complexity in information management is probably a geometric rather than arithmetic function relating to the number of actors involved. And yet don’t we often see government requirements for information systems that are internally oriented and indeed self-referential? The box must be this big with holes here and here, and those holes must be guarded in this way. I think more than anything else, government’s inability to get value for money from IT investment is based on this issue.

Please feel free to contribute complaints about Heathrow in the comments–I’ve suffered there myself. My praise is directed at a higher level, at finding a community that functions. Your nominations?