Hi all,

We’re going to be taking an extended break–far longer than Christmas hols. The CSIA is evaluating their options, so to speak, and will be deciding on whether or not to keep Blindside going at the end of Feb.

We’ll still be baby-sitting the site, so if you have comments on any IA issues (or on Blindside in general), put them on this post–maybe we’ll send an addendum over to CSIA.

We leave you with this. Symbolic of this shambolic year to date, really. 2007 should be remembered as the year we gave it away–it being data.

The personal details of three million learner drivers have been lost by the Government, ministers have admitted.

“Private information held on teenagers and other people taking the driving theory test - including their names, addresses and phone numbers - have gone missing from a company in America. Details of the people that sat the driving theory test between September 2004 and April 2007 were lost. In the latest such blunder by the Government, Ruth Kelly, the Transport Secretary, disclosed that the files held on a hard disc drive were lost at a facility in Iowa City last May. The Government faced questions about whether it has misplaced any more records and how many countries process personal details of Britons. Births, deaths and marriage records of millions of British citizens are at present being turned into digital files by a computer firm in India.”

“Miss Kelly was informed about the latest data loss - which experts say could expose millions to the threat of identity fraud - on Nov 28. Yet she admitted the fiasco only last night, on the eve of MPs’ Christmas break.”

Happy holidays to you all! We hope to see you in the New Year, refreshed and ready to continue our exploration of information and identity–we’ll turn into regular shrinks before we know it.

p.s. (You knew it had to happen, right?) “The beleaguered government agency at the centre of the child benefit records fiasco was embroiled in another personal data row last night after losing the pension details of more than 6,500 people. A data cartridge containing the information was misplaced by HM Revenue and Customs, which previously admitted losing two computer discs containing the entire child benefit database of 25 million people.”

“The pensions cartridge is not encrypted or password protected and contains the details of policy holders with Countrywide Assured plc, leaving them open to the threat of identity fraud. It holds their names, addresses, dates of birth, National Insurance numbers, a total valuation of their pension fund, the date of that valuation, the amount of their pension contributions and National Insurance rebates received. Their bank account details are not included.”

If what this Times commentator describes is true, somebody should go to jail. The rest of us should take note. As we may have mentioned one or two thousand times before, security technology and security procedures mean absolutely nothing if there is not an organisational commitment to the security of information.

That senior officers of Norwich Union and Avivia would protect their own data following news of the leak without informing their customers is quite simply disgusting. I personally will remember this when making my own banking decisions, especially as all concerned remain in post, for some unfathomable reason.

At the tail end of Silicon.com’s story about the technologies recommended by the Council for Science and Technology is this short section: “The CST also named four ‘platform or enabling’ technologies to support the above, including increased internet bandwidth for homes, businesses and mobile devices. The other areas are cell and tissues therapies, pervasive systems (networks of intelligent and pre-programmed devices providing services and information) and simulation or modelling technologies.”

From our point of view, there seem to be more IA issues with what they call enabling technologies than the technologies themselves… most of which we have discussed at some length here. Any thoughts? If Blindside cobbled together a commentary piece on this, do you think it would be appropriate to forward to the CST?

The final technology tipped by the Council for Science and Technology (as reported in Silicon.com) is “plastic electronics - an area which can be exploited for computers, communication systems, displays, sensing technologies and solar energy.”

I find this area hugely exciting–I want to be the first kid on the block to have a monitor screen that folds into a Japanese fan. Sheets used for e-books, photovoltaic cell arrays, billboard adverts–all this will be here soon and it will be fun. But the best part of it right now is that our interest can be innocent–I see (at this point) absolutely no information assurance issues arising from this.

So, correct me if I’m wrong, but otherwise let’s just watch this unfold (literally) and enjoy.

Continuing with the Council for Science and Technology’s recommendation of six technology sectors that should be targeted for public sector funding (as found on Silicon.com), we come to e-health systems.

We have been following the travails of NPfIT, which should have been a pioneer in e-health systems, but instead looks like it’s heading for the negative example category–how not to do it. My personal theory (probably not the Blindside consensus and almost certainly not the CSIA’s) is that the procurement structure made failure inevitable for NPfIT, and everything that has happened since has just been recording a bad accident in slow motion.

Jay Nussbaum of Oracle used to preach: “Start small, win quickly, scale fast.” Sounds like a prescription for a successful e-health system. Doesn’t sound at all like the way e-health systems are planned or commissioned.

At this point, I would predict with some confidence that increased public funding of e-health systems would only result in a bigger-sized failure. And yet, e-health systems are inevitable and desireable. So I would agree with the CST’s recommendation with one proviso: All increased funding should come in the form of prizes awarded to new systems built and tested and found fit for purpose by one purchasing organisation.

Again, via Silicon.com the Council for Science and Technology is recommending government funding for six technology sectors. We’re taking a quick overview of IA implications now. In this post we examince healthcare technology.

At first glance, it’s hard to think of a technology field that gets more press (and few that get more funding) than healthcare technology. Just to take the example used in the Silicon.com article, the Mobile Clinical Assistant has gotten a lot of press, including some coverage here. That coverage produced some fairly negative feedback which you can see at our post.

Much of the funding has been from the private sector, ranging from nanotech firms looking to speed drug delivery and improve targeting, to extending wireless coverage on healthcare campuses to enable tracking of blood, newborns, assets and staff. My preliminary question about this is what gap in technology exists that private companies are not addressing? Apart from orphan drugs, my suspicion is that government funding is needed only to buy the latest products and services. I have no quarrel with this, but am not sure new programmes are needed–just bigger budgets.

IA in healthcare is fraught. Healthcare needs inclusive and comprehensive information about an individual to treat them. They need to store a lot of it in case the individual comes back for more. The information has to be available wherever the patient presents. And you still have to protect their privacy. I don’t think anybody has solved this one yet. We’ll address this at greater length in our next post.

Via Silicon.com, we saw yesterday that the Council for Science and Technology is recommending six technology areas for government funding. One of those areas is distribution networks for low carbon electricity generation “to provide locally generated electricity using renewable and low carbon technology.”

This will bring with it information issues, but I’m not 100% convinced that these IA issues need to be solved by government. I think it will be more of a regulatory issue. I think the bottleneck issue for this will essentially be metering. Assuming that utilities can build temporary storage for electricity generated during non-peak times, government may, as has been done in Germany, mandate purchase of locally generated power at attractive rates, and cause that part of the general public that can respond to start doing so–perhaps in a wholesale manner. (I assume they’ll specify origin of power to insure the whole concept remains green–but how will they monitor and enforce this?)

But this type of forced transaction may not sit well with power companies, many of which are already, well, a bit sluggish (if not thuggish) in their treatment of residential customers. Who will measure the power that John is selling from his farm to British Gas? John or British Gas? How will it be measured? Who will arbitrate? The transaction may require two meters, one for John and one for the utility. Does the utility get compensated for line loss (typically 10%, but could be more for small transmission volumes)?

I think the regulatory scheme will have to be robust. The information assurance issue is trust in the quality of information transmitted and stored about a financial transaction, where there is a marked imbalance between the parties to the transaction.

Will British Gas and its competitors be compensated for having to build power storage facilities (not very efficient, but it’s part of the territory)?

This scheme will require significant investment. How will it be treated for tax purposes? Will John with a windmill have to register as a business?

Were I government, I would be testing to see how many would take this up. It has the potential to rival (in cost, complexity and amount of regulatory oversight) the set-up of a network of alternative fuel stations nationwide–which might provide greater environmental benefits at the end of the day.

Lots of number crunching to do for this one.

…Or more specifically, to link to the Washington Post’s 3-page article about the U.S. Future Combat Systems.

Again, many thanks to Silicon.com for bringing the Council for Science and Technology’s report on six technologies to prepare for to our attention. Here we discuss disaster mitigation technologies.

“Disaster mitigation technologies is another climate-related area aimed at predicting, preventing and preparing for natural disasters such as flooding and earthquakes. Technologies that would fall into this would include the existing Argo ocean monitoring system and the proposed European GMES climate monitoring satellite network.”

Again, high information components here, but we could also bring this closer to home and talk about the Thames flood barrier, the entire flood plain, and quite a bit more. One area of IA concern would be false positives in disaster prediction that could undermine confidence in all such systems. The fidelity of such systems would be of paramount importance. We remarked earlier that weather satellites had saved more lives than penicillin, but that is true only because millions of people in Asia believe it when they are told they have to move inland.

So, SCADA-type systems to monitor the functionality of the systems. Security of the entire information system. Fidelity of information gathering components that will actually be depended on for life-saving information.

Yes, I think this is a strong candidate for inclusion.

Via Silicon.com, “The Council for Science and Technology (CST) has named six technologies which should be in line for additional government funding. These are carbon capture and storage, disaster mitigation technology, low carbon electricity distribution, medical devices, e-health and plastic electronics.”

Let’s walk through the six and see if the IA components are strong enough to warrant their inclusion in Blindside.

Carbon capture and storage: It does not exist as yet, although the UK intends to pilot a project. The information element could be quite high–monitoring the state of whatever capture vessel is used will need to be accurate. A slow leak or a burst vessel could have high consequences. When they talk about the melting of the peat mass in Siberia (which would release large quantities of methane, 13 times more powerful than C02 as a greenhouse gas), nobody talks about the potential for a short-time frame release, which could have larger consequences than a gradual bleeding into the atmosphere. At any rate, carbon escape from a capture environment would kind of mean the whole project had been worthless. This would indicate a need for a SCADA system on steroids–assuming they sectioned off the capture area to minimise loss, monitoring pressure and inflows will need to be secure and accurate. I think this is a candidate for inclusion.

Hmm. I think I will tackle these in separate posts, to allow for separate commenting. Next up–Disaster mitigation technology.