Robin Wilton's esoterica

I was thinking of calling this entry "Last Post", but that seemed needlessly downbeat.

Monday will be my last day on Sun's payroll, and I will be moving on to other things - initially setting up my own freelance consultancy, and then I'll see whether that leads back into full-time corporate employment, or whether the independent life is so fantastic that I stick with it.

It's going to be a challenging time, I'm sure, especially in the current economic climate, but I'm also sure that there will be plenty of new experiences, and interesting problems to solve.

Life at Sun since 2000 has never been dull, and the last 4 years in particular have been among the most enjoyable of my working life. I was re-visiting my LinkedIn profile the other day, and read what I had written there in the Summary:

"My goals are to increase the influence I am able to apply at CxO and Policy-maker level, and to achieve the perfect work/life balance"

Well, I suspect that becoming self-employed is about to do all kinds of interesting things to my work-life balance, but I have definitely made progress towards the other goal. That sank in when I was looking through some of the snapshots on my phone; over the last couple of years I have attended presentations from the Prime Ministers of Portugal and France, met the Government CIOs of the UK and Austria, dealt with ministers and senior civil servants from Finland, Germany, Norway, UK, US and the European Commission, worked with the OECD, and given lectures at universities in Washington DC, London and Sapporo.

It's been great fun, and has given me the opportunity to travel to interesting places and work with wonderful people. I can honestly say that the novelty, excitement and sheer sense of privilege have never worn thin. Here's hoping it has equipped me well for whatever comes next.

As for this blog - well, some time next week I will stop being able to add new posts, though the existing ones will remain. Thank you to everyone who has read, commented and got in touch; there are people who I have met in person because we met first via the blog, and every one of them has been a gem. There are others who I haven't met yet, but hope to when we get the chance.

This will be post no. 1021 on the blog, which averages out at very roughly one per working day since my first blogging steps  back in March 2005. That would be a hard habit to kick, so you may be either relieved or exasperated to hear that I don't intend to stop...

If you want to follow the racingsnake, you can do so at my Future Identity blog, here. I hope to see you there!

That's the approximate ratio of Palestinians to Israelis killed so far in the current violence between Gaza and Israel, according to this BBC article.

How can it have come to this? It is now over 6 years since the "Quartet" (US, EU, Russia and UN) published its first draft roadmap aimed at ending the Israel-Palestine conflict. It included objectives such as a focus on reciprocal steps towards peaceful co-existence; political, economic, humanitarian and institutional reconstruction over a three-year (!) period; Israel's withdrawal from territory it has occupied since 2000, and the establishment of provisional borders of a Palestinian state; an end to Israeli settlement in occupied territory; re-afirmation of the positions set out in UN resolutions 242, 338 and 1397; full, safe and unfettered access to Gaza and the WestBank for international and humanitarian personnel, and so on, and so on. In those respects, a cold-eyed assessment would have to conclude that the Quartet has made little, if any, lasting progress.

It also described how the Quartet, through an appointed Task Force, would support Palestinian efforts towards elections, judicial reform and the role of civil society. In that regard, the Quartet's biggest failure has been its inability to answer the question "how should the international community respond to the fact that, in elections whose legitimacy no-one has credibly questioned, the Palestinians elected Hamas?".

Hamas, there is no denying, is an organisation antithetical to some of the key participants in any lasting solution. In some respects, that is entirely unsurprising. The Quartet's failure to drive substantive progress in those areas the roadmap set out so clearly has, in Gaza, created conditions of economic and humanitarian desperation and institutional powerlessness. Political extremism and ruthlessness were bound to flourish. But it's equally clear that the strategy to date - of either ignoring or refusing to acknowledge Hamas - is not working.

Doesn't all experience tell us that, when democratic processes break down and those involved turn to violence, the breakdown is never resolved through that violence, but only through persistent and reciprocal engagement in the political process?

The boundary between 2008 and 2009 is an entirely arbitrary one - but it's as good a point as any at which to wish that the next year will bring substantive and lasting steps towards peace in the Levant.

Wishes aside: over the last 6 days, 175,000 people have signed a petition on the Avaaz website, here, which will be presented to the UN Security Council, the European Union, the Arab League and the USA. It calls for a halt to the bloodshed in Gaza and Southern Israel, and for real progress towards peace in 2009. The aim is to reach at least a quarter of a million signatories, and the petition is still open.

Just a quick post to let you know that I've had a paper published: it's on "Identity and Privacy in the Digital Age" , and it's in the International Journal of Intellectual Property Management (IJIPM).

I'd like to thank Dr. Rebecca Wong, Senior Lecturer at the Law School of Nottingham Trent University for inviting me to submit it, and for her invaluable editorial help and advice.

The Home Secretary spoke today to Intellect, the UK trade association for the technology industry (you may remember them from the heated exchange of letters between their Director General, John Higgins, and Shadow Home Secretary David Davies back in 2007), about CCTV, DNA and the Regulation of Investigatory Powers Act (RIPA). Although, presumably, the linking theme was intended to be 'technology and its relation to law and order', she made only one passing reference to ID cards, and none to other notable features of the technological landscape, such as the NHS "Spine" database of electronic patient records, or to the potential for government data-sharing to be every bit as privacy-invasive as CCTV.

In fact, her reference to ID cards was a masterpiece of ambiguity. Here's the quotation (my addition in square brackets):

"Are we being as transparent [in the implementation of technology] as possible – and as with ID cards, how do we provide individual citizens with the right level of choice and control?". Note the sleight of hand there... is this a hint at an implication that the National Identity Scheme already offers citizens the 'right level of choice and control', or a laudable aspiration to offer citizens choice and control with ID cards as well as in areas like the introduction of CCTV and DNA swabs? I wonder... and why do I have the uneasy feeling that, while I was watching a rabbit come out of the hat, I failed to notice the abstraction of my wallet?

It could be because the rest of the speech touches frequently on the topic of DNA samples and profiles but, again, refers only in passing to "the recent European Court judgement". There is no mention of compliance with the court's unanimous ruling, rather, a list of conditional changes to the current practices, and a commitment to remove the DNA of those under 10 years of age. From the title downwards ("Protecting rights, protecting society"), the Home Secretary's speech seeks to emphasise the need for balance between privacy and human rights on the one hand, and law enforcement and intrusion on the other. Unsurprisingly she does not refer to the fact that the European Court of Human Rights (ECHR) has already made that calculation and concluded that the current policy is not proportionate, and fails "to strike a fair balance between the competing public and private interests".

There is what sounds like a rather grudging concession that "these changes will see some people coming off the database" - but what of for the European Court of Human Rights' clear principal finding - that the retention of DNA samples and profiles of innocent people "cannot be regarded as necessary in a democratic society"?

Here's what she says about that: [a more flexible approach] "could mean limiting how long the profiles of those who have been arrested but not convicted of an offence could be retained. We are also re-examining retention arrangements for samples."

That sounds a lot like "no change" to me.

I wrote several posts back in 2005 about the fatal shooting of Jean Charles de Menezes, and the extraordinary discrepancies which subsequent enquiries revealed between the versions of events put out be the police, and those subsequently found to be the case. For instance, this post from August 2005, at which time some of the initial factors cited by the police for their tragic decisions were already being called into question. Remember that, on the basis of those factors, the police's conclusion was that Mr de Menezes was a 21/7 suicide bomber on the run, that he represented the imminent threat of a large-scale attack on users of the public transport system, and that if they "were deployed to intercept a subject and there was an opportunity to challenge, but if the subject was non-compliant, a critical shot may be taken".

In some instances, it appears that the police acted on mistaken information or assumptions; for instance, they alleged that Mr de Menezes ran away 'because he was working in the UK on an expired visa'. That allegation seems to have evaporated in the light of scrutiny. As the recently-concluded coroner's inquest has established, the identification of Mr de Menezes was flawed: in part, this was for reasons known shortly after the event - a surveillance officer supposed to identify anyone leaving Mr de Menezes' block of flats was answering the call of nature at the critical moment. In part, it was (we now find out) because although clear, usable photos of the actual suspect were available to the police, they had not been distributed to the surveillance or firearms teams responsible for making the crucial identification.

In other instances, the discrepancies are less easy to explain away: the police initially alleged that Mr de Menezes' suspicious behaviour included running into the tube system and vaulting the ticket barrier instead of paying. CCTV footage revealed that to be a fabrication. Then, at the inquest, the jury returned a further damning decision: they acted on the evidence of civilian witnesses in the train at the time of the shooting, who directly contradicted the police assertions that Mr de Menezes had been verbally challenged before he was killed.

In other words, the operational order quoted above ("if the subject was challenged but non-compliant") was ignored. The non-compliance condition is absolutely critical here. Bear in mind that in making their plans, the police expected to be dealing with a suicide bomber, and might reasonably assume, therefore, that anyone they challenged could have some kind of 'dead man's switch'. The operational order implies that they were still expected to challenge a suspect, nevertheless, before taking a critical shot. As a result, the jury's verdict yesterday - even though the coroner restricted the verdicts he would permit them to deliver - came as close as those restrictions allowed to ruling that this was an extra-judicial, summary execution.

As Ian Hislop (editor of Private Eye, which has been covering this story since it began) said on Radio Five Live yesterday - the longer the police try to cover up the true details of an incident like this, the more the story is prolonged, the more likely it is that the truth will come out, and the worse the police look as a result.

Given my known interest in privacy, it was a fair bet that this article on the Pinsent Masons website would catch my eye... The article is mostly the same as one which was also printed in the FT's Technology/Digital Business pages, but you might need a subscription to read the full text there.

The author, Struan Robertson, who works for Pinsent Masons and edits their excellent OutLaw newsletter, writes about the recent hoo-haa over a Wikipedia page which included an image (taken from a 1970s album cover) which, by today's laws, is said to be likely to break UK child protection laws relating to the publication of erotically-posed images of subjects under 18. Let me say right at the outset that that is a legal topic on which I am in no way competent to comment, so on those questions, I am happy to take Mr Robertson's word.

However, he does seem to me to miss the point in a couple of respects, notably concerning the boundary between technology and the law... and that's an area where I do feel more qualified to comment. He notes, in the article, that the IWF (Internet Watch Foundation) added the Wikipedia page in question to a blacklist which was then put into effect by the UK's ISPs. As a result, he says, "prevented most UK internet users from accessing the Wikipedia page and it had the unintended side-effect of stopping those users from editing any of the millions of Wikipedia pages".

He goes on to say: "the IWF's model [...] bans pages, not the images themselves. It says this approach is simpler and more effective, though I confess that I don't understand why. Still, if that policy is disproportionate it is only slightly so: it did not blacklist an entire site".

Mr Robertson may, quite understandably, not know what the technical difference is between banning (UK) access to a page and banning (UK) access to a single image within a web page - especially when those pages are hosted outside the UK - but surely you don't have to be technical to understand the difference of effect between banning read access to a single page, and disabling write access to all the pages on a site. A site, incidentally, whose whole point is that it can be edited by anyone.

With respect, then, he is perhaps over-reaching himself with the assertion that such a policy is 'only slightly disproportionate'.

Mr Robertson concludes his article by observing that "[b]alancing our freedom of expression with the protection of children is difficult and important. It is a healthy issue to debate. But like any Wikipedia article, that debate needs some balance. This week that balance was missing."

I agree. Technically, I admit, it may not be easy to ensure that (only) UK internet users are unable to view (just) that image, but remain able to view the rest of that page and to edit Wikipedia pages in general. But that doesn't make the current  blanket ban proportionate, and advocating it as such does nothing to introduce balance into the argument.

"In the lands of the North, where the black rocks stand guard against the cold sea, in the dark night that is very long, the men of the Northlands sit by the great log fires and they tell a tale... ..."

 If those opening words mean anything to you, then news that Oliver Postgate has died will probably cause you sadness. Depending on your age, you may remember Ivor the Engine, Noggin the Nog, the Pingwings, the Pogles, the Clangers and/or Bagpuss - and if you do, you probably recall them with fondness even twenty, thirty or forty years later, such is the gentle power of Postgate's work.

A back-bench Labour MP, Bob Marshall-Andrews, has called for Speaker Michael Martin to resign over the Damien Green searches.

As you will see from the last section of the BBC article (sub-titled "Trust Breakdown"), the gaps are starting to show, both here and from the earlier disclosures via wikileaks, between the Speaker's initial Commons statement and the police version of events - notably concerning what was said about the notorious 'missing warrant'.

Clearly, part of the complexity here has to do with the fact that, while the office searched was Mr Green's, the police first had to gain lawful access to the House of Commons and then apply to someone for permission to enter the office itself. Their rationale for not approaching Mr Green himself would, understandably, be that be might have refused or made it impossible for them to recover whatever evidence they were looking for. The picture is further complicated by the fact that both the Speaker and his Serjeant at Arms have roles to play in protecting MPs and their premises, respectively.

So the police faced a problem - they needed to apply to one person (or possibly two) who could 'gate' their ability to search the offices of someone else. As was clear even from the Metropolitan Police letter to the Home Secretary, Section 8 of the Police and Criminal Evidence (PACE) Act is drafted specifically to cater for this situation:

A magistrate may grant a warrant for entry if "it is practicable to communicate with a person entitled to grant entry to the premises but it is not practicable to communicate with any person entitled to grant access to the evidence". The police say they didn't apply for a warrant because they weren't sure they could convince a magistrate that that was the only way they were likely to gain access.

The fact that they weren't sure is hardly an excuse for not asking. That's why the magistrate is written into the process.

Then there's the question of the offence with which Mr Green is charged: "misconduct in public office". There is animated discussion of whether or not this is serious enough, in this case, to have justified his arrest and the searches. One indication is in the action taken against the civil servant involved: as yet, he has not been charged - least of all with a criminal offence. This strongly implies that the alleged offence does not pass the threshold set out in the Crown Prosecution Service guidance on "misconduct in public office", cited here on Carl Gardner's blog.

In defence of Mr Green's position, the CPS guidance clearly describes the offence in terms of the likelihood that what he did would be "such as to undermine the public's trust in him as the office holder". I would have thought that his diligence in uncovering facts which the government would have preferred - out of embarrassment - to keep hidden would have rather the opposite effect.

The guidance does say that, in gauging the seriousness of the offence, a broad view of its context and consequences should be taken. The Home Secretary has argued that the broader consequences of Mr Green's actions were such as to undermine the functioning of her department, and the impartiality of its civil servants. I have not yet seen her advance any evidence in support of that speculation.

On the face of it, then, there are reasonable doubts as to whether the police based their actions on a suitable offence, whether their actions were proportionate to the evidence and seriousness of that offence, and whether they followed due process in their dealings with officers of the House (not to mention their lack of dealings with any magistrate). It would be ironic, wouldn't it, if their actions proved to be such as to undermine the public's trust in them as office-holders? 

The Liberty Alliance will be hosting a webcast next Thursday (Dec. 11th) at 4pm GMT. Registration is through this URL.

ArisID has grown out of Liberty's existing IGF (Identity Governance Framework) programme, and was set up to work on two aspects of IGF:

- to produce a simple, web-services based implementation of Declarative Identity Services (in which applications state how they expect identity services to be provided, and assume that servers are intelligent enough to cater for that);

- to put Client Attribute Requirements Markup Language (CARML) into practice... so that there are effective ways for data subjects and data controllers to express their expectations.

(For more information, visit the ArisID wiki and FAQ here)

This is a really practical step towards simple but effective management of identity data and the associated relationships in which it is exchanged; if you're interested not just in where web-based identity management is heading, but how to get there, this is definitely a webcast to catch.

Further details are starting to emerge about the circumstances under which the police entered the House of Commons last week; the BBC has some of them, in this article, though it has to be said, the net result is further confusion rather than clarity.

Interestingly enough, the BBC article appeared some time after Wikileaks had already announced the publication of a letter from the Metropolitan Police to the Home Secretary giving responses to a number of questions concerning their access to the House. It may not surprise you to learn that that letter, too, does more to obfuscate than to clarify.

The essence of the police argument concerning whether or not they had a warrant to search Mr Green's office is as follows (The italics and paraphrasing here are mine, but only because the police letter is so convolutedly impenetrable. Whether that is intentional or accidental, I could not possibly say):

"PACE (the Police and Criminal Evidence Act) permits a magistrate to issue a warrant for consentless entry to premises in search of evidence of a suspected crime, if the officer in question believes the magistrate could be convinced that entry would not be granted without a warrant (i.e. on the basis of consent alone).

The officers in this case did not belive they would have been able to convince a magistrate that consent would be refused, and therefore did not ask for a warrant, because the strict requirements of PACE would not allow the magistrate to issue one under those conditions."

This raises at least as many questions as it purports to answer.

Let us, for the sake of argument, apply the 'reasonableness test' to three hypothetical cases.

- First, imagine that officers had asked Mr Green, directly, if they could search his office. He might well have felt it within his rights, as an MP, to refuse.

- Second, let's imagine that they asked the Speaker of the House, or the Serjeant at Arms, and either of those office-holders demonstrated the kind of concern for parliamentary sanctity which MPs from all parties have suggested is their duty. They might well have refused.

- Third, let's imagine that the officers had gone straight to a magistrate and asked for permission to search an MP's parliamentary office, looking for evidence of leaks which are acknowledged to have taken place, and on the basis of a common-law offence of 'improper behaviour in public office'. The magistrate might well have refused.

The police claim, then, is that they didn't ask for a warrant because they felt that would put a magistrate in the untenable position of having to decide, against reason, that consent for access would be refused. With respect, surely that is for a magistrate to decide, and that is why the magistrate's consent has to be sought. If the police cannot make a case which will convince the magistrate, then they know exactly where they stand. 

Surely the clear implication is this: that the police were happier to proceed without first applying to a magistrate, because they suspected what answer they would have got if they had done so.

The European Court of Human Rights (ECHR) has now issued its ruling, which (by unanimous vote of the 17 judges concerned) declares that the UK policy of retaining the DNA samples and profiles of innocent people breaches those individuals' rights.

In my previous post, I quoted the Home Office view that "Any intrusion on personal privacy is proportionate to the benefits that are gained". The ECHR ruling directly contradicts this, finding that the current policy is neither proportionate nor "necessary in a democratic society", and fails "to strike a fair balance between the competing public and private interests".

Another commenter on the ruling took issue with the Home Secretary's subsequent statement that "DNA [...] is vital to the fight against crime", pointing out that in Scotland, detection rates are higher than in England despite the Scottish policy requiring deletion of the DNA records of those not subsequently charged.

So far the Home Office response is intransigent: the current legislation will stay in place, they say, while they consider what steps to take next.

In a comment on yesterday's post, Richard Veryard astutely pointed out some of the absurdities in the apparent drafting of the Borders, Immigration and Citizenship Bill (BIC. Hmm. Is the fact that it's named after a cheap, throwaway razor some kind of dry civil service joke? Perhaps, somewhere in the Home Office, a drafting clerk is hugging him/herself with silent mirth as their handiwork is propagated).

Leaving that entrancing image to one side... Richard aptly wonders how on earth a police officer is supposed to tell that the person whose identity documents he/she wishes to inspect has been outside the UK - this being the criterion which would makes it legal for their papers to be demanded. As he also points out, there are more ways to enter the UK than by crossing its borders. Well, one, anyway.

This is probably part of a cunning plan by the UK Borders Agency. Having established their position in this bill, they will draft secondary legislation in due course to classify all maternity wards as "points of entry into the UK", thus formalising their entitlement to station an immigration officer by every bed and birthing pool. New arrivals could then be DNA-sampled and registered (only as provisional citizens, of course, until it is determined whether they are integrating effectively or not).

All of which might make the outcome of this case critical. The European Court of Human Rights is today expected to issue its ruling on the appeal of two UK citizens to have their DNA samples and profiles removed from the national database. The two men, who were both arrested and charged but acquitted, have spent years arguing that their DNA should not be retained on the database. Interestingly, the 'home page' for the NDNAD now reads like a commercial marketing brochure - pre-emptively defending the scheme against the most publicised criticisms of it.

In a little FAQ-like section at the bottom of the page, it poses these questions:

"Why are people who have not been convicted on the database?". Answer: because the law has been changed to allow it.

"Does this pose any privacy problems?" Answer: "Any intrusion on personal privacy is proportionate to the benefits gained."

Well, I'm glad that's sorted out, then.

"Nothing"... is the short answer. 

Here's a full transcript of the Queen's Speech. It doesn't mention identity documents, and it doesn't mention borders, immigration or citizenship.

The BBC's "At A Glance" summary of the next legislative programme does mention the "Borders, Immigration and Citizenship Bill", referring to border control measures, and the principle that 'failure to integrate' could slow down an immigrant's progress towards acknowledged citizenship. Similarly, over on the Home Office website, this UK Borders Agency page describes the Bill in terms of border control and processes for achieving integration and naturalisation.

Given all that, it's a little strange to hear some very specific concerns being raised about this Bill by UK human rights group Liberty. They describe a draft version of the legislation as sneaking compulsory ID cards in by the back door, saying that it increases the number of people who have the power to require individuals in the UK to produce a valid identity document if those individuals have ever entered the UK. Liberty point out that, as drafted, the law would include UK citizens who have left and re-entered the country. They also say that no suspicion of an offence is required to justify a demand to produce a valid identity document.

In other words, the law appears to be consistent with a peremptory power to demand that someone in the UK produce an identity document... something which proponents of the National Identity Scheme have consistently denied was in the legislative plan.

Presumably the folks at Liberty aren't just making this all up; presumably, therefore, there is a draft version of the Bill which says pretty much what they allege. If that's the case, two things strike me:

- First, it seems strange that the detail of the Bill should contain such far-reaching measures while the Bill itself is not even mentioned in the Queen's Speech, and the measures themselves are not mentioned in the owning department's published material.

- Second, if it really is not government policy that people in the UK sohuld have to produce an identity document on demand, it's bizarre that the Bill should be so loosely drafted as to make that a possible interpretation.

I've looked for a copy of the draft Bill, but haven't found one yet. If anyone knows where it can be found, please add a link via the Comments function...

I've just watched Michael Martin, Speaker of the House of Commons, make his statement to the House about the arrest last week of Damian Green MP. I think the most shocking aspect of his statement concerned the way in which the investigating police officers gained access to the Palace of Westminster and to Mr Green's office there.

It appears that the police did not have a warrant for that search, and did not inform the Serjeant at Arms that she was entitled to insist on one.

The Speaker's description of this episode creates a very shoddy impression: an impression of the police blagging their way into premises to conduct a search, when perhaps adherence to appropriate process would have raised legitimate objections to their proposed course of action. I wonder whether a police entry to an individual's home on the same basis would have resulted in the inadmissability of any evidence gathered as a result. It also, of course, raises the question of whether it is legally acceptable for one person (the Serjeant at Arms) to grant access not only to the Palace in general, but specifically to the office of an MP... or whether it would have been appropriate for the occupant of the office to have his consent sought.

That said, the Serjeant at Arms is responsible for security of the premises of the Palace of Westminster, and it reflects poorly on the execution of that role that its holder should not be aware of the rights she may exercise when granting or denying access.

Just been watching the first of a series of BBC adaptations of Henning Mankell's Kurt Wallander series. As you may be able to guess from the "Bookworm" sidebar on my blog, I'm a fan of the books... so I'm afraid I'm going to come up with a classic reaction to the TV adaptation. You see, one of the problems with a writer like Mankell is that his sense of place is acute, and it comes across in every detail of the books. 

Wallander doesn't live in a detached house with posh furniture and wood-panelled walls; he lives in a town-centre apartment block, where he has to use the basement laundry on a rota with the other residents. The person who turns out to be the murderer lives on the fifth floor of a squalid block, not in an elegant detached country house. Wallander's police headquarters is functional and slightly depressing; it doesn't have abstract interior murals and montages of historic cameo photo portraits. Wallander's father doesn't live on the coast, and he's never described as doing anything as un-introspective as standing on the jetty gazing out to sea.

The Beeb deserves marks for making the series in Skåne, in southern Sweden, to be sure, but all the Swedes I've spoken to about Skåne describe it with a certain sense of alienation. The other Swedes, they say, regard Skåne's inhabitants with a certain suspicion... they don't quite belong; they live rather a long way south; their TV aerials don't point inwards towards Sweden, but outwards towards Denmark...

And that's the essence of the problem with the Wallander adaptation: it's had a Swedish make-over. This isn't Skåne as Mankell describes it, it's the Sweden of designer furniture, polished wooden floors and crisp, tasteful interiors. What Mankell depicts is a Sweden bewildered by changing social mores, cheap tastelessness and the impact of immigration and liberal social policy. The adaptation may yet make for good telly, but as so often happens, it is not going to match up to what the author has put into the minds of his readers.

The late Douglas Adams said that the reason he wrote for radio rather than film or TV was that on radio, the visual effects were better.

This is a very simple post to link to Sid Arora's MSc thesis (done on Royal Holloway University of London's distance learning course): "Review and Analysis of Current and Future European e-ID Schemes". For those who don't want to tackle the full 73 pages, there is also a 16-page summary here.

I met Sid earlier this year at the Porvoo Group's 13th meeting, and it was obvious from the outset that he is intelligent, well-informed and articulate. This piece of work only reinforces that impression; Sid sets out the theoretical principles of e-identity, looks at how these have been put into practice across a range of European national schemes, and relates this to the human and political factors which play such an important part. 

A busy week this week, with a Directors' Round-Table discussion at EURIM (a working group which brings together policymakers, industrialists and stakeholders from think-tanks and the not-for-profit sector), and then a launch event for the Information Commissioner's Office to publish the latest report from the Enterprise Privacy Group (EPG) - on "Privacy By Design".

While the two events were very different, they both reinforce a few key points about the identity and privacy world of today.

The EURIM round table was fascinating, as it always is to get a glimpse of the inner workings of our parliamentary system (which, incidentally, is in a state of some upheaval today... but more of that another time...). Among other things, there is this perennial question: when you invite MPs (and peers) to a meeting while parliament is in session, what are the chances that any of them will be able to turn up, and/or stay for any useful length of time? The chances are that they will either simply not attend, because there's something more important going on in the House (on Monday it was the Chancellor's Pre-Budget Report, so a highly-charged and contentious session), or that they will have to rush out of the room at short notice when the Division Bell signals that it is time to vote.

Most parliamentarians are, unfortunately, notoriously technophobic, and indifferent to anything related to the information society and knowledge economy. There are a number of exceptions, and in the interest of impartial representation I can cite  Alun Michael MP (Lab/Co-op), Philip Dunne (Con) and Merlin, Lord Erroll (Cross-bench) as all demonstrating a greater-than-average commitment to these topics.

On the other hand, the EURIM round-table was somewhat frustrating, in this sense: there was, to be sure, a wide range of input, from policymakers, technologists, civil society and so on. There was, as one might expect, a commendable wish to address the high-order topics such as identity, privacy, the 'ownership' of personal data, and so on.

However - and it gives me no pleasure to say this, I assure you - there was a depressing sense of déjà entendu about the whole thing. We trotted steadily round the same topics, jumping (or hitting) the same obstacles as have been encountered at countless similar meetings over the past year or so. And it need not be like this. For instance, the model I described in an earlier post (The Future of Identity and Privacy - 2) charts exactly what we went through on Monday, how it can be avoided, and how to pass beyond it to a productive discussion of the high-level issues. As it was, I'm afraid we got, once again, a series of statements of stakeholder perspectives and no real progress. 10/10 for effort, though, and likewise, full marks to EURIM for diligently keeping this in the attention of at least some of our elected representatives.

Then, on Wednesday, it was up to Salford for the launch of EPG's "Privacy By Design" report - commissioned by the Information Commissioner's Office and produced in record time after sterling work by Toby Stevens, co-founder of EPG. He was rightly praised by the Commissioner for that, and for the report itself, which is a very readable and practical document. It, and other related reports, can be downloaded from the ICO site here, or the EPG site here.

Arguably, the UK ICO has for too long been under-funded and 'under-empowered' (if that's a word...), frequently criticised for lacking the legislative teeth to do an effective job. On that score, at least, the Commissioner was able to announce that the Ministry of Justice is announcing greater powers for the ICO, including the ability to 'spot check' public sector bodies without their consent, if that is felt to be appropriate. Where the problem at hand is so much a 'cultural' one - such as good practice in data privacy - it's often hard to know where to start to bring about meaningful change. I tend to think that that ability to perform consentless audits is a good place to begin.

There are those who have argued that it's invidious for public sector bodies to be singled out this way, and that commercial organisations should be subject to the same regime. There, I tend to disagree. As of next year, the ICO will be able to punish commercial sector organisations by fining them. Applying the same sanction to public sector bodies is likely to be neither rational nor effective: at best, it shuffles money from one part of the public purse to another; at worst, it will further stretch the (fixed) budget of the body in question, and reduce still further their ability to resource effective compliance. On the other hand, the possibility of a 'spot check' may do much to encourage good practice - which is, after all, the desired outcome.

(Rearrange as appropriate.)

Lord Mandelson has decided that banks' behaviour in the wake of the credit collapse merits legislative micro-management. 

Elsewhere in today's news, Gordon Brown 'refuses to deny rumours' that he the Chancellor will cut VAT in tomorrow's pre-budget report, as part of a rescue package for the economy. With his usual flair for indirection, he's gone for a European Union tax rather than any of the ones he has introduced over the last decade. Well  - I suppose it makes a change from picking on the Icelanders.

In the wake of convictions for the death of "Baby P", a court order was put in place to ban the publication of the identities of those involved. Unfortunately that didn't prove an effective deterrent to a number of social network subscribers, according to this BBC news story.

The appalling nature of "Baby P's" fatal treatment mean it is hard to detect any signs of public sympathy for the perpetrators. There are three areas in which this can get into questionable ground, of course:

- if someone decides to take the law into their own hands as a result;

- if the lust for revenge extends to those not facing charges (such as the council and social workers involved with the case);

- if someone gets the identities wrong.

Whether or not the current disclosures end up having unwanted consequences, they do illustrate some of the problems modern social networking can produce when it comes into conflict with traditional notions of law and law enforcement.

The House of Lords has voted in favour of an amendment to the Counter Terrorism Bill, requiring a shift in the policy of data retention. Currently the law is, in the words of its critics, "severely loaded against innocent people being able to ensure that their most sensitive personal details are not kept indefinitely following their exclusion" [from an enquiry].

Baroness Hanham, the sponsor of the amendment, said:

"The guidelines are deeply worrying and make clear just how high a barrier the Government have imposed on DNA and fingerprint information ever being destroyed. The initial response to a request for destruction is an automatic refusal."

The Lords are not the only ones to have recommended that the Government change its current policy of indefinite retention. The Government-appointed Ethics Committee of the National DNA Database (NDNAD) recommended earlier this year that the DNA samples of innocent people should be deleted on conclusion of an investigation, and that their DNA profiles should not be added to the database.

The citizen's enquiry run by the Human Genetics Commission (another Government initative) also recommended, in July this year, that the samples and records of innocent people should not be retained, as you may remember from these blog posts. You might also remember the speech Gordon Brown made to the IPPR back in June, putting a precise figure on how many cases the NDNAD has solved... despite the NDNAD's operators saying that "it is not possible to provide figures for the number of convictions produced by DNA".

All in all, the present policy on DNA retention does not, it must be said, smack of a Government acting on the views of those it has appointed to look into this. In a week when the Home Secretary has published the results of her public consultation into the National Identity Scheme, that is not an encouraging picture... but more of that later.

Carl Hiaasen's books (set in Florida) were once memorably described as "doing more damage to the State's reputation than anything short of an actual visit". Well, it's time for me to find out. I will be at the Gartner IAM conference next week, and they have very kindly invited me to run  a couple of workshops on the Sunday afternoon just before the event.

One will recap the Liberty Alliance Contractual Frameworks, and the other will be a Privacy round-table... the 9th in the programme.

If you're there, you'd be most welcome to attend either or both of those sessions (registration via the link on this page).

And if you're at the IAM conference, do stop by the Sun booth... I'm reliably told they'll be running a raffle, and also that beer and pizza could well be involved at some stage.

I had been wondering what to write for the 1,000th post on this blog (!), but serendipity stepped in with a public sector data breach headline. This time it's Atos Origin who are in the spotlight, after a USB stick was found in a pub car park, and turned out to contain data and software relating to the Government Gateway server. You may remember the Gateway from this post back in September 2006, when it won a Liberty Alliance IDDY award for its implementation of interoperable authentication.

As far as the current breach report is concerned  - I don't have any more details than what appears in the public record, but according to the Daily Mail (to whom the USB stick was handed after it was found), it contained

"confidential passwords, security software and the technical blueprint to the system known as the 'source code'."

 That in itself raises a number of questions...

- for all the bickering about how the Government 'can't be trusted to keep our details secret', why is it that someone's first instinct, on finding a USB stick in a car park, would be to hand it to a national newspaper, rather than, say, the police?

- in 2008, are we really still at the level of IT literacy where 'source code' needs to be in inverted commas, and the best analogy the journalist can come up with is to say that it's a 'technical blueprint to the system'? For goodness' sake: a blueprint is a technical drawing from which a physical object can be constructed. By extension, it's a design document from which source code could be developed. Is that distinction too hard to grasp? (Please, don't feel you have to respond by reference to the Daily Mail's target readership... ;^)

If I've interpreted the Mail's story correctly, the USB stick also contained a high-level description of the Gateway's architecture, some individuals' tax/NI details and some user IDs and passwords. A DWP representative said the passwords were 'hidden using an industry standard technique', but seemed to stop short of using the word 'encrypted'.

And if I've interpreted the BBC's article correctly, the DWP said that the user details and passwords on the stick were dummy accounts used to test a previous version of the Gateway.

On the basis of the information available - tempered by the knowledge that it may have been imperfectly understood, and/or dumbed down for public consumption - it's very hard to do any kind of risk assessment. That said, the implications seem to be more of a concern for Atos Origin and their management of internal procedures than for the average citizen/Gateway user.

At present the DWP (who took ownership of the Government Gateway project from the Cabinet Office) haven't issued a press release on this topic, but if they do, I'll link to it here.

I think I have finally worked out what, at some subliminal level, has been nagging at me about the Obama and McCain campaigns. At the superficial level, what's been visible from the UK, at least, is that the McCain team have been far readier to revert to negative messaging about their opponent. That comes across particularly starkly in the UK because it's a comparatively rare tactic over here.

That wasn't it, though. It was more what the candidates' statements said about their motivation for seeking the top job. Now, I admit, this is an entirely subjective conclusion, reached a long way from the action by someone with a very sketchy view of what's going on, but when you look at Obama's statements they are often something like this one, from a Wall Street Journal OpEd:

"Tomorrow, I ask you to write our nation's next great chapter... If you give me your vote, we won't just win this election - together, we will change this country and change the world."

It almost smacks of Kennedy's iconic "Ask not...".

McCain, on the other hand, was quoted in these terms from a Sunday evening speech in New Hampshire:

"So again I come to the people of New Hampshire, Republicans, independents, Democrats, Libertarians, vegetarians, all of them. I am asking you again to let me go on one more mission."

It's almost as if he wants that last mission in order to tick some personal goal of his own list, rather than to do something, for their benefit, on behalf of the voters.

Still, at least he's recycling. He used the same "one last mission" appeal back in 2000. It won him New Hampshire then, but that wasn't enough to take him all the way.

Back in June of last year, I mentioned that I had found a souvenir in Washington DC... a keychain with a countdown timer to George W Bush's departure from office.

Tragedy of tragedies, I checked it today only to find its little LCD completely blank. It seems it had run out even before George. Strange, I thought... I had expected something American to have more staying power. On inspection, though, I found that its manufacture had been outsourced to China.

I'd better stop there... I don't think this post can cope with any more allegorical layers. 

It seems that what goes in Pakistan doesn't necessarily apply in Syria, according to today's report of a US raid which is said to have killed Abu Ghadiyah, described as "a former lieutenant of Abu Musab al Zarqawi". According to a US intelligence spokesman, "Sunday's attack took place during the afternoon rest period, with a troop assault preferred over a missile strike to reduce civilian casualties".

Presumably the Pakistanis will infer that, in their own case, the risk of civilian casualties is not a factor...

There's a BBC news article today describing plans to introduce mobile, on-the-spot checks of fingerprint biometrics using a hand-held police reader (linked to a national database of 7.5 million biometric records).

Towards the end of the article, there's a helpful graphic describing just how fingerprint recognition works... the fingerprint is analysed for "minutiae"... characteristic features such as the point at which two whorls intersect, or the peak of a particular curve. That data is turned into a set of co-ordinate plots which can be compared against stored values. It all sounds very plausible and relatively straightforward, and the National Policing Improvement Agency describes existing trials as a "stunning success".

Strangely, it's also at odds with what I have repeatedly been told about the way in which the National Identity Scheme will store fingerprint biometrics. I have asked, in the past, why it's necessary for ID cards to hold a facsimile image of the holder's fingerprints (in other words, one which could if necessary be examined by a human and compared with a scan on the spot). I suggested that holding facsimile images on the card is unnecessary and introduces risk.

I have suggested that it's unnecessary because a digest of the data, or a record of the co-ordinate plots of the minutiae, ought to be just as reliable; it introduces risk because it creates the possibility that an attacker could read the facsimile off the card and forge (any or all of) the holder's fingerprints, thus potentially creating a false suggestion the holder had been present.

The answer I have had is that the cards must store a facsimile, not a digest or derived record, because the process of converting a scanned image into a digest is too likely to introduce differences from one scan to the next.

Frankly, I don't know whether this, or the NPIA's endorsement of their trialled technology is the truth - but it seems to me that they cannot both be.

In early September, it was reported that US Special Forces had mounted a ground attack from Afghanistan across the border into and into Pakistan. According to the reports, a couple of dozen people were killed in the attack, some of them civilians. Pakistan's political reaction was apparently touch enough to convince the White House not to launch further ground attacks.

However, according to this article in the New York Times, the policy has been replaced with one based on the increased use of Unmanned Aerial Vehicles (UAVs, or 'drones'). Apparently 5 such strikes were launched in the first 28 weeks of 2008, but in the eleven or so weeks since then, there have been 18 UAV strikes. The same article describes the unpredictable results of some of these missions, including civilian casualties and missed targets, and notes that UAV strikes can never achieve the other goal of capturing Al Qaeda members and interrogating them for information about their leaders.

You may remember some of the earlier reports of UAV use, such as this incident in 2002 in Yemen, in which 6 suspected al Qaeda operatives were summarily executed in a rocket attack on their vehicle. For more technical and political context, see this page on the GlobalSecurity.org website.

What caught my eye in the current story, though, was the reported reaction of Pakistani officials, who have apparently described these attacks as a "less objectionable violation of Pakistani sovereignty" than ground assault. Talk about 'shades of grey'...

In response to Carolyn's comment on the "Future of Identity and Privacy" post, I thought it might be useful to give a little more information about the "Ladder" model I've been using as part of the Privacy Summits. Originally this came out of a discussion with my friend and colleague Peter Lord, of Oracle. The diagram we used to summarise our discussions looked like this:

What we had been trying to do was engage in a productive discussion about the 'high-level' concepts at the top of the 'ladder', with participants from a very wide range of backgrounds, including technical and non-technical ones. What we observed was that it was very easy to set off with the assumption that some technology or other was the right starting point... for example, perhaps smart cards, or cryptography, or whatever. What we then found was that each technology brought along with it a set of concepts and functional capabilities which invariably imposed constraints on the subsequent discussion. Quite unintentionally, in most cases, the mere fact that you start off by saying, for instance, "oh, this is the kind of problem which cryptography can solve" in itself limits the rest of the conversation.

In other words, thinking about it graphically, the result is a 'stovepipe' discussion which progresses up the ladder but never widens. As a result, you may find you address one of the high-order topics, but exclude the others.

As usual, the first step towards fixing this problem was to become aware of what the problem was.

The second step was to acknowledge that, while any given techno-centric approach was unlikely to answer the whole range of 'high level' questions, it was equally likely to have a valid place as part of the solution. That being so, we needed to find a way of taking each participant's input, assuming that it had a valid place somewhere in the discussion, and factoring it in at the appropriate time and place.

This second diagram illustrates some of the different kinds of contribution one might get in the course of a discussion; the trick was to be able to find the right place to note each contribution, so that it could be revisited at the appropriate point.

I think it's fair to say that each successive summit has not only taught us more about the multi-stakeholder approach, it has also validated that approach and confirmed that the models we have developed are a robust foundation on which to build. I hope that in publishing them in the London/Basel summit report, we have contributed something which the identity and privacy communities will find valuable and useful over the coming months.

An article on the BBC site yesterday concerned the British Humanist Association's plans to run a poster campaign on London buses: the posters would read "There's probably no God. Now stop worrying and enjoy your life". The BHA apparently feels that the generally unchallenged presence of religiously-motivated public statements needs some kind of counterbalance. The same article quotes the response from a spokesman for Christian Voice - described as a 'pressure group' - whose reaction is a rather strange one... 'axe the buses, they - and atheism - are a danger to the public'.

On the face of it, that sounded like such a dog-in-the-cradle attitude that I had to go and check Christian Voice's website to see if the BBC had been mischievously quoting him out of context to make him look like an idiot. I found that he had, indeed, been incorrectly quoted, but not necessarily in the way you might expect, and not by the BBC. Christian Voice's webpage on the story includes a most unfortunate typo:

Genital misprints aside, what of the facts? After all, there are indeed people who have been unfortunate enough to lose their lives in collisions with bendy-buses, so is it the sort of thing of which one ought to be making light? Well, on one aspect, at least, the Christian Voice piece is at odds with the BBC article. According to the latter, the Humanists have indeed volunteered to fund the campaign, and to the tune of 5 times what Prof. Dawkins was prepared to contribute personally.

As for the buses themselves - the statistics are inconclusive. This Channel 4 News page seems to have a fairly comprehensive analysis, and it concludes that while bendy-buses have undoubtedly been involved in fatal accidents, they themselves do not appear to be significantly more dangerous (per mile of usage) than other buses. On a scale of 0 to 5, with 0 meaning cast-iron true and 5 meaning utter bunkum, the bendy-bus fatality allegation comes out at 2.5. Presumably Prof. Dawkins will argue that that's 2.5 points more substantiated than God...

A few times over the last year or so, you will have seen me refer to a series of Privacy Summit meetings which I've been helping to organise and run through the Liberty Alliance. So far, we've held summits in Berlin, Brussels, Washington DC, London, Basel, Yokohama, Tokyo and Stockholm, and we're currently planning the first 'return visit' - to Washington - and 'full circle' to Berlin.

Although we have deliberately tried to run summits in a variety of cultures and legislative contexts, the rationale has been consistent: that the identity and privacy issues which face us today are complex, multi-stakeholder problems to which no single stakeholder group has the answer. Our aim has been to create a peer-to-peer forum in which those diverse groups can be represented, and to find a way of factoring their input into a coherent picture of what digital identity and privacy are.

So, I'm delighted to be able to announce that the output report from the London and Basel summits is available online, and can be found here, on the Liberty Alliance website. You'll find the Berlin and Brussels reports on the same page, and of course you're welcome to browse those for completeness, but what I tried to achieve with the London/Basel document was to collect and present all the major lessons from the meetings up to that point, so that they are all in one relatively short document (the paper is 20 pages long, but the essence of it takes up just 11 pages).

What you will find in there is a small set of simple models for understanding what digital identity is, how it relates to identity data, and how that in turn relates to privacy. You will also find another set of conceptual models which explains why it can be difficult for a diverse set of stakeholders to have a sensible, coherent and productive discussion about the important topics - topics like trust, ownership of personal data, privacy policy and so on - and describes how we used the summit programme to find ways of overcoming that difficulty.

The further we go towards a world where distributed, digital representations of all our personal data are more and more prevalent, and where almost every aspect of public policy has some bearing on personal privacy and 'digital self-determination', the more certain I become that the concepts we set out in the Privacy Summit reports are vital ones. If policymakers, technologists, lawyers, academics, technologists, privacy advocates and citizens can sensibly discuss these questions and understand each other as they do so, then there's hope that tomorrow's identity and privacy solutions will strike the right balance between technology and policy, and between individual rights and 'functional convenience'. If, however, we cannot have that mutually understood conversation and strike that delicate balance, then I think it will always be to the detriment of one or more stakeholder groups - and I don't think that is in anyone's interest.

Please feel free to download, distribute and discuss the reports, and if you have any comments, questions, suggestions or protests, do get in touch...