Robin Wilton's esoterica

I've just been alerted to the existence of this shameful bile. I am almost loth even to link to it; there is a great deal of other content on the same site which I would not dignify with a link. It's profoundly loathsome, I think, that anyone claiming a religious morality should put out such offensive material, clearly intended as it is to shock and provoke. So my wish for 2006 is that its authors should read Leviticus 19:18; "Thou shalt not avenge, nor bear any grudge against the children of thy people, but thou shalt love thy neighbour as thyself: I am the LORD." and Matthew 5:43-47; "You have heard that it was said, 'Love your neighbour and hate your enemy.' But I tell you: Love your enemies and pray for those who persecute you, that you may be sons of your Father in heaven. He causes his sun to rise on the evil and the good, and sends rain on the righteous and the unrighteous. If you love those who love you, what reward will you get? Are not even the tax collectors doing that? And if you greet only your brothers, what are you doing more than others? Do not even pagans do that?" until their deep shame overwhelms them.

As you may have inferred from some recent entries, I've been in the States over Christmas (specifically, Cleveland, Ohio); back home now, somewhat zombified by jet-lag, but otherwise none the worse for wear. Cleveland gets a bit of a rough press (e.g. colleagues bemusedly pointing out that "you're going to Calfornia for work, but Cleveland for pleasure...?!?"), but we had a great time there. More of that later, I expect. In the meantime, two pressing things: --- First, I would just like to apologise to anyone flying to Gatwick Airport from the States: you fly all this way to come to England, only to arrive at what is often one of the more hellish airports around*. What a vile introduction. I can only hope (and it's not over-optimistic) that your experience of the country improves thereafter. --- Second, I offer my best wishes to you for 2006, whoever and wherever you are. May the coming year bring you peace and happiness, and such other diversions as you would wish for. *With the exception of Jane, who works for BAA (the airport operator) and has a fine grasp of what customer service is.

Mark Dixon and Kim Cameron have blogged on the topic of UK law enforcement access to a national network of vehicle surveillance... I've left a comment on Mark's blog, but here it is again for convenience: Hi Mark; well, they didn't quite manage it by 1984, but in fact a lot of vehicle movements are already automatically monitored and recorded on UK roads. For example, the "Congestion Charge" system for central London records vehicle licence numbers so that you can be charged for driving into the city. On a much wider scale, the Trafficmaster system provides information to motorists about traffic flow on major roads, motorways and so on. It has an extensive network of cameras which are also capable of licence plate recognition. Trafficmaster is a commercial system, though, and I was told about five years ago by one of the national breakdown organisations that the operators of Trafficmaster deliberately designed the system not to store the full number. It stores enough to enable a 'probability-weighted' analysis of traffic conditions, but not enough to tie a specific vehicle to a specific time and place. Intrusive as this is, let's not forget that some US rental companies use GPS data from their cars to penalise customers for speeding, without any involvement of law enforcement...

Back in September, commenting on the Intelligent Design court case in Dover, Pennsylvania, I rhetorically asked whether there are any atheist proponents of Intelligent Design. I certainly didn't get any owning up via the comments. Now, it seems, the federal judge in the case agrees. According to the BBC's coverage, Judge John Jones III 'demolished' the assertions of the ex-members of Dover's school board that the ID material was scientifically, rather than religiously motivated. The BBC quotes him as saying: "We find that the secular purposes claimed by the board amount to a pretext for the board's real purpose, which was to promote religion". It also reports that he accuses them of 'breathtaking inanity' and of lying under oath. Today's paper in Cleveland, Ohio, the Plain Dealer has another couple of revealing quotes. First this one, on the scope of the ruling: "We find that while ID arguments may be true, a proposition on which the court takes no position, ID is not science". And then this, from a judicial opinion in which he described Dover's citizens as being 'poorly served' by their school board: "It is ironic that several of these individuals, who so staunchly and proudly touted their religious convictions in public, would time and time again lie to cover their tracks and disguise the real purpose behind the intelligent design policy". That's not to say that ID should not be taught just because of the apparent moral turpitude of those board members. Even if they were as upstanding and moral as they would have liked the judge to believe, ID should not be confused with science, and children should be allowed to distinguish between beliefs based on religious faith and beliefs based on scientifically tested hypotheses. Many of them around the world are about to spend a week believing in Santa Claus and Jesus; those beliefs are of a different kind from beliefs about whether it is safe to cross the road without checking for traffic. (The pro-ID members were all voted off the board last month).

I should have done this when I first blogged about it, but have now finally got around to adding William Heath's excellent Ideal Government blog to my Blogroll. Highly recommended. One of the current threads concerns the discovery of large-scale identity fraud in the UK tax credits system, as noted by Kim Cameron here and me here. William points to the paucity of information available about what was involved, but a few things seem clear. --- As Kim notes, there is plenty of evidence that relying too heavily on a piece of data such as a Social Security Number (which is practically in the public domain) is bad credentials policy; --- Fraudsters don't come in through the front door. The fraud in this case appears to have involved the theft of identity data relating to other public sector employees, rather than individual citizens. It may well therefore have been an insider attack. The department in question has launched a criminal investigation. --- The most alarming kind of identity fraud is the one in which a 'parallel identity' is established, such that substantial fraud may take place before the victim becomes aware of the bogus transactions being undertaken with her/his identity. By 'parallel identity' I mean the use of a set of credentials to establish new accounts, rather than the hijacking of a legitimate account set up by the victim and to which they probably still have access.

There's a slim volume by Lawrence Durrell called "A Smile in the Mind's Eye". It's a pair of novellas which describe a couple of episodes in the author's life. One is about a close encounter he had with Zen buddhism; the other is about a close encounter he nearly had with a mysterious stranger called (according to the hand-written entry in a hotel register) "Chantal de Legume". The mere name conjures up flights of fancy in Durrell's already volatile imagination, and it's one of those little vignettes which an author of his quality can spin into something magical. Last week at San Francisco airport I heard one of those PA announcements which just makes you stop in your tracks with a bemused smile: "Erin Mothball, please come to a courtesy phone. Erin Mothball, to a courtesy phone please." PA systems being what they are, I have no idea if that's her real name. But either way... Erin Mothball, you intrigue me.

With apologies to James Governor, who beat me to it and posted this one via his del.icio.us page. Last Thursday's paper edition of USA Today carried a front-page story on ID Theft, its use by crystal meth addicts, and their links to organised crime. The same article is available online here. These days, we tend to hear this kind of stuff often enough for it to lose its connection to reality, so its useful and salutary to have a detailed case study to ram home the essential, practical points. --- Credit card numbers, social security numbers and/or whatever you use in your country to establish creditworthiness are valuable commodities, and need to be treated as such. --- Identity theft is essentially a three-part crime, consisting of the theft, the exploitation, and (in between the two) an organised, international trafficking enterprise. --- The internet allows all three of those phases to happen quickly, 'distributedly' and sometimes in bulk. There are certainly national/cultural specifics which appear to make identity theft (or its exploitation) easier: for instance, the loose usage of Social Security Numbers in the United States, turning a frequently relied-upon identifier into a piece of publicly-available information; the custom of leaving outgoing mail in your mailbox for the mail carrier to collect, and so on. But however tempting it is to single out this kind of national trend, I am wary of suggesting that there's a simple cause-and-effect relationship at work here. It's more complex than that, and removing some of these apparent causes will not necessarily remove all the apparent effects. For instance I was struck, reading the USA Today piece, by how frequently the identity thefts exploited things which were entirely outside the control of the victims themselves. The article names companies whose call centres, dumpsters and online account creation processes all gave rise to opportunities for identity theft and subsequent fraud, with their customers as the victims. That said, we could all benefit from a little more discipline in how we handle our own identities. Our CPO, Michelle Dennedy, has a characteristically pithy way of putting it: we need to treat data as a 'controlled substance'. Whether you're a company or an individual, if you start treating data the way you'd treat dangerous chemicals, drugs or nuclear waste, I think the risk reduction will pay for itself. Here's your personal 'starter for ten': does your credit card company send you unsolicited blank cheques, hoping you will use them to add to your debit balance? What do you do with them? When was the last time you just tossed them into the waste paper basket? We're approaching the time when New Year's Resolutions get dusted off. Can I suggest one for 2006? Resolve to buy a cross-cut shredder and use it obsessively. The 'greens' among you can put the shreddings on the compost heap: either just layer them directly on it with plant matter, or loosely fill black bin-bags with them and use those as an insulating blanket to keep your heap warm and active.

It's a fairly well-established security principle that 'insider attacks' are harder to stop and potentially do more damage than external 'hacking'. It sounds as though HM Revenue and Customs are finding that out the hard way. They have found out that the tax credits system is being defrauded systematically by organised criminals, and that a major tool is the use of valid employee IDs stolen from their organisation (at least 13,000 IDs, 'to the best of their knowledge'). The combination of organised crime, identity theft and insider attack is a powerful one. Applying the government's own logic to the problem, one might conclude that the most effective first step would be to issue HMRC staff with biometric ID cards. Conversely, one might wonder how much benefit biometric authentication of citizens can bring, if the system itself is subject to inappropriate access on so rampant a scale. There are, as usual, two problems to be addressed here: the technical problem of authentication mechanisms, and the organisational problem of safeguarding appropriate access. The latter is generally the tricky part. Without the former, it's even trickier.

As I commented a few weeks ago Sir Christopher Meyer's publication of his memoirs has caused a stir, though it is noticeable that the loudest protests have come from the politicians. His appearance last week before the House of Commons public administration committee appears to have revived the storm . There remains an unexplained gulf between what Sir Christopher says about the process for approving his manuscript, and the comments of the MPs on the committee. For example, the committee's chairman, Tony Wright MP, said: "People thought this was a wholly disreputable enterprise which you should not go anywhere near. You were going to publish this book anyway." The Cabinet Office, on the other hand, apparently phoned Sir Christopher after he had submitted the book for approval, to say that "the government had no comment to make on the manuscript of his book". On that basis, it seems strange for the retrospective whining to be so sustained and so personal. (One committee member said the book was "idiotic"). As before, I think the most likely outcome of this episode is that civil servants will bear the brunt of more restrictive rules about what they may or may not disclose. Those are likely to be either in the form of contractual clauses or codes of conduct --- or both, of course. I think that's a pity, because whatever the opportunity for civil servants to disclose unpalatable things, the fact is that it very rarely happens (and even when it does, that is usually democratically beneficial). Think of the Peter Wright 'Spycatcher' book for instance; far more damage was done by the then government's behaviour in trying to stop it than could ever arise from the contents of the book itself. (And unlike the Meyer memoirs, I have read Spycatcher... I bought a copy in Charlotte NC in 1988, and it sits on my shelves to this day. What concerns me is the growing number of 'special advisers' in UK politics today; they have no political accountability to the electorate, and are bound by no civil service code of conduct. I think that's a bad thing whether or not they write about the prime minister's underwear.

Tony Blair has not delivered the resounding final flourish to the UK's 6-month Presidency which he must have hoped for over EU budget reforms, and yet at least the talks have ended with an agreement, where last June's summit broke up with none. Beyond that, it is very hard to get a clear picture of what has been agreed --- as ever, the statistics and the figures allow commentators to pick and choose depending on what aspect they want to emphasise. However, from a narrow UK perspective the key points appear to be these: --- the UK's rebate will be trimmed by GBP 1bn a year over the next seven years (the period of the budget); --- the amount of aid for new-accession Eastern European countries is increased by GBP 7bn over the original proposal (so Mr Blair has apparently succeeded in 'ring-fencing' the rebate reduction); --- the budget will be reviewed in 2008-2009, and although the clear hope is that this will include a review of the Common Agricultural Policy (CAP), the fact is that France is likely to hold out until the previously-agreed date of 2013 before agreeing to any change to farm subsidies. It's this latter point which most exercises the Brits. The perception is that, even after the expansion of the EU to incorporate a number of countries whose economies depend far more on agriculture than those of existing members, the CAP remains essentially unchanged, and an increasingly unsustainable subsidy for the farming industry in 'more developed' countries. In 'populist' British politics, the shorthand version of that is "if French farmers don't get their way, they start blockading the motorways with truckloads of burning lamb". So what's the French perspective on the budget agreement? Well, according to today's news bulletin on France Inter, it boils down to this: "France and Germany get what they wanted; London is isolated; there's more cash for the Netherlands and the Baltic region, and the Eastern European countries learn that it's every man for himself and they cannot depend on anyone else." That's more or less verbatim (translation taken into account), and it seems a pretty harsh analysis. The most obvious interpretation is that 'if the new-accession countries were looking for extensive subsidies, they'll find that those have already been cornered by the founding members'. Not much 'solidarity' there, then. The maths is that, yes, the new members will get financial aid, but not at the expense of existing grants under the CAP. The accession of the new members substantially changes the agricultural 'landscape' (if you'll forgive the metaphor...) across the EU --- and yet the pattern of subsidy to existing member states remains unaltered. I find it hard to understand the logic behind that, and I think that maintaining the status quo until 2013 will damage the EU's economy in the meantime. But then, I'm not a politician or an economist. The next item on France Inter's news bulletin concerned demonstrations by French restaurant-owners, who have been pressing for a reduction in the rate of Value Added Tax (VAT) they pay. They want it cut from 19.6% to 5.5%. However, EU tax harmonisation rules impose a minimum rate of 15% unless an exemption has been unanimously agreed. Unfortunately, Mr Chirac surrendered a hostage to fortune back in 2002 when he promised to achieve such a rate cut on behalf of France's huge restaurant industry. Now that he has agreed to a budget which does not deliver it, he can expect further industrial action by restaurateurs: not a happy prospect for gastronomes in France, who must be wondering why he has not at least exercised the power to reduce the VAT rate to 15%.

It's interesting, isn't it, that Senators McCain and Murtha, who put their names to an amendment calling for a ban on cruel and inhumans treatment of US detainees, are both veterans. Part of their reasoning must spring from the fact that, if you (as an army) torture your captives, then your soldiers can only expect the same treatment. But a deeper motivation, I suspect, may come from some appreciation of human dignity which comes from having put your life on the line. I think that is a salutary influence to which to expose those elected representatives who decide on these policies. NY Times article

Here I am (8 hours behind GMT) in Newark. Not Newark, New Jersey (or, come to that, Newark in Nottinghamshire), but Newark, California. It's to the South-East of San Francisco Bay, at the eastern end of the Dumbarton Bridge (which runs East-West across the Bay). It turns out that Sun has a sizeable campus here (so does Logitech, apparently), as well as the campuses at Santa Clara and Menlo Park. It's pretty odd for me, to compare corporate assets on this scale with what would be the norm in the European sales/marketing organisation. Pretty much any of the buildings we've been meeting in over the last three days would qualify as a substantial Sun office anywhere in Europe... and yet each of them has been one of a dozen or more, on one of three campuses. Corporate musings aside, this has been a great opportunity both to meet all the other team members, including Gerry Beuchelt and Marc Hadley, whom I had never met. You should have a look at both their blogs, and if I particularly recommend Marc's work on WADL I'm sure Gerry wouldn't take it amiss. Gerry has a demo of Java Remote Method Invocation being used to control... a model railway. So interesting as WADL is, Gerry's blog can easily hold its own. I've also had a chance today to talk to Sun's CPO --- that's Chief Privacy Officer --- Michelle Dennedy. Michelle is a bit reticent about blogging (probably something to do with having Privacy in your job title), but let's see if we can encourage her, because when she does express an opinion it is usually well worth hearing. For instance, she has managed to come up with one of the most succinct statements I have heard yet, to describe what Federation should be all about: "How can we do business together, while exchanging the minimum of regulated information?" The more I think about that in the context of identity, privacy and governance, the neater I think it is. And tomorrow I'll have another 'first', when I get together with Masood Mortazavi. It's a first because I feel I know Masood quite well --- but in fact we've never spoken, and apart from a couple of emails we only know each other through blogging. Still, that's modern life, I guess. So, apologies for the sparse blog entries, but as you can see, there's been a lot going on over here. That said, I should also set expectations by saying that I probably won't be blogging much over the holidays. Let's apply the "Hawaii" principle: you ought to have something better to do over Christmas than read my blog!

The BBC carries a report today of Foreign Secretary Jack Straw's assertion that a detailed trawl of the files has produced 'no evidence of rendition flights' generating any request by the US for passage to or through the UK. Of course, as discussed previously, this could simply mean that the English language is being fed through the wringer again until a form of words can be found which conveys the desired impression without actually 'meaning' it. Interestingly, though, Condoleezza Rice doesn't deny that 'rendition' takes place; indeed, she asserts that it is 'a lawful weapon' in the fight against terrorism. Actually, one might have thought that, for people seized without charge --- by people other than law enforcement officers accredited in the country in question --- and then transported within or between non-US countries, the only lawful process would be extradition... but perhaps I'm very old-fashioned. Part of me wonders what the Secretary of State's reaction would be she discovered, for instance, that Colombian undercover agents were snatching suspected drug traffickers off the streets of US cities and spiriting them out of the country for interrogation. I doubt she or the FBI (or the DHS or the INS) would be very happy. But that's a purely hypothetical case, of course. Now, given that she admits that these 'renditions' take place, and given that Europe is known to be either a staging-post or a destination, isn't it strange that none of the flights in question should have passed through the UK or its airspace? After all, we are supposedly the US' stoutest ally in the war against terror... It could be that the UK government just lets US government flights zip to and fro as they please without filing any paperwork; it could be that all the paperwork has simply gone missing. Or it could be that Mr Straw, guessing what the public reaction to this kind of behaviour would be, somehow made it clear that he did not want to know the details. We've all heard the phrase 'plausible deniability'. This one just doesn't seem that plausible.

Well, new-ish. I've been meaning to upload this for a while. These fellows were one of the e-Government conference freebies in Manchester last month. To get the blue "UK Presidency Limited Edition" (!) squishy, I had to collect the others by visiting the various stands and hearing about DirectGov, Local DirectGov, GovConnect and the rest... Still, there's no such thing as a free squishy ;^) I'm told that in e-gov circles, some of these squishies are getting to be very well-travelled and have started popping up in people's holiday snaps. I can't promise the same thing will happen here, but you never know. One last thing; I had to get an extra orange one, because he's the one who most resembles Morph. Morph was one of the first creations of Aardman animations, now better known for the Creature Comforts, Chicken Run and the Wallace and Gromit films. Tragically, Morph is no more --- a catastrophic fire at the Aardman studios in October this year reduced all their claymation characters to ashes (or possibly grease, I don't know what that kind of 'clay' is made of). So, RIP Morph, and thanks for all the laughs...

I should have done this before, but here's a pointer to GameGuy's blog, where you will find cool stuff about gaming, non-partisan stuff about Sun products, and some most heartening rants about the political abuse of language. Chris Melissinos (our CGO) is clever, and has clever people around him... make sure you get your slice!

The House of Lords has unanimously overturned a majority decision by the Appeal Court that evidence which was known to have been obtained through torture could be legally admitted in court. Lord Carswell, one of the panel members, said: "The duty not to countenance the use of torture by admission of evidence in judicial proceedings must be regarded as paramount and to allow its admission would shock the conscience, abuse or degrade the proceedings and involve the state in moral defilement." Amnesty International said that the ruling overturned the "tacit belief that torture can be condoned under certain circumstances". There is a grey area, though: evidence need not be rejected if an enquiry cannot establish whether or not the evidence has been obtained through torture. In the first instance, the most direct effect of this ruling will be on the Special Immigration Appeals Commission, which has been issuing judgements about the deportation of terror suspects, often on the basis of evidence supplied by other authorities. They will now have to review those cases, and will have to apply a more rigorous test in future about how the evidence was obtained.

On November 18th I posted about the UK ID Cards debate. I included the following quotation from a BBC article: Mr Burnham said a report from accountants KPMG had concluded the government's estimates were "robust". However, SpyBlog was kind enough to comment to the effect that the published extract of the KPMG report does not say that --- it says that the Government's methodology was robust. As this article in The Register says, that's an endorsement for the calculator, but not for the figures being entered into it... The article linked to above gives a full account of the difference between what the Home Secretary has said on the subject, and the impression he has sought to foster in so doing.

Although the reported facts remain as confused and confusing as ever, politically it appears Ms Rice has won the confidence of some of her European counterparts, albeit at the cost of openly reversing the administration's stated position on whether 'US personnel serving overseas' are also covered by conventions banning torture. Put like that, that seems a strange statement to have to make... why would it be OK for US personnel to torture detainees provided it was done overseas? If 'overseas' means 'on US overseas territory' or 'on US overseas military bases', then surely the same laws should still apply as in the contiguous states? If 'overseas' means 'on another country's territory', then who on earth would assume that it would be OK for US personnel to torture detainees there?? Surely in that case, wouldn't torturing someone be a matter of criminal assault? The NY Times article says that the administration's position on this issue is still unclear, hints at disagreements in the White House, and suggests that one of Secretary Rice's aims is to reach a position which Senator John McCain could agree with, though she is clearly not willing to simply accept the amendment he is proposing to legislation on the matter. On the BBC site, Paul Reynolds (their Diplomatic Correspondent) focussed on the remaining unresolved questions: how permissive is the US administration's definition of what constitutes torture; what instances are there where torture is carried out under the 'renditions' programme but not by US personnel; and finally, the question which I think exercises people most: what accountability and oversight is there for what is done under the 'renditions' programme? The most recent article, reporting Ms Rice's meeting with European Ministers, is short but positive. The German and Dutch Foreign Ministers were, they said, reassured "that the US did not interpret international humanitarian law differently to their allies". Meanwhile, in The Guardian, Richard Norton-Taylor notes that the House of Lords will weigh in to the discussion today with a vote on whether evidence will be lawfully admissible in the UK if it was obtained under torture. The Lords are being called to rule on this because last year there was an Appeal Court ruling that such evidence was "admissible provided British agents neither 'procured nor connived at' the torture at the time". To my mind, given the extent of publicity there has been of conditions and treatment in Guantanamo, and the recent row over 'torture flights', most such evidence must now be open to challenge on the basis of connivance. It will be interesting to see what the Lords say.

Talking to a colleague today, the subject came up of the Liberty-style 'Circle of Trust' (CoT). He was asking about the distribution of various functions around a CoT --- authentication, service provision and so on. Specifically we were talking about strong authentication based on PKI technology. Later on in the conversation the topic turned to the upper layers of the Liberty architecture: Web Services and Service Interface Specifications (ID Federation being the foundation layer). Then we put the two pieces together: why not use a CoT to give services providers access to the strong authentication provided by another member of the CoT? The appeal of exposing strong authentication as a web service seems logical. It simplifies life for the service provider while still providing a degree of risk mitigation; and it capitalises on what I think is currently the principal business case for PKI services, namely the 'utility' model, in which a PKI is, essentially, paid for through the services which it secures.

Today there have been further reports of Condoleezza Rice's defence of the 'extraordinary renditions' policy.

It's a sad fact that these days, when I hear a phrase like "The United States does not transport, and has not transported, detainees from one country to another for the purpose of interrogation using torture", I don't think "Oh, well that's OK then"... I think "What interpretation of that phrase would be consistent with detainees being tortured?". For instance, what if detainees are transported from one country to another for the purpose of removing them from effective legal accountability... and are then tortured? Doctors don't administer lethal doses of morphine for the purpose of killing patients; they do it for the purpose of pain relief. The patient dies just the same.

I do have a level of respect for Ms Rice, and I am sure European leaders such as Angela Merkel do too... but personal respect cannot and should not be made to substitute for political and legal transparency in the treatment of detainees. Such transparency is vital for many reasons:

--- First, the anti-terrorist enforcement effort is an international one and depends on international co-operation. It is appropriate that international conventions, and not only national legislation, should be applied to the treatment of detainees;

--- Second, there are too many factors in this which are subjective and disputed: the 'precise definition' (!) of torture, the definition and status of 'unlawful combatants', the legal channels open to those detained indefinitely, and so on;

--- Finally, there is the over-arching point that we cannot defend democracy by ditching its principles under a doctrine of 'the means justifying the end'. Ms Rice cites cases such as Carlos 'The Jackal' as previous instances where 'rendition' has been used and condoned.

The difference (which she neglected to mention) between that case and what appears to be happening now on a mass and systematic scale, is that Carlos was brought to court and tried. She also stresses the respect the US places on the sovereignty of other countries. This sits uneasily with, for instance, events such as the extra-judicial killing of six Al Qaeda suspects in the Yemen, using a rocket attack from an unmanned aerial 'drone'; an episode which demonstrated opportunism over and above any consideration of legality or sovereignty.

It could be that the 'renditions' policy is just, legal and appropriate. I'm still open to convincing... but I'm certainly not convinced yet.

The English language (more particularly the US English language) is taking a beating, folks. It is being hijacked, flown to third-party countries and violently assaulted until it says exactly what its captors want to hear. The BBC, New York Times, The FT and the Washington Post all carry reports that US Secretary of State Condoleezza Rice is about to mount a diplomatic defence of the alleged policy of "extraordinary rendition". Just that phrase ought to raise our suspicions. I would love to hear a psychological opinion on this; what does it say about someone when they refer to what they are doing by taking an existing word and re-applying it to 'mean' something completely different. I say 'mean' because presumably a large part of the motivation is to ensure that what they say 'means' as little as possible. The psychs would have a field day. The Washington Post also carries a more detailed report exposing the US admission of the wrongful imprisonment of one Khaled Masri. This article makes the point that the CIA is convinced that "rendition" is the quickest way to take terrorists out of circulation, even though it admits the possibility of [shudder] "erroneous rendition". Ms Rice is picking out (rendering? renditioning?) her words with great care. She will not admit the existence or use of secret CIA camps, but she will "provide a comprehensive response". To the accusations of violating international law, she will reply that the US "adheres to its own laws and to its international obligations". Notably, it appears she will not say that the US adheres to international law. According to the Post, "Rice does not plan to directly answer the question of whether the U.S. operated secret prisons in Europe that may be illegal under European law". Presumably, citing US law, she will plead the Fifth... She will, according to the Post, "try to turn the tables on critics of US terrorism policy", pointing out that we're all in the same boat on this one, with the implication that if the CIA are not given a free hand, we will all suffer. No-one comes out of ths story looking good. Jack Straw, the British Foreign Secretary, cannot shake off the impression that he has only raised the issue at all because he was forced to by the other EU foreign ministers, during Britain's spell as chair of the European Council of Ministers. Angela Merkel, newly-confirmed German Chancellor, is about to have one of those awkward "ethical foreign policy" moments, particularly if it emerges that her predecessor's administration was aware of what US air bases in Germany were being used for. And then there is the cluster of countries who now have, hanging over them, the allegation that they may have knowingly hosted CIA torture camps. EU Justice Commissioner Franco Frattini has said that doing so would be grounds for suspension of a country's voting rights in the Council of Ministers. And we have to assume that it was 'knowingly': that is the implication of Ms Rice's assertion that the US respects the sovereignty of other nations. We are unlikely to get a clear and definitive answer to the many questions this shabby episode raises. Who amongst us lives in a country whose leaders are actually approving "rendition", torture or extra-judicial detention? Whose leaders are tacitly but knowingly allowing it to happen on their watch, on their behalf or on their territory? It is not a comfortable thought. amnesty 'stop torture' site

The UK Information Commissioner, Richard Thomas, has published a short paper setting out specific concerns about the UK ID Cards Bill. He makes the very good point that, once a citizen's biometrics have been captured, there really isn't a lot more data you need to store centrally in order to identify someone. Indeed, if the biometrics are recorded on the ID Card itself in any way, you don't need to authenticate against a central register at all. That's pretty much the nub of it. As he goes on to point out more specifically, there certainly isn't much justification for appending a record of the citizen's second home (should they be fortunate enough to have one). After all, we have a Land Registry to do that. Similarly, he argues against the use of the central Register to accumulate an audit trail of all requests for authentication. I have argued against it on the basis of practicality: there's a foreseeable risk that the 'audit log' function would, over time, start to compete for bandwidth with the primary purpose of the Register, namely, processing authentications promptly. Stefan Brands and others have argued against it on grounds that it creates a permanent, timestamped record of --- among other things --- every service for which the citizen seeks authentication. Richard Thomas makes the same case, and adds his concerns, as Information Commissioner, that this adds a significant component to the 'Surveillance Society', when considered in conjunction with such technologies as CCTV, number-plate recognition and so on. The big question is this: is the primary purpose of this scheme for citizens to be able to identify themselves... or is it for the government to be able to identify citizens and accumulate a record of very occasion on which this happens?

And another winner from Mark Wahl, who has spotted a lovely new malapropism: Rouge Access Points

James Kobielus, who I am guessing must get quite tired of people calling him James Kobelius [sic], refers to a commentary by Mark Wahl about the factors on which we tend to base 'trust' decisions. I link to both pieces because I couldn't find a 'Comment' button when reading them...

I've made the point before that, in 'real life', we place trust in people because of the interactions we have with them, not because they present us with credentials. However, as usual that over-simplifies matters a little. That model only works where we have repeated interactions with people before reaching the point where you have to make a 'trust' decision. Nor does that always work. The word for cases where you have repeated 'good' interactions with someone who subsequently turns out not to merit trust is, well, 'betrayal'.

Then there's the point that, increasingly, what we trust are the credentials which strangers present to us. This actually puts two burdens on any given set of credentials, and I suspect the distinction between them is worth drawing out:

- First, the credentials represent an assertion by a trusted third party* that they are comfortable issuing the person with those credentials. (For instance, a passport, a corporate ID badge, and so on). That is the basis for the trust we put in the credentials themselves, on the assumption that we can successfully judge them to be genuine. Note that that doesn't stop us placing different levels of trust in, say, a passport and a video rental membership card...

- Second, the credentials are intended as a reliable link between the person presenting them, and an accumulation of other data about that person (in other words, the kind of information we might otherwise build up over time if we had the opportunity). that other data might include entitlements data ("the holder of this driving licence is entitled to drive a truck") or data about past behaviour ("this eBay member has had positive feedback from 4132 previous buyers").

In this context, the examples James and Mark give illustrate the following two things about real-world trust:

- First, by dressing in accordance with our preconceptions, a person can lead us to wrongly assume a certain pattern of past behaviour on their part. For instance, if you see someone dressed as a judge or an airline pilot, you may make a lot of contextual assumptions about them.

- Second, a person can use their appearance to 'proxy' for credentials (again, a uniform is a great example of this), which may be similarly deceptive.

Finally, in a Privacy context, I think it's worth noting that the 'credential' which links a person to their record of past behaviour need not necessarily be personally identifiable, provided that over time, it repeatedly and reliably allows you to associate a current interaction with the record of past interactions.

To 'close the loop' of this analogy: I have neighbours whose name I don't know, even after 10 years, but I do have the basis for a certain level of trust in them: I have an experience of past behaviour, and I have a more or less reliable linking to them (which 'proxies' for credentials), in that I know where they live...

*OK, I know this doesn't accurately cover peer-to-peer 'community' trust schemes, but we'll come back to that at another time under the heading of "Trust, in the Participation Age". Bear with me...

However much we may protest otherwise, bloggers are all, to some degree, narcissistic self-publicising introverts... (Side-note... I wonder what we would find if every blogger did a Myers-Briggs test... ;^) Well, now that I've alienated at least 75% of my readers, here's Mr Snitch's analysis of blog types, which (as we are all introverted &c &c &c) makes fascinating reading. He deserves the hits, for writing such an interesting piece, so I won't copy it here. If you're a blogger, go and see what kind you are. :^) Oh, and thanks to long-tail blogger Phil Windley for posting about it!!

Some strange things happening on the hit-counter, as a couple of Sun bloggers have already noted. Suffice to say, some of us appear to be getting our regular overnight 'reset', but others are racking up several days' worth of hits without a reset! Not to worry. Actually (according to statcounter, that is) my blog had its highest ever hit count on Tuesday of this week, presumably in the wake of the e-Government conference. But enough of this navel-gazing, and on with the show... Resets or no resets, top of the blogpile this week has been Jonathan Schwartz, and rightly so, with his "Free Like A Puppy" announcement that Sun is offering Solaris plus the whole Java Enterprise System software stack on a Free Open-Source Software (FOSS) basis. As readers will know, I seldom delve into the niceties of product licensing (I did for a while, when I was EMEA Programme Manager for Sun's Java Desktop System, and it was interesting enough, but doesn't really 'float my boat', as they say). However, this one is radical enough to deserve some comment. Naturally, a lot of the press coverage has been of the "Sun to give away huge chunk of revenue" variety. However, Jonathan sets out the rationale very succinctly: 1 --- It's the software which is going FOSS, not the support services; 2 --- There are communities who we need to court, who do want the software without a support contract; specifically, developers, startups, companies who have (or want) their own in-house support competence... And those are just the communities which have been identified. The thing about changing the ground-rules like this is that it stimulates the growth of business models which perhaps weren't conceived before, or which had been dismissed because under the 'normal' pricing structure they didn't make sense. It's time to revisit some of those assumptions, ditch the ones which don't apply any more, and get creative!

As I mentioned on the 27th., Drew has some very interesting stuff to publish on the whole topic of credentials. Here's a link to the post describing Drew's EntireID work. Vey practical, well thought-out, and a great bit of partnership...

Baroness Helena Kennedy, QC, must be patting herself on the back. In her article in "The World in 2006" from The Economist, Kennedy makes the following prediction for the coming year: "Most shameful of all, I fear we shall witness efforts led by Britain to water down international commitments on torture. Once mature democracies claim it is acceptable to use as evidence intelligence which may be based on torture, we are conniving in the debasement of human rights around the world." (my emphasis) Thing is, she will have had to write that piece well before this week's statement from Condoleezza Rice that the US will look into allegations of secret CIA interrogation camps, covert flights through and to European countries, and so on. Spain, Nordic countries and the European Commission are looking into reports of CIA flights passing through airports in the continent. Admittedly, the torture theme has not only surfaced in the last week. Concerns have already been expressed about, for instance, the UK's position on deportation of foreign nationals back to countries where there is a clear risk that they could be at risk of persecution or torture (Zimbabwe, for instance, or Libya). Interestingly, in the same publication, Libya is ranked 20th out of 20 Middle East countries when measured on 15 indicators of political freedom... Last year, Britain's ambassador to Uzbekistan was fired after raising with his political masters the issue of Britain relying on evidence about Al Qaeda suspects which it had good reason to believe was obtained by torture. What hit the headlines was the report that there is evidence of people being boiled alive by the Uzbek authorities. Murray makes the following point: "Torturing innocents is wrong. But torturing the guilty is wrong, too. ... Torture is wrong, full stop." Torture, as a tool in the 'war against terrorism', is pragmatically unwise too. It gives the fanatics moral ammunition. 'Conniving in the debasement of human rights' has other subtle consequences, too: it is telling that anyone who opposes the current proposals for greater police powers and more repressive laws is likely to be branded 'an opponent of democracy', 'out of step with public opinion', 'acting against the best interests of the country' and so on. In fact, of course, as Helena Kennedy so succinctly puts it: "Terrorism is one of the great challenges to the rule of law. In the face of such provocation the temptation to change the rules is precisely the repression terrorists seek to stimulate." If terrorists succeed in reducing mature democracies to the point where they practice, condone, facilitate, connive in or turn a blind eye to torture, who has won? amnesty international's 'stop torture' page