Robin Wilton's esoterica

I'm not sure, but according to this article it at least has some effect. Organic and Freetrade products, ethical investment, carbon offset goods and services... a large proportion of the growth in these must arise from consumers 'voting with their wallets' - both in terms of their unwillingess to buy goods which don't meet their ethical criteria, and in terms of their willingness to pay more, proportionally, for those which do.

Clearly in the retail sector, that last point represents the 'win-win' which the retailer is looking for...

Well, if there really is a causal link between ethical consumer preferences and retailer behaviour, my current wish is that it will have an effect on the packaging of consumer goods. The more difficult and expensive my local council makes it for me to get rid of my domestic rubbish, the more acutely I notice the enormous amount of packaging I have to dispose of, particularly plastics and colour-printed cardboard. As far as the latter is concerned, the council's current guidance is  to tear it up into small pieces and include it with the compostable waste. However, I worry about the inks and dyes used to attract our attention to the product within.

After all, the safety leaflet which came with my latest colour ink-jet cartridge was not exactly reassuring about the nature of some of its contents. Here's a representative sample from the warnings:

"Ink may be harmful is swallowed. Avoid contact with eyes. Keep out of the reach of children. Contains nitrates. If ingested, seek immediate medical attention. Contains Reactive Red dye. May cause an allergic reaction. Harmful to aquatic organisms, may cause long-term adverse effects in the aquatic environment. ... Avoid release to the environment"

What an ugly word. "Blog-plugs". Sounds like some kind of plunger... or the opposite.

Anyway, just a couple of links to other blogs which merit a visit:

Toby Stevens' blog here, which I've referred to several times in the past for his informed and sane views on Identity and Privacy - but I wanted to link specifically to his fabulous Molesworth conker tournament flyer. Classic. As you will have seen from today's earlier post, Toby just got an excellent piece printed in Computer Weekly.

And the Morning-Star blog here, for a wry look at many of today's political issues. The author says nice things about this blog, too, and I'm not too proud to reciprocate ;^)

For disambiguation purposes, "Morning Star" in this case does not refer to the Marxist/Communist daily. I had wondered whether there was an etymological connection with John Wycliffe (the "Morning Star of the Reformation") or the planet Venus, but after a brief email dialogue with the author, he confirmed that he likes the multiple connotations of "Morning Star", including the Lucifer/Fallen Angel one which had passed me by, somehow. There was another possibility, namely the 'spiked mace' or 'morgenstern', a medieval blunt instrument consisting of a spiked ball and chain on a handle... plausible but extreme, given the avowed BDSM interests of the blogger in question!

(Thought: is someone who blogs about whips a flogger...?).

I'd better leave it there, before the language of this post generates all kinds of novel search-engine hits. Anyone turning up here hoping for posts about whips and chains is, I'm afraid, in for a let-down.

I just don't know which way to turn on this one any more:

- Mr Blunkett used to like the idea of ID Cards, pervasive CCTV, national databases, and the restriction of trial by jury - but now thinks that eavesdropping on the 2012 Olympics might be a step too far...

- Sir Swinton Thomas has been the commissioner for government interception of communications, but says that making wire-tap evidence admissible in court 'could harm law enforcement and security services' and would make a difference in few, if any, terrorism prosecutions.

- Mr Brown, who was said to have led the Cabinet opposition to Mr Blunkett's ID Cards back in 2003, "absolutely agrees" with police requests that wire-tap evidence should be admissible and that 28 days is not long enough to hold terror suspects without charge...

- Tessa Jowell says that under the Gambling Act 2005, the Government will be able to effectively regulate all UK-based gambling activity, including its growing population of online gambling addicts, although Eliza Manningham-Buller says that her dedicated organisation (2,800 and growing) is unable to keep tabs on "nearly enough" of the activities of the 1,600+ individuals thought to pose a terrorist threat to the UK.

- And the MISC31 Committee wants government bodies to share all the data about us, while some of those bodies are not sure that would be legal under the Data Protection Act...

So do they want it or not... and if they do want it are they going to use it or not... and if they do use it is it going to work or not... and if it works, will that be a good thing or not? It's all too hard.

A good, thoughtful article by Toby Stevens here in Computer Weekly. He rightly identifies the issue of liability as one of the 'hard problems' of ID Cards, if they are indeed to be used as identifiers for commercial-sector transactions. Unfortunately, as I've blogged previously, it's a problem which a lot of the policy pronouncements on UK ID Cards seem designed to obfuscate.

 

One of the cornerstones of the European Union (and its previous incarnation, the European Economic Community [1957-1992]) is the creation of a "single market for the free trade of goods and services among member states".

Under those circumstances you might wonder why the transport of goods across borders between member states should attract any kind of duty, tax or impost. But it does.

If I drive to France and fill the car boot with wine (paying the normal French retail excise duty on each bottle), then I am exempt from paying UK duty on the same wine when I bring it back to the UK... provided the wine is for my own personal consumption only. Obviously, if I plan to bring it back and re-sell it to take advantage of the difference in duty rates, that's another matter.

However, if I order the same wine from France, but instead of driving over to collect it myself, arrange to have it couriered to me, then (according to today's ruling from the European Court of Justice) it no longer qualifies for the same exemption, and I become liable for UK import duty.

Setting aside the slightly strange logic of this ruling, it's interesting to note that UK duty on wine is a highly regressive form of taxation; that is, it is likely to place a proportionally greater burden on those with lower incomes.

The Chancellor currently levies a fixed rate of £1.29 on each bottle of wine sold retail in the UK.

That means that if all your budget runs to is Tesco's screw-top Lambrusco at £1.42 a bottle, you are being taxed at a rate of over 90% of the purchase price. On the other hand, if you can afford a 2004 Barbera d'Alba from Berry Bros. and Rudd at £18.45, the tax represents only 7% of the purchase price.

The whole issue of duty rates on alcohol, tobacco and petrol has always mystified me. Amongst the arguments mustered in favour of the ECJ's ruling come the following:

- the national spokesman for Retailers Against Smuggling said "Tobacco accounts for a huge proportion of the sales of many corner shopkeepers and to have lost these valuable sales plus the add-on purchases a shopper often makes at the same time ... would have been unsustainable for many retailers";

- and if the ECJ ruling had gone the other way, it would apparently have led to a reduction in tax revenue of some £16bn for the UK exchequer. The current volume of 'booze cruise' traffic (that is, consumers who travel to the continent specifically to load up at non-UK excise rates) already costs the Chancellor over £1bn in lost tax.

So the government actually cannot afford for us all to give up drinking... or smoking... or using our petrol-engined cars. Indeed, it has a perverse financial incentive for encouraging us to do all of these things, because of the "double whammy" if we stop: lost tax revenue and a substantial hit to the retail sector.

Health Secretary Patricia Hewitt was questioned yesterday as part of the police investigation into 'cash for honours' allegations - though reports are quick to add that she was questioned "as a witness, not a suspect, and was not cautioned."

Nevertheless, as you will probably remember from my recent post, as a witness, she could be invited to provide a DNA sample which would then be permanently recorded on the national police database.

I wonder if they asked her? Anyone fancy submitting an FoI request?

There's a news story today about some UK police being issued with hand-held fingerprint scanners for road-side use. Obviously this has provoked a lot of reaction about "infringement of civil liberties", but a lot of this seems to me to be missing the point.

The article says that police will fingerprint a driver only if she or he cannot give satifsactory proof of identity when stopped. Under those circumstances, the person would otherwise be taken to a police station and fingerprinted.

The bizarre part of the article is that it repeatedly describes fingerprinting as a way of identifying the driver. It also says that fingerprints taken would be compared against a national database of 6.5m prints. Those two statements can't both be true.

If a driver cannot convince the police of his or her identity, all that roadside fingerprinting will achieve is to tell the police whether those prints match an existing entry in the database.

That doesn't reassure me about the assertion that "the prints will not be kept on file". If new prints are not filed along with those already there to provide a match, then the previous paragraph will remain true indefinitely - making the whole exercise rather pointless.

In case you're wondering how this kind of thing can get onto the statute books, or you're struggling to remember the parliamentary debate on the subject, the answer is here; the end-of-session parliamentary 'clear-up' which saw huge slabs of legislation rubber-stamped without debate.

This was the same Act which makes every offence arrestable, including those which previously would have been considered so trivial as to merit only a caution. Of  course, as an arrestable offence, every offence can now be used to trigger the taking of DNA and other data which will then be retained indefinitely, whether or not the person in question is charged or convicted of anything.

I feel the wool being pulled over my eyes. Conversely, if you are prepared to take the article at face value, can I interest you in an Eiffel Tower and a crate of finest snake oil? Serious bidders only.

You may remember that after my recent trip to Hong Kong I blogged about having seen a methadone clinic for the first time. Today there's news of a recommendation by a senior UK police officer that some heroin addicts should be taken 'out of the illegal market' by having their heroin prescribed through the health service.

According the the article, Howard Roberts, Deputy Chief Constable of Nottinghamshire, sees three direct consequences of such a policy: the first is simply a reduction in the cost of the addiction; the figures used are that the average addiction generates a cash requirement of about 15,000 a year, but in order to raise this through criminal activity, an addict will typically need to get 45,000-worth of assets because of the 'conversion rate' of stolen goods into cash. Prescribing heroin legally would apparently cost about 12,000 a year.

The second is of course a drop in crime, because the addicts are no longer having to steal to support the heroin habit.

The third is a more fundamental effect on what he describes as "the method of operation of the criminal market-place for heroin" - in other words, using the 'true' cost of legally-produced heroin to undermine the economics of the drug trade.

I think it's great that law enforcement at this level have an open mind towards this kind of remedy, but I have a few (ill-informed) reservations.

1 - I wonder why he recommends prescribing heroin rather than methadone... though one of the things I found out last time was that apparently methadone is actually harder to 'kick' than heroin. On cost grounds, methadone might do more to reduce the cost of addiction, though it might have to be used over a longer period.

2 - the way any market operates, if current buyers are taken out of the illegal market, it will generate a strong incentive for suppliers to try to open up new markets... in other words, push to new addicts. That might prove to be an unintended consequence of the policy.

3 - the fact that someone is on methadone does not (according to the research I did previously) guarantee that they will not seek other illegal drugs at the same time. Presumably the same applies to legally-prescribed heroin.

Point 2 just suggests that if the police want to use this as a means of fundamentally affecting the criminal market for heroin, they will have to acknowledge that other preventive and enforcement measures will have to accompany it. But then, if they're saving money on detection of heroin-inspired crime, maybe that's a workable trade-off.

Points 1 and 3 worry me more, because they imply that any legal prescription programme would have to be accompanied by an effective and long-term programme of rehabilitation; safeguarding participants against the temptation to use other illegal drugs, dealing with the fact that they are still unlikely to be able to take up productive employment while being treated, and so on.

Those tasks will fall to bodies other than the police, and specifically to local government bodies such as Adult Care and Social Services, who are already finding their budgets severely over-stretched. There is plenty of media coverage of cases in which known addicts, psychiatric out-patients and the like re-offend while supposedly under the 'supervision' of such bodies, and that does not inspire confidence in their ability to cope with a further population of candidates for rehabilitation

In my previous post I referred to William Heath's IdealGovernment site, in the context of positive political blogging. 

Also, of course, the site continues to publish excellent material and links on ID Cards, including the following:

- Blatant whoppers from the Home Office PPS ("The NIR will only ask for your name, address and date of birth");

- Guardian report on the cracking of UK biometric passports ("The Home Office is ... breaking one of the fundamental principles of encryption by using non-secret information published in the passport to create a 'secret key'."); 

- The EU FIDIS project's "Budapest Declaration" ("European MRTD [Machine Readable Travel Documents] data are remotely, transparently and non-interactively readable (from the perspective of the passport owner) from a distance of 2 to 10 meters");

- Nonsensical misdirection from the PM ("in America for example you won't be able to go unless you have got a biometric visa");

And lots more.

That last one (Tony Blair doing his bit for e-politics by answering questions posted on the No.10 website) merits a little further comment.

First, the phrase "biometric visa" is a bit of a nonsense. A visa is a permit issued by a third party country, linked to a set of conditions governing your visit there. It's conventionally recorded in your passport. A biometric passport is one which contains a biometric supposedly unique to the holder. A biometric visa is a nonsense phrase which serves only to fudge the distinction between the two. I wonder why?

Second, even assuming that Mr Blair meant - ('in America for example you won't be able to go unless you have got a biometric passport'), he is stating the position incorrectly, in a way which happens to overstate the requirement for biometrics. The requirement for entry into the US (for UK passport holders) is as follows:

-  as of October 2004, it has been a requirement that you have a passport with a machine-readable bearer-data record; those are the lines on the photo page of your passport which begin with ">>>>" (they are not biometrics);

- from October 2005, newly-issued passports must contain a digital photograph of the bearer, printed on the data page (the digital photograph has been determined to be 'an acceptable biometric' by the Dept of homeland Security);

- from October 2006, newly-issued passports must contain a chip capable of storing the bearer's biographic data, the digital photograph and other biometrics.

But the key point is this: if you do not meet the 2005/2006 requirements (and given the lifespan of the average passport, the majority of UK passport holders do not), it does not mean you cannot visit the US. It means that you will not qualify under the Visa Waiver Program (VWP). If your passport was issued before 2005 but has a machine-readable bearer record, you still qualify for the VWP. If your passport doesn't meet the stated requirements, it doesn't mean you can't go to the US, it means that in order to do so, you will have to get a visa. The PM must know that, which raises the question of why he seeks to give entirely the opposite impression.

What irritates me most about this is the persistence with which our elected representatives omit any mention of the Visa Waiver Program. The US requirement for biometrics in UK passports is not an absolute one - it is a condition of being exempt from the Visa requirement.

From the US perspective, there is a perfectly good reason for this, namely, that on entry to the US, foreign passport-holders (whether visa-holders or not) have to provide two biometrics: a facial photograph and two fingerprints. Those biometrics don't need to be held on anyone's passport, because they are recorded in the US Immigration system and (presumably) tracked from one visit to the next.

I'm forced to two conclusions:

First, that the various fudges in every official statement about this are intended to create the impression that US requirements oblige every UK visitor to have a biometric passport;

Second, that the distinction between biometrics captured by a third party country on entry, and biometrics stored in an inadequately secured (1) (2) passport is a distinction too fine for our policy-makers to deal with.

Which of those should I find more disturbing?

According to Tony Blair's outgoing chief strategy adviser, Matthew Taylor, the government is 'making good progress in using the internet to become more open and accountable', whereas bloggers are hostile, libertarian, anti-establishment net-heads who see it as their job to show how venal, stupid and mendacious politicians are. The mainstream media connive at this, through a 'conspiracy to maintain the population in a perpetual state of self-righteous rage', and the population itself behave like teenagers, who are 'demanding, but conflicted about what they want'.

Thank heavens for unelected and unaccountable special policy advisers, then.

Disclaimer: Mr Taylor was speaking at an e-democracy conference, which he addressed without presentation materials - so the only accounts I have of this are second hand, and some of them come from the very mainstream media he was complaining about... which, of course, self-fulfillingly explains my state of self-righteous rage <sigh>. David Wilcox was the conference video-blogger, and has posted here.

It's tempting to dismiss all this as sour-grapes whining about the fact that the Participation Age gives individuals a voice which can't be manipulated by spin-doctors and "message managers", and I for one am inclined to give in to that temptation.

Our elected representatives appear to have no issue with cosying up to the press barons of their choice, of whatever political alignment (consider the Murdoch media empire now, or think back to Maxwell in his Daily Mirror days, when there was a political party which wanted a left-wing press... ). Nor are they exactly shy about making a few bob off their memoirs, so the print media are covered.

Then think of the daily radio skirmishes between journalists and interviewers; in my lifetime, the process of bending those to the purposes of the political participant seemed to start with Mrs Thatcher (who would shrill out her desired message over the interviewer's attempts to interject). There's "passive" message management as well - think of the number of times when the relevant spokesperson is simply "not available for comment".

And moving on from radio, think of politicians' increasing skill at (and enthusiasm for) exploiting television. Admittedly, it sometimes backfires, as when Michael Howard infamously attempted to emulate Mrs Thatcher in answering only the question he wished to answer, rather than the one being asked by the interviewer. Have a look at Jeremy Paxman's more recent performance here, interviewing Tony Blair on a full range of subjects, from NHS reform to taxation to the Hinduja passport scandal, and note how often Paxman explicitly calls the PM on his unwillingness to answer a straight question.

Whether the sight of Tony Blair announcing the 2001 election campaign to a room-full of bored and confused children against the artful backdrop of a stained glass window* produced a positive effect or just nausea I don't know, but Matthew Taylor and his like can hardly expect us to believe it wasn't photo-opportunism of the most blatant kind.

Yesterday's news bulletins carried plenty of footage of Gordon Brown doing his statesmanship-proving 'meet and greet' among the troops in Basra, though only Ministry of Defence cameras were allowed to follow him. So that's TV dealt with...

What does that leave us? The Internet - the two-way mass medium par excellence. Maybe it does give a voice to the shrill, the demanding, the partisan and the critical - but it is a forum open to use and abuse by politicians as much as anyone else. David Miliband had to curtail his foray into the world of wikis after - surprise surprise - people posted trivial, sceptical or downright offensive entries on his site; Siôn Simon (Oxford-educated Labour MP for Erdington) decided YouTube was the right medium through which to publish a spoof video of David Cameron inviting people to sleep with his (Cameron's) wife - to the distaste of both his own and Mr Cameron's parties.

Then again, there are excellent blogs, wikis and online fora attempting to offer constructive and practical solutions to the political problems of the day; William Heath's IdealGovernment site being the one which leaps most prominently to mind. There's also Alan Mather's site, and I don't suppose Mr Taylor would like that one too much either - particularly where Alan compares the UK government unfavourably to the US when it comes to open performance measurement.

Then think of the many bloggers who kept us informed of everyday life during any of the recent Middle East conflicts. They clearly represent a threat to message management, from Mr Taylor's perspective.

Finally, there are also the blogs which represent that most fatal counter to Mr Taylor's argument: sites like the Huffington Post, where regular contributors include Mike McCurry - former White House Press Secretary to President Clinton.

In other words, what Mr Taylor really has an issue with is not so much the use that non-politicians make of the blogosphere - it's the fact that he and his masters haven't yet figured out how to achieve the level of control and exploitation they are accustomed to with the other media. I'm not immediately convinced that the ideal riposte to that is to lash out at bloggers, citizens and the mainstream media, but then I'm only a blogger, so who am I to talk?

 

*"Mr Blair took a lot of flak from the press for the way he launched the campaign. After going to see the Queen on May 8 Mr Blair went to the St Saviour’s and St Olave’s church school in Southwark where he was televised, cross behind him and sacred stained glass above him, and announced the election to an audience of children. It looked faintly ridiculous and, in the eyes of some, sinister." The Times, Feb 2005

Yesterday was the occasion of the 'Queen's Speech' - the formal opening of Parliament, at which the Queen reads a speech (prepared by her government) outlining some of the legislative programme for the next parliamentary year. As one might expect, given the recent headlines from the head of MI5 and the Home Secretary, several of the proposed Bills originate in the Home Office and have to do with law and order and border control.

This was the present monarch's 54th state opening of parliament, but was mostly referred to as being 'Tony Blair's tenth and last' - he will have stepped down as Prime Minister before the next one.

According to the political commentators I've heard, Mr Blair put on a good performance - something which seemed to surprise some of them, given the substantial areas in which he could be open to criticism. One can draw several parallels with President Bush, in that Blair too is still struggling to put an acceptable political face on the intractable wars in Iraq and Afghanistan, is faced by an ever-narrowing police investigation into 'cash for honours' allegations, and is beset by speculation over the (in Blair's case) self-inflicted 'succession' question.

What that last point in mind, perhaps one of the strangest passages yesterday came in response to the conventional criticism of his speech by David Cameron, leader of the conservative opposition.  That can't be an easy job, by the way: although some of the themes of the Queen's Speech are trailed in advance, the PM has a Cabinet Committee and a whole staff to work on the speech, and as much time as he cares to devote to doing so. The leader of the opposition can only rough out some general observations in advance, and then has to react 'on the fly' as the legislative programme is laid out.
 

At the end of his remarks on the Queen's Speech, Mr Blair likened Mr Cameron to a fly-weight boxer, and said that:

"The next election will be a flyweight versus a heavyweight. However much the right hon. Gentleman may dance around the ring beforehand, at some point, he will come within the reach of a big clunking fist, and ... he will be out on his feet, carried out of the ring..."

I'm sure there's something in his anti-social behaviour legislation which would make such incitement to violence an offence. 

There's a post and comment trail over on Bruce Schneier's blog about RFID tags and shielding.

It includes a certain amount of discussion of DIFRwear's passport wallet - which happens to be the one I was referring to in my previous posts on the subject. I hadn't named it explicitly up to now for 'commercial endorsement' reasons, but as some of the commenters on Schneier's blog are casting aspersions on the DIFRwear product, I thought in fairness that I should weigh in in its favour.

My experience is that the passport wallet is good quality and the right size to hold an EU-format passport. As to its effectiveness - that will continue to be hard for me to test conclusively, but as my previous post reflected, it seems to work admirably with standard stored-value cards and readers.

All this DIY RFID talk tends to make one want to understand a bit more about how this invisible technology works... in which case a good place to go is Alec's blog, here.

Here's a timely story which happens to hit two of my hot buttons with a single stone, if you'll forgive the scrambled metaphors. ('You can't make analogy without breaking eggs', as my Grandma would have said).  It's a BBC article about anonymity for 'at risk' voters.

As you may recall, I've blogged in the past about the lack of anonymity in our current polling process. This article raises two pertinent points:

First, it's a clear acknowledgement that our current system does not provide anonymity for the voter. Although (as Dave Levy pointed out in his reply to my previous post) the ballot slips themselves undergo a couple of hashes, based on random voter arrival times and then random allocation of ballot-boxes to ballot-counters, the fact remains that there is a link between each ballot slip and a named individual on the electoral register.

Second, the point about 'at risk' individuals being named on the electoral register will acquire greater significance the closer we get to a national biometric identifier - because those make it more difficult to give someone a legitimate alias. As has been pointed out elsewhere, there are a number of people who need such aliases - for instance, victims of domestic violence, witnesses under a protection scheme, intelligence operatives and so on.

As national electronic credentials become more prevalent, we should take every opportunity to compare best practice in e-voting and paper ballots, and guard against the risk that a basic assumption in one case is invalid in the other. To take a trivial example: think how easy it is to sort and re-sort the contents of a spreadsheet, based on one or other of its columns. All of a sudden, the 'hashing' I mentioned above in the UK ballot process becomes a trivial obstacle to detailed analysis of the poll results.

Spare a thought for all those poor MI5 operatives, though. I suspect that as the National Identity Register grows, more and more of them will be forced to become victims of domestic violence. Talk about a 'flag of inconvenience'... 

Nine years ago, I drew a line under 12 years' employment with the same blue-chip corporation and moved to the opposite end of the scale... Employee No.16 at an internet start-up. It felt like a huge decision at the time, though I was convinced that my reasons were sound. One of the factors was that I could see Java gaining huge momentum, and could also see that it wasn't being built into the corporation's solution strategy for the industry sector in which I was working. The company I moved to had an all-Java development strategy, starting with a crypto SDK and moving on to a hardened JVM, a secure Java banking client, PKI-enabling middleware and so on.

It was all great fun and a heck of a journey, and it's hard to see how I could have ended up where I am today without having taken that route. All in all, I owe a lot to Java, however indirectly.

All of which is just a rather windy preamble to today's main news - that Sun has released Java into the open-source community under a GPL. But unless I had given that introduction, you might have wondered why the hell the Esoterica had suddenly gone all product-centric.

The news seems to have gone down well with people whose judgement I tend to trust - including Mark Shuttleworth (space tourist, founder of Thawte and subsequently the Ubuntu Linux distribution, originator of the Freedom Toaster and, generally, all-round over-achiever). 

As I suspect that the intersect between Esotericists and candidate Java Open Source hackers is a somewhat slim one, I'll leave it at that.

If you are, by chance, part of that slim intersect, here's the landing page for getting to the source code. You'll find separate links for the JDK, Mobile & Embedded, and Glassfish projects.

 

The calendar this year has meant that Armistice Day and Remembrance Sunday fell on consecutive days over the weekend - so there has been ample opportunity to reflect on today's armed conflicts in the context of those of the past.

Two international events represent, I think, potential steps in the right direction. The first is a new treaty on the disposal of 'Explosive Remnants of War' or 'ERWs'; the second is a UN arms review conference in Geneva, at which there will be discussion of a ban on cluster munitions. That discussion is opposed by countries including the UK, US, Russia and China. Several of those countries have made extensive use of cluster munitions. According to the Guardian columnist George Monbiot, the statistics include:

- US: 19m (Cambodia), 70m (Vietnam), 208m (Laos)

- UK and US: 54m (Iraq, 1991), 2m (Iraq, 2003)

- Russia: ?? (Afghanistan, Chechnya)

More recently, of course, Israel's use of cluster bombs in the last 72 hours of its recent invasion of Lebanon hit the headlines - not least because it appeared to be largely a longer term 'area denial' exercise as the Israeli troops retreated.

As I noted a few days ago, the UK's International Development Secretary, Hilary Benn, has called for a ban. It would be regrettable if his were the only senior government voice doing so.  The recent departure of Donald Rumsfeld, and the likely replacement of John Bolton as America's voice in the UN are already being cited as making ot more likely that US policy towards Iraq will change. There's an opportunity for that shift in stance to include movement on the issue of cluster munitions.

From a purely pragmatic standpoint, the issue is perhaps best summed up by Simon Conway of Landmine Action. Read this and think of the extent to which military action and 'reconstruction' are inextricably interlinked in Iraq, Afghanistan and the like:

"The wars that we fight now are wars amongst the people where we're fighting for the will of the people, and you can't achieve your military or strategic aims if you kill large numbers of civilians in the process."

You may remember that back in August I got an RFID-shielded wallet; at the time, I was looking for way to test it (preferably free and not involving criminal activity).

I finally got around to testing it using the contactless access control readers at a Sun office, and the results were quite interesting.

I put my Sun badge into the wallet, closed it and waved the card over the reader as normal. The wallet is just a normal billfold-style one, and some people had been predicting that unless it completely wrapped around the card, enough emissions would get in (or out) for the chip to be interrogated. The result? Not a sausage. No reaction, no access.

So I opened the wallet and tried again, this time with the card face down; again, no reaction, either with the card 'wafted' normally, or held against the reader. The only thing between the card and the reader at this point was a transparent plastic 'window'.

Interesting.

I don't know enough about electronics to hold forth on this, but someone I was with suggested that, because the reader has to emit enough power to 'energise' the RFID chip, the same energy could interact with the Faraday mesh so as to produce a 'haze' which itself shields the chip from being read. I dunno, but given the observable results it sounds plausible.

Every so often I wonder if I should remove the Amnesty 'Ceasefire' graphic from the right hand column of this blog. 

It is not yet time to do so.
 

For those of you who don't already know Sun UK's own "Man In Black" - Dave Walker is one of their most respected security specialists, equally at home discussing the intricacies of Trusted Solaris or the evidential requirements of computer forensics. He left a comment on my earlier post to let me know that he's dusted off a 'Letter to Tony Blair' in which he does a detailed dissection of ID Cards and their practicality on a national scale. It's so good I can't leave it languishing in a comment you might never reach... so here's the permalink.

Be warned, though - it's not a 30-second read. And bring your brain.

There has been a fair bit of coverage of the mid-terms over here, with plenty of detail for those inclined to delve into it. Perhaps this is a reflection of the extent to which US politics is perceived, more than ever, as having an international dimension which is directly affecting so many people in so many places.

Here are a few of the items which, for whatever reason, I think have stood out from the rest of the UK mainstream coverage.

On the 'issues': 

- South Dakota's rejection of a conservative harder line on abortion (an interesting counterpoint to Bob Casey's win in Pennsylvania with an anti-abortion stance);

- Missouri's rejection of a candidate who stuck with the epublican party line against stem cell research;

In terms of visibility: 

- Joe Lieberman's victory as an independent in Connecticut;

- The voters' refusal to let go of issues like the Iraq invasion;

- The Republican loss in Florida over the Foley sex scandal. 

The coverage also refers openly and repeatedly to government corruption as a significant factor. Clearly the damage done by episodes involving the likes of Rove, Libby, Abramoff and DeLay was both serious and lasting.

I am in no way qualified to judge whether the swing in the balance of power will prove beneficial or not. Superficially, it's tempting to characterise this as an unqualified victory for the Democrats and an opportunity for them to assert their values - but there are precedents to suggest that a weakened incumbent can actually lead to worse outcomes than one capable of executing (even unpopular) policy.

Thanks to some advice from Superpat, I have added a Flickr 'badge' to the right-hand column of this page. You should find it just below the Copyright notice. Clicking on any one of the three random thumbnails will take you to my photos on Flickr. I hope you like them.

When the Prime Minister weighs in publicly on a specific policy, it usually generates some comment. When the person commenting is Alec Muffett, it's usually worth taking note. His post this morning is no exception, deftly whipping the cover off two of the 'anomalous messages' we are being offered.

First: as Alec points out, the more consumers use online commercial services such as Amazon, eBay and the like, they more they appreciate that, actually, e-commerce transactions can take place quite satisfactorily on the basis of a small subset of the service-user's identity information... a subset for which a National Identity Register is almost certainly over-kill.

Second: when one tries to promote ID Cards as the cross-sector panacea for authentication, whether for public- or commercial-sector transactions, it gives rise to a serious mismatch which the current policy seems not to address.

Commercial transactions underpinned by commercially-issued credentials take place within a well-understood framework of commercial liability, where contractual responsibilities rule, insofar as they do not try to override non-contractual entitlements ("this guarantee does not affect your statutory rights").

Public-sector transactions underpinned by public-sector credentials take place within a framework (often rather more implicit) of statutory obligations (you can't sue the immigration service for breach of contract if they incorrectly bar you from entering the country...). You may have recourse, but it won't be contractual.

The problem of how you handle cases where these two categories overlap (such as, for instance, using a national ID Card to authenticate yourself when shopping for a mortgage online) is a difficult one to solve. It's especially difficult if you proceed as though the problem doesn't exist.

I'm conscious that in yesterday's post, I referred only to those snippets of the PM's press briefing which they, in turn, quoted. Here's a link to a related BBC article about the general tone of the session, and here's one to the full briefing page on the Downing Street website.
Enticingly, you will see a link there to an online webchat with James Hall, recently drafted in from Accenture to head the ID Cards programme. Unfortunately, I'm not sure the 'submit a question online' process is working. Here's the error I got when I tried:

Thank you for submitting a question.

Microsoft JScript runtime error '800a1391'

'wcRS' is undefined

/question.asp, line 76

I can't improve on Hubert's post; we've just released the source of Federation Manager. Over to you......

Mr Blair addressed the topic of Identity Cards in his most recent monthly press briefing, noting that the project is "on budget and on schedule" - presumably on the basis of the first six-monthly report to which last March's legislation committed the Home Office.

If I calculate it correctly, that report was a month late (a slippage of 16% against the due date).

It also aroused a certain amount of controversy, notably from Prof Ian Angell of the LSE, some of whose comments are quoted here.

Even the BBC's brief excerpts from Mr Blair's briefing seem to me to reveal some of the unresolved confusion at the heart of the policy. For instance, Br Blair is quoted as saying that all non-EU nationals will need to carry a UK ID card from 2008 if they are to work in the UK or access public services. I wonder if that means that a non-EU national who is hit by a bus in the UK will simply not be treated if they cannot produce their ID card?

It also highlights (again) one of the unacknowledged issues with the scheme, which is that the UK government cannot compel other EU nationals to carry a UK identity card - so we will be placed in a situation where UK nationals and non-EU nationals have to be registered, but citizens of our closest neighbouring countries will not.

Mr Blair is also quoted as saying: that the National Identity Register will "help improve protection for the vulnerable, enabling more effective and quicker checks on those seeking to work". I'm not sure I follow the argument there; it appears to run "some members of our society are vulnerable; therefore we need quick and effective checks on those seeking to work..." (provided, of course, that they do not come from an EU state).

Yes, CRB (Criminal Records Bureau) checks are intended as a safeguard against, say, people with a history of child molestation from getting work as primary school teachers... but to imply that a National Identity Register will fix that problem is stretching things a bit far.  We have repeatedly been assured that the NIR itself will not contain this kind of data - so successful protection depends on reliable access to accurate information elsewhere, whether or not the subject can be obliged to hold a UK ID Card.

The BBC article led (rightly, in my view) with the classic 'false opposition' Mr Blair deployed as part of his case. Apparently, although ID Cards are often portrayed as raising a civil liberties issue, they are actually more an issue of 'modernity'. 

Well that's settled, then. I'd far rather be modern than have civil liberties, any day.

 

You may have seen Yahoo's current 'Time Capsule' project by Jonathan Harris. If not, now's the time to head over there: you have until 11:59 p.m. PT on November 8, 2006 to contribute, and to see what is already there. 

One of the themes for contributions is "Hope". What are your hopes for the time between now and when the capsule will be re-opened in 2020?

The UK's international development secretary, Hilary Benn, may or may not have expressed it via the Time Capsule, but he has called for a ban on the use of cluster bombs, which I think is a worthy hope.

In addition to the sites I linked to in my September post, there is a Cluster Munition Coalition, whose site has country-specific links to contacts through whom you can take action.

Here's a link to a related case-study which illustrates one of the more repugnant aspects of cluster munition use: in the Jaffna peninsula of Sri Lanka between 2000 and 2002, 50% of the victims of 'ERWs' (Explosive Remnants of War) were children. Often they were going about daily tasks such as collecting firewood. Sometimes they were intentionally seeking out discarded weaponry because its scrap metal value makes it an economically attractive resource to salvage, despite the risk.

With Remembrance Day, Thanksgiving, Christmas, New Year and other commemorations all approaching on the calendar, there are plenty of opportunities for us to both reflect on these issues and, more important, act on our reflections by volunteering, making a donation or even just writing to a policy-maker. Think of it as an investment in hope.

This time last year, give or take a day, I blogged about the firework display in our neighbouring village. It was just as good again this year, but with the added bonus of a clear, windless sky and a huge, bright moon. I have no idea what the soundtrack consisted of this year, I'm afraid, but the assault on the optic nerves was fabulous.

Some of the multiple air-burst pyrotechnics were so spectacular that at this rate, it can only be a matter of time before they get reclassified as cluster munitions. (Insert your choice of ironic comment here, with appropriate reference to religious minorities, multiculturalism and big bonfires...).

And looking back at last year's blog: my word, I was angry about some stuff. 'Spin and revolving doors'; Blunkett out, Blunkett in, Blunk it all about; arguments for the identity card and 90-day detention...

It didn't stop some pretty odious laws getting passed, of course, but it was quite therapeutic. On the other hand, it also serves to remind me how much our elected leaders trade on the fact that our attention span has been progressively whittled down to the lifespan of a prawn sandwich. Thanks heavens, then, for Mr Blunkett's subsequent memoirs, which have achieved (seemingly effortlessly) what I could not, in terms of completely discrediting him.

It's all over the news at the moment. Yesterday, Professor Alec Jeffreys (the scientist who invented DNA fingerprinting), expressed his concerns at 'functional creep' in the UK's law-enforcement  database of DNA samples. He pointed out a fairly basic Data Protection issue, in the sense that when the database was first established, it was set up with the stated intention of storing the DNA of convicted criminals so as to make their arrest easier in case of re-offending; however, as well as the DNA of convicted offenders, the database now includes records for those arrested but found innocent, and of victims and witnesses who have given consent to being sampled.

Worryingly, in those cases where a non-offender has given consent, that consent cannot be withdrawn, according to Chief Constable Tony Lake (chairman of the strategy board for the database).

So let's just look at the law here. The Data Protection Act 1998 says the following:

Principle # 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

and

Principle # 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Incidentally, Principle # 1 says that:

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless [the relevant conditions of Schedules 2 and 3 of the Act are met]. We'll see why that's a factor in a moment.

Of course, there are exemptions from the Act in the case of data being used for law enforcement; however, the law-enforcement exemption is clearly phrased as follows:

29. - (1) Personal data processed for any of the following purposes -
(a) the prevention or detection of crime,
(b) the apprehension or prosecution of offenders, or
(c) the assessment or collection of any tax or duty or of any imposition of a similar nature,
are exempt from the first data protection principle... [my underscore]

I'm interested and somewhat alarmed to see that the unlawful processing of PII seems to be permitted under this exemption.

However, you'll also note that the exemption is from the first principle, and not the second or fifth principles... in other words, the 'law enforcement' purpose apparently does not give and exemption from the requirements relating to 'purpose of processing' and 'period of retention'.

So if - as a victim of a crime - I am invited to give a DNA sample "so as to eliminate me from enquiries" on one occasion, and then ten years later the police find my DNA in suspicious circumstances at a crime scene, can they really argue that they are matching it against the database record "to eliminate me from enquiries", or are they doing so in order to confirm my guilt?

Let's not forget that, if the 'burden of proof' still applies, I must have been considered innocent at the time of the first sampling.

Over-all, I can't see a consistent logic in the way the DNA database is being used currently.


So what else...? Oh yes, today there's news of a report by the Surveillance Studies Network which describes the UK as 'the most surveilled country' by comparison with other Westner industrialised nations, and that it has 'more CCTV cameras and looser laws on Privacy and Data Protection'. When I can get a copy, I'll blog more.

I suspect the report has been carefully timed to co-incide with the 28th annual conference of Data Protection and Privacy Commissioners. As it happens, that's where I'll be tomorrow, on a panel to discuss "The Privacy Implications of User-Centric Identity Management Systems". If you're there, please stop by and say hi.