Several defence-related stories leap to the eye from today's news.

- Iran remains apparently intransigent over its seizure of a number of sailors and Marines somewhere near the intersection of Iraqi, Iranian and international waters near the Shatt al Arab.

- Halfway round the world, the Argentine government says that, if the UK is going to prospect for oil around the Falkland Islands, then a 1995 agreement on sharing the proceeds must either be scrapped entirely, or linked to a re-opening of discussions about sovereignty over the islands.

Perhaps they have shrewdly judged that, if we are unable to prevent a boatful of Marines and sailors from being abducted under the nose of a fully-armed frigate, we might not be well placed to defend a distant archipelago of several hundred small islands.

As far as I can judge, given our military commitments in Iraq, Afghanistan and elsewhere, all we would be able to send down there at the moment is a couple of hang-gliders, some disused pedalos from Alton towers, and a large catapult re-deployed from the missile defence systems up in Fylingdale.

- However, all is not lost. With an immaculate sense of timing, the RAF has chosen this week to launch... a new multi-role combat aircraft? No: a range of themed designer clothing, including a bikini for the woman who... how can I put this... would not need a Mae West.

I can just sense your scepticism - so here's the link.

Over at the Bit Bucket, Dave has been applying some of his copious cycles to the question of how you find the source of a Mass Data Compromise, particularly if you are sometimes obliged to make mass disclosures of PII (for instance, to a regulatory body). As ever, it comes down to a balance between technical and non-technical measures.

You will see from Dave's thoughts that it would involve some extra work to create and manage (over time) "differential" sets of disclosed data, one per party to whom you disclose. That may be more than what we are currently accustomed to doing, but net, it's probably no more than one would have to do in a well-managed paper-based system.

In that respect, this might just be one of those chickens which is coming home to roost after a fine run out of the coop. We've all gained a lot from the ease with which data (including PII) can now be stored, analysed, replicated and shared: perhaps it's now time to re-invest a little in updating practices to keep it properly private. After all, the volume of headlines like these shows no sign of decreasing:

"60% of breaches caused by organisational mismanagement"

"Stolen laptop: Privacy Commissioner rules that identity data must be encrypted"

PS - I bet no-one's ever made you a Disclosure State Machine... boy, do I feel smug.  ;^)

Last August the Royal Mail changed the way it charges for delivering letters. Up to then, the price of a stamp was based simply on the weight of the item. The changes introduced last year added the dimensions of the letter or package to the calculation.

One effect of this is that you now need a calculator table to work out how much something will cost to post. Another effect, which I ran into yesterday, is that the new system introduces some real absurdities. I was sent a standard letter-sized envelope (the kind which would take an A4 letter folded into thirds...) containing half a dozen credit-card-sized cards. It weighed the same as, say, a 3 or 4 page document. Instead of delivering the letter, however, the post office left a card saying it had been underpaid, and I would have to collect it from the sorting office.

The fee for doing this was £1.11. That's 11p for the unpaid postage and a £1 "handling charge" (for keeping the envelope in a drawer rather than delivering it. Nice.). Don't even get me started on what they charge when goods ordered from abroad attract a customs payment. Later, perhaps, when I've cooled off...

Yesterday's letter had been run through a franking machine by the sender - who must therefore have weighed it and set the amount based on a weight of (well) under 100 grams. So why the underpayment?

It turns out that their mistake was to send the cards in a stack, rather than distributing them evenly within the envelope. As a result, the envelope was more than 5mm thick, and therefore qualified as a 'large letter', not a standard one. Note that, for the same effort as delivering the card telling me to collect the letter, they could have delivered... the letter. I would even have paid the 11p there and then. I'm that generous. As it was, though:

Net cost to me:  

- 25 minutes during working hours (the card was delivered mid-morning, and the sorting office closes at 1pm each day)

- 1/3 litre of petrol (about 30p)

- 11p underpayment

- £1 'idiot tax'

Net gain to the Royal Mail:

- £1

- One hacked-off customer.

Last year the Royal Mail made operating profits of almost exactly one milllion pounds per day.

As you may know, California Senate Bill 1386
(and equivalent bills in many other states) impose a duty on data
controllers to notify the data subject if there has been an unwanted
disclosure of their personally identifiable information (PII).

There isn't an exact equivalence between SB1386 and the UK Data Protection Act, but the Information
Commissioner's Office 'Audit Checklist' for Data Protection Act
compliance does include an item asking 'how data subjects are made
aware of disclosures of their information'.

As described in this story on the BBC site, a UK local authority has just had to go through this the bad way.

I blogged back in December 2006 about the highly questionable practice
whereby the Audit Commission obtains the payroll details of an
arbitrary subset of public sector employees (and therefore in some
instances also the bank details of their spouses).

One of the questions raised then was what measures were taken to protect such data in transit. In this council's case, the data was password protected and written to CD. The CD was then posted to the Audit Commission, but didn't arrive. So a second copy was sent... but didn't arrive. The third copy did, but the council has written to all those concerned to notify them of the breach, and the possibility that the subjects' PII may be open to abuse.

At a recent conference on 'Civil Contingencies and the Critical National Infrastructure' I asked the audience the following question: "If you suspect you've had a Mass Data Compromise, what signs would you look for to see if your data is 'out in the wild'?"

One of the participants said "I seed my database with bogus employee records... so if we ever spot one of those in the wild, we know there's been a breach because that information doesn't exist anywhere else."

This raises a really interesting practical problem, particularly if public sector data sharing is to become as widespread as the government appears to intend: what do you do when (rather than suffering a breach) you have to disclose all the data to a third party?

- If you send everything except the bogus records, then they lose all their effectiveness as a forensic measure.

- If you send the bogus records as well, and they do later show up in the wild, you know someone's had a breach, but you don't know if it was you or the other party; the more other public sector bodies you have to share the data with, the more intractable this problem gets.

- There's also a very predictable short-term consequence, which is that if you include the bogus records, you'll get a deluge of fraud allegations from the Audit Commission because you appear to have a load of non-existent people on your payroll - with spurious bank details and everything.

It's a knotty problem. 

The Home Affairs Committee is to initiate an inquiry into the state of surveillance (otherwise known as the UK...). Apparently it will look at factors such as the government's ID card plans, its accumulation of citizens' DNA samples, and the prevalence of CCTV systems in the UK.

The BBC article announcing the inquiry also refers to a number of other privacy-related themes in the national context such as dataveillance, and quotes a Department of Constitutional Affairs spokesman from last November expressing the view that there needs to be a "balance between sharing information responsibly and respecting the citizen's rights."

It would be fascinating if the Committee decided to include 'the impact of public sector data sharing on citizen privacy' in the scope of their enquiry, but frankly I'm not sure they have time for a topic of that enormity.

Today was Budget Day in the UK, widely assumed to be Gordon Brown's last budget before he ascends to his next incarnation.

With a dramatic flourish, he wrote the headlines for tomorrow's papers by declaring a reduction of the 22% tax rate to 20% (this band currently applies to income between £2,151 and £33,300). At the same time, he declared the abolition of the 10% tax rate... which applies to income up to £2,150. [This is not quite accurate, because I have not taken into account the Personal Allowance which, for most people, will exempt the first £5,000 or so from taxation. Thereafter, the tax bands kick in... Dick Davies says it more clearly in his helpful comment, below].

So let me get this straight: currently someone on up to £33,300 is taxed at an average tax rate of somewhere between 10% and 22%. This budget will ensure that they now pay tax at an average rate of 20%. That can only be worse for you the closer your annual income is to the bottom end of the scale.

A characteristically Brown-style move is to redress that balance by making it possible for those on very low incomes to claw it back in the form of tax credits. In other words, the Treasury takes the money by default, and the onus is on the taxpayer to get it back again. The experience of organisations like the National Association of Citizens' Advice Bureaux is that those on very low incomes are frequently those who find this kind of process hard to negotiate... assuming they are aware of their benefit entitlement in the first place.

OK... I know that USA Today, even in its InternetLife pages, is not exactly Scientific American, but this bubbly upbeat article about the emergence of OpenID does seem to me to miss some of the key points.

I have huge sympathy, incidentally, for Brad Fitzpatrick of Six Apart, who probably spent a while on the phone to Jon Swartz - the article's author. The reward for Brad's investment of time was the following illuminating soundbite about the take-up of OpenID: "It's a little surprising".

Time well spent, then ;^)

Clearly, it was hard for USA Today to ignore the OpenID phenomenon, as it recently got a level of endorsement from Microsoft. Apparently OpenID is a feature similar to Cardpsace. That probably made Kim Cameron's day, too.

But what are USA Today's readers supposed to make of the idea that OpenID "could be the answer to a major headache: It lets consumers use the same
user name and password for hundreds of websites that require a sign-in." Hold on... isn't that just what we've all been telling people not do to for the last few years? And in any case, if I want to use the same user ID and password for every website I subscribe to, I don't need OpenID to tell me how to do that... I just type them in and hope for the best.

The problem is that, in simplfying the OpenID concept to this extent, Mr Swartz has omitted both a key point about how OpenID actually works, and a key decision factor about when it's a good idea and when it might not be the best alternative.

In case you haven't tried it yet, the simple idea behind OpenID is this: you 'register' yourself at an OpenID provider, which basically means that you associate a user ID/password with a given URL: so, for instance, I associate the ID and password "robin" and "trivial" with the URL "http://myopenid.tla/robin".

When I subsequently want to get to a Service Provider website which needs me to identify myself, the OpenID protocol allows the Service Provider to re-route me to me URL, where I confirm that I know my userID and password (to the server at that domain... not to the service provider).

The OpenID server sends me back to the Service Provider with a message which says "yes, he knew the ID and password", and the Service Provicer lets me in.

So the first relevant point is - this is not a matter of setting the same ID and password at every subscription site I use... it's a matter of rerouting Service Providers to a single (or if I have lots, my choice of) OpenID provider.

Second relevant point: why would the Service Provider trust the assertion it gets back from the OpenID URL? How does the Service Provider know that I haven't set up a malicious OpenID provider which always answers "Yes"? The answer is that the Service Provider has no de facto reason to trust the OpenID Provider's word for it, unless there is some other factor in operation which increases the trust level - such as a trust agreement between the Service Provider and the OpenID Provider (and possibly the user too).

That's more heavyweight than the default OpenID scheme is intended to be, because its primary aim is (as the article correctly points out) to increase user convenience. If you do add those additional trust factors, you end up with a distributed authentication service which looks unsurprisingly similar to a subset of Liberty's ID-FF functionality (the browser redirect functions, but not the single login-logout or the link/unlink functions...).

And it's fine to have the objective of increasing user convenience. Which takes me back about 12 years to the 'Cynic's Law of Security Systems':

"You can have secure, manageable or convenient... pick any two".

We were on the towpath yesterday doing support crew duty for Devizes-to-Westminster training, so I missed all the TV coverage of the Rugby Six Nations finals. It would have been bittersweet viewing anyway, particularly as Ireland's thumping 51-24 point win over Italy was not enough to give them the championship: in Paris, France beat Scotland by 46 points to 19, a 27-point margin which kept their 4 point lead over Ireland in the over-all championship rankings. The Welsh 27-18 win over England went down well with a proportion of the household, though.

Meanwhile, conditions on the water are still quite challenging because of the heavy rainfall recently. The locks/weirs on a substantial stretch of the Thames are considered too dangerous for non-motorised traffic, and having seen the white water at Marlow weir I can understand why. Here's a still from Cookham bridge, a little further downstream:

 It may not look too dramatic, but the current was really shifting. It could make for very challenging race conditions, assuming that the river drops enough over the next three weeks to make the race possible at all.

As before, all the Dauntsey's crews are racing to raise sponsorship for the Meningitis Trust, so please help Anna contribute to the pot. All you need to do is drop me an email with a pledge: racingsnake at sun dot com. Thank you!

A BBC article today about refuse collection highlights some of the absurdities of policy implementation in this area, no matter how desirable some of the possible outcomes would be if realised. As you know from previous rants on the topic, there is, in this district at least, a huge mismatch between the service on offer, the requirements of the average household, and the broader ecological and economic objectives.

Among the points which struck me from today's story:

- Defra (the Department for Environment, Food and Rural Affairs... you know... "You need 160,000 turkeys culled... who ya gonna call?" You need the turkey factory regulated in the first place... who ya gonna call?")... anyway, that lot: their position on fortnightly collections of bio-degradable refuse is that it will not give rise to hygiene concerns "provided it is properly wrapped". In practice, apparently, this means double-bagging it in (non-biodegradable) plastic until such time as it can be taken to the landfill.

-  Next up, environment minister Ben Bradshaw, who maintains that "pilot schemes with fortnightly collections had revealed an increase in the amount of
recycling", which skates smoothly around the complete lack of causal relationship between premise and conclusion. Hey, if there's a direct link, let's collect the rubbish once a month... that should quadruple recycling rates. Recycling doesn't happen because you collect the rubbish less frequently: it happens because there's an investment in the means and willingness to do recycling. In my experience, the average rate-payer would love to do more about recycling, so the willingness is there, but (here at least) the corresponding investment is not. For instance, the local authorities in this district are not investing in the kind of composting facilities which other councils successfully use to process cardboard, and as a result our lot are about to ban cardboard from the 'recyclables' collection.

- Mr Bradshaw goes on to say that "Recycling household waste, he said, was "the equivalent of taking 3.5 million cars off the road". Well, I beg to differ, minister. Recycling could be the equivalent of taking 3.5 million cars off the road... but not if you implement it in such a way that the only option a householder has for getting rid of cardboard and plastic is to drive several miles to the nearest recycling collection point. Here's a satellite shot of what is becoming a regular feature of the household weekend: the queue to get into the 'tip' -

 If recycling is good for the economy, then it justifies the initial investment to make it (a) possible (b) convenient and (c) ecologically less damaging than not recycling.

There's a lot of broadsheet coverage today of the confession statement produced at a Guantanamo tribunal in the case of Khalid Sheikh Mohammed, including articles on the BBC, NY Times (reprinted in the Financial Times), the Guardian, the Independent and so on. This tribunal hearing was not to establish his guilt or innocence - it was the next step in the convoluted process of 'determining' whether or not Mohammed can be classified as an 'enemy combatant'... which boils down to whether he can continue to be kept entirely outside recognised judicial procedures.

A scan of the articles cited above produces a list of ways in which that process falls short of judicial norms:

- Mohammed was not entitled to legal representation at the tribunal (in fact, his 'personal representative' was a US Air Force Officer who was not even named);

- He was refused the option of calling witnesses;

- The tribunal will take into account evidence which Mohammed will not be allowed to see;

- Arbitrarily, the hearing was not open to public scrutiny, despite the fact that previous such hearings have been attended by the press. The criterion appears to be 'how high-profile the detainee is';

- There is strong suggestion that he has been tortured while in detention.

Of course, there is also the point that four years of detention under Guantanamo conditions would probably, it itself, be enough to produce almost any confession from almost any detainee - with or without the use of sleep deprivation, hoods, shackles and gas masks, 'stress positions',  'water-boarding' and the like.

Then there's the substance of the transcript itself. Mohammed did not, as far as I can tell, assassinate John F Kennedy, Georgi Markov or Alexandr Litvinenko... but he's prepared to put his hand up to pretty much everything else, including plots to assassinate Bill Clinton and Jimmy Carter, and to attack suspension bridges, financial exchanges, the Panama Canal and so on. Interestingly, Ronald Reagan and George Bush senior didn't figure on his list, so it appears that what really winds Al Qaeda up is not invasion, but peace-mongering.

Reagan's administration reputedly 'gave the green light' to the Israeli invasion of Lebanon in 1982, and George senior's watch included GW1 - whereas Carter was the architect of the Camp David accords, and Clinton famously brokered 'the handshake' between Yitzhak Rabin and Yasser Arafat in 1993.

This may explain why George junior's first instincts are for military intervention: he just doesn't want to end up on Al Qaeda's assassination list. Go on, Mr President... Give peace a chance.

five.

(In case you haven't read my earlier post yet, the question was "how many of the same soundbites from Andrew Marr's session yesterday would Drew and I independently blog...?")

Here's Drew's post. We were obviously tickled by the same things - but then, I kind of expected that. It's why I enjoy working with him.  ;^)

I was up at Methodist Central Hall yesterday for this year's SunLive event. I had the chance to accompany the Corporate Standards Manager for Wiltshire County Council, which was a pleasure.

It was also nice to go to a conference as part of the audience for a change - though I have to say, the programme organisers did just fine without me on the bill. I spent most of my time in the Education and Public Sector stream, which was organised with the help of the excellent team from Public Sector Forums... who you will have seen me refer to elsewhere in this blog. Conn Crawford presented on the Identity Management work he's pioneering at Sunderland City Council, and Iain Bourne gave a very useful talk on Data Protection legislation as an enabling framework for data-sharing.

Old Friends 

An interesting story in the NY Times today about some probably unintended consequences of a recent policy change in the US.

The headline justification is very familiar; individuals must provide stronger evidence of entitlement (in the form of citizenship) in order to claim state-funded medical benefits. The policy is intended to save money by preventing non-US citizens from claiming Medicaid. As the article puts it:

"Under a 2006 federal law, the Deficit Reduction Act, most people
who say they are United States citizens and want Medicaid must provide
“satisfactory documentary evidence of citizenship,” which could include
a passport or the combination of a birth certificate and a driver’s
license.

Some state officials say the Bush administration went
beyond the law in some ways, for example, by requiring people to submit
original documents or copies certified by the issuing agency."

This has had a number of results which were probably not planned for:

• In Louisiana the state authorities have had to add 'processing and copying credentials' to their workload, as hundreds of citizens send in originals of their driver's licenses and birth certificates. Clearly, the loss of these documents at this stage would be even more serious than usual.
• In Utah, demand for replacement birth certificates has increased, and authorities note that it is often from citizens not well placed to pay for the duplicate - so there is a 'social exclusion' effect here too.
  

As serious, however, is the effect on patients, particularly children. The article has this to say:

"Medicaid officials across the country report that some pregnant
women are going without prenatal care and some parents are postponing
checkups for their children while they hunt down birth certificates and
other documents.

...

Dr.
Martin C. Michaels, a pediatrician in Dalton, Ga., who has been
monitoring effects of the federal rule, said: “Georgia now has 100,000
newly uninsured U.S. citizen children of low-income families. Many of
these children have missed immunizations and preventive health visits. And they have been admitted to hospitals
and intensive care units for conditions that normally would have been
treated in a doctor’s office.”

Dr. Michaels, who is president of the Georgia chapter of the American Academy of Pediatrics, said that some children with asthma had lost their Medicaid coverage and could not afford the medications
they had been taking daily to prevent wheezing. “Some of these children
had asthma attacks and had to be admitted to hospitals,” he said."

Prophylactic medical treatment (such as vaccinations and asthma inhalers) is generally seen as a cost-reduction measure... prevention not only being better than cure, but also usually cheaper.  If more stringent identity verification is done in a way which reduces that preventive treatment, there is likely to be a cost further down the line.

About 18 months ago I blogged optimistically about the results of a government-commissioned research report into the teaching of languages in UK primary schools. "It's a good idea..." said the report - and I agreed. I still agree, and the government is still commissioning research into whether it should happen. This report says it should, and in even stronger terms. Rather than 'providing an entitlement' to learn a language, this report says language tuition from age 7 should be compulsory. Come on, people... stop spending money re-asking the question, and start spending it on implementing the recommendations...

Los... fortfahren... allons-y... vamanos... andiamo... avanti... haydi... daha çabuk! 

Last time I was in the States and listening to the car radio, I heard one of those phrases which you have to jot down as soon as possible so as not to forget it. I can't claim to be the first to 'collect' it, as Evelyn Waugh used something very similar in his 1948 satire, "The Loved One". The phrase was

"pre-needs customer"

and it was used specifically in reference to the undertaking profession - to refer to someone who is, well... still alive.

I had lodgings with an undertaker once... but that's a story we'll come back to in another blog post.

In the meantime, if you're a pre-needs customer and you're more interested in overtaking than undertaking,  you might want to investigate the following service: MotocycycleFunerals.com. I saw one of their conveyances parked in Salisbury a few months ago and did a text-book double-take.

Something I've noticed about large organisations is that they are often much better at communicating outwards than spreading the same information internally. It's always heartening, therefore, when you see that a colleague is picking up on stuff that's happening elsewhere in the organisation.

Today I was delighted to see that news of the Liberty Alliance prompted John Domenichini to blog about it; specifically, he's noticed some of the media coverage of the "Legal Frameworks Template Document" recently launched by Liberty's Public Policy Expert Group (PPEG). I am happy to say I was part of the team which worked on this document - though the great majority of it was written by suitably qualified legal advisers, you will be relieved to hear.

The problem we set out to fix wasn't a new one - it was the long-standing question of how you get the business and legal people in an organisation to discuss the same problem (how to set up a Circle of Trust) meaningfully, given that a lot of the time they don't really speak the same language.

It's analogous to the problem of how you get developers and business-people to have a meaningful discussion about a software development project, or security implementation. As I noticed when I spent most of my time working on cryptographic systems, 'the people who make the implementation decisions tend not to understand the technology, and the people who really understand the technology tend not to rise to roles in which they get to make the decisions...'.

So with the Legal Frameworks document, we wanted to express the different Circle of Trust options in a way which would allow the business-people to identify the one which represented the best 'fit' for what they wanted to achieve, and the legal people to match that to the appropriate underlying contractual arrangements. I'm using the term 'business-people' loosely, because the models we chose are designed also to reflect the organisational requirements of bodies like charitable trusts or 'companies limited by guarantee'.

The document's launch seems to have generated an enormous amount of interest. I hope it proves useful; if you find it useful, please let us know. If you find ways in which it could be improved or supplemented, please let us know that, too.

Those of you who have been long-term visitors to this blog may remember the entries from this time last year, in which I described my daughter's progress through a 125-mile marathon canoe race and the training programme which built up to it.

Well, guess what. She's doing it again. (Oddly enough, this qualifies as today's "Lenten feel-good" post - go figure...)

One of this year's participants has unfortunately dropped out of training, so Anna has been asked if she would step in as a replacement. This means she will be doing the full course after only about 6 weeks of the normal training programme, which is no small challenge.

As before, I'm going to shamelessly abuse this blog as a means of drumming up some support and sponsorship for this year's selected charity, which is for meningitis treatment and research; more details of that soon.

In the meantime, as a reminder, here's a recent picture from a chilly spring evening on the Thames at Reading.

Back on February 1st, I blogged about Conservative MP David McLean's Private Member's Bill to exempt MPs from the provisions of the Freedom of Information Act. The Bill in question (being a Private Member's Bill) could have been killed off at either of the two initial voting stages by a single "No" vote. It was not.

It has since passed through its Committee stage without dissent.

I still think this is a bad piece of legislation, which tries - through inappropriate measures - to fix problems which are already addressed by other laws. This debate, whose transcript you can find here, casts serious doubt on whether the committee members clearly understand those existing laws.

First, it is quite clear - as others have already pointed out - that the Data Protection Act 1998 (and the principles of the European Data Protection Directive on which that is based) exempts anyone (whether an MP, public body or other entity) from disclosing a data subject's personally identifiable information (PII) to a third party. That in itself would suffice to cover many of the cases which were put forward to justify exempting all MPs' correspondence from the provisions of the Freedom of Information Act.

Second, it is also perfectly clear that organisations which are not public bodies are not covered by the Freedom of Information Act. A non-public body, asked by a third party to disclose the contents of an MPs letter, could quite simply say no. On the other hand, if a public body devolves its statutory responsibilities to a non-public body (for example, to operate a social housing trust) it is the case (and properly so) that those parts of its work which concern the devolved public funciton are subject to the same openness requirements as the public body. To do otherwise would undermine public accountability.

I find it astonishing that the committee took the example of the Law Society (a non-public body responsible for regulating the conduct of legal professionals) and portrayed good practice as bad. The Law Society, although not bound by FOIA, has voluntarily adopted a code of practice which clearly sets out what information it makes public about its operations.

I don't deny that MPs are faced with some difficult decisions about confidentiality and personal information. I don't deny that they need to enjoy the trust and confidence of their constituents in order to do a good job. But I absolutely oppose the view that the best way to achieve that is to exempt MPs from the openness requirements imposed (by the legislation which they drafted, incidentally) on other publicly accountable bodies.

The logic of their position is simply untenable. For instance, much of the debate took the following form: "MPs cannot trust other bodies to safeguard the confidentiality of correspondence, therefore the correspondence should have a blanket exemption from disclosure."

This, in a debate where MPs admit to breaching confidentiality when it seems like a good idea, to sending emails (which I would highly doubt are encrypted) containing exactly the information whose confidentiality they are so concerned about, and to attaching 'candid Post-it notes' to correspondence, not knowing whether their more candid views make it to the desired destination or not.

Conversely, public bodies who have to comply with the Freedom of Information Act have had to actually change their information-handling culture so as not to do this kind of thing.

The supporters of this Bill would do well to look at the record of decisions by the Information Commissioner about breaches of the FOI and Data Protection Acts.

As far as I am aware, they will find few if any cases where the Information Commissoner has ruled that information was improperly disclosed under FOIA; they will find no cases, to my knowledge, of prosecution for breach of confidence arising out of that act. They will, of course, find an abundance of cases where information has been improperly withheld.

That ought to lead them to conclude that they are legislating in the wrong direction.

It seems I still can't post a comment on Kim's blog without having an Infocard with which to authenticate myself... and the corresponding client-side technology. It's churlish of me, I know, but that seems an unreasonably high barrier to pass, just in order to leave a blog comment on a site which, in any case, asks me to leave my name and email address. As it is, without an Infocard I can't get past the following error message:

Not Found

The requested URL /wp-comments-safe-post.php was not found on this server.

So I suppose I'll just have to leave my comment here, with a trackback to the original post.

You may also find it handy to have links to the ur-posts by Eve Maler and Jim Kobielus.
 

"Kim - that said, you have made the point in a subsequent post that you see CardSpace as an 'identity selector' as opposed to a 'credential selector'; as aspects of your various identities change over time, the process of copying cards from one device to another may give you the kind of management problem Eve mentioned... one where (for instance) you might end up with different attributes stored against the same 'identity' in different devices.

I think that's a fairly practical issue to need to deal with. It's not necessarily "the big vulnerability of Cardspace", or a 'does not compute' question of mind-boggling bizarreness... but then, I can't find anywhere where Eve said that."

 I know (especially since my last blog on the subject) that I'm not a qualified expert on DNA, but nevertheless I'm puzzled by the following extract from Parliamentary questions. The text is self-explanatory, but I thought the whole purpose of a DNA database was to eliminate uncertainty from the process of identifying people.

However, as you'll see from the Under-Secretary's answer, they know how many profiles they have loaded on the NDNAD, but can only estimate how many individuals those profiles correspond to. The difference between the two figures is some 480,000 profiles, or about 11% of the contents of the database.

Here's the text:

DNA Database

Grant Shapps:
To ask the Secretary of State for the Home Department how many people
have had profiles stored on the National DNA Database since 10 January
2006; how many profiles are stored on the National Database; and if he
will make a statement. [107705]

Joan Ryan:
Between 10 January and 30 November 2006, 698,649 subject profiles were
loaded on the National DNA Database (NDNAD). It is estimated that this
number of profiles relates to 621,798 individuals. (Some individuals
have more than one profile on the NDNAD due to replicate sampling. For
example, an individual arrested on more than one occasion may have a
sample taken more than once because they have given a false name). At
30 November 2006, there were 4,280,379 subject profiles on the NDNAD
which relate to an estimated 3,809,537 individuals.

Apologies for the lack of posts last week, but I was in Berlin for several days and quite busy.

Things kicked off first thing on Monday morning, when I moderated a 2-hour Privacy Summit hosted by my friend and colleague Dr Hellmuth Broda, under the aegis of the Liberty Alliance's Public Policy Expert Group. From my perspective at least, it was a fascinating session: we had deliberately tried to bring a diverse group together so that each participant could provide their different perspective on privacy. So we had academics, analysts, lawyers, data protection commissioners, public sector registrars, privacy experts, technologists and so on... suffice to say it was not your average techno-gathering. We ran the session under Chatham House Rules so that everyone felt able to have a frank and open discussion, so I can't name individuals - but huge thanks to everyone who took part. I will soon blog a summary of what we covered, along with details of a similar, follow-up event in Brussels towards the end of April.

As soon as the Privacy Summit closed at one end of the corridor, this year's Net-ID conference opened at the other. Just like last year, this was a first-rate mixture of useful presentations and interesting participants... good for both learning and networking. Mike Neuenschwander of Burton Group started us off with his perspective on where digital identity stands today and where it is heading, and things went on from there.

Our Computas hosts did a fabulous job again, and evidence of Mr Geuhs' customary thoroughness in the catering arrangements was abundant. There are not many conferences where you get a seven-course dinner, let alone one in which your palate is refreshed at half time with a basil sorbet spiked with a shot of marc de champagne...

It's invidious to single out specific people, I know, but I'm going to do so anyway. The 'New Acquaintance of the Week' award goes to Prof. Reinhard Riedl of the Berner Hochfachschule - partly for his presentation on 'Delegation of Rights' in digital identity systems, but mainly for being the kind of engaging polymath with whom it is impossible to spend a dull moment.

The week continued with a workshop on electronic identities for e-Government, and the "Advancing e-Government" conference hosted by the German Ministry of the Interior as part of Germany's presidency of the EU. As if the Computas banquet were not enough, I also had the treat of dinner in the Orangerie at Charlottenburg Palace. Who says business travel is all airline coffee and plastic sandwiches?  ;^)