Robin Wilton's esoterica

OK, you already know that the current paper ballot system in the UK is not one of my favourite things; it has a simple mechanism for indexing all the ballot papers, as a result of which every vote cast can be traced back to the person who cast it. It is not a secret ballot. But don't let me get on that hobby horse again.

You also know that I have my reservations about the proposals for a UK National Identity Scheme, with biometrics, cards, and a logically centralised aggregation of identity data.

Picture my joy, then, when Dave Walker (peace be upon him) let me know that there are plans for voters to have to identify themselves... using their national ID card.

It may well be, of course, that ID Cards are a solution looking for a problem, and that the current paper ballot is a problem looking for a solution... but whatever the shortcomings of the paper ballot system, I find it extremely unlikely that ID Cards are the answer.

Not least - as the Register article lucidly points out - there's little sense in pushing for an expensive technical infrastructure for votes cast in person, and simultaneously pushing for more people to cast postal votes (the idea being to add to the total number of people voting, not switch them from one mechanism to another).

Perhaps what they envisage is that people who have an ID card but submit a postal vote will do the electoral equivalent of a 'card not present' transaction. That faint 'shuddering' you hear is probably the sound of an object being defeated.

As described by Paul Madsen, who has given the topic of the Identity Metasystem more practical applied thought than anyone else I can think of.

Paul also ran a session at last Thursday's Identity Open Space in Brussels, co-hosted with the Liberty Alliance. Some of Paul's notes from that session are posted here on the IOS wiki.

A couple of hours before that, I ran a session to update people on what the Liberty Alliance Public Policy Expert Group (PPEG) has been doing recently. You can find a summary of that session here on the same wiki. It was good to meet Tony Rutkowski at my session; Tony chairs the Identity Management Requirements Working Group at the ITU. Here's a link to the page describing the scope of their work.

It was also very gratifying (and I hope he won't mind be quoting this) that Tony said, a little way into my PPEG update, that we had obviously 'thought more about this than any other group he had come across so  far'.

I'm glad and flattered that that's the case, because it validates what PPEG is doing. I can't hog all the credit, though: PPEG has been part of the Liberty Alliance since its inception, and the Alliance as a whole has been working on identity and its related issues for over five years now.

Back in December I posted a few times (14th, 17th) about the suspicious sequence of events surrounding an investigation into the so-called 'al Yamamah' arms deal between Saudi Arabia and the UK's BAE (British Aerospace) back in the 80s. The picture didn't look any more edifying by February of this year.

The government's decision to intervene and stop a Serious Fraud Office investigation into the deal (just as it looked as though a further huge aerospace deal might go to France instead...) not only looked decidedly shady at the time, but has now prompted the OECD (in its role as an international anti-bribery watchdog) to send a team of inspectors over - effectively, to audit the whole sorry business.

From the point of view of international transparency in deals of this size and nature, that's probably a good thing in itself. It should also generate a fascinating record of the conversations ministers are likely to have with the OECD inspectors.

There have been calls today for the Prime Minister to intervene personally over the Dept of Health MTAS (Medical Training Application Service) website, which is currently suspended while - presumably - the department tries to work out how to bring it back online without compromising the data privacy of those whose CVs are recorded on it.

It's worth pointing out that, while it's the privacy breach which has brought the system so prominently into the public eye, the concerns about it are a lot more wide-ranging than that. This letter, from the President of the Royal College of Obstetricians and Gynaecologists (RCOG) provides interesting background - as well as confirming that the fatal shortcomings of the system have been known about for at least eight weeks now.

The principal purpose of the site is to match newly-qualified doctors with available training in the specialist areas they wish to enter as they develop their careers. However, one of the main issues seems to be a mismatch between the type of information the website allows applicants to type in concerning their qualification for said specialist training, and the type of information on which applicant selection would best be based. In other words, the site does (did) not provide a workable system for evaluating Medical Training Applications. As it has now been taken out of Service, it has achieved something of a clean sweep.

Another story which has hit the headlines is that of junior doctor Hua Luk, who applied for his chosen specialism via the website, only to be told that his application had been rejected because he did not have the 'correct immigration status'. It's not clear what information formed the basis for this decision, as Dr Luk was born in Surrey and went to Cambridge University. Presumably someone just took a look at his name and guessed that he might be an immigrant. That's the trouble with relying on web-based application forms, you see... they all look alike.

If that's what really happened, it doesn't look as though the Dept of Health will be meeting its racial equality obligations either... which is ironic given that 'ethnic origin' was among the PII items their system was disclosing so freely.

Paul has already blogged about the stylish privacy-breaching arrangement in the basement of Belgo Belge...

Further to that, I offer the following (skip this if you are particularly fastidious or suffer from vertigo):

On the train from the Gare du Nord to the Airport I had occasion to use the equivalent facilities. Like most UK trains, the 'flush' is operated by a large rubber button on the floor. Unlike most UK trains, though - when I pressed said button, a small trapdoor hinged open and I was treated to a top-down view straight down the pipe and onto the rapidly-passing clinker beneath. It was a novel perspective.

Leaving these visceral matters and returning to the more familiar topic of airport security:

There are signs of the times even in the humble carrier bag. What with all the new restrictions on taking fluids onto aircraft, Brussels airport has subtly upgraded the carrier bags at the duty-free shop. The bags now have a peel-off strip which allows them to be sealed shut in a tamper-evident way with your booze and chocolates inside. One side of the bag is now clear, so that the contents (and the carefully-inserted receipt) can be inspected.

It's sad, but neat.

The number one travel accessory for the busy traveller is once again... the humble ear-plug.

All hotels must, by some undisclosed international law, have at least one room located directly over a point where a truck-full of shouting men have a bottle-flinging contest some time between 2am and 4am. The bottles may be packed into crates, but may also be in a giant recycling bin, or (optionally) a few dozen individual bottles for an extended period of 'freestyle' flinging.

Interestingly, at least one such fixture must take place on the first night of your stay... though similar contests can also occupy subsequent early-morning sessions.

I have not yet established whether the traveller, too, can participate by flinging empties of his own out of the window... but if I ever forget my earplugs, I'm going to find it extremely hard to resist.

Dave's comment on my original post on this topic

Am I the only person aghast (and hence, passing the Voight-Kampff test) about the fact that information about would-be doctors' religious and sexual persuasions is even gathered, let alone recorded?

raises some points which I think deserve their own entry, so here it is.

Dave, I'm glad (and hence either pass the Voight-Kampff test myself or am from the new, improved Nexus 8 range...) to say your empathy does not make you unique... though us being aghast about it will be of little comfort to those concerned. Two things spring to mind:

1 - best practice is for sensitive personal data such as religious/sexual/ethnic specifics to be captured on a separate form from the basic profile data, and for the disclosure by the subject to be voluntary.

The separate form ought then to be linked to the main document only by a non-personally identifiable index number, and the sensitive personal data ought only to be used statistically, in support of assessments of whether the organisation in question is meeting statutory obligations in areas such as sexual/racial equality.

2 - The UK Information Commissioner's Office has indicated that it intends to focus more, in future, on "actual detriment" suffered by data subjects as a consequence of breaches of privacy. This sad episode raises some very pertinent practical questions about such a policy.

How does one assess the 'actual detriment' which has resulted, as of today, from this data breach?

When does the current data breach cease to be the cause of future 'actual detriment'? Now that a given junior doctor's personal details have been disclosed, how soon will anyone be able to say that a given instance of 'actual detriment' - such as a homophobic brick through the windscreen -  did not result from this data breach?

David Maclean's Private Member's Bill (as blogged about previously) - the one which would exempt the houses of Parliament from the Freedom of Information legislation they enacted to cover all other public services - continues to twitch like a B-movie zombie.

As this BBC article indicates,  some procedural quirk means that the Bill will be debated again on May 18th., despite having been 'talked out of time'  last week by opposing MPs. The article also nicely illustrates some of the pernicious effects this bill would have if it got into force:

"The bill also protects all MPs' correspondence from release and stops authorities ... confirming or denying whether they have received a letter from an MP."

As you can see, the Bill's tentacles reach out into other bodies which would still have their Freedom of Information duties in other respects.

It is still a bad law, and it still deserves to die.

By yesterday evening, the news bulletins on the way back from the airport were noting that the Dept of Health job applications website I mentioned yesterday had been withdrawn from service in the face of a further breach of privacy.

The reports didn't give any details about the technology, or who is responsible for the architecture or implementation of the system, but did suggest that the department had been aware of the issues already for some eight weeks. 

I posted a few days ago about operating system choice in the retail PC market. Here's a little footnote to that observation: since the chimney collapse event,  we've been dealing with insurers, loss adjusters, surveyors, and now the suppliers who replace damaged items.

In discussion about replacing a damaged laptop, I had the following exchange:

Supplier: "And what version of Windows was the laptop running, sir?"

RW: [momentary hesitation]

Supplier [prompting helpfully]: "Windows XP, Windows 98...?"

RW: "No, no... I understand the question. It wasn't running Windows; it was running Linux."

Supplier: "How do you spell that, sir?" 

quod erat demonstrandum 

"Capillary dilation... the so-called 'blush response'"

Apparently a momentary lapse in access control resulted in the personal details of a number of junior doctors were, effectively, published via the internet. The data included core PII (Personally Identifiable Information) items as defined under data protection law, including: phone number, addresses, previous convictions and sexual orientation.

It seems strange that a single mix-up over  one URL should have been sufficient to allow the exposure of this data, and that (being PII) it was not further insulated from web-based access by the general public.

This is something I blogged about way back in December 2005; the extent to which, in real-world trust decisions (particularly those involving strangers), uniforms can play a very significant role in influencing our opinion.

A 24-year-old student has been charged with 'wearing police uniform and equipment in the street'. He was on his way into a bar in Aberdeen in order to give a performance of his specialist profession: removing the said uniform. The police concern was nothing to do with male public nudity, which is clearly perceived as a lesser threat than the apparent abuse of an implied credential ("looking like a copper in a public place").

... as long as it's black. (Henry Ford)

The pre-installed PC market remains the most visible aspect of Microsoft's monopoly grip on the desktop market; to all intents and purposes, if you walk into a retail outlet and buy a PC, there is still no alternative to getting one with Windows on it. That's not a market driven by consumer choice.

The news from Dell is interesting; apparently in response to consumer pressure over pre-installed Vista machines, they have had to restore the option of ordering a machine with XP instead. Presumably the only thing which will change that market dynamic would be a withdrawal of support for the superseded release.

I've already blogged, here and here, about a Private Member's Bill currently passing through the UK parliamentary process; the Bill would amend the UK Freedom of Information Act so as to exempt both houses of parliament from its provisions.

As far as the general public is concerned, there's only really one question the debate needs to consider: "as a voter, would you trust our elected representatives to abide by the spirit of the Freedom of Information Act, even if the law did not actually oblige them to do so?".

The Bill is now being debated in the Commons, having passed through its initial stages without the single "No" vote which would have served to kill it off.

Liberal Democrat MP Norman Baker pretty much sums it up with the following comment:

Mr Baker, who successfully fought a two-year Freedom of Information battle for a detailed breakdown of MPs' travel expenses, said that a constituent's inquiry would not be "leaked" as it was already covered by the Data Protection Act.

"There is no question that this already exists as a proper means of protecting constituents," he told BBC Radio 4's Today programme.

Of the Bill he said: "This is not about constituents' correspondence, this is about exempting MPs from scrutiny in the House of Commons on how, for example, we get our expenses.

He added: "It's about covering up and it shows, I'm afraid, that the Freedom of Information Act culture that we hoped was becoming established in this country, is not actually in the bloodstream yet."

The only addition I'd make to that is to change it so that it reads "is not actually in the parliamentary bloodstream yet"

Let's hope that the Commons proves him wrong on that score.

Postscript: As John Sandell notes in the comments below, the chances of this PMB becoming law are now significantly reduced, after a handful of opposing MPs 'filibustered' the Bill by dragging debate on it past the 14:30 cut-off point. In my view it's the right result, but the means by which we've got there seem bizarre, to say the least.

All I can say is, if the FoIA culture is not yet established in the parliamentary bloodstream, thank goodness Mr Baker and his colleagues were able to maintain a 5-hour I.V. drip and (with luck) eradicate the PMB 'antibodies'.

I reserve the right to block anyone who tries any 'injection of common sense' comments... you can do better than that ;^)

Q: What's wrong with the WS-Fed TC draft charter?

A: "t [4+AF0AOw- that"

Q: That's it? Nothing else? Nothing else in the whole doc might need the slightest tweak?

A: No changes to the proposed WSFED TC charter are required.
 

As you may or may not be aware, a draft charter was proposed recently for a new TC (Technical Committee) at OASIS, to work on the WS-Federation specification which originated outside that standards body.

This has already been commented on by people far better qualified than me, including Tim Bray, Conor Cahill, Eve Maler, Paul Madsen and others. Among them you'll find experts in identity technology, federation, and many years of accumulated experience of the standardisation process. Each of their perspectives is well worth checking out.

Without diving into the politics of it all, I just want to make a single simple point. As part of the submission process, the OASIS membership is given an opportunity to comment on the proposed charter. As Gerry Gebel has noted here on the Burton Group blog, members who commented included Nokia, France Telecom, NTT, Sun, Oracle, and Neustar. It's clear that these too are entities with a great deal of technical and standardisation experience in this field. In all, 31 comments were submitted on the draft charter.

30 were rejected with the repeated formula:

"No changes to the proposed WSFED TC charter are required."

The fact that the only comment to be accepted was one remarking on a string of meaningless random characters which had somehow made its way into the text speaks for itself. None of the  substantive objections or concerns raised by the comments was acknowledged.

If you want to look at the comments and the corresponding replies, you can get the comment resolution document here.

The fact that half a dozen world-class corporations with a proven track record of expertise in online identity can have 30/30 comments rejected out of hand, at a point in the process when the TC doesn't even exist yet, surely serves to do nothing other than undermine the credibility of the draft charter and its proposers. As an exercise in flushing dubious motivations out into the open, though, it may have some merit.

Much is made these days of the claimed need for public sector bodies to share data about citizens, on an unprecedented scale and for a wide range of reasons.

A BBC investigative programme (enterprisingly titled "The Investigation") has been looking into the rationale for, and effectiveness of speed cameras in the UK. It says its findings cast significant doubt on both. For instance, academics compared the police statistics for serious injuries caused by road accidents with those generated by hospitals, and found that the two were substantially different... and that the hospital statistics showed no decline in road-related serious injuries since the introduction of speed cameras.

The article goes on to quote the Transport Research Laboratory's view that the real problem is a minority of drivers who are undeterred by speed cameras, and the former head of traffic police at the Met., who notes that speed cameras can only ever catch those people who are law-abiding enough in the first place to register their cars correctly and accurately.

With data sharing in mind, then, it would be interesting to see what the typical insurance history is of the people caught by speed cameras. I wonder what percentage would be found to have no record of accident claims. 

Yesterday's radio news carried this BBC story about two arrests in Worcestershire for theft of network access. Two individuals, in separate incidents, were apparently seen using laptops in parked cars, and subsequently cautioned for the offence of 'dishonestly obtaining electronic communication services with intent to avoid payment'.

I know there are some householders who see this as a 'victimless' activity, and who are happy to leave their wireless access points open for others to access. In some cases I'm sure it is a harmless and indeed neighbourly thing to do... but it's worth reflecting for a moment on some of the other possibilities this opens up.

At the root of it is the fact that this is a form of identity theft. Insofar as the person using your wireless connection can be identified, the most damning details are:

- your IP address, and thus

- your ISP and

- your home address.

The only thing which might identify the user as someone other than you is the MAC address (probably fake) of their wireless adapter.

Given access, they might make use of it to:

- access illegal sites;

- dispatch viruses/trojans;

- send spam;

- communicate anonymously, perhaps to organise criminal activities.

Obviously, not every open wireless connection is bound to end up being abused in this way, but the risk is there and deserves to be considered. The risk assessment also needs to take into account the relative simplicity of protecting your access point with at least basic measures. The three most obvious are:

- Change the default password on your firewall/router! It's no use taking steps two and three below, if a hacker can simply log on to your access point and undo your good work;

- turn on WEP* WPA or other equivalent link encryption between the access point and the clients;

- enable MAC address filtering, to exclude all but those machines you explicitly list.

These measures, just like fitting a burglar alarm or locking your car, don't guarantee protection, but might deter an opportunist attacker.

One other note if you use MAC address filtering: for goodness' sake remember that you're using it. Otherwise the next time you attach a new machine to your wireless LAN, you might spend hours trying to work out why on earth the damn thing won't connect, debugging the network connection with mounting frustration, before finally twigging that you need to add its MAC address to the 'allowed' list. Or so I am told ;^)

*See comments below...
 

Can you help with this one?

I'm looking for example of where a Relying Party might trust a self-assertion by you more than they would trust the same assertion made by a third party. I'm sure there are such cases, but the counter-examples are much easier to come up with...

1 - the barman doesn't trust my son's self-assertion that he's over 18 unless it's backed up by an assertion from some person or agency the barman has reason to believe would know my son's age.

 2 -  if my son produces a credential issued by www.dodgyID.net, the Relying Party would probably trust neither of them...

Answers via the comments field, please...

It seems that smoking is bad for your lungs - even if it's a pig that gets smoked. Apparently research has revealed a link between high consumption of cured meat and chronic obstructive pulmonary disease (COPD). The cause may be the higher levels of nitrites in the cured meat products.

I used to keep a 'What's in flower' file on this blog, but I was so bad at keeping it up to date that it rather lost its point. However, what's going on at the moment probably deserves a specific mention. We're having a warm spell (mid 20s C... mid 70s F), and the plants seem unable to work out what season it is.

For instance, early spring flowers like hellebores, daffodils and forsythia are still out; but the amelanchier (shad-bush, mespilus) has already flowered and shed its petals, there's blossom on the pear trees, the tulips (Angelique) and snakes-head fritillaries are flowering, and the Wisteria is about to go for it in a big way. The hyacinths have just about finished, and the bluebells are flowering, as is the rosemary bush.

It's hard to resist the conclusion that their biological clocks are comprehensively jiggered. I just hope that when the 'real' summer weather arrives, there's still something to look at.

As promised, here's a link to some of the photos I took over the course of this year's DW. There are some gaps (for which I apologise)... but sometimes things get hectic at a support stop, and photos have to take a lower priority than looking after the paddlers.

I've put various other sets on Flickr, which you're welcome to browse... and as you have probably noticed, I've used their 'random thumbnails jigger' in the right-hand column of the blog.

Anna and her partner finished the Devizes to Westminster canoe race - Anna's second completion in consecutive years! Their finishing time this year for the 125 miles was 25:05:21 - slightly slower than Anna's time last year, but I guess that's what you get for doing it on less than half the normal training schedule. The six weeks they did have paddling together were disrupted by injury and illness (both girls picked up a nasty gastro-enteritis bug - probably from a Thames training outing - and missed the entire last week of training), so it was a huge relief that they finished at all.

Photos will follow. In the meantime: high and lows point of the weekend -

- The Low: grappling with the possibility, at 9am on Sunday (Day 3) that Anna might have to pull out because of a recurrence of the neck strain that had already cost her a week of training. Not a good half hour! It's pretty gut-wrenching to see your offspring in tears of pain, but still determined to get back in the boat and keep going.

But... 

- The Highs: seeing them at our next support stop, ten miles down-river, and realising that it was going to be OK...;

- watching them and two other crews sprint-finish at the end of Day Two...

- and, of course, seeing them come up those steps after Westminster Bridge.

I know I said this last year,  but even after watching them do the race, I still find it hard to believe it's humanly possible.

Thank you again to all those who sponsored them this year; I'll let you know how much the team raised for the Meningitis Trust as soon as all the contributions are in.

In all the excitement over this last weekend, it was easy to forget that there's plenty more to come at the end of this week... and I'm not just talking about the Boat Race, the Malaysian Grand Prix or the 1974th Anniversary* of the Resurrection of Chocolate [Christ, surely...? Ed.].

(*Assuming he was about 33... )

It's "DW" again, and it's not too late to email me if you want to make a sponsorship pledge for Anna and her crewmate. This year, the school's crews are all raising money for the Meningitis Trust. If you'd like to make a pledge, for whatever amount, just drop me a line: racingsnake at sun dot com.

Remember  - if you pledge enough, it can really make those 125 miles flow by. (Actually, that's a lie... only an outboard motor can do that, realistically speaking - but I know the crews like to feel that someone, somewhere will benefit from their pain).

Here's a photo of one of the more spectacular river features. This is Boulter's Weir, near Maidenhead... and no, they don't have to canoe over it. It's one of the 77 portages the crews have to undertake.

Low point (for the crews): lots of duck poo where you have to put your hands when disembarking.

High point (for the support crews): very nice loos in the park.

As Captain Jack Sparrow would say: "Not good! Not good!"

There was a loud rumble on Saturday afternoon, followed by a lot of dust. Once that had settled, literally and metaphorically, it became apparent that a 4-flue chimney stack on the east end of our roof had collapsed. Half of it fell in through the roof and my son's bedroom ceiling; the other half fell down the outside of the house onto the roof of the outbuilding, some of it bouncing into the neighbour's garden and narrowly missing her.

Narrow escapes all round.

It being the weekend, emergency roofers were hard to come by, but with the help of a friend (Thank you, Kev. Thank you again...) we cleared almost 300 whole bricks and a skip (dumpster) full of rubble from inside the house, and got a tarpaulin over the gaping hole in the roof/wall.

Here are a couple of pictures to give you some idea of what confronted us:

Bedroom. Under the 'upper' slew of bricks there's a broken 8" oak beam which took a huge amount of the force of the collapsing masonry, and in doing so probably prevented worse damage elsewhere. Under the 'lower' at slew you can probably just make out a pillow. Not a comfortable thought.

Neighbour's garden. This is what a ton or so of bricks does to a tiled roof from about 25 feet up. Interestingly, all four of the 'flue caps' (by definition the highest part of the chimney) survived undamaged. You can see a couple of them in the flowerbed, just behind one of the rose bushes. Luckily (by some definitions of the word) the outbuilding is also ours. Much as I don't like what's happened to it, it would be far worse if we'd done that to someone else's roof...

According to the insurance assessor, the strongest winds recorded locally over the weekend - at around 50mph - were registered at almost exactly the time this happened.