Robin Wilton's esoterica

I got the chance to go to the Goodwood Festival of Speed last weekend for the first time, and had a great day. There's a lot going on at the Festival, but the action centres around a hill-climb competition over a 1.16 mile course, where you will see anything from a 1902 Panhard Levassor (4 cylinders, 4.4 litres, 16 horsepower) to half a dozen current F1 cars (V8, 2.4 litres, 700+ horsepower) and masses in between.

I divided my time between watching the hill climb and heading into the woods to watch the Forest Rally Stage - just over a mile and a half of track through the trees, and (according to many of the drivers) one of the slipperiest rally stages one could hope to encounter. One great thing about the rally stage is that you are free to wander around the 'pit' area at the top of the hill, and most of the drivers are only too happy to stop for a chat. I met a couple of rallying legends, Stig Blomquist and Paddy Hopkirk, both of whom were a pleasure to chat to.

The real fun is trackside, though. Safety is taken very seriously, but the track is laid out so that you can get good and close to the action. I've been experimenting with Youtube, so here's a taster, and I'll upload another clip soon, along with a link to some stills on Flickr.

Labour MP David Winnick is quoted as saying he thinks that civil rights groups over-do the assertion that 'there is growing concern over the intrusiveness of surveillance technologies such as CCTV. He says he has never had a letter from a constituent complaining about CCTV. He also cites the apparent readiness with which many people disclose personal details via online 'social networking' sites. It seems to me he is missing the point with these arguments.

CCTV deployment (to say nothing of other related surveillance measures such as number-plate recognition, face recognition and so on) is sketchily regulated in the UK. There is a code of conduct, drafted by the British Standards Institute (BS7958-1999), but as such it is voluntary and unenforced. There is no specific law relating to CCTV data; instead, any legal challenges would have to depend on either the Data Protection Act or the privacy-related provisions of the Human Rights Act. They would also depend on being able to identify the data custodian for a given CCTV installation - something which is by no means always obvious.

Sooner or later someone will launch a test case by requesting copies of any CCTV images containing their facial image; the data custodian will then either have to weed out the relevant images or hand over all the corresponding media, with serious implications for the privacy of the other people identifiable in the footage. In both legal and regulatory terms, the UK is poorly placed to deal with the issues this would raise.

In terms of complaints to MPs, and the comparison with social networking sites, I think the key points are these: CCTV is a passive surveillance technology. There's no notion of user consent, except in the sense that you "consent" to appear on CCTV merely by walking down the High Street... When people disclose details on social networking sites, they do so voluntarily - and there is no guarantee that what they are disclosing is true.

This is to say nothing of the other key question, which is whether or not they are wise to do so. Eric Metcalfe, from the human rights group Justice, makes the good point that the harmful consequences of these disclosures (active or passive, voluntary or not) may not become evident until long after the event.

When the Liberty Alliance ID Theft Special Interest Group analysed identity theft, it was clear that identity theft and the identity fraud which it is often used to commit are often widely separated in space and time. Thus, the theft of a set of credit card details in one country may only re-surface some time later and conceivably on the other side of the globe. For Mr Winnick to say that 'CCTV can't be bad, because no-one's complaining about it' seems to me to be both simplistic and premature.

For some reason, I can't get Thomas Midgley out of my head. He was responsible for the invention of those other widely-deployed and entirely safe technical innovations: leaded petrol and CFC-based refrigerants.

In recent days, apparently, the top two websites for UK Local and Central Government respectively (in terms of hits) were:

- Transport for London (with TfL's Journey Planner site in second place), and...

- The Met Office.

This is Britain after all - so ahead of all the 'non-discretionary' e-government services like job centres (2nd), tax payment (4th), benefits claims, vehicle and driver's licences (5th and 6th), what we really want to know is whether it's going to rain tomorrow.  

The TfL site, incidentally, also includes the payment services for the Central London Congestion Charge - so it seems that one way to drive take-up of e-government services is to introduce road charging.

Anyone watching the clock tick down to the point where David Maclean's Private Member's Bill finally expires might be interested to see another parliamentary decision on Freedom of Information principles.

One of the exemptions currently built into the legislation is based on the cost of answering an FoI request; if the estimated cost is more than £600 (or £450 for some types of public body) it may be declined. There are some oddities in the detail - for instance, a blanket rate of £25/hour is assumed to apply to the work of identifying, locating and retrieving the information in question.

The government (in the person of Lord Falconer, the Lord Chancellor) wanted to extend the cost-estimation categories to include 'the time taken by officials and ministers to consider them'. Apparently there is also the suggestion that multiple requests by a single entity (company, organisation or individual) "could be dealt with together" even if they are on different topics.

The BBC article seems to take this at face value; the Guardian article on the same topic notes the implication that tis would mean the potential cost of all the different requests could be aggregated and the whole lot rejected on cost grounds if the aggregate exceeded the legal limit.

The proposals have been rejected by the Constitutional Affairs Committee, which described them as "unnecessary, unpopular and undesirable". While part of me rejoices at this as a reason for rejecting the proposals, I can't help but think that the same argument was equally applicable, all along, to Mr Maclean's exemption amendment. Quis custodiet...?

It sounds like the place to be at this year's Catalyst is the Sun stand. Don Bowen and Pat have both blogged about some of what you can expect, and there's a "Monty Python and the Holy Grail"-themed Sun hospitality event on Thursday evening. If you're counting down to that, it's only three days away now. In fact...

Three shall be the number thou shalt count, and the number of the
counting shall be three. Four shalt thou no longer count, neither count thou
two, excepting that thou proceed thence from three.

Liam Byrne's invocation of the great era of Victorian industrialisation (ID Cards will be a 21st century public good like the railways of the 19th century...) seems to have left a number of people unconvinced, including The Register, the UK Liberty blog, and readers of the TalkSwindon forum...

His 'public good' argument is predicated on the idea that a national identity scheme will "very quickly [become] part and parcel of everyday life in Britain", and he gives these examples of how he thinks this may come to be the case:

1 - faster CRB checks (though he also notes that the improvements depend on more efficient and effective verification - that is, being sure that the person you issue credentials to in the first place is indeed the person who will be represented by those credentials... so that's not a benefit of having a national register, it's a benefit of having better controls on enrolment in that register);

2 - biometric immigration documents for foreign nationals (of which I am not one, in the UK at least);

3 - proof of age for restricted goods (in fact, this does not require proof of identity, it requires an assertion that one is over a certain age... and it's a long time since I needed any support for that assertion);

4 - plans for the DWP and the Government Gateway to be able to use ID Cards and Biometric Identity Documents.

From a policy perspective, I'm still waiting for one which will be 'part and parcel' of my daily life.

I've said this before, including recently to the Crosby Public Private Forum on ID Cards: there is a huge segment of the population for which interaction with public sector services is - basically - an involuntary nuisance (tax returns, speeding tickets and the like). The more anything like that becomes part and parcel of my daily life, the less I like it, so anyone trying to sell a national identity scheme citing that as a benefit faces an uphill battle.

No, the first step in building the public trust which Mr Byrne says is so necessary is to acknowledge, clearly and openly, that this system has two sides to it. There is a 'law enforcement' side, where the citizen's data will be aggregated and shared, through technical and non-technical means, with or without the subject's consent, and without regard to the purpose for which the data may originally have been collected. There's no corresponding use-case in the railway analogy. On this 'law enforcement' side, the safeguards against abuse of the citizen's data lie in effective and accountable governance. Here's one UK example of questionable practice in that regard.

Then there is a 'service delivery' side, where the citizen's data is used for specified purposes which, by law, must correspond to the purposes for which it was collected. If that data is to be shared amongst service providers, it should be with the citizen's explicit and informed consent. It must be easy for the citizen to see what such sharing they have authorised in the past, check that it is not being abused, and dissolve any data-sharing connections they no longer want.

The sooner it is made clear to the public how they can expect effective protection in the first case, and beneficial service in the second, the sooner trust in the proposals could start to grow.

Although I do hope Mr Byrne is regretting his 'golden age of rail' soundbite, it has at least given plenty of people an opportunity to explain why the analogy is a poor one.

As Mr Blair starts his last week in office by heading to Brussels for talks about the European constitution amending treaty, rumours abound that he has already been offered the job of Middle East envoy for The Quartet of 'interested entities' (US, EU, UN and Russia). Which is interesting, as according to the former UN envoy, Mr Alvaro de Soto is reported as saying, in somewhat unflattering terms, that The Quartet has, basically, made such a hash of things that the role is doomed to futility.

Speaking of people leaving office... the long period of uncertainty over Mr Blair's departure date robbed us of the chance to have the UK equivalent of this.

If I hadn't had the chance to pick one up in a Washington bookshop, I would be rather envious.

In case you're wondering: 578 days and counting...

One of my colleagues has been in hospital recently following a small but nasty chlorine gas explosion in his pool shed. Apparently the chlorinator was destroyed, and there was damage to a fluorescent light-strip.

A little further investigation revealed this post on Gerry's blog - written only days before this unpleasant... accident. Coincidence?

Let's just be careful out there, people  ;^)

... whether it's really true that MPs buy plasma TVs, fishtanks and iPods on expenses, but at least under the current law the question can be asked, and a ruling given by the independent Information Commissioner about whether it should be answered.

The Information Tribunal has already had to overturn attempts to block disclosure of MPs' claims for travel costs, which seems to me extraordinary. Let's not forget that MPs' expenses were something the speaker of the house said they would continue to have to disclose, even if  David Maclean's FoIA exemption (may it remain defunct) were to have passed into law.

As I have remarked before: even when the rules or laws are explicit, MPs often seem less than freely forthcoming with this kind of information. Heaven knows what would happen if disclosure were merely discretionary.

With apologies to William Henley:

Semantics

In the sound-bites of "time On Air"
It has not winced nor cried aloud
Under the bludgeonings of Blair -
Persisting, bloodied, but unbowed.

A month ago we looked at the question of when a resignation is not a resignation. That was clearly just for beginners. Today we switch to more grown-up stuff.

When is a constitutional change not a constitutional change?

Simple - when you promised a referendum on a new European Constitution, and now you want to introduce constitutional change without having a referendum.

The Constitution (whatever it was or may end up being called) was intended, among other things, to rationalise the tangle of treaties and amendments which has come to represent a de facto constitution for the European Union since the Treaty of Rome. Angela Merkel describes what she wants as 'a new treaty which will give the EU a 'single legal personality' and a legally binding Charter of Fundamental Rights. That sounds quite... well... constitutional to me - but clearly not to Mr Blair, who insists that he is expecting an 'amending' treaty and not a 'constitutional' treaty... as if the two were by definition mutually exclusive.

There are still 12 days left for these beatings to continue.

It seems that David Maclean's Private Member's Bill (PMB) to exempt MPs from the Freedom of Information Act could at last be dead. A short article on the BBC site today notes that, by the close of business yesterday, the Bill had failed to secure the necessary sponsor in the House  of Lords, and therefore would be unlikely to make it onto that House's order of business.

I qualify those statements because, as we've already seen, this Bill has more lives than Satan's own cat. Technically, I believe the position is this: once passed by the Commons, the Bill initially has 12 'sitting days' within which to find a sponsor in the Lords; that deadline has passed. A sponsor could still emerge, but would have to give 8 days notice of their intention to revive the Bill, which would then have to be fitted into the time remaining in this session of Parliament. The current session ends on Thursday 26th July. By my reckoning, that's a round 30 sitting days from now. For Pete's sake, won't someone stick a 'DNR' notice on this legislative revenant?

I don't know whether it's realistic to expect a Bill to be proposed and get onto the order of business within 22 days, but given the previous history of this one, I'm not counting my chickens until the hatchet is firmly buried in them.

For more press coverage, here's a link to the corresponding Guardian article from today.

Mr Blair yesterday described the UK media as a "feral beast" which threatens politicians' "capacity to take the right decisions for the country". I offer the following counter-example, courtesy of former cabinet minister John Redwood:

"My inquiries revealed that so far no peer has come forward to
sponsor and propose the bill in the Lords. As this is a private
member's bill and not a government one, it needs a willing peer to pick
it up and run with it," he said.

"Now the peers have seen what the media did to David Maclean, they are obviously having second thoughts.

"Brave
as our peers are, it is not much of an invitation to be asked to carry
a hand grenade with the pin already out through the Lords stages,
especially when the cause is such a bad one."

Now as far as I am aware, the media coverage of the Bill has focussed far more on the amendment itself than on Mr Maclean - here's an example from the Daily Telegraph, and one from the Guardian, for instance. But here, too, is criticism of the proposal from the Lord Chancellor, Lord Falconer, along very much the same lines.

If there have been ad hominem attacks, they have been far less visible than the objective coverage which confined itself to the obvious facts - that this is a bad an unnecessary piece of legislation which should have been killed off far earlier in the parliamentary process.

What is obvious from the chronology is that the amendment proceeded through its early stages (at which point a single dissenting vote from any MP could have stopped it dead) without opposition.

It wasn't until there had been significant media coverage (including a BBC television news headline piece) that any practical parliamentary opposition surfaced, in the form of a hastily arranged filibuster. Even then, the parliamentary process was mysteriously tweaked to get the amendment, exceptionally, back onto the order paper for a further vote late on a Friday.

And now it appears (if Mr Redwood's assessment is correct) that if the amendment can't find the sponsor it needs in the Lords, that pressure arising from media coverage may have been a contributing factor.

I know that's not the "feral beast" at its most savage, but frankly, in this case, more power to its teeth.

I also happen to be of the view that Mr Blair's remarks take him onto dodgy ground - particularly as it was his staff which deliberately leaked the name of the late Dr David Kelly to the "feral beast".

This is based on a real "customer service" call to our household yesterday. The names have been changed to protect the guilty, though why I'm inclined to do that, I can't really work out...

[phone rings] 

Me: Hello?

Call centre rep: Hello, is that Mr Wilton?

Me: Speaking

CCR: Hello Mr Wilton - this is [financial services company] calling. Before I proceed, for security reasons can I ask you to confirm your date of birth, please?

Me: Hold on a minute... you're the ones who just called me...

CCR: Well, we need to establish we're talking to the right person.

Me: But how do I know you're really [financial services company]? You could be anyone, phoning up to get my personal details.

CCR: No, this is  [financial services company], calling about your account with us...

Me: OK then... you tell me the number of my account with you.

CCR: I'm sorry, sir, I can't reveal that over the phone until I'm sure I'm speaking to the right person. 

Me: You're missing the point: if you call me, uninvited, I'm not going to disclose my personal data to you. It's not secure. If you want me to be certain I'm talking to [financial services company], you give me a published phone number and the name of a person to call, and I'll call you back. Then I'll disclose my personal details  to you.

[CCR hangs up]

Incidentally, I do believe this was really the financial services company and not a phishing attack, but it illustrates how badly prepared some of these service providers are to deal with the shortcomings which arise out of having a call-centre driven approach to customer contact.

Over the last six months I've blogged several times about corruption allegations surrounding the 'Al Yamamah' arms deals; there are conflicting reports again this weekend:

- The Attorney General, Lord Goldsmith, says he did not conceal from OECD corruption investigators the existence of secret payments to Prince Bandar bin Sultan;

- The Guardian newspaper begs to differ... here's a copy of the key passage from one of their many articles:

'The attorney general yesterday categorically denied part of the Guardian story in the affair.

He said that he had not ordered British investigators to conceal the £1bn payments from the OECD.

The
director of the SFO took responsibility for the decision to withhold
information. In a statement, Robert Wardle said the decision was made
by his own organisation "having regard to the need to protect national
security".

The Guardian investigation has revealed that:

· The attorney general became aware of these payments because of the SFO inquiry into BAE corruption allegations.

· He recognised the vulnerability of the government to accusations of complicity over a long period in the secret payments.

·
There is no dispute that, as reported by the Guardian, the fact of the
payments was concealed from the OECD when it demanded explanations for
the dropping of the SFO inquiry.

· UK government officials
have been exposed as seeking to undermine the OECD process, and
complaining that its Swiss chairman has been too outspoken.

·
When, before publication, the Guardian originally asked the attorney
general's office who was responsible for concealing the information
from the OECD, the newspaper was told: "The information presented to
the OECD bribery working group ... was prepared by AGO and SFO".

The AGO is the attorney general's office. Both departments report to Lord Goldsmith himself.'

It's fascinating that what now seems of more immediate interest is not the alleged bribery payments 20-odd years ago (under a different government and a different Attorney General), but the extraordinary knots the current Attorney General seems to be tying himself in as the OECD investigations progress. One has to wonder why.

... or so they say. Having just spent what seemed like a very busy week visiting Washington DC for the first time, maybe I can attribute it to some kind of time-dilation leaking from the political nexus.

We ran the third Liberty PPEG Privacy Summit, which seemed to go down very well. As ever, what made it was the diverse set of participants and their eagerness to engage in the discussion. The challenge for me will be to distil what was discussed into a short, readable document; I'll let you know the result when it's ready... I think you'll be interested to see who some of the participants were.

I was also on a panel in the ISPAB meeting, held at George Washington University. A couple of snippets from the corridors: first, I noticed that the university's student newspaper is called The Hatchet. Very Chekhov. Second, there happened to be another conference in the same building, held by the American Society of Access Professionals - with sessions on ID Theft and online identity/privacy. What are the odds?

And among other things, I had a fascinating conversation or two with Jim Lewis of the Center for Strategic and International Studies (CSIS). Some of what we talked about will re-surface in published form in due course, and I'll make sure you get a link to that when it's done, too.

From a non-work perspective, I started to discover why DC is such a fascinating place. For instance, you can be having a beer and a burger in a random bar and discover that the person you're chatting to at the bar is an Assistant Attorney General in the DC City government. What may have started out as a conversation about the baseball game on TV can take some pretty strange turns...

Other ephemera: 

The flags on the Capitol building were flying at half mast in honour of the late Senator Craig Thomas (Rep., Wyoming).

Thursday evening saw the Cleveland Cavaliers make a not-very-promising start in their first shot at the NBA finals. I have found out that the finals consist of at least 4 matches, with more if the first 4 don't prove conclusive.  From the match reports it sounds as though their opponents, the San Antonio Spurs, succeeded in closing down LeBron James so tightly that he didn't score at all.

I saw a fabulous bumper-sticker/license plate combination, on a car parked right next to Constitution Avenue... but you'll have to wait until I upload the photo.

The amendment to exempt parliament from the provisions of the Freedom of Information Act continues its march of shame towards the statute books. Here's how the current newsletter from Privacy Law and Business sums it up:

MPs vote to exempt themselves from FOI Act

The Freedom of Information Act (amendment)
Bill that seeks to exempt Parliament from the Freedom of Information
Act, despite previous attempts to stop it, had its third reading in the
House of Commons on Friday, 18 May.

The Bill was passed by a majority of 71, and
will now go to the House of Lords. While the current speaker has
promised that information on MPs expenses would still be released, this
voluntary agreement might not apply in the future. 

David McLean, a Conservative MP who
introduced the Bill, said that it is needed to protect the
confidentiality between MPs and their constituents. The Campaign for
Freedom of Information has repeatedly pointed out that constituents’
correspondence is already protected under the existing exemptions and
the Data Protection Act. The Information Commissioner’s Office has not
received a single complaint either from an MP or from a constituent
concerning the improper disclosure of such correspondence.

The Campaign is concerned that the Bill's
wider message is even more damaging: ‘MPs who support the Bill are
suggesting that they regard the FOI Act as unnecessary nuisance. They
will be encouraging other authorities to believe that they too should
not have to comply. If MPs pass this Bill what will they say to
ministers or others who refuse to answer FOI requests? How will they
dare to even protest? They will have sent a message of solidarity to
any authority which resists the public's right to know.’

Prime Minister in waiting, Gordon Brown, has stated that he is against the Bill.

It's hard to find anything with which to counter a piece of news like that, but here's a small attempt: Sun has set up an OpenID identity provider system for employees. We've done this using a combination of existing Sun products, OpenID code components, and our identity team's experience in this area.

OpenID is a 'low trust' solution to the question of how to provide some level of authentication for web applications without a cumbersome infrastructure for things like liability and identity assurance.

It also means you can log in to OpenID-compliant websites just by presenting them with an assertion from your OpenID provider that 'this user has authenticated'... the website itself doesn't need to have a user-ID/password pair for you.

The experiment Sun is doing with OpenID is that we will also tell our partner businesses, for instance, that if someone presents a Sun-issued OpenID, then that person can be assumed to be a Sun employee. It remains to be seen whether this enhances or fatally breaks the basic OpenID model, but at least it's open.

Unlike the UK's elected representatives, it seems. 

Anyone hoping that the accession of Gordon Brown would mark a change towards more 'evidence-based' and away from 'headline-driven' policy-making is probably feeling a little disillusioned this morning.

Apparently our leader-in-waiting plans to revive proposals to hold terror suspects for up to 90 days without charge, to push for the admissability of phone tap evidence in court, and to give police new powers to continue questioning suspects after they have been charged.

The 90-day internment proposal was defeated on  - quirkily -  9/11 2005 (though that's November the 9th over here), not least on grounds that the police were said not to be pressing for it. The Conservatives say there is no new evidence to justify increasing the detention time limit (already the longest in any developed country); law enforcers (particularly in the intelligence servies) are also reluctant to use phone-tap evidence in court, because of the amount of operational information it reveals simply by its use.

Don't worry, though. These measures may further infringe on our civil liberties and undermine legal principles... but we are promised that they will be accompanied by greater parliamentary accountability. Which is a shame, really. Why would we trust accountability measures which involve precisely those elected representatives who have just voted to exempt themselves from the Freedom of Information Act?