Robin Wilton's esoterica

While the current row over concealed donations to the Labour Party draws some attention away from the HMRC data breach, it's probably a good moment to step back and take a look at some of the possible long-term implications of what may or may not have happened.

On Monday I was at a local school, giving a talk to 6th-form pupils (16-18-year-olds) about digital identity and privacy. At one level, I really wasn't sure what to say to them. After all, here's a group (representative of an entire generational demographic) who are starting their 'life in the tax system' in the knowledge that their National Insurance numbers and basic identifier information have already been compromised by the actions of a third party.

Two long-term implications present themselves.

First: this episode has prompted at least some policy-makers to attempt to quantify the breach in financial terms. For instance, Vince Cable MP, Liberal Democrat Acting Leader and Shadow Chancellor, has put it at £1.5bn, on the basis of a 'street value' of £60 per identity. The infamous US bank robber, Willie Sutton, apparently never said that he robbed banks "because that's where the money is"... but the principle still holds. Identity theft happens because identities have a value.

In a context where the government plans to operate a national scheme to provide what it has described as the "gold standard of identity", the issue of financial liability for compromised identities needs to be very carefully considered, and the implications made clear to every stakeholder up front (citizens, policymakers, data custodians, relying parties, and so on...). So far, concerning the HMRC breach, the Chancellor has assured citizens that they will not have to bear the cost of resulting identity fraud, but both he and the acting head of HMRC have said it will be the banks who pick up the tab. How the banks feel about indemnifying credentials which they didn't even issue, let alone lose, is probably quite another matter.

Second: thinking of that classroom full of young adults; how are they to know, in 5, 10 or 15 years' time, whether the identity fraud which some percentage of them are likely to suffer came about as a result of something they did, or as a result of the current breach, or (as William Heath has so astutely observed) through some subsequent exploitation of the appalling ease with which a couple of CDs can be run off?

In the Digital Era, it seems to me that any prudent enterprise - including governments - should be considering how to indemnify itself against the mass compromise of valuable data, including some condiseration of likely consequential loss. That implies that, when it comes down to cases, there is some way of determining the actual (or most probable) origin of a given breach.

I think those problems are still some way from having solutions which successfully include the appropriate range of measures, from policy, risk assessment, architecture/design and technology, to implementation, operation, audit and governance. The worry is the extent to which the stated policy aims and the implementation plans may be allowed to outstrip the other, equally vital components.

To follow on from yesterday's post and the helpful comments left by Wayne, Steve and Carolyn, I thought it might be helpful just to give a couple of pointers about browser privacy. This is not a definitive guide, and will not apply to all browsers in the same way... it's more to get you thinking about the topic, in case you weren't already.

First, how long is it since you last had a look at your privacy settings? If, like me, you've recently accepted an upgrade to your browser, it might be worth revisiting them (like I didn't... but hey, profit from my mistakes...). Check your cookie settings and see if they really reflect what you're happy to disclose. Have a browse through the cookies which are currently stored. You might be surprised at how many there are, and how many are for sites you don't recognise.

Next, some Firefox-specific things: 

There are a couple of useful extensions; the "Permit Cookies" extension and the Netcraft toolbar. The former is a simple hot-key pop-up which means you can turn cookies off by default and then re-enable them on a site-by-site basis by hitting Alt-C. I should warn you... you might find a surprising number of sites stop working in some way when you turn off all cookies (for instance, some sites will want to set a cookie in order for you to log in)- but just being aware of that is quite useful in itself.

The latter is an anti-phishing toolbar which gives you an indication of the risk rating assigned to the sites you visit. There are some other neat gadgets too, such as a "what's that site running" function.

Then you might want to type "Firefox about:config tweaks" into a search engine and check out some of the options there. Here are a couple of the useful pages you are likely to see in the hitlist: Mozillazine knowledgebase, 10 privacy tips.

Let me know how you get on... or if you have other favourite privacy tools.

Over the weekend, I set up a gmail account for a specific purpose. I was giving a talk on Monday, and wanted the audience to have a separate email to use for contacting me with comments/questions. No problem there.

Today, I was leaving a comment on a blog which happens to run on blogger.com. As usual, it offered me a choice of authentication options... including using the gmail account I set up on Sunday.

I didn't ask it to make that linkage. In fact, there might be good reasons why I don't want the Monday audience and the blogger audience to make the association between my blog post and the email address.

So - where has gmail stored my email address such that the blogger website can fish it out and offer it to me as an option? Well, most probably as a cookie in my browser. There's certainly one in there with the email address in it. Now, from a convenience point of view I can see the attraction - but from a privacy point of view this is less than optimal.

It seems to me that, as users, we are poorly served by the way in which cookies are currently handled. There is often no middle ground between "pester me every time any site sets a cookie" and "aw, what the hell... store what you like". If a cookie is, as in this case, going to contain an identifier such as an email address, wouldn't it be nice to be asked for consent?

Echoing (probably unknowingly, I'm sorry to say) my blog post of a week ago, a group of academics has written an open letter to Andrew Dismore (Chair of the House of Commons Committee on Human Rights) to blow the whistle on some of the claims policy-makers have been making recently about biometrics.

Interestingly, the points they raise cover the whole spectrum from technical to implementation and budgetary issues. Among other things, they express concern about:

- whether it's realistic to assume that everyone in the UK will have a biometric credential;

- the likelihood of an ongoing level of failed biometric authentication (false acceptances and false rejections);

- the likelihood of an ongoing techno-war of escalation between the implementers and the hackers;

- the cost of rolling out biometric-capable devices to every point of authentication (and maintaining them thereafter);

- the current estimate that the whole population will not be enrolled until at least 2020;

- the gap between implementing biometric technology and meeting the governance objective of preventing data leakages such as HMRC;

- an alleged design shortfall concerning the privacy and security of personal data;

- the difficulties surrounding the "re-issue" of compromised biometrics;

- the difficulties surrounding 'exception cases' such as people under terrorist threat, victims of domestic violence, witness protection participants, security service aliases and so on.

On the whole it's a pretty balanced and rant-free letter. Of course, it's possible that all these factors have been taken into account in planning for the ID Cards scheme, and we just haven't been told about it. On the other hand, recent data management events suggest that in the systems already in use for the sharing of personal data, either this kind of factor has not been taken into account, or the resulting disciplines have not been put effectively into practice.

I hope the letter goes further than Mr Dismore, and gets the serious consideration it deserves.

Twice in the last few days I've heard arguments put forward to justify ID Cards which really ought not still to be being used.

The first was from Chancellor Alistair Darling, who said (in the Today programme interview I blogged about earlier) that ID Cards and biometrics were needed 'in order to protect people against identity fraud'.

Isn't that a bit like passing a law which makes it illegal to leave your front door unlocked? I mean, yes, it's sensible to lock your front door, and most people appreciate that, but is legislation really appropriate? Ultimately, if someone wishes to leave their front door unlocked, however foolish that may seem, isn't it a matter for them? The consequences, should they be burgled and then have an insurance claim rejected, are well understood, and people exercise their options on a well-informed basis.

The second was a quotation from Sir David Varney, cited in this article in the Daily Telegraph. In it, as part of the case for ID Cards, he says:

"The thinking is entirely logical - it is, Sir David argues, ludicrous
that somebody has to contact 44 bits of the state when a relative dies.
Members of the iPod generation want to be able to download public
services at their own convenience, just as they personalise their music
collection. And if Tesco can send special offers to particular
customers, using the information gained through its Clubcard, then the
Government should also be able offer relevant services to its citizens."

The analogy is perhaps more telling than he intended. It is, after all, a matter of consumer choice whether or not someone decides to have a supermarket loyalty card. If they decide to do so, it is a matter of choice whether they opt to receive otherwise unsolicited offers from the supermarket, and a matter of choice whether they act on those offers.

The element of choice is conspicuously missing from Sir David's description of a joined-up future, and for someone in his strategic role, I find that startling. It may well be 'ludicrous' that someone has to notify 44 different state organs when a relative dies - but Sir David is reaching one conclusion about the best solution, where other citizens might reach another, based on their own preferences.

I think it's key to distinguish, here, between the law-enforcement aspects of 'joined-up government' (and the due attention which must be paid to the recommendations of the Bichard Report and so on) and the service-delivery aspects of joined-up government. In the latter, the informed consent of the citizen is surely a vital design principle.

On the doormat today was my personal letter of apology from the Acting Chairman of HMRC. In it, he says that my personal data is "likely to still be on Government property", and that there is "no evidence that it is in the possession of anyone else". Given that he's taken the trouble to write to me personally to apologise, I suppose it would be a bit churlish to ask just what leads him to those attractive but optimistic conclusions.

He also lists exactly which pieces of my personal information are not necessarily in anyone else's hands: "my name, my children's names and dates of birth, my address, my National Insurance number and, where relevant, the details of the bank or building society into which my Child Benefit is or was paid".

I love that "where relevant" phrase. The idea that they're only losing disclosing my details "where relevant" is of enormous comfort to me, even if there's no explanation of where (or why) that information would (or might not) be relevant. I suppose it would be nice to know whether my bank account details were considered relevant in this case... but again, let's not be churlish in the face of his obvious concern.

The letter goes on "as is usual in these circumstances, if you are the innocent victim of financial fraud you will not have to pay". I find that immensely reassuring. It's clear that he has a firm grip on what is 'usual in these circumstances', and knows exactly what I should do whenever an entire national database goes missing. I assume he's been through it all before, which is excellent.

Two more fascinating 'aftershocks' on Friday and Saturday, as the case of the missing HMRC disks continues to unfold.

First, this comment from a National Audit Office spokesman:

"Asked if it had considered removing the bank details of individuals from the discs on security grounds before handing them to a third party, the NAO spokesman said the data belonged to HMRC.

'It is HMRC's data to manage,' he told the BBC News website."

For the National Audit Office to be expressing this view seems to me to be both worrying and inappropriate. The whole purpose of the NAO is to audit the activities of other government bodies. To do so, it demands access to their data... and when it does so, the organisation in question generally has no option but to hand the data over. I cannot believe that the NAO then has no duty of care concerning the data which it acquires.

Indeed, if you look at the Data Protection Act, it's clear that with regard to the data it receives from other organisations, the NAO is a data controller within the meaning of the Act. (I've always wanted to use that phrase :^). The Act describes a data controller as someone who "determines the purposes for which and the manner in which any personal data are, or are to be, processed". Clearly, the HMRC (in this case) collects and uses the data for one purpose, and the NAO demands and uses it for another.

If we accept the NAO spokesman's assertion that the NAO doesn't 'own' the data in any meaningful sense, what are we to make of the fact that they routinely hand it over to a commercial third party for processing? It's hard to imagine that, in doing so, they somehow impose a stringent set of data protection principles on that commercial third party, given that they, the NAO, don't seem to feel any burden of ownership in the first instance.

This seems to me to be evidence that the whole question of  'transfer of data protection responsibilities' is not clearly spelled out,understood or acted upon.Given the government's strategic movement towards large-scale data-sharing, I find that very worrying.

Second, the following item, also from the BBC site:

"Meanwhile, a row has broken out between the government and the banks over who will pay the cost of any resulting fraud from the loss of the two Child Benefit discs.

Both the chancellor and the prime minister told MPs the banks would repay customers who lost money.

But in a letter, signed by the British Bankers' Association, the Building Societies Association and the Payment Service APACS which is responsible for security of money transfers, the banks have told the chancellor that he should reimburse them for the cost."

This goes to the heart of the question of liability for identity theft and consequent identity fraud. It would be strange, wouldn't it, if I left the keys in the ignition of my company car and then, when it was stolen, expected the leasing company to bear the cost of giving me a new one. But isn't that equivalent to the position the government is taking? Why, after all, would the banks spontaneously indemnify poor the data management practices of a government department?

We've been told, often enough, that the proposed ID card system will represent the 'gold standard' of identity, and that commercial organisations will be queueing up to rely on these government-issued credentials. And yet why would they, if this is the kind of liability model the policy-makers have in mind?

As promised last week, here's the second brief entry in what I hope will grow into a series of 'some of the weird things which have happened to/around me on my travels'...

This one was on a business trip to Dusseldorf with a colleague - so let's call him "Col" for short. We arrived at Dusseldorf airport and Col, who was a smoker then, suggested we pause for a few minutes so he could top up on nicotine. While he was doing that, I took the opportunity to answer the call of nature. A few minutes later he said he'd do the same, and set off. It didn't really register that he happened to have gone in the opposite direction to the one I had taken a few minutes earlier.

Time passed, and in due course he came back, looking slightly flustered.

It emerged that he had walked for some time without finding a Gents, and after a few hundred yards of airport corrridor, had decided to use the Disabled toilets which happened to be the first ones he found. These had some kind of proximity badge-lock and no door-handle, but a firm shove on the door was apparently enough to engage a motorised opening mechanism, and in he went. The door closed itself slowly behind him.

Unfortunately, a couple of minutes later a second traveller went through exactly the same process, came to the same door and gave it the same firm shove... whereupon the door whirred very slowly open, revealing Col enthroned. A controlled delay, and the door whirred very slowly shut again, leaving two travellers separated by a door but joined by a feeling of some embarrassment.

The HMRC seems strangely confident that the missing CDs are still "on Government property". I say 'strangely' in that, from the information made public so far, the last sighting appears to have been when they were consigned to a commercial parcel carrier.

As you may remember from a previous post, the business of designing a system so you can reliably spot stolen records once they're out in the wild is by no means a simple one. With that in mind, I wonder what forensic measures the authorities are currently relying on.

I've done my bit. As far as I can see, the disks are not yet up for sale on eBay.

There's also, of course, the possibility that they have been found, but not by anyone ill-intentioned... but I suppose a reward can't be offered without rather undermining the 'still on Government property' assertion.

For a scarily informed and entertainingly expressed view on almost anything to do with digital identity, its social, economic, political or practical implications, or the underlying technology, you can do a lot worse than browse Dave Birch's writings over on Consult Hyperion's Digital ID blog. I was up at Digital ID Forum 2007 today, and thoroughly regretting not having been able to attend yesterday's session as well.

It seems clear that the massive data breach at the HMRC has implications for the proposed ID Cards scheme... the snag is, it's not clear what they are. There was probably no plausible way for Alistair Darling to avoid the hot seat on Radio 4's "Today" programme this morning, and he duly faced the questioning of Jim Naughtie. Predictably, this included the question:

"How, in the light of the HMRC breach, can you expect to be taken seriously as the government which claims it's competent to run a National Identity Register?" [Not necessarily verbatim, as I was in the car at the time, but that was the gist of it].

Mr Darling's direct answer [again, not verbatim, but probably pretty close in this case]:

"The benefit of an ID Card with biometrics is that it enables you to be surer of the identity of the person asking for the information."

Hold on. Let's just replay that against what actually happened in the HMRC case. Is Mr Darling implying that, once an NIR is in place, an HMRC employee would have to authenticate to the citizen before they could have our tax details? It seems unlikely. So maybe he's implying that the HMRC would only hand data over to the National Audit Office once the NAO official had authenticated. So, would that have prevented the breach which has just been revealed? No.

If Mr Darling's answer is a true reflection of his conceptual model for ID-Card-based authentication, what are we to conclude?

A further update on the HMRC story. The following passage is from the BBC news site's article.

"Shadow Chancellor George Osborne said: "Let us be clear
about the scale of this catastrophic mistake - the names, the addresses
and the dates of birth of every child in the country are sitting on two
computer discs that are apparently lost in the post, and the bank
account details and National Insurance numbers of ten million parents,
guardians and carers have gone missing.

"They simply can not be trusted with people's personal information," added Mr Osborne.

Liberal Democrat Acting Leader Vince Cable said it was now the Treasury and not the Home Office that was "not fit for purpose".

"Why does HMRC still use CDs for data transmission in
this day and age? The ancient museum pieces it is currently using for
computing must be replaced."

I can more readily understand George Osborne's point than Vince Cable's. After all, the technology to secure the exchange of digital data pre-dates the invention of the CD by some decades. The issue is less one of why the data was being transferred on CD and more one of why it was being exchanged in clear.

Several of the politicians commenting on this have chosen to use it as an opportunity for sceptical comment on the plans for a National Identity Register, but I think that's slightly missing the point. Yes, competent governance of such a register should be a critical metric of its successful operation, but there's also the far wider picture of the government's strategy on data sharing.

Surely the most direct lesson of this particular episode is that, when government bodies exchange sensitive personal data about citizens, we cannot currently reliably assume that those exchanges are protected by technical or procedural measures commensurate with the risk of a breach.

The chairman of the HMRC (Her Majesty's Revenue and Customs), Paul Gray, has resigned following the news that 15 million benefit claimants' details were compromised by the loss of some computer disks in transit. Apparently the disks were transported "in breach of rules governing data protection" - though it's not clear whether the breach was in transporting the data at all, or in the manner in which it was transported. Mr Gray is acknowledged, by the head of the Civil Service 'First Division Association' as having been in no way personally responsible for the data breach, but as the senior civil servant in the organisation he has recognised that ultimate accountability rests with him.

Several resonances here:

- First, it takes the resignation of a senior civil servant to make one realise just how rare it is for someone in a prominent public position to accept responsibility to such an extent that they feel they have to resign. I mean, there's the occasional politician who is either making a 'grand geste' (I think of Michael Heseltine's 1986  resignation over the Westland question) or just can't stand their boss a moment longer (Geoffrey Howe springs to mind), but I have to think right back to Lord Carrington, who felt that he had failed as Foreign Secretary when the Argentines invaded the Falkland Islands 25 years ago, to come up with a political 'resignation on principle'.

More recently, of course, Sir Ian Blair has repeatedly rejected calls for his resignation. 

-Second, I have to wonder what the HMRC's 'data transfer' procedures are like, particularly compared to, say, the means by which the Audit Commission collects employee salary data from local authorities and passes it to its subcontractors for processing. You might also remember this breach at Torbay Council, in which the strong implication was that the procedure for sending the data to the Audit Commission had been breached because the CD concerned was 'sent in the general post' rather than being sent registered or recorded delivery.

Back in the early 90s, as a Systems Engineer on assignment to Technical Support, I was given responsibility for a line of hardware crypto products. One of my duties was to run a training course for field SEs to introduce them to the ins and outs of the new technology. I held forth enthusiastically on the new device range, extolling the virtues of its tamper-resistance, and going into detail about a new, hardware-enforced method for introducing asymmetry into otherwise symmetric key-pairs. (By analogy... this last feature meant that you could, as it were, give your cleaner a 'copy' of your front door key, but restricted so that it could only lock the front door and not unlock it. Clever stuff.).

Anyway, at one point I made some remark about how this could 'guarantee' that a given person (and only that person) had sent a particular message, and one of my wise old colleagues, the late Stan Peachey, uttered a polite but distinct snort of demurral. "Only if you trust the hardware to enforce the rules correctly... and not really even then". To a young and eager technophile, this was practically blasphemous. How could technology not be the conclusive answer? He was right, of course. After all, if someone has managed to subvert the manufacturing process of the chip, or its microcode, all your subsequent trust may be founded not so much on silicon as on sand (ho ho).

Far-fetched? Well, a couple of recent news stories describe phenomena which look strikingly like a flawed production process for crypto products, albeit in different ways.

One is a warning from Adi Shamir about the potential significance of the most minute inaccuracies in large-number calculations. He points out that in many instances, the manufacturers of hardware may rely on other suppliers for specific mathematical routines, without necessarily having the skill or the inclination to determine whether those work correctly.

The other is Bruce Schneier's piece about inconsistencies in the implementation of random number generation using elliptic curve functions. He notes that the elliptic curve-based random number generator which just happens to have been championed by the NSA just happens to have a set of constants built into it which just happen to have a fatally-weakening relationship with another set of numbers.

Of course, one huge problem is that the apparently suspect parties in incidents like this (in this case, the NSA) won't say anything about whether the apparent inconsistency is real, intentional, harmful, or just an illusion brought on by too many hours of staring into Hilbert space.

All this bears a striking similarity to the long debates about whether the S-boxes in the DES algorithm included a similar NSA-introduced trapdoor. The S-boxes are matrices which describe the pattern of bit-swaps which the algorithm uses to 'shuffle the deck' in a non-random way. Anyone who has made bobbin lace, or rung church bells, will be familiar with such patterns. Anyway, the point was that everyone could see how the S-boxes were laid out, but no-one could work out why... or what the effect was of arranging them in any other way.

Then, in the late 80s/early 90s, Shamir (again) and Biham started to publish papers on a technique called 'differential cryptanalysis', in which a slight but consistent difference is introduced between pairs of 'known plaintexts', which are then fed through the algorithm. The resulting pairs of outputs are then statistically analysed and inferences made about the likely encryption keys. Well, it turned out that a consequence of re-arranging the S-boxes in any way was to greatly increase the algorithm's vulnerability to differential cryptanalysis. In other words, it could be assumed (and was later confirmed) that the algorithm's commercial designers - and the NSA - were aware, in the mid-70s, of crucial design parameters which did not become apparent to anyone else for another 10-15 years.

As it turned out, in this instance the mystery design feature actually contributed to the strength of the algorithm... but that fact first emerged only through third-party analysis; the NSA, then as now, were conspicuously silent.

A little more than a year after the reconstruction of one of the electro-mechanical "Bombe" cryptanalysis machines at Bletchley Park, a fifteen-year project has finally seen the re-creation of the Bombe's electronic successor, Colossus. I saw Colossus while it was still in the early stages of reconstruction, back in about 1999/2000, while being guided on a tour of Bletchley Park by the head of the project, Tony Sale.

If I remember right, the reconstruction of the Colossus machine was in part possible because British Telecom still had a load of valves from obsolete telephone exchange switches. The valves were one of the high-tech parts of Colossus... when we saw it, I have to say that a lot of the visible workings appeared to be made of pram-wheels and ticker-tape.

It was a fascinating tour, and one I'd strongly recommend whether or not you're a computer buff, security geek or crypto nerd. Apart from anything else, there are so many human stories woven in and out of the technological substrate. For instance, there's a wonderful story about an embroidered quilt which now hangs in the main building (at least, I assume it still does). I won't blow the secret, but suffice it to say that the quilt - made by someone who lived at Bletchley Park as a small child - reveals the difficulty of keeping any such large undertaking entirely secret from those living with it day by day.

Many of the people who worked at Bletchley have either died without ever revealing "what they did in the War", or have only finally told their relatives many decades later. I've been told, for instance, that one of my late aunts worked there, spending hours at a time sitting transcribing Morse radio traffic through headphones. Apparently a permanent side-effect of her work was that, if she heard someone tapping their fingers on a table, or clicking the button of a ballpoint pen, she couldn't help mentally 'transcribing' the resulting random dots and dashes into gibberish text... which must have been quite wearing. I mean, imagine sitting on a train and reading advertising hoardings as they flash past the window - but finding that they are all written in anagrams.

You know those Zen questions - like "What's the sound of one hand clapping?", or "What is the meaning of Dharma coming from the West?"...

Well, someone asked me something which could well be a Zen koan of "identity". For background, you also need to know that the point at the beginning of a sumo bout where both fighters spontaneously start the contest is called the "tachi ai", which could be roughly translated as "rising as one". The tachi ai is signalled partly by the routine of the wrestlers entering and leaving the ring several times, purifying it with salt as they enter each time, and partly by the more practical step of both wrestlers placing both fists on the ground in readiness to 'launch'.

What I was asked was:

"If one holds to Western concepts of individual identity, is a real tachi ai possible?"

Answers via the comments function, please...

 

A few weeks ago, a colleague and I were chatting about some of the strange things that can happen when you're travelling (whether for work or not). He suggested I should blog about some of them, so I've decided to start an 'Alarms and Excursions' series which I will try and publish on Fridays. Can't promise I'll have something every week, but let's see how it goes. I'll put them in the "Life..." category (for ease of filtering...).

Sent To Siberia

It's true - I got sent to Siberia once for a week, by a previous employer. This was in the mid-nineties, and while Russia had opened up to an amazing degree, it was still (and probably continues to be) a place where strangeness is commonplace and the weirdness is world-class.

Just to clear one thing up at the outset: I was there in September, not winter, and the weather was, as a result, almost entirely comparable to the England I had just left behind. Several of my colleagues had the full-on Siberian winter experience, and the shared suffering of it bonds them together to this day. One of them got temporarily bonded together himself: his eyes started watering on the walk to the office, and the cold was so intense that his eyelids froze shut. They had to take him by the elbows and steer him into a heated building. I, on the other hand, had it easy.

I have to say, this was the only business trip I've ever been on where I got back and said: "If they ever ask me to go there again, remind me to say 'no'. Don't let me try and justify it - the answer needs to be 'no'".  I hasten to add, this was nothing to do with the people we were working with, who were kind, fascinating and hospitable. It was just an accumulation of stress factors - the consequences of which we'll come to in a moment.

Part of the problem was a distinct lack of sleep. I was there to teach a week-long course, so the tendency was to turn in fairly early rather than going wild in the evening. The opportunities to go wild of an evening in Irkutsk were not plentiful - but they existed, and unfortunately most of them were located in our hotel. There was the disco, for instance, which would keep the local high-rollers noisily occupied until it was time for the next stop: the casino.

By the time the casino chucked them out in the small hours, most had had a fair bit to drink, some would have started fights, there was occasional shootings, though not while I was there. All this, though was just a prelude to the next phase of the night's entertainment: 4x4 racing in the hotel car park.

For this, you need: several like-minded buddies and an appreciative clutch of lightly-clad female admirers; a couple of cars parked so as to light up the car park with their headlights; another one with the doors open and the stereo cranked up to maximum, for sound-track; then you're all set for a couple of hours of fun... usually between about midnight and 2am.

I was surprised at how ill-fitting the single-glazed windows were, for a Siberian hotel room; certainly not much good at muting the stereo, the screech of tyres or the revving of engines.

Once the drag-racing dies down, there's an opportunity for a couple of hours of sleep - but then the trans-Siberian Express arrives at the railway station across the river, and as it's now so quiet, all the noise of the shunting, station tannoy, freight-handling and so on bounces across the river beautifully and in through the leaky single-glazed windows. So no sleep for another hour or so, by which time the cheerful grey light of dawn is starting to pour in through the thin 70s-orange curtains.

On the last day of the course, the participants had been hoping to knock off early and take a 'booze cruise' down to Lake Baikal, but due to the intransigence of one of their colleagues earlier in the week, progress had been so slow that there was no time for this. A lucky escape from vodka-overdose, we thought, heading back to the hotel. But there was no escape. The drinking just took place in the hotel bar instead. It all went manageably well until, shortly before midnight, the project manager phoned his partner in the UK and got the happy news that she was pregnant. Well, that was it. A fresh set of vodka-bottle tops was removed, crushed and discarded with flair, and we started all over again.

Such sleep as the alcohol allowed that night was fitted, as usual, into the period between the 4x4 racing and the station tannoy, at which point we were off to the airport for the 7am flight to Moscow. It was not a good flight. The combined effects of a week of sleep-deprivation, generally odd food, the previous night's over-indulgence and general stress-rebound were overwhelming.

Actually, I lie: the flight itself was merely uncomfortable. The taxi-ride from Sheremetyevo to the hotel in Moscow was what finished me off. About 5 minutes from the hotel I started to get tunnel vision. My fingers were tingling, and by the time the taxi pulled up I couldn't feel my extremities. "Clive", I said, "I'm afraid you're going to have to pay for the taxi... I can't see."

I sat on the kerb while he did that, and gradually my vision returned. I was still quite groggy, though, so once we got into the beautiful lobby of the hotel (all marble and suede), I put my coat on one of the sofas, lay on the floor and but my feet on my coat, to get them higher than my head. My colleague deployed his Amex card to get us some orange juice, and ministered to me with Dioralyte. Clive, you're a tsar.

The lobby was regularly patrolled by several pairs of security guards who looked like they had just been de-mobbed from the Spetsnaz. My strange behaviour didn't elicit the slightest reaction from them.

You have to try harder than that to get a flicker out of a Muscovite's weird-shit-o-meter.

From "Notes on Hilbert Space", here.

DEFINITION: A Hilbert space is an inner product space which,
as a metric space, is complete.

We will not present an exhaustive "mathematical" discussion of this
subject. Rather, by using examples and analogies, hopefully you will feel more "at
ease" with "Hilbert space" at the end of this short discussion.

REMARKS:

(1) Consider the space of functions, , where f is a "square-integrable"
complex-valued function on the real interval [a,b], ie, This space will be denoted as
.
One can directly verify that is a complex vector space, ie, , etc. We will return to clarify
in what sense one can "visualize a function as a vector".

(2) By introducing a "dot-product", this complex vector space becomes
an inner product space. This inner product provides us with a positive definite
"norm" for each vector,

(3) Define a "distance" between two functions by . This turns into a metric space. We
shall explain the fact that is a Hilbert space next.

OK - the 'Definition' sentence consists of words which look normal, but when you read it they just turn into a sort of "wah wah wah" noise like Charlie Brown's teacher. The sentence I have highlighted in orange lulled me into an entirely false sense of security, which persisted right up to the word "functions" a few lines further down. The author may be of the view that what follows is not a "mathematical" discussion, but it certainly isn't a discussion in anything a non-mathematician like me understands.

(On the other hand, I bet he can't ask for a beer and a receipt in as many languages as I can...)

ho hum

The government has announced that half a dozen of its private-sector clinic projects will be scrapped before initiation, as well as shutting down another which is already operational. For context: of around 60 deals in the first two waves, two have already been cancelled, about 40 are still running, and 10 more have just been given the go-ahead. The broader picture is that the Health Secretary, Alan Johnson, has announced that there will not be a third wave of such projects.

These private-sector service providers essentially provide out-sourced diagnostics and treatment for the National Health Service (NHS), such as MRI scans, hip replacements and cataract operations. One cricitism levels at the programme is that the contracts drawn up often pay a 'bulk rate' for the operations - including a profit margin - in advance, regardless of either service utilisation or success rates.

From my perspective, two implications leap out of this announcement.

First, the cancellation of some of the projects (and the announcement that there won't be a third wave) will cast doubt on the health care provision strategy in areas such as the one where I live. Here, local healthcare services have been drastically cut back before any replacement provision has been put in place. To illustrate the scale of the issue: a search on the website rather inappropriately named "NHS Choices" displays a promising list of 'hits' for local hospitals... but you have to page down to page 5 before you find one which has an Accident and Emergency unit, and it's 13 miles from here in the middle of a busy city. Not the easiest place to get to in case of... well, an accident, say, or an emergency.

The nearest Minor Injuries Unit is five miles away. As the front page of the Primary Care Trust's (PCT - regional healthcare administrative body) website announces: "The Minor Injuries Units at Devizes, Savernake, Warminster, Melksham and Westbury have been closed." There are now two minor injuries units in the county. The announcement concludes by claiming that "The new arrangements will
ensure safe, high quality care consistently, as patients and health
staff will know what is available and when"... rather glossing over the question of how safe, high quality care is enhanced if it is not accessible.

It would be rather less irritating if they simply said "we've closed most of the Minor Injuries Units because we couldn't afford to run them" - as opposed to trying to dress it up as a positive benefit. "It's much easier for you to know what MIU care is available now, because there's so much less of it".

The second implication is that private sector firms doing business with the government will be keeping a very careful eye on the cancellation clauses in these healthcare contracts. Not only do the service providers get paid whether or not they successfully treat anyone, there are also probably compensation fees which fall due if the contract is cancelled prematurely. I say 'probably' because the details are veiled behind a claim of 'commercial sensitivity'.

If any of this rings a bell, it may be because very similar language was used about the cost projections for the national ID Card scheme. Not only were the initial budget estimates hidden behind a similar veil, but there has since been the commitment from the Conservatives and Lib Dems that, given the opportunity, they will cancel any ID Card procurement contracts entered into by the current government. The outcome of the NHS cancellations may therefore be of considerable interest to companies entering into the procurement phase of the ID Card programme.

You couldn't make this stuff up.

[News item with reference to simulated sex; do not follow the link if you are easily offended]

UrbanDictionary definition of the slang term "bike". Again, please do not follow link if you find gender-specific sexual references offensive.

As the government prepares for another attempt to increase the 28-day limit on detention without charge for terror suspects, there are two linked measures which need to be carefully looked at. 

The first is the 'headline' measure: it seems likely that they will press for the current 28-day limit (already longer than in any other Western democracy) either to be doubled, or raised to 58 days - to consist of the current 28 days plus a 30-day 'emergency powers' extension. The media I've scanned seem unclear about exactly what  'emergency powers' detention is already possible under current legislation, but as far as I can gather, the government wants the ability to add this 30-day extension onto terrorist suspects' detention period without having to declare a state of emergency. Why does that conjure up a mental image of General Musharraf?

The second is Gordon Brown's trademark 'stealth' measure: it is the proposal to allow police to continue to question a suspect after that person has been charged. You could be forgiven for not having spotted that in the Queen's Speech, as it only surfaced, Nessie-like, in the following oblique reference: "My Government will seek a consensus on
changes to the law on terrorism so that the police and other agencies
have the powers they need to protect the public, whilst preserving
essential rights and liberties." 

The reason I describe this as a stealth proposal is that few people are even aware that the police currently have to stop questioning a suspect once a charge has been laid: from that point on, the case is considered to be 'sub judice' ('under the control of a judge'), and the police must gather their evidence from sources other than direct questioning of the suspect.

The two proposals are intimately linked, because police are reluctant to charge someone in time to meet the current 28-day limit if that means they have to stop questioning the suspect from that point on. However, this suggests the flaw in the logic - at least as it is being presented so far. We are told that 28 days is not enough to uncover all the details of complex conspiracies, or conduct forensic examinations of potential evidence such as encrypted hard disks. But of course, neither of those steps necessarily depends on questioning of the suspect... so could legitimately continue after that suspect has been charged.

I can't help feeling that, once again, the citizen is being bamboozled with spurious linkages between legislative measures which are being entangled only in the hope that we'll think it's all too complicated and leave it up to those nice politicians. But then, I'm nasty and sceptical like that.

In a couple of weeks, as a token of my dedication to my work and my employer, I will once again put my life in the hands of others and enter the high-risk environment that is Heathrow Airport. Today, following up on Gordon Brown's speech, Transport Secretary Ruth Kelly has announced plans for changes to the security measures in place at the airport.

Apparently UK airports are to be allowed to relax the current rule which specifies that passengers may take only one item of hand luggage on board. Hurrah.I specify UK airports, because they are the only ones to think this policy makes sense.

The same restrictions will apply to what is inside the hand luggage (no liquids, creams, lotions, potions, balms, liniments or embrocations, etc.), and as at present, once you're through that screening you can buy as much volatile liquid as duty-free will sell you, whether in the form of booze, aftershave or whatever.

However, there are conditions: before they are allowed to relax the restriction, airports will have to demonstrate that they 'have the facilities to handle the extra baggage'. Ms Kelly expects this to encompass 'new technology, operational improvements and unexploited capacity in the system'. With all due respect to the Minister, doesn't she think that if Heathrow had those options they would have tried them by now?

I have a couple of issues with the security screening arrangements as they stand at the moment anyway. Mostly, they boil down to the fact that much ot the screening is either senseless or actively risk-inducing. Let me give you a couple of examples from recent experience.

First: you can take, say, a small tube of toothpaste with you in your carry-on luggage, provided you first remove it from your bag and put it in a clear zip-lock one. This is clearly far more secure than declaring that you have a small tube of toothpaste, showing it to the screening officer and putting it through the x-ray tunnel. My small tube of toothpaste was confiscated at Bristol Airport because I did not have a zip-lock bag to put it in. If I had been able to put it into a zip-lock bag in front of the officer, I could have kept it.

Second: does it make any difference whether you take one bag or two on board with you? Clearly not; the first time I encountered this rule I had two things with me - a computer back-pack, and a smaller bag with a paperback, MP3 player, earplugs, etc.. With a little effort, I simply jammed it on top of everything in the back-pack. I still took the same things on board - they were just arranged slightly differently.

I don't buy the argument that this speeds up the scanning process, either. The progress of the bags through the machine is not the critical factor. Far more time is spent on the following routine: remove one or more outer garments at the whim of the security officer; remove shoes (depending on airport, security officer or whether the month has an 'R' in it); prominently display zip-lock bag with small tube of toothpaste; remove laptop from bag and place in separate tray; empty pockets of coins, keys, phones, wallets (?), passports (?), foil packets of peanuts (not kidding... Paris CDG, 2003), and so on.

Oh, and my favourite: wait while the person in front goes through, sets off metal detector, comes back, takes off belt, goes through, sets off metal detector, removes watch and piercing, goes through, sets of metal detector and then, with a look of blissful enlightenment, removes Large Metal Object from pocket and asks if 'this could be it?'. Why my queue... why always my queue?

Anyway, bottom line: the one-bag limit is a nonsense and has been since its inception; the queuing area created by the security screening process represents the highest density of un-screened, bag-carrying humanity in the entire airport, and thus the highest risk to the public and the staff.

The problem Ms Kelly faces is this: in order to make space for the pre-screening, the boarding-pass check, the hand-luggage and personal screening, the shoe-scanning machines and the outbound passport check, airports would have to sacrifice their most precious asset. No, not passsenger lives, silly... retail space.

Footnote. Other things I have taken through hand-luggage screening - mostly genuinely unintentionally. I'm not going to say which airports, but these were all within the last 2 years:

- Extremely sharp locking knife with a 1-inch blade - at least as dangerous as a box-cutter;

- 2 miniatures of brandy (pocketed from the outbound flight);

- scalpel blade, in the form of one of those plastic letter-openers you get as conference freebies;

- 5.56mm brass cartridge casing. Fired, and empty, but still... you'd think the distinctive shape might at least raise an eyebrow.

The first two of these were one-offs. The last two have made multiple trips to all kinds of destinations. 

So if you hear a sharp yelp of agony at Heathrow in a couple of weeks' time, that will be me getting the full treatment from the screening staff as a result of this blog post... 

Security Minister Lord West, appointed by Gordon Brown in July, is in the news today over his views on the 28-day limit on detention of terrorist suspects. Back in July, he expressed the view that the 28-day limit (already the longest in any Western democracy, and double the previous 14 days) should be increased, citing the complexity of the problem faced by the security forces.

This morning, apparently, he said that he wouldn't push for such an extension - unless he was totally convinced of the need for it. "I still need to be fully convinced that we absolutely need more than 28 days", he is reported to have said. Within an hour and a half of having set out his position, he had had a half-hour meeting with Gordon Brown and reverted to his July position: "I personally, absolutely believe that within the next two or three years we will require more than [28 days] for one of those complex plots".

The Daily Telegraph seems to have no difficulty reading between the lines on this one, to the effect that Lord West was on the carpet in front of Gordon's desk so fast he probably didn't even have time to stuff a protective exercise-book down the seat of his trousers before the caning began.

More serious than the PM's instinctive reversion to news management, though, is surely the plan for which he and the Security Minister are softening us up. Counter-terrorism measures will, in future, apparently govern road layouts, building design and specifications for materials such as glass. These are measures on which we 'can spend the national wealth' - implying that we are diverting it away from other things like local provision of health-care, closing the 'black hole' of state pension provision, and so on.

So the terrorists have won, then.

As I mentioned in my previous post, the Corner House group went to the High Court on Friday to request a judicial review of the Serious Fraud Office's decision to abandon an investigation into allegations of bribery in a £43bn arms deal between BAe and Saudi Arabia. Among other things, the group wishes to establish whether the SFO was justified in claiming that it would harm national security to proceed with the investigation, whether that argument in turn was the result of undue political pressure, and whether the whole affair puts the UK in breach of the OECD convention against bribery. The judge approved their request, noting that the case "cries out for a hearing".

The deal in question dates back to 1985, so it pre-dates what, in a delightfully waspish piece, Matthew Norman of The Independent describes as 'the mythic New Labour era of "ethical foreign policy"'. Indeed, the current guardian of Britain's foreign policy, David Miliband, was only 20 at the time. We can't really blame him for the original deal, then, or whatever subsequent allegations may be levelled at the SFO over its conduct in the matter. But what if similar circumstances were to arise again?

Mr Miliband was brave enough to allow his first speech as Foreign Secretary to be co-hosted by civil advocacy group Avaaz, and perhaps the Q&A there is instructive. One of his comments on ethical foreign policy was to note that "we sometimes need to decide whether to engage with countries to pursue our goals or to break off dealings with them and take a principled, declaratory stance".

Fair enough; obviously, it seems that in this instance the decision was not for the principled stance... so let's look to his other remarks to see what might argue for 'continued engagement'. Well, he refers to human rights, so perhaps there's a lot of common ground between him and the Saudis on that one.

Yes, well... moving on: he also makes all his remarks in the context of 'values and interests'.

That, presumably, is where the judicial review's focus on 'shared interests', national security and Middle-East unrest will be of most relevance. But if one removes oil, money and Middle East regional politics from the equation, maybe Mr Miliband would be guided instead by shared values. Let's have a look at those.

We're allowed to drink, eat pork products, gamble and look at naked bodies - but we're not allowed to dismember thieves, take multiple wives or stone the latter should they prove adulterous. We have ASBOs, but we don't have a Committee for the Propagation of Virtue and the Prevention of Vice (more's the pity, perhaps); if we did, it probably wouldn't be the agent of summary public corporal punishment, which is increasingly unfashionable.

Female clothing in the UK is often less modest than in the Saudi Kingdom, but on the other hand, British men generally wear trousers in public unless they are clergymen (in which case a Saudi-style dress may be appropriate).

Both countries have laws relating to blasphemy, though in practice in the UK, blasphemy is considered a matter of poor manners rather than grounds for a summary death sentence. It is acceptable for British works of art to include representations of the human form, whether or not they depict religious figures. It is acceptable for symbols such as crosses to appear in newspapers, on calendars and on the sides of toy ambulances. The same latitude is extended to other symbols.

Women in the UK may go out in public unaccompanied, or accompanied by male non-relatives; they may work, drive, vote and run the country. Both countries are monarchies, but in the UK, that includes the possibility that the monarch might be female.

Well, maybe Mr Miliband has some other, better list of shared values which he'll be able to refer to should the need arise.

You might remember previous posts about the fishy way in which the UK government halted a corruption probe into an arms deal between BAe and the Saudis. Today, a UK-based pressure group on environmental and social justice, the Corner House research group, will go to the High Court to argue that that decision should be subjected to a judicial review.

They will cite two principal factors: first, that the decision breached the OECD Anti-Bribery Convention, and second, that the government's contention that 'allowing the enquiry to proceed would jeopardise national security' was bogus.

When the UK decision resulting in the Serious Fraud Office abandoning its investigations, the US Dept of Justice launched a criminal inquiry into the case, to investigate BAe's compliance with US anti-corruption laws.

Whatever emerges from this long-running episode, it provides a very good study into the complexity of cross-border jurisdictional issues - and whatever one's view on the international arms trade, the broader picture is that there are many other spheres of life in which cross-border jurisdictional issues will arise, and need to be addressed much more effectively than they currently seem to be.

Think of the vast range of activities in which cross-border activity exploits the fact that law (and law enforcement) differs widely from country to country: protection of intellectual property, copyright, trademarks, media piracy, publication of obscene material, identity theft and identity fraud, money laundering, hacking, spam, propagation of viruses bots and trojans, bandwidth theft, censorship, suppression of free speech, invasion of privacy, and the list could go on and on.

I know I've cited it before, but Jeffrey Robinson's summary is hard to beat:

"As long as we persist with a C17th idea of the nation-state, a C18th
judiciary and C19th law enforcement, the C21st will belong to organised
crime".

The odd thing is to look at who, in this instance, appears to be fighting for things to stay that way.
 

I am not alone. It seems there was some confusion yesterday (including in the BBC article which I quoted at the time) over whether the projected cost of the national identity scheme had gone up by £71m or down by the same amount. Fortunately, the London School of Economics (LSE) has people who are numerate and thorough enough to pore over the figures and confirm that - in this report at least - the estimates have been adjusted downwards.

Either way this would tend, would it not, to re-inforce the view that the current reports are opaque to the point of uselessness. And before Richard Veryard gets in with it, let me pre-empt his comment: POSIWID... Purpose Of System Is What It Does.   See, Richard... I'm learning, slowly  ;^) 

As this BBC news story indicates, the latest of the 6-monthly cost forecasts required under the ID Cards Bill has just been published. It took me a while to find the document itself, though, so here's a link to save you the bother.

Many years ago I worked in a Technical Support organisation which was reputed (a little unfairly) to be somewhat hard to deal with. Someone once pithily described it as "providing all assistance short of actual help". Well, that's rather how I feel about these 6-monthly cost forecasts. They probably fulfil the letter of the requirements laid out by the Bill, but if anything I've been told about policymakers is true, few if any of them will have the time or the inclination to work through these reports and turn the various sets of tabulated and charted figures into useful decision support material. As they stand, they are not very helpful.

To give a couple of examples:

- the BBC story reports the bottom-line news that, over-all, the projected cost of the scheme has risen by £71m to £5.612bn. You might think that those numbers would appear somewhere as a summary line-item in the report, but they don't. In fact, they don't appear anywhere in it. To derive them for yourself, you have to take one figure from one of three tables describing costs relating to British and Irish citizens resident in the UK (on page 10) and another figure from one of three tables describing the "incremental estimated resource costs for providing ID cards to foreign nationals applying to extend their leave in the UK" (on page 14) and add them together, then do the same for the previous estimates and compare the two.

- there's also a table (helpfully oriented at 90% to the page layout) which sets out the estimated costs, year by year over the next 10 years, of providing ID Cards and Passports to UK citizens. It has three lines: one for passport-only costs, one for ID Card-only costs, and one for common costs. Good as far as it goes, but this illustrates two things.

First, there continues to be a highly confusing degree of intersection between the costs relating to a discretionary document (the passport) which must meet requirements set out by ICAO - an international body of which the UK is a member - and the costs relating to the UK identity card - a to all intents compulsory credential to be issued to UK standards. The practical argument for separating these two schemes entirely is almost certainly stronger than the one for combining them - but that's not the same as the policy argument for combining them.

Second, again, the raw data can be useful, but it could be much more so. A few years ago, for reasons I've never fathomed, I started receiving a bulletin with Bank of England exchange rate forecasts in it, laid out both in figures and as a graph. The graph showed an 'expected exchange rate', modified by various percentages. The further out the forecasts went in time, the wider the percentage bands became. Over-all, the graph looked rather like a fan opening out from left to right. At a glance, one could see the expected future rate, the most optimistic and pessimistic forecasts, and the various bandings in between.

The same principle could very easily be applied to the ID Card costings, to cover both forecast data and the historical record of 'expected versus actual' estimates - but it is not. The result is a needlessly complicated snapshot which provides neither an 'at a glance' summary of current status, nor useful information about how reliable previous forecasts have been.

I can't see it being of any real use to policymakers... but then, thinking back to yesterday's post, perhaps it isn't meant to be.

I wonder how Her Majesty prepares for a day spent wearing hot and uncomfortable ceremonial attire to read a pre-trailed and formulaic speech written by someone else's speechwriter. Anti-depressants, perhaps.  

There was nothing about the ID Cards programme in this, Gordon Brown's first Queen's Speech - but there are a couple of reasons why that shouldn't surprise us:

- first, all the primary legislation is already in place in the ID Cards Bill. The secondary legislative measures won't need to go near Parliament, much less into the Queen's Speech;

- second, the reality is that the ID Cards programme has always been more notable for what has not reached the public domain than what has. Think of the KPMG audit report on cost forecasts, the successive findings of project 'Gateway Reviews', the Crosby Report on commercial-sector exploitation, all of which have disappeared without trace.

This 'information parsimony' creates a hot-bed for speculation. What has become of the Crosby Report [IdealGovernment blog] which, after all, was instigated by Gordon Brown before he became PM? What were his hopes and aims when he initiated it? I have to say right here, I don't have the answer to either of those questions, and I'm not expecting an explanatory phone call from Gordon any time soon. Like everyone else, I have to rely on reading the tea-leaves... such as the recent report [Guardian Online] that he has called for a technology review of the programme.

Let's, for a moment, hypothetically assume that, once again, what's not being said is more significant than what is. By implication, that would mean that actually his primary concern lies elsewhere. We can probably rule out financial, as he has had all the opportunities available to pull the plug on that basis. Broadly speaking, that would leave policy, legislative, regulatory, governance, enforcement, best practice, public adoption issues or practical concerns.

I like what one might conjecture to be his thinking. His hypothetical logic might well be incontrovertible.

Any one of those areas is at least as much a potential landmine as any technological shortcoming. That's why, in forums such as the Liberty Alliance, the Enterprise Privacy Group, Kable and elsewhere, such considerable time and effort are devoted to the non-technical issues which are such a critical component of any large-scale identity management system, as well as the way in which they and the technology must intersect.

Unfortunately, when the PM relies on explicit communication, as in his recent speech to the University of Westminster, his view of personal identity appears to be backward-looking, rather than one in which the potential benefits of new identity technology are made accessible to the citizen and not just the state. 

With apologies to The Clash...

As the media discussion continues over whether the Commissioner of the Metropolitan Police should resign, now that his force has been found guilty of endangering the public, some of the radio coverage I've heard raises another question.

Many of those defending Sir Ian Blair this morning referred to the mistaken shooting of Mr de Menezes as 'a one-off', 'unique'; heck, even the judge described it as "an isolated breach brought about by quite extraordinary circumstances".

Isn't that rather at odds with what we have been being told about the threat level faced by the UK? A threat level, incidentally, which has been repeatedly cited in support of legislative measures which erode civil rights.

Consider, for instance, the other recent news story - the Law Lords' ruling that the current regime of control orders must be re-thought. (Control orders are restraint orders which can be imposed where an individual is considered to represent a potential threat to security, but there isn't enough evidence to actually charge them with an offence...).

Apparently the Law Lords consider that it is unfair to impose an 18-hour-a-day curfew on an individual under a control order, but 16 hours might be OK. Think for a moment about the implications of that: it effectively bars anyone under a control order from full time employment. Oh, and they can't get a job where tele-commuting is a viable option, because the control orders forbid them from having internet access.

The system has some serious shortcomings: seven out of up to 30 subjects of control orders have simply legged it and disappeared. It's also riddled with inconsistency: when one man absconded after being issued with a control order, the Home Office said he was "not believed to represent a direct threat to the public in the UK". Which seems like a somewhat gauzy justification for placing someone under effective house arrest.

Incidentally, if the "Blair must go" story is giving you a cognitive feedback loop...
Sir Ian Blair (Met Commissioner) is the one still in the headlines who
would rather he wasn't. Tony Blair (ex PM) is the one who has vanished
from the headlines and probably wishes he hadn't. To refresh your
memory, have a look at his great cover of the same Clash number.

I've blogged several times about the police shooting, in July 2005, of Jean Charles de Menezes in London. The initial enquiry concluded that there was no basis for a murder or manslaughter trial, and so the prosecution which ended today was brought under Health and Safety legislation. The verdict was that the Metropolitan Police as guilty of endangering the public by its conduct of the operation. There will now be an inquest into Mr de Menezes' death - one of the verdicts available to an inquest is that of 'unlawful killing'.

Some of the evidence which has emerged from the trial again poses serious questions about why events on the day took the many turns they did to lead eventually to their fatal outcome. For instance, the BBC reports that, right at the outset (04:55) the Met's incident Commander on duty, while setting up the stakeout on their suspect's block of flats, issued an order that officers were 'to stop everyone elaving the building'.

Yet, when Mr de Menezes emerged from that building at 09:33, he was not only not stopped, but made a half-hour journey (including two bus-rides) through South London before entering the tube station where he would be shot. Bearing in mind that the main 'trigger event' for the stakeout was the failed bus-bombings of the previous day, this seems strange - both in terms of effective enforcement, and in relation to the order issued 5 hours previously.

There were also numerous communications failures along the way, including the fact that once the surveillance and armed-response officers went down into the underground system, they had no radio contact with the command and control system. Again, in the context of the 7/7 underground bombings, this seems another strange contingency to have failed to cover.

The Met's Commissioner, Sir Ian Blair, said that the case had produced no evidence that the shooting was the result of systemic failures, so he was not inclined to offer his resignation in the wake of the guilty verdict.