Robin Wilton's esoterica

Every so often news appears which restores one's faith in our great national institutions.

Hugh Grant will not be prosecuted over allegations that he kicked a photographer and threw a tub of baked beans at him. One does not have to read far between the lines to guess that Mr Grant, whose relationship with the press has often - if I can put it this way - been prickly in the privacy area, may have been reacting to perceived intrusive behaviour.

The photographer, a Mr Whittaker of the Daily Star, is reported as saying that he was trying to get photographs of Mr Grant's former partner, Liz Hurley, who lives nearby. He is also reported as saying "I politely asked [Mr Grant] if I could take a picture of him and if he’d smile for the camera. Suddenly he’s following me down the road and hurling abuse. He kicks me three times then knees me near the groin". However, it was an alleged abusive comment which "really upset me and is why I went to the police to make a complaint of assault against him".

With comparable dignified reserve, a spokeswoman for the Crown Prosecution Service explained the decision not to prosecute over the alleged kickings:

"This is because there were clear discrepancies between the accounts of independent witnesses and those of the photographers involved. In relation to a second allegation involving a take away food container, the CPS decided that a prosecution would not be in the public interest."

She added that "the minimal nature of the alleged assault and the lack of pre-meditation on the part of Mr Grant" were also among the reasons for the decision not to prosecute over the bean-throwing claim.

You can practically hear the tetchy questioning from the Bench:

Mr Justice Crust: "What is this 'take away food' to which counsel refers?"

Counsel: "M'Lud, certain restaurants will prepare food and then place it in disposable containers for the customer to take home, thus obviating the need to cook, or to wash crockery."

Mr Justice Crust: "And these 'baked beans' are considered a delicacy worth procuring in such a way?"

Counsel: "They are very popular in some circles, M'Lud."

Mr Justice Crust: "Not least, I take it, for their ballistic properties..."

[Laughter in court] 

So there you have it. If you do decide to assault someone (allegedly), the key to staying out of the nick is to use only a small tub of beans, and not to plan ahead.

Some years ago I heard a fascinating presentation by John Almonds, then Director of Security at BT; he was describing (among other things) cases of fraud prevention involving mobile phones and premium-rate phone lines. The setup his staff discovered in one building was a rack of mobile phones, all dialling out (unattended) to premium-rate numbers. The phones were stolen handsets with cloned SIMs. OK, so why would anyone want to dial a dozen dubious chat lines at a time? Easy - it makes a lot of money at the SIM-owner's expense... provided you are the owner of the premium-rate number.

Conclusion: if you're prepared to turn some of your starting assumptions upside down, you will often find a perfectly rational motivation for subverting an existing system.

Wind forward a few years, and on this blog you will several times have heard me ranting about the lack of a truly anonymous ballot system in English elections.

Starting assumption: a voter in a democratic election, provided they can be confident that their vote will count once and only once, will want that vote to be anonymous - that is, it should not be possible to link a given ballot paper back to the identity of the person who cast it. Turn that assumption on its head: why would a democratic voter positively want to be able to prove that they had voted one way rather than another?

Answer: because someone might be prepared to pay them to do so, if they could prove how they had voted.

Hence the ban on camera-phones in polling booths in the recent elections in Italy.

A committee of MPs has issued a report critical of the outcomes produced by the current programme of national testing on the 'core curriculum' of English, Maths and Science. The committee says that an initial goal of using SATs to measure pupils' progress has been over-ridden by counter-productive consequences such as schools 'teaching to the test' in order to make their own statistics look good, and that the results have been bad for theeducation of the children themselves. 

There is direct evidence that SATs are not materially helpful in improving outcomes. One problem is that if an able pupil "over-achieves" on SATs in the early years, the school can, bluntly, afford to ignore that child in the knowledge that their over-all result statistics will not suffer as a consequence. The result is that there is then no year-on-year improvement, and a child who has initially performed at a level in advance of actual age can 'coast' - still scoring acceptably on SATs from the school's perspective, but not acquiring basic learning skills which will be vital in later stages. The school may note that the child "appears not to try very hard", but as long as they are not actively disruptive in class, nothing is likely to happen.

The real problem in this case is when the child has some specific learning difficulty - masked by innate ability and not revealed through the relatively blunt instrument of SATs. In that case, any underlying problem may go un-noticed and therefore un-addressed for years... at which point it's either too late, or requires an inordinate amount of remedial work.

Do the SATs results deliver greater accountability on the part of the school? Absolutely not. The parents can't go to them and say "you are failing this child", because the school will simply point at SATs results which are still average or above. Do they make it possible to exercise parental choice? Absolutely not. If the parents move the child to another school, they will face exactly the same problem.

Broken As Designed.

I was lucky enough to see Humph play live. What a talent, musically, comically... and what a loss.

He's made it to Mornington Crescent at last.

"Remember - a National Insurance number is not proof of identity"

Source: DWP website  

A quick question: have you used your National Insurance Number (NINO) lately?

Follow-up question: if we discount using it for taking up a new job or submitting your tax return*, when was the last time you used it, and what for?

Reason I ask: the minister responsible for the ID Card Scheme, Meg Hillier, has - both times I've heard her speak recently - cited this as a use-case in support of the ID Card: that NI numbers are needed so frequently that any citizen would be happy to have them encapsulated in a robust credential. That certainly doesn't reflect my own personal NINO usage, but it could be that I'm un-representative.

It seems that citizens' National Insurance Numbers will be among the data items held on the card itself (as opposed to held in the National Identity Register but not on the card)... unless I'm misunderstanding her, which is quite possible. I got the opportunity, on Wednesday, to make that point to her in person at one of the consultation workshops currently being run by the Identity and Passport Service (IPS).

What I suggested was this: if you take the recurrent questions of "What is it for?", "What data is held?", "Who has access?", and "Is it compulsory?", the answers are critically and substantially different depending on whether one is talking about the ID Card, the biometric passport, or the National Identity Register (NIR). Unfortunately in almost all policy-level statements these three things - and particularly the ID Card and the NIR - are talked about as if they were indistinguishable (and I'm afraid Wednesday was no exception).

Having said all that, the Home Secretary's recent publication of the implementation plan may signal some real changes in approach. Of course, as the BBC's Nick Robinson astutely points out here, all that does politically is divide opinion between those who take the implementation plan as a sign that there's a real move away from the all-encompassing system catered for by the primary legislation, and those who think that there's no real change in the government's aims for the National Identity Scheme as a whole, just a rather less bulldozering plan for putting it into effect...

And there's the dilemma. If this is perceived as just a more subtle attempt to introduce a panoptical and intrusive system which can track the use of any designated credential, then opponents are unlikely to be appeased. On the other proverbial prong of the cleft stick; if Ms Smith and Ms Hillier really have an appetite for scaling back on the aims of the Scheme as a whole, it opens up a gap between what the enacted legislation allows for and what they intend to put into practice. Opponents will still be unappeased, because they will want to know what the point is of keeping draconian legislation on the statute books if you don't intend to put it into practice.

This is quite fun, if you have a few minutes to fritter away. The Identity Management product suite folks have come up with a Pacman-style game where you use the various product 'power-ups' to chase your way through different user types and IDM hazards (such as disgruntled former employees and the dreaded Auditors...). Be careful, though, the colour of the power-up makes a difference to who you should chase next!

... now, what was the question?

A couple of 'identity database' stories hit the news recently: first, there are calls for the government to abandon plans for the life-long retention of an educational achievement record for all students currently aged 14 and under. At the same time, the "Responsibility in Gambling" Trust is calling for the creation of a national database of 'problem gamblers', so that gamblers who ask to be 'self-excluded' from one bookmaker's betting systems can be barred from all the others as well.

As far as the educational records database goes, I think the public is starting, thanks to several recent incidents, to get a pretty good grip on the right questions to be asking about proposals such as this. For example, is the personal data which is to be stored proportionate to the reason for storing it? The Learning and Skills Council database is apparently to contain "only hold factual information such as name, surname, age, postcode, qualifications achieved and courses attended".

Postcode? Isn't that a bit ephemeral? I'm a very long way from having the same postcode as I did the last time I took an exam. The postcode can't be in there to provide an index value, because every student will be assigned a 'lifelong "learner number"' for that purpose, whether or not they subsequently turn out to be a lifelong learner... though the LSC deny that this amounts to an 'ID card by the back door'.

What about the length of time for which it is to be stored? In this case, records are to be kept for the individual's entire working life. I don't know about you, but for all practical purposes (and pretty tenuous they were, too...) I have already forgotten all the Latin I learnt up to the age of 15, so what earthly good it would do anyone now to know what exam grade I got at O level is quite beyond me. On the other hand, I have no academic qualifications whatsoever in computing, IT security, cryptography, cryptographic key management and systems design... so in my case, the record would be entirely silent on those topics, which are arguably of far more practical use to anyone who would be entitled to look at my educational record.

What degree of consent and control can the data subject exercise over whether the data is held, who else is able to access it, and so on? How does that compare to the consent and control an individual is able to exercise over a set of paper exam result certificates? Some countries have systems which provide each citizen with a 'digital lock-box' into which they can put - at their discretion - electronic and digitally certified versions of documents which they might want to produce later on. That seems to me to represent a very interesting re-balancing of capabilities between the data subject and the public body, and one which might do more to convince the public that there is direct benefit to them in the storing of personal data.

Coming back to the database of problem gamblers; I in no way wish to downplay the problem of gambling addiction - it is clearly something which can devastate the lives of those affected and anyone financially co-dependent.  Coverage of the current story has publicised the case of one Graham Calvert, who is suing a bookmaker's firm for failing to exclude him after he had expressed a wish to be barred from gambling with them. Given that he apparently opened a new account in order to be able to resume his gambling, one might feel there was a certain amount of contributory negligence involved.

More recently, this week's "the answer's a database" story concerns the NSDR, or National Staff Dismissal Register. This goes live later in May, and will record details of employees who have been dismissed following charges of  "stealing, forgery, fraud, damaging company property or causing a loss to their employers and suppliers" - whether or not those charges have culminated in a conviction.

One argument, I suppose, will be that if the employer (and the police) conclude that there isn't enough evidence for a conviction, or that dismissal is punishment enough, then there's little to be gained by saddling the dismissed employee with a permanent criminal record. On that basis, though, other aspects of the scheme seem quite undesirable: for instance, the TUC and human rights group Liberty both express concerns that the scheme lacks enough governance measures to protect against false accusation - which could leave just as damaging a blot on the employment record of the accused. Similarly, employees who leave before a disciplinary hearing takes place will also have that recorded on the database... in other words, they risk being blacklisted despit ethe fact that there hasn't been a finding against them.

What looks particularly worrying is the response of the scheme's Chief Executive, Mike Schuck of AABC (Action Against Business Crime), to the point about unsubstantiated allegations. He is quoted as saying that if there's a dispute between an employee and employer about whether an [alleged] incident took place, "the worker will be able to appeal to the Information Commissioner's Office. We are limiting access to the database to employers who can
comply with the Information Commissioner's employment practices code".

Except that the ICO has no responsibility in that area. The ICO's remit includes data protection, privacy and electronic communications, freedom of information (public sector bodies only, not commercial employers), and environmental information regulations. The ICO could issue an enforcement notice if the data subject exercises
his/her right under the Data Protection Act to have false information
corrected, but the ICO has no remit concerning employment practices, and it's therefore hard to see what protection AABC thinks it offers to a dismissed employee disputing an alleged misconduct.

The underlying assumption seems to be that the mere fact of recording stuff in a database somehow overcomes any potential issues about the accuracy or truth of the data recorded, and the shortcomings of whatever governance regime has been put in place. If you talk to the administrator of any sizeable database, the one problem they will almost all own up to is that of data quality. Not scalability, resilience, availability, database design, inflexible reporting or management tools, but simply the amount of stuff in there which is redundant or just plain wrong.

Here's an idea: why not legislate* to make that a mandatory gating factor in every decision to set up yet another database?

*I know this breaks the rule that technologists should not tell policymakers how, whether or when to legislate, but it's at least worth musing about what such a piece of legislation might look like...
 

Because it seems that you should be. Detective Chief Inspector Mick Neville was on the radio on Tuesday morning bemoaning the fact that only 3% of London's street robberies are being solved with the use of CCTV footage. This, despite the often-quoted statistic that the UK in general and London in particular are more densely covered by CCTV cameras than anywhere else on the planet.

He was referring specifically to cameras set up through the joint action of the police (which wants them) and local authorities (which must give approval for their installation).

Det Ch Insp Neville cited two problems in particular: first, he said, cameras were proliferating with insufficient thought as to how they should be used... officers find it boring, for instance, trawling through the video records looking for evidence. Second, the cameras apparently fail to serve as a deterrent because "people aren't afraid of the cameras".

What a picture that paints. It would, in many senses, be disturbing enough if we walked under the CCTV umbrella feeling cosily safe and protected by it. But the idea of living in the shadow of a network of cameras which we fear is altogether more chilling.

I'm guessing Det Ch Insp Neville isn't from the Met's PR section.

As far as one can feel sorry for a group of people who get paid extremely well to do what they passionately love doing, I do feel sorry for Formula One racing drivers at the moment. They are required to be technical, tactical and competitive masters of their trade, to exercise split-second judgement and total commitment, and to do so under extreme conditions. Over the last 40-50 years, what they do has evolved from being the pastime of high-living, four-wheeled fighter-pilot dilettantes to a profession in which their diet, physical regime and PR schedules place them under near-total management, even when they are nowhere near the circuit.

In return, they can sometimes provide us with some of the most gripping sporting contests on the planet, in settings of high drama and glamour. 

It's something of a tragedy, then, that those at the top of the sport's administration have managed to arrange things so that the negative effects of their own actions outweigh the positive contribution made by the drivers.

The massive governance failures of Indianapolis 2005, the extraordinary appointment of a race-specific FIA scrutineer in Brazil 2007 "to make sure McLaren treated both its drivers equally", the constant haggling over financial and actual control over the Silverstone circuit, and so on and so forth.

Last Sunday's news carried another classic piece of F1 management aberration: Bernie Eccelstone is reported as having "upped the pressure on Max Mosley to resign". This in itself is perhaps not surprising, given the nature of the coverage Mr Mosley has attracted in the past few weeks. What seems characteristic of Mr Ecclestone's style is that he has "invited F1 team principals to sign a letter calling for Mosley to stand
down and said he would add his name if they all signed it." So rather than declare his principles and stand up for them, he has set out what he wants, but will not put his name to it unless preceded by all those who are most financially dependent on him. Hurrah for moral fibre.

F1 is often described as a 'media circus' - but the evidence is that it has no need of the media's help.

Today's two most prominent political headlines (away from the primaries, that is) sit strangely beside one another:

Gordon Brown has admitted a "bad and disappointing" election for
Labour, as the party suffered its worst council results in at least 40 years.
"BBC research suggests Labour won 24% of votes cast in England and Wales, behind the Tories on 44% and Lib Dems on 25%.
In total Labour lost 331 councillors and [9 councils including] key councils like Reading."

The long-awaited results of Zimbabwe's presidential poll have been
announced, with the opposition's Morgan Tsvangirai winning 47.9%, forcing a second round.
"Election officials say Mr Tsvangirai beat President Robert Mugabe's 43.2%, but neither candidate passed the 50% threshold for an outright win.
A spokesman for 84-year-old Mr Mugabe says he will stand in a run-off vote."

Everyone I've asked (Zimbabwean ex-pats included) believes that Mr Tsvangirai actually won the first round of the presidential poll outright, and that the published result is only the outcome of concerted behind-the-scenes activity to massage the numbers down to a theoretically workable margin...

Mr Mugabe must be wondering how Gordon Brown can have allowed such an outcome. When his fits of hysterical laughter subside sufficiently, he'll probably phone to suggest that Gordon demands a recount.

Well, I couldn't really let this one go without comment, could I? The outgoing Italian government, in a last-minute fit of transparency, apparently decided that the most constructive thing it could do at this point was to publish all citizens' declared earnings and tax payments via the web.

If I understand the situation correctly, many Italians will see this not so much as a monumental breach of privacy, but more as an indicative league table of who is playing the Italian tax game with the greatest degree of skill and panache.

The soundbite of the story, though, is Deputy Economic Minister Vincenzo Visco's explanation that the practice "already exists around the world. You just have to watch any American soap to see that". True enough. Oh, those hilarious episodes where Grace teases Will mercilessly about his tiny rebate. 

Forgive me, reader, for I have sinned. It has been 11 days since my last promulgation... but a busy 11 days they have been. It all started with a trip to Munich for Kuppinger Cole's ID conference, at which I first ran a half-day Liberty Alliance workshop and then took part in two panel discussions.

The Liberty workshop was an opportunity to assemble just a few of the articulate folks who contribute to the Alliance's work, and have them present case studies (Orange/France Telecom, Deutsche Telekom), thought-pieces ('Why Web 2.0 needs Liberty", "How to get from a Use-case to a Spec", "Dynamic SAML") and highlights from recent adoption and working-group activities ("Findings from the PPEG Privacy Summits", "The Concordia Programme").

I think the audience got a good picture of  an organisation which is mature in in more ways than one: established enough to have formulated its ideas and then put them into practice, successfully and on a massive scale; and wise enough to recognise that solving one set of infrastructure problems often simply makes it possible to address the next set of issues... issues which could not even arise before the first set were successfully dealt with.

My thanks to Conor Cahill (Intel), Philippe Clement (Orange/FT), George Fletcher (AOL), Fulup ar Foll (Sun), Michael Gärtner (Deutsche Telekom) and Patrick Harding (Ping) for presenting (and keeping to time), and to Sampo Kellomäki (Symlabs) for contributing so usefully to the Q&A sessions.

The two panels I took part in were on the multi-faceted topic of "Convergence", and "Putting Context in Privacy". Both were fun to be on, but this latter one was made particularly  enjoyable by the deft moderation of Dave Kearns, who did his best to strike sparks off the various panellists, in an entirely good-humoured way. In between sessions, Dave was mostly to be found in the museum courtyard, one hand enfolding a bottle of Coke and the other animating the discussion of some engaging topic. To my embarrassment, I had to make an untimely exit just before the end of Dave's panel so as to get to the airport on time - next stop, Birmingham.

In Birmingham I was again on a panel, this time at an event hosted by Public Sector Forums - Identity Management, Data Sharing and Information Governance. A fascinating line-up, including the Home Office Minister responsible for ID Cards - Meg Hillier, and representatives from the Identity and Passport Service, Cabinet Office, Dept for Work and Pensions, and a host of local government bodies from all over the UK.

This time the huge thank-you goes to the Public Sector Forums team, particularly Ian Dunmore and Nick Hill, who contributed extraordinarily generously to the Devizes-to-Westminster charity sponsorship appeal. Gentlemen, thank you so much. (Next year, if you can get "http://www.publicsectorforums.co.uk" onto a sticker, we'll put it on the canoe: it should just about fit... lengthways ;^)

Then back in the car again and off to Harwich for a ferry crossing to Holland. I know what you're thinking - Munich, Birmingham, Harwich, Groningen... is there no end to this jet-setting high life? Just how far will I go in pursuit of sybaritic indulgence?

Well, I must confess that while in the Netherlands I went beyond the pale. The Friesian pale, or Fryske Peallen to be precise. There was still evidence of a 14th/15th Century earthwork, the Landweer, separating the neighbouring provinces of Friesland and Drenthe.  I hadn't been to this part of the country before, and the landscape was subtle and captivating - a mixture of smallholdings, waterways and wild, sandy heathland. A link to photos will follow when I have uploaded them.

Where next? Well, work continues on the PPEG Privacy Summit programme; I am writing up the London and Basel summits currently, and planning is under way for the next related events, in Washington DC, Tokyo and Stockholm. We're still learning from every summit, but gradually the focus is evolving to include a greater element of putting our findings into the public domain, testing and refining them and trying to pass the value on to successive communities. It will be fascinating to see whether the current findings and principles apply equally to the Japanese context... watch this space.