Robin Wilton's esoterica

According to the figures reported via this BBC page, UK forces deaths in Iraq and Afghanistan currently stand at 176 and 114 respectively. It's strangely difficult to find figures for injuries as opposed to deaths, but one could expect these to be correspondingly higher. For instance, I understand that in its most recent tour of duty in Afghanistan the 2nd Battalion, Parachute Regiment, alone has sent 50 casualties back for treatment in the UK. (2 Para is one battalion out of nearly 8,000 UK troops currently serving in Afghanistan; another 4,000 are deployed in Iraq, and some 850 in the Balkans; full figures here).

In terms of what awaits injured service personnel when they get back to the UK - the picture is rife with conflicting messages. The chiefs of staff are caught on the horns of the classic dilemma: they want the military to be seen to be doing its best for those injured in service, but politics being what it is, sometimes the best way to get allocated funding is to show how badly it is needed.

By 2002, following a 1990s review of defence spending, 7 out of 8
dedicated military hospitals had been closed down. This may seem
strange, against a background of continuing long-term combat
commitments in the major theatres of Iraq and Afghanistan. The
exception - the Royal Hospital Haslar at Portsmouth, was expected to
stop taking new patients in 2002, but seems to have postponed the
ultimate unplugging of its life-support machine until next year. In this article from January 2007, Gen. Sir Mike Jackson (former head of the Army) expressed his belief that service personnel recover better if they are treated 'in a military environment' and with other military patients.

That prompted a media focus on the treatment of wounded service personnel; this quotation is from a fairly representative story: "Ministry of Defence figures revealed more than 2,100 troops have suffered psychiatric problems after returning from Iraq since 2003.

But many of them are waiting up to 18 months for NHS treatment, a delay branded "scandalous" by Combat Stress, the services mental health charity." (Daily Telegraph, March 2007)

And giving the other side of the story, here's a BBC article from March 2007, in which Gen. Sir Richard Dannatt
defends the military against criticism that wounded service personnel
were receiving poor treatment.

So what's the situation now?

- The Haslar hospital is still expected to close next year.
- For some years, the majority of UK service personnel have been treated in a single "military-managed" ward at Selly Oak Hospital in Birmingham. The ward is shared among military and civilian patients, and treatment is given by NHS and military nursing staff.
- On 4th July 2008 Derek Twigg (Defence Under-Secretary) announced plans to open a 100-bed 'military ward' at Birmingham New Hospital. As with Selly Oak, this will actually be a mixed military-civilian ward, in terms of both staff and patients. If everything runs to schedule, this new ward will not open until 2010 - after the existing unit at Haslar has been shut down.

All of which is a rather complicated way of asking you do do something much more simple. 

If it sounds to you as though injured front-line troops are being used as something of a political football, and if you feel that the issue of their treatment deserves to be reconsidered, please add your name to this petition on the Downing Street website. You must be a UK citizen or resident to vote - so expats are eligible.

Petition to create a dedicated military and veterans' hospital in the UK

The petition is only open until August 18th... so please engage the support of others and send a clear message.

The BBC has a story today reporting on a recent consultation exercise by the UK's Human Genetics Commission (I know, I know - another day, another Commissioner....). The consultation exercise concluded that the DNA profiles of innocent people should not be kept on the database.

A quick look at the HGC's website will reveal a link to comments from members of the public who have visited a travelling exhibition co-produced by the HGC, "Inside DNA - A Genomic Revolution". The 'headline' comment used as the link is that old chestnut "If you've got nothing to hide, you've got nothing to fear". If, like me, you've heard that argument advanced by (or in support of) policy-makers, I can recommend this short paper by Daniel Solove (Professor in the Law Faculty at George Washington University). My thanks to Caspar Bowden for the link. Prof. Solove succinctly argues that the "nothing to hide" position reflects either an over-simplistic understanding of privacy itself, or a misleading portrayal of the risks of having none.

Here's the HGC's own news item about the Inquiry and report, and here's a link to their Summary of  Conclusions... three pages well worth the read.

Among those conclusions, there were a number on which the inquiry was unanimous, including the view that the public is under-informed about the NDNAD and its use, both specifically (for instance, when a suspect is requested to provide a sample) and generally (for instance, when DNA evidence is presented in a court case).

It does seem anomalous that there should be no formal process for informing someone of their rights relating to the taking of a DNA sample, when one thinks of the clear boundaries within which the police must proceed, for example, when arresting someone, taking evidence, or executing a search warrant.

The HGC's Chairman, Sir John Sulston, described the basic issue as being one of clarifying the purpose of the NDNAD. Is it, he wonders, an "identity database" or a "criminal database"? Again, given that UK data protection law is fundamentally based on notions of "purpose of collection" and "purpose of use", isn't it both strange and dangerous that the NDNAD should have been in operation this long with that question still apparently unaddressed?

The inquiry also returned 'majority' conclusions on a number of questions, including the following:

- That the DNA profiles of those not subsequently charged or convicted should not be retained (as is already the case in Scotland);

- That the DNA samples from which those profiles were generated should, likewise, be destroyed if the individual is not subsequently charged or convicted;

- That UK samples and profiles should not be contributed to any international foresnic DNA repository, or be the subject of automatic data-sharing with other countries.

Not unexpectedly, the Home Office representative quoted in the BBC piece expresses a slightly different view, saying that the database has 'revolutionised the way the police protect the public' and giving a number of statistics relating to the NDNAD's use by the police. These related to about 11,500 cases in which 'DNA evidence was used in police investigations' into offences ranging from rape and violent crime to domestic burglaries, but - strangely - not mentioning murder at all.

Perhaps this is just another piece of fallout from Gordon Brown's June speech to the IPPR, which so recently did so much to cast doubt on the statistical basis for quantifying the benefits of the NDNAD as a forensic tool.

The theories I've seen suggest that the first mammals to gain an evolutionary toe-hold in the shadow of the dinosaurs were small, shrew-like creatures... but that homo sapiens only evolved many millennia later from ape-like beings which lived in, and eventually descended from the trees. Now scientists have found a tree-shrew in Malaysia which may cast a rather less flattering light on this evolutionary progression. It seems that the pen-tailed tree-shrew spends the vast majority of its time completely stotious... the worse for drink, to an extent which would render the average human utterly incapable (or, to use the technical term, "hat-racked"). It seems to suffer few, if any ill effects from this disreputable life-style, whereas alcohol is frequently blamed for many of the social and medical ills which afflict the modern human.

Is it not more plausible, then, that humans actually evolved when some subset of tiny, primitive tree-shrews just couldn't hold their booze or their allotted branch, lost their grip completely and didn't descend voluntarily so much as simply fall out of the trees? In other words, we don't represent the culmination of evolutionary improvement at all... we're just the ones who couldn't stand the pace.

Sir James Crosby began his Treasury-commissioned review of the National Identity Scheme (NIS) in September 2006 and delivered the resulting report pretty promptly about a year later. It was then sat on until it could be buried by publishing it just after the copy deadline on the same day as the government announced its own National ID Card Delivery Plan ("Mais, comme c'est bizarre; et quelle coïncidence!"*) in early March 2008.

That delay is now creating the illusion of an almost superhuman work-rate on Sir James' part, as he hits the headlines again today with the publication of his review on how to mitigate the effects of the global 'credit crunch' on the UK economy in general and the mortgage market in particular. One of the options he considers is that the government might guarantee bonds issued to underwrite the lending market (as a whole, rather than individual borrowers). Such a move would, essentially, mean the the taxpayer is ultimately underwriting the commercial mortgage market - albeit indirectly.

One problem Gordon Brown and his successor as Chancellor face is that the taxpayer is already directly underwriting a chunk of the commercial mortage market, in the form of Northern Rock - a state of affairs into which the government was precipitated partly by significant supervisory failures over the preceding decade. They therefore do not have the 'cleaner' option of either direct guarantees to specific institutions in difficulty or indirect under-writing through guaranteed bonds, but must find some way to cater for both. And they must do this without appearing to directly favour one commercial institution over another, or introducing perverse incentives for participants in the market to behave irresponsibly.

That part, though, is the policy-makers' problem, now that Sir James has set out his analysis of the problem.

Now that he's had a crack at the ID Cards system and the credit crunch, I wonder what Sir James will be asked to review next.

I reckon the front-runners are food and fuel prices, or global warming. He can't have the Israeli/Palestinian problem, because Tony bagged that one a year ago, but hasn't actually set foot in Gaza since taking the job.

*Leitmotiv, 'La Cantatrice Chauve', Eugene Ionesco

The BBC reports today that a van containing blank UK passports and visa inserts was commandeered and 24 boxes of documents stolen, about 1/2 mile from the specialist printing works where they were produced. Some 3,000 passports and visa stickers are reckoned to have been stolen. The indications seem to be that this was a specifically-targeted theft.

In itself, this doesn't necessarily represent a massive disaster - though it is certainly embarrassing for the Foreign Office, which was about to distribute the documents to its consulates overseas. After all, the passports still have to be convincingly 'personalised' with laminated photographs and - ideally - valid data on their embedded chips. It is this latter security mechanism which is being cited by Labour's Deputy Leader, Harriet Harman (Gordon Brown being on holiday at the moment), as the main mitigation of risk arising from this breach.

However, it does call to mind the post I wrote on Day One of this blog, describing the way in which the reliability of any credential depends on a whole chain of events, each of which must contribute to the security of the system as a whole. For example, if the process of issuing a passport to a given individual does not do a good job of establishing that the person in question really matches the details being encapsulated in the passport, the reliabiltiy of the credential is undermined. Likewise, if the process of matching the person against the passport when it is presented can be spoofed, then the passport is not really doing its job.

I referred to this series of events as the "chain of trust", each link of which plays a role in preserving the usefulness of the passport as a credential. Exactly the same principle applies here: if the blank documents are not adequately secured throughout the process of their manufacture and distribution, the integrity of the system as a whole is compromised. (I gave a similar example based on blank birth certificates back in early 2006...).

The other lesson to apply in cases like this, I think, is one derived from the work done by the Liberty Alliance ID Theft SIG (Special Interest Group). One of that group's findings was this: when some form of identity theft occurs, the exploitation of that theft for identity-related fraud very often does not take the most obvious form. If a payment card is stolen, yes, the most common fraud committed is to use that card for fraudulent payments... but in the case of other credentials (such as passports and driving licenses), the exploiters tend to get much more creative. As one counter-fraud officer notes in this passport theft incident - the one thing those blank passports are relatively unlikely to be used for is entry into the UK. The question of how they will get used is probably taxing some creative minds right now.

As you have probably noticed by now, this blog is not exactly an out-and-out product evangelism vehicle - though I am not sure whether Sun's product marketing teams regard that as a missed opportunity... or a lucky escape.  ;^)

But then, you also know there are plenty of other Sun bloggers (Pat and Mark, to name but two) who are far better placed than I am to communicate the facts of Sun's Identity Management offerings (as opposed to my vapid pontifications), and who do so with style and enthusiasm.

That said, there are a couple of things which I thought it was at least worth mentioning:

- Identity Manager 8.0 came out last month, updating the Provisioning element of the IDM suite;
- I had a very useful session on Wednesday with Mel Holloway of our Role Manager team, and found out some more about its capabilities in role definition, data-cleansing and the extremely topical area of audit and compliance monitoring;
- The new release of their sibling product, Access Manager 8.0 is due out in September;
- This week, we've also announced OpenSSO Express: the same open source Identity Management and Web Single Sign-on as before, but backed up by an enterprise support programme.

And as you'll have gathered there's also the the Identity Management Buzz blog, which is a great reference source for breaking news about the products.

And now, back to our scheduled programmes.

Over at An Englishman's Castle, I learn that the humble sporran may be caught up in a ban on inhumanely-procured seal-skin.

Ah, the seal-skin sporran. An ideal gift item for the environmental activist in your life. Of course, if they already have one (and who doesn't, let's face it), you could always choose them something else from the Catalogue of Politically Correct Accessories for the Modern Gentleman:

- a seal-skinning knife (with whalebone handle, naturally)
- an ebony puffin club (ivory spike optional)
- a zebra-skin safari hide
- a tiger-pizzle swizzle stick
- a nice pair of dolphin-leather off-road driving gloves

or the simple elegance of a ramin-wood recycling bin - straight from the Sumatran rainforest to your study: guaranteed so fresh that an orang-utan could have been shaken out of it this very week.

WWF Global Network -
for a living planet

Now there's a phrase I never thought I would publish and get away with it... ;^)

If you see this post, it means I've managed to configure the Flock blogging client - though I must confess, it took some help from Mark Dixon (thank you, Mark!).

I am still a long way from exploring all the various things Flock offers, and setting up the features best suited to my online life... but that's the point of it, I guess. One thing I have managed to integrate is the Flickr support, which is pretty smooth. Here's a link to my Flickr page, in case you're interested.

Which reminds me... a few weeks ago Wayne Horkan was kind enough to let me know that my blog isn't rendering very well in some browsers other than Firefox (that's the only one I use, so I thought everything was working OK). I did have a go at trying to sort it out, but without success, I'm afraid (somewhere in there I've done something clumsy to the style-sheet and ended up with a missing "end-tag", I think).

The effect is that if you use IE (and, I think, Opera too), a load of stuff which should appear in the right-hand page margin gets stuck right down at the end, after all the blog posts. My apologies for that. I will either have another crack at fixing it soon or, if I'm feeling brave, experiment with cutting across to another style template.

As Waynetta Slob remarked about her infant daughter's new name: Frogmella. ('Ashtray' was, of course, ruled out "because it's a boy's name!"). And just to prove that there is, in Bertie Wooster's words, no shortage of "rum work pulled at the font", there's news today that a 9-year-old girl in New Zealand has been made a ward of court so that she can legally change the name with which she was originally saddled: "Talula Does The Hula From Hawaii"). Would I kid you?

While some children escaped being legally landed with the names "Fat Boy" or "Fish" and "Chips" (twins), others were not so lucky; among them, "Number 16 Bus Shelter", "Violence" and less fortunate twins "Benson" and "Hedges". Who said romance was dead?

It all reminds me of that great rule-of-thumb for anyone faced with a huge pile of applications for a single job: "pick up the whole pile and throw it at your waste-paper basket. Any that land in the bin, reject immediately - after all, who wants to hire unlucky people?"

To follow on from a couple of recent posts (Sins of Commission and Policy and Technology evolve at different rates), I see that the ECHR (European Court of Human Rights) has ruled against the UK government in a case about phone tapping. Civil Rights campaigners including the UK Liberty group (as opposed to the Liberty Alliance) brought the case in 1999 to complain about the 1985 Interception of Communications Act. It's taken 9 years to get a ruling to the effect that that Act conferred "very wide discretion [...] on the State to intercept and examine" communications, and that this was not balanced by adequate protection against the abuse of those powers.

The interceptions in question related specifically to communication between the UK mainland and Ireland, and were operated by the MoD (Ministry of Defence). The Director of the Irish Council for Civil Liberties said the ruling found that "the UK's relatively sophisticated rules on data interception have failed to prevent unlawful interference with privacy rights".

Since the action was brought, the 1985 Act has been replaced by the 2000 Regulation of Investigatory Powers Act (RIPA), and I believe it was in 1998-99 that the offices of Surveillance Commissioner and Interception of Communications Commissioner were establshed (though if you know better, please leave a comment). I suspect that one response open to the government, then, is simply to maintain that any shortcomings of 1985-1999 have been addressed by the new legislative and regulatory measures put in place between then and now. As I understand it, though, RIPA confers far wider powers than the ICA did... (witness the extent to which RIPA, unlike the ICA, is used not so much to mount surveillance on IRA bomb cells, but to monitor that other offshore menace - people who clam-pick from unauthorised beds...).

At any rate, at that point I started to wonder; has the UK's governance regime for intercepted communications become more, or less 'sophisticated' since that time, and are we more, or less open to unlawful interference with privacy rights than we were then? The privacy and civil rights campaigners seem to wonder the same thing; they are calling for the current rules to be re-examined in the light of the ECHR case.

The Identity Cards Act establishes the role of National Identity Scheme Commissioner. I thought of this as I read today's report that there were over half a million public-sector requests for access to private communications data -  up from an average of fewer than 350,000 in each of the previous two years. The figures were apparently reported by the Interception of Communications Commissioner. For clarity, I should point out that this is not the same as the report by the the Chief Surveillance Commissioner, cricitising the inappropriate use by some councils of powers set out in the Regulation [sic] if Investigatory Powers Act.

There are doubtless a few other Commissioners with views on the subject, yet to emerge from the woodwork. I wonder how they are all going to sort out who oversees what, once the National Identity Scheme actually comes into operation.

It's tempting to suggest the appointment of some kind of 'Information Tsar' to over see them all - but that wouldn't really be appropriate. After all, the Commissars didn't come until after the Tsars had been booted out.

I know the whole 'Japlish signs' thing can be a cheap shot (after all, UK signwriter's [sic] have enough trouble with English, let alone what havoc they must wreak if asked to produce something in kanji) - but I saw this sign for a restaurant in downtown Tokyo and couldn't resist posting it.

To my shame, I did not brave the menu, which was probably a mistake. After all, like a certain brand of peanut butter, "with a name like that, it has to be good".

Here's an interesting new online competition. It comes in the form of the Draft Legislative Programme consultation launched by Harriet Harman - leader of the House of Commons. It runs until August 6th, and it's your opportunity to comment on any or all of the 18 bills proposed for the next parliament. There doesn't seem to be anything in there on energy and food security, climate change, or overseas development (the top three items from the recent G8 Summit ), but what there is covers such large and fundamental topics as:

- interception and aggregation of all your communications data (see previous post)

- equality

- "constitutional renewal"

- NHS reform

- community empowerment, housing and economic regeneration (all one bill...)

- law and order, policing and crime reduction, Geneva conventions

- welfare reform

Strange as it may seem, there was a Welfare Reform Act only last year. I had a look, and it ran to 94 pages, not including the explanatory notes. Which brings me to a further slight snag. On any given bill your considered comments are limited to 500 characters.

I feel I should warn Ms Harman - that may lead to some pretty pithy expressions of opinion.

Security Minister Lord West is reported as saying there is no firm policy position yet on whether the government's proposed Communications Data Bill will establish a database of phone call data, mobile phone location and internet usage. Lord West also pointed out that internet users are currently often unaware of how much data their activities reveal - all the while noting that he was 'unclear' about the legal position of BT's trials of the Phorm user-tracking system. The EU's Information Society and Media Commissioner Viviane Reding seems to be in no such doubt.

What is clear is that technical capability and legislation frequently progress at different rates. It's tempting to think of technology always outstripping the legal machine, but that's not an entirely accurate model. For example, take the EU's bi-annual Ministerial Conference on e-Government. Every two years the participants know they have to come up with something which advances on the previous conference's policy statements and reflects some form of measured progress in implementation. Usually the tension seems to be in that latter goal: it's not so much the technology which lags behind, as the ability to put it into effective use on a continental scale.

Of course, in the case of the Communications Data Bill "effective use" doesn't necessarily mean just making interception of all traffic possible; it means doing so in a way which balances the law enforcement requirement against risks like inappropriate disclosure, abuse of personal or sensitive data, and the longer-term effects on civil liberties (to which, to do him credit, the Information Commissioner Richard Thomas drew attention in his comment on the story). The devil's in the democracy.

The MoD has today admitted to losing a couple of USB sticks a month, averaged over the last 4 years. I don't suppose their stats would be exceptional compared to other organisations of comparable size, though of course they are likely to be held up for specific attention because of the nature of some of the data which might have been on some of those sticks. Nor do the figures distinguish between 'lost' and 'stolen' - and I must admit, I've lost more than one USB stick since I've had the option of using them.

However, it did make me wonder about a couple of things.

First, how hard would it be for a computer to default to encrypting the data written to a USB-attached drive?

Second, given that there is no shortage of USB sticks which offer encryption as an option, why isn't their use more prevalent?

What do you think? From your own experience, what (if anything) inhibits you from encrypting the data when you use a USB stick? (Answers welcome via the comment function).

Let me start the ball rolling with a couple of obvious possible answers:

1 - "duh... if I write something to a USB stick it's because I want to pass it quickly and conveniently to someone else... why would I encrypt that?"

2 - "I don't care... I've never put anything on a USB stick which I considered to be secret - in fact, there isn't even any secret stuff on my computer anyway..."

Over to you...

And do you have something you'd like to say about the plans for a UK National Identity Scheme?

Of course you are, and of course you do. In that case, step this way... the MyLifeMyId site is aimed at you. The site is a Home Office-sponsored online initiative to gather the opinions of 16-25-year-olds as input to the ID Cards strategy.

You may remember that Home Secretary Jacqui Smith has asserted that, as young people have to prove their identity more frequently than anyone else, they are natural candidates for early enrolment into such a scheme.

In doing so, she joined a group including Katherine Courtney and Meg Hillier (Minister responsible for the scheme) in perpetuating a piece of disinformation which really ought to have been eradicated by now from any policy statements on the National Identity Scheme (NIS). Young people are not required to prove their identity much more often than anyone else - they are more frequently required to provide proof of age. (Once that distinction has sunk in, perhaps we could move on to the distinction between telling someone your date of birth, and proving to them that you are over 18... but let's take things steadily).

The registration process for the MyLifeMyId site seems similarly confused. I went through the process just to see what it involved in terms of verification (and disclosure of personal details), but did not complete it, as that would be naughty. I am, after all, outside the target demographic for the exercise. At one point I was asked to indicate the extent to which I agreed/disagreed with the plans for the scheme: this is during the registration process, mind you, not the debate. Underneath the range of answers, in a strangely minute font which I have done my best to reproduce, was the following message:

(Note, your answer will not influence who takes part in the research. We just want to check we have a range of people with different views.)

Hmm. Won't that beceme obvious later on, when the contributor starts to give their opinions?

Actually, according to The Register and a few blogs I've read like this one, the site apparently quickly attracted anti-ID card contributors who took advantage of the discussion fora to denounce it as a shallow propaganda exercise. I understand the site had to be re-started with a number of the early posts 'excised'.  Perhaps the moral is as Thurber put it in his updated version of Little Red Riding Hood: "It is not so easy to fool little girls nowadays as it used to be."

One would hope so. The last thing we want is social networking sites, aimed at the younger age-groups, which create the impression of an age-bounded user group while actually taking no steps to ensure that the older and potentially ill-intentioned user is filtered out.

It seems that a few years ago young Italian man called Danilo Giuffrida was undergoing his medical assessment for military service, and disclosed the fact that he was homosexual. The information was passed on to the ministry of defence and the transport ministry, whereupon the latter apparently revoked his driving licence and insisted that he should re-take his test, as his admission of homosexuality suggested a "sexual identity distrubance". On re-taking (and passing) his test, Signor Giuffrida was given a driving licence, but with just one year's validity rather than the standard ten.

A court has now ruled that the action was discriminatory and breached Signor Giuffrida's constitutional rights, and that homosexuality could not be considered to be a 'mental illness'. He has been awarded €100,000 in damages and the court ruled

Earlier this year, Italy's Prime Minister, Romano Prodi, won a Senate vote to maintain the Italian troop presence in Afghanistan (at a level of around 2,000 personnel). Thank goodness for the court ruling in the Giuffrida case. Otherwise those troops might have begun to wonder why they are being sent all the way to Afghanistan to repel a fundamentalist regime which uses religious doctrine as the basis for discriminatory and oppressive behaviour.

In June 1940, the German invasion of France left the country and its political structure split in two. The country was divided into a German region, encompassing the North, West, Paris and the Atlantic coastline, and a French region with an administrative centre in the spa resort of Vichy. The political structure came to consist of those who felt it was better to fight on, albeit in exile (the "Free French") and those who made the more expedient decision to retain some fragile level of power and personal security by staying on under German occupation (the Vichy Government). Presumably they calculated that, even with a ruthless military occupying force, it was better to share the tent and pee out than to risk standing outside the tent peeing in.

I found one of those silicon 'charity bracelets'in the bathroom today. It had come as a freebie with some cosmetic products, obviously seeking to advertise on the back of the 'coloured bracelet' phenomenon.

On it, the embossed words read "Vichy - Protect Your Skin". "Plus ça change"...

Under the possible heading of "YAROPI" (Yet Another Report On Personal Information), the Ministry of Justice report on Data Sharing was published today. However, it certainly should not be written off just because so many other PII-related reports and reviews have come out recently. (In fact, the alternative "Moore's Law" might lead us to pay particular attention to it on that basis alone).

The report itself is only part of the output you can get to via the MiniJust link; you will also find copies of all the submissions sent in to the review team (by organisations and individual citizens), and summaries of the consultative workshops they conducted to get input in person. There is a mass of data there, and the review's independent authors (Information Commissioner Richard Thomas and Dr Mark Walport - Director of the Wellcome Trust) have done an amazing job of digesting it, setting out their findings and making 19 recommendations.

A black mark, by the way, to whichever sub-editor at the BBC allowed this slug to be left in the lettuce:

"The review, headed up by Information Commissioner Richard Thomas and Wellcome Trust director Dr Mark Walport, was commissioned a week before HM Revenue and Customs lost two discs containing personal details of 25 million people."

Presumably the journalist who wrote that piece works "out of" the BBC (rather than working in or for it), gives an implausible "110%", and does so "at the end of the day" (rather than during or throughout it). He or she also doubtless expects to be paid a salary rather than working "for free". C- , See Me. 

But enough of that... back to the Data Sharing review.

Here's the summary of the "Technology" subsection:

"In summary, it is clear that computerised technology for the processing of personal data brings with it opportunities and risks, and a whole set of new challenges. In our view, however, one principle stands out most clearly: information sharing should be facilitated by technology, not driven by it. The tail should not be allowed to wag the dog. The fact that technology allows more information to be collected about more people does not mean that more information should be collected. Just because something is possible does not mean that we should rush to do it. Benefits can be pursued from collecting personal information and using it appropriately, but there must be an equal focus on safeguards."

I lead by quoting that in full, because it neatly encapsulates the report's view of the role of technology relative to the other mitigators of risk relating to data sharing. The Executive Summary is crystal clear: the principal issues concerning data sharing are ones of culture, legal framework and regulation, with further specific reference to the treatment of statistical and research data, and publicly-accessible personal information.

Technology does not appear in any of the 19 recommendations.

Thankfully, I think this mirrors Sun's view of the role of technologists and technology in questions such as these. It's not our role to tell legislators how or when to legislate. There's a valid role for technologists in advising on best practice, but that is something which needs to flow from policy statements such as this report, rather than from vendor companies promising that more technology is the answer.

The 'technology' summary paragraph also neatly reflects a message which my colleague Fulup ar Foll uses to great effect: "nowadays, the treatment of personal data is no longer a question of what is possible, but one of what is acceptable".

There are a number of ways in which that acceptability can be assessed, and enhanced or degraded. The technology summary mentions the balance between what is possible and the appropriate safeguards. At least equal attention needs to be devoted to the balance between what is beneficial and what is risky; what is cheap or expedient and what is respectful of the citizen's informational self-determination.

Let's hope the Walport/Thomas review comes to be seen as a major step towards putting those principles into practice.

What a great take on the same ICO 'data protection review' story I have just blogged about. And far better one-liners, too:

"RAND Corporation ... a US think tank with a name as shady as Darth Vader's boot-polish"

But it also chillingly cites DHS Chief Michael Chertoff's speech to the European Parliament last year:

'[T]he Anglo-Saxon legal principle that "it is better that a thousand guilty go unpunished lest one innocent man be wrongly punished" might be outmoded."'

Hmm. I don't know which I find more troubling: the shameless argument by false opposition, or the underlying assault on the principle.

This one's for Patrick... a 'blog buddy' who I finally got the chance to meet face to face this week in Stockholm. Patrick, thanks for the great conversation; keep blogging, and I wish you every success in your new role with Mozilla.

The UK's Information Commissioner, Richard Thomas, has instigated a study of current EU Data Protection law to look for ways of bringing it up to date. The case for doing so is pretty strong; after all, the EU Data Protection Directive has its roots in a set of OECD principles which were set out in 1980. Here's a short historical detour:

I don't have a Facebook or Myspace page.

I published a profile on LinkedIn in 2004.

I didn't set up my own web page until 2001.

I first used Google in 1999.

In the early 90s the read-only web started to impinge on my (working) life. Later than some, I know, but I was deep inside IBM at the time, where the corporate intranet was a big enough ecosystem to satisfy most informational demands.

In 1985 I started to use a network-attached (3270) terminal, send emails and instant messages on an intranet; tin the early 90s it was dial-up modem access from home (but still only to the same email system).

From 1980 to 1984 I had occasional dealings with a Sinclair Spectrum and a couple of word processors (remember those?), and it wasn't until I started work in 1984 that my life began to involve regular daily access to a personal computer.

In 1982, the nearest (Barclays) ATM did not have a digital display; it had a mechanical belt with the UI messages printed on it: the belt rolled around to the appropriate points as you progressed through the transaction.

In 1980 my own experience of computing devices was limited to a slide rule, a Commodore calculator, and games of Star Trek on the school's Digital machine (two 8-inch floppy disk drives, one for the OS, one for the games programmes). I only mention this to put into context the idea that, at the same time, someone was formulating principles for the privacy of personal data: principles which are still the basis of most data protection law today.

At that time, the idea that storage, communication and publication of my personal information had anything to do with computers would have seemed esoteric. It certainly would have had none of the resonance it has today, when the mere act of walking down a UK high street or submitting an internet search query can leave an indelible digital footprint, where mass volumes of data can be correlated on any laptop, and where an individual ISP user can be identified and physically located just by analysing their search history.

Current data protection principles have little or nothing to say about those concepts. Indeed, current data protection principles seem to start to run into boggy ground when the ideas of anonymity and pseudonymity are introduced: for instance, if a user's real identity is obfuscated through the use of a Liberty Alliance-style "opaque handle", does that opaque handle constitute 'personally identifiable information'? In other words, some of the innovations which have been introduced over the last 5-6 years, specifically to help protect users' privacy, themselves start to challenge the adequacy of the original principles sketched out all those years ago by the OECD.

That does argue for change - but with a 28-year lifespan to beat, anyone revising the principles has a pretty high bar to clear.

At the other end of the time-scale, the assistant information commissioner, Jonathan Bamford, spoke recently at a Kable event to warn that privacy needs to be a core component of government ID architectures from the outset. "Public confidence, like personal privacy, is almost impossible to recover once you have lost it", he says.

I would be happier with that assertion if I had not also heard Jonathan speak, a number of times over the past year, on the subject of an ICO strategy 'based on the principle of enabling data sharing'. If that is your key message for several months, then changing to a message of 'designing personal privacy in from the outset' is a tough switch to pull off without losing a lot of credibility.

If privacy really is such a key principle, might it not be better to have been setting out a strategy described in terms of 'data minimisation', 'data ephemerisation' and 'minimal disclosure', rather than 'enabling organisations to share data more effectively'? A change of core public messaging like this, with respect, communicates uncertainty about the relative importance of the underlying principles.

That's crucial in the present context. If the ICO is going to consider overhauling the OECD principles, it needs to do so with an eye to timescales of 28 years, not 28 weeks.

One of the other nominees in the ComputerWeekly.com blog awards which I mentioned last week was Philip Virgo of EURIM... though, as a ComputerWeekly-hosted contributor he's not eligible to progress beyond nomination :^(

Philip's latest post, here ("How do we rebuild trust in the online world?"), does a great job of looking across the wide range of government-related documents I referred to in last Thursday's post, and draws the conclusion that it's no longer any good just maintaining a narrow focus on information security. It's time for the harder bit - principles of information assurance and information governance need to be put into practice across the board.

With that in mind, the recent publication by the Liberty Alliance of the public draft on its Identity Assurance Framework and the Identity Governance Framework released a year ago can only increase in relevance. The Identity Governance Framework allows organisations to set their information management processes in the context of applicable legislative control (such as the European Data Protection Directive, Sarbanes Oxley, HIPAA and the like). The Identity Assurance Framework is there to establish a set of baseline policies, business rules, and commercial terms against which any identity assurance services - whether in the commercial or public sector - can be assessed.

The Liberty e-Government SIG is also in play, well placed to ensure that these frameworks cater adequately for the specific needs of public sector organisations.

Back in 2002, when the World Cup finals were held in the Far East,  I happened to have a Japanese pen-pal - a very refined lady who was a teacher of the tea-ceremony. I was, frankly, appalled at the prospect of her being exposed to one of Britain's least appealing exports, the Eng-er-lund Football Supporter. As it happens, I need not have been too concerned; apparently the Japanese football and tourist authorities acted with jujitsu-like subtlety and assigned teams of school-children to guide the fans around Tokyo... reasoning that this would put an effective break on any too-loutish behaviour.

I see from the news today that there have been some initial protests ahead of the G8 summit in Toyako. Though the details are a little sketchy as to where the protesters are from and what their objectives are - though there's mention of Japanese farmers, Oxfam, global warming and food prices.

Hokkaido's sense of pride at hosting the Summit was evident back in October of last year when I saw this countdown clock in the gardens of the Akarengo (Red Brick) former Government offices. The clock is about 6ft by 8ft, in the form of a laminated wooden outline of Hokkaido island.

The news story mentions that some visitors, including journalists, activists and academics have been extensively questioned about the reason for their visit on arrival in Japan. (I wonder... when activists are filling in their immigration forms, do they put "Profession: Activist"?).

As it happens, when I arrived at Sapporo's New Chitose airport a month ago, I had gone through the terminal building and was already on the escalator down to the railway station when I felt a polite touch on my sleeve. Turning round, I saw a rather flustered young man in a smart blazer, who flashed a police-style badge at me and asked if he could trouble me with a few questions.

Unfortunately his English was only marginally less non-existent than my Japanese. This became obvious when, after a couple of freestyle questions about my reasons for visiting Hokkaido (which I thought went really well, mutually...), he fished out a booklet, presumably entitled "72 polite ways to question a possible terrorist" and read out a few random questions from it, several of which we had already covered, I thought, quite satisfactorily. Still, he had probably been instructe dto give the booklet a go, so give it a go we did.

It was all quite friendly and a little nervous - a bit like asking someone to dance at your first school disco. We parted on good terms. I'm not sure how reassuring this will be, though, to any G8 leaders who are regular readers of this blog..  ;^)

Down in the station there was further evidence of the civic welcome:

Downtown, even though the Summit itself is being held at a secludable resort some distance away, a lot of tidying-up was going on... not that downtown Sapporo particularly needs tidying up, in my limited experience. There were also posters which I assume carry a "See something, say something" message, featuring a policeman who is significantly sterner than my airport security friend, and terrorists who appear to take the form of diabolical blackcurrant Jelly Babies:

And the countdown clock was still doing its thing:

I wouldn't dispute for a moment that the G8 leaders have a lot of things they urgently need to sort out. Japan is far from the only country in this position, but it is faced by the problems associated with an aging demographic, very low birth-rate, heavy dependence on food imports, and of course the presence of China as a massive, fast-growing neighbour hungry for resources and energy. That said, I can't help feelign the only real result of any major protests in and around Sapporo would simply be deep embarrassment for the residents. Let's hope that the protesters and the law enforcers manage to come up with some creative options on both sides, so that any protests are effective and conflict-free.

Happy July 4th. ... it seems fitting that the UK may be about to try and take a small step towards independence from the US, at least as far as Google is concerned. There's news today that Privacy International may refer Google to the UK Information Commissioner's Office over concerns about privacy violation, as Google apparently starts the process of photographing street frontages to add to its "Street View" service. PI reckon that, because Street View is a commercial service, the publication of people's faces without their consent is likely to violate UK law.

I mention this not in order to have a crack at Google - though I do think that, as a global corporation, they might do a better job of catering visibly for national differences in privacy law -  but because it touches on two issues which crop up fairly frequently in this blog:

- the nature and scope of 'personally identifiable information' and

- the effective regulation of passive data capture (notably, CCTV and other image capture technologies).

Here and here are a couple of previous posts on the topic. The first considers some of the weaknesses in the UK's current laws on the topic, and the other looks at the issue of how service providers can possibly cope, if significant numbers of people decide to exercise their privacy rights and request their images to be removed.

That's something the folks at Google might want to bear in mind.

As part of the ongoing legal punch-up between Viacom (MTV, Paramount pitcures) and Google (YouTube) over allegations of copyright infringement, a US court has ruled that Google must disclose the usernames, IP addresses and viewing histories of all its users.

This seems a strange move on the face of it; surely all that's needed is a list of the history entries which relate to Viacom's copyright material... not the associated user-name. After all, what Viacom appears to be after is Google's money, rather than royalties from the users themselves.

Both the EFF (Electronic Frontier Foundation)  and Simon Davies of the LSE have commented via this BBC article, noting that this has been a privacy disaster waiting to happen for a while now...

"Leading privacy expert Simon Davies told BBC News that the privacy of millions of YouTube users was threatened:

"The chickens have come home to roost for Google.

"Their arrogance and refusal to listen to friendly advice has resulted in the privacy of tens of millions being placed under threat."

Mr Davies said privacy campaigners had warned Google for years that IP addresses were personally identifiable information.

Google pledged last year to anonymise IP addresses for search information but it has said nothing about YouTube data.

Mr Davies said: "Governments and organisations are realising that companies like Google have a warehouse full of data. And while that data is stored it is under threat of being used and putting privacy in danger."

The EFF said: "The Court's erroneous ruling is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube.

"We urge Viacom to back off this overbroad request and Google to take all steps necessary to challenge this order and protect the rights of its users."

The body said the ruling was also potentially unlawful because the log data did contain personally identifiable data.

The court also ruled that Google disclose to Viacom the details of all videos that have been removed from the site for any reason."

I suppose, from the point of view of the average user, three questions are appropriate:

1. Once this disclosure has happened, what adverse effects should users look out for, and what should they do about it?
   
2. Will this actually prompt any users to change their YouTube viewing habits? I would guess not: if the content is posted, people will watch it... believing the whole copyright question to be Someone Else's Problem.
   
3. What's the position of those users who allegedly uploaded the copyright material in question?

Last week I blogged about the release of the highly critical Poynter Report into the HMRC data breach;what I didn't also blog at the time was the localised blizzard of other public-sector-data-custody-related reports which, fortuitously, just happened to be released at the same time.

- The Coleman Report (Nick Coleman, formerly of IBM), Cabinet Office-commissioned report on Government Information Assurance - 31 pages;

- Sir Edmund Burton's (MoD) report into the loss of 600,000 personal records on a laptop in January 2008 - 76 pages;

- IPCC (Independent Police Complaints Commission) report into the HMRC data breach - 61 pages.

The timing of their release means that all these can be conveniently offset against the publication of:  

- Sir Gus O'Donnell's long-anticipated report into Government Data-Handling - 46 pages.

The web page for this report also has a link to a document which sets out "mandatory minimum measures" for improved data-handling and access control, here. It relates only to central government departments and agencies. Regrettably, this linked document is missing some useful things - such as a title page, author, date, document reference number, index, table of contents, overview or summary of recommendations... but the contents themselves look interesting, so in the interests of public service, here's what the Table of Contents would have contained:

Document Title: Cross Government Actions: Mandatory Minimum Measures

Section 1 - Process measures to manage information risk

Section 2 - Specific minimum measures to protect personal information

Section 3 - Minimum scope of protected personal data

Annex - external access by impact/eGIF level

This last part, the Annex, sets out a matrix classifying kinds of data (from 'public domain' up to 'violent/sex offender and witness protection information') and sets out the network and terminal access which is to be allowed for each classification.

It all looks commendable, but I wonder if the technical and procedural implementation work can succeed in "delivering against the vision", as they say.

It sounds expensive... which will doubtless raise the question: is this expenditure paying off in a way which is visible to the voter and quantifiable to the government? If not, it will be interesting to see how long the resolve to continue funding it persists.

Eek.

It seems someone over at ComputerWeekly.com has been reading my blog (though not just mine, it has to be said). Apparently 'esoterica' has been included in the 2008 IT blog award nominees, which is somehow flattering, encouraging and scary all at once. I've been put in the "IT law and governance" category, which means I'm up against lawyers and other people who really know what they're talking about.

So, first things first: all the nominees were chosen by ComputerWeekly readers, so a huge thank you to all of them for taking the trouble. To me, that feels like a 'win' in itself.

Here's the ComputerWeekly page where you can get full listings of the categories and nominees. At the bottom of that page there's a set of drop-down boxes where you can cast your votes.

Actually, whether or not anyone votes for this blog is secondary; what's more important is to be aware of the huge depth and breadth of experienced comment in the area of digital identity and privacy - so here are some of the other blogs which should definitely be on your reading list:

- Dave Birch (Consult Hyperion, Digital Identity Forum) - IT Security category

- Jerry Fishenden (NTO, Microsoft UK) - IT Law and Governance category

- Tom Ilube (Garlik CEO) - IT Lifestyle category

- Guy Bunker (Symantec) - IT Security category