Robin Wilton's esoterica

It may sound like a modern version of "rock, paper, scissors" - but actually it was just the shortest way I could come up with to express some strange anomalies in the way data breaches are handled. There's news today that a civil servant who left two classified documents on a train is to be charged under the Official Secrets Act.

According to this BBC article, the official concerned will be charged under Clause 8 (1), which runs as follows:

(1) Where a Crown servant or government contractor, by virtue of his position as such, has in his possession or under his control any document or other article which it would be an offence under any of the foregoing provisions of this Act for him to disclose without lawful authority he is guilty of an offence if—

(a) being a Crown servant, he retains the document or article contrary to his official duty; or

(b) being a government contractor, he fails to comply with an official direction for the return or disposal of the document or article,

or if he fails to take such care to prevent the unauthorised disclosure of the document or article as a person in his position may reasonably be expected to take.

In other words, leaving classified documents on a train is care-less. And that's official. The penalty for a guilty verdict under Clause 8.1 is summary conviction and a sentence not exceeding three months, or a fine. Incidentally, it looks as though the Official Secrets Act 1989 is now less strict in some respects than the current law in force. Clause 11 says that offences under Clause 8.1 are not arrestable offences; but I believe that the current government has since legislated to make all offences arrestable ones. As you will probably recall from previous posts, one side-effect of being nicked for an arrestable offence is that you can be required to contribute a DNA sample to the National DNA Database.

As it happens, the documents in this instance were apparently handed to the BBC by whoever found them, and thence to the police, who presumably returned them to the department in question. It's interesting, then, that under Clause 8.1 of the Act, there's no mention of presumed or actual damage - only of 'poor care-taking'. OK - you may say - as the BBC and the police can be considered unlikely to have passed copies to Al Qaeda, there may have been no actual damage. However, for a disclosure to be considered 'damaging' and therefore an offence under the Act, it is not necessary to prove actual damage.

According to Clause 1 (4) (b), a disclosure of information is damaging if "it is of information or a document or other article which is such that its unauthorised disclosure would be likely to cause such damage".

And there we come to the nub of it; despite public sector data breaches having hit the headlines with alarming frequency over the last couple of years, this is the first time I can remember the OSA being applied. Clause 5 is the interesting one here. Its title is "Information resulting from unauthorised disclosures or entrusted in confidence", and it runs:

"(1) Subsection (2) below applies where—

(a) any information, document or other article protected against disclosure by the foregoing provisions of this Act has come into a person’s possession as a result of having been—

(i) disclosed (whether to him or another) by a Crown servant or government contractor without lawful authority; or

(ii) entrusted to him by a Crown servant or government contractor on terms requiring it to be held in confidence or in circumstances in which the Crown servant or government contractor could reasonably expect that it would be so held;"

Given that this would seem to make the OSA applicable to a number of recent public sector data breaches, one has to wonder why it is only in the case of a classified paper document that it has been applied, and not in cases of the inappropriate disclosure of digital data.

A few decades ago, I was in the market for some cheap formal-wear. Thanks to some diligent, semi-random searching, I managed to find a morning tail-coat which was a perfect fit. For some reason, though, the same outfitter was quite unable to furnish me with trousers to match.

Admittedly, there was a tangled heap of remaindered trousers in the same closing down sale, but bizarrely, the remaindered coats and remaindered jackets seemed to cater for quite different body types. Search as I might, most of the trousers I unearthed seemed to cater for a 48-inch waist and a 24-inch inside leg. Not my ideal in any respect, I'm afraid... this blog isn't called 'racingsnake' for nothing.

Anyway, all this was brought to mind by the news that Mr and Mrs Brown have decided to donate their 'conference outfits' to charity. It's an interesting bit of spin. Time was, in the Blair era, when Labour were castigated for inordinate electioneering expenses on frivolities like hairdressing and designer suits. The problem is, it just doesn't seem credible to claim that Gordon has done the same. If he has, and what's on offer is a one-off Paul Smith suit, that tells us something about this gesture. On the other hand, if he's been prudent and frugal, as one might expect, then is the donation of an off-the-peg two-piece quite that big a deal?

In the 15th centiry they had a name for this... Morton's Fork.

I'm able to catch some of the US pre-election news nearly real-time at the moment, and am captivated by some of the moves in what can only sensibly be described as a game. For instance, in the last 24 hours...

In response to the financial crisis, Sen. John McCain announces that he's suspending his campaign so as to be able to drop everything, fly to Washington and weigh in on the most pressing current issue. An opponent notes somewhat sourly that Sen. McCain hasn't voted on anything in Congress since April this year.

Barack Obama makes a couple of observations - first, that past of the art of being president is to be able to deal with more than one thing at a time... Second, that introducing presidential [candidate] politics into a crisis such as this is apt to cause more trouble than it fixes. (In the meantime, acceptance of the proposed $700 billion bail-out seems to be on, then off again, on a daily basis).

Subjectively, McCain is looking more rattled; first the slightly unsubtle showboating about "this is so serious I'm going to drop everything and head for DC... so have a pre-election debate if you want, but I may not be there". For goodness' sake - you're not the president... you're (currently) only one senator. Legislate, or campaign... prioritise! And second, quite simply, what is going on with his left eyelid when he's being interviewed on TV? I fear for the man's health... it so often looks as though he's about to succumb to a stroke. Twenty years ago they would probably have been asking "Is this the man whose finger we want on the button?"

I got the chance this lunchtime to leaf through today's copy of the Palo Alto Daily News, and spotted this great paragraph from their article about the proposals to pump $700bn into the American financial system:

"The FBI is looking at potential fraud by mortgage giants Fannie Mae and Freddie Mac, Lehman Brothers Holdings Inc. and insurer American International Group Inc." said two officials, speaking on condition of anonymity because of the sensitivity of the investigations.

I just loved the implication that the overriding concern here was that we should not know who it was that was disclosing (to the congressional hearing on the proposals) that the FBI was conducting an investigation. I mean, it's kind of on the public record already that the financial institutions have messed up, and presumably if the FBI turn up and start asking questions, they admit that that's who they are...

The next sentence in the article was a winner too, in its own way:

"The inquiries, still in preliminary stages, will focus on the financial institutions and the people who ran them, one senior law enforcement official said."

No kidding.

There's always been a steady cultural flow from the US to the UK, whether it's been political (monetarism, market economics), gastronomic (fast food), televisual (soaps, movies) or whatever. One of the US trends which hasn't really made it to the UK yet is the practice of women concatenating their maiden name and their husband's family name (Hillary Rodham Clinton being one such example). An illustrative UK example might be Cherie Blair - whose Wikipedia entry describes as being 'known professionally as Cherie Booth'. She has retained her maiden name in the professional role she established before marrying.

I see from today's edition of USA Today (3A - "Name controversy halts ballot printing") that the name of Mardi Anne Levey - a would-be election candidate in Broward County, Florida, is at the heart of a procedural wrangle over the distribution of ballot papers. Apparently, not wanting to run for election "on the coattails" of her husband Dale Cohen (a Broward Circuit Judge), Levey wanted to use her maiden name on the ballot papers. Another judge, however, ruled that this violated election law.

In the UK, as far as I know, you can stand for election using any name you want (as long as the use of that name is not fraudulent or done to escape prosecution; there's probably an obscenity clause as well...). It's a practice much used by Screaming Lord Sutch and the Official Monster Raving Loony Party which he founded in the 60s. For instance, here's the archive of some of the characters who have stood for election on the OMRLP ticket, including Bananaman, Mad Cow-Girl and Mr R.U.Seerius.

Back in July, I was in Stockholm to take part in the Liberty Alliance plenary meetings and to run the 7th of our series of Privacy Summits. Travelling in and out of town on the tunnelbana (metro) it was hard not to spot the following distinctive advertising hoardings:

The rightmost poster, if you'll forgive a slightly loose translation, reads: "Stockholm is celebrating the condom. Will you come too?" [ahem]

One of the most damning things a teacher can write on a piece of work, I always reckon, is the infamous "B minus: could do better"... with all it implies of latent ability and lack of application. I'm not sure Gordon Brown's current approval ratings would even qualify him for a B, frankly, but nevertheless he has used the Labour Party Conference to promise that he 'will do better'.

He also hailed Labour as being a 'pro-business, pro-market' party, while simultaneously praising last week's decision to impose a ban on the short-selling of falling stocks (and thus removing one way in which the market self-regulates by adjusting valuations).

According to this BBC article about an interview with Andrew Marr, he also criticised City of London financial institutions for 'irresponsibility', saying that current problems had 'come out of America'. If what he was referring to is over-exposure to bad housing debt because of the sub-prime mortgage problem, it's a bit rich to be blaming the financial institutions as opposed to, say, any regulatory regime which allows them to accumulate such an over-exposure.

But of course, criticising the regulatory regime would be tantamount to admitting that his own tenure as Chancellor had been less than prudent.

He also announced that he is considering imposing limits on City bonuses; again, hardly a pro-market move on the face of it. After all, if those risks damage the institutions in question, the practice will quite quickly self-correct. Mr Brown is apparently of the view that offering large bonuses encourages excessive risk-taking tilted too heavily towards the short term. As a taxpayer whose prudent, long-term retirement plans have been undermined by Mr Brown's raid on pension funds, and a decade of inexorable indirect tax increases, I find that hard to swallow.

Headline news in Norway today concerns the country's first major public sector data breach. Apparently eight major newspapers were sent tax information by the Tax Authority (this information is, I'm told, intended to be in the public domain) - but accidentally included was a full list of Norwegian taxpayers' National Identity Numbers (personnumrene). The Norwegian NI Number happens to incorporate the citizen's gender and date of birth.

According to the story on the Dagbladet website, the leaked data would be quite enough, say, to order a mobile phone over the internet using someone else's identity.

I'm told that the Tax Authority's spokesman said: "This was a new service, and something went wrong.  We have never had an incident like this."

As regular readers will know, I've written several times before about the UK's National DNA Database (NDNAD... I wonder if that is correctly pronounced "nid-nad"...). In previous posts, I have been mainly concerned about the practice of retaining DNA profiles and samples even if the individual concerned is subsequently not found guilty of anything, or not even charged with an offence.

However, this small but gem-like piece on the Kable website points to two more areas of concern.

First, the more the database grows, the greater the costs associated with it. Even separating the NDNAD's running costs from those associated with the forensic service in general will not hide the increases for long, as the ramp-up in sampling and profiling generates the need for more and more accredited commercial forensic labs. Accreditation and monitoring represent an ongoing cost (as the Pirbright lab experience showed all too clearly).

Second, and, in my view, just as fundamental: is the database actually fit for purpose? Bear in mind what we're told about biometrics in general and DNA in particular: that they are the only way to ensure that each individual is uniquely identified by a one-to-one match between the person and the corresponding record in the database.

And yet, according to the Kable piece, the Home Office's own estimate is that in fact, the NDNAD achieves this only with a level of about 85% reliability. In an estimated one case in six, there is a duplicate record on the database despite the use of DNA as the identifying biometric.

This week's major privacy headline comes to us courtesy of the Littlehampton Gazette. Now there's a sentence you don't see very often.

There have been two articles recently in the Gazette, reporting on the local (Arun) Council's determined stand against some of the more objectionable aspects of the Audit Commission's National Fraud Initiative. You may remember that I observed, nearly two years ago, that their policy achieved the remarkable double of being both discriminatory and a 'fishing' exercise: they insist on being sent the banking details of all local authority employees (while not imposing the same requirement on other public sector groups such as services personnel, central government civil servants, and so on).

Arun Council apparently got the details straight from the horse's mouth, when the director of the NFI, Peter Yetzes, explained to them that the measure was justified because "everyone has the potential to commit fraud". The head of Arun's audit committee, councillor Barbara Oakley, described this as "an insult to the decent, hard working staff in the fire service, local government and the NHS who are all now regarded by him as potential fraudsters".

Gordon Brown has been wondering, lately, how to 'celebrate Britishness'. How about re-instating the presumption of innocence?

Gordon Brown seems to be locked into some kind of strange competition to see whether he or Lehman Bros. can lay people off faster. So far, since Saturday, he's got rid of Siobhan McDonagh (an assistant government whip), Joan Ryan (Labour Party vice-chairman), and Barry Gardiner (Prime Minister's special Envoy on Forestry). All were openly calling for a leadership contest to either confirm Mr Brown's tenure or replace him.

When I checked the headlines this morning (5 hours ago), one of them said "Downing Street sources say [Scotland Office] minister David Cairns has not told them that he has any intention of resigning". By 3:15 the Beeb had had to spike that story and replace it with one announcing the acceptance of Mr Cairns' resignation.

They say a week's a long time in politics. This one still has another four days to run...

There's an animated discussion going on at the moment about EU proposals to include IP addresses in the category of "personal data". This piece by Wendy Grossman is as good a summary as any. In that context, this article on the CNET site is also interesting. It concerns ITU plans to implement an 'IP Address Traceback' function in the telecomms infrastructure.

Reading the CNET article, one might be forgiven for concluding that the whole thing was a dastardly plan dreamt up by the Chinese government as a way of regulating/suppressing use of the internet in their jurisdiction. However, probing a little further, I followed the link to one of the ITU's supporting documents, drafted by Tony Rutkowski of Verisign; in that short paper, which you can read here on the ITU website, he notes that in both the EU and the US, legislation has already been introduced which lays the foundations for requiring traceability of the origin of an online communications session.

That said, it's interesting to see the list of editors assigned to work on this for the ITU: the team of five includes representatives from China, Korea, Japan, and two from the US: Gregg Schudel from Cisco and Dick Brackney from the US DoD. I don't think I would be mis-representing Dick if I said his reputation is as something of a hawk in the security/privacy field; if you search, you will more often find his name followed by the letters NSA than DoD.

As far as the NSA is concerned, the CNET article has this to say:

It's not surprising, then, that the CNET article concludes with this expression of concern from Marc Rotenberg of EPIC:

"When NSA takes the lead on standard-setting, you have to ask yourself how much is about security and how much is about surveillance," said the Electronic Privacy Information Center's Rotenberg. "You would think (the ITU) would be a little more sensitive to spying on Internet users with the cooperation of the NSA and the Chinese government."

A couple of weeks ago I blogged about the reported loss of personal data on a memory stick at PA Consulting. At the time, the Home Secretary unhesitatingly blamed PA for failing to process the data according to the terms of the agreement in place with them. The next step is reported today, as she has apparently cancelled the contract for the work PA were doing.

In one sense, I suppose it is commendable that data breaches are being taken seriously and that there are consequences when something goes wrong. On the other hand, there are some questions which the available reports leave unanswered...

For example, I have to wonder exactly how it became apparent that the data had been lost. Imagine you have been sent, say, a spreadsheet (NB - I have no information about what actually happened in the PA case... this is purely hypothetical), and you open it on your PC/laptop to work on it. You finish whatever it is you needed to do, and save the file.

I know in a lot of organisations, the default (and in some organisations the only) option would be that the file is saved on a server. In others the user would have the option of saving to disk or to removable media.

Now imagine you have saved the file to a USB stick, and you then delete the original (from email, server, temp file or wherever). Then you lose the stick. Hmm. Tricky. You might have to go back to the originator and admit that you've lost the file... and you would look a bit of a plonker.

On the other hand, imagine that the copy you wrote to the USB stick was only a backup... the original is still in your inbox as an email attachment, or on the server, or wherever. Under those circumstances, losing the USB stick, being aware that you had lost it, and owning up to having done so would look rather different. Indeed, it would suggest really quite good processes for tracking assets and for reporting their loss (despite the initial cock-up of losing the stick in question).

As I say, this is all entirely hypothetical. I have no idea which (if either) was the case at PA, where I bet some unfortunate people are having a pretty miserable time of it.

Well, the world hasn't been sucked inside out... yet. The Large Hadron Collider at CERN was finally switched on today for its first full-circuit test, though as it was just to fire a clump of protons in one direction, the experiment hasn't yet reached the stage where the much-feared "micro black hole" could theoretically appear and devour us all. Which is nice.

The BBC article on the subject hints at amazing powers on the part of Lyn Evans, the project leader. Apparently, shortly after the switch was flicked, Lyn remarked "There it is" as the proton beam completed its first lap. Wow. According to the same article, the proton beam ultimately goes round the circuit in about 1/11,000 of a second - so my initial thought was that Lyn must have amazingly fast reflexes.

Then I looked into it a little further on the excellent LHC Outreach site, here, and found this handy description of the various stages which would precede a full circuit of the collider:

How long does it take for a proton to go from zero to 14 TeV ?

When a proton leaves the source, it crosses the linac and reaches the PSB in a few microseconds. In the PSB it is accelerated from 50 MeV to 1.4 GeV in 530 ms, then after less than a microsecond it is injected in the PS where it can either:
- be accelerated/manipulated/extracted in 1025 ms
- or wait for 1.2 more seconds before being accelerated, if it's part of the first PSB batch to the PS.

Then it is sent to the SPS where it waits for 10.8, 7.2, 3.6, or zero seconds whether it's part of the first, second, third, or fourth PS batch to the SPS. The SPS accelerates it to 450 GeV in 4.3 seconds, and sends it to the LHC.

So the time it takes from the source to the exit of the SPS is between
0.53 + 1.025 + 4.3 = 5.86 seconds
and
0.53 + 1.2 + 1.025 + 10.8 + 4.3 = 17.86 seconds

Then our proton has to wait up to 20 minutes on the LHC 450 GeV injection plateau before the 25 minutes ramp to high energy, and these 45 minutes dominates [sic] the transit time.

The 450 GeV mentioned is, as it were, the 'entry speed' onto the collider. Thereafter, the 'ramp to high energy' consists of successive 'kicks' which bring the circulating proton beam up to its full close-to-light speed of 7 TeV. Through the wonders of the Web, I am able to tell you that TeV stands for Teraelectrion volts, and that

7 teraelectron volts = 1.12152352 × 10^-6 joules

If you need/want to know what electron volts are, I suggest you look on Wikipedia... I gave up Physics when I was 15 ;^)

In my inbox today was one of those spam mails which first looks like random text cut-and-pasted in to fool the filters; then it looks like something fed through an auto-translator; then it starts to make some kind of surreal pseudo-sense.

Here's a snippet:

It also included the following useful phrase:

"It is essential to avoid the indicated contradiction in therms"

I'm guessing that's when I want the heating on and you want the heating off...

OK - it's time to own up to a guilty pleasure. I've been watching F1 again, even though I said some time ago that I'd had enough of the way in which the sport is governed. I tuned in to the Belgian Grand Prix this weekend; it's a great circuit, and the unpredictability of the Ardennes weather often makes for a very turbulent race. It was here in 1998, for instance, that the Jordan team won its first Grand Prix after a massive wet-weather pile-up at the start.

This year again, things got really interesting when rain intervened within a few laps of the end, turning parts of the 7km circuit into a skating rink. In the last three laps, the fight for first place produced some outstanding driving from both Kimi Raikkonen and Lewis Hamilton, with Hamilton in the lead at the point when Raikkonen finally lost it and went into the barriers. That appeared to be it - except that after the race, the stewards reviewed the result and added a 25-second penalty to Hamilton's time, demoting him to third place. Apparently, their view was that he had gained a place unfairly after leaving the track at the "Bus Stop" chicane... despite the fact that after the incident, he slowed enough to let Raikkonen pass, only then overtaking at the "La Source" hairpin.

One result of the penalty was that Nick Heidfeld rose from third to second - but it's hard to grudge him the result, as he had the quick thinking to switch to wet-weather tyres at the last minute, streaking past half a dozen cars struggling to stay on the track on slicks in those last few laps. What must surely stick in Hamilton's throat, though, is that by default, the win went to Felipe Massa, who (despite qualifying in second place) had not figured at all in the race since being overtaken by his teammate Raikkonen, from fourth on the grid, in the first lap.

It's just one of those mystifying rule-book decisions which seem so arbitrary that they undermine the drivers' attempts to race fiercely but fairly. Yet again, the drivers have done their best, but the sport's administration makes the whole thing look shabby and stage-managed. Disgraceful.

There's news of another UK public sector data breach today, as the prison service is reported to have lost a portable hard drive after confiding it to subcontractor EDS some time before July 2007. Apparently the drive contained personal details of up to 5,000 prison service officers.

From one perspective, this could just be written off as the media pouncing on any public sector data loss because it's a hot topic at the moment. From another perspective, though, it's interesting to see the potential cost of the breach being taken into account, in a way which it does not seem to have been in previous instances.

According to the Chairman of the Prison Officers' Association, the breach "could ultimately cost the taxpayer millions", because "if the information lost is personal and sensitive, it may well mean staff having to move prisons, move homes and relocate their families."

At this stage, none of the reports suggests that the information has (in the phrase used after the HMRC breach) fallen into the wrong hands. By contrast, no such calculation seemed to be made at the time of that previous breach, despite the fact that it involved the taxpayer details of millions of citizens.

I'm sorry I missed the origins of this story while I was on holiday, but fortunately it has leapt back to life giving me a second chance.

Yesterday, many of the news headlines concerned Gordon Brown's apparent reversal of a proposed one-off £150-pound payment to help offset expected rises in household energy bills this winter. What I hadn't realised was the the original rumours started circulating after a senior civil servant was overheard discussing the idea with a colleague while travelling to London by train. Sir Brian Bender, a Permanent Secretary at the Dept for Business, Enterprise and Regulatory Reform (DBERR), is reported as saying that the payment would be aimed at "ordinary people"... more specifically, those drawing child benefit.

Perhaps this was intended as some kind of oblique compensation for all those whose child benefit records were lost in the HMRC data breach. I couldn't possibly comment.

Sir Brian's conversation took place in a First Class carriage of the 15:05 from Leeds to London; according to the rail company's website, a first-class single on that service costs £154... just fractionally more than the rebate under discussion.

What I found more interesting, though, was that a fellow passenger was able, from the overheard conversation, to identify Sir Brian by searching for his photo on the DBERR website. Not quite two years ago, David Blunkett was expressing the view that "As you walk down the street you expect to be able to have a private conversation". Oh, the irony.

Still, I suppose it's good to know that not every public sector data breach in the UK is attributable to ill-considered use of technology. 

There's an Italian joke which goes something like this:

Q - "In Milan it's a rule; in Rome it's a suggestion; in Naples it's a decoration. What is it?"

A - "A traffic light."

Visiting Brussels recently, it occurred to me that in the matter of pedestrian crossings there might well be a parallel joke in Belgium. The next thing which struck me was that, for an object of no functional purpose whatsoever, Brussels' pedestrian crossings exhibit a variety and a degree of creative effort I can't remember having seen anywhere else. Well, given that one definition of "work of art" is "something on which creative effort is expended, but which serves no utilitarian purpose", I did the only rational thing possible; I started to view them not as mundane pieces of street furniture, but as objects of aesthetic appreciation.

Lovely.

PS - it has since been pointed out to me that Brussels' pedestrian crossings do indeed have a functional purpose: they provide oncoming drivers with a more accurate aiming-off point.