Robin Wilton's esoterica

Happy July 4th. ... it seems fitting that the UK may be about to try and take a small step towards independence from the US, at least as far as Google is concerned. There's news today that Privacy International may refer Google to the UK Information Commissioner's Office over concerns about privacy violation, as Google apparently starts the process of photographing street frontages to add to its "Street View" service. PI reckon that, because Street View is a commercial service, the publication of people's faces without their consent is likely to violate UK law.

I mention this not in order to have a crack at Google - though I do think that, as a global corporation, they might do a better job of catering visibly for national differences in privacy law -  but because it touches on two issues which crop up fairly frequently in this blog:

- the nature and scope of 'personally identifiable information' and

- the effective regulation of passive data capture (notably, CCTV and other image capture technologies).

Here and here are a couple of previous posts on the topic. The first considers some of the weaknesses in the UK's current laws on the topic, and the other looks at the issue of how service providers can possibly cope, if significant numbers of people decide to exercise their privacy rights and request their images to be removed.

That's something the folks at Google might want to bear in mind.

As part of the ongoing legal punch-up between Viacom (MTV, Paramount pitcures) and Google (YouTube) over allegations of copyright infringement, a US court has ruled that Google must disclose the usernames, IP addresses and viewing histories of all its users.

This seems a strange move on the face of it; surely all that's needed is a list of the history entries which relate to Viacom's copyright material... not the associated user-name. After all, what Viacom appears to be after is Google's money, rather than royalties from the users themselves.

Both the EFF (Electronic Frontier Foundation)  and Simon Davies of the LSE have commented via this BBC article, noting that this has been a privacy disaster waiting to happen for a while now...

"Leading privacy expert Simon Davies told BBC News that the privacy of millions of YouTube users was threatened:

"The chickens have come home to roost for Google.

"Their arrogance and refusal to listen to friendly advice has resulted in the privacy of tens of millions being placed under threat."

Mr Davies said privacy campaigners had warned Google for years that IP addresses were personally identifiable information.

Google pledged last year to anonymise IP addresses for search information but it has said nothing about YouTube data.

Mr Davies said: "Governments and organisations are realising that companies like Google have a warehouse full of data. And while that data is stored it is under threat of being used and putting privacy in danger."

The EFF said: "The Court's erroneous ruling is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube.

"We urge Viacom to back off this overbroad request and Google to take all steps necessary to challenge this order and protect the rights of its users."

The body said the ruling was also potentially unlawful because the log data did contain personally identifiable data.

The court also ruled that Google disclose to Viacom the details of all videos that have been removed from the site for any reason."

I suppose, from the point of view of the average user, three questions are appropriate:

1. Once this disclosure has happened, what adverse effects should users look out for, and what should they do about it?
   
2. Will this actually prompt any users to change their YouTube viewing habits? I would guess not: if the content is posted, people will watch it... believing the whole copyright question to be Someone Else's Problem.
   
3. What's the position of those users who allegedly uploaded the copyright material in question?

Last week I blogged about the release of the highly critical Poynter Report into the HMRC data breach;what I didn't also blog at the time was the localised blizzard of other public-sector-data-custody-related reports which, fortuitously, just happened to be released at the same time.

- The Coleman Report (Nick Coleman, formerly of IBM), Cabinet Office-commissioned report on Government Information Assurance - 31 pages;

- Sir Edmund Burton's (MoD) report into the loss of 600,000 personal records on a laptop in January 2008 - 76 pages;

- IPCC (Independent Police Complaints Commission) report into the HMRC data breach - 61 pages.

The timing of their release means that all these can be conveniently offset against the publication of:  

- Sir Gus O'Donnell's long-anticipated report into Government Data-Handling - 46 pages.

The web page for this report also has a link to a document which sets out "mandatory minimum measures" for improved data-handling and access control, here. It relates only to central government departments and agencies. Regrettably, this linked document is missing some useful things - such as a title page, author, date, document reference number, index, table of contents, overview or summary of recommendations... but the contents themselves look interesting, so in the interests of public service, here's what the Table of Contents would have contained:

Document Title: Cross Government Actions: Mandatory Minimum Measures

Section 1 - Process measures to manage information risk

Section 2 - Specific minimum measures to protect personal information

Section 3 - Minimum scope of protected personal data

Annex - external access by impact/eGIF level

This last part, the Annex, sets out a matrix classifying kinds of data (from 'public domain' up to 'violent/sex offender and witness protection information') and sets out the network and terminal access which is to be allowed for each classification.

It all looks commendable, but I wonder if the technical and procedural implementation work can succeed in "delivering against the vision", as they say.

It sounds expensive... which will doubtless raise the question: is this expenditure paying off in a way which is visible to the voter and quantifiable to the government? If not, it will be interesting to see how long the resolve to continue funding it persists.

Eek.

It seems someone over at ComputerWeekly.com has been reading my blog (though not just mine, it has to be said). Apparently 'esoterica' has been included in the 2008 IT blog award nominees, which is somehow flattering, encouraging and scary all at once. I've been put in the "IT law and governance" category, which means I'm up against lawyers and other people who really know what they're talking about.

So, first things first: all the nominees were chosen by ComputerWeekly readers, so a huge thank you to all of them for taking the trouble. To me, that feels like a 'win' in itself.

Here's the ComputerWeekly page where you can get full listings of the categories and nominees. At the bottom of that page there's a set of drop-down boxes where you can cast your votes.

Actually, whether or not anyone votes for this blog is secondary; what's more important is to be aware of the huge depth and breadth of experienced comment in the area of digital identity and privacy - so here are some of the other blogs which should definitely be on your reading list:

- Dave Birch (Consult Hyperion, Digital Identity Forum) - IT Security category

- Jerry Fishenden (NTO, Microsoft UK) - IT Law and Governance category

- Tom Ilube (Garlik CEO) - IT Lifestyle category

- Guy Bunker (Symantec) - IT Security category

You may remember that back at the end of February I posted about a couple of cases up for review by the European Court of Human Rights; at issue is the question of whether it is lawful (and adequately respectful of human rights - including proportionality) for the DNA of people arrested but subsequently found innocent or not charged to be added permanently to the UK's national DNA database.

Two things prompt me to revisit this story. One is recent news that Sir Simon Milton, Head of the Local Government Association, has written to local authorities to draw attention to disporportionate use of powers granted under RIPA, the Regulation of Investigatory Powers Act. Some councils have admitted "routinely" using RIPA to justify surveillance, including access to phone and email records, for offences including: owners allowing dogs to foul the pavement, clam-picking from an unclassified bed, and to spy on parents who claimed to live within the catchment area of a particular school (it was found that they did... but only after their children had been stalked for a couple of weeks. Never mind... that will all come out later, in therapy). 

Incidentally, the Chief Exec of Wyre Council in Lancashire is quoted as saying, apparently without irony, that dog fouling is an issue which local people "want the council to be tackling on the ground". If they start trying to deal with it in mid-air I think we're all in trouble... and dealing with it any earlier than that really would be disproportionately intrusive.

More seriously, though, my second prompt was this story in The Register, concerning a speech made by Gordon Brown on June 17th 2008 at the Institute for Public Policy Research (IPPR). The speech - on the topic of Security and Liberty - covered, among other things, the justification for retention of records on the national DNA database (NDNAD). The Prime Minister said:

"I say to those who questioned the changes in the Criminal Justice and Police Act 2001, which allowed DNA to be retained from all charged suspects even if not found guilty: if we had not made this change, 8,000 suspects who have been matched with crime scenes since 2001 would in all probability have got away, their DNA having been deleted from the database. This includes 114 murders, 55 attempted murders, 116 rapes, 68 other sexual offences, 119 aggravated burglaries, and 127 drugs offences."

That seems entirely clear and unambiguous. Precise figures, relating to specific offences, cases and suspects. But strangely, I don't remember seeing the news headlines - "over 100 unsolved murder cases closed, thanks to DNA database matches". According to this analysis  of Gordon Brown's speech, by Genewatch UK, that's because what the Prime Minister meant was actually something quite different.

The figures do not relate to specific cases or suspects.

They are based, first, on estimates of how many cases have been retained which might previously have been deleted from the database, before the law was changed to allow their retention; second, on estimates of how many of those retained samples might have matched samples from scenes of crime. It is not actually known, or reported in the NDNAD Annual Report on which the PM's figures are based,  how many specific individuals' records have been retained, which might previously have been deleted. Nor do the figures say how many of those estimated matches ever resulted in a prosecution, let alone a conviction. Instead, Gordon Brown's precise-looking figures are, according to The Register's article, based on an estimate of how many of the (estimated) matching cases are statistically likely to have been murder cases, rapes, assaults and so on.

According to the agency responsible for running the NDNAD "it is not possible to provide figures for the number of convictions produced by DNA".

The Genewatch analysis is happy to go on with the statistical approach, though; according to their figures, for every 8 DNA matches on the database the police get about 4 detections (prosecuting an individual for an offence); about half of those result in a conviction, and half of the convictions result in a custodial sentence. That's... one.

I'm too thick to do it for 114 murders, but as a byte has 7 data bits plus one parity bit, I can do it for 112 murders: if that was 112 DNA matches, it would be 56 detections, 28 convictions and 14 custodial sentences.

Hmm. Where did the other 100 go? Ah - I remember... into the non-existent headlines. I can see it now:

"100 non-existent murderers not matched to anything in statistical estimates, says PM"

Further to yesterday's post - here is a link to the HM Treasury page whence you can download a .pdf of the full report.

For more blog comment, here's a link to Tony Collins' analysis at ComputerWeekly.

Also at ComputerWeekly: you may remember that Toby Stevens of the Enterprise Privacy Group has a regular blog there, and noted that the Poyner Report was only one of a number of major privacy-related news items on the day in question.  He's got a lot on at the moment, but keep an eye on the blog, because I'm sure there's more to come on this topic, and it will be worth reading.

It's getting towards that time of year when we start checking we've got everything... sun-block, after-sun, stack of pool-side reading matter, mosquito repellant... you know the drill.

Well now there's something to add to the checklist: the HM Revenue and Customs podcast. Yes, get your holiday off to a flying start with this, "the modern way to communicate with people". It will tell you all you need to know about what goods you can and can't bring back with you from your hols. Why not give it a try? It could be almost as much fun as the previous podcast in the series: how to set up a Government-backed long-term savings and investment account for children born on or after 1 September 2002.

Actually, if you do succeed in downloading either podcast, please leave a comment... all I get is an error message. Maybe they are so popular that the site is swamped.

This has been a Public Information Service.

The Poynter report into the HMRC data breach is published today, though I haven't yet been able to find the text online. This is one of those cases where a problem emerges, an enquiry is launched, and the responsible minister (Alistair Darling, as Chancellor) immediately deploys the "let's wait for the results of the enquiry" measure as the simplest means of deferring embarrassing questions until (hopefully) the crisis fades from the public consciousness.

Except that, in the internet age, that isn't how it works. These days, all we have to do is type "poynter report" into a search engine to get instant access to the story. For example,  from December 17th 2007, here's The Register on Darling's immediate defence, and here's thisislondon on the same day, reporting Ruth Kelly's announcement of a further data breach at the DVLA...

Apparently a key finding of the report is that the loss arose from "serious structural failings" including poor communication between staff and managers, low morale, and inadequate training. This is somewhat at odds with the Chancellor's assertion at the time, when he laid the blame on a junior staff member who acted "contrary to all HMRC standing procedures".

I assume that "structural failings" would also include the strange equation by which it's 'better' for that employee to jeopardise 25m citizens' records than to ask his or her manager to approve the £5,000 expenditure which would have 'pruned' that data down to what was actually being asked for by the receiving department...

That theory tallies with another quote I have found so far from the Poynter report:

"Few members of staff appreciated the highly sensitive nature of the information contained on the two discs - and those who voiced concern were ignored"

It will be interesting to see what the full report has to add to that.

The House of Commons Justice Committee, reviewing a draft bill on constitutional change, has said that proposed changes to the role of Attorney General - the government's chief legal adviser- do not go far enough. Specifically, they are uncomfortable that the job of giving legal advice to the policial executive should, itself, be held by a politician. The BBC news story mentions three recent instances where this dual role has been of concern:

- The decision to call off a Serious Fraud Office investigation into the 'Al Yamamah' arms deal with Saudi Arabia;

- The advice provided to the Blair government concerning the legality of the Iraq war;

- The 'cash for honours' enquiry, in which a decision had to be taken as to whether to take legal action against some ministers in a cabinet of which the Attorney General was a participating member.

The committe's view apparently is that the greater interest would be best served if the roles of "chief legal adviser" and "governent minister" were not held by the same person.

In parallel, it's interesting to note that, as a result of some re-arrangement of civil service departments, the same civil servant is now responsible for the UK's passports, its planned identity cards, and its register of births, deaths and marriages (in other words, some of the key registration processes on which the issuing of credentials critically depends).

These elements - particularly the register of births, deaths and marriages - need to be managed with complete integrity relative to one another. It's no good having an ID card and passport issuing process which depends on correct certification of births, deaths and marriages if the integrity of the latter is questionable. And yet the fact that a single person is now responsible for oversight and governance of both the certification and the credentialling elements does not seem to have raised any concerns.

Another spam mail purporting to be from moneybookers today, this time inviting me to log in to an account I know I don't have, so as to check a new item of email which is waiting for me there. As Richard Veryard wondered in his comment on the previous post, why bother sending spam which blows its own cover?

This time there's a hyperlink in the body of the mail, which points to a site hosted by an Australian ISP. I have no idea what the "login" page contains, but the home page for the site advertises air-conditioning. Just the job for an English summer. Now, if only there was some secure way I could pay for it online...

Jonathan Feinberg over at wordle.net has developed a fun toy which generates word-cloud pictures from text (or from a del.icio.us page). Thanks to Adriana for the pointer...

Here's a wordle of my white paper on Identity and Privacy in the Digital Age...

Hmm. Interesting... I received a piece of unsolicited email today. It was the kind that rings alarm bells:

1 - it says it's about some kind of financial service;

2 - it includes an attachment;

3 - the link between the subject and the contents seems slightly bogus.

It's from "moneybookers.com", and the subject line reads "Money Laundering Policy - Read Carefully!".

In the body of the email there's a reassuring message which reads as follows:

"For security reasons we have sent you this message as an attachment file. This measure has been adopted to prevent personal information theft and data loss."

Nyuh-hhuh.. 'Course you have... That's the logical way to prevent personal information theft, after all.  I'll open the attachment right away. What's the worst that could happen?

The email also gives the company's registered address and UK company number - and sure enough, that matches an entry in the Companies' Register. Their website decribes the payment services they offer for online commerce.

But so what? I have a constructive suggestion for anyone hoping to develop an e-payment services business. If your service is legit, for goodness' sake find a better strategy than marketing it the same way as dodgy viagra!

Very strange.

It is unlikely to make any difference in the short term, as opposition leader Morgan Tsvangirai has announced that his party will not contest the head-to-head vote against Robert Mugabe. Mr Tsvangirai's decision come after a concerted period of violent suppression of opposition campaigners and likely opposition voters. Even had a poll taken place, it seems unlikely that it could have been representative of voters' real intentions, as this comment by an MDC organiser indicates:

"Tineyi Munetsi, MDC organising secretary for Chitungwiza, rang me from Mr Tsvangirai's house and I asked him what he thought of the decision to pull out.

"I believe it is the right decision," he answered. "For the last week it was my task to organise polling agents for the rural constituencies, and they are all being targeted.

"There is not a single area we can campaign in, even the townships are closed. And think of how many of our people have been murdered. This is not an election, this is a war, and we will not legitimise it by taking part in what is a farce."

Mr Munetsi also alleged that the MDC had discovered plans for massive ballot-rigging.

"Look here, people are being told that after they vote they have to write down the serial numbers of their ballot papers so the fake election monitors can cross-reference them to who they voted for."" Source: BBC News site

While I was in Japan earlier this month, one of our meetings was very kindly hosted by the Institute of Information Security in Yokohama.We were warmly welcomed not only by Prof. Itakura, Head of Faculty for Biometrics and Personal Authentication, but also by Prof. Tsujii, the President of the Institute, and Head of Faculty for Cryptology and the Electronic Social System.

The Institute's website is all in Japanese, I'm afraid, but here is a paragraph from a one-pager handout we were given, which gives a good idea of the breadth of Prof. Tsujii's vision (I have slightly modified the phrasing in one or two sentences - I hope I have done justice to the English and Japanese originals):

"A Life that Exceeds Time and Space

The development of the information network has brought about a multiplying effect of real space and cyber space, ultimately expanding the breadth of our lives. Digital technology that resolves information into ones and zeroes, meanwhile, is extending social activity in all areas, including the direct exchange of opinion between producers and consumers. Such outcomes suggest that "digital technology has activated even analog communications". In this context of information network development and the daily lives of individuals, "freedom", "equality" and "safety" become the most important themes. For technology to enhance efficiency and convenience - thus expanding people's base of freedom - and to allow people to accept such freedom equally and use it safely, it becomes necessary to define measures which closely combine the four fields of: security technology, operation and management, legislative development and social ethics. Information security is an interdisciplinary, comprehensive science which investigates and realizes such social order."

It was a pleasure and an honour to be hosted by such a visionary academic.

Fascinating opportunity yesterday to hear Prof. Richard Swinburne set out his arguments for the existence of the soul as an essential, non-physical and persistent part of "me". I'm particularly grateful to Prof. David Charles for his continued generosity in arranging these opportunities for former pupils to reconvene and have their grey matter given a thorough pummelling.

Without going through it all in detail at this stage (though I will probably write something on specifics in due course), I have to admit that my preconceptions about Prof. Swinburne's views were not entirely positive. For instance, I had read Prof. Yujin Nagasawa's succinct and telling critique here, and found it to be very persuasive. I was wondering what Prof. Sinwburne could say to convince me otherwise. That said, within very few minutes of his starting to speak, I had to admit that his ideas really needed serious consideration.

This is not least because he adopts an approach which is either necessary, or very shrewd (or conceivably both). Within about 10 minutes, he had set out, as the 'supporting pillars' for his over-arching contention, principles concerning substances, events [physical and mental], identity, persistence, and semantic reference. First, it's worth noting that any one of these areas is practically a philosophical career in its own right; second, it means that if one wants to undermine the basis of Prof. Swinburne's position, one has to be prepared to tackle him on some pretty formidable topics. As I say, I will come back to a couple of specifics in a later post... but I'm certainly not qualified to mount a direct assault on all fronts.

Touching briefly on Prof. Swinburne's views on identity, though, I think we can point to some concepts which will be familiar to regular readers of this blog. For instance, Prof. Swinburne wants, as part of his argument in favour of the existence of a non-physical and persistent essential part of "me", to assert that "I" may survive even if my physical body ceases to be. (This is one of the arguments which Prof. Nagasawa seems to counter very effectively). In support of this argument, Prof. Swinburne advances a 'thought experiment', not unlike Derek Parfit's "malfunctioning teleporter" example. Imagine that your brain were surgically removed and half put into one empty skull and half put into another. The missing hemispheres in each skull would then be supplied through cloning, duplication or whatever.

Prof. Swinburne argues that, although we clearly cannot say that "all of you" has survived in the case of either of the two resulting beings, enough of you has survived to make it at least worth asking which of them, if any, is "you". In other words, that your identity - your 'self' - has survived to at least some degree despite the fact that your physical body has not.

A couple of questions suggest themselves:

- first, given that the two new beings each have only one hemisphere of the original brain, is Prof. Swinburne justified in asserting that each half still has the same kind of privileged access to the same feelings, memories, opinions etc. as the whole original brain? I tend to think not.

- second, if his argument rests on the idea that some persistent aspect of "me" is successfully transferred from the original to each of the new beings, does that imply that my 'soul' is divisible (and if so, what else might that imply)?

And lastly there's the good old "argument by counter-example" riposte: if, in order to support your thesis, you have to rely on examples involving improbable mechanisms such as flawless transplantation of severed brain hemispheres, supplemented by flawless cloning of the respective other halves, doesn't that suggest that the thesis itself may be a little far-fetched?

As I say, I'm not qualified to judge... and I haven't spent the last 40 years or so devoting myself to the study of this problem. However, whether I found Prof. Swinburne's position convincing or not, I certainly had to take it more seriously than I had expected to do.

There's news today that convicted cleric Abu Hamza (currently serving a sentence in the UK for soliciting murder, incitement of racial hatred and other offences) has lost an appeal against requests for his extradition to the United States (where he is wanted on a number of terrorism-related charges).

This appeal was made on the basis that some of the evidence on the basis of which the US extradition was being sought was obtained through torture. The High Court judges ruled that there was insufficient specific evidence that this was the case. Let me say, first, that all the public history seems to indicate that Abu Hamza is a right sweetie... prepared to use places and services of religious worship as the forum for inciting violence and murder, for instance, and with an apparent mission to radicalise anyone prepared to listen. I think I'm happier with him off the streets, regardless of whether he's off them in the UK or off them in the US...

Nevertheless, two things caught my attention relating to the story.

First, it appears that Abu Hamza might be extradited to the US - but only for as long as it may take to bring him to trial there - then returned to the UK to serve the remainder of his current sentence, and then (if found guilty in the US) sent back there once again to serve whatever sentence may be handed down at his US trial. It will be interesting to see whether his trial takes place under the normal domestic practice of federal law, or whether anyone succumbs to the temptation to deal with Abu Hamza through the more 'pragmatic' processes of Guantanamo.

Second, although they have concluded that the extradition request was not based on information under duress, the UK judges must also be assuming that 'standard operating procedure' will apply to Abu Hamza's pre-trial detention... no water-boarding, duress positions, sexual humiliation etc.. Otherwise, one would have to assume that Article 3 of the European Convention on Human Rights (and therefore the UK Human Rights Act) could be held to apply. This reflects the European Commission on Human Rights' finding that "Article 3 could be engaged by the extradition process and that the extraditing state could be responsible for the breach where it is aware of a real risk that the person may be subject to inhuman or degrading treatment" [Soering v. UK, 1989]

It will be interesting to see how his extradition unfolds in practice.

Oh- and in case, like me, you were wondering about the missing eye and hands: apparently these were lost while doing mine clearance in Afghanistan... which is an interesting twist. The persona we are otherwise being shown via the media doesn't include much to relieve the uniform blackness of character.

I flew in to Heathrow's much-maligned Terminal 5 on my way back from Tokyo at the weekend. In most respects T5 is... well, an airport terminal. At the architectural level, it's neither depressingly awful nor heart-swellingly amazing - though the multi-story car park ground-side of the main building is unusually hideous even of its type. Strangely, as the entire purpose of the terminal is to process a massive flow of people, the building's layout itself helps very little, and needs constant signage to tell you where you're supposed to be going (in its catastrophic opening week, this was one of the major obstacles for travellers and staff alike). It's good to see, at least, that in terms of flooring T5 has moved on from the frankly horrid carpets of its older siblings.

The most spectacular failing of the opening days was in baggage-handling, with a backlog of 19,000 bags, some thousands of which were trucked to Milan to use the (working) facilities at Malpensa. So it was with some dread that I surrendered my suitcase to the check-in staff at Narita and, 14 hours or so later, descended in the hope of recovering it, Lemminkainen-like, from the Tuonela of Terminal 5... [Apologies if my Finnish grammar is not up to scratch... that should probably be Tuonelasta or something... ;^)]

There are lots of information panels in the baggage retrieval area. This meant that none of the crowd of waiting passengers had trouble seeing that there was a backlog of 10 flights-worth of bags for which the collection carousel was not yet known. Not a cheering sight. Then it turned out that it wasn't the baggage-handling system that was down, but the information system... so our cases would emerge OK, we just wouldn't know where. Also, the PA system wasn't working, so a lone BA staff member was spending her Sunday trotting up and down the baggage hall shouting out the flight and carousel numbers whenever she could glean them from her intercom. "Tripoli, carousel 7", she would yell, "Athens, carousel 4"... and, like a well-worn refrain "cancelled flights: baggage on carousel number 9".

Poor sods.

As it happened, our baggage arrived with roughly normal promptness.
You may be wondering what on earth this has to do with Hazel Blears' PC... well, only this: you would have thought, given the incredibly high-profile failure of the T5 baggage system in its first weeks, that BAA and BA would have flung resources at it so that either nothing went wrong, or if there was a glitch, hordes of back-up bag-men would swarm in and sort it out manually. But no.

Likewise, you might wonder - given all the damage to the government's reputation as a reliable custodian of sensitive data - what on earth might prompt a Minister to store restricted data on a machine in her constituency office, despite data custody rules which forbid it. There may, of course, be a perfectly rational explanation... I couldn't possibly comment.

Interesting blog post by Uri Rivner on the Finextra Communities site. He notes a recent RSA report that "Software as a Service" (SaaS) principles are making their way into the underworld of online fraud, and predicts that within 18 months there will be sigificant use of 'hosted malware servers' as the basis for Trojan software attacks. And there I was thinking that, anecdotally at least, it was the porn industry which was usually the first to achieve large-scale subversion of any given new technology.

The DefenceSecretary, Des Browne, will apparently announce today that, following talks between Gordon Brown and President Bush, the number of British troops serving in Afghanistan is to rise to its highest level yet. The war in Afghanistan has been in the headlines recently as the number of British servicemen killed there in the current conflict passed the grim milestone of 100. US Secretary of Defense Robert Gates recently addressed NATO with the announcement that in May, for the first time, US and allied combat deaths were more numerous in Afghanistan than in Iraq.

It's not, of course, the first time Britain has been entangled in a land war in Afghanistan. Whether or not it can be regarded as canonical, the "British Battles" website makes the following interesting observations about the disatrous British retreat from Kabul to Gandamak in January 1842:

- "The First Afghan War provided the clear lesson to the British authorities that while it may be relatively straightforward to invade Afghanistan it is wholly impracticable to occupy the country or attempt to impose a government not welcomed by the inhabitants. The only result will be failure and great expense in treasure and lives.

- The British Army learnt a number of lessons from this sorry episode. One was that the political officers must not be permitted to predominate over military judgments."

Of course, that last comment reflects a basic tension: the military option is always constrained within a political context (think, for instance, of the first Gulf War, in which the military preference was to press forward having liberated Kuwait, take Baghdad and overthrow Saddam Hussein while the momentum was still there... the political reality was that such a step would have gone beyond the agreed scope of the military action, and in doing to would have used up political capital in forums such as the United Nations and among the other nations of the Middle East.

As I've had a lot of time to spend in airports recently, I've spent some of it reading recent accounts of the Iraq and Afghanistan conflicts: "Sniper One" by Sgt Dan Mills, "House to House" by Sgt David Bellavia (US, Iraq), "3 Para", by Patrick Bishop (UK, Afghanistan).

In Sgt Bellavia's book, one very seldom gets any direct hint of the political context or its effect on operations - perhaps because the US and UK styles of deployment are different, perhaps simply because his book covers a shorter and very intense period of engagement. However, in both the others, the political dimension is always there, and is portrayed almost entirely as something which muddles, frustrates and inhibits the military action - usually resulting in greater danger and further casualties. The principal, fatal dangers appear to be these:

1 - political objectives which expand, but with no corresponding increase in the available resources;

2 - a political context which results in long, confused or conflicting chains of command (particularly multi-national ones);

3 - political goals with unquantifiable military objectives;

4 - a failure to address 'macro' causes at the political level, thus failing to stem the symptoms of conflict on the ground.

In both the Sniper One and 3 Para accounts, troops were deployed to make sure that reconstruction projects could take place. In both cases, by the end of the book, any notion of reconstruction had evaporated, and the troop deployments were basically acting as a lightning rod - attracting vigorous insurgency action simply by being present.

The 3 Para book explicitly mentions "Quick Impact Projects" or QIPs; civilian aid initiatives which the military forces are meant to undertake so as to create benefit for the civilian population and win their good-will. There is a telling vignette of the 'un-plumbed-in washing machine' which the soldiers wanted to install for the local townspeople, but were instructed to leave to the civilian reconstruction agency. At the end of their tour of duty, the machine was still sitting there in its polythene wrapping.

Tellingly, there is no mention of reconstruction goals in today's BBC news article (though, of course, the Defence Secretary's full statement may read differently). Instead, it repeatedly mentioned the theme of 'taking the war to the Taleban' and 'confronting them in Afghanistan rather than in Britain'. That looks like an unquantifiable military objective to me.

There is also no mention of Pakistan in the article, although it is clear that the Afghan question cannot be resolved without Pakistan's active and committed engagement. That looks like a failure to address macro factors.

As for the balance between political and operational imperatives... only time will tell.

No, it's not a re-run of the Eurovision Song Contest, though goodness knows, a dire enough tune won that.

This is Ethiopian athlete and Boston Marathon winner Dire Tune, who - at the Golden Spike athletics meeting in the Czech Republic earlier this week, ran 18.517 kilometers in one hour. Even I, with my limited numeracy, can work out that that's an average speed of... just over 18½ kilometers an hour. OK - for those of us still on pre-Napoleonic units, a shade over 11½ mph.