Early last month Jacqui Smith unveiled the latest revision of the ID card roadmap. On the same day, by happy coincidence, Microsoft bought Credentica's U-Prove assets and hired Dr Stefan Brands. On the one hand, a discredited and failing strategy staggers on under its fourth Home Secretary, while on the other...? In recent years …
She's a very smart woman???
***"Would we be able to put this persuasively to Jacqui Smith? Not in an elevator pitch. Probably not in a one-hour meeting. But she's a very smart woman. If we who read and write for The Reg can understand it then I'm sure she and her colleagues can."***
This *is* the woman who thinks the plan to get paedophiles to register their eMail addresses to keep them off social networking sites is workable.
Not *exactly* a great demonstration of her smartness.
"Would we be able to put this persuasively to Jacqui Smith? Not in an elevator pitch. Probably not in a one-hour meeting. But she's a very smart woman"
Randomly inspect some of her comments on ID cards etc. I think there is a sufficient body of evidence to refute the idea of Jacqui being smart (unless you mean her "dress sense" - being a geek I am not qualified to comment on fashion issues!)
he said what now?
"There is no industry player around I believe in as much as Microsoft with regard to its commitment to build security and privacy into IT systems and applications,"....
apart from maybe BT & Phorm....
I don't know whether to laugh or cry.
"The outstanding question is how well the undoubted intentions and integrity of both men will stand up to the residual primitive and exploitative tendencies that still reside in large parts of Microsoft"
And even should they stand up to it, what happens once they move on...
reply to Eponymous Cowherd
... oh contraire mon amis, THAT is a PERFECT demonstration of *her* smartness.
Heading in the right direction
with "minimum disclosure tokens", unlinkability and strong revocation, it could be mistaken for my own proposals (http://www.fullmoon.nu/book/side_issues/IDDown1.htm) but a key consideration is that while we obviously need the likes of Microsoft to adopt and promote the system, we cannot and must not trust any commercial OR government organisation to host the service. The relevant code and protocols must, of course, be Open Source. Nevertheless, there is plenty of scope for participants to make billions using the system, but the control MUST be in the hands of We The People - directly - through Juries and Public Trusts.
It's a see saw
Microsoft become the good guys, as a certain advertising sales corp becomes evil. And so the cosmic balance is maintained.
Sorry, I'm not buying it
"There is no industry player around I believe in as much as Microsoft with regard to its commitment to build security and privacy into IT systems and applications," he says
Ah. Sure. That's why MS' solution to segregated security platforms was to have one system with a "secure VM" for one level up then, yes? That's why Vista taps so much data from the end user that peple who are clued up professionally about client privilege outright had to ban it (I know several lawyer forms who work for seriously heavy clients who have simply banned it). Maybe using it for healthcare will land you with a HIPAA violation as well, don't know.
I believe in players I can TRUST. Security does NOT start with technology, and with due respect to Bruce Scheneier, it has been demonstrated by the GCHQ affair re. Kofi Annan that it doesn't work by process only. It always starts with people, and what they do.
And that is why Microsoft is a gazillion miles away from doing anything safe. It's a miracle the word "ethics" has even made it into their spell checker.
4 pages later
and I'm no wiser as to how the system works, any chance of a summary beyond 'limited disclosure'?
Quite, smart ?
Politicians are as smart as their advice, and advisors.
If the gov prefers the current insecure security to carry-on, then the advice she will get wil mirror the intent. The problem is to get her to make her own mind up....if she has one.
In the '90's there was and idea called the digital wallet. It contained digital money that could be traded directly with another digital wallet without passing through the bank. Obviously it worked by some very clever prime numbers or something but it was effectively like having silver coins. There was no need to know the idenitity of the people in the untracable transaction.
Clearly this would never work, or if it did work then it would be illegal. All this having to prove who you are is surely unnessasary. Possesion is 9 thens of the law? If you want to top up your electricity meter then surely any form of payment is OK as long as it feeds your meter and not someone elses. The meter does not need to be linked to you, that's just spying. Your car runs on whatever petrol you buy, no need to link it to you or your car. Oh I forgot, it stops terrorists.
I dunno about the government talking to MS about ID cards, seems like three bad things in one box.
Too late for the Microsoft Government Gateway... #2
I posted recently on another thread about Microsoft's cavalier approach to open standards with its implementation of the (Microsoft) Government Gateway, but I will post it again here, just as a reminder of the sort of attitude Microsoft will have to non-MS product users (effectively, the Open Source world) if we hand identity management to it on a plate... I suppose if Microsoft deems your e-mail address to be "illegal" according to its own "standards" in this way, then you won't HAVE an identity...
--- Original post ---
(as a comment on http://www.theregister.co.uk/2008/04/03/conservative_open_source/ )
"Too late for the Microsoft Government Gateway... "
... in respect of which I've now received an explanation as to why it (and the Self Assessment web site) will NOT accept my RFC2822-compliant e-mail address, which gets rejected with a terse "illegal e-mail address" message.
Basically, the site complies with the GovTalk "standard", and that's it - too bad about *international* open standards. The letter states: "The difference between the GovTalk e-government standard and RFC822 includes variations around allowable characters... you are able to use our online services, but you will need an email address that is compliant with the GovTalk e-government standard..."
So, basically, that means the official HMRC position is:
- Microsoft built our system, so tough if it doesn't work properly;
- Microsoft standards are better than everyone else's international standards, to which we see no good reason to adhere;
- you can use our services, but even if you observe international open standards you will get second-class service and be unable to use all of our services, unless you comply with Microsoft's "standards";
- Microsoft is going to own the Internet anyway, so just get used to it and stop arguing.
Remember, the Government handed over its intellectual property rights to the Government Gateway to Microsoft *for free* so that the latter could market it elsewhere, an astonishing decision over a publicly-funded programme, even if it doesn't comply with open standards.
So, nothing new there then. The worrying thing about this is that this demonstrates official Government endorsement of Microsoft's continuing abuse of its monopoly position, despite the hundreds of millions of Euros Microsoft has recently been fined for doing exactly that. And no-one at HMRC sees any problem with it... I still have an "illegal" email address, even though the whole issue has been debated between us using exactly that address!
You wouldn't understand it... apparently.. ;)
Surely there's an argument that if you can't explain why I might want or need something then maybe I don't want or need it?
"If we who read and write for The Reg can understand it then I'm sure she and her colleagues can."
That's taking sarcasm one giant leap too far... Play nicely.
Any evidence to support that, Mr Heath?
Her utterances in post have been utterly without personality; and her entire career would fit better with the theory she's an energetic loyalist slogger not an imaginitive thinker.