we have yet to hear back
> we have yet to hear back
And yet, no doubt, they will claim that they phoned you back promptly and helpfully.
The electronic tags used to keep tabs on criminals and suspects in the UK are "unreliable" - and the systems monitoring them are "shambolic". That's according to a dynamite report by Ross Anderson, a leading computer scientist. The University of Cambridge professor said he compiled his findings after he was called in as an …
> we have yet to hear back
And yet, no doubt, they will claim that they phoned you back promptly and helpfully.
As Serco and G4S (the other incumbent supplier of this service) will not be given the new electronic monitoring contract, the next supplier will have no experience of this type of work and will be using equipment that has never been used before - no chance of an omnishambles there then!
Sadly (for the people on the front line who now face job loses) that can't happen. The competition is/was for a single England and Wales contract, not as it was in 2006 version where the country was split into 5 lots (Serco got London/SE and Wales, G4S the rest).
The rules of the competition also split out the supply of equipment into a separate lot and specified that no current suppliers were allowed to apply - the new contract tags are also to be GPS enabled (although not actually turned on unless needed), again the only ones of this design currently in use are excluded as they are made by a G4S division. It should be noted that the G4S monitoring tag is completely different to the ones used by Serco.
Just read his expert report on his blog (nice blog, and subscribed - some fascinating case studies and reports on there). All I can say is - nicely done. In effect "Let us do a proper peer review on the system to see if it is secure and reliable as you say". Serco shit bricks when they realised that this would cost them massively and decide to drop the case. Shocker. Expect to see future cases rely on this one to properly probe into the whole tagging system.
I've always loved Ross' take on things. He's brutally direct and totally non-political, just as it should be in security that actually delivers.
Personally, I like his style more than Bruce Schneier's. Both are pretty good at what they do, it just seems to me that Ross isn't that much into self-advertising - he simply lets the facts speak for themselves. Having said that, that's *my* preference - yours may differ, of course.
Serco forgot to check if his message could be massaged - with Ross, no chance :)
"That's what the Serco invoices may have indicated - I suspect the real number may be somewhat lower"
It's not just a suspicion:
http://www.telegraph.co.uk/news/uknews/crime/10226728/G4S-pulls-out-of-race-for-new-electronic-tagging-contract-amid-fraud-inquiry.html 6 Aug 2013
"Chris Grayling, the Justice Secretary, welcomed the [G4S]’s decision to step aside, nearly four weeks after the Serious Fraud Office (SFO) was asked to launch an inquiry into the firm’s conduct over the existing tagging contract.
An initial review of G4S and its rival company Serco found both had potentially over-billed the government by tens of millions of pounds - including fees for tagging offenders who had died, left the country or been returned to jail.
Serco pulled out of the race for the new tagging contract as soon as the full extent of the scandal began to emerge. G4S initially refused to follow suit but has now voluntarily withdrawn."
(article continues)
Serco pulled out of the prosecution before the expert witness had a chance to investigate the system - are they trying to use obscurity as the security mechanism?
Anon, because if I ever get the pleasure of wearing one of her maj's favorite prol monitors, Id like to investigate the device without prior suspicion that I may tinker. I've never seen a decent study of how they work, but I always wonder what would happen if you tagged some computer scientists.
As someone who has been doing IT expert witness work for 14 years, I thoroughly enjoyed reading Anderson's report. He's clearly well-qualified, and his report was quiet, restrained, but quite devastating; one is left to decide whether those on the other side are dishonest, incompetent, or both. Furthermore, he's careful not to reach a factual conclusion (whether the accused actually did try to get the device off) but to suggest a means for doing an independent review to see if the cited evidence matches actual results. Thanks for posting this. ..bruce..