125 posts • joined 19 Jun 2009
Re: Strange that they missed some big harvesters.
See Brian Krebs:
(a) Experian Sold Consumer Data to ID Theft Service, http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service/
(b) Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records, http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/
And it's not just the FTC taking an interest but the Congressional Committee on Commerce, Science, & Transportation, too, http://www.commerce.senate.gov/public/index.cfm?p=Hearings&ContentRecord_id=a5c3a62c-68a6-4735-9d18-916bdbbadf01&ContentType_id=14f995b9-dfa5-407a-9d35-56cc7152a7ed&Group_id=b06c39af-e033-4cba-9221-de668ca1978a
On 16 June 2014, 19 days time, Mr Hieu Minh Ngo will be sentenced in a court in New Hampshire, having already been found guilty of 15 charges related to identity fraud, http://krebsonsecurity.com/wp-content/uploads/2013/10/NgoIndictment.pdf
He conned personal data out of Experian for months and his scheme only came to an end when the US Secret Service told Experian it was happening. The new Hampshire judge may have a few choice words for Experian, as well as Mr Ngo.
Which has nothing to do with us over here in the UK, of course, we don't have "data brokers", we have "credit referencing agencies", that's quite different.
Experian is one of the Government Digital Service's five remaining "identity providers" on whom their invisible identity assurance scheme depends. Nothing to see here, http://www.dmossesq.com/2014/03/rip-ida-16-june-2014.html
Re: Barriers to entry – 3
Barriers to entry deprive society of the fruits of innovation.
What fruits of innovation?
Mr Shakespeare doesn't tell us in his report.
He appeared in front of the Public Administration Select Committee with Professor Sir Nigel Shadbolt on 22 October 2013. You can watch them performing here. But you still won't find out what it is we're missing.
Professor Sir Nigel is chairman and co-founder of the Open Data Institute, of course. The ODI think that open data will lead to all sorts of valuable innovative apps. Although they haven't said which apps those will be yet, nor how valuable.
He's also chairman of the midata programme. That's an initiative of the Department for Business Innovation and Skills. They want us all to have personal data stores (PDSs). PDSs will empower us, apparently, and they will help us stupid people to make rational lifestyle decisions and, what's more, they'll make the economy grow. How? By creating an enormously valuable industry of innovative apps, obvs.
What innovative apps?
Glad you asked.
Professor Sir Nigel set up the midata Innovation Lab (mIL). mIL were let loose, like innovation tigers, and they produced five prototype apps. The Prof was so pleased with these prototype apps that he said they would allow us to "get to the future more quickly".
"Prototype", here, by the way, means "not really apps, you can't buy them". Take a look at them. They're just like all the other apps you can already buy on Google Play and the iTunes App Store and the Windows Phone store. There's nothing innovative about them at all. They are not Professor Sir Nigel's HS2 to the future.
So what are we missing? What innovation is society being deprived of by barriers to entry? Answer, stuff you can already buy in the market for once-off prices like 69p.
Therefore there was nothing wrong with selling the PAF along with Royal Mail.
Sure Don, let's see.
If and when they start charging let's see if we can guess whether charges would have been imposed if the company had still been owned by the Secretary of State for Business Innovation and Skills. The way they are for accessing Companies House data, for example.
Re: Typical Govt b0llox
Now there's a country that understands barriers to entry.
Barriers to entry – 2
Mr Shakespeare is a very generous man. He thinks the PDG data should be given away for free. Charging for it is a barrier to entry.
A lot of data is managed by Companies House, the Land Registry, the Met Office and Ordnance Survey. These four together are apparently known as the "Public Data Group" or "PDG" for short.
Admittedly, Mr Shakespeare's generosity would cost us a bit. Currently the Exchequer earns millions of pounds a year by charging for PDG data. That hole would have to be plugged somehow but, according to Mr Shakespeare: "As government would no longer need to purchase the [PDG data] itself, the direct loss to the Exchequer on an annual basis is in the order of £143 million ... It seems a straightforward decision to invest £143m to make Trading Fund data widely available is a relatively small price to pay to leverage wider economic benefits far exceeding this by orders of magnitude".
It seems ... straightforward ... relatively small price to pay ... leverage wider economic benefits ... orders of magnitude ...
It may seem that way but just how straightforward is this investment decision really? Is that a relatively small price or a relatively big one? How many orders of magnitude?
He must know the answer, mustn't he, otherwise he wouldn't have written that on p.30 of his report.
The strange thing is that he also writes on p.30 that: "Forecasting future benefits is also hard to predict. How businesses and individuals might use datasets in the future to generate new products and services and by implication impact economic growth, is equally unknown".
What we seem to have here is a straightforward guess leveraging several orders of magnitude of hope.
Those barriers to entry.
Set them higher.
Meanwhile, you can kind of see a certain hard-headed logic in selling Royal Mail with its PAF intacta.
Barriers to entry – 1
One of the arguments against charging for large-scale access to PAF is that the cost represents a barrier to entry.
That's supposed to be a bad thing. What do we know about barriers to entry? We don't like them.
What's wrong with barriers to entry? They deprive society of the fruits of innovation.
That's the line taken by Stephan Shakespeare in his report, An Independent Review of Public Sector Information.
Mr Shakespeare is the founder and global CEO of YouGov, the polling organisation. As you might imagine, he thinks you can find out the truth by polling people. Looking at health care data, for example, he says: "70% ... of total respondents think that we should make public all that we can about our health care system ...".
Convinced? Are you happy that giving away health care data is the right thing to do because 70% of respondents to a YouGov poll said it is?
Before you make your mind up, consider this.
Mr Shakespeare conducted not one but two polls and 18% of respondents in one poll said they were "highly informed" on data issues and in the other poll that figure was 4%. A fuller conclusion might therefore be this: "Between 82% and 96% of people asked said they didn't know what they were talking about but nevertheless 70% of them think that we should make public all that we can about our health care system so we should".
Sometimes you can't help thinking the barriers to entry should be set a bit higher.
Those rapacious private sector companies, they really know how to exploit us poor innocent consumers. I just took a look at Royal Mail's find-a-postcode site and you know what they told me? "You can still do 50 more [free] searches today." Heartless.
Whaddya mean you've never heard of midata?
We should remember the Behavioural Insights Team's magnificent contribution to the soaraway success of midata, the Department for Business Innovation and Skills initiative to empower the consumer and make the economy grow.
Back in 2012 BIT and BIS jointly published a review of midata and a consultation document. Based on the results of which Whitehall legislated to make compliance statutory.
It is that crucial insight that if you want people to behave in a certain way then passing a law is probably the best way to proceed that NESTA are buying, with money that would otherwise finance mere innovation.
I am often asked about the genealogy of behavioural psychology. There is no doubt that the discipline owes everything to King Canute and his understanding of the behaviour of the sea.
"... Also the humility to realise that incumbent civil servants might know something about how complex the requirements really are ... Sadly their default starting position in any conversation I've had with them has always been, "We know how to do this better than you. So, what is it that you do?"
Frankee Llonnygog @ Thursday 12th December 2013 09:26 GMT: GDS consistently alienate the people they're supposed to be working with. People who know how to build and maintain big systems that cannot be replaced with Rails. GDS walk in with the attitude of "we know how to do your job better than you" and "we know what your requirements are".
Anonymous Coward @ Thursday 12th December 2013 17:27 GMT: They are keen to tell their client what to do and pay scant regard to business requirements or needs.
See for example GDS's blog post Submitting to the language of users:
Plain English is mandatory for all of GOV.UK. This means we don’t use formal or long words when easy or short ones will do.
For example, we normally talk about sending something (whether online or in the post), rather than ‘submitting’ it. This is short, clear and unambiguous. It’s also listed in the Plain English Campaign’s A to Z of alternative words.
We’ve recently been working with HMRC on moving VAT content to the ‘mainstream‘ (services and information for citizens and small businesses) part of GOV.UK. In the first draft, we used the plain English ‘sending your VAT return’ across all of this content.
However, our HMRC colleagues felt very strongly that we should change this back to ‘submit’ to match the terminology used on the HMRC website, as this is ‘used frequently and known by VAT businesses’.
GDS were trying to tell HMRC that they shouldn't talk about "submitting a VAT return". In their informed opinion the correct locution is "sending a VAT return".
This must be the very exemplar of prattish inanity.
In what sense can GDS be said to be "helping" HMRC?
The word "submit" is too long and formal, is it? Then how come it occurs several hundred times on GOV.UK? (Enter "submit" in the Search box and start counting.)
Re: GDS (@Julian)
... it ain't GDS's fault that they've got no data ... Their end of the work has met expectations and has been forced to sit there waiting for useful data to be fed into it ...
Your case would be stronger if you gave some examples.
Here is a counter-example.
GDS took part in a so-called "data-mining" exercise to identify eligible voters in GB elections who haven't registered. The exercise was reported on in the Electoral Commission's Data mining pilot – evaluation report July 2013.
GDS were given data by the Student Loans Company (SLC) among others to match against local electoral rolls. According to the Commission: "There seemed to be issues with the addresses on this data being incomplete. Only one pilot area reported usable results for this database and they found that nearly a third of the addresses were quite clearly incomplete. SLC informed us that the addresses they provided to GDS were complete, so it seems that these issues may have arisen in the matching process, although we are unable to say for certain" (p.7).
The Commission's report is a 134-page catalogue of problems like that with GDS being repeatedly criticised for their end of the work not meeting expectations and the exercise was declared a failure: "The findings from this pilot do not justify the national roll out of data mining".
J Arthur's bellhop couldn't find me on 12 December 2013.
Not surprising. I've been following a punishing schedule of Christmas celebrations.
Was that the day I went for a bicycle ride with Tom Loosemore, Tony Singleton and William Heath? Was it the day Nigel Shadbolt picked me up in his Maserati and, together with Stephan Shakespeare and Craig Belsham, we went for a spin round Cowes in his boat? Or was it the day ex-Guardian man Mike Bracken invited me and a couple of satisfied customers from DWP, HMRC and the Electoral Commission round to Aviation House for a glass of paraquat?
I can't remember.
I'm no tax expert, so don't ask me how that applies to subsidiaries of Amazon that don't have a presence in the UK
See CFCs, permanent establishment, tax residence, thin capitalisation, every combination of double tax treaty and, as you mention, transfer pricing.
Cloud computing = losing control of your data
The NAO must of course abide by the procurement rules.
Equally, as auditors, they have a duty of care. They must keep their clients' data confidential. Handing that data over to a third party and storing it beyond the jurisdiction of English law makes it hard to guarantee confidentiality.
Next time the NAO want to investigate DWP, or whoever, there might be an objection that the NAO can't guarantee to keep the data revealed to them confidential. DWP, or whoever, might refuse to co-operate with the investigation on that basis, and so contracting with AWS, however indirectly, might mean the NAO can't do its job.
Incidentally, it's not just the NAO of course. Consider, for example, Halarose Ltd, who have contracts with 80 local authorities in the UK to maintain their electoral rolls. Where is the data stored? With AWS, in Ireland. Under who's control?
Given that AWS have no – that's no – servers in the UK, how come they're allowed on G-Cloud's CloudStore, where all the customers owe a duty of care to keep our data safe, confidential and under their control?
It's an old saying, a bit of a cliché, but worth repeating – the the only time you're really safe is when CloudStore's down which, recently, has been quite a lot.
... I know you ain't Spartacus
... you is more like an Amazonian astrosurfer, whereas Spartacus was Kirk Douglas (né Issur Danielovitch Demsky) from nowhere near the Amazon.
IBM need help ...
... from Stephen Fry, http://www.dmossesq.com/2013/10/cloud-computing-and-sizzling-stephen-fry.html
Only he can provide the historical perspective and the technical grasp of evocon (evolutionary economics) which Amazon so obviously possess and which has eluded IBM in the first 100 years of its existence.
1. Chapeau bas to Caspar Bowden.
2. Given that most people can't read the Guardian, how can UK awareness be raised?
"As for the secret surveillance agenda, most people in the UK do not seem to care about it, because they lack accurate information in the media about what exactly is happening."
One idea: -
Communications Data Bill
For years, the Home Office have been advocating the Communications Data Bill and the Interception Modernisation Plan before it on the basis that the security services must have the interception tools needed to defend us against terrorism.
The implication was that the security services didn't have these tools.
It now transpires that they do have them.
Which means that the Home Office were deceiving parliament, the media and the public.
That ought to be a story the media would consider running.
Even if they believe that interception is justified the media might at least ask why the Home office been wasting parliamentary time?
Communications Data Bill – why bother?
"In July 2012, Britain's top spook Charles Farr made a rare public appearance: sat across a table from MPs in Parliament, he was quizzed by backbenchers scrutinising Home Secretary Theresa May's widely criticised plan to snoop on Brits' internet connections."
"Theresa May's widely criticised plan to snoop on Brits' internet connections" is the Communications Data Bill. It is widely criticised. The Home Office has put in a lot of hard work trying to get it, and its predecessors, passed into law.
After all, per Edward Snowden, GCHQ already have the technology needed. And William Hague, the Foreign Secretary and political boss of GCHQ, says that their work is perfectly legal. So does Sir Malcolm Rifkind, the Chairman of the Intelligence and Security Committee.
Surely the Bill is redundant.
Why does the Home Office waste all that energy trying to push through an unpopular bill that is unnecessary?
One would genuinely be interested in an answer.
Sell the sizzle, not the sausage
ElReg readers already know that the Government Digital Service (GDS) is all sizzle, no sausage.
Never mind the lack of sausage, GDS are hard at work selling.
GOV.UK has its awards from the Design Museum and D&AD. That helps. They have the imprimatur of Tim 'Government As A Platform' O'Reilly and Martha Lane Fox, no mean salesman herself. The BBC and the Guardian think GDS are exciting and are providing free PR (http://www.dmossesq.com/2013/06/gds-pr-blitz.html). Well done ex-Guardian man Mike Bracken and ex-BBC man Tom Loosemore.
And now the Times have joined in (http://www.dmossesq.com/2013/08/toe-curling-gds-pr-blitz.html). And Policy Exchange. How did that happen?
It is inconceivable that GDS could have gained the support of Policy Exchange while Charles Moore ran it. But he handed over the reins years ago to Danny-now-Lord Finkelstein, a different kettle of fish altogether, whose gib is cut the other way and who luckily is very senior at the Times.
This is soap opera, of course, but then who buys the sizzle? Individuals. Individuals with personal preferences. Individuals not necessarily endowed with the skills or the will to examine the effectiveness of an IT department.
It's all a bit depressing but there is the occasional laugh. Like the Tweet from ex-Conservative Home editor Tim Montgomerie, hired by Danny-now-Lord Finkelstein to write SDP opinion pieces. Mr Montgomerie is a bit of a sizzle aficionado and in his opinion (https://twitter.com/TimMontgomerie/statuses/309258485252636673): "One of the outstanding successes of this Coalition is likely to be its digital strategy http://twitter.com/Policy_Exchange/status/309257138381938688".
Re: Before you slag them all off..
"MyDex are all about helping people to own and be gatekeepers to their personal data. Most Reg readers would like Mydex."
Why do you say that?
How journalism works – Re: That Times article ...
If you enter "rachel sylvester" and "i am told" into the Times search box and hit enter you get 39 hits. That's 39 separate articles in which she has used the phrase.
I suggested to Private Eye once that they start a new column, "Eye am told". No dice.
GOV.UK is not Government on the Internet, but of the Internet
Not my words. The words of ex-Guardian man Mike Bracken, executive director of the Government Digital Service and senior responsible owner of the pan-government but non-existent identity assurance programme. And he's right. You commentards just have to be more agile, http://www.dmossesq.com/2012/10/govuk-is-not-government-on-internet-but.html
As for worrying about statistics being accurate, how old-fashioned can you get? Just ask Stephan Shakespeare, the founder of YouGov who has been inexplicably asked to devise a national data strategy, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/198752/13-744-shakespeare-review-of-public-sector-information.pdf – search on "publish early even if imperfect" and you will see the way.
Re: location markers
"... unless people actually, y'know, do the science, you never know which bits of obviousness are actually true ..."
What's a phone? An IMEI? A phone no.? Sometimes you use someone else's phone. Sometimes someone else uses your phone.
A discipline will develop stitching the patchy record together over the years, over the IMEIs, over the phone no.s, excluding the other people's use of one phone, including the use of other phones, into one person.
It will have to.
Because there will still be a job to do, creating new identities, e.g. for ambassadors travelling under a false identity or people in witness protection programmes. The location identity created for them will have to look realistically patchy.
From my misspent youth, Dematerialised ID, May 2003, http://dematerialisedid.com/BCSL/29%20May%202003.pdf pp.31-3, §4.9.
DWP using same PR agency as HMV?
"... the [Universal Credit] project has been repeatedly hampered by a perceived IT management crisis that the DWP has strongly denied."
Not so long ago, HMV strongly denied that they faced any trading problems.
TBL "cannot imagine a perfect security regime" for the government snoopbase. Neither can anyone else. So the Department for Business Innovation and Skills (BIS) midata project is a no-no since it requires us all to store our personal data on a personal snoopbase or PDS (Personal Data Store).
TBL says that "the surprisingly-accurate advertisements served to users of social media websites ... represent a privacy threat to many internet users". Too right. So the BIS midata project is a no-no since the whole point is make the economy grow by targeting adverts more accurately.
What do BIS have to say about TBL's comments? http://search.theregister.co.uk/?q=midata
And what does TBL think about the UK's eight "identity providers", our official snoop facilitators? http://search.theregister.co.uk/?q=identity+assurance
Round II promises to be very busy
Census – Francis Maude speaking at the ICO conference in March 2012 promised a new way of doing the census in 2021. There can be no suggestion that the census would constitute a single national identity register. http://www.cabinetoffice.gov.uk/news/information-commissioners-conference-francis-maude-keynote-speech
Electoral roll – June 2011 Individual Electoral Registration Bill promises a new way of compiling the electoral roll, including data-sharing across government departments to check for completeness. Associated impact assessment notes that this data-sharing is illegal. Copies of the electoral rolls compiled constituency-by-constituency would all be stored unedited with the credit referencing agencies. There can be no suggestion that this electoral roll would constitute a single national identity register. http://www.cabinetoffice.gov.uk/sites/default/files/resources/individual-electoral-reform-impact-assessment.pdf
Personal Data Stores (PDSs) – July 2012 midata review of midata and consultation introduces concept of everyone having one or more PDSs, files which identify you and include unlimited transaction data stored with a trusted third party in the cloud. The cloud isn't safe. The web isn't safe. Why trust the third parties? Why concentrate a lot of data about yourself in one place? Breaks all the rules of cybersecurity advocated by the Department for Business Innovation and Skills (BIS). But BIS want you to have a PDS because it will "empower" you. The only supplier of PDSs they ever mention is Mydex, whose chairman sits on the midata advisory board at BIS. And the Government Digital Service (GDS) want you to have a PDS because it will allow you to verify your identity when you access public services. GDS have appointed seven "identity providers", one of them being Mydex. All part of GDS's Identity Assurance Programme (IDAP). GDS are part of the Cabinet Office. Another part of the Cabinet Office is responsible for cybersecurity. They warn individuals and businesses to beware of the web. £10 million of the £650 million cybersecurity budget was used to fund IDAP. No doubt it all makes sense and the suggestion of inconsistency is frivolous. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/32687/12-943-midata-2012-review-and-consultation.pdf
Remember what a good job Bill Crothers did at IPS on the ID cards scheme ...
... G-Cloud in safe hands, UK in safe hands
Soory to say but Chris Chant on Twitter not impressed
Not all small suppliers have trouble getting listed -- Skyscape, for example
Skyscape Cloud Services Ltd have only £1,000 of share capital, all owned by one man, but they got onto the Mr Crothers's G-Store and they're now due to host ex-Guardian man Mike Bracken's https://GOV.UK and Phil Pavitt's HMRC local office data. If they got past Mr Crothers's stringent procurement tests surely anyone can.
Re: That's quite the amazing government press release
"So that eight party they haven't quite announced yet is facebook? Or at least google? Some party we've at least heard of? No?"
We could try being logical about it. The system has to be "operational" for 21 million people "from Spring 2013", see notice in OJEU,
Where are you going to register 21 million people?
You need a national network of premises. Bank branches (RBS and Lloyds)? Retailers (Tesco and Sainsbury's)?
But there's only £25 million on the table to do the job, so why be logical?
(Incidentally, do you notice something? No biometrics.)
Re: Ah, the out-sourced ID card
It's not an ID card, I tell you, it's a personal data store, a PDS, when will you get this into your head?
And why can't you tell the good news? With identity providers, now, at last, everyone will have their own ... nanny.
Now brush your teeth.
Akamai 1 - 0 Skyscape
Enter nslookup www.gov.uk and back comes the answer:
Check up with RIPE on that 126.96.36.199 address and you get:
inetnum: 188.8.131.52 - 184.108.40.206
descr: Akamai Technologies
status: ASSIGNED PA
source: RIPE #Filtered
Things are looking good for the Akamai theory and not so good for Skyscape.
Re: GOV.UK + IdA + G-Cloud + midata + ... + NSTIC - Government Gateway
I dug on www.gov.uk and got a poor user experience:
What are you looking for?
Sorry, but there are no results for 'akamai'
Searching again using different words
Browsing from the GOV.UK home page
Visiting the support pages if you need more assistance
Using Google found a few thousand references to Skyscape and GOV.UK including this one
Hosting GOV.UK in the cloud to cost GDS record-breaking £600,000
Government Digital Service signed a deal with Skyscape last month
By Derek du Preez | Computerworld UK | Published 10:29, 10 October 12
The Government Digital Service’s (GDS) infrastructure-as-a-service (IaaS) deal with Skyscape to host single domain website GOV.UK, which was procured through the G-Cloud, is worth an estimated £600,000.
Denise McDonagh, G-Cloud programme director, revealed the figure in an article for the Financial Times, where she said that the deal is the biggest sale to date from CloudStore and is “an important milestone for G-Cloud, showing that the public sector is ready to embrace low-cost utility cloud services”.
The meaning seems pretty clear. From what you say, Mr Newton, these claims are simply false and GOV.UK is after all not being hosted on Skyscape.
Is this possible?
Re: GOV.UK + IdA + G-Cloud + midata + ... + NSTIC - Government Gateway
Akamai? Maybe they've disintegrated?
Mr Newton, I am as mystifyied as you, please explain the following:
Government Digital Service
Introducing a new supplier (Skyscape)
by Mark O'Neill on 18/09/2012
... To meet the needs of GOV.UK, we are planning to work with a number of different Infrastructure as a Service providers. We are happy to announce that the first cloud hosting provider we are working with is Skyscape.
HM Government | G-Cloud
.gov.uk hosting bought through G-Cloud
Posted on September 18, 2012 by Eleanor Stewart
We’re really pleased to be able to announce the first major sale of Infrastructure As A Service. Government Digital Service have signed a contract with Skyscape for:
1) Compute as a service
2) Compute as a service (test & development)
3) Storage as a service
This is all intended to support the exciting work they’re doing on .gov.uk to revolutionise the way citizens access information and services online.
GOV.UK + IdA + G-Cloud + midata + ... + NSTIC - Government Gateway
Savings? Improving the user experience? Those are the issues Messrs Bracken and Maude might like to restrict us to in our discussion. But there are a few more:-
1. You can't deliver public services on-line if you can't identity the users. GOV.UK needs IdA, identity assurance, major announcement due next Monday, or read leaks to the Independent,
2.1 GOV.UK is being hosted in the cloud by a one-man company, Skyscape Cloud Services Ltd. Bit small?
2.2 GOV.UK is being hosted in the cloud. Loss of control over data, staff, costs ...
3. Identity assurance relying on Facebook, Google, Twitter accounts may not be quite as reliable as the identity assurance offered by the Government Gateway but the Gateway's going anyway and soon Facebook and the others will have become part of the British Constitution. Not mentioned in Francis Maude's blog post but nevertheless the case.
4. The Enterprise and Regulatory Reform Bill continues to meander through Parliament and, if it gets through, we will all have PDSs (personal data stores). PDSs are the foundation on which midata is built but, again, mysteriously, they make no appearance in Mr Maude's missive.
5. It is tempting to say that ex-Guardian man Mike Bracken is over-fond of Google and will do anything to further its interests including giving it the UK to play with, a power apparently in his remit. Tempting, but wrong, because what he really loves is Estonia. GOV.UK is his way of making the UK just a little bit more Estonian,
They go up to 17,
The savings are for me, the costs are for you
"A taxpayer service that saves taxpayer money... Hmm".
There may be savings. We may find out when we see the audited accounts. But wherefrom comes the touching belief that these savings will be enjoyed by taxpayers?
Go back to the Bible, Martha Lane Fox's 10-page letter to Francis Maude, and you will read:
"I recommend that any savings from the reduction in duplication should remain in departments, once transition costs and ongoing funding for the new central team have been taken into account".
Take another look at Skyscape
Skyscape get a brief mention at the end of this Reg article. It might be worth taking a further look at the company.
The G-Cloud team include Skyscape on their CloudStore shop but without making any recommendations as to the company's suitability.
GDS have decided to host GOV.UK on Skyscape's servers and HMRC are putting their records there also. So every transaction between the public and the government will depend on Skyscape and ditto all our tax records.
Skyscape is too young to have filed any accounts, it only has £1,000 of paid-up share capital, there is no company secretary and only one director, who also happens to be the only shareholder -- all GOV.UK transactions and all tax records depend on one man, Mr Jeremy Robin Sanders.
What is Eleanor Stewart (G-Cloud) thinking of?
Has Lin Homer (HMRC) seen what her CIO Phil Pavitt has agreed to?
And is ex-Guardian man Mike Bracken the right man to be chief executive of GDS? All his staff have worked hard to get Martha Lane Fox's GOV.UK up and running/testing and then he goes and hands the lot over to a one-man £1,000 company?
One has taken these matters up with him -- http://www.dmossesq.com/2012/10/gds-and-skyscape.html
One awaits a response.
Google – a latter-day Pied Piper of Hamelin
Google have been approached by the Government Digital Service (GDS, part of the Cabinet Office) to help with our government's attempts to provide identity assurance so that public services can be delivered online/become digital by default.
Google have been approached to help with the Dept of Business Innovation and Skills so-called "midata" project.
And, as cloud computing service providers, they have been linked to the plans for G-Cloud.
If Google succeed in getting contracts for all or some of these initiatives they will effectively become part of the Constitution. On that, Ms Harman is right.
In the end, the decisions will be made or strongly influenced by Sir Bob Kerslake, head of the home civil service, and Francis Maude, the Cabinet Office minister. Are they qualified to make those decisions?
They are advised by people like Andy Nelson, government and Ministry of Justice CIO, and ex-Guardian man Mike Bracken at GDS. The latter, at least, seems to be under the misapprehension that governing the UK is a bit like running Amazon or eBay.
My point, to repeat, is that here in the UK we are being driven towards cloud computing and public services which are digital by default and which rely on an undeliverable identity assurance when we know from the experience of Estonia and others that the dangers involved are serious and unsolved.
In order to allay any fear of those dangers, the seriousness of the Estonian debacle of 2007 and of other cyber-failures are consistently downplayed – revisionism.
We are looking here at a wilful re-run of the Pied Piper of Hamelin, http://www.dmossesq.com/2012/04/amazon-google-facebook-et-al-latter-day.html
It is refreshing that this should get such balanced coverage in The Register.
Now you're doing it: "I know from personal exerience that there were problems, but nothing major". Make your mind up. Was it serious or wasn't it?
Guardian Technology blog, 25 January 2008, 'That cyberwarfare by Russia on Estonia? It was one kid.. in Estonia', http://www.guardian.co.uk/technology/blog/2008/jan/25/thatcyberwarfarebyrussiaon
Journal of Strategic Studies, 24 February 2012, 'Cyber War Will Not Take Place': "... unlike a naval blockade, the mere ‘blockade’ of websites is not violent, not even potentially; unlike a naval blockade, the DDoS attack was not instrumentally tied to a tactical objective, but an act of undirected protest; and unlike ships blocking the way, the pings remained anonymous, without political backing ...", http://www.tandfonline.com/doi/abs/10.1080/01402390.2011.608939
Guardian Technology blog, 24 August 2007, 'Kevin Poulsen on Estonia's cyberwar': "Earlier this year, there was a lot of kerfuffle about a so-called cyberwar which struck Estonia's government - our European correspondent Ian Traynor reported the details, and it became big news on the web ... The tale has got the Wired treatment, prompting former hacker Kevin Poulsen to write a really interesting and detailed blog post on Wired.com explaining why thinks the story is overbaked ... Essentially his point is that Estonia (one of the world's most wired economies) took a bit of a beating, but the effects were overplayed thanks to overdramatic government response. The Estonia attack wasn't sophisticated, and cyberwar has already been with us for a while, he suggests ...", http://www.guardian.co.uk/technology/blog/2007/aug/24/kevinpoulseno
That'll have to do to be going on with.
It is common to belittle DDoS attacks. Bruce Scneier compares them to a crack group of commandos invading a country and imposing their rule by barging to the head of the queue in the post office. I am glad you agree with me that DDoS attacks can be serious but that is not the common judgement.
In the Guardian article referred to, http://www.guardian.co.uk/technology/2012/apr/15/estonia-ussr-shadow-internet-titan, we find the following:
"This is how a lot of myths were created," remembered Pärgmäe. "Those outside the country couldn't access Estonian websites, but they didn't realise that people inside still could."
You and I agree about the gravity of the DDoS attack but Katrin Pärgmäe, who is in charge of public awareness at RIA, the country's internet authority, treats it as a myth. That looks to me like revisionism.
Why? Why would anyone want to lie about the facts of this case?
Because governments all over the world including our own want to "transform" public services by delivering them over the web and only over the web.
"Estonia is seeking to reinvent itself from a cheap place to source top-notch programming expertise into the Nordic Silicon Valley and bio-tech centre."
That's not the only thing they're trying to reinvent.
They're also trying to reinvent their recent history. The country was brought to its knees in 2007 by simple DDoS attacks. Only possible because they're so reliant on the web in their highly automated economy. Nothing to see here, they now say, move along please.
Francis Maude was taken to Estonia by ex-Guardian man, Mike Bracken, to have a peek at the future. Let's hope he also had a little peek at the past, http://www.dmossesq.com/2012/05/francis-maude-seeks-future-in-estonia.html
A rare insight into the Home Office's modus operandi
As we all know, automated face recognition doesn't work.
The 2004 UK Passport Service biometrics enrolment trial proved it. As do all other trials. £12.8 million of public money is being wasted.
This matter was taken up in the world-famous case in front of the Information Rights Tribunal, David Moss v Information Commissioner and the Home Office, http://dematerialisedid.com/bcsl/foi.html.
During that case, evidence was submitted by the Home Office and by IBM. Take a look:
Re: At least the Aussies have sense
Funny you should mention that.
29 March 2009, Sunday Times, "Spy chiefs fear Chinese cyber attack", by Michael Smith:
"... equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies ..."
"Ministers expressed concern that replacing the Chinese components with British parts would clash with government policy on competition."
Security? Competition? No contest.
We should take a holistic view of CSC
It was revealed/alleged in the Sunday Times yesterday that British Aerospace's computers had been hacked by the Chinese, who stole secrets to do with the Joint Strike Fighter over a period of 18 months. BAE outsource their IT to ... CSC .
CSC currently face a class action brought against them by their own shareholders .
CSC were docked $250 million by the US Armed Services Board .
In addition to the Department of Health, CSC are also retained by:
The UK Border Agency, who use CSC to collect the biometrics of UK visa applicants overseas. When we decide that we can no longer afford to pay for this schoolboy stamp collecting habit, CSC may expect the golden goose to stop laying .
The Identity & Passport Service. When the public finally tire of paying three times too much for their passports, CSC may legitimately expect once again that the golden goose will stop laying .
Re: Re: IABS
"... between a quarter and half a million indians are likely to end up one ID check away from a pretty unamusing time ..."
Welcome to the wacky world of utilitarianism.
Re: Biometric Systems in Aviation #2 of 2
The airport operators may not install biometrics technology to help to reduce headcount. But UKBA do, please see the evidence of Dame Helen Ghosh, Permanent Secretary at the Home Office, when she appeared before the Home Affairs Committee on 22 November 2011, http://www.dmossesq.com/2012/01/theresa-may-damian-green-helen-ghosh.html :
"... there are plans, over the SR10 period [up to 31 March 2015], to reduce the staff of the Border Force by around 900 people, from almost 8,000 people at the start of the period. But that is driven as much by technological introductions like e-gates, as well as a risk-based approach. Border Force will be getting smaller ...".
Are UKBA investing our money wisely? Does the biometric technology their plans depend on work? Does it work well enough to replace human beings? All the respectable published academic evidence suggests that the answers are no, no and no.
In light of which, with the Olympics coming up and border security an even greater concern than usual, it's about time the Home Office gave us some performance figures to work with, something which, disclosure, they currently resist, and resist very energetically, http://dematerialisedid.com/bcsl/foi.html .
Re: Biometric Systems in Aviation #1 or 2
Thank you for that interesting post, Mr Ankers.
Who is making the investment in biometrics here? Is it a private sector airport operator, risking its own money? Or is it UKBA, a public authority investing public money, i.e. your money and mine? There is a fusion, or confusion here, which it would be useful to resolve.
In your experience, what are the performance characteristics of the iris scan and face recognition biometrics that you mention? What is the failure to enrol rate, the false match rate and the false non-match rate? And what are the volumes involved, have your systems registered 5,000 airport users, 5,000,000, ...?
With two-dimensional face recognition, many studies suggest that the false non-match rate is between 30 and 50% for the first two months after registration, which is useless, and then falls off a cliff -- sort of double useless. There is obviously no point fusing the iris scan biometric with 2-D face recognition. But are your clients perhaps using 3-D face recognition?
In which case, that's fine, but it stops being centrally relevant to the matter at hand, because UKBA and their smart gates don't, they rely on 2-D.
Aadhaar is an Indian identity management scheme operated by the Unique Identification Authority of India (UIDAI) to register all 1.2 billion Indians, identifying them by their biometrics only. They're on track to register 200 million Indians by 31 March 2012 and have just been authorised to register the next 200 million.
Here's a bit of homework, two short reports to read:
1.Role of Biometric Technology in Aadhaar Enrollment -- http://uidai.gov.in/images/FrontPageUpdates/role_of_biometric_technology_in_aadhaar_jan21_2012.pdf
2. India boldly takes biometrics where no country has gone before -- http://www.planetbiometrics.com/creo_files/upload/article-files/India_boldly_takes_biometrics_where_no_country_has_gone_before.pdf
From 1., you will find that UIDAI are using fingerprints and iris scans as a single, composite, "multi-modal" biometric. The biometric failure to enrol rate is 0.14%. The false positive identification rate is 0.057%. The false negative identification rate is 0.035%.
From 2., you will find that UIDAI recommend that any national identity management scheme which doesn't use iris scans is doomed to "catastrophic failure". Ditto if the scheme isn't multi-modal. Ditto if the scheme doesn't use competing matching algorithms at the back end. Catastrophic. Failure.
Q1. What are the performance figures for the UKBA scheme equivalent to UIDAI's 0.14%, 0.057% and 0.035%? If we don't know the answers to those questions, we don't know if the UKBA scheme is good, bad or indifferent.
Q2. UIDAI don't bother to use face recognition. Why do UKBA?
Q3. UKBA don't use iris scanning, multi-modal or competing matches. What is to stop their scheme, IABS (the Immigration and Asylum Biometric Service) from being a catastrophic failure?
Q4. Do you think IABS will make the UK border secure and the 2012 Olympics safe? Why?
Choose what to be scandalised about
"UKBA is busy investigating the scandal that erupted when it was claimed that fingerprint checks were regularly abandoned"
It's only a scandal if fingerprint checks work. The scandalised assume that they do. But then the scandalised don't necessarily know the first thing about the technology and don't have to use it.
Brodie Clark, former head of the UK Border Force, did have to use it. And he said the technology doesn't work. You can watch him say it to the Home Affairs Committee here -- http://www.parliamentlive.tv/Main/Player.aspx?meetingId=9445&st=11:36:43 starting at 12:18
Now, how sure are you that there was a scandal?
Still wavering? How about we add in the fact that at Calais, for "clandestines" only, UKBA have abandoned fingerprinting? Staff have got better things to do -- http://www.dmossesq.com/2012/01/theresa-may-damian-green-keith-vaz.html
You can be scandalised about fingerprint checking being dropped if you like. Or you can be scandalised about fingerprint checking being adopted in the first place. I'd go for the latter, me.
According to Wikipedia, it's something to do with French turkey-farmers: "misfeasance in public office is a cause of action in the civil courts of England and Wales and certain Commonwealth countries. It is an action against the holder of a public office, alleging in essence that the office-holder has misused or abused his power. The tort can be traced back to 1703 when Chief Justice Holt decided that a landowner could sue a police Constable who deprived him of his right to vote. The tort was revived in 1985 when it was used so that French Turkey producers could sue the Ministry of Agriculture over a dispute that harmed their sales". But not just French turkey-farmers.
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- DINOSAUR SLAYER asteroid strike was DEVILISHLY inconvenient timing
- Russia: There is a SPACECRAFT full of LIZARDS in orbit above Earth and WE control it