Posts by despairing citizen

Re: whitehall work load

"far more policy has been outsourced to Europe, of course, leaving Whitehall with less to do "

Apart from spending a lot of time gold plating EU regs, that start out as 6 sides of A4 on EUR-Lex, and become 600 pages by the time it gets out of whitehall.

Basic issues

Are the outsourced staff expected to be using UK citizen data, if so India is not in the EU, hence I would have some concerns about data protection.

If the staff in india are being paid a fraction of the UK staff, what are the internal audit controls going to be with regards to securing code and data from fraud and other crime? (can you think of any UK employees willing to go to prison for £100k, where as in india, disapear, start a new life, very rich by local standards(*))

If CITS is doing UK Government work, how secure is it for HMG to have it's underlying IT in the hands of another nation?

Given the local extremist/terrorist supporters, activists, and members in the local area, is this really the best location for UK government IT, how much use will the indian government be at assisting in security vetting?(**)

(*) - It took the indian police years to catch a murderer from southampton who escaped there, and disappeared into the 1bn sub-contienant, how much effort will the put into a fraud case?

(**) - low level government systems may not seem like much of a prize to a terrorist org, until you figure out that inserting your people into the DWP databases gives them clean histories for operating in the UK and Europe. Same with DVLA, and many others.

Unfair Contracts Directive Anybody?

Business can write any terms they want, unfortunately for them, here in the EU we have protection for individuals from "sharp" business practice, in the form of the unfair contracts directive, and it's UK enactment in the Unfair Contracts Act.

My personal guess is the terms wouldn't survive 5 seconds in front of a judge.

Anybody interested, the OFT guide can be found here ;

www.oft.gov.uk/shared_oft/reports/unfair_contract_terms/oft311.pdf

Interestingly most US EULA's (Rotten Core, Micro$haft,, et al), would also fall under this remit of this legislation for personal customers.

Can I fire senior managers?

every time I hear one saying "I don't do IT", and think it's a good thing.

Well as an IT manager I don't like doing the bean counting (budget management), but I damn well learned to do it to the corporate standards, and operate within the rules the CFO and auditors lay down.

Given the organisation would die quicker if it's IT is screwed up than if it's accounts are screwed up, which is more important, and would the senior manager still have a job, if he turned round to the CFO and Head of Audit and said "I don't do budgets".

So bad it's not even wrong

"Serious damage would require an intelligent malware agent that was capable of changing ongoing processes while hiding the changes from their operators, Rid says. To our knowledge, this has not yet been created, and making something as complex would require the backing and resources of a state, he added."

Access patient records.

Is Alergic to Penacillin ; Change Y to N.

Doctor why has the patient gone into shock!

Title relates to a comment Pauli used to make about some of the crap thesis papers he had to review

Please can somebody show this chap a computer and explain how they work!

How many ways can this get challenged?

So the obvious get out clauses.

I never recieved it;

1. Spam Canned

2. Not my account gov'nor

3. My account was highjacked and the information deleted

4. A virus destroyed all the data

5. I closed my account some time ago

The information recieved was not readable

1. Oh, the messages i had that day where corrupted

2. My AV system detected a virus in an attached PDF and cleaned it.

etc.........................................................................

So the court upheld you can use any communication medium for a legal document (not new), (yes verbal contracts are enforceable, but the evidence value isn't worth the paper it's not printed on)

Doughnuts Anybody?

Given the inteligence implications of all the people being hacked, one does wonder what the doughnut occupiers (GCHQ) and their colleagues at MI5 where doing...

If anything....

If somebody is hacking the voice mail and computers of cabinet ministers and intel (or ex-intel) staff, I really want GCHQ/MI5 to find it first, and quickly.

SOCA

I will start by saying I'm amazed that SOCA has actually managed to arrest anybody.

The (dis)Organised Crime Agency will I'm sure manage to managle the case somehow between arrest and court case. (assuming there ever was a case to answer to start with)

I also note that many years on from mass violation of CMA90, no director at Sony has ever been arrested for unauthorised access to a computer system, in relation to their illegal DRM rootkit.

Oh, well, one law for the man in the street, and a completely different standard for large media companies (for further details see News of the Screws investigation)

Ass Backwards Logic

Correct me if I'm wrong, but I read that as adobe are spending programmer time building a sandbox solution to run their insecure code, rather than using the same programmer's time to build a secure solution in the first place, or dig out all the bugs in the current code.

Isn't that kind of ass backwards logic?

Framework, as in locked in

A lot of these Central Gov negoaited contracts end up meaning Local gov bodies have to buy their stuff through the framework at a price that is worse than if they had approached the vendor directly.

But I'm sure that the relevant Sir Humphrey and his junior minister will be getting director and consulting jobs at the relevant firms when they leave the public service.

EU Choice of Reviewing Authority

It is interesting that despite the obvious language advantages, the EU did not ask the UK ICO to review the data protection issues.

Could it be that the Article 29 working party has a low opinion of the ICO after the Cookie directive fiaso and the Levison enquiry heaing that the ICO did not think they could take on News of the Screws, et al.

Huge Government Investment in British Tech

£50m over 3 years!

Ok, how much does intel invest in nudging the corners of existing silicon tech evey year.?

Look forward to yet another discovery made in britian and exploited by every but the UK.

Can anyone name a US politician currently seeking donations?

for example for re-election as US president?

no conflict of interest, merely demonstrates why the only thing that united politicians in the US was keeping John McCain (and his political funding and disclosure reforms) out of the Whitehouse.

Arresting NewsCorp Directors - When?

So now we appear to have a clear lead between criminal activity by NewsCorp employees, and the company profiting from that activity. (selling more news papers)

So when are the directors of the company going to be arrested?

When will see actions taken under the proceeds of crime act?

Government (in)Action Planned Against Identified UK Cybercrime

One part time officer to be allocated to combat UK computer crime.

Will be rigourously vetted to ensure apropriate knowledge, as follows;

1. Must NOT have read the Computer Misuse Act 1990

2. Must have NO knowledge of DPA98

3. Must only intermittenly remember RIPA (i.e. when it can be used to spy on ex-wife, or daughter's new boy friend)

4. Must be able to repeat "I have no recollection of that conversation", when asked by a judge what his last comment to a Murdoch employee or contractor was

Primary job activity to attend security conferences and demostrate the appropriate knowledge listed above, thus ensuring a reduction in reported computer crime, because everybody will realise there is no point to reporting it.

Cybercrime...What Problem?

Warning. may contain excessive amounts of sarcasm

The US Government

The best government money can buy

In Other news......

Closing down sale soon on at our London shop in Downing Street

Part of the cost is Risk based

Part of the cost of using a credit card, is related to the card company having to cover it's responsibilities under the consumer credit act, and fraud using card based systems (both from the buyer and merchant end)

This is why a local authority can get away with a much lower mechant fee (e.g. 1.5%), than for a small startup online store (3%+)

But regulations setting out what operating costs are incurred, and the risk model they are using would be a help comparitor to prevent excessive charges, and foster competion.

Practical Use

Ok, great science, but what are we going to use the storage space for? by my recokening, this is the equivelent of 50m 2TB HDD's of storage.

So ignoring that crack that it will be needed for windows 9 install disk space.....

or HMG's latest track everybody everywhere database

Are there any practical applications out there?

What are the seek times to find the 1mb document in the 100 exabyte haystacks?

Risk Model

Does anybody think Barclays will be issuing a warning to shareholders that it is changing it's risk model?

Will it even update it's corporate risk register and audit controls?

NAH.

Lets assume India is where the work goes, nice people, lots of english speakers, shame it has serious political risks that could result in the "new innovation" site being a burning pile (terrorism), smouldering crater (war with pakistan), glowing hole (nuclear war with pakistan)

Then of course there's geographic hazards, such as flooding (see HDD companies for how that works)

The moral risk profile changes, how many UK IT staff would be willing to spend 5 years inside for £100k?, but how many indian's would happily disappear with £100k in their pocket and start a new life somewhere else in the very large country?

Other favorite OS countries;

Eygpt - nice safe environment (sic), it's not as if the failing government would cut the international lines to your vodaphone call centre

China, land of great opportunities, for all the bent government officials, plan on having all your data swiped either officially or un-officially.

Thailand, not as bent as China, but it is known to rain a bit from time to time

Etc., Etc.