I mean, it's not as though ...
... the virtuous Apple ever had anything to do with Prism.
264 posts • joined 19 Jun 2009
smudge: "Genuine question - why would the Royal Mail know the year you moved house?".
They rely on Equifax to provide identity proofing questions. How do Equifax and the other credit rating agencies get this information? How are they allowed to sell it to Royal Mail and the other "identity providers"?
It's the same with the Post Office, who aren't even accredited as "identity providers". Customers who think they're signing up with the Post Office are, behind the scenes, really signing up with Digidentity.
The questions above about the credit rating agencies are unanswered. Here's another one. Why don't GDS explain all this to their parishioners, the users whose interests are supposed to be GDS's only guiding light? Same answer.
The question arose at the Institute for Government event on 4 July what progress has been made since the advent of GDS. Answer, government IT failures are a thing of the past, please watch between 6'20" and 6'40". Who knew?
So Whitehall isn't optimally organised. Who knew?
Nevertheless, Whitehall is where GDS has to operate. That's the job. To say that Whitehall needs to be reorganised, we need to start again, we need a new world, is to say that GDS can't do its job. Who knew?
Never forget that some people in Whitehall can do their job. The Cabinet Office of old produced the Government Gateway, for example.
The alternative model for Whitehall advocated by Tom Loosemore, Stephen Foreshew-Cain and Mike Bracken is to "smash the silos", create canonical registers which constitute the single source of truth and then let algorithms design services by processing the (big) data. Parliamentary democracy would die and the power would shift to GDS, in charge of the registers and the algorithms and with the final say on what users need. No thank you.
“The ability of anyone to know ... who your contacts are, who their contacts are... - from my own point of view it shouldn’t exist”, Cook said.
Then how come just about the only way to transfer your contacts from an old iPhone to a new one is via the cloud?
Ditto other brands. All your contacts being uploaded to GMail. Or to LinkedIn.
Stephan Shakespeare is the CEO of YouGov, the polling organisation, and back in 2013 he wrote An Independent Review of Public Sector Information [PSI].
Professor Sir Nigel Shadbolt is the chairman and co-founder of the Open Data Institute (ODI).
Professor Sir Nigel appeared in front of the Public Administration Select Committee (PASC) to give evidence jointly with Stephan Shakespeare. Tim Kelsey (care.data) and Professor Sir Nigel were both members of the Data Strategy Board and, as such, assisted with the production of Stephan Shakespeare's PSI report (p.4).
ODI and YouGov are not independent of each other and both have an interest in promoting data-sharing.
"The  review", Mr Shakespeare tells us,"will consider the current and anticipated future needs for Government given the current policy objectives across departments and wider public sector bodies as well as the opportunities and challenges presented by rapidly developing technology in the area".
Nowhere in its 71 pages does the review tell us what the opportunities are and nowhere do we discover what this "rapidly developing technology" is.
It's been a busy old time for Shakespeare. He's been talking to the citizens and to the experts: "There have been breakfast seminars, larger events with big businesses, SMEs [small and medium-sized enterprises] and start-ups. I have also interviewed individual experts, activists and practitioners".
All those full English breakfasts. Also small and medium-sized English breakfasts. And more – tireless pollster that he is, Shakespeare, the founder of YouGov remember, tells us that: "my own evidence has come from the two waves of surveys, each with simple, defined multi-option questions, with every question accompanied by an open comment box. The first wave was exploratory, helping to develop ideas; the second wave, confirmatory, seeking support for my broad recommendations".
What do these two-wave surveys reveal?
We find out in the Evidence section of his review (pp.21-7): "70% ... of total respondents think that we should make public all that we can about our health care system ...".
Too bad on the other 30%, you may say, the majority has spoken and the majority wants everyone's medical records to be made available for research.
Not so fast.
Your confidence may be partially deflated when you learn that Shakespeare's surveys were conducted on two groups of people. In one of them, 18% of respondents said they were "highly informed" on data issues and in the other group that figure was 4%.
The survey finding above could legitimately be re-stated as follows: "Between 82% and 96% of people asked said they didn't know what they were talking about but nevertheless 70% of them think that we should make public all that we can about our health care system so we should".
Questions of independence. And questions of methodology, too.
Reducing the number of news publishers does not improve democracy.
"Google, Facebook et al are mere platforms"? Naïve.
Their services are not free.
Hate speech and prejudice will not be ended by using hate speech and prejudice.
Rubes and hicks are people.
So are titanic heroes like Watson, Gates, Jobs, Bezos, Brin, Zuckerberg and Murdoch.
One force that can help to keep their absolute power in check seems to be competition with each other.
Another is innovation – IBM seemed once to be invincible and is now disappearing.
Whatever, democracy needs objective journalism, or the nearest humans can get to it, and informed comment. The question is how we can promote that. It's hard, how do we replace the advertising-funding-makes-everything-look-free-and-a-human-right model, answers on a postcard please, but let's start by at least not making it harder.
I'm trying to establish only one point – that the chipsters will have the devil of a job making anyone believe that the existence of the Spectre and Meltdown problems came as a surprise to them.
What didn't they know? Anything. When didn't they know it? Ever.
The rest of the world, the members of which do not spend all day every day ruminating about computer architecture, has not spent 50 years banging on about the issue because we thought/assumed that the chipsters had it gripped. How wrong we was. Bang OoO.
Lenin had 100,000 people executed by the Cheka within a year of his taking office. The Tsar managed a paltry 17 in the year leading up to the Revolution – one heck of a performance improvement delivered by speculative execution.
Understand, LOL123, I'm just trying to speed things up by looking ahead to what the courts will make of these cases.
The courts will acknowledge that all of human endeavour is imperfect. They will know that many people once believed the earth to be at the centre of the universe and many people were all wrong.
The courts may nevertheless be unimpressed by a chipster claim in this case that "these things happen". Professionals are meant to be masters of the body of knowledge in their profession. Lawyers, for example. And chip designers.
Chip designers might be expected to know about the need for hiving off one process from another in a multi-tasking multi-user environment, a need identified no later than 1971 as noted. They might be expected to know that that's why the architecture is what it is. There's a kernel and there are outer rings with gradually lower and lower permissions. Since when? 1964, apparently.
"We know that boundaries between processes must be enforced for security reasons but when we provided a way to ignore those boundaries it never occurred to us that there could be security implications" is not a powerful defence.
The prosecutors will argue that there is no powerful defence. Any competent professional in the profession should definitively have known about the problem and understood it. In 1964. Or 1971. Or, at a pinch, 2003.
4 April 2003, to be precise, when Keir Fraser of University of Cambridge Computer Laboratory (CCL) and Fay Chang of Google Inc. published Operating System I/O Speculation: How two invocations are faster than one. Under the heading Safety, they say: "It is easy to ensure that speculative execution is safe because operating systems already severely restrict the ways in which different processes can affect one another. As a result, a system needs to restrict speculative processes in only three simple ways to ensure safety".
Chipster designers are academics, they know about university and industry research, they may even read it, that CCL/Google paper won't have been missed. And yet they failed to do the easy job. The defence is tottering by this stage. That's my pre-fetched take on the matter.
Talking of which, have you seen Exploiting the DRAM rowhammer bug to gain kernel privileges on Google's Project Zero site: "When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory"?
"... all of physical memory". Ouch.
That was published in March 2015. God but the prosecutors are going to have fun with the claim that the problem came as a total surprise to the chipsters yesterday.
The prosecutors can use the article I cite to show that there was a problem there back in 1971 at the latest well-known to all qualified computer scientists, of which the chipsters must employ hundreds if not thousands.
The chipsters' lawyers may well scoff and say "read the article, it says the problem can only be solved by software". The existence of the problem has nevertheless still been established.
The prosecutors can then quote any number of erudite sources headed by ElReg to the effect that the solutions to Spectre and Meltdown are now known to be partially or entirely hardware, the chipsters have a case to answer and the prosecutors reserve the right to bring charges against the purveyors of operating systems as well in the future.
... the great and much-missed Ronald Reagan's questions to his officials allegedly before testifying on Contragate ...
Similarly here, Meltdownwise and Spectrewise, what didn't Intel, AMD, ARM et al – "the chipsters" – know and when?
They're going to have a hard time proving to the courts that they had no idea that there was a problem unless they can prove that their chip designs are unchanged since before 1971, 47 years ago:
"Time-sharing was the first time that multiple processes, owned by different users, were running on a single machine, and these processes could interfere with one another. For example, one process might alter shared resources which another process relied on, such as a variable stored in memory. When only one user was using the system, this would result in possibly wrong output - but with multiple users, this might mean that other users got to see information they were not meant to see.
"To prevent this from happening, an operating system needed to enforce a set of policies that determined which privileges each process had. For example, the operating system might deny access to a certain variable by a certain process.
"The first international conference on computer security in London in 1971 was primarily driven by the time-sharing industry and its customers."
On average, Nigel, we "meet" once per decade and a pleasure it always is.
Has anyone ever calculated BGI (slide #24) or LRGI (slide #25) for the UK for any biometric mode or mode(s)? Were the ratios even greater than 1? Did they make the use of biometrics economic under any realistic assumed scenario?
Equal error rate is always around 17% in your presentations (slide ##11, 26, 27). Politicians, officials, journalists and normal people all imagine that EER is or should by now be microscopic – 17% is an elephant where we expect a virus. Do you agree that biometrics has failed grossly to live up to expectations? And that it is our job to make everyone realise that?
Messrs Possolo, Wayman and Mansfield argue that biometrics is not under statistical control and therefore not a science. Do you agree? If not, where is their mistake?
The House of Commons Science and Technology Committee reported on biometrics in March 2015. The police told the Committee that face recognition doesn't work and that no UK force uses it.
The police have tested the technology at the last two Notting Hill Carnivals. That is not the same as using it.
I hope that Norman Lamb understands that.
The lack of a strategy is a tacit acknowledgement of the fact that the technology doesn't work. That's good news. It might stop the Home Office and others wasting any more of our money on it.
Presumably Mr Lamb doesn't want an astrology strategy specifying the legal and ethical controls on horoscopes. No more should he want a biometrics strategy.
19 May 2016, the Cabinet Office published 'Data Science Ethical Framework' , a document which betrays not the slightest understanding of ethics, is ethics-free and provides no framework whatever, ethical or otherwise. This farrago was issued over Matt Hancock's signature and makes no contribution to the debate about disclosing personal information.
The CIA, among others, have looked into ethics and determined that there are lots of theories with just one common factor – do as you would be done by. Seems like a good starting point. Not mentioned by the Cabinet Office, who must have already forgotten care.data.
The only ethical theory mentioned in the UK in connection with public services is the ghastly utilitarianism, "that action is right which promotes the greatest happiness of the greatest number". Utilitarianism justifies the tyranny of the majority : "Lenin and Hitler were pious utilitarians, as were Stalin and Mao, as are most members of the Mafia". Avoid.
Meanwhile, the company notes, "water resistance has become a feature of many devices over the last 12-18 months, but this doesn't even make the top 10 of most important features when buying a new device".
Nothing changes, not even idiotic marketing ideas:
In the United States, the first successful, commercially produced ballpoint pen to replace the then-common fountain pen was introduced by Milton Reynolds in 1945. It used a tiny ball that rolled heavy, gelatin-consistency ink onto the paper. The Reynolds Pen was a primitive writing instrument marketed as 'The first pen to write underwater' ..."
You fail to mention the "think tanks" you set up, e.g. Tony Blair's Institute for Global Change:
• It is unfair to expect Google, Facebook et al to pay tax, we must be grateful if they just "make meaningful, global contributions in support of basic human rights and public goods".
• Tax funds public services and it is therefore the duty of the public to pay it, particularly on:
– carbon "where distributed ledger technologies could be used to provide verifiable information about a product’s lifetime greenhouse gas contribution at point of sale, which could make higher prices for carbon-intensive products more palatable";
– congestion "where ubiquitous mobile devices make it possible to imagine dynamic pricing for driving on congested roads, with a corresponding reduction in other motoring taxes"
– land values "where new computational techniques and big data make it possible to estimate the undeveloped value of plots of land"; and, of course
– sugar "where advances in medical research can help us better estimate the long-term health costs associated with excessive consumption, in order to nudge people to make healthier choices".
• Thai assistants for the many, "as a pragmatic step forward, governments should immediately give every citizen a personal account manager".
... Face ID is still fine for little things like authorising payments and granting access to secure areas and letting the surgeon into the operating theatre.
Only the British police could be so plodding as still to believe that "the technology is not yet at the maturity where it could be deployed" (para.95).
>As for banning or restricting it? Good luck.
>Already banned high strength nicotine to satisfy tobacco companies
>(to no effect) so what do you want to ban next,
>batteries, glycerol, food flavourings, cotton or wire?
Interesting. No one mentioned banning.
On 19 May 2017 you could buy 100ml of 7.2% nicotine in the UK for £14.95.
Next day the TPD came into effect and the maximum strength nicotine you could buy was 1.8%.
10ml of it cost £4.25.
Buck-for-buck, that's an 11.371X price increase.
The cost of regulation.
Benefit to the consumer?
Will Norman Lamb's committee recommend that that nonsense should be overturned?
You know that W=vi and that v=iR and so do I.
You assume that at 3.7v you can crank up the wattage to 14 and get resistance down to 0.98 ohms.
With some coils it'll work, with others it won't.
I don't care why.
You just have to buy coils rated for sub-ohm use or make your own.
That's the way the industry works.
In the main.
And I'm trying to point the debate onto the way things are, not the way they could be.
At the normal (I think it's normal?) 3.7v power that the original tests were conducted with ...
Not essential, but it's often useful to gather the facts before launching a polemic.
Voltage is not a measure of power.
We vapers tend to concentrate on resistance, measured in ohms, and not voltage.
Vaping is an example of exceptional, fast, competitive, technological innovation aimed at making money by satisfying demand. 63 years the child of the welfare state, the dynamism of an industry largely unfettered by regulation has been a joy to behold. It felt and still feels rather daring and fun to choose from among hundreds of tiny suppliers with no nanny there to help, just a bit of word of mouth, a limited high street presence of advisers/salesmen in shops and an avalanche of YouTube reviews and tutorials from all over the world.
The upshot is that we vapers choose the equipment and the liquids which taste best. This is revolutionary. In 45 years of smoking 40 Benson & Hedges a day, I never once said to myself "hmmm, this tastes good". With vaping, I judge by taste, for the first time, and I believe that other vapers do.
And what we find is that you get the best tastes by sub-ohming, i.e. using equipment with a resistance less than 1 ohm. That's just a fact.
We get more vapour/better taste by sub-ohming. We use more liquid as a result and we know to put less nicotine as a result. I was a very heavy smoker and I am a very heavy vaper. I am currently getting through about 12.71mg of nicotine a day. That's 64.70% down on the 36mg of nicotine I got from Benson & Hedges, since you ask.
And the 400mg of tar per day from Benson & Hedges? Down to zero. No tar in vaping.
The Royal College of Physicians estimate that vaping is about 5% as dangerous as smoking. The Department of Health recommend that vaping should not be covered by smoke-free legislation. The British Medical Journal report that high smoking cessation rates are correlated with increased vaping. The International Journal of Environmental Research and Public Health report that young people who have never smoked do not tend to become habitual vapers.
All of which suggests that there's something there worth advertising.
You say: "The Government, well several of it's MP's, received a lovely sum from the e-cig lobbyists a few years ago which resulted in the Government allowing e-cigarettes to be advertised ...". How many is "several"? How much is "lovely"? How many is "a few"? Answers, please.
No it's not HMRC's fail. They've successfully used the Government Gateway for about 17 years now. They don't need GOV.UK Verify (RIP).
It's GDS's fail. GOV.UK Verify (RIP) offers HMRC nothing – 60% of attempts by the public to use it fail and it can't handle companies and partnerships and trusts, both of which would make it hard to collect tax.
The UK Government's identity assurance scheme, GOV.UK Verify (RIP), has contracts with seven "identity providers" whose job it is to verify our identity.
Equifax's business activity is currently interrupted.
Without Equifax, those three "identity providers" can't do their job. GOV.UK Verify (RIP) can't work.
There has been no comment yet from the Government Digital Service. There never is. GOV.UK Verify? RIP.
Biometrics based on facial recognition doesn't work. Not at the mass consumer scale.
Given which, it is bizarre to berate the Home Office, as ElReg do, for not having a facial recognition biometrics strategy. You might as well demand a horoscope strategy.
Given which, there is no civil liberties problem here. Our civil liberties can't be infringed by a technology that doesn't work.
Both our location and the network of people we contact and who contact us are available to the police from mobile phone records. That's more of an issue. As is the failure of the UK Home Office to obey the law. But facial recognition biometrics? No. The only questions there are why are the police wasting their time and our money.
Mockery is the best response. To throw up your hands in horror at the infringement of civil liberties is to help the biometrics salesmen to make their case.
More amused mockery, please.
Some companies, such as Maersk, did direct business with Ukraine, which would explain how the malware got on its system, the F-Secure man added. "However, one victim we spoke to had no ties to the Ukraine at all, so it is a mystery as to how they got infected. Its spread via VPN is one possibility."
Early 2012, and Aadhaar is threatened with termination. UIDAI saves the project by publishing two papers on the reliability of the mass consumer biometrics technology used by Aadhaar:
The claimed biometric failure to enrol rate was 0.14%. The claimed false positive identification rate was 0.057%. The claimed false negative identification rate was 0.035%.
Such figures were and still are several orders of magnitude better than anyone had or has ever achieved for mass consumer biometrics.
How did UIDAI claim that Aadhaar would achieve them with a population of 1.2 billion people? Answer, by ditching biometrics based on face recognition, adopting flat print fingerprints and irisprints combined to form a single multi-modal biometric and by using three competing matching algorithms. Any other approach, UIDAI said, was doomed to "catastrophic failure".
Five years later, have UIDAI achieved those impressive performance figures? An independent audit is required.
If they have, will the suppliers of the biometrics systems in use warrant their performance? If not, why not?
If they have, then the UK Home Office must explain why it continues to embrace "catastrophic failure". (The Home Office continue to fund face recognition, they no longer fund irisprints and they do not use competing matching algorithms.) And the UK Home Office must follow India by publishing its own performance statistics.
If UIDAI have failed to deliver, five years later, then Aadhaar will once again be in danger. So will every other government-backed mass consumer biometrics project in the world.
Government Digital Service
Government Technology blog
22 May 2015
The Technology Leaders met last month and took a collective decision to not extend the support arrangement for 2015. The current support agreement ended in April 2015.
... where the true masters of AI are even now using software to classify user feedback, please see Using machine learning to classify user comments on GOV.UK.
What does that involve?
They look at three features of the user feedback. That helps to classify it. With 88% accuracy in the case of one class.
And what are those three features?
Answer, "the ratio of upper case characters to total characters, the total number of characters entered in the text box, and the ratio of exclamation marks to the total number of characters".
Earlier, in Understanding more from user feedback, GDS said "this approach can also be used to tackle a range of text analysis challenges ... such as quickly understanding policy consultation responses".
No more AI scepticism, please.
It's not the money. Prof Weerakkody's paper is all about the ignorance and prejudice of the project participants. That's what sank DEFRA's Basic Payment Scheme and DWP's Universal Credit. Both projects have burned their way through eye-wateringly gigantic piles of money. There was no lack of it, it's not the wallets that were "glued shut", it was the minds of the participants. That could usefully be reflected in a more accurate headline.
... where, out of 12 "identity providers", there are just seven left, of which two ask us Brits to download viruses ("apps") onto our mobile phones.
With Digidentity, it's optional.
With Morpho, it's mandatory. The app permissions comprise:
But don't go worrying about your privacy.
1. read phone status and identity
2. take pictures and videos
3. find accounts on the device
4. use accounts on the device
5. connect and disconnect from Wi-Fi
6. full network access
7. receive data from Internet
8. view network connections
9. view Wi-Fi connections
10. prevent phone from sleeping
11. modify system settings
"This is is only the second time that British cops have openly trialled live automated facial recognition (AFR) systems in the UK ... Last year, Leicestershire Police also trialled AFR at Download Festival ..."
Airport security isn't the only use for face-recognition software: it has been put through its paces in other settings, too. One example is "face in the crowd" on-street surveillance, made notorious by a trial in the London Borough of Newham. Since 1998, some of the borough's CCTV cameras have been feeding images to a face-recognition system supplied by Visionics, and Newham has been cited by the company as a success and a vision of the future of policing. But in June this year, the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest.
Worrying about this technology working only encourages the police to spend our money on it. Better to laugh at them for falling for the salesmen's patter.
You may be right about these unnamed companies but GDS are meant to be different. They're meant to have the digital future coursing through their veins. They speak it like a native. Others may make a mistake digitalwise but GDS can't, almost by definition. GDS are in Whitehall, where no-one understands the first thing about digitisation according to the current and previous executive directors of GDS, precisely because they know everything about it. And they don't wear suits.
I'm pleased to hear that there are counter-examples. But most people get no notification. We await GDS's GOV.UK Notify.
We await also their GOV.UK Verify (RIP), which is supposed to provide adequate proof that we are who we claim to be. Which is what the EROs need.
Of course, if GOV.UK Verify (RIP) worked, we wouldn't need the EROs. We wouldn't even need to register to vote. GDS could decide our entitlement to vote for us using attribute exchange and all the non-existent open data registers which support the non-existent GaaP, government as a platform.
All we would need to do is vote.
Or would we? Could GDS use data science to work out for us what we should vote?
Soon we won't be needed at all. GDS can cater to all our user needs.
There was a major campaign to get people to register to vote. When they tried to register to vote, that was unexpected. Or unprecedented, according to GDS.
Just how unexpected or unprecedented?
Cast your mind back to 21 April 2015 and the BBC's More people register to vote 'than ever before':
A record-breaking 469,000 people registered to vote online in one day for the 2015 general election - as the deadline closed on 20 April.
GDS's apply-to-register-to-vote platform is not communicative. You submit your application. And you wait. Some applications will be successful, i.e. the Electoral Registration Officer adds you to the electoral roll. And some will fail. You don't find out you've failed until you find out you can't vote.
Prediction: more newspaper headlines about all the people, whose applications have failed, being silently disenfranchised, followed by Oliver Letwin explaining that that's inevitable.
The GOV.UK Performance platform tells us that HMRC conducts about 420 million PAYE transactions p.a. That's mainly companies submitting their PAYE returns. Submitting them over the Government Gateway.
Check p.6 of the Red Book and you'll find that HMRC expect to raise £182 billion in income tax in 2016-17 from this source and £126 billion in NI. Most of the £138 billion of VAT depends on returns submitted over the Government Gateway, as does the £43 billion of corporation tax.
Take away the Government Gateway and our public services will be unfunded.
The question is, how will HMRC replace the Government Gateway?
HMRC have been in the digital business for decades. Unlike some people we could mention. Will they replace the Government Gateway with GOV.UK Verify (RIP)?
GOV.UK Verify (RIP) doesn't "know" what a company is. Or a partnership. Or a trust. It's not the obvious choice.
GOV.UK Verify (RIP) operates an identity hub, which connects people and relying parties like HMRC. That could perhaps provide a transport layer for tax returns. But it's not the only option. Just as well, given the questions about the security of the GOV.UK Verify (RIP) identity hub.
Individuals and legal persons have used the Government Gateway for 15 years now. That requires submitting a modest amount of personal information to HMRC and other relying parties to identify us. In the main, that personal information stays with the relevant government department.
You might hope that any replacement for the Government Gateway would be similarly careful with our personal information ...
... in which case, that rules out GOV.UK Verify (RIP) which requires us to reveal colossal amounts of personal information to large numbers of private sector organisations in the UK and abroad.
It has been suggested that these two organisations have only signed an MOU because they read in the papers that major companies do that sort of thing. Having a charter sounds quite important. Also, doing things internationally.
In fact, the MOU isn't just attitudinising. Its consequences will be quite practical. We could, for example, one day, have an Australian chief executive of GDS here in the UK.
Looking further into the future, it is conceivable that our two countries share a common language and even collaborate over a resilient international telecommunications network.
Of course there may be friction. Which MOU wins if there is a conflict between the Australian MOU and the Korean one engineered by Mr Maxwell in 2013? But then of course that's why we retain a seat on the UN Security Council.
... and a hurricane promptly tears through the Caribbean.
Verizon is a certified "identity provider" working for the UK's identity assurance scheme, GOV.UK Verify (RIP).
Guess what happened today.
Verizon's name disappeared from the Government Digital Service's list of "identity providers" we Brits can sign up with.
Biting the hand that feeds IT © 1998–2018