Wednesday 28 May 2014

David Gauke MP and the UK's tax revolution 2


This is turning into a slow-motion political train wreck,
with the care.data scandal
and the revelation
that the hospital episode statistics data sold to numerous companies
contained patient postcodes and dates of birth,
so the anonymity claims were simply false.

UK government departments and their agents store reams of personal information about us. They have to, to do their job.

That data is kept confidential. There are certain uses to which it can legitimately be put. Beyond that – verboten.

There are always poachers circling the game reserve. Most recently, it was Stephan Shakespeare. Then Tim Kelsey. And then David Gauke.

They all want to make more personal data available to researchers or entrepreneurs, to improve policy-making, to improve administration, to stimulate growth in the economy or to make medical break-throughs.

It is questionable whether any of those objectives would be achieved.

Stephan Shakespeare
An Independent Review of Public Sector Information
May 2013

Recommendation 2

...

Detail:

i) We should define 'National Core Reference Data' as the most important data held by each government department and other publicly funded bodies ...

ii) Every government department and other publicly funded bodies should make an immediate commitment to publish their Core Reference Data ...

iii) Alongside this high-quality core data, departments and other public sector bodies should commit to publishing all their datasets (in anonymised form) ...

(pp.11-2)

----------

Tim Kelsey
Long live the database state
July 2009

If the next government, of whichever party, wants a better public sector it must encourage more use of personal data; not less. What should be done? Data sharing must be made easier, first by removing the legislative obstacles to sharing government databases. The government should also pledge to publish as much new anonymised data as possible ...

----------

David Gauke
HM Revenue & Customs
Sharing and publishing data for public benefit – Consultation document
July 2013

Q3 Do you agree that HMRC should be able to share anonymised individual level data for the purposes of research and analysis to deliver public benefits wider than HMRC’s own functions? Please give reasons for your answer.

Q4 Do you agree with the proposed safeguards on the proposal to share anonymised individual level data? Should any further controls be considered on what can be shared, with whom or how?

Q5 How should the generation and release of anonymised or aggregated data be funded? Please give reasons for your answer.

(p.27)
Even if the case for releasing more personal data could be made, there remains the problem of privacy/confidentiality. And Messrs Shakespeare, Kelsey and Gauke all offer the same safeguard – anonymisation.

If the research data is anonymised, then people can't be identified, so their privacy isn't breached, no confidence has been broken. True? Or false? Does anonymisation work? Is your privacy safeguarded by it?

The answer isn't clear.

Messrs Shakespeare and Gauke both recognise that it isn't easy to anonymise people's personal data. You can remove all sorts of details from a file of research data in the name of anonymisation, and yet the data subject can still be identified by cross-referencing what's left against other files.

They both cite work done by the Administrative Data Taskforce to improve the reliability of anonymisation. Mr Shakespeare tells us that the Information Commissioner's Office is working on the same problem and so is the Office for National Statistics.

But are they getting anywhere? Or can your identity still be deduced by cross-referring anonymised data against other files?

Professor Martyn Thomas sounded a note of caution when he gave evidence to the House of Commons Science and Technology Committee a year ago on 5 June 2013. "Anonymised research data" is an oxymoron, he said. If the data has really been anonymised, then it's no use for research and if it is useful for research, then it can't have been anonymised.

Then last month, on 4 April 2014, Professor Ross Anderson gave a lecture to the Open Data Institute (ODI) entitled Why anonymity fails. The ODI are obviously convinced by his arguments and describe the current travails of Tim Kelsey's care.data as a "slow-motion political train wreck".

So does anonymisation work or doesn't it?

Article 29 of the European data protection directive (95/46/EC) establishes a working party to monitor and update the directive. They published an opinion on 10 April 2014 (hat tip: Pinsent Masons).

Yes, anonymisation does work, says the working party ...
The Opinion concludes that anonymisation techniques can provide privacy guarantees and may be used to generate efficient anonymisation processes ...
... although it's still risky ...
Finally, data controllers should consider that an anonymised dataset can still present residual risks to data subjects.
... and even if it does work at one point, it can stop working later:
... anonymisation should not be regarded as a one-off exercise and the attending risks should be reassessed regularly by data controllers.
No doubt the Administrative Data Taskforce, the Information Commissioner's Office and the Office for National Statistics have done all sorts of good work. Nevertheless, when you hear the gung-ho Messrs Shakespeare, Kelsey and Gauke or anyone else assuring us that our anonymised personal data can be safely released for research without identifying us, unless you enjoy train crashes it's best to listen sceptically.

David Gauke MP and the UK's tax revolution 2


This is turning into a slow-motion political train wreck,
with the care.data scandal
and the revelation
that the hospital episode statistics data sold to numerous companies
contained patient postcodes and dates of birth,
so the anonymity claims were simply false.

UK government departments and their agents store reams of personal information about us. They have to, to do their job.

That data is kept confidential. There are certain uses to which it can legitimately be put. Beyond that – verboten.

There are always poachers circling the game reserve. Most recently, it was Stephan Shakespeare. Then Tim Kelsey. And then David Gauke.

They all want to make more personal data available to researchers or entrepreneurs, to improve policy-making, to improve administration, to stimulate growth in the economy or to make medical break-throughs.

It is questionable whether any of those objectives would be achieved.

Sunday 25 May 2014

The non-existent personal-data control-shift

DMossEsq's millions of readers may have got the wrong impression of Ctrl-Shift – "The opportunities for organisations arising from a new personal information economy are game changing. Ctrl-Shift is the world’s leading market analyst and consulting business helping organisations to capitalise on these opportunities".

Control shift
Ctrl-Shift have the Department for Business Innovation and Skills (BIS) as a client, among others.

They have an encyclopaedic knowledge of the apps market: "Tallyzoo, a service dedicated to self monitoring, allows users to measure anything from their caffeine intake to the number of times they cut their grass".

They have a social scientist's grasp of psychology: "There is further investment in the quantified self space as Canadian company Retrofit announces $8 million in new funding ...".

They have an admirably unquenchable belief that they are expert in modern marketing techniques: "Users collect data using a mobile device or website program which creates interactive flashbased graphs enabling them to spot trends and patterns in their consumption habits, work, health and fitness goals".

And they promote economic theories which DMossEsq has been unkind enough to label "mooncalf economics" but perhaps it's better simply to refer to them as hypothetical: "Ctrl-Shift’s research finds that the market for these new streams of information [caffeine intake, mowing the lawn, that kind of thing] could grow to be worth £20bn in the UK over the next ten years".

But their output isn't all ditzy. Sometimes Ctrl-Shift write something recognisably tethered to the planet. To wit, Trust frameworks: harnessing trust in an information economy.

Trust frameworks
They are addressing the concerns raised about massive data-sharing. The sort of data-sharing that Francis "JFDI" Maude is promoting and Stephan Shakespeare and Tim Kelsey. The sort of data-sharing that supports Google, Facebook and others in a lavish life-style. The sort of data-sharing that destroys privacy and which can lead to identity fraud.

People don't like it. We put up with it. Sometimes there's no alternative – if you want to buy an airline ticket you just have to hand over your passport number. Sometimes we even connive in it, not least because Google and Facebook, for example, are "free" as far as most of us are concerned. But we don't like it.

Better, Ctrl-Shift say, if the trade in personal data was conducted within "trust frameworks" where we could all keep our personal data under our control.

With their characteristic candour, Ctrl-Shift open the main body of their report by saying: "There are no agreed definitions of what a Trust Framework is or does". Trust frameworks, they say, are a bit like "Kitemarks, Codes of Practice and Standards".

The governing body of a trust framework needs to be able to enforce the code of practice that participants subscribe to. But how? Ctrl-Shift identify the problems. Among others, the failure of the Data Protection Act: "Interestingly none of the frameworks Ctrl-Shift has looked at so far base their enforcement/compliance measures on existing data protection regulations". But no solutions.

Enforcement costs money. How is it to be paid for? Everything is still up in the air. The best Ctrl-Shift can say is that "as the market develops we would expect to see a wider variety of commercial models being developed and deployed".

And that's it. For the moment, according to Ctrl-Shift, there are no effective trust frameworks to contain the trade in personal data. They remain undefined, the basis for enforcement is unknown and there's no settled way to pay for them. There's no reliable button to press, box to tick, handle to turn ... and out pops trust.

Mydex
All of which must come as a shock to Ctrl-Shift's sister company, Mydex: "Our mission is to empower individuals, to give them personal control over their personal data".

How can Mydex grant people control over their personal data? Through a trust framework. That's what they say: "The Mydex Trust Framework is a set of legal and technical rules by which members of a network agree to operate in order to achieve trust online".

And how can Mydex enforce the "set of legal and technical rules by which members of a network agree to operate"? They don't say.

Because they can't? That's the inference. Which undermines trust in Mydex's claim. The very trust the framework is meant to create.

Mydex is a member of tScheme, "the independent, industry-led, self-regulatory scheme set up to create strict assessment criteria, against which it will approve Trust Services", and they sometimes give the impression that they have been certified trustworthy by tScheme, see for example midata – the service you can trust and RIP IDA – JFDI and the Black Pencil. But they haven't been certified. They haven't even applied for certification.

That undermines trust not only in Mydex but also in midata, a BIS initiative which depends on Mydex. And it undermines trust in the Government Digital Service's identity assurance programme (IDA), which also depends on Mydex, as a so-called "identity provider".

This "empowerment" that Mydex are offering to "individuals". It's based on trust which doesn't exist. And it's based on enforcement that doesn't exist. So the empowerment doesn't exist. So the midata prospectus is a false prospectus and so is the IDA prospectus.

Some of us have been trying to tell Mydex that for years. The control shift Mydex offer is not in their gift and can't be delivered. Now Ctrl-Shift are telling them as well.

----------

Updated 28 May 2014

DMossEsq's copy of Ctrl-Shift's weekly Market Watch turned up yesterday. Always entertaining, you are enjoined to sign up for it.

Marketing experts vie with each other to devise the most guru-like epigram.

The competition is usually won by Peter Vander Auwera. Talking of the ocean of data now available, he once assured us that:
We are a species from the land that have to learn to live in the ocean. Like camels that used to live in the desert, that now have to survive in the ocean ...
There is a new contender, though, Hugo Pinto, who came up with this at Ctrl-Shift's recent Personal Information Economy summit:
The value exchange is the trust serum of the data driven economy.
Think about it.

Anyway, this is what Market Watch had on the menu yesterday:
  • Google acquires Divide, an app that separates personal and professional data on your phone - IBNLive
  • Banks trump government on public trust over personal data | Guardian Professional
  • Call for ‘privacy charter’ to protect personal data online - Computing
  • Your banker wants to know if you are pregnant - Forbes
  • Facebook in new privacy push - The Telegraph
  • Internet ‘Do Not Track’ system is in shatters - Computerworld
  • Looking for opportunity in smart devices? Start with the user - Forbes
  • Reading privacy policies lowers trust - Science Daily
  • The Internet of you - MIT Technology Review
  • Why companies should compete for your privacy - Harvard Business School
Note that third item, the call for a "privacy charter" to protect personal data on-line. We're still having to call for such a charter. It doesn't exist. This is serious. There is no trust framework for the personal information economy. As everyone including Ctrl-Shift keeps trying to tell Mydex.

Updated 9.6.14

The venue for the unveiling of Ctrl-Shift's report has at last been announced – KPMG, 15 Canada Square London E14 5GL, 9:00-16:15.

What will the bigwigs of KPMG, HRG, Atkins, Aurora, Bank of America, Lloyds, Barclays and NIST make of it?

Remember, "value exchange is the trust serum of the data driven economy", see above.

And what will they make of the Government Digital Service's 10-minute presentation on IDA, the non-existent identity assurance service?


Updated 12.8.14

The 7 August 2014 copy of Ctrl-Shift News arrives and this time it includes an interview with David Alexander, the CEO of Mydex.

Ctrl-Shift and Mydex are closely associated companies. David Alexander is pretty well interviewing himself. Not that you'd know it from the text.

Mydex is a new sort of company, he tells us, a community interest company (CIC), where individuals become the centre of the circles in which data about them moves, under their control. Actually, if you look at some of Mr Alexander's other presentations, what you see is Mydex at the centre, not the individual, but let that pass for the moment.

How do Mydex claim to empower individuals in this way? According to Mr Alexander, by providing a platform and a trust framework:
The CIC structure was the only way it could work from what we could see, it was all about Trust, everyone had to trust the platform, individuals and organisations. It had to take itself out of the game and create the place where it could all happen safely and securely. We felt this would create a halo of trust for the individual and everyone involved.
A "halo of trust"? He really should talk to Ctrl-Shift about that. There are no trust frameworks. That's what Ctrl-Shift said, see above. And certainly no halos of trust. And so there is no empowerment on offer.

It's not just Ctrl-Shift who believe that there's no such thing as a trust framework. Take a look at this:
Handing over competition sensitive, Personally Identifiable Information (PII), or related Intellectual Property information to a Cloud Provider is indeed an exercise in extreme trust without the ability to independently verify Cloud Provider coherence to purported security guarantees, controls, and associated contracts.

In 2014, in light of the CSA [the Cloud Security Alliance] assessment and analysis of threats to Cloud Providers [The Notorious Nine: Cloud Computing Top Threats in 2013], as well as governments’ perceived nefarious interactions with the telecommunications and data storage, social media, and search industries [see Edward Snowden passim]; it has become evident that blind trust in the service provider is a doomed strategy.
That's an extract from Cloud Insecurity and True Accountability, a primer for CIOs on Guardtime and Keyless Signature Infrastructure (KSI) for Attributed Networking written by Matthew C. Johnson, CTO of Guardtime.

Guardtime believe that "blind trust ... is a doomed strategy". Trust in your cloud services provider and all the related businesses involved in cloud computing can never be earned or awarded. So stop pretending that it can, they say, forget it. Instead, the best you can do is to use their keyless signature infrastructure products so that you and your suppliers will know that security has been breached – then you can try to do something about it.

Guardtime is an Estonian company. And, as we know, Estonia is our future.

Guardtime's products are being promoted by a consultancy called Rainmaker.

And Rainmaker, in turn, is being promoted by Chris Chant on the G-Cloud Twitter account:


Chris, of course, is the only begetter of G-Cloud, the UK government cloud initiative, and even though now retired, he keeps his hand in. The new head of G-Cloud, Tony Singleton, seems to be happy for Chris to promote Guardtime on @G_Cloud_UK and we must assume, therefore, that he supports the idea – the pursuit of trust frameworks is a wild goose chase, whether we're talking about G-Cloud, the PSN (public services network), IDA (the identity assurance service RIP), Mydex or midata.

David Alexander needs to think again. His halo is slipping.


Updated 12.11.14

Armed with his halo of trust, David Alexander, the CEO of Mydex CIC, accepted the invitation from the Open Data Institute (ODI) to write a guest post on the ODI's blog, Open data and personal data, context and consent.

The ODI want to make open data available to everyone, willy-nilly, whereas Mydex is committed to empowering people so that they can share their personal data with no-one except where they have freely given their informed consent.

So what contribution if any do the ODI and Mydex make to each other?

Mr Alexander argues that open data provides the context without which personal data has little meaning: "it's in the interaction with personal data that you often get the best out of open data – they are inextricably linked".

Can open data and personal data be "inextricably linked" without disempowering individuals? Can the halo of trust be kept in place?

Yes, says Mr Alexander:
This personal empowerment can be utterly transformative in public service provision and many other contexts. Equipped with their own personal data store, an individual is able to provide informed consent and share their data with whom they choose, safely and securely, under a legal and technically robust trust framework. And for service providers and developers the interchange can help drive insight, reduce costs, improve data accuracy and build better engagement over time.
But as his close colleagues at Ctrl-Shift can tell him, there is no such thing as a "legal and technically robust trust framework".

So no.


Updated 14.11.14

Probably about time to look at an example of a putative trust framework.

"Today we’re publishing two posts that explain what we’re doing to protect users' privacy when they use GOV.UK Verify", said the lovely Janet Hughes the other day.

One of those posts is How the GOV.UK Verify technical architecture protects users’ privacy, and why it’s appropriate. It promises much but the response to the questions raised in the Comments section is disappointing. Anyone asking how the technical architecture of GOV.UK Verify (previously IDA, GDS's identity assurance scheme) protects users' privacy is told that this is the wrong place to answer.

The other post is Protecting privacy in GOV.UK Verify where we are reminded by one of its members that the hard-working and independent Privacy and Consumer Advisory Group (PCAG) published its first draft identity assurance principles back in June 2013. Nothing much has been heard about them since then.

PCAG have now published an update, version 3.1, in which they set out their trust and control and anti-fraud and security objectives and say:
To deliver these objectives there has to be a framework that gives real meaning to terms such as “individual privacy” and “individual control”. Such a framework is set out in the nine Identity Assurance Principles contained in this document: these Principles have been developed by the independent Privacy and Consumer Advisory Group (PCAG), including open public consultation on earlier working drafts.
So here at last is our example of a trust framework. In summary, it looks like this:
Identity Assurance Principle
Summary of the control afforded to an individual
1. User Control
I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them
2. Transparency
Identity assurance can only take place in ways I understand and when I am fully informed
3. Multiplicity
I can use and choose as many different identifiers or identity providers as I want to
4. Data Minimisation
My interactions only use the minimum data necessary to meet my needs
5. Data Quality
I choose when to update my records
6. Service User Access and Portability
I have to be provided with copies of all of my data on request; I can move / remove my data whenever I want
7. Certification
I can have confidence in the Identity Assurance Service because all the participants have to be certified against common governance requirements
8. Dispute Resolution
If I have a dispute, I can go to an independent Third Party for a resolution
9. Exceptional Circumstances
I know that any exception has to be approved by Parliament and is subject to independent scrutiny
Ctrl-Shift predict that this framework can't work, remember – there's no way to enforce it and no money to pay for it even if enforcement was possible.

Are Ctrl-Shift right?
  • Anyone signing up to GOV.UK Verify can have no idea whether exceptions to the principles need to be approved by Parliament (#9).
  • There is no privacy ombudsman and so #8 is being flouted.
  • #7 is an odd one. The fact that governance requirements might be common to all participants is not the point. The requirements need to be confidence-inspiring, not common. They might be common but fail to protect privacy. And the certification authority needs to be independent – there are were some probably unfounded doubts about the independence of tScheme.
  • GDS have made no statement about portability or deletion (#6) ...
  • ... nor about updating your records (#5).
  • What is the minimum amount of data necessary for your interactions with public services? Who decided that? No-one's told you, have they (#4).
  • The more "identity providers" you use, the more it costs GDS. They are already trying to limit your choice. Budget constraints don't disappear by magic (#3).
  • Take a look at the video presentation of the Post Office's registration process for GOV.UK Verify. No attempt whatever is made to explain to the user what they are giving their permission for. The user can't understand and is not fully informed. What's more, their consent is not given freely. What choice is there? Either grant consent like a blank cheque or withhold it and go without benefits (#2).
  • Having once given your consent, what control do you have over the way your data is used? To judge by the presentation, none. It may be shared with anyone (#1).
Yes, Ctrl-Shift are right.


Updated 19.11.14

What does diplomacy look like?

The author of Protecting privacy in GOV.UK Verify referred to above has just published a thoughtful and authoritative reflection on Privacy Seals and Privacy Snake Oil.

"One of the constant problems of privacy is knowing who to trust with your data", he says, "... it's only a matter of time before some bright spark suggests 'maybe we could have a privacy seal to prove we're trustworthy?' ... The problem is, it just doesn't work".

"There are a number of privacy seal schemes out there, but the majority are US-centric", he goes on, "... there are some significant potential downsides to privacy seals ... Firstly, the scheme can only be as good as its underlying standards ... Secondly, the schemes use different approaches to certification. [Some] are ... independently assessed by experts .., whereas the entry point for many other schemes is self-certification ... Thirdly ... is the ability of schemes to monitor and police their members. If you are a scheme operator, dependent upon your members for your income, then the last thing you want to do is to suspend a high-profile member ... or to strike off a member for proven poor privacy practices".

He barely mentions the UK, except to point out that "the [Federal Trade Commission] takes this stuff seriously, and has enforcement powers beyond the UK [Information Commissioner's Office]'s wildest dreams". And he doesn't mention the Government Digital Service once. Nor their identity assurance programme (IDA) and GOV.UK Verify. Nor tScheme. Nor even snake oil.


Updated 15.2.15

February 2015, and Mydex have delivered themselves of another white paper in their series of sales literature, this time The opportunity of attribute exchange – Your data, your way.

Personal data stores (PDSs) are still the answer, whatever the question. Mydex continue to offer security on the web when everyone knows that that is not available. And they continue to promote their trust framework when even their cousins Control-Shift can tell them that there is no such thing. There has been only one change – the halo of trust has become a ladder:
Evidence is accumulated from each organisation that connects to an individual’s PDS. This builds up a 'proof of claim', a trusted confirmation of a fact about themselves or their lives. They can gradually 'climb up a ladder' of trust and certainty about their identity online reaching a higher and higher level of identity assurance. (p.8)
Mydex's claim in this white paper is that everyone would benefit if we individuals maintained a collection of digital certificates in our PDSs, issued by the relevant authorities, certifying that we have certain attributes.

We might for example need confirmation issued by the Department for Work and Pensions that we are on Income Support in order to prove our entitlement to free National Health Service prescriptions. In this example, DWP would issue a digital IsOnIncomeSupport certificate which you would store in your PDS and which a pharmacy could access to check that you don't have to pay for your prescriptions.

That all seems very convenient. No sending photocopies through the post, no hanging on the telephone waiting for the call centre to answer, just a single port of call, a single source of truth – the Mydex PDS – and you're out of the shop, armed with your antibiotics, having paid nothing.

How does the pharmacist know that the certificate was issued by DWP? Or that it was issued to you? How does Mydex know that this is a pharmacist making the enquiry? How does the pharmacist know that that's Mydex on the other end of the enquiry and not a spoof site?

There may be answers to these questions. Mydex don't tell us what they are. We must just leave those sales questions hanging for the moment.

There is one question we can pursue a bit further.

Your situation may change. You may be on Income Support one month but off it the next. And then back on, a few months later. DWP must, in Mydex's world, issue a new digital certificate each time and revoke the previous one – IsOnIncomeSupport as at February 2015 may have to be revoked and replaced with IsNotOnIncomeSupport as at March 2015.

But will IsOnIncomeSupport be replaced in your PDS? That's up to you, according to Mydex:
If the connecting organisation or the individual, changes a piece of information, this gets automatically updated in the individual's PDS, based on their preferences and consent. (p.11)
That's no good to the pharmacist. Just because there's an IsOnIncomeSupport certificate in your PDS doesn't prove that you're entitled to free drugs. The certificate may have been revoked by DWP since it was issued because your circumstances have changed. But you may have withheld consent to update your PDS.

So the pharmacist needs to seek confirmation from DWP themselves. Your PDS isn't good enough and drops out of the attribute exchange procedure.

Either that, or the revoked certificate is removed from your PDS whether you consent or not – the data in your PDS isn't under your control. Whereas Mydex say it is. They can't have it both ways.


Updated 17.2.15

The video has been published now of highlights of the debate about attribute exchange hosted on 4 February 2015 by theInformationDaily.com and sponsored by Mydex. Apparently, Attribute exchange could unlock billions of public sector savings.

No case is made to support this contention.

At 17'11" David Alexander, the CEO of Mydex, the sponsors, asserts that attribute exchange will cause transaction costs to drop by anywhere between 45% and 95%.

But what is included in "transaction costs"? Who will be made redundant to pay for the rosy future he paints of "improved social outcomes" and "streamlined public services" all "under your control"?

He doesn't say. Viewers have no idea as a result how these billions of savings are to be "unlocked".

Once again, the basis of control over people's personal information such that we can give our informed consent to share data, or alternatively withhold our permission, is supposed to be the Mydex trust framework.

And once again, the warnings of Mydex's sister company Ctrl-Shift to the effect that there is no such thing as a trust framework are ignored. The claim that Mydex can grant you control over your personal data once it's in a personal data store is false. It is not in Mydex's power to grant.

The assembled company were all confident that the Government Digital Service's identity assurance scheme, GOV.UK Verify, works:
  • Why? To what extent has it been tested that GOV.UK Verify proves that you are who you say you are on-line?
  • How is GOV.UK Verify proof against hacking in a way that no other on-line system seems to be?
  • How can it be sensible to rely on a single GOV.UK Verify credential to open access to all the on-line services you use?
  • Who is liable when GOV.UK Verify security is breached and your bank account is emptied or your benefits are paid to someone else?
  • What happens to the millions of people who can't register with GOV.UK Verify? What's to stop them just becoming excluded by default from public services?
No answers were given during the debate. But then the questions weren't asked. Where does the confidence come from?

A number of participants in the debate referred to "single customer records" and "personal data stores". To a certain bureaucratic mentality it is obviously attractive to have everything in one place. All your attributes, represented by digital certificates, stored in one record.

But attributes change, digital certificates are revoked and new ones issued to replace them.

If users have control over their data, they can withhold permission to update their personal data store when a certificate is revoked. Which means that the service provider can't rely on the personal data store or single customer record being up to date.

Service providers have to go back to the original certification authority to check whether a certificate has been revoked to be sure about your attributes. The "single source of truth" is a will o' the wisp. Stop chasing it.


Updated 17.5.17

As the millions of DMossEsq's readers know, Ctrl-Shift and its sister company, Mydex, want us all to store our personal information in personal data stores (PDSs), where apps can process it and advise us how best to live our lives.

The millions also know that Ctrl-Shift/Mydex promise everyone that PDSs will allow us to control access to our personal information.


"Our personal data is being manipulated for political gain – we need to take control of it", said a scandalised Liz Brandt in the Daily Telegraph newspaper yesterday.

Ms Brandt is the chief executive officer of Ctrl-Shift and she is horrified that a company called Cambridge Analytica is hired by administrations all over the world to try to influence people's opinion.


It's not clear why she's so upset. Ctrl-Shift and Mydex are in the same business of trying to influence people.

"While the likes of Facebook are doing their best to fight fake news", says Ms Brandt, "social media sites should be forced to gain users' explicit consent for the types of data they collect and share, as well as who they intend to share it with and why".

That rather lets the cat out of the bag.

Keeping control of your personal information requires a lot more than a PDS. The control that Ctrl-Shift and Mydex offer is not in their gift.

Facebook is normally regarded as one of the plunderers of personal information. For example, it is only yesterday that the Dutch data protection authority published a paper on how Facebook violates the law. Actually it's not just the Dutch but the French, the Spanish, the Germans and the Belgians, too.

That's how Facebook makes its billions. By taking people's personal information and selling it to advertisers and anyone else who will pay for it. There's no mystery. Everyone knows that and yet there's Ms Brandt trying to distinguish good Facebook ("doing their best to fight fake news") from bad social media (who "should be forced to gain users' explicit consent ..."). Ctrl-Shift even quote Facebook approvingly on the home page of their website.


Mercifully the Dutch, the French, the Spanish, the Germans and the Belgians are having none of that but what's got into Ctrl-Shift and Mydex? Is this a case of if-you-can't-beat-'em-join-'em?

Ctrl-Shift and Mydex are not quite alone. The Government Digital Service (GDS) also regard Facebook as the solution. Unlike the Dutch, the French, the Spanish, the Germans and the Belgians, who regard Facebook as the problem.

Trust and privacy: learning from business, said James Stewart of GDS, "Stephen Deadman, Deputy Global Chief Privacy Officer at Facebook, welcomed us for a talk and Q&A ... Having come across the work Stephen’s team are doing to explore attitudes and opportunities around privacy, I was keen to explore what government can learn from their work". Mr Stewart has subsequently left GDS – next time, take a longer spoon.

GDS are famously unreliable when it comes to the control of personal information. Now Ctrl-Shift and Mydex are, too.

The non-existent personal-data control-shift

DMossEsq's millions of readers may have got the wrong impression of Ctrl-Shift – "The opportunities for organisations arising from a new personal information economy are game changing. Ctrl-Shift is the world’s leading market analyst and consulting business helping organisations to capitalise on these opportunities".

Saturday 24 May 2014

GDS, G-Cloud, user needs and security


How would you make G-Cloud less attractive
and slow down take-up even more?

All change round at G-Cloud. Again.

They're full of surprises.

Especially since they came under the control of the Government Digital Service (GDS) on 1 June 2013.

So what is it this time?

Accreditation. It's on the way out.

What do the changes to CESG’s new Cloud Security Principles mean? Good question, asked by Robin Pape in Digital By Default News:
Until now, the CESG Pan Government Accreditor has been responsible for accrediting cloud services to IL2 and IL3 levels.  This was a time- and resource-consuming exercise for both suppliers and CESG, and led to long lead times for accreditation.  However, it did provide two standard levels of assurance for customers wanting services to handle sensitive data, removing the need for each customer to accredit the services themselves.
Until now there was no "need for each customer to accredit the services themselves". That's about to change, subject to consultation.

Let's just be clear what they're talking about. Take HMRC as an example, Her Majesty's Revenue and Customs. They wanted to store some data in the cloud. They needed a cloud service that was assured of adequate security. And, as Phil Pavitt told us back in October 2012, they chose Skyscape as their supplier:
... data security remains integral to HMRC and a pre-requisite of any of our data being migrated to Skyscape is for their solution, including all the constituent parts, to be formally accredited by CESG (the Communications-Electronics Security Group) to Impact Level 3 (IL3). For more information please see the link below:

http://gcloud.civilservice.gov.uk/2012/03/09/so-what-is-il3-a-short-guide-to-business-impact-levels/

This accreditation is expected imminently, at which point HMRC will be in a position to begin securely moving data over to Skyscape and decommissioning our old servers ...
That was then.

And now?

Back to Mr Pape's article:
The new approach will be based on the “Cloud Service Security Principles” published by Cabinet Office late last year and the recently-published guidance “Implementing the Cloud Security Principles” which is currently an Alpha (ie a first public draft for consultation).  The intention is that, for future GCloud framework contracts, the principles and guidance will be the basis on which suppliers describe how they address security in their service offerings.
The intention is that ... G-Cloud suppliers will accredit themselves. "This was a time- and resource-consuming exercise for both suppliers and CESG" and now all that time and cost can be saved by simply not bothering. Security? Who cares.

Understand, it's not Mr Pape recommending this change. He's just reporting what's proposed. The proposal comes from the Cabinet Office, presumably with the approval of Francis "JFDI" Maude.

Will it really save any money and time?

No. Instead of a one-pass CESG process, G-Cloud suppliers and their customers will now have to go through the security assurance process for each and every prospective procurement. And every year thereafter, when they want reassurance that the G-Cloud service still meets the required security level, they'll have to do it all over again, n times instead of once.

So much for user needs driving everything that GDS does.

All change.

We learnt back in February that a group of G-Cloud suppliers want longer maximum contracts, three years instead of two. That is the exact opposite of the principle on which G-Cloud was established. Long lock-in periods then were seen as the problem. Now they're the solution.

These suppliers also want to discontinue the facility for clients – central and local government departments – to negotiate individual contracts. They think that the clients are being too fussy about security. And they think that the clients should be forced to advertise their procurement plans and that they should be forced to explain themselves to the headmaster when they decide against a G-Cloud offering. They want to knock out any competition to G-Cloud:
We recommend that a system be put in place to enable suppliers to report variances from the G-Cloud buying guide to the G-Cloud team and CCS [the Crown Commercial Service, the Government procurement Service as was] to enable any common issues to be addressed ...
What's the point of negotiating a framework to get round the procurement problems posed by the oligopoly of big systems integrators (SIs) if you promptly reintroduce those problems into the small- and medium-sized enterprises (SME) framework?

The G-Cloud framework was in tatters then, as we said:
With apologies to George Orwell: "The customers outside looked from SME to SI, and from SI to SME, and from SME to SI again; but already it was impossible to say which was which".
Since then we have learnt that CloudStore, the G-Cloud shop-front, is for the chop.

And now the Cabinet Office want to get rid of expert security accreditation. Because it takes too long. Too long for what? And it costs too much. Too much for what? What is it in this case that is more important than security?

Putting your data and your applications in the cloud is already the fastest way known to lose control of them. The Cabinet Office/GDS seem to be intent on making the process even more efficient.

Let Mr Pape have the last word. He's a G-Cloud supplier and he knows what he's talking about:
How will customers and suppliers be able to transact business easily without the old standard levels of assurance?  G-Cloud must make it quick and easy to buy commodity services, but a long security-checking process for each purchase would make G-Cloud less attractive and slow down take-up even more.

GDS, G-Cloud, user needs and security


How would you make G-Cloud less attractive
and slow down take-up even more?

All change round at G-Cloud. Again.

They're full of surprises.

Especially since they came under the control of the Government Digital Service (GDS) on 1 June 2013.

So what is it this time?

Accreditation. It's on the way out.

Tuesday 20 May 2014

Can website designers "challenge" UK government policy?

Writing 18 months ago about Martha-now-Lady Lane Fox's call for a revolution in the UK, we noted among others this demand:
Directgov should own the citizen experience of digital public services and be tasked with driving a 'service culture' across government which could, for example, challenge any policy and practice that undermines good service design.
In the event, the revolutionary cadre implementing the new dispensation is GDS, the Government Digital Service, and not Directgov. GDS's skill lies in designing websites. Can website designers "challenge" UK government policy?

As it turns out, yes:
GDS unable to approve Immigration 'live digital by default' request

The Government Digital Service (GDS) says it has been unable to approve a request from the "Report an Immigration or Smuggling Crime" initiative to be branded as "live digital by default" on the service.gov.uk domain.

The "Report an Immigration or Smuggling Crime" service within the Home Office's Border Force allows the public to submit information about foreign nationals working or living illegally in the UK or any kind of smuggling.

In its assessment carried out on 23rd April, GDS said it was pleased to see significant progress had been made since the first assessment with regards to putting users first and undertaking user research. However, it added, "there are a number of areas which need to be addressed in order for the service to meet the criteria for becoming a Live Digital by Default service."
You may or may not think the Home Office's initiative is a good idea. It doesn't matter. The point is that it's their initiative. And they can't pursue it because a group of website designers say so.

Can website designers "challenge" UK government policy?

Writing 18 months ago about Martha-now-Lady Lane Fox's call for a revolution in the UK, we noted among others this demand:
Directgov should own the citizen experience of digital public services and be tasked with driving a 'service culture' across government which could, for example, challenge any policy and practice that undermines good service design.
In the event, the revolutionary cadre implementing the new dispensation is GDS, the Government Digital Service, and not Directgov. GDS's skill lies in designing websites. Can website designers "challenge" UK government policy?

Monday 19 May 2014

RIP IDA – mooncalf economics

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

3 December 2011
It's two-and-a-half years since we first looked at Ctrl-Shift Ltd, the consultancy firm.

They had recently published a report, The new personal data landscape. Their claim was that national economic growth will be achieved if only we all of us make it easier for companies to know all about us. If we would just release all of our personal data, then "Ctrl-Shift’s research finds that the market for these new streams of information could grow to be worth £20bn in the UK over the next ten years" (p.14).

No evidence supporting this economic hypothesis was advanced in Ctrl-Shift's report:
  • We were told that it was something to do with midata: "Ctrl-Shift are working as advisors to the Department of Business as members of the ‘midata’ Project Board" (p.2) ...
  • ... and something to do with personal data stores: "The last year has seen a flurry of activity around the concept of personal data stores ... that help individuals collect and keep their own data safe, manage, analyse and use this data, and control how it is shared with other parties. Launches include Mydex and Paoga in the UK, Personal and Singly in the US, and Qiy in Holland ..." (p.15).
  • We were not told that Ctrl-Shift and Mydex are closely connected companies and that Mydex's chairman sat on the midata strategy board at the Department for Business Innovation and Skills (BIS). Far from being independent research, Ctrl-Shift's report was more like a sales document for Mydex's services and a fig-leaf for BIS policy.
Who would be convinced by midata? "The answer is a mooncalf", we said in December 2011, not least because of this passage in the Ctrl-Shift report (p.14):
Access to such data represents a ‘holy grail’ data to companies because it explains why people do what they do and predicts what they are going to do next.
Predicting the future accurately doesn't work in the world of horse-racing, despite the reams of data available on "form". Nor does it work in the world of equity investment.

If Ctrl-Shift had found a way of predicting the future, an investment bank would have bought them by now and cashed in. Ctrl-Shift haven't been bought, which leaves them in the same position as every other astrologer who ever promised the local potentate that he or she could predict and maybe even shape the future.

9 June 2014
"Groundbreaking research on the personal information economy", it says on Ctrl-Shift News:
New research by Ctrl-Shift (to be published on 9 June 2014) will look at the business and economic impact of Personal Information Management Services (PIMS) – personalised services that help individuals collect and their own data for their own purposes including making better decisions and managing life tasks and processes such as ‘move home’ or ‘manage my money’.
They're back.

"It is the first research of its kind to quantify the economic impact of this emerging market", they tell us, again, two-and-a-half years after the last first time.

They've dropped midata. This time round, Ctrl-Shift are focusing on "identity assurance":
Identity assurance is a springboard for innovation and an essential service for a successful online economy. It is a door opener ...
No mention in that news item of the fact that Mydex, the personal data store provider, has also been appointed one of the UK's "identity providers" – BIS/Vince Cable's loss is the Cabinet Office/Francis Maude's gain.

What is the future that Mr Maude promises?

Answer, a world in which all services have become digital by default and in which all transactions depend on Mydex. No Mydex, no transactions:


Is the magic working better now?

Seemingly not.

Next day, 10 June 2014, sees the start of individual electoral registration (IER) in England and Wales. Will IER be supported by identity assurance? No. The Cabinet Office's Government Digital Service can't get it working.

(And they couldn't get it working in March 2013 for Universal Credit at DWP, the Department for Work and Pensions.)

(And they couldn't get it working in October 2013 for PAYE Online at HMRC, Her Majesty's Revenue and Customs.)

And a week later, 16 June 2014, sees the sentencing in the US of the fraudster Hieu Minh Ngo. The judge is expected to have a few words to say about the ease with which Mr Ngo acquired personal data from Experian. Experian is another UK "identity provider", like Mydex. The trust, which all parties agree is needed for identity assurance to work, has already bolted.

It's nearly four years since the identity assurance project was launched, 20 September 2010. There's still nothing to show for it. The warnings are there – anyone prepared to invest in it now must be possessed of a confidence which is itself miraculous.

----------

Updated 2 June 2014

The tension mounts – mooncalf economics, your opportunity to invest, only one week to go, Monday 9 June 2014, as Ctrl-Shift remind us in a Tweet:


DMossEsq isn't licensed to give investment advice. Are Ctrl-Shift?

Next day, Tuesday 10 June 2014, sees individual electoral registration go live. Without GDS's promised identity assurance (RIP). And with no sign of life from midata either, except in the Telegraph, where they can't even spell it.

And then a week later, 16 June 2014, it's all eyes on New Hampshire and the sentencing of Hieu Minh Ngo. What will the judge have to say about GDS's "identity provider" Experian and the security of the data broker/personal information economy? How safe are we, we mooncalves, as the ground breaks up under Ctrl-Shift's research?

Updated 23.6.14

You will remember that there used to be something called the midata Innovation Lab. What we learnt from the midata Innovation Lab was published on 28 November 2013, seven months ago. Since then, mercifully, there has been a dignified silence. The silence of the grave.

Now the zombie stirs again for one last time.

New energy data sharing systems to be developed, a press release told us the other day. The Department for Business Innovation and Skills (BIS) and the Department of Energy and Climate Change (DECC) herded a lot of energy organisations together and pretended that there's life in the old dog yet – midata will help smart meters by making it easier for you to give your data away to even more organisations:
Automated access to these data files by customers or third parties with consumers’ permission, is the next logical step. It will be an important stepping stone to more engagement for consumers through smart meters, which will give them direct access to their consumption data which they can then share directly with trusted third parties.
It is fitting that the Minister at BIS who brought midata mewling and puking into the world in November 2011 is now the Secretary of State at DECC, where he can preside over its final, energy-efficient interment.

RIP IDA – mooncalf economics

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

3 December 2011
It's two-and-a-half years since we first looked at Ctrl-Shift Ltd, the consultancy firm.

They had recently published a report, The new personal data landscape. Their claim was that national economic growth will be achieved if only we all of us make it easier for companies to know all about us. If we would just release all of our personal data, then "Ctrl-Shift’s research finds that the market for these new streams of information could grow to be worth £20bn in the UK over the next ten years" (p.14).

Friday 16 May 2014

GDS and security, Mae West and Estonia (Mae Westonia?)


Democracy?
Who cares?
The latest example of GDS's inability
to take security seriously

Servicemen during the Second World War kept their morale up in many ways. Among others by having pin-ups, dear old Mae West among them.

70 years later, the wars are different, sentiment has moved on and the front line in digital services has a new pin-up – Estonia.

Some things never change, of course. The fascination with vital statistics, for example – only the other day, there was Jordan Hatch of GDS, the UK Government Digital Service, transfixed by Estonia's dashboard :)


And not just him. His boss, too, Public Servant of the Year ex-Guardian man Mike Bracken CBE:


Tweet text

You don't need to use army issue any more, you can bring your own device, BYOD. That's got to be a morale-booster in any language. That and the "police record query".

But what's all this about "graffiti" and "retrofuturism"?

No mystery. Cast your mind back to October 2012. And even to May 2012 when Francis Maude, Cabinet Office minister, went over to Estonia and actually met the future.

Which leaves just one tweet requiring explanation – why does eVoting suddenly get a mention? What is @sikkut's point that is being "completely taken"?

It helps if you know that @sikkut is Siim Sikkut, the National ICT Policy Adviser in the Government Office of Estonia: "My job is to help the government shape the future of information society and ICT sector in Estonia".

He was defending the honour of Estonia. Certain persons were impugning it. And Siim's point was that you always get deadbeats like that turning up. Just ignore them. That's the point that was "completely taken". There's nothing to see here.

And who are these deadbeats?

The University of Michigan (@umich) and the Open Rights Group.

Acting in concert, these fifth columnists have examined Estonia's electronic voting service and – how dare they? – declared that it is defective. It's not clear, they say, that in an election the result would be determined by the voters. Instead, the election could be hijacked by malware under the control of a foreign power:


Mr Kitcat didn't choose Russia as his example at random. Russia brought Estonia to its knees back in 2007. Very easily. Using a simple distributed denial of service attack, DDoS. Which worked precisely because Estonia is so dependent on digital public services. Is that what we want in the UK?

You need to know that Jason Kitcat is Leader of Brighton & Hove City Council, a Green city councillor, a member of the Open Knowledge "worldwide non-profit network of people passionate about openness", a member of the Open Rights Group (ORG) and the founder of the free e-democracy project: "This project evangelised the use of Free Software in government". He's obviously in favour of digital government.

And he's convinced that Estonia's eVoting system fails the tests for democratic legitimacy. Not just him/ORG but also the University of Michigan, who demonstrated that not only Estonia's but also Washington DC's eVoting system doesn't work, please see Hacker infiltration ends D.C. online voting trial.

ORG and @umich have put together a video of their findings:



Estonia has issued a statement: "We believe that online balloting allows us to achieve a level of security greater than what is possible with paper ballots".

And ORG/@umich have responded: "The Election Committee have failed to demonstrate or prove this very significant claim. Our independent and detailed analysis of their system’s procedures, design and available source code suggests that the system provides security far below that of a well-run paper-based election".

"Estonia is a model for all of us", we were told. Not if ORG/@umich are right, it isn't.

"Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage". So said Sten Tamkivi. And a fat lot of use that is, if ORG/@umich are right.

You're in the UK. Not Estonia. What do you do? The symbol of your digital government mission is being impugned, morale among the troops could collapse, you risk being unmasked, how do you respond?

Never mind. No-one cares how you'd respond. This is how GDS responded:


Tom Loosemore (@tomskitomski), in the Twitter thread above, is No.2 at GDS to Public Servant of the year ex-Guardian man Mike Bracken CBE. Tony Bowden (@tmtm) works for mySociety and is based in Tallinn.

It's a small world. In his extraordinary speech to the Code for America Summit last October (3'18") Public Servant of the year ex-Guardian man Mike Bracken CBE explained that 10 years before, he had been at mySociety, making the tea for Saul Tom Steinberg, who developed digital services that the two of them couldn't give away to UK local authorities for free.

How long before the same thing happens to electronic voting systems?

Several times already, we have noted GDS's disinclination to take security seriously. This case of the ORG/@umich report on eVoting in Estonia is an egregious example of the problem. Faced with a security challenge to democracy, GDS respond by talking about dashboards and graffiti, BYOD and travel expenses – anything, really, apart from the problem.

How long before the servicemen tear down the pictures of Estonia currently stuck up on their locker doors, revealing the dependable Mae West behind?

----------

Jason Kitcat is standing for election to the European Parliament next week. You could vote for him if you like. Or against. On paper.

----------

Updated 2.6.14

Hat tip: Andrew Orlowski

Jaan Priisalu is the director general of the Estonian Information System Authority and he told Sky News that "it’s quite clear that you can have problems with your neighbours" – true – "and our biggest neighbour is Russia" – alert – "and nowadays it’s quite aggressive" – nothing gets past Mr Priisalu.

What are Estonia doing about this Russian aggression?

According to Sky, "Estonia intends to back up crucial national databases in the UK and other countries".

How would that help?

"Planned 'data embassies' would allow the Estonian government to 'operate in the cloud' – maintaining the normal operations of state digitally, even if its physical territory is occupied by an invading force".

It wouldn't.

If Estonia's "physical territory is occupied by an invading force" then having its "crucial national databases" backed up in the UK or anywhere else wouldn't help and it's baffling self-deception to believe that it would.

"Estonia has arguably the most advanced digital government in the world" – fat lot of use that is.


Updated 28.12.14
Estonia offers e-residency to foreigners
... But what does it mean?

... Wang, a Canadian-Taiwanese user experience designer ... qualified for an Estonian ID card ... foreigners like Wang are set to gain extended access to some services with Talinn’s new initiative – e-residency ... Wang says she will be applying for e-residency, although she admits she doesn’t know much about it, and is not yet convinced it will give her access to more benefits ...


Updated 20.2.15

Is electronic voting secure? Will the result of an electronic election be determined by the voters or by the best hackers?

Jason Kitcat, the Open Rights Group and the University of Michigan say no, it's not secure, please see above.

Estonia says yes, it is secure, please see above.

Who do you believe?

Forget that. It doesn't matter what you believe.

The question is what does the Speaker's Commission believe? We refer here to the Speaker of the UK Parliament and his Commission on Digital Democracy, which has just tweeted the following:


None of Jason Kitcat, the OpenRights Group and the University of Michigan's objections is dealt with. Estonia's Prime Minister simply asserts that electronic voting in his country is secure.

It is to be hoped that Mr Speaker will delve a little deeper into the subject.


Updated 14.3.15

Digital-by-default ...
... and the effect it has on your knees

"Check it out", says the Estonian embassy in the UK:


"Check it out" means watch this chirpy little BBC film – ID cards are great, eVoting is great, it only takes 19 seconds to complete your tax return because the Revenue already know everything about your financial affairs anyway, etc ... Don't miss the punchlines: you have to trust the government implicitly; and Russia can bring your country to its knees quickly and painlessly using nothing more than a computer:




Updated 12.4.15

Six months ago Martha Lane Fox gave it as her opinion that Online voting should be made mandatory. What about all the problems associated with eVoting? "Of course we can cover for all the fraud and I don’t think it makes the procedure any less robust, in fact quite the opposite", she said.

Never mind all the hard work that went into designing the Estonian eVoting scheme and the Washington DC one, and never mind all the hard work put in checking them by the University of Michigan and the Open Rights Group, please see above, Martha Lane Fox thinks eVoting is robust or, more of a double negative, she doesn't think that it's not robust. What's more it should be mandatory.

That may be sufficient reason for some people. After all, Martha Lane Fox is the salesman who successfully promoted digital-by-default to the British government. There can't be much that she doesn't know about technology. Can there? Or government policy-making. Or democracy.

Before your confidence in Martha Lane Fox gives you undentable confidence in mandatory eVoting you should note that your confidence may be dented by a speech given a fortnight ago by ... Martha Lane Fox.

On 30 March 2015 she delivered the annual Dimbleby Lecture.

Cybercrime is a bit of a problem on the internet, she said. Cybercrime would presumably include warping election results.

A new institution should be set up she said, DotEveryone, to solve the problem of cybercrime: "That, for me, would be DOT EVERYONE’s third big task – help us embed our national values in the digital world ... It will make sure the UK fills the moral and ethical gap that exists at the heart of discussions about the internet".

In other words, she doesn't yet know how to solve the problem and she can't have done six months before when she nevertheless declared eVoting to be safe and declared without reason that it should be mandatory.


Updated 19.4.15

Who's at the other end of the computer?

Martha Lane Fox and other salesmen may try to convince you that eVoting is safe. And inevitable. And many of you may be convinced.

Not so the SNP (the Scottish National Party).

They're not falling for it.

They take it as axiomatic that MI5 can use computers to intervene in any British ballot to produce the result they want:
The SNP's very Scottish conspiracy...

... “I couldn’t work out how it was possible to interfere on any scale with the postal ballot,” Andy Anderson, one of the authors, told the Telegraph. “You need the ballot paper number, the signature and date of birth of the voter. Then it occurred to me. All that information went into a computer – and who’s at the other end of the computer in London? MI5” ...


Updated 6.9.17

The estonian world website said yesterday Possible security risk affects 750,000 Estonian ID-cards: "all the cards issued to e-residents are also affected ... we have restricted the access to Estonian ID-card public key database to prevent illegal use ... some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October".

Bruce Schneier, who knows a thing or two about security, says: "We have no idea how bad this really is ... My guess is that it's worse than the politicians are saying ... And because this system is so important in local politics, the effects are significant ... This is exactly the sort of thing I worry about as ID systems become more prevalent and more centralized. Anyone want to place bets on whether a foreign country is going to try to hack the next Estonian election?".

And Martha Lane Fox? What does she say?


Updated 13.8.18

West Virginia ignores the experiences of Washington DC and Estonia and aims to introduce on-line voting. Will someone give them the phone number for the University of Michigan?
West Virginia to introduce mobile phone voting for midterm elections

West Virginians serving overseas will be the first in the country to cast federal election ballots using a smartphone app, a move designed to make voting in November's election easier for troops living abroad. But election integrity and computer security experts expressed alarm at the prospect of voting by phone, and one went so far as to call it "a horrific idea."