DMossEsq: ENISA

Showing posts with label ENISA. Show all posts

Monday, 10 September 2012

midata, the loneliest initiative in Whitehall – 12 and last

Today is the deadline for submitting responses to the Department for Business Innovation and Skills (BIS) consultation on midata. That doesn't make it an important day. BIS will not be dissuaded by any adverse comment in the responses. But for what it's worth:

midata 2012 review and Consultation - response form
Consultation on legislating to give consumers access to data in an electronic, machine readable form
For your ease, you can reply to this consultation online at: https://www.surveymonkey.com/s/midata
Alternatively you can email, post or fax this completed response form to:
Email
midata@bis.gsi.gov.uk
Postal address
Craig Belsham,
Head of Consumer Empowerment,
Department for Business, Innovation and Skills,
1 Victoria Street,
London,
SW1H 0ET
Fax
020 7217 2234
A copy of this consultation can be found at:
http:/www.bis.gov.uk/consultations
The Department may, in accordance with the Code of Practice on Access to Government Information, make available, on public request, individual responses.
The closing date for this consultation is 10 September 2012.

Your details
Name: David Moss
Organisation (if applicable): Not applicable
Address: xxxxxxxxxx
Telephone:    xxxxxxxxxx
Fax:    xxxxxxxxxx
email: BCSL@blueyonder.co.uk
Please tick a box below that best describes you as a respondent to this consultation:



Business representative organisation/trade body

Central government

Charity or social enterprise

ü

Individual

Large business (over 250 staff)

Legal representative

Local Government

Medium business (50 to 250 staff)

Micro business (up to 9 staff)

Small business (10 to 49 staff)

Trade union or staff association

Other (please describe)

Question 1: Do you agree with the principles of midata?
No
Have you any comments on the proposed approach?

The Department for Business Innovation and Skills (BIS) say that midata would force suppliers to make transaction data available to consumers. They already make that data available and have done for decades. midata is unnecessary.

BIS say that midata will make the economy grow. They give no reason to believe that and provide no figures. What is the target? How would BIS know if midata had succeeded?

They say that midata would empower consumers. The examples of empowerment given concern switching between mobile phone suppliers and between energy suppliers. There are already applications which support this switching and BIS themselves describe the energy companies as already blazing the trail. Again, midata is unnecessary.

Even its promoters have trouble explaining what midata is for. Professor Shadbolt, chair of the midata programme, was interviewed on BBC Radio 4’s You and Yours on 5 September 2012 and cheerfully announced that he couldn’t give examples of any other applications.

We already have Ofcom and Ofgem. Why do we need midata as well? Are BIS saying that Ofcom and Ofgem don’t do their job properly?

BIS still can’t answer the questions raised by Rory Cellan-Jones of the BBCon 3 November 2011: “what's the catch for consumers and why is the government getting involved?”.

Which may in turn explain the lack of take-up by suppliers, not a single new adherent having been announced since BIS’s 3 November 2011 press release.

Which leaves this respondent to the consultation wondering why BIS want midata, and want it so much that they have switched from midata being a voluntary scheme to proposing to make it compulsory.

And wondering what the rôle of the Behavioural Insights Team is in midata – they’re meant to nudge, not legislate.

And wondering how BIS can describe this proposed additional regulation of UK business as having a deregulatory effect.

The practical effect of midata on the public would be to require us all to maintain a number of PDIs, personal data inventories, each recording sufficient data to identify us.

The PDIs would be maintained on the web, we are told, in the cloud, by trusted third parties – i.e. complete strangers – and they would be in permanent contact with all our suppliers, disseminating changes to our data automatically, without our being involved, to everyone who needs to know about the changes, and occasionally making recommendations to change our phone contract or energy contract.

It takes years to inspire trust and BIS provide no reason to trust these suppliers. They don’t even name them. If midata was a company, no reputable broker would sponsor it and no reputable stock exchange would list it.

The web is an inherently dangerous place to store personal data. BIS and the Cabinet Office, together with the Foreign Office/GCHQ, held an event on 5 September 2012 advising businesses to take effective precautions against cyber threats. At that event BIS promoted a set of GCHQmanuals, in which they give it as their opinion that most businesses have failed to implement cyber security properly.

ENISA, the EU’s information security arm, advise that no valuable data should be entrusted to the cloud and that cloud computing should only be embarked on with a clear exit strategy. The OECD also have their reservations about cloud computing: “cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties”.

If BIS believe GCHQ, ENISA and the OECD, their simultaneous advice to consumers to entrust our personal data to cyberspace is inconsistent and irresponsible.

The Cabinet Office make the unlikely claim that cloud computing is the key to transforming government by making all public services digital by default and delivering them through the G-Cloud, the government cloud, and a number of public clouds, P-Clouds.

For that, they need identity assurance, they need to be able to identify the consumers of public services online. They need the equivalent of the Home Office’s failed National Identity Service. They need us all to have PDIs. That’s what the Cabinet Office say, even while simultaneously acknowledging how dangerous it is and warning people against it.

It’s all very well BIS telling us consumers that we are hopeless at making choices and that we need midata apps to improve our lives. But BIS and the Cabinet Office might do well, equally, to ask themselves how on earth they decided to adopt PDIs, against their own advice, ignoring GCHQ’s advice, ENISA’s and the OECD’s. Better decision-making begins at home, in this case at No.1 Victoria St London SW1.

BIS should drop the ill-thought out midata initiative forthwith, it would do nothing for the economy and it would not empower consumers. Instead, it would expose us all to the risks of identity theft. If the Cabinet Office want us all to have PDIs, let them argue their confused case themselves. There is no good reason for BIS to do the Cabinet Office’s dirty work for them.

Question 2: Do you have a view on whether particular sectors or types of business should or should not be covered?
Yes
Comments:
The question doesn’t arise, midata should be abandoned.

Question 3: What is your view on the likely impact of the proposed approach on privacy, consent and information security and the implication for data protection

It would be disastrous. It courts all the dangers that BIS/the Cabinet Office/GCHQ/ENISA/the OECD warn against.

Question 4: What is your view on who should have the right to request data?
Consumers should and already do have the right to request data, midata is unnecessary.

Question 5: Some consumers already shop around, though may not always switch to the best deal for them. What additional proportion of consumers is likely to become empowered by this data?
None.

Question 6: What types of new services might be offered by intermediaries (such as, price comparison websites) and what could be the value of this new market?
The question doesn’t arise, midata should be abandoned.

Question 7:Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?
No
Comments:
It is irresponsible of BIS to incite people to hand over control of our personal data to third parties.

Question 8:Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?
No
Comments:
The consumer is being cut out of his own life in the midata scenario BIS suggest. A number of computers would be exchanging reams of information about the consumer without him or her being involved. Anybody naïve enough to embrace this potty vision of the future should be protected from themselves and not exploited by BIS.

Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?
The question doesn’t arise, midata should be abandoned.

Question 10:The Government is minded to require businesses to give their customers access to transaction and consumption data, in order to help them better understand their behaviour.

a)         What types of data would be most helpful? Customers already have access to their transaction data, the question is wrong-headed.

b)         Over what period should the data refer to? That is a matter for the market to decide. It already has decided. Where the period is too short, wise suppliers will heed their customers’ requests to lengthen it.

Question 11: Should other types of information, such as warranties or terms and conditions, be included?
No
Comments: The question doesn’t arise, midata should be abandoned.

Question 12: Should the Government specify a particular electronic format beyond a machine readable open standard format in which the data has to be supplied?
No
Comments: The question doesn’t arise, midata should be abandoned.

Question 13: Should the Government specify a period within which data must be released electronically following a consumer’s request?
No
Comments: The question doesn’t arise, midata should be abandoned.
b) If so, what would be a reasonable period within which data must be released?

Question 14: Please provide information about cost:
- Where your business already collects the relevant data, please estimate:
a) Additional one- off costs of making the data available in an open standard format (such as, purchasing new IT, hiring IT staff) – not applicable.
b) Additional ongoing costs (such as of additional staff) – not applicable.
c) If not already stated, please state here the approximate number of customer accounts that these costs are estimated for. For example, number of UK accounts – not applicable.

Question 15: Should businesses be permitted to charge a consumer for providing them with the data in electronic format?
Yes
Comments: If midata were deployed, then yes, of course, but the question doesn’t arise, midata should be abandoned.

Question 16: Should any such charges be constrained by the legislation?
No
If so, do you have a view on how a maximum charge should be set or adjusted?
The question doesn’t arise, midata should be abandoned.

Question 17:Which body/bodies is/are best placed to perform the enforcement role for this right?
The question doesn’t arise, midata should be abandoned.

Question 18:Should the Government specify a lead enforcement body?
No
If yes, who:

Question 19: How should the right be enforced by any such body? Will they need any new powers to enable them to enforce it?
The questions don’t arise, midata should be abandoned.

Question 20: What examples of existing regulatory actions could be reduced or removed if the power being consulted on was exercised?
The question doesn’t arise, midata should be abandoned.

Question 21: Should a consumer be able to launch independent action (and, if so, what sort of action) in relation to non-compliance with the duty?
No
Comments: the questions don’t arise, midata should be abandoned.

Question 22: Do you foresee any risks or undesirable consequences from exercising a power to require certain data to be released electronically?
Yes
Comments: please see answer to Questions 1 and 8.

© Crown copyright 2012
You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit www.nationalarchives.gov.uk/doc/open-government-licence, write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gsi.gov.uk.This publication is also available on our website at www.bis.gov.uk
Any enquiries regarding this publication should be sent to:
Department for Business, Innovation and Skills
1 Victoria Street
London SW1H 0ET
Tel: 020 7215 5000

If you require this publication in an alternative format, email enquiries@bis.gsi.gov.uk, or call 020 7215 5000.
URN 12/943RF

midata, the loneliest initiative in Whitehall – 12 and last

more ►

Wednesday, 28 March 2012

Cloud computing is bonkers or, as HMG put it, a "no-brainer"

The failures of government IT projects are well-known and have been for decades, during which the problems have been intractable. Now a solution is being championed by Her Majesty's Government – cloud computing.

What is cloud computing? And is it the answer?

HMG runs a blog called G-Cloud (the government cloud), on which last Friday Adrian Scaife from the Ministry of Justice posted an answer to the first question above, "A No Brainer":

Cloud computing is so easy to understand that even simple folk like me get the idea.

Mr Scaife should know all about the traditional problems of government computing. He works for NOMS, the National Offender Management Service, the travails of which have rarely been out of Private Eye for the past eight years. To pick just one of the hiccoughs suffered, in March 2009 the National Audit Office published a report on the NOMS computer system which includes this:

3.17 At the end of October 2007, £161 million had been spent on the project overall. We have not been able to ascertain precisely what this money was spent on because NOMS did not record expenditure against workstream before July 2007 ...

This patrician insouciance of Whitehall's when it comes to public money is just one of the aggravating features of government IT collected together in a report by the Public Administration Select Committee, Government and IT- "A Recipe For Rip-Offs": Time For A New Approach, a report which with good grace Mr Scaife refers to. It's a long report and readers may care to start with the contribution entitled Whitehall, Red Light District beginning at page Ev w7 to get the flavour of it. Clause 5 deals with cloud computing.

Mr Scaife's post promotes five alleged benefits of cloud computing which he says will help to solve the current problems of government IT:

No CapEx – you can stand up services in days, hours or in some cases minutes – try before you buy: spin up an AWS instance, sign up for Google Apps for Business or an Office 365 free trial and touch and feel it for yourself ...
Metered Services – you only pay for what you use. If it doesn’t fit the bill, switch it off. If it does work you can grow it incrementally ...
Scalability, flexibility, elasticity – All baked in. You want to add a couple of hundred gigs of storage, another 50 or 5000 users, a new tenancy for an application, just switch it on. And when your business changes and you don’t need it any more – no exit costs, just switch it off ...
Cheaper – the economies of scale the global-class cloud providers can realise drive unit costs to a level that can never be achieved through an on-premise approach. In many cases, cloud services are free at the point of use because of these economies of scale, and because they are typically monetised by advertising – you can normally lose the ads for a paid business version of a cloud service ...
Vendor-led Innovation – One of the great things about cloud is that you don’t have to do upgrades, the cloud provider does it. New features, patches, and upgrades are all part of the package. Because the global market is a competitive place, as well as getting better, services can get cheaper too: AWS reduced their prices twice in 2011 ...

If there is no CapEx, no capital expenditure, then what Mr Scaife foresees is a new world in which government doesn't buy any expensive computers (any servers) itself. But someone has to buy them. The people buying them are AWS, Amazon Web Services, and other suppliers of cloud computing services. Someone must pay for all the spare capacity which would allow HMG to "scale up" any time it wants to, no delays involved. And someone must keep paying for it when HMG decides at the drop of a hat to "switch off". All that redundancy must be reflected in the costs.

What we're looking at is a return to the 1970s and timesharing. Back then, most companies couldn't afford mainframes or minicomputers and so they rented time on computers provided by the likes of GEISCO – General Electric Information Services Company – and Comshare and other smaller bureau operators. Timesharing costs went through the roof and the whole business was gratefully abandoned when PCs arrived in the 1980s.

HMG is welcoming the timesharing zombie back into Whitehall. And Mr Scaife, at least, offers no reason to believe that costs won't go through the roof again just like the last time.

Mr Scaife's post barely considers the potential disadvantages of cloud computing. The document is more like a piece of sales literature than a balanced assessment.

There are other opinions of the new world being sold to us here:

The OECD, for example, recommend that "cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties".
ENISA, the EU's information security agency, casts more doubt on the advisability of cloud computing, concluding that "its adoption should be limited to non-sensitive or non-critical applications and in the context of a defined strategy for cloud adoption which should include a clear exit strategy".
Larry Ellison, the founder of Oracle, says frankly: "The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do. The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?"
And as for Richard Stallman, he says that cloud computing is a "trap":

... Richard Stallman, founder of the Free Software Foundation and creator of the computer operating system GNU, said that cloud computing was simply a trap aimed at forcing more people to buy into locked, proprietary systems that would cost them more and more over time.

"It's stupidity. It's worse than stupidity: it's a marketing hype campaign," he told The Guardian.

"Somebody is saying this is inevitable – and whenever you hear somebody saying that, it's very likely to be a set of businesses campaigning to make it true."

The Guardian quote one actual user of real live cloud computing services as follows:

We went ahead and moved our business to public cloud computing about 18 months ago. It has been a nightmare, there have been times when the company is down because our collaboration software, Basecamp, is unreachable. We also have an Amazon cloud solution. How secure is this, what if there is a breach? How do you even call Amazon, they don't even have a phone number for us? The level of transparency is not there.

Mr Scaife's assumption is that cloud computing offers greater security than can be achieved in-house. But how do you know? According to the Guardian again:

Despite these efforts, tough issues remain. One is that organisations often cannot perform audits to verify the vendor's claims. Google, for example, does not allow it. "It does more to impede the security, letting everybody in to take a look at everything," Feigenbaum says.

Google is another supplier of cloud computing and Eran Feigenbaum is their director of security for Google Apps. Are we really to believe that Google can provide higher security than HMG?

Maybe. We are used to finding fault with HMG. That doesn't mean that Google are faultless.

Let's be clear what Mr Scaife is talking about here. All our tax records, all our state education records, all our state healthcare records and state housing records, all our National Insurance and state pension records, all our criminal records, ... could be stored on Amazon web servers or Google web servers or anyone else's web servers.

Where would those servers be? Where would our data be? They could be anywhere. Anywhere where Amazon/Google can provide their allegedly scalable and flexible services most cheaply. Who has jurisdiction over the data if it's in Vanuatu (formerly the New Hebrides but now the Ripablik blong Vanuatu)? How do you enforce any British law there?

HMG might or might not be able to keep control. The US have taken steps to do so already, and not just to control their own data:

There is also concern about the US anti- terrorism legislation called the Patriot Act, which gives the US government a right of access to any data stored on US soil, and possibly any data on servers belonging to a US company, if it is deemed necessary for security investigations. In some cases, that is not an acceptable risk.

Mr Scaife acknowledges this problem:

Special needs
The operation of separate and parallel ICT systems for government departments is analogous to operating separate water or electricity supplies for government departments. It is expensive, often unnecessary, and the benefits are dubious. At the same time, government is in a unique position in that it must both protect assets of national security, and that it must provide adequate protection of the personal data entrusted to it.

If government is going to protect national security and the confidentiality of personal data, then that surely points firmly against cloud computing and Mr Scaife's putative cost savings won't be available after all. Alternatively, if HMG is determined to try to achieve those putative savings, will the population no longer be relying on HMG? Will we be relying instead on the good will of Amazon and Google? Is the job too difficult, and HMG is giving up on the business of government?

Having asserted that government's responsibilities are unique, three paragraphs later Mr Scaife says:

Government is now beginning to recognising the potential cloud has to help us deliver ‘better for less’, to drive down costs and to improve services. Our job now is to seize the opportunity to capitalise on that. Cloud is a ‘no-brainer’, but we need to avoid getting into a tiz about how scary it sounds to us and how ‘special’ we think we are.

Clearly, his point is that government computing requirements are not unique after all – "we need to avoid getting into a tiz about how ... ‘special’ we think we are". He thinks that's an argument for adopting cloud computing. It isn't. It's the reverse.

Anyone using the cloud has lost control of their data and of their costs. Do lawyers store your confidential data in the cloud? Let's hope not. They shouldn't. There's nothing special about government in this respect. HMG shouldn't adopt cloud computing either, any more than lawyers. Not if they're going to maintain national security. Not if they're going to take the confidentiality of personal data seriously. And not if they have a brain.

Public administration in the UK is in a parlous state. No-one doubts that there are real problems. Cloud computing is not the answer.

----------

PS For what it's worth, DMossEsq posted a comment on the G-Cloud blog raising some of the questions above. The comment has been published but the last sentence, including a link to this article, has been removed. It's a small thing but was the comment edited in the UK? Or Vanuatu? How will you defend your position if your tax records are edited? And what if they're copied by Google, at the request of the US government? While framing your answers, please follow Mr Scaife's advice and try to "avoid getting into a tiz about how scary it sounds to [you] and how ‘special’ [you] think [you] are".

Cloud computing is bonkers or, as HMG put it, a "no-brainer"

more ►

Saturday, 3 December 2011

The case for midata – the answer is a mooncalf

Ed Davey, Minister at the Department of Business, Innovation and Skills, is promoting the midata initiative. In this, he is guided by a management consultancy called Ctrl-Shift. Ctrl-Shift have recently issued a report which makes the business case for the investment of public money in midata.

An incomplete review of
The new personal data landscape
published in November 2011 by Ctrl-Shift
21 pages, price: £500

Ctrl-Shift is a management consultancy specialising in customer relationship management with an impressive list of clients including the UK government. This latest report of theirs predicts the rise of a new personal information management industry.

What's new about it?

For the first time, Ctrl-Shift say, organisations will give data back to their customers. The kind of organisations they have in mind are banks and energy companies and anyone else who signs up to the government's midata initiative.
For the first time, Ctrl-Shift say, people will be able to build a comprehensive picture of themselves and use it to make rational decisions.
In this, people will be assisted, for the first time, Ctrl-Shift say, by forums in which they can share their experience.

Nothing new about this personal data landscape at all. It's the same personal data landscape we have always grazed in, and not a new "ecosystem", as Ctrl-Shift keep calling it. The banks have always provided us with statements and the energy companies have always provided us with a breakdown of the bill.

Ctrl-Shift advocate the value of placing all your personal data in a single database, a personal data store (PDS), and then curating it.

Curatorial skills come into their own in museums and art galleries where some gifted individuals can assemble and present a few objects in such a way as to inspire interest in the viewers and educate them. If you have no desire to educate your electricity supplier, then a PDS is probably not for you. And if you think that showing them your utility bills will inspire interest in the attractive person you met at a party last night, then you're mistaken.

"Curator" is the wrong word. "Archivist"? No. "Custodian" is better. There is a demand for custodians, organisations that would, for a fee, store your data and protect it, rather as a Swiss bank discreetly stores your money. Swiss banks are utterly reliable. They didn't create their reputation for reliability by announcing "we are reliable". They created it over the decades by demonstrating that, come what may, they would protect their clients' privacy. The need for trust is recognised by Ctrl-Shift. But they seem to think that trust can be created just like that, overnight. Wrong.

To Ctrl-Shift, unlike a Swiss bank, privacy is nothing more than an irritating constraint (p.17):

If organisations try to share customer data with each other they invade individuals’ privacy and risk breaching the Data Protection Act. The result is duplication, waste and missed opportunities.

What Ctrl-Shift seem to be promoting instead of privacy is Californian narcissism mixed with an unreconstructed hippy's enjoinder to let it all hang out and share it all with the commune/forum. Hippy communes are either terminally dull. Or terminally fascinating, see David Koresh and Jim Jones. Either way, to be avoided.

Which organisations do Ctrl-Shift recommend that people trust with their PDS?

In the UK, a company called Mydex (p.15).

Two of the founders of Mydex are William Heath and Alan Mitchell. Alan Mitchell is also the strategy director of Ctrl-Shift and William Heath is the non-executive director of Ctrl-Shift. These are two individuals who genuinely would be empowered by the adoption of midata. Unlike the rest of us. They have a vested interest. This interest is not declared in the Ctrl-Shift report. That undermines trust. So who would want to use Mydex as their custodian?

Ctrl-Shift repeat the claims made by Mydex that having a PDS puts the customer in control of his or her own data. It doesn't. It confers no more control over what happens to your personal data than the situation we have enjoyed for the past 5,000 years during which civilisation has flourished without PDSs.

Ctrl-Shift repeat the claims made by Mydex that having all your personal data in one pot will allow you to analyse yourself, learn things about yourself and make coherent, utilitarian choices as a result. The possibilities are limitless. On p.12 we find this example:

Tallyzoo, a service dedicated to self monitoring, allows users to measure anything from their caffeine intake to the number of times they cut their grass. Users collect data using a mobile device or website program which creates interactive flashbased graphs enabling them to spot trends and patterns in their consumption habits, work, health and fitness goals. Data is manipulated so that users can share statistics and compare the end results.

The impression is that Ctrl-Shift have somehow managed to preserve into adulthood a childlike fascination with technology so intense that they ignore the banality of its use – just how many people do they imagine want to see William Heath's coffee consumption statistics? (Do not assume that the answer is zero. He made this reviewer a very good cup of coffee once. But the number isn't going to be big enough to support Ctrl-Shift's multi-billion pound projections for the industry.)

Access to such data represents a ‘holy grail’ data to companies because it explains why people do what they do and predicts what they are going to do next.

Religiose piffle (p.14). Computers may have got more powerful over the years, which Ctrl-Shift find interesting, and data storage cheaper, but there have been no advances in the understanding of human psychology to match, and the ability to predict "what they are going to do next" is not available. What kind of organisation would make such a claim? And what kind of a person would believe it?

Where is the control shift, the quasi-eponymous subject of the Ctrl-Shift report?

There is no control shift in the provision of data by organisations to their customers. That's always taken place. The customers gain no new control over the fate of their data just by putting it in a PDS. The claim that Mydex-users are in control of their data is marketing person's hot air.

The answer is all to do with identity assurance (IdA).

Mydex is the reductio ad absurdum of the Cabinet Office's plans for IdA. Francis Maude and Ian Watmore want people to transact with the government over the web, and only over the web. For that, everyone needs an electronic identity, proving that each person is who he or she says they are.

Not just the Cabinet Office. The Department for Work and Pensions, too. DWP's plans for Universal Credit depend on IdA over the web.

All the verbiage about monitoring your grass cuttings is just that.

Mydex want to issue people with some sort of a token, unspecified in the Ctrl-Shift report, which allows people to log on to web-based services and transact. All web-based services. Accessed via one Mydex token. There's something megalomaniac about it. That's the control shift. You would become dependent on Mydex to transact over the web. That really would be a new landscape. On the web, your PDS would be you. Who trusts Mydex enough, or any other company, to make their existence dependent on that company? No-one sane. Or prudent. Or adult. Only a mooncalf.

The Ctrl-Shift report is one-sided, more like a sales document than a management consultant's dispassionate, objective, even-handed assessment. The downside of "life-logging" is not even mentioned, let alone investigated. The downside is obvious (but for anyone who can't work it out for themselves, ENISA kindly produced a report on it).

Mydex face established competition from the credit rating agencies. Set up in the late nineteenth century to support mail order selling, the credit rating agencies (the personal ones, not the Moody's and the S&Ps of this world, organisations like Experian, in which this reviewer holds 1,324 shares, interest declared) have a well-deserved reputation for the discreet concentration of personal data gathered from multiple sources into a single data store. Not that you'd know it from the Ctrl-Shift report. Mydex have nothing to offer that the credit rating agencies don't already have.

Mydex face established competition from Facebook. 800 million people worldwide already actively maintain their Facebook page, or PDS.

It's a brave try. If peculiar. But the ecosystem isn't going to support this new life form.

----------

Updated 17.6.14

Just to remind you: "The opportunities for organisations arising from a new personal information economy are game changing. Ctrl-Shift is the world’s leading market analyst and consulting business helping organisations to capitalise on these opportunities".

Back in November 2011 Ctrl-Shift told us in The new personal data landscape (p.14) that ...

Every individual has a vast and rich store of knowledge and information about themselves which, most of the time, sits unused in their heads ... Access to such data represents a ‘holy grail’ data to companies because it explains why people do what they do and predicts what they are going to do next ... In the emerging personal data ecosystem individuals will have the ability to both input this information into their own digital tools and services and to voluntarily share it with organisations in order to access more appropriate services and get things done.

Ctrl-Shift’s research finds that the market for these new streams of information could grow to be worth £20bn in the UK over the next ten years.

... and a factoid was born – the personal information management industry in the UK could one day be worth £20 billion, whether that's per annum or spread over 10 years it wasn't clear.

Yesterday this factoid was reborn when Ctrl-Shift told us in Personal Information Management Services - An Analysis Of An Emerging Market that:

The research estimates the potential size of the market for PIMS as £16.5bn or 1.2% of gross value added in the UK economy. This is an untapped market opportunity for those organisations able to adapt and respond to new demands for managing, using and sharing personal data.

£20 billion? £16½ billion? Who knows. What's £3½ billion between friends. This is an untapped market opportunity for those organisations able to adapt and respond to ever-moving goalposts and new demands for exploiting personal data.

Ctrl-Shift's research is tied to the Department for Business Innovation and Skills's midata initiative (RIP), to the Government Digital Service's identity assurance service (RIP) and to its sister company Mydex's personal data store business.

And what is the strategic objective of these mooncalf economics?

According to Mydex's CEO, no Mydex, no transactions:

Mydex at the centre of ... everything

The case for midata – the answer is a mooncalf

more ►