DMossEsq: billmonitor

Showing posts with label billmonitor. Show all posts

Monday, 10 September 2012

midata, the loneliest initiative in Whitehall – 12 and last

Today is the deadline for submitting responses to the Department for Business Innovation and Skills (BIS) consultation on midata. That doesn't make it an important day. BIS will not be dissuaded by any adverse comment in the responses. But for what it's worth:

midata 2012 review and Consultation - response form
Consultation on legislating to give consumers access to data in an electronic, machine readable form
For your ease, you can reply to this consultation online at: https://www.surveymonkey.com/s/midata
Alternatively you can email, post or fax this completed response form to:
Email
midata@bis.gsi.gov.uk
Postal address
Craig Belsham,
Head of Consumer Empowerment,
Department for Business, Innovation and Skills,
1 Victoria Street,
London,
SW1H 0ET
Fax
020 7217 2234
A copy of this consultation can be found at:
http:/www.bis.gov.uk/consultations
The Department may, in accordance with the Code of Practice on Access to Government Information, make available, on public request, individual responses.
The closing date for this consultation is 10 September 2012.

Your details
Name: David Moss
Organisation (if applicable): Not applicable
Address: xxxxxxxxxx
Telephone:    xxxxxxxxxx
Fax:    xxxxxxxxxx
email: BCSL@blueyonder.co.uk
Please tick a box below that best describes you as a respondent to this consultation:



Business representative organisation/trade body

Central government

Charity or social enterprise

ü

Individual

Large business (over 250 staff)

Legal representative

Local Government

Medium business (50 to 250 staff)

Micro business (up to 9 staff)

Small business (10 to 49 staff)

Trade union or staff association

Other (please describe)

Question 1: Do you agree with the principles of midata?
No
Have you any comments on the proposed approach?

The Department for Business Innovation and Skills (BIS) say that midata would force suppliers to make transaction data available to consumers. They already make that data available and have done for decades. midata is unnecessary.

BIS say that midata will make the economy grow. They give no reason to believe that and provide no figures. What is the target? How would BIS know if midata had succeeded?

They say that midata would empower consumers. The examples of empowerment given concern switching between mobile phone suppliers and between energy suppliers. There are already applications which support this switching and BIS themselves describe the energy companies as already blazing the trail. Again, midata is unnecessary.

Even its promoters have trouble explaining what midata is for. Professor Shadbolt, chair of the midata programme, was interviewed on BBC Radio 4’s You and Yours on 5 September 2012 and cheerfully announced that he couldn’t give examples of any other applications.

We already have Ofcom and Ofgem. Why do we need midata as well? Are BIS saying that Ofcom and Ofgem don’t do their job properly?

BIS still can’t answer the questions raised by Rory Cellan-Jones of the BBCon 3 November 2011: “what's the catch for consumers and why is the government getting involved?”.

Which may in turn explain the lack of take-up by suppliers, not a single new adherent having been announced since BIS’s 3 November 2011 press release.

Which leaves this respondent to the consultation wondering why BIS want midata, and want it so much that they have switched from midata being a voluntary scheme to proposing to make it compulsory.

And wondering what the rôle of the Behavioural Insights Team is in midata – they’re meant to nudge, not legislate.

And wondering how BIS can describe this proposed additional regulation of UK business as having a deregulatory effect.

The practical effect of midata on the public would be to require us all to maintain a number of PDIs, personal data inventories, each recording sufficient data to identify us.

The PDIs would be maintained on the web, we are told, in the cloud, by trusted third parties – i.e. complete strangers – and they would be in permanent contact with all our suppliers, disseminating changes to our data automatically, without our being involved, to everyone who needs to know about the changes, and occasionally making recommendations to change our phone contract or energy contract.

It takes years to inspire trust and BIS provide no reason to trust these suppliers. They don’t even name them. If midata was a company, no reputable broker would sponsor it and no reputable stock exchange would list it.

The web is an inherently dangerous place to store personal data. BIS and the Cabinet Office, together with the Foreign Office/GCHQ, held an event on 5 September 2012 advising businesses to take effective precautions against cyber threats. At that event BIS promoted a set of GCHQmanuals, in which they give it as their opinion that most businesses have failed to implement cyber security properly.

ENISA, the EU’s information security arm, advise that no valuable data should be entrusted to the cloud and that cloud computing should only be embarked on with a clear exit strategy. The OECD also have their reservations about cloud computing: “cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties”.

If BIS believe GCHQ, ENISA and the OECD, their simultaneous advice to consumers to entrust our personal data to cyberspace is inconsistent and irresponsible.

The Cabinet Office make the unlikely claim that cloud computing is the key to transforming government by making all public services digital by default and delivering them through the G-Cloud, the government cloud, and a number of public clouds, P-Clouds.

For that, they need identity assurance, they need to be able to identify the consumers of public services online. They need the equivalent of the Home Office’s failed National Identity Service. They need us all to have PDIs. That’s what the Cabinet Office say, even while simultaneously acknowledging how dangerous it is and warning people against it.

It’s all very well BIS telling us consumers that we are hopeless at making choices and that we need midata apps to improve our lives. But BIS and the Cabinet Office might do well, equally, to ask themselves how on earth they decided to adopt PDIs, against their own advice, ignoring GCHQ’s advice, ENISA’s and the OECD’s. Better decision-making begins at home, in this case at No.1 Victoria St London SW1.

BIS should drop the ill-thought out midata initiative forthwith, it would do nothing for the economy and it would not empower consumers. Instead, it would expose us all to the risks of identity theft. If the Cabinet Office want us all to have PDIs, let them argue their confused case themselves. There is no good reason for BIS to do the Cabinet Office’s dirty work for them.

Question 2: Do you have a view on whether particular sectors or types of business should or should not be covered?
Yes
Comments:
The question doesn’t arise, midata should be abandoned.

Question 3: What is your view on the likely impact of the proposed approach on privacy, consent and information security and the implication for data protection

It would be disastrous. It courts all the dangers that BIS/the Cabinet Office/GCHQ/ENISA/the OECD warn against.

Question 4: What is your view on who should have the right to request data?
Consumers should and already do have the right to request data, midata is unnecessary.

Question 5: Some consumers already shop around, though may not always switch to the best deal for them. What additional proportion of consumers is likely to become empowered by this data?
None.

Question 6: What types of new services might be offered by intermediaries (such as, price comparison websites) and what could be the value of this new market?
The question doesn’t arise, midata should be abandoned.

Question 7:Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?
No
Comments:
It is irresponsible of BIS to incite people to hand over control of our personal data to third parties.

Question 8:Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?
No
Comments:
The consumer is being cut out of his own life in the midata scenario BIS suggest. A number of computers would be exchanging reams of information about the consumer without him or her being involved. Anybody naïve enough to embrace this potty vision of the future should be protected from themselves and not exploited by BIS.

Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?
The question doesn’t arise, midata should be abandoned.

Question 10:The Government is minded to require businesses to give their customers access to transaction and consumption data, in order to help them better understand their behaviour.

a)         What types of data would be most helpful? Customers already have access to their transaction data, the question is wrong-headed.

b)         Over what period should the data refer to? That is a matter for the market to decide. It already has decided. Where the period is too short, wise suppliers will heed their customers’ requests to lengthen it.

Question 11: Should other types of information, such as warranties or terms and conditions, be included?
No
Comments: The question doesn’t arise, midata should be abandoned.

Question 12: Should the Government specify a particular electronic format beyond a machine readable open standard format in which the data has to be supplied?
No
Comments: The question doesn’t arise, midata should be abandoned.

Question 13: Should the Government specify a period within which data must be released electronically following a consumer’s request?
No
Comments: The question doesn’t arise, midata should be abandoned.
b) If so, what would be a reasonable period within which data must be released?

Question 14: Please provide information about cost:
- Where your business already collects the relevant data, please estimate:
a) Additional one- off costs of making the data available in an open standard format (such as, purchasing new IT, hiring IT staff) – not applicable.
b) Additional ongoing costs (such as of additional staff) – not applicable.
c) If not already stated, please state here the approximate number of customer accounts that these costs are estimated for. For example, number of UK accounts – not applicable.

Question 15: Should businesses be permitted to charge a consumer for providing them with the data in electronic format?
Yes
Comments: If midata were deployed, then yes, of course, but the question doesn’t arise, midata should be abandoned.

Question 16: Should any such charges be constrained by the legislation?
No
If so, do you have a view on how a maximum charge should be set or adjusted?
The question doesn’t arise, midata should be abandoned.

Question 17:Which body/bodies is/are best placed to perform the enforcement role for this right?
The question doesn’t arise, midata should be abandoned.

Question 18:Should the Government specify a lead enforcement body?
No
If yes, who:

Question 19: How should the right be enforced by any such body? Will they need any new powers to enable them to enforce it?
The questions don’t arise, midata should be abandoned.

Question 20: What examples of existing regulatory actions could be reduced or removed if the power being consulted on was exercised?
The question doesn’t arise, midata should be abandoned.

Question 21: Should a consumer be able to launch independent action (and, if so, what sort of action) in relation to non-compliance with the duty?
No
Comments: the questions don’t arise, midata should be abandoned.

Question 22: Do you foresee any risks or undesirable consequences from exercising a power to require certain data to be released electronically?
Yes
Comments: please see answer to Questions 1 and 8.

© Crown copyright 2012
You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit www.nationalarchives.gov.uk/doc/open-government-licence, write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gsi.gov.uk.This publication is also available on our website at www.bis.gov.uk
Any enquiries regarding this publication should be sent to:
Department for Business, Innovation and Skills
1 Victoria Street
London SW1H 0ET
Tel: 020 7215 5000

If you require this publication in an alternative format, email enquiries@bis.gsi.gov.uk, or call 020 7215 5000.
URN 12/943RF

midata, the loneliest initiative in Whitehall – 12 and last

more ►

Thursday, 6 September 2012

midata, the loneliest initiative in Whitehall – 10

Governing people is difficult. Too difficult.

Whitehall have given up.

midata is part of their alternative plan.

Governing personal data stores will be much easier.

--- o O o ---

Why is billmonitor called "billmonitor"?

billmonitor, if you remember, is a service which advises consumers what the best mobile phone tariff is for them to be on. The company behind this service is a keen supporter of midata, the Department for Business Innovation and Skills initiative, and is "Part of the government Midata board". midata is dedicated to getting the best deal for consumers, whether we're talking about mobile phone contracts or choosing the right gas and electricity suppliers or any other decision including health, education and employment decisions.

It all seems to make sense.

Until you notice that billmonitor has been in business for seven years or so and seems to have survived and maybe even thrived for all that time without needing midata.

Let's leave that for the moment, and try another question.

BIS are currently conducting a consultation on midata. They're interested in our answers to 22 questions. Questions 7, 8 and 9 are as follows:

Question 7: Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?

Question 8: Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?

Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?

Third parties? Secondary users? What on earth are they talking about?

And another thing. Who do you think wrote the following?

Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. Are you confident that your cyber security governance regime minimises the risks of this happening to your business? My experience suggests that in practice, few companies have got this right.

Answer – Iain Lobban, the Director of GCHQ, in the Foreword to 10 steps to cyber security, one of the documents referred to in yesterday's 5 September 2012 press release issued by BIS, Business leaders urged to step up response to cyber threats, in which Vince Cable, Secretary of State at BIS, announces a new initiative to get business leaders to take the threat of cyber attacks seriously.

Few companies have got cyber security right, according to GCHQ, and yet there's the same Secretary of State, Vince Cable, promoting midata and urging us all to store our personal data on the web. It seems confused. Schizophrenic even. What's going on?

Last question. Professor Shadbolt was on You and Yours yesterday, the BBC Radio 4 consumer affairs programme (16'21" to 22'35"), chatting amiably about midata, the benefits of which would be legion but he couldn't name any. He's an intelligent man. What's he doing giving such a vapid interview?

billmonitor is called "billmonitor" because it monitors your bills. You don't just hand over your last few months' mobile phone bills, once-off, billmonitor recommends that you switch from tariff X to tariff Y and that's the end of the relationship. No, you hand over your mobile phone no., your user ID and your password, and billmonitor logs on to your phone company and sits there monitoring your phone usage until Doomsday, occasionally issuing recommendations to switch from this contract to that.

billmonitor is one of these "third parties" referred to in the BIS consultation whom you authorise to access data from your suppliers. And when billmonitor processes your mobile phone consumption data they become, in the terminology of BIS's consultation, "secondary users" of the data.

You the consumer have to be very trusting to give a stranger, billmonitor, access to your phone account. Particularly in light of GCHQ's claim that most companies have faulty cyber security, including perhaps billmonitor and all the telcos they are logged in to.

BIS want us all to take that risk. For midata. There must be something in midata that BIS prize so highly, they are even prepared to recommend that we run the associated risks of cyber-crime, the financial risks and the loss of privacy.

Whatever that something is, that BIS prize so highly, it's too embarrassing for Professor Shadbolt to tell us what it is.

So it's a good job that William Heath now has told us.

William Heath, remember, is the Mydex and Ctrl-Shift man, and a few hours ago he published To understand BIS’ midata proposal it helps to understand Mydex on the Mydex blog:

The Government’s midata consultation to give consumers a statutory right to their data in electronic format affects every individual, and every major company holding customer data in the UK. But it cannot be properly understood in isolation of wider imminent changes in how personal data is managed, shared, controlled and valued.

Mydex is all about that bigger picture. So we’ve drafted a briefing note particularly for organisations responding to the midata consultation.

We support midata. It will empower individuals and at last give real teeth to the good intentions behind the Data Protection Act subject access request. It goes hand in hand with the new UK and US approaches to ID assurance [emphasis added], which we also support. We think midata needs to apply also to other UK public services including health, education and job-seeking.

The Mydex "briefing note" referred to above, Making midata work for you, explains the benefits of a Mydex PDS (personal data store). Among others:

Digital by default. If the individual agrees, organisations can establish live, permanent links to key fields (such as home address and contact details) in the individual’s data store, receiving live status updates ...

Empowering. Mydex has a distributed cloudbased [oh good] hyper-secure [see GCHQ above] architecture ...

billmonitor just collects data from your suppliers. Mydex goes one step further – after collecting the data, Mydex distributes updates from one supplier to all the other suppliers who might need to know what's changed.

Having once given your permission, you're no longer involved. You're no longer needed. "Empowered" by midata, in "control" of your data, you've become digital by default.

Which is lucky, because the government wants all public services to become digital by default, too.

And with the identity assurance provided by Mydex, they can. If everyone has a PDS and if the PDS is a requirement of every transaction, then Government can at last be transformed.

As the BBC tell us, a few clauses in the Enterprise and Regulatory Reform Bill so worthy and dull that it won't be scrutinised by many people will arm BIS with order-making powers. Thereafter, statutory instruments can be quietly laid down, unscrutinised by anyone, and midata will have all the powers of identity assurance that the Government Digital Service could wish for.

Governing people is difficult. Too difficult. Whitehall have given up. midata is part of their alternative plan. That's what the bashful Professor Shadbolt didn't want to say. Governing PDSs will be much easier.

midata, the loneliest initiative in Whitehall – 10

Governing people is difficult. Too difficult.

Whitehall have given up.

midata is part of their alternative plan.

Governing personal data stores will be much easier.

--- o O o ---

more ►

Wednesday, 5 September 2012

GreenInk 9 – Vince Cable and the re-shuffle

Let's see if the Telegraph publish this letter:

From: David Moss
Sent: 05 September 2012 11:34
To: 'dtletters@telegraph.co.uk'
Subject: James Kirkup, 04 Sep 2012, 'Free-market Tories arrive to reel in Vince Cable'

http://www.telegraph.co.uk/news/politics/9521389/Free-market-Tories-arrive-to-reel-in-Vince-Cable.html

Sir

In many cases "free-market Tories" will find it difficult to "reel in Vince Cable" at the Department for Business Innovation and Skills but there is one simple step forward they can take quickly – cancel BIS's confused 'midata' initiative.

Three examples of confusion. 1. BIS wish to take order-making powers to implement 'midata'. They describe this increase in regulation as having a de-regulatory effect. 2. 'midata' is meant to expand the UK economy but BIS agree that it is impossible to predict its macroeconomic effect, which could well be negative. 3. midata is meant to empower consumers. BIS want us consumers to store all our personal data on the web which, far from empowering us, will lay us open to mass identity theft.

If the free-market Tories can stop officials wasting their time and our money on 'midata', that will be a valuable first day's work at BIS.

Yours
David Moss

GreenInk 9 – Vince Cable and the re-shuffle

Let's see if the Telegraph publish this letter:

From: David Moss
Sent: 05 September 2012 11:34
To: 'dtletters@telegraph.co.uk'
Subject: James Kirkup, 04 Sep 2012, 'Free-market Tories arrive to reel in Vince Cable'

http://www.telegraph.co.uk/news/politics/9521389/Free-market-Tories-arrive-to-reel-in-Vince-Cable.html

Sir

In many cases "free-market Tories" will find it difficult to "reel in Vince Cable" at the Department for Business Innovation and Skills but there is one simple step forward they can take quickly – cancel BIS's confused 'midata' initiative.

Three examples of confusion. 1. BIS wish to take order-making powers to implement 'midata'. They describe this increase in regulation as having a de-regulatory effect. 2. 'midata' is meant to expand the UK economy but BIS agree that it is impossible to predict its macroeconomic effect, which could well be negative. 3. midata is meant to empower consumers. BIS want us consumers to store all our personal data on the web which, far from empowering us, will lay us open to mass identity theft.

If the free-market Tories can stop officials wasting their time and our money on 'midata', that will be a valuable first day's work at BIS.

Yours
David Moss

Tuesday, 4 September 2012

midata, the loneliest initiative in Whitehall – 9

BIS prove that midata is unnecessary.
Would you give a complete list of your acquaintance to a stranger?
Do you believe there is such a thing as a secure website?
Why keep a regulator and bark yourself?

--- o O o ---

Talk about lonely.

On 3 November 2011, Ed Davey MP posted 'Giving consumers the midata touch' on the the Department for Business Innovation and Skills blog and that was it – for 305 days, Mr Davey's post sat there all on its own.

Then yesterday, 3 September 2012, a second post was delivered, 'Why my data is important data', written by Stelios Koundouros, the "founder and director of billmonitor.com".

Mr Koundouros describes a number of his company's achievements, helping people since 2005 to choose the right mobile phone tariff. These successes have been achieved without there being any midata. They have been achieved using the mobile phone operators' tariffs and people's mobile phone consumption data both of which are released by the Telcos without there being any midata.

billmonitor.com's success is the neatest proof BIS could possibly have offered that midata is unnecessary.

So why does Mr Koundouros write the following, given that his story proves the exact opposite?

The implementation of the ‘midata’ vision is without doubt a prerequisite for ending confusion facing UK consumers about how much they pay for goods and services.

We are told that:

Stelios Koundouros is founder and director of billmonitor.com, and has led the company’s efforts since 2005. He holds a PhD in mathematics from Cambridge University and has carried out research at the Mathematical Institute at Oxford.

We are not told – but it is the case – that billmonitor.com is one of the 19 companies which initially expressed interest in midata, and that it is "Part of the government Midata board", according to the billmonitor.com home page. Perhaps that is why Mr Koundouros writes as he does.

There's nothing wrong with Mr Koundouros expressing his support for midata, even if he does undermine his own case. Just don't let BIS give you the impression that his is independent support.

The billmonitor.com website says:

Only you can make spending decisions
Bank level data encryption

Why this level of security?

Because, remember, in order to use the billmonitor.com service, you have to give them months and months of your detailed phone bills, they will know who you call, how often, for how long, and who you text. That personal data needs to be protected, and thus the "bank level data encryption".

Do you mind telling a total stranger as a result, who your friends and colleagues are? The people you call? Might they mind?

Do you trust Mr Koundouros's security measures?

The US Government trusted HBGary Federal's security, and just look what happened when the hackers decided to drive a coach and horses through it:

... A second example is Anonymous’ perhaps most striking operation, a devastating assault on HBGary Federal, a technology security company. HBGary’s clients included the US government and companies like McAfee.

The firm with the tag-line detecting tomorrow’s malware today had analyzed GhostNet and Aurora, two of the most sophisticated known threats. In early February 2011, Aaron Barr, then its chief executive officer (CEO), wanted more public visibility and announced that his company had infiltrated Anonymous and planned to disclose details soon.

In reaction, Anonymous hackers:
infiltrated HBGary’s servers,
erased data,
defaced its website with a letter ridiculing the firm ...
... with a download link to a leak of more than 40,000 of its emails to The Pirate Bay,
took down the company’s phone system,
usurped the CEO’s twitter stream,
posted his social security number,
and clogged up fax machines.
Anonymous activists had used a number of methods, including SQL injection, a code injection technique that exploits faulty database requests. ‘You brought this upon yourself. You’ve tried to bite the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face’, said the letter posted on the firm’s website.

The attack badly pummeled the security company’s reputation.

Stories like that are two-a-penny and you can read about 25 penceworth here. After which, you may wonder how secure billmonitor.com or any other website is.

Iran, which has suffered a number of cyber-attacks, has given up the ghost and decided to "move key ministries and state bodies off the worldwide internet". Meanwhile, in the name of midata, here's BIS luring you into storing your personal data in the custody of complete strangers on servers which could be anywhere in the world, much of which is beyond the jurisdiction of English law and emphatically out of your control.

The billmonitor.com website also says:

billmonitor was the first mobile comparison site approved by Ofcom in 2009

No doubt it was. It is Ofcom's job to regulate the Telcos. Why do we need billmonitor.com as well? And midata? If Ofcom can't do the job, why should midata be able to? Why keep a regulator and bark yourself? Surely the public interest is served by having the regulator do its job properly, and not by expensively doubling up on regulation.

midata, the loneliest initiative in Whitehall – 9

more ►