Tuesday, 4 September 2012

midata, the loneliest initiative in Whitehall – 9

BIS prove that midata is unnecessary.
Would you give a complete list of your acquaintance to a stranger?
Do you believe there is such a thing as a secure website?
Why keep a regulator and bark yourself?

--- o O o ---

Talk about lonely.

On 3 November 2011, Ed Davey MP posted 'Giving consumers the midata touch' on the the Department for Business Innovation and Skills blog and that was it – for 305 days, Mr Davey's post sat there all on its own.

Then yesterday, 3 September 2012, a second post was delivered, 'Why my data is important data', written by Stelios Koundouros, the "founder and director of billmonitor.com".

Mr Koundouros describes a number of his company's achievements, helping people since 2005 to choose the right mobile phone tariff. These successes have been achieved without there being any midata. They have been achieved using the mobile phone operators' tariffs and people's mobile phone consumption data both of which are released by the Telcos without there being any midata.

billmonitor.com's success is the neatest proof BIS could possibly have offered that midata is unnecessary.

So why does Mr Koundouros write the following, given that his story proves the exact opposite?
The implementation of the ‘midata’ vision is without doubt a prerequisite for ending confusion facing UK consumers about how much they pay for goods and services.
We are told that:
Stelios Koundouros is founder and director of billmonitor.com, and has led the company’s efforts since 2005. He holds a PhD in mathematics from Cambridge University and has carried out research at the Mathematical Institute at Oxford.
We are not told – but it is the case – that billmonitor.com is one of the 19 companies which initially expressed interest in midata, and that it is "Part of the government Midata board", according to the billmonitor.com home page. Perhaps that is why Mr Koundouros writes as he does.

There's nothing wrong with Mr Koundouros expressing his support for midata, even if he does undermine his own case. Just don't let BIS give you the impression that his is independent support.

The billmonitor.com website says:
Only you can make spending decisions
Bank level data encryption
Why this level of security?

Because, remember, in order to use the billmonitor.com service, you have to give them months and months of your detailed phone bills, they will know who you call, how often, for how long, and who you text. That personal data needs to be protected, and thus the "bank level data encryption".

Do you mind telling a total stranger as a result, who your friends and colleagues are? The people you call? Might they mind?

Do you trust Mr Koundouros's security measures?

The US Government trusted HBGary Federal's security, and just look what happened when the hackers decided to drive a coach and horses through it:
... A second example is Anonymous’ perhaps most striking operation, a devastating assault on HBGary Federal, a technology security company. HBGary’s clients included the US government and companies like McAfee.

The firm with the tag-line detecting tomorrow’s malware today had analyzed GhostNet and Aurora, two of the most sophisticated known threats. In early February 2011, Aaron Barr, then its chief executive officer (CEO), wanted more public visibility and announced that his company had infiltrated Anonymous and planned to disclose details soon.

In reaction, Anonymous hackers:
  • infiltrated HBGary’s servers,
  • erased data,
  • defaced its website with a letter ridiculing the firm ...
  • ... with a download link to a leak of more than 40,000 of its emails to The Pirate Bay,
  • took down the company’s phone system,
  • usurped the CEO’s twitter stream,
  • posted his social security number,
  • and clogged up fax machines.
Anonymous activists had used a number of methods, including SQL injection, a code injection technique that exploits faulty database requests. ‘You brought this upon yourself. You’ve tried to bite the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face’, said the letter posted on the firm’s website. 

The attack badly pummeled the security company’s reputation.
Stories like that are two-a-penny and you can read about 25 penceworth here. After which, you may wonder how secure billmonitor.com or any other website is.

Iran, which has suffered a number of cyber-attacks, has given up the ghost and decided to "move key ministries and state bodies off the worldwide internet". Meanwhile, in the name of midata, here's BIS luring you into storing your personal data in the custody of complete strangers on servers which could be anywhere in the world, much of which is beyond the jurisdiction of English law and emphatically out of your control.

The billmonitor.com website also says:
billmonitor was the first mobile comparison site approved by Ofcom in 2009
No doubt it was. It is Ofcom's job to regulate the Telcos. Why do we need billmonitor.com as well? And midata? If Ofcom can't do the job, why should midata be able to? Why keep a regulator and bark yourself? Surely the public interest is served by having the regulator do its job properly, and not by expensively doubling up on regulation.

No comments:

Post a comment