Sunday 30 June 2013

The China Syndrome

The China Syndrome is a fiction. The idea is that if a nuclear reactor runs short of coolant the core will burn through its container and burrow all the way through the earth, coming out the other side, in China.

Don't try this at home.

Not least because you'll be disappointed – as Wikipedia tell us, "the Three Mile Island accident's molten core got exactly 15 millimeters on its way to 'China' before [it] froze at the bottom of the reactor pressure vessel".

The film The China Syndrome was released 12 days before the Three Mile Island incident. It's extraordinary what some studios will do for a bit of publicity.

In the film, Jack Lemmon has proof of a conspiracy to cover up known safety problems with a nuclear reactor. By the time he's ready to go public with it, he's so tired and nervous that he comes across as a gibbering wreck with no credibility.

The physics may be all wrong but the film is a warning to whistleblowers against suffering their own China Syndrome credibility meltdown. If you want to have an effect, you need to be taken seriously – try not to look like a gibbering wreck.

----------  o  O  o  ----------


Before 6 June 2013, anyone suggesting that a huge number of telecommunications in the US and the UK are intercepted by the security services would have been regarded as a gibbering wreck, a paranoid and ridiculous conspiracy theorist.

Now, anyone who expresses the mildest surprise at the allegation of widespread surveillance is accused of naïvety, they are credulous, delightfully innocent simpletons, unaware of how the world works – and has to work – for their own good.

That's quite a change.

It releases the brakes on the imagination.

Perhaps it's not just the US and the UK?

That is the contention of an article the Guardian published last night:
At least six European Union countries in addition to Britain have been colluding with the US over the mass harvesting of personal communications data, according to a former contractor to America's National Security Agency, who said the public should not be "kept in the dark".
The article has now been unpublished and if you search for it and click on the link that Google returns, you get a Guardian page headed "Taken down: deals to hand over private data to America", saying "This article has been taken down pending an investigation".

Probably best, in the circumstances, to keep the brakes on and await developments.

----------  o  O  o  ----------

After all, you don't want to look naïve do you?

That promises to be the fashion crime of 2013.

Naïvety.

And, wreck that you are, just look where your gibbering leads –


Don't Worry – a China Syndrome play for tomorrow

For years, the Commissioner for the Inland Revenue has been pursuing Google, a company whose income from activities in Ruritania is equivalent to 2% of GDP, a company whose associated costs are negligible and yet whose profits – judging by its corporate income tax payments – are somehow also negligible.

The Commissioner's case is strong and the legal team is particularly optimistic since the CEO of Google Ruritania rang, asking for a meeting at which the tax situation would, the CEO believed, be settled fully and finally, to the satisfaction of all parties.

Today's the day. The Commissioner is in the office, there's a knock at the door and the Second Secretary ushers in the CEO and, to the consternation of the Commissioner, two other people. One is the Permanent Secretary at the Ruritanian Board of Trade and the other is the Ruritanian National Security Advisor.

CEO: Commissioner, I must thank you for seeing me at such short notice. You do me a great honour. Relations between Google and Ruritania are nothing but cordial.

Comm: I wish that were the case, CEO. Perhaps today's meeting will bring about a rapprochement but, as things stand, Google's reluctance to pay the corporation tax due is an obstacle to unfettered cordiality between us.

CEO: Precisely why I am here, Commissioner, and once again I must thank you for coming so quickly to the point. Just to be sure that all of us in the room are clear, could I prey upon you to state the Revenue's argument in summary?

Comm: We have a large number of cases decided at the Upper Tribunal confirming that the Revenue must ignore the intermediate stages of a transaction if the sole purpose of those stages is to avoid tax. You know, CEO, as well as I do that those cases are remarkably similar to the way Google organises its affairs. If our unfortunate and unnecessary dispute were taken to the Tribunal, their decision would be in favour of the Revenue, Google would have to pay the tax due, with interest and with penalties on top. That's the law. Your pretence that business obviously transacted in Ruritania is actually transacted in Carpathia is laughable. You can give in now. Or you can give in later, when the interest bill will be even higher, as will the reputational damage done to Google by all the media coverage.

CEO: Thank you, Commissioner, for your pre-Leveson warning and for that succinct statement. And I must say that if we keep our eyes fixed exclusively on Google's accounts, we can hardly fault the Revenue's case. But there is a bigger picture. There are other costs to consider and I wonder if perhaps at this juncture the Ruritanian National Security Advisor who has so graciously agreed to accompany me today might say a few words.

Security: Commissioner, you read the newspapers. You know of PRISM and Boundless Informant and Tempora and Echelon. These security initiatives need data. That is the arrangement we have with our cousins across the sea. We provide data. As much data as possible. We receive much consideration in return. Consideration which mitigates Google's low tax bills. A large proportion of our data comes from Google. Anything which threatens Google's access to data is a threat to Ruritania and I must ask you to take this into account in framing your case. Please don't worry about Google, Commissioner.

Comm: I do indeed read the newspapers, esteemed Security Advisor. I am not immune to your argument and I am not entirely naïve. But you too, if I may say so, must look at the bigger picture. It is my department's job to collect taxes. There are limits. Limits which it is inadvisable to breach. Our parishioners grow reluctant to make their contributions when they see wastage by the public administration. And when they see poor quality public services. Not to mention slush funds of hush money and golden goodbyes. A delicate balance needs to be struck to preserve the orderly operation of the political settlement. That becomes harder still to achieve when foreign companies are seen to trade here without the impediments suffered by Ruritanian businesses.

CEO: And that, Commissioner, is why the Permanent Secretary is here with us today.

Trade: Your department, Commissioner, has its job, and so does mine – to expand the economy. How do you do that? You sell more. How do you do that? You advertise more. You need to create demand. You need to discover people's wants, needs and interests, their preferences and their aspirations. You need to help people to discover the truth about themselves. That way you know what to supply to whom. In all of these matters, there's Facebook of course, but Google is at the heart of our strategy for growth. Don't worry, Commissioner, about collecting taxes. Once we have got the economy growing again, the taxes will follow. But for that, we need Google. Do not stand in the way of Google, Commissioner. If you do, you stand in the way of not only national security but also the health of the Ruritanian economy. And that is not the Revenue's job.

Comm: My dear colleague, you and I have worked together for years, the collaboration between Trade and the Revenue has been a fruitful one, we speak our minds and we get results. Your prescriptions for the economy, as we have told you on many occasions, would fail at GCSE. Further, why should Google avoid tax while other businesses can't? Excusing Google would look to the public like patronage, a special favour and random whereas the law is meant to be impartial. If implemented, your prescriptions would make my job impossible.

CEO: Not so much impossible, Commissioner, as unnecessary. Don't you worry about the public. And don't worry about the law – much of it is mere mythology. Quaint. You see Trade's plan is for every person in Ruritania to maintain a personal data store, managed by state-appointed trusted identity providers. That includes both types of person, natural persons and legal persons, i.e. corporations, trusts, and so on. Once these personal data stores are populated, where is the need for the Revenue? A tax farmer app can simply calculate the amount of tax due and make life more convenient for everyone by filing their tax returns for them and direct debiting the money from their bank accounts. It would be naïve of anyone not to see that that is the purpose of a personal data store and that that is also why the Revenue as currently constituted serves no purpose in the digital-by-default new world.

Comm: Oddly enough, CEO, this may surprise you, but no, I don't worry. You rely on a semantic web which doesn't exist, you have no philosophy of language, no theory of meaning. And you rely on the study of artificial intelligence, which is certainly artificial but not intelligent – your minions talk trivially of the "quantified self" but you have no philosophy of mind and your grasp of psychology is as tenuous as your economics. Your failure is guaranteed. No worries there.

CEO: We'll see. But you won't. I have an inkling that Ruritania will soon relieve you of your commission.

The China Syndrome

The China Syndrome is a fiction. The idea is that if a nuclear reactor runs short of coolant the core will burn through its container and burrow all the way through the earth, coming out the other side, in China.

Don't try this at home.

Friday 28 June 2013

G-Cloud – how to win

Francis Maude, the Cabinet Office minister, made an important speech yesterday.

The speech is covered on his award-winning GOV.UK website – Minister Francis Maude described how government is moving into a "new world" of technology procurement by opening up opportunities to SMEs [small and medium-sized enterprises].

Every step of his argument is contentious.

Let's leave that for another day ...

... and content ourselves here with noting that, one way and another, Mr Maude gets round to saying that "one of our most successful innovations is the delivery of the G-Cloud framework, which embraces open procedures. This is a step change in the way government buys IT. It’s quicker, cheaper, more competitive and more accessible to SMEs ... As a result, of the 700 successful suppliers on the framework – 83% are SMEs" and:
For example, the Home office saved 83% on a hosting contract by contracting with Skyscape. Skyscape is an SME providing hosting and other IT support services – and were one of the first accredited suppliers on G-Cloud. They started as a small start-up with 6 people - and now employ over 30 as a direct result of the business they get through G-Cloud.
Out of 700 candidates, Mr Maude chooses Skyscape for his example.

Why?

Skyscape was only incorporated on 3 May 2011. Just over two years ago. Many SMEs have been established for much longer and have a track record that can be properly evaluated.

How did Skyscape get accredited to G-Cloud?

With no track record, it's a mystery – as Mr Maude says, "this is a step change in the way government buys IT".

Not only were Skyscape accredited, they started winning contracts. With HMRC. And the MOD. And the Government Digital Service. And, as noted in Mr Maude's example, with the Home Office.

That's four chunky contracts that established SMEs failed to win. Instead, they went to Skyscape which, as at 31 March 2012, had sales of £44,416, which cost them £327,320, they'd spent £956,965 on administration and the balance sheet shows negative net assets of £1,240,833.

Is that what Mr Maude means when he says that G-Cloud is "quicker, cheaper, more competitive and more accessible to SMEs"?

What's the trick? How do you beat the G-Cloud competition – 699 of the world's finest – when you've only got £1,000 of share capital, all controlled by one man, when nobody's ever heard of you and you've never done anything except run up debts of £1.2 million?

You'd like to know?

You'd like to know why you lost?

Why the contract wasn't accessible to you after all, even though you have a hard-won track record of success?

Here's a guess.

Take a look at one of Skyscape's press releases. Their very first press release. You don't have to go far back, obviously. Just to 11 November 2011:
SKYSCAPE CLOUD SERVICES APPOINTS COMMERCIAL DIRECTOR

November 11, 2011
Skyscape Cloud Services appoints Commercial Director to oversee G-Cloud delivery.

Skyscape Cloud Services Limited, ‘the easy to adopt, easy to use and easy to leave’ assured Cloud Services Company, today announced that Nicky Stewart, former G-Cloud Head of ICT Strategy Delivery has joined the company as Commercial Director.

Stewart held the position of head of ICT strategy at the Cabinet Office where she was responsible for leading a team of public and private sector organisations to develop the commercial strategy for G-Cloud, data centre consolidation and the government application store.

In this newly created position Stewart will work with public sector organisations and the Skyscape Alliance to ensure that the company’s commercial strategy is aligned to their goals and desired outcomes and that future innovative commercial models are developed.

“There is an enormous opportunity for the public sector to benefit from the dramatic cost-savings, improved agility and lower carbon footprint that cloud computing offers” said Nicky Stewart. “What I have seen in Skyscape is a unique ability to deliver this in an assured, secure and UK sovereign manner; with almost unlimited capacity”.

Phil Dawson, CEO of Skyscape adds “Nicky’s appointment will ensure that Skyscape’s services continue to be truly aligned to the goals of the G-Cloud initiative, with innovative commercial models and the associated financial benefits for the UK public sector. As an industry leading team we are very much looking forward to demonstrating the tremendous benefits that an elastic, on demand IT service will bring to UK public sector”
There's your lesson.

Choose your commercial director carefully – there's not much point bidding otherwise.

Make sure she's the former G-Cloud Head of ICT Strategy Delivery, and you're away.

Simples.

----------

Updated 25.4.14

This matter has now been aired by James Silver in Wired magazine, 11 April 2014, please see Each cabinet office PC costs UK taxpayers £7,000 a year. Why?.

Apparently DMossEsq is wrong:
When this alleged conflict of interest is put to Bracken, he laughs: "I don't know who Nicky Stewart is, so I've no idea," he says. "We face a systematic problem in the civil service of having a revolving door, usually outwards back to large systems integrators. We can't just tell people in government that you can't work for suppliers. [But we can] do a lot to make sure this doesn't happen, by not handing out massive contracts and then having our best brains and people who know our services going to the places who are delivering them back to us."
and:
Simon Hansford, CTO of Skyscape, responded to Wired: "Nicky has never held a sales role within Skyscape, or any other organisation. Nicky uses her public-sector expertise, and her knowledge of how the UK government purchases, to ensure that Skyscape develops its policies, principles and services in a way that aligns with government ICT strategy principles and meets the needs of the UK public sector. All of Skyscape's business is won through fair and open competition and Skyscape's success comes down to its disruptive business model."
So it remains a mystery how Skyscape won several prestigious central government contracts against established competition before it had even filed its first set of accounts with Companies House.

G-Cloud – how to win

Francis Maude, the Cabinet Office minister, made an important speech yesterday.

The speech is covered on his award-winning GOV.UK website – Minister Francis Maude described how government is moving into a "new world" of technology procurement by opening up opportunities to SMEs [small and medium-sized enterprises].

Every step of his argument is contentious.

Let's leave that for another day ...

... and content ourselves here with noting that, one way and another, Mr Maude gets round to saying that "one of our most successful innovations is the delivery of the G-Cloud framework, which embraces open procedures. This is a step change in the way government buys IT. It’s quicker, cheaper, more competitive and more accessible to SMEs ... As a result, of the 700 successful suppliers on the framework – 83% are SMEs" and:
For example, the Home office saved 83% on a hosting contract by contracting with Skyscape. Skyscape is an SME providing hosting and other IT support services – and were one of the first accredited suppliers on G-Cloud. They started as a small start-up with 6 people - and now employ over 30 as a direct result of the business they get through G-Cloud.
Out of 700 candidates, Mr Maude chooses Skyscape for his example.

Why?

Thursday 27 June 2013

The Tragedy of the Commons

Public cloud benefits
outweigh security and data sovereignty risks,
says head of Parliament IT

Back in the 1970s, few organisations could afford their own computer. Timesharing bureaux grew up as a result. You'd nip round to your local IBM or Burroughs or ICL bureau with a deck of punched cards and a couple of tapes and come back with a printout. Timesharing wasn't cheap. But it made computing a bit more widely affordable.

That all changed with the advent of microcomputers and cheap high-speed telecommunications. The timesharing bureaux went out of business during the 1980s.

30 years later, they're back. Cloud computing suppliers are the timesharing bureaux de nos jours.

It's the same pitch. Outsourcing to a cloud computing supplier is cheaper than running your own data centre. There's more flexibility. You can get up and running more quickly. Backup and security are handled by dedicated experts and not by your own staff.

(Of course, prices could go up once there's no alternative to the cloud. And the cloud computing suppliers' backup and security staff could turn out to be just as flaky as your own. But these points are rarely made. Your attention is distracted by the modern and exciting hippy lure of the web, which is somehow deemed to be a good in itself.)

Outsourcing in government IT has been going on for decades. During which time an oligopoly of systems integrators (SIs) has developed in the UK and has allegedly grown used to charging the government eye-wateringly disproportionate fees for their services.

The SIs operate expensive data centres. Shifting to the government cloud (G-Cloud), it is hoped, will cut costs hugely while at the same time reducing development lead times and improving the response to change.

That's the pitch. That's the picture which is drawn for you to admire. And if that's all there was to it, there could hardly be any objection to cloud computing.

... the Houses of Parliament [are] now in the process
of moving a number of applications to the public cloud
as part of plans to create a ‘digital parliament’

From the dept of useless statistics:
  • 325 posts have been published on this blog, starting on 3 October 2011.
  • 61 of them are tagged "G-Cloud".
Clearly, DMossesq thinks there is something more to it, some important problem with cloud computing that needs to be communicated to readers.

He is not alone.

The OECD think that "cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties".

ENISA think that "its adoption should be limited to non-sensitive or non-critical applications and in the context of a defined strategy for cloud adoption which should include a clear exit strategy".

Larry Ellison, the President of Oracle, says "maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?".

Richard Stallman, venerable IT person, says "cloud computing [is] simply a trap aimed at forcing more people to buy into locked, proprietary systems that [will] cost them more and more over time ... It's stupidity. It's worse than stupidity: it's a marketing hype campaign".

Sergey Brin, one of the founders of Google, "acknowledged that some people were anxious about the amount of their data that was now in the reach of US authorities because it sits on Google's servers. He said the company was periodically forced to hand over data and sometimes prevented by legal restrictions from even notifying users that it had done so".

Gordon Frazer, managing director of Microsoft UK, "gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act".

... there were challenges around
the legal requirements of where data is stored,
explained Joan Miller, Director of Parliamentary ICT,
... at the
Think G-Cloud event in London.

Then there's Mayer Brown, the US lawyers, who tell us that "US law enforcement authorities may serve FISA Orders, NSLs, warrants or subpoenas on any cloud service provider that is US based, has a US office, or conducts systematic or continuous US business—even if the data is stored outside the United States".

And, further, "US law enforcement authorities may serve FISA Orders, NSLs, warrants or subpoenas on any cloud service customer that is US based, has a US branch, or conducts systematic or continuous US business—even if the data is stored outside the United States".

There's the indefatigable Caspar Bowden, former chief privacy adviser to Microsoft Europe, who has issued more warnings of the coming war than Cassandra, see for example Experts warn on wire-tapping of the cloud.

And there's the larger-than-life Kim Dotcom whose cloud computing company, megaupload.com, was put out of business by the FBI.

“The big outstanding element was data sovereignty,”
said Miller. “We needed to know
what was happening to that data in the cloud,
and that anything that happened to that data
was in our control.”

Which is where we get to the nub of the cloud computing problem.

Customers of megaupload.com had their data hosted in the cloud by Carpathia, acting under contract to megaupload.com. When the business was shut down, the customers lost access to their data which, in some cases, imperils their business.

Kyle Goodwin is one of these customers and his lawyers say "the [US] government maintains that Mr. Goodwin lost his property rights in his data by storing it on a cloud computing service ... both the contract between Megaupload and Mr. Goodwin ... and the contract between Megaupload and the server host, Carpathia ..., likely limit any property interest he may have in his data".

Sign a cloud computing contract in other words and you lose the rights to your property.

You lose control of it.

“We were thinking we have to go back ...
and make sure that what we have done to measure the risk
is adequate to deal with ... the American government’s use of data 
...
In fact, we are reassured 
that everything we thought about
is still covered in the work we have already done.”

You already knew that – the media report the activities of hackers every day. Even the US military seem to be helpless in the face of cyberattacks allegedly carried out by the Chinese. You knew that the web is a dangerous place to store your data. There is no such thing as a secure website. "Secure website" is an oxymoron.

Cloud computing adds to the risks:
  • The website is no longer in-house.
  • The staff who operate the equipment are not on your payroll and have not been vetted by you.
  • Your contractor will have sub-contractors, like Carpathia, which makes the line of command longer.
  • And, thanks to the internet, your data can pop up on servers anywhere in the world, in or out of the jurisdiction of English law.
And as we have discovered this month thanks to Edward Snowden, you also need to know that the National Security Agency in the US and the UK's GCHQ will also have access to the data in the cloud and may share it with anyone.

The advocates of cloud computing know all that. They know about the loss of control and the hacking. And yet they persist.

According to Miller
much of the data held by the Houses of Parliament
is actually relatively low risk.
She explained that, other than in certain circumstances,
the majority of the data is already destined for the public domain.

If your lawyers promise to keep your data confidential and then store it in the cloud, you can fire them. That threat is sufficient to force all but the mad to try hard to keep your data confidential.

It is the tragedy of the commons that that incentive doesn't work with the UK public sector.

You won't catch the US losing control of their data if they can help it, nor China, nor Russia, nor Germany – GCHQ surveillance: Germany blasts UK over mass monitoring. Those are states that clearly aim to survive.

But in the UK, local government, central government and now Parliament itself seem to be determined knowingly to risk storing our data in the cloud. They are abdicating their sovereignty and with it their responsibility. Has the state lost the will to survive?

----------

(Hat tip: The tragedy of the commons)
(Hat tip: Matthew Finnegan from whom the big italic quotations above are taken)
(Hat tip: Glyn Moody)
(See also House of Lords Management Board Minutes 16 January 2013)
(And Think G-Cloud 2013)

----------

Update 3.3.14

Last June when the post above was written we were assured that the security arrangements for the UK parliamentary website are adequate.

Just under nine months later, what do we learn?
The official website of the UK Parliament contained basic flaws that left it vulnerable to hacking, a programmer has discovered.

In a well-known loophole that has now been closed, the internal search engine on www.parliament.uk allowed users to enter computer code that meant it displayed images, video and even requests for passwords where the results would ordinarily appear.
See Revealed: key UK websites vulnerable to hackers in today's Telegraph.

From today's Telegraph
don't worry,
just their little joke
"Basic flaw"?

"Well-known loophole"?

The Telegraph are talking about the website. Or are they talking about Joan Miller, Director of Parliamentary ICT? And all the other officials in Westminster and Whitehall who just can't take security seriously, headed by Public Servant of the Year ex-Guardian man Mike Bracken CBE?

Public Servant of the Year ex-Guardian man Mike Bracken CBE, you will remember, is the executive director of the Government Digital Service. He is the "head of digital", as they say, for the whole of Whitehall. And, setting a dubious example, he told a conference last October that security ought to be relaxed because he'd just had a daughter. He was so tired as a result that he couldn't remember the answers to all the Whitehall security questions he had to answer to use his account:


And as for Ms Miller, Director of Parliamentary ICT, it's the old story – just because someone tells you a website is secure doesn't mean it's true. Even if your interlocutor has a technical- and senior-sounding job title and works for the most respected organisation in the world.

On-line security is like unicorns.

And if that website is in the cloud, forget it.


Updated 4.4.14

Terence Eden, the blogger who discovered the security hole in the UK Parliament website and brought it to their attention, is too polite to use the word "muppet". Instead, he says:
The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people.

That's why it's so depressing to see such a basic error as this XSS flaw in their search engine.
He goes on to explain how the website security weakness could be exploited, explaining the procedures step by step and giving examples.

This is the first in a series he hopes to publish on what he calls The Unsecured State. Perhaps Whitehall and Westminster will take note.


Updated 7.4.14

Joan Miller steps down from role as director of parliamentary ICT

The Tragedy of the Commons

Public cloud benefits
outweigh security and data sovereignty risks,
says head of Parliament IT

Back in the 1970s, few organisations could afford their own computer. Timesharing bureaux grew up as a result. You'd nip round to your local IBM or Burroughs or ICL bureau with a deck of punched cards and a couple of tapes and come back with a printout. Timesharing wasn't cheap. But it made computing a bit more widely affordable.

That all changed with the advent of microcomputers and cheap high-speed telecommunications. The timesharing bureaux went out of business during the 1980s.

30 years later, they're back. Cloud computing suppliers are the timesharing bureaux de nos jours.

Monday 24 June 2013

Wake up, Spectator

As you will know thanks to Edward Snowden, the National Security Agency (NSA) in the US and the UK's GCHQ have been intercepting hundreds of millions of people's communications.

Mr Snowden's revelations have been published in the Guardian from 6 June 2013 onwards and here in the UK the public have been thoroughly patronised ever since by all other major media outlets.

Take the Spectator, for example. In their 15 June 2013 edition the leading article, 'Top Secrets', says:
This week’s exposé of the US National Security Agency has been heralded as the greatest intelligence leak since the Pentagon Papers. It is nothing of the sort. Far from revealing some institutional outrage, the whistleblower Edward Snowden merely appears to have found what any low-level intelligence source might find. Intelligence agencies try to find things out about certain people. Spies spy, and can be innovative in their techniques. Rapid technological advances mean that the amount of snooping is growing at a faster rate than laws and regulations have been able keep up. But where is the scandal?
The spying is being done for our own good, to protect us, by two benevolent states, the spies are dedicated public servants doing their patriotic duty, what else would we expect, we would have to be naïve and credulous and other-worldly to be surprised, everyone knew about it, ...

That's the line. Strange, in that case, that the Spectator have never mentioned it before.

The allegation is, according to the Spectator, that the NSA and GCHQ spy on each other's citizens, thereby getting round the fact that it's illegal for them to spy on their own citizens:
Even if true, this has not proven to be a matter of any great concern for the general public. Opinion polls on both sides of the Atlantic suggest that people are not particularly bothered. People appear to recognise that the security agencies must exercise unique powers to intercept and thwart people who wish to harm us.
Since when did the Spectator abdicate thought and resolve political issues by appealing to opinion polls?

There's a one-word answer to that – never. Which suggests that the article wasn't written spontaneously. The editor is following a script. And not very well, because the article goes on to say:
The same is not true for the taxman, who would quite like some of these powers for himself. The government’s ‘snooper’s charter’ is an attempt to give any government department, even town halls, various degrees of power to pry in the name of ‘national security’ ...
"The same is not true for the taxman"? Why not? Same logic – it's all for the public good, the state has a duty to collect the right amount of tax, nothing-to-hide-nothing-to-fear, what else would we expect, ... Now who's being naïve and credulous and other-worldly?

Given that the occasion for the Spectator's leading article is the publication of the NSA's and GCHQ's secrets, how could they expect to be taken seriously when they write:
Spies are quite good at keeping secrets; governments are not.
And then this:
... what might happen if information relating to people’s medical records were leaked to a government employer or a health insurance company?
"What might happen if information relating to people’s medical records were leaked"? What do they mean "if"? This is on the way to becoming government policy, as the Spectator should know.

Stephan Shakespeare, the founder of YouGov, the political polling organisation, has been asked to produce a National Data Strategy. The state should allow people's health and education data to be exploited, he says in the Shakespeare Review, and his recommendations have been welcomed by Francis Maude, Cabinet Office minister.

The Spectator should also know that Mr Maude's digital-by-default policy for public services depends on so-called "identity providers" getting us all on-line with a personal data store. And that his Electoral Registration and Administration Act provides for us all to maintain our entry on the electoral roll on-line – the electoral roll, that is, which will be used for the 2015 general election. And that his G-Cloud policy is the fastest way yet discovered for the government to lose control of our data.

It's about time the Spectator woke up to midata, the Department for Business Innovation and Skills initiative which is meant to use the same "identity providers" to get us to store our personal data on-line where GCHQ and the NSA can get at it for our own good:
My name is Stephen and I head up the work on consumer confidence and trust which is part of the midata voluntary programme ... A data-enabled online market place will create new services that will take your data and do some really interesting things with it ...

Hi I’m Dan, Director of the midata Innovation Lab, part of the midata voluntary programme ... By putting information back into the hands of consumers, and by encouraging business to release data, investing in products that consumers want and that use this information, we will help empower UK consumers in a really meaningful way ...

I’m Richard and I chair one of the expert working groups looking at what we need to do to ensure that consumers can be confident when they allow their data to be passed to and used by third parties who are developing new and innovative applications to aggregate and use existing data in a way that brings benefits to users of these new services ... A data rich economy will allow lots of innovative companies to create brand new services that will enable you to take your data and do some really interesting things with it, with the ultimate goal of making sure you can get the best deal across a range of services.
There are safeguards, the Spectator tell us:
In reality, MI5 and MI6 already have powers to intercept anything categorised as a ‘communication’. Permission is needed — but it is sought and granted. It is wrong for MI5 or the CIA to engage in a ruse to cut out the paperwork. But let us not pretend this makes either into a 21st-century Stasi.
Public confidence in those safeguards is not increased by Mr Maude's attitude to data-sharing between, say, GCHQ and HMRC:
I want to bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone.
Who's in charge of the £650 million cybersecurity budget that presumably paid for GCHQ's communications interception systems? Francis Maude.

The Spectator quite properly holds out against the provisions of the Leveson report. Let's see a little of the same prudently sceptical spirit applied to this NSA and GCHQ business.

----------

Updated 27 December 2013:

Wake up, Spectator?

Fraser Nelson is the Editor of the Spectator.

And judging by an article of his in today's Telegraph six months after the post above was published he's woken up, please see The state should be exposing the cyber-snoops, not joining them.

Hallelujah.

Wake up, Spectator

As you will know thanks to Edward Snowden, the National Security Agency (NSA) in the US and the UK's GCHQ have been intercepting hundreds of millions of people's communications.

Mr Snowden's revelations have been published in the Guardian from 6 June 2013 onwards and here in the UK the public have been thoroughly patronised ever since by all other major media outlets.

Thursday 20 June 2013

Digital-by-default – an eternal mystery?

In connection with the enquiry into digital-by-default, Rt Hon Francis Maude MP, Cabinet Office minister and Postmaster General, gave evidence to the House of Commons Science and Technology Committee on Monday 17 June 2013:



There were many questions about digital-by-default before he gave his evidence – please see for example Digital-by-default, an open letter to the House of Commons Science and Technology Committee.

And having given his evidence now?

They remain unanswered.

Digital-by-default – an eternal mystery?

In connection with the enquiry into digital-by-default, Rt Hon Francis Maude MP, Cabinet Office minister and Postmaster General, gave evidence to the House of Commons Science and Technology Committee on Monday 17 June 2013:



There were many questions about digital-by-default before he gave his evidence – please see for example Digital-by-default, an open letter to the House of Commons Science and Technology Committee.

And having given his evidence now?

Sunday 16 June 2013

Tomorrow – the distributed self

After the collapse in 2010 of the Home Office's ID cards scheme, the NIS (National Identity Service), Whitehall claimed to have learned the lesson.

The 20 September 2010 meeting for Whitehall and its suppliers made it clear that the whole idea of the NIS is now anathema and the Home Office are outcasts, whose contagious touch must be kept away from the new idea – identity assurance.

At the centre of the old NIS lay the National Identity Register, the NIR, a single database with one record per person enrolled into the scheme. At least, that was the plan. It never happened.

Talking to the Information Commissioner's Conference on 6 March 2012 about the new scheme, IDAP, the Identity Assurance Programme, Francis Maude, Cabinet Officer minister, said: "at no point does information need be held on the same server to be correlated".

No NIR. IDAP in the clear?

No.

It's a conjuring trick.

More fully, what Mr Maude said was:
... the technology has moved on and so can we. There is now an option to share data momentarily allowing us to check for matches – with no Big Brother database in sight ... In a world of dispersed data sets, we can bring fragments together instantaneously and momentarily to corroborate – without ever creating a central database ... It’s about bringing together the data at a point in time - to provide the necessary confidence - and then disaggregating it again. At no point does information need be held on the same server to be correlated ...
The NIS was meant to rely on a single, central database. It's not clear but Mr Maude's plan for IDAP may be to use several distributed databases. There is nothing new about distributed databases, the technology for which "moved on" 30 years ago, in the 1980s.

Distributed databases may be geographically and physically separate. But they constitute one logical database, supporting data-matching just as well as the centralised model.

Or perhaps Mr Maude's plan is to use a Google-type program in the middle of IDAP to search far-flung, disparate databases. Again, nothing new about that.

Either way, distributed databases or Google, same effect. Same problem. There's still an NIR. Lesson not learned.

Mr Maude likes to use the term "data-linking" to distinguish IDAP from the "data-sharing" planned for the NIS. There is no distinction. IDAP threatens the same loss of privacy as the NIS.

IDAP is subject to the same law enunciated by Neil Fisher of Unisys back on 31 October 2011:
Any project with "identity" in the name is doomed to failure.
You know that's true. IDAP was meant to be "fully operational" by March 2013. It wasn't and it still isn't – despite what the Guardian call the "elite" team responsible for it at GDS, the Government Digital Service.

Keep your ears open tomorrow for Mr Maude the Conjuror's announcement about the new design principles for identity assurance.

When you hear him promise secure storage of your data in the cloud, remember, there is no such thing.

When he asserts that the suppliers are trusted third parties, ask yourself, who says they're trusted? Trust has to be earned. That takes years. It can't be granted by fiat.

When he claims that there is an "ecosystem" of private sector "identity providers" competing for your custom, just check, how many of them really are private sector companies. The Post Office? Mydex? They rely largely on central and local government contracts and on their influence over government policy.

These "identity providers" haven't adapted slowly, generation by generation, and survived a hostile nature that kills off all but the fittest. They don't exist in an ecosystem. IDAP is more like intelligent design. Or even creationism:
  • It's not an ecosystem.
  • The "identity providers" aren't all competitive private sector companies.
  • It's up to you to judge whether the suppliers are to be trusted and it could take years before you have enough evidence to reach a verdict.
  • As the media tell us every day, there's no such thing as a secure website. There are hackers out there against whom even the US military seem to be defenceless.
  • And then there's the NSA, the US National Security Agency, with PRISM and Boundless Informant, not to mention access to your mobile phone usage.
There will be three upturned cups on the table. Identity. Efficiency. And trust. Mr Maude will pop privacy under one cup and dextrously swirl them all around. After the beguiling patter and the colourful handkerchiefs, which cup contains privacy?

You know the answer to that one.

Tomorrow – the distributed self

After the collapse in 2010 of the Home Office's ID cards scheme, the NIS (National Identity Service), Whitehall claimed to have learned the lesson.

The 20 September 2010 meeting for Whitehall and its suppliers made it clear that the whole idea of the NIS is now anathema and the Home Office are outcasts, whose contagious touch must be kept away from the new idea – identity assurance.

At the centre of the old NIS lay the National Identity Register, the NIR, a single database with one record per person enrolled into the scheme. At least, that was the plan. It never happened.

Talking to the Information Commissioner's Conference on 6 March 2012 about the new scheme, IDAP, the Identity Assurance Programme, Francis Maude, Cabinet Officer minister, said: "at no point does information need be held on the same server to be correlated".

No NIR. IDAP in the clear?

No.

It's a conjuring trick.

Is data-sharing between consenting adults now legal?

Pat Russell is the Deputy Director of the Social Justice Division at the Department for Work and Pensions.

"Improved information sharing of personal and anonymised data between central government and local agencies – and between agencies on the ground", she says on the Institute for Government blog, "has been recognised as being vital to delivering better outcomes at lower cost".

Oh dear.

The Guardian newspaper said on 24 April 2012 that the government planned to increase the level of data-sharing and next day they were reprimanded by Francis Maude, Cabinet Office minister, for misrepresenting him.

"This is not a question of increasing the volume of data-sharing that takes place across government", he said, "but ensuring an appropriate framework is in place so that government can deliver more effective, joined-up and personalised public services, through effective data-linking".

Has Miss Russell fallen into the same trap of confusing data-sharing with the completely different business of data-linking? Will she, too, be reprimanded?

Maybe not.

She says: "One of the key learning points from the project [an example of effective data-sharing] was that there is a lot of mythology around and that many of the information sharing issues are cultural rather than technical or legal".

It's not clear whether Mr Maude disapproves of culture as much as Ms Russell but, like her, he certainly doesn't like myths: "I want to bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone".

Ms Russell acknowledges that "of course, we all recognise that there have to be safeguards in place". But when is a safeguard a myth? She doesn't tell us. Neither does Mr Maude.

Mr Hague [that's William Hague, UK Foreign Secretary] was busy telling us last week that there are safeguards limiting the uses to which GCHQ put intelligence data. One assumes that they don't share it with HMRC, for example. Or with DWP or the Department of Health or the Department for Education. Or do they? Is that a myth?

----------

Updated 9.3.16

For all his protestations to the contrary, Mr-now-Lord Maude was clearly in favour of massive data-sharing between government departments.

His successor as Cabinet Office Minister, Matt Hancock, is no different. "Data is the fuel for the digital revolution", he is quoted as saying, as though it means something.

"The very best policies and services", he adds, without giving any examples, "are developed around information that’s current, relevant and makes sure you can access government services just as easily as iTunes".

iTunes?

These quotations are culled from a 29 February 2016 Cabinet Office press release, Launch of new data sharing consultation. Apparently "data sharing in the UK [will] bolster security whilst making people's lives better". Unless it undermines security, of course, and wrecks people's lives.

If you can countenance the notion that the Cabinet Office knows how to improve your life and if you are happy to sweep away the "myths" – or "laws" as we used to call them – which prohibit data-sharing, then you may be impressed by the benefits suggested.

What benefits?

Among others, "government can share data to ... support the administering of fuel poverty payments ... [and prevent] authorities sending letters to people who are deceased". Is data-sharing the only solution to these problems? How about a rational energy policy, for example? Lower fuel bills would reduce the number of people who freeze to death and so reduce the number of deceased people the authorities have to write to.

You thought the Cabinet Office was going to promise that data-sharing would eradicate terrorists, paedophiles and tax-dodgers, didn't you. No. Perhaps they've noticed that these problems persist despite the enormous amount of data already at the disposal of the authorities.

The Cabinet Office claim that the Troubled Families programme needs more data-sharing and then undermine their case hopelessly by linking to a document that claims the programme is already succeeding brilliantly with the current data-sharing arrangements.

Normally the government asserts that the incidence of "fraud against the public sector" is microscopic but for the purposes of this press release it has ballooned and apparently the crisis can only be solved by ... more data-sharing, which will also reduce the £24.1 billion of debt the government has incompetently failed to collect.

It's not just the government. More data-sharing will help "citizens manage their debt more effectively", the Cabinet Office say. How? No idea. What about the government debt of £1½ trillion? No idea.

More data-sharing would "support accredited researchers to access and link data to carry out research for public benefit", but again there is no room for any examples. And no mention of the fact that we already have procedures for carefully controlled research (para.1.16) ...

... which just leaves us with our old favourite (and an old favourite of the Russian Tsars') – more data-sharing would allow us to carry out the national census more efficiently ... sorry ... more like iTunes.

It's not just the Cabinet Office. Shakespeare's at it, too. And the NHS. Even Her Majesty's Treasury.

Professor Sir Nigel Shadbolt, chairman and co-founder of the Open Data Institute, published The spy in the coffee machine – the end of privacy as we know it in 2008:
... sharing information across government databases will dramatically increase governmental powers – otherwise the UK government wouldn't have proposed it. (p.95)

... we should never forget that bureaucracies are information-thirsty, and will never stop consuming. Indeed, they will never even cut down. They will break or bend their own rules, and any prior specification of how information use will be limited, or data not shared, is not worth the paper it is printed on. (p.212)
No mention of improving people's lives there. Eight years later, you might like to bring that up in your response to the consultation. That, and Government as a Platform.


Is data-sharing between consenting adults now legal?

Pat Russell is the Deputy Director of the Social Justice Division at the Department for Work and Pensions.

"Improved information sharing of personal and anonymised data between central government and local agencies – and between agencies on the ground", she says on the Institute for Government blog, "has been recognised as being vital to delivering better outcomes at lower cost".

Oh dear.

The Guardian newspaper said on 24 April 2012 that the government planned to increase the level of data-sharing and next day they were reprimanded by Francis Maude, Cabinet Office minister, for misrepresenting him.

"This is not a question of increasing the volume of data-sharing that takes place across government", he said, "but ensuring an appropriate framework is in place so that government can deliver more effective, joined-up and personalised public services, through effective data-linking".

Has Miss Russell fallen into the same trap of confusing data-sharing with the completely different business of data-linking? Will she, too, be reprimanded?

Sunday seems like a good day to ask "what is work?"

Towards the end of Jon Manel's report on the Government Digital Service which occupied five minutes of BBC Radio 4's World At One on 10 June 2013 he interviews an "evangelical preacher" called Stephen Kelly who is also the government's chief operating officer.

Mr Kelly says (30'58"-31'59") that it takes his computer seven minutes each day to boot up and that that's like three days a year wasted.

By a curious journalistic operation, Sue Cameron had pre-figured this comment of Mr Kelly's in her 5 June 2013 Telegraph article, Wash the dirty Whitehall linen in private, minister. "You have to ask if someone, somewhere is being economical with the truth", she says. "One insider tells me that, thanks to Mr Maude’s openness agenda, information about Whitehall PCs is easily available. He says the figures indicate that ... the average boot time is two minutes, not seven".

Mr Kelly is wrong about the "average boot time".

And that's not all he's wrong about.

The three days a year he refers to would, indeed, be wasted if he sits gaping at his screen, waiting for the machine to boot up, doing nothing else all the while, his mind empty. But surely there is work the chief operating officer could be getting on with while his machine is springing into action at the speed of light?

And, once his machine has booted up, does he imagine that he is then ipso facto working and doing something useful?




Sunday seems like a good day to ask "what is work?"

Towards the end of Jon Manel's report on the Government Digital Service which occupied five minutes of BBC Radio 4's World At One on 10 June 2013 he interviews an "evangelical preacher" called Stephen Kelly who is also the government's chief operating officer.

Mr Kelly says (30'58"-31'59") that it takes his computer seven minutes each day to boot up and that that's like three days a year wasted.

By a curious journalistic operation, Sue Cameron had pre-figured this comment of Mr Kelly's in her 5 June 2013 Telegraph article, Wash the dirty Whitehall linen in private, minister. "You have to ask if someone, somewhere is being economical with the truth", she says. "One insider tells me that, thanks to Mr Maude’s openness agenda, information about Whitehall PCs is easily available. He says the figures indicate that ... the average boot time is two minutes, not seven".

Mr Kelly is wrong about the "average boot time".

And that's not all he's wrong about.

Friday 14 June 2013

GDS PR blitz

10 June 2013, the BBC Radio 4 world news programme World At One (WATO) carries a 5-minute report (27'32"-32'55") by Jon Manel on GDS, the Government Digital Service.

11 June 2013, WATO carries another 8 minutes (24'58"-32'55") of Mr Manel's report on GDS.

12 June 2013, Mr Manel publishes Inside the UK Government Digital Service on the BBC website.

13 June 2013, the Guardian publish a 6'50" video by Jemima KissGov.uk: how geeks opened up government featuring ex-Guardian man Mike Bracken (executive director, GDS), ex-BBC man Tom Loosemore (deputy director, GDS) and ex-Morgan Stanley man Francis Maude, their political boss (Cabinet Office minister).

What are GDS trying to tell us?

Listen, read, watch and what you learn is that GDS's staff are young, everyone dresses informally and each team has a fluffy mascot:
There is an inflatable guitar - a red one. You cannot fail to miss [notice?] the bunting. And then there are the mascots.

"For us, the Platform Team, it's an otter. His name is Jerry," one woman explains pointing to a brown and white soft toy with a rather sad expression on its face ...

As for the young civil servants in the GDS headquarters, some of them seem to have an almost evangelical spirit about them.
Some people will find the evangelical spirit which moves GDS charming. Others won't.

The idea is to model public administration on successful web companies, as ex-Guardian man Mike Bracken tells us in the Guardian video. But do Google and Facebook, for example, provide the right model?

The idea is to promote openness in government. GDS's single government domain project, GOV.UK, and their Identity Assurance Programme (IDAP) are major projects. But the Major Projects Authority verdicts on GOV.UK and IDAP have not been published.

An elite team of digital experts has sparked a radical shake-up in the way the government does its business. Some of the UK's best designers and developers are working on building a new single website for all government departments – gov.uk – but their influence has gone much further.
That's the rubric under the 13 June video on the Guardian website.

Pace Jemima Kiss, at least four professors are unconvinced that the team – or at least the Government Digital Strategy – is elite. And Dr Martyn Thomas, visiting professor at the universities of Oxford and Bristol, makes a fifth unconvinced professor – he told the House of Commons Science and Technology Committee that it's impossible to measure the quality of software systems developed with GDS's so-called "agile" methods.

The idea is to avoid the spectacularly poor value for money of some government IT contracts. An unimpeachable objective.

But how will GDS achieve it?

To be told, as we are in the Guardian video, that GDS are trying to improve the search algorithm on GOV.UK is no answer.

So-called "open systems" aren't the answer either, according to the four professors.

Will the "oligopoly" – as Jon Manel calls them – of government contractors fall in with GDS's plans for shorter contracts? Why should they? There's no need to while the big departments of state continue, as they do, to sign long contracts.

Is it the case that GDS's "influence has gone much further", as the Guardian claim? Francis Maude ends the Guardian video saying that there is enormous demand in Whitehall for GDS's services. Is there?

The Department for Work and Pensions (DWP) spend about £200 billion a year. When Jon Manel asks about DWP's Universal Credit (UC) initiative in the 11 June WATO report, the otherwise jocular ex-Guardian man Mike Bracken becomes guarded, "not that close to it", he says (31'29"), a response which Mr Manel glosses as "not our fault, guv".

GDS hijacked IDAP from DWP and then promised to have it "fully operational" for UC by March 2013. It wasn't and it still isn't. Leaving UC high and dry.

"Not that close to it"? Ex-Guardian man Mike Bracken is the senior responsible officer owner for government-wide identity assurance and there's no getting away from it.

The Department of Health spend about £120 billion a year. What are GDS doing about their computer systems? Or the systems at the Department for Education? And what are we to make of BBC money man Paul Lewis's warning on Twitter yesterday:



Apart from GDS, the only government body we hear from in this PR campaign is HMRC, in the 11 June WATO report. The clamorous demand is muted – Lin Homer, chief executive, describes GDS as "bumptious" but adds that there's nothing wrong with that.

She can afford to be kind. GDS haven't laid a glove on her £8 billion ASPIRE contract. Or on her website, www.hmrc.gov.uk, which GDS falsely claim to have incorporated into GOV.UK.

Meanwhile, GDS have some involvement with the plan to make us all enrol on-line on the new electoral register to be used for the 2015 general election. Why don't the BBC and the Guardian tell us anything about that major project?

What about GDS's involvement with the Department for Business Innovation and Skills midata project? And the related Shakespeare Review? What about their new-found responsibility for G-Cloud? What are GDS's plans for the Government Gateway? And what do GDS have to say about cybersecurity?

MPs are worried about digital-by-default – something else the BBC and the Guardian don't mention. Something like 16 million people in the UK will not be able to use the proposed web-based, digital-by-default public services which GDS are meant to deliver. They launched the assisted digital project on 28 July 2011 to try to solve the problem. And in today's weekly GDS diary, 14 June 2013, what does ex-Guardian man Mike Bracken tell us?
Also this week  GOV.UK won two D&AD awards for our content design and the Assisted Digital team had their first market engagement event with suppliers.
Nearly two years after the starting pistol was fired, they had their first meeting with suppliers?

It's early days, you may say, GDS can't be expected to have achieved much yet. Maybe. But in that case the PR is premature. Francis Maude is up in front of the House of Commons Science and Technology Committee on Monday to give evidence on digital-by-default. Let's see what that adds to the campaign.




----------

Update 17.11.13:

15 November 2013: Government Digital Service: the best startup in Europe we can't invest in
So what is it that GDS knows that every chairman and chief executive of a FTSE100 should know?
And what is it that every chairman and chief executive of a FTSE100 knows that GDS should know?

GDS PR blitz

10 June 2013, the BBC Radio 4 world news programme World At One (WATO) carries a 5-minute report (27'32"-32'55") by Jon Manel on GDS, the Government Digital Service.

11 June 2013, WATO carries another 8 minutes (24'58"-32'55") of Mr Manel's report on GDS.

12 June 2013, Mr Manel publishes Inside the UK Government Digital Service on the BBC website.

13 June 2013, the Guardian publish a 6'50" video by Jemima KissGov.uk: how geeks opened up government featuring ex-Guardian man Mike Bracken (executive director, GDS), ex-BBC man Tom Loosemore (deputy director, GDS) and ex-Morgan Stanley man Francis Maude, their political boss (Cabinet Office minister).

What are GDS trying to tell us?

Thursday 13 June 2013

Nothing better to do on Monday?

Highly recommended:
SCIENCE AND TECHNOLOGY COMMITTEE
Select Committee Announcement

No. 10 (13-14): 13 June 2013

ORAL EVIDENCE SESSION ANNOUNCED
Digital by Default

The Science and Technology Committee will hold the following oral evidence session into ‘Digital by Default’:

Monday 17 June 2013
Thatcher Room, Portcullis House
At 4.15 pm

· Rt Hon Francis Maude MP, Minister for the Cabinet Office and Paymaster General

Follow the Committee's business on Twitter @CommonsSTC

FURTHER INFORMATION

Committee Membership:
Andrew Miller (Labour, Ellesmere Port and Neston) (Chair)
Jim Dowd (Labour, Lewisham West and Penge)
Stephen Metcalfe (Conservative, South Basildon and East Thurrock)
David Morris (Conservative, Morecambe and Lunesdale)
Stephen Mosley (Conservative, City of Chester)
Pamela Nash (Labour, Airdrie and Shotts)
Sarah Newton (Conservative, Truro and Falmouth)
Graham Stringer (Labour, Blackley and Broughton)
David Tredinnick (Conservative, Bosworth)
Hywel Williams (Plaid Cymru, Arfon)
Roger Williams (Liberal Democrat, Brecon and Radnorshire)

The session is open to the public on a first come, first served basis. Portcullis House is the building directly above Westminster Station, entrance to which is via Victoria Embankment. There is no system for the prior reservation of seats in Committee Rooms. It is advisable to allow about 30 minutes to pass through security checks. Committee rooms and the timing of meetings are subject to change.

Specific Committee information: scitechcom@parliament.uk / 020 7219 2793
Media information: Nick Davies daviesnick@parliament.uk / 020 7219 3297
Committee website: www.parliament.uk/science
Watch committees and parliamentary debates online: www.parliamentlive.tv
Publications / Reports / Reference Material: Copies of all select committee reports are available from the Parliamentary Bookshop (12 Bridge St, Westminster, 020 7219 3890) or the Stationery Office (0845 7023474). Committee reports, press releases, evidence transcripts, Bills; research papers, a directory of MPs, plus Hansard (from 8am daily) and much more, can be found on www.parliament.uk.