DMossEsq

Sunday 15 April 2012

Even the founder of Google is warning Whitehall against cloud computing

In a series of articles recently DMossEsq has warned against Whitehall's plans to adopt cloud computing, please see for example Cloud computing is bonkers or, as HMG put it, a "no-brainer". One of the risks of storing UK citizens' data on servers operated by Google, say, or any of the other suppliers of cloud computing services, is that the data will then come under the jurisdiction of other governments.

Is that true?

Yes it is. The Guardian today carry an article about Sergey Brin, one of the genius founders of Google, Web freedom faces greatest threat ever, warns Google's Sergey Brin, in which they say:

Brin acknowledged that some people were anxious about the amount of their data that was now in the reach of US authorities because it sits on Google's servers. He said the company was periodically forced to hand over data and sometimes prevented by legal restrictions from even notifying users that it had done so.

It is mystifying how Whitehall can even consider storing our personal data in the cloud, as though that might be acceptable to their parishioners. The question is indeed a "no-brainer", as Whitehall put it – no-one with a mental age over 12 would have the least trouble seeing that the answer is no.

Actually, some of these articles aren't so recent. The decision facing Francis Maude was published in January 2011 and With their head in the clouds was published 18 months ago in October 2010. Francis Maude is the man in charge. Him and Ian Watmore, permanent secretary at the Cabinet Office. Mr Maude. Mr Watmore. Please. Get a grip. Tell the children it's time to grow up.

Even the founder of Google is warning Whitehall against cloud computing

Brin acknowledged that some people were anxious about the amount of their data that was now in the reach of US authorities because it sits on Google's servers. He said the company was periodically forced to hand over data and sometimes prevented by legal restrictions from even notifying users that it had done so.

Friday 13 April 2012

Friday 13th unlucky for Chris Chant and the UK

Two days ago, DMossEsq published an article asking Chris Chant several questions about the government's plans for cloud computing. No answer has been received, it's early days, but now it appears that Mr Chant is retiring – Chris Chant to retire in two weeks (see also, and also, and also, ...).

The first article published on this blog, 3 October 2011, asked if Sir Gus now Lord O'Donnell is responsible for the mismanagement of the UK economy over the past 15 years or so. No answer has been received, it's early days, but now it appears that Lord O'Donnell is a strong candidate to succeed Mervyn King as Governor of the Bank of England – O'Donnell for Bank of England governor? (see also, and also, and also, ...).

Friday 13th unlucky for Chris Chant and the UK

Wednesday 11 April 2012

The government's plans for cloud computing – hot air?

HMG have come up with another one of their questionable posts about cloud computing. And once again, the questions have been duly submitted as a comment on the HMG blog. Will they publish the comment this time? They didn't last time. And will they answer the questions?

It's all getting very butch. Under the picture of a leopard with its impressive mouth open Chris Chant, the Programme Director for G-Cloud, says:

There is still plenty more to do and, if I look back on the last dozen years and honestly reflect on those I’ve worked with and interacted with, this is still a pretty difficult list of stuff to do and some of those people just don’t have the capability to do it. They will have to look hard at themselves and decide how they are going to resolve that because it will turn out to be the toughest thing that they have done in their career so far.

The leopard's got plenty but does the G-Cloud Programme have any teeth?

Dear Mr Chant

Few would disagree with your analysis of the current problems with a lot of UK government IT. The search is on for a better way. The question is, have you found a better way?

The better way you propose is digital by default and customer-centric. But the two don't mix. 10 million of your customers have never used the web. To concentrate on digital by default is to ignore 10 million of your customers and – I say this more hesitantly than it sounds – you are fooling yourself if you think otherwise. Is digital by default, for 10 million people, the very opposite of customer-centric? Your answer to that? So far, a phrase – "assisted digital". An empty phrase.

The media is knee-deep in cyber (in)security stories. Every time you re-announce your plans there's always just been another one of these stories. Apart from Anonymous taking down the Home Office website for Easter, the latest serious insecurity story is the update on RSA themselves being hacked by the Chinese. If RSA can't operate securely, how can Whitehall? They can't. Is G-Cloud a strategic mistake, securitywise? Your answer to that? So far, silence.

Judging by Mr Scaife's "no-brainer" post, the Cloud means no capital expenditure. Which means Whitehall would be using Amazon's servers. Or Google's or whoever's. And where will these servers be? Wherever Amazon or Google or Microsoft or whoever put them. Which could be anywhere. Which could be beyond British jurisdiction. And access could anyway be subject to Anonymous's permission. Will Whitehall literally lose control of its applications and its data? Our data, rather. Your answer to that? So far, silence.

Last time the world used timesharing – the 1970s – costs went through the roof. Why wouldn't the same happen this time? Your answer to that? So far, silence.

What we do get from you is assertions about the agility and affordability of cloud computing. But no examples. How about taking a big government contract, an existing one, as a worked example, and telling us in detail how we can avoid the saga-length contracts and the King Midas costs while at the same time delivering customised services instantly? ("Instantly" is probably going a bit far but a lot of your sales talk sounds as though that's what you're offering.) Without a worked example, it's all just talk.

At least that's the danger. It was great the first time. 20 October 2011. And it's great listening to you every few weeks telling the dinosaurs to show themselves out of Whitehall. But meantime the dinosaurs are still in situ, still signing contracts, sagas just like the old contracts, they're still denominated in years and in billions of pounds and the counterparties are still the same old suppliers. Where's the agility? Where's the affordability? Your answer to that? So far, silence.

I shan't ask you to defend your claim that Whitehall is now "open". There's quite enough else there for you to get your leopard's teeth into.

Yours sincerely
David Moss

The government's plans for cloud computing – hot air?

There is still plenty more to do and, if I look back on the last dozen years and honestly reflect on those I’ve worked with and interacted with, this is still a pretty difficult list of stuff to do and some of those people just don’t have the capability to do it. They will have to look hard at themselves and decide how they are going to resolve that because it will turn out to be the toughest thing that they have done in their career so far.

The leopard's got plenty but does the G-Cloud Programme have any teeth?

more ►

Saturday 7 April 2012

Anonymous demonstration of foolproof Cabinet Office plans

Don't worry – this can't happen

The BBC are reporting that the hacking group Anonymous have caused the Home Office website to be taken out of service.

Under no circumstances should this be taken as an example of what could happen if the Cabinet Office have their way and all public services are delivered over the web.

The public can safely remain entirely confident that this could never happen to the G-Cloud, for example, the "government cloud" on the web in which Her Majesty's Government plan to store all our data. All our tax records and pension records and benefits records and health records and housing records and travel records (eBorders) and Companies House records and Charity Commission records and criminal records and military records and energy infrastructure records and driving licences and passports and the Government Gateway and ... all tucked up in the G-Cloud and all as safe as houses.

The Chinese would be quite incapable of pulling off the same trick as Anonymous, a small group of gifted amateurs. Nor could the Russians. Or an undergraduate class at the University of Michigan.

Admittedly, the OECD recommend that "cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or ...".

And ENISA, the EU's information security agency, say that cloud computing "should be limited to non-sensitive or non-critical applications and in the context of a defined strategy ... which should include a clear exit strategy".

But here in the UK, cyber security is masterminded by the arch-moderniser Francis Maude – and what could be more modern than to use the web for all government business?

Mr Maude may have a limited understanding of DDoS attacks and LOICs, but he was once the managing director of Morgan Stanley. Or was he?
He has the imprimatur of Martha Lane Fox.
The modernisation plan – "transformational government", as it used to be known, i.e. making front line public servants redundant and replacing them with computers – was first floated in 2005 by Sir Gus now Lord O'Donnell at the behest of Tony Blair the telecommunications security expert, and is in the safe hands of Ian Watmore, sometime chairman of the Football Association.
Mr Maude is also ably assisted by Andy Nelson, Chris Chant and Denise McDonagh ...
... not to mention ex-Guardian man Mike Bracken ...
... to whom all enquiries should be confidently addressed.

Not that there's any need to address any enquiries to them or to anyone else. Francis Maude, Martha Lane Fox, St Augustine, Tony Blair, Ian Watmore, Andy Nelson, Chris Chant, Denise McDonagh and ex-Guardian man Mike Bracken know what they're doing. They are to be trusted implicitly.

As the BBC report says, the Home Office "have put all potential measures in place and will be monitoring the situation very closely". There really is nothing to see here. "Potential measures" are in place. Not just some of them. All of them. It is simply impossible that access to the G-Cloud should ever be cut off:

Don't worry – this can't happen

Anonymous demonstration of foolproof Cabinet Office plans

Don't worry – this can't happen

more ►

Friday 6 April 2012

GreenInk 6 – Whitehall’s idea of efficiency and reform seems to be to hand over our personal data to third parties in overseas jurisdictions where it will be impossible for Whitehall to keep control of it

The following letter was kindly published by the Guardian today under the heading Security policies under a cloud:

From: David Moss
Sent: 05 April 2012 12:50
To: 'letters@guardian.co.uk'
Subject: Rajeev Syal, 3 April 2012, 'Lib Dem MPs issue warning over web surveillance proposals'

http://www.guardian.co.uk/world/2012/apr/03/web-surveillance-legislation-dangers-letter

Sir

Whitehall’s strange attitude to the confidentiality of our personal data is revealed not only by its recent attempt to resurrect the snoopers’ web-surveillance charter but also by two other initiatives, IdA and G-Cloud.

IdA, Whitehall's identity assurance initiative, is part of their plan to make all public services accessible over the web and only over the web. When you submit your tax return, for example, under IdA you will require an electronic ID issued and managed by the likes of Google and Facebook. G-Cloud is Whitehall's Government Cloud plan to put all government data on the web, where it will be stored on computers operated by Google and other cloud computing service providers like Amazon.

These initiatives are being promoted in the name of efficiency and reform and are the responsibility of Rt Hon Francis Maude MP, the Cabinet Office Minister. Whitehall’s idea of efficiency and reform seems to be to hand over our personal data to third parties in overseas jurisdictions where it will be impossible for Whitehall to keep control of it. Will Mr Maude ask us if we all agree to this plan?

Yours
David Moss

GreenInk 6 – Whitehall’s idea of efficiency and reform seems to be to hand over our personal data to third parties in overseas jurisdictions where it will be impossible for Whitehall to keep control of it

The following letter was kindly published by the Guardian today under the heading Security policies under a cloud:

From: David Moss
Sent: 05 April 2012 12:50
To: 'letters@guardian.co.uk'
Subject: Rajeev Syal, 3 April 2012, 'Lib Dem MPs issue warning over web surveillance proposals'

http://www.guardian.co.uk/world/2012/apr/03/web-surveillance-legislation-dangers-letter

Sir

Whitehall’s strange attitude to the confidentiality of our personal data is revealed not only by its recent attempt to resurrect the snoopers’ web-surveillance charter but also by two other initiatives, IdA and G-Cloud.

IdA, Whitehall's identity assurance initiative, is part of their plan to make all public services accessible over the web and only over the web. When you submit your tax return, for example, under IdA you will require an electronic ID issued and managed by the likes of Google and Facebook. G-Cloud is Whitehall's Government Cloud plan to put all government data on the web, where it will be stored on computers operated by Google and other cloud computing service providers like Amazon.

These initiatives are being promoted in the name of efficiency and reform and are the responsibility of Rt Hon Francis Maude MP, the Cabinet Office Minister. Whitehall’s idea of efficiency and reform seems to be to hand over our personal data to third parties in overseas jurisdictions where it will be impossible for Whitehall to keep control of it. Will Mr Maude ask us if we all agree to this plan?

Yours
David Moss