Sunday 15 September 2013

Universal Credit – one for The Old Vic

Last Wednesday, 11 September 2013, the Public Accounts Committee took evidence on Universal Credit from DWP, the NAO and the Cabinet Office.

Media coverage of this electric event has been minimal. We know all about the different colours available for the Apple iPhone 5S. Nothing about the unmasking of misfeasance in public office on a monumental scale.

Where the media fail, perhaps another institution could succeed?


From: David Moss
Sent: 15 September 2013 10:34
To: Kevin Spacey CBE
Subject: Universal Credit – one for The Old Vic?

Attachments: uncorrected transcript - universal credit (223 KB)

Artistic Director

15 September 2013

Dear Mr Spacey


I attach a script for your consideration.

It’s 52 pages long.

52 pages of insight into how the Legislature in the UK is subverted by the unaccountable Executive. The politicians want to spring the poverty trap created by a dysfunctional welfare system. Their will is converted into stratospheric payments to IT contractors. All in the name of public service.

It’s a story of misfeasance in public office. Incompetence. And insouciance about hundreds of millions of pounds of taxpayers’ money going up in smoke. Why bother to pay tax?

It’s an epic business failure. It’s a whodunnit. It’s a courtroom drama. It’s a gladiatorial contest.

52 pages of drama. All paid for already by the taxpayer – no additional cost to the Old Vic for the script. And there’s plenty more where that came from. Masses more.

The set is simple. The characters are complex. Public interest could/should be huge.

One for The Old Vic?

Yours sincerely

David Moss

Universal Credit – one for The Old Vic

Last Wednesday, 11 September 2013, the Public Accounts Committee took evidence on Universal Credit from DWP, the NAO and the Cabinet Office.

Media coverage of this electric event has been minimal. We know all about the different colours available for the Apple iPhone 5S. Nothing about the unmasking of misfeasance in public office on a monumental scale.

Where the media fail, perhaps another institution could succeed?


Wednesday 11 September 2013

Public services under a cloud

Cloud computing is like a utility. Cheap. Think of your gas and electricity and phone and water bills.

Like the internet, it's always available. Resilient. Disaster-proof. No power cuts. Ever.

Except for the past two days, when some suppliers accredited to the UK government CloudStore found they couldn't log on, see below.

CloudStore is hosted by Memset. And since 1 June 2013, it's been the responsibility of the Government Digital Service, who promise that cloud computing is the key to the future of public services delivered efficiently by innovative SMEs. If they can log on, at least.

Does anyone know how this impossible-to-happen service interruption happened?






Public services under a cloud

Cloud computing is like a utility. Cheap. Think of your gas and electricity and phone and water bills.

Like the internet, it's always available. Resilient. Disaster-proof. No power cuts. Ever.

Except for the past two days, when some suppliers accredited to the UK government CloudStore found they couldn't log on, see below.

iPhone 5S fingerprint technology – eye-catching

Apple unveils two iPhones — and a password at your fingertip, it says in the Times today. According to the Telegraph, Apple iPhone 5S and 5C: fingerprint sensor and plastic make iPhone 5 debut. Etcetera, throughout the media.

You could have announced the end of the world yesterday. No-one would have noticed.

In fact, Sir David Attenborough did. "I think that we've stopped evolving", he told the Radio Times. And all anyone wanted to know is how easily they can photograph themselves with the iPhone 5C.

No matter how trivial the detail, media coverage was breathlessly serious.

Except, perhaps, for Murad Ahmed in the Times. For him, maybe there is some sign of a sense of humour. Maybe there is hope:
At events held at the company’s headquarters in Cupertino, California, and Berlin yesterday, analysts said the new fingerprint technology was the most eye-catching advance.
Which brings us to biometrics.

Suppose the fingerprint recognition in the iPhone 5S doesn't work. Suppose that 20 percent of 5S owners queue up outside Phones4U, complaining that they've bought a product that won't let them use it – the computer says I'm not me and it won't let me unlock the home screen – and they all want their contracts cancelled and their money back.

Suppose someone finds a way to steal your fingerprints from the iPhone 5S and use them to authenticate their own purchases, fraudulently. It's not as though you can just go out and get a new set of fingerprints ...

That's not a disaster for Apple alone.

What will the news footage of those queues do for US-VISIT, the US border control system that relies on fingerprint recognition? What will it do for Aadhaar, the Indian identity management scheme that ditto? What will it do for Safran's share price? What will it do for payments systems which rely on fingerprint recognition to authenticate transactions?

Sweaty fingers and scared eyes. It's in their DNA. That's the evolutionary response that will be shared by all the owners with a horse in the Apple Stakes.

If the fingerprint technology is up to the job and can authenticate you as the legitimate user of this iPhone 5S, then it can also allow you to open the front door to your house. As the Wall Street Journal said in Apple's Latest iPhone Puts Focus Back on Fingerprint Security. Last word to them:
"If I go jogging with my iPhone and I come back to my house and my thumb is all sweaty and I can't get in my apartment door, that would kind of suck".

iPhone 5S fingerprint technology – eye-catching

Apple unveils two iPhones — and a password at your fingertip, it says in the Times today. According to the Telegraph, Apple iPhone 5S and 5C: fingerprint sensor and plastic make iPhone 5 debut. Etcetera, throughout the media.

You could have announced the end of the world yesterday. No-one would have noticed.

In fact, Sir David Attenborough did. "I think that we've stopped evolving", he told the Radio Times. And all anyone wanted to know is how easily they can photograph themselves with the iPhone 5C.

Tuesday 10 September 2013

Edward Snowden – déjà vu all over again

Come to think of it, this debate about the security services having cracked all our codes is not entirely new.

For what it's worth, back in August 2010, on the No2ID forum, we were discussing the latest revelations about BlackBerry mobile phones. Someone posted the following extracts from a Nic Fildes article in the Times newspaper, BlackBerry ‘near deal to open messages to Saudis’. The debate remains relevant three years later:
The makers of BlackBerry mobile phones appear to have backed down in the face of demands from Saudi Arabia to allow the state to monitor messages sent on its devices ...

The Saudi-backed television station Al-Arabiya quoted unnamed sources as saying RIM [Research In Motion, the people behind the BlackBerry] had agreed in principle to grant the Saudi authorities access to its messages.

Bandar al-Mohammed, of the Saudi Communications and Information Technology Commission, said RIM had expressed its “intention…to place a server inside Saudi Arabia”, allowing the kingdom to inspect communications and data exchanged between BlackBerry handsets ...

The United Arab Emirates intends to ban BlackBerry e-mail, messaging and web browsing on October 11 ...

The company then issued a statement on Thursday denying that it had already allowed some governments access to BlackBerry data.

The US and Canadian governments have also offered to hold talks with countries concerned about the security implications of BlackBerry usage.
Not just Saudi Arabia, but the UAE, too, and India and Indonesia and France – it seemed as if no country would allow people to use BlackBerrys until its security services had found out how to listen in. There are obvious implications for industrial and other espionage.

Then Justin found a Babbage article in the Economist magazine, Spies, secrets and smart-phones, and someone posted this, adding a reference to Sir Richard Dearlove, the former head of MI6 ...
From the Economist article usefully brought to our attention by Justin:
A security pundit interviewed on BBC television's "Newsnight" a few days ago speculated that the American authorities are only pretending when they claim they still can't tap into Skype calls. This was then put to Lord West, a former British security minister. His response was fascinating:
When I come on a programme like this I'm always very nervous, ‘cos I know so much. And also people…don’t necessarily always tell the truth. That sounds an awful thing to say but do you want anyone to know that you can get into very high-encrypted stuff? No, you can say "we don’t, we can’t do it".
He then went on to say how "mind-boggling" are the capabilities of America's National Security Agency and its British counterpart, GCHQ. To this blogger, that sounded like: "Yes of course we can hack Skype calls and all the rest, but we have to pretend we can't".
Lord West is not the only one playing this game. At 9.30 a.m. on Saturday 26 September 2009 Sir Richard Dearlove lectured several hundred of us on the security risks the world faces and the international response [p.15]. At one point he said that there are many good encryption systems available but maybe "we" have cracked them. (I paraphrase.) (Andrew Watson turned out to be at the lecture, too – Andrew, can you confirm this is at least roughly right?)

Let's take it, from Sir Richard's lecture and Lord West's appearance on Newsnight, that the commonly available encryption systems are a busted flush. So what?

The implications are legion.

One of them is that part of the case for long periods of detention without charge [remember Admiral Lord West, the once court-martialled and then reinstated "simple sailor"] collapses. That case is based on the large number of computer files that often have to be checked for evidence and on the difficulty of deciphering them. If that difficulty doesn't exist, ... etc.
... followed by wise words from Andrew Watson:
I have to admit that I don't remember what he said on that topic - having lived through all the fuss surrounding PGP export from the USA in the 90s [see Phil Zimmermann, Why I wrote PGP, pp.227-31], I'm afraid I tend to tune-out speculation about whether the NSA can or cannot read any particular form of encryption. I agree that there doesn't seem to be any publicly-available hard data on this point, and one can spend a lifetime speculating about the possibilities for bluff, double-bluff, triple-bluff etc by those who may know but aren't telling.

Here's the one bit of hard data I have seen recently -

http://www.theregister.co.uk/2010/06/28 ... _lock_out/

... but again, one could speculate that the NSA could break this crypto if they wanted to, but choose not to release this information to the FBI for fear of revealing the secret (etc, etc).
That ElReg article referred to by Andrew, Brazilian banker's crypto baffles FBI, is all about TrueCrypt, the open source encryption facility which was exercising Mydex the other day, "Waaaaat? A backdoor is available for truecrypt too?".

Mydex, and the rest of us – we're all exercised by the Edward Snowden revelations that began on 6 June 2013.

In the atmosphere of "bluff, double-bluff, triple-bluff etc" we're not going to get any sensible answers.

So here's a flippant point.

England staged its revolution over a century before the Americans and the French got round to holding theirs. Edward Snowden was beaten to it by Sir Richard and Lord West by three or four years. Late again!

Edward Snowden – déjà vu all over again

Come to think of it, this debate about the security services having cracked all our codes is not entirely new.

For what it's worth, back in August 2010, on the No2ID forum, we were discussing the latest revelations about BlackBerry mobile phones. Someone posted the following extracts from a Nic Fildes article in the Times newspaper, BlackBerry ‘near deal to open messages to Saudis’. The debate remains relevant three years later:
The makers of BlackBerry mobile phones appear to have backed down in the face of demands from Saudi Arabia to allow the state to monitor messages sent on its devices ...

The Saudi-backed television station Al-Arabiya quoted unnamed sources as saying RIM [Research In Motion, the people behind the BlackBerry] had agreed in principle to grant the Saudi authorities access to its messages.

Bandar al-Mohammed, of the Saudi Communications and Information Technology Commission, said RIM had expressed its “intention…to place a server inside Saudi Arabia”, allowing the kingdom to inspect communications and data exchanged between BlackBerry handsets ...

The United Arab Emirates intends to ban BlackBerry e-mail, messaging and web browsing on October 11 ...

The company then issued a statement on Thursday denying that it had already allowed some governments access to BlackBerry data.

The US and Canadian governments have also offered to hold talks with countries concerned about the security implications of BlackBerry usage.
Not just Saudi Arabia, but the UAE, too, and India and Indonesia and France – it seemed as if no country would allow people to use BlackBerrys until its security services had found out how to listen in. There are obvious implications for industrial and other espionage.

Sunday 8 September 2013

Edward Snowden – the penny drops 2

While beautiful people dance, beautifully dressed, through the lush pastures and wild flowers singing beautifully, they are stalked all the while by the Gestapo, the Geheime Staatspolizei, the sinister secret state police ...

The Sound of Music? It's a parable of our time, dontcha know.

No it isn't. But you'd never guess that from the way some people have reacted.

Who do you think wrote this in the Guardian?
Government and industry have betrayed the internet, and us.

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.

This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.
Only Bruce Schneier. That's who.

For anyone who doesn't know, Mr Schneier is a wise and expert practitioner and commentator on security whose blog is required reading for level-headed analysis and comprehensive coverage of current security affairs.

Writing like Private Eye's Dave Spart is the last thing you would ever expect of him but there it is in black and white, "government and industry have betrayed us ... undermined a fundamental social contract ... ethical internet stewards ... we need to take it back". Normal service will no doubt resume once he has got over the shock of the latest Edward Snowden revelations.

Is there any way for the ordinary punter to keep their data secure on the internet?

In another Guardian article, NSA surveillance: A guide to staying secure, Mr Schneier tentatively offers a five-point plan and recommends some tools to use:
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line); I've been using that as well ...

I understand that most of this is impossible for the typical internet user. Even I don't use all these tools for most everything I am working on.
So no. There isn't. Not even for Mr Schneier.

It will be said that we are all over-reacting. All of us including Mr Schneier. Things aren't as bad as they look, securitywise, on the internet.

In fact, it's already been said: "Phew :-)  Back to: so what was it we were *right* to be paranoid about? ... hoax ... indeed. We're all delighted".

Too late for that: "it's a hoax ... but that gives no info about whether true ;-)".

The damage is done: "Not cool. Wonder what effect that first Tweet will have on some market capitalisations".

The trust has gone.

There was never any basis for it in the first place.

The internet never was Julie Andrews and a troupe of good-looking children singing in picture postcard-beautiful mountains. Google and Amazon and Facebook and Apple and eBay/PayPal are in it for the money. Martin Sorrell told us so. So did Mydex's very own William Heath:
It’s no more helpful to obsess about identity than to obsess about privacy ... The area to focus on is data logistics ... the compelling reason to pursue better data logistics with user-driven services is saving money.
Not just the money. The power, as well. Which Douglas Carswell should have realised. That's where the NSA and GCHQ come into it. And ex-Guardian man Mike Bracken's Government Digital Service and their friends.

Edward Snowden has done us a favour. The penny has dropped and the Hollywood movie rose-tinted spectacles are off.

Edward Snowden – the penny drops 2

While beautiful people dance, beautifully dressed, through the lush pastures and wild flowers singing beautifully, they are stalked all the while by the Gestapo, the Geheime Staatspolizei, the sinister secret state police ...

The Sound of Music? It's a parable of our time, dontcha know.

No it isn't. But you'd never guess that from the way some people have reacted.

Who do you think wrote this in the Guardian?