* Posts by Alistair Kelman

10 publicly visible posts • joined 6 Jun 2009

Security pioneer Ross Anderson dies at 67

Alistair Kelman

Ross - the bane of politicians and PR journos

Ross was really special - he gave no quarter to politicians or PR journos whose arguments and defences were filled with "special pleadings". All of us in the security community are going to miss him and his generosity with ideas. He could truly inspire great insights. One of his greatest gifts was in how he negotiated with Wiley, his publishers, so that his book Security Engineering is not locked away in a copyright ghetto. Instead earlier editions are available to freely download and the current edition has a limited life as a premium publication. His lectures contained infectious humour. I commend to everyone his fifteen lecture series which he made available during lockdown to everyone who was interested in these topics via the web.

Computer Misuse Act: Tell the Home Office infosec needs a public interest defence in law, says CyberUp campaign

Alistair Kelman

A different solution to the Computer Misuse Act problem

I would prefer it to be the case that prosecutions under the CMA could only be made after explicit permission had been sought and obtained from the Attorney General. Most crimes today involve computers in some shape or form either as evidence gatherers or as tools for executing the crime. The CMA should be available as a "sweeping up" measure. This would effectively mean that any public interest defences had been considered and rejected by the Attorney General so that permission was given to allow the prosecution to go ahead.

Autonomy ex-boss Lynch tells of poisonous life within HP in High Court showdown

Alistair Kelman

Re: HP got a bargain and they failed to understand it and evaluate it ...

There is nothing fundamentally wrong with software patents per se. The IBM 360 (remember that) had features which in some models used hardware to perform certain operations and some less expensive models used software to do the same thing. The hardware versions were patented and the software versions were implementations of the hardware versions so were patented too.

The problem with software patents arises when they are too broadly claimed and the failure of the US system to genuinely look for prior art. Our European system is considerably better, more thorough and more restrictive. Autonomy owns several European patents for its technology and its implementation of Bayes' Theorem in gathering and classifying information. Simultaneously Microsoft developed technology to identify and eliminate spam e-mail. - a very successful patented Bayesian Networks invention which is in constant use across the internet and without which e-mail could not function today. Since then all Microsoft's modern user interface technology appears to have been built around Bayes Theorem and indeed, since the 1990s, they appear to have patented everything that they can in this field. Bill Gates has been described as a Bayesian believer and vast resources appear to have been deployed by Microsoft in recent years.

Alistair Kelman

Re: HP got a bargain and they failed to understand it and evaluate it ...

The reality is rather different from what you suggest. When HP made its complaint saying it had been defrauded the matter was naturally passed across to the SFO in the UK which ran into a problem. The SFO uses Autonomy software for its operational analysis and preparing cases. So there was a conflict of interest that could only be avoided if the SFO could use an alternative software product. It couldn't - the SFO was locked in just as I indicate. So one of the reasons why the SFO threw out the case against Autonomy was that it was unable not to use Autonomy's software in its normal operations.

HP senior executives do not appear to be the sharpest tools in the box in respect of understanding the value of what they have and what they can do with it - just look at what Steve Levy said a couple of days ago regarding Carly Fiorina and Steve Jobs


Alistair Kelman

HP got a bargain and they failed to understand it and evaluate it ...

It is fairly well know that Dr Mike Lynch did his PhD thesis on Bayes’ Theorem and in 1996 set up a business with Richard Gaunt that eventually became Autonomy. Along the way in 2004 Richard Gaunt on behalf of Autonomy filed a provisional patent application for “Methods and apparatuses to generate links from content in an active window” which later became a full patent filed by Dr Mike Lynch and two other Autonomy staff that was granted - Method and apparatus to link to a related document

This granted patent is one of what is believed to be around 170 patents owned by Autonomy in countries around the world which cover all sorts of core technologies which are going to lock up this area for the next twelve to fifteen years. US Patent 7272594 makes reference to Bayes’s Theorem (how you make choices as data becomes available) and Claude Shannon's principles of information theory (mathematical limits of certainty). This patent, in my view. is a fundamental building block for all technology in this sphere of activity. No rival company (Google, Microsoft, IBM, Amazon etc) could afford to enter this field with any cloud service offerings because Autonomy's patents will enable them to be injuncted with dire consequences for all of them - billions in damages etc. This is not technology where it can be claimed the consumer is being denied rights because of a lack of a competitive market in the patents through licensing - Autonomy is a business to business offering whose technology falls full square within the lawful monopoly for patents permitted under the US Constitution - a monopoly right which is respected across the world. Rivals who choose to try and compete with Autonomy are likely to suffer the same fate as Kodak did when it tried to produce an instant print camera in breach of Polaroid’s patent portfolio - global injunctions and heavy damages.

So why are these rights so valuable even if Autonomy is not yet fully enforcing its patents? The issue is one of stickiness. Around the time of the takeover by HP Autonomy had 20,000 clients, with management contracts for giants such as Citigate and Shell. Autonomy also drives the UK police's Holmes 2 system, which can tie together fingerprints, witness statements and police reports. It can sift emails, documents and even phone calls and elucidate the meaning inherent in them. It allows customers to search and categorise unstructured information - such as e-mails, phone call logs, pictures, film clips, anything that has not been organised into a database. It has been heavily used by banks and other large corporations preparing for class action lawsuits, helping them find all the documents needed for trial. Société Générale, for example, installed the software to trace the actions of rogue trader Jérôme Kerviel. Any company which is hit by a "litigation hold" notice had better turn to using Autonomy's software or face the consequences.

Once a company starts using Autonomy's software it cannot stop - the cost of leaving is too great. Even if someone could lawfully design around Autonomy’s patents it will not be able to capture an existing Autonomy customer because if the customer wishes to move to a rival supplier the cost of doing would be prohibitive. If your business depends upon having a computing network running 24/7 (which today covers all financial and insurance services) and you have purchased an indexing package from a company which you have run for some time - then you may never be able to move. This is because of what Donn Parker of SRI International called MTBU - maximum time to belly up. The move to a rival supplier would cause you to be without computing services for a protracted period of time during which time your business would automatically fail because for it to survive it needs to keep running 24/7. No business which uses e-mail in its day to day operations could afford to move. It is like being told that you could switch electricity suppliers if you were prepared to live without electricity for 3 months - not many households would be prepared to do so.

But the opportunities and benefits which arise from using Autonomy’s software outweigh the risks - imagine compliance departments running Autonomy's software to stop another financial collapse, another Barings or UBS case. Autonomy was not holding its clients to ransom with its sales contracts but it was able to use a very aggressive way of estimating the value of each customer - to take account of the fact that every customer Autonomy acquires will never leave - i.e. there will be no churn. This is what HP present management team has failed to understand. And this is why HP may have got a bargain in paying just $11.1 Billion for Autonomy.

Ofcom issues stern warning over fake caller number ID scam

Alistair Kelman

Why it is unclear ...

The definition of forgery is to create a false instrument which tells a lie about itself. It could be argued that a false CLI is an instrument which tells a lie about the originator - i.e. it is a forgery. This is intellectually far more in keeping with the underlying harm which the crime is trying to address that to use the Computer Misuse Act.

A false instrument is a document which the individual in control of it knows it to be false the intention of inducing another person into thinking that it is in fact a genuine instrument.

Now so long as a document today can include an electronic document - that is to say one which exists is a defined format in cyberspace - then notwithstanding R v Gold and Schifreen - I think there could be a successful prosecution here.

Interestingly just before R v Gold and Schifreen I was suggesting to the police when I was training police officers at the Peel Centre in Hendon that they could use the Forgery Act 1981 for cases of banking card fraud. The important distinction to make between the Prestel case and the CLI issue is that it is a human being who is being deceived rather than a machine. By creating a false CLI you are telling a lie about the source of the telephone call and this lie is being told to a human being and not just to a machine. That is the reason why R v Gold and Schifreen does not undermine the use of the Forgery Act in this situation. I would see no difficulty in a jury convicting the false CLI scrotes after being properly directly by a trial judge.

Pro-privacy titan Caspar Bowden dies after short cancer battle

Alistair Kelman

@Caspar - an awful loss. A principled man with a sense of humour. This is a truly sad day for everyone.

'80s hacker turned journo, IT crime ace Steve Gold logs off

Alistair Kelman

A great loss to all of us

I was Steve's barrister in the hacking case where I took and lived through all the trials and tribulations. He became a good and trusted friend and we shared a common interest in getting the computer community thinking about the problems and possibilities arising from the use of computers. In more recent years I called him frequently for advice on mobile technology - he was always the source of the best possible deal that was out there. He worked too hard and could always be relied upon for delivering the goods. We shall all miss him and his cheery telephone manner.

UK's brazen copyright land grab sneaked into Enterprise Bill

Alistair Kelman

And about bl***dy time ...

Anyone who has tried to get copyright clearance for any work knows that the present nineteenth century system is not working. Creatives spend more time on trying to get copyright clearance for the works than actually creating the new works. Frequently the cost of copyright clearance destroys the commercial viability of making the new work. The Shakespearian solution "Kill all the lawyers" won't work so this is a reasonable compromise.


Judge backs Halifax in Chip and PIN clone case

Alistair Kelman

Official judgement

Is now on my website - free for anyone to download. I will shortly be posting comments there.

www.alikelman.com - just follow the links