* Posts by D Moss Esq

271 publicly visible posts • joined 19 Jun 2009

Page:

How Groucho Marx lost his voice and found his funny bone

D Moss Esq

Re: I have to say

The Big Store was dreadful?

Oh come on.

"Shoot the talcum to me, Malcolm"?

"The bassinet with a built-in lullaby", 40 years before Victoria Wood's "sockette with a built-in wolf whistle"?

Bruce Schneier's Data and Goliath – solution or part of the problem?

D Moss Esq

Brave man, Andrew, tackling this subject.

Relax, I shall make no original contribution, I promise. I can't.

Roger Scruton can: "... the shared assumption was that rights are liberties. They are there to protect the individual against oppression, and especially oppression wielded by the clergy, the sovereign or the state. Their existence is fundamental to anything that we could call government by consent, and they capture the essence of the political process as we, in the West, have since conceived it – namely as a device for protecting the individual against the group".

Inventing the Individual: The Origins of Western Liberalism by Larry Siedentop – that might help, I can't claim to have read it, but my friend Scott reviewed it.

All very elevated. Back here down on terror firmer, what do we get?

A person is a set of entitlements. Or a set of credentials. Or a fingerprint. Or a mobile phone with a lot of digital certificates and an associated location history. Or, GOV.UK Verify, a person is a credit history.

That, or the Mydex/Ctrl-Shift idea, that a person is a quantified self represented on-line by his or her 100% guaranteed hyper-secure personal data store. That quantified self can have rational decisions made for it by utilitarian apps which process the data in the PDS. Never mind the Enlightenment. Back to the ancient Greeks, when people were pawns in the Titans'/Gods' game of chess.

Just saying ...

UK now part of another Euro data-spaff scheme

D Moss Esq

Who told you that?

The UK has hitherto not been extended access to the SIS II as it is not part of the Schengen free movement area. However, as of April 13 it is now allowed to use the SIS within the context of police and judicial cooperation, though not in relation to external border policy.

Re SIS I: "The UK was given access to sensitive information on criminal and policing matters held on the Schengen Information System, an EU-wide directory, in 2000, but there have been repeated technical problems".

Re SIS II, I was told at a meeting at the Home Office on 23 February 2010 that the UK should be able to use it from 2012.

Interpol weren't impressed with UK border control in 2004. Or 2007.

Raytheon didn't help.

The problems lie in the UK Border Force. Not the EU.

Instead of public sector non-jobbery, Martha, how about creating real entrepreneurs?

D Moss Esq

Let's get our duck in a row

Tim Worstall: She walked away to join a couple of resolutely non-digital boards, signed up for a couple of quangos and that was it. The quangos led to the government tsar bit, which in turn led to the peerage and now has led to... umm, well, a committee to tell people to be digital, I think.

Is it any wonder that we're not creating serial entrepreneurs when that's the preferred career path for those who could be one, to have one success and then aim for the tiara, not the next big thing?

I think you're wrong about British entrepreneurs but that's irrelevant as MLF isn't an entrepreneur, is she. She's a salesman. She's a motivational speaker. But not an entrepreneur.

Home Office awards Raytheon £150m over e-borders cancellation

D Moss Esq

£150 million?

We could have bought 150 modern, mature and powerful Tomahawk Cruise missiles for that.

Ark scoops £700m to host ALL UK.gov's data centre needs

D Moss Esq

ARK & Skyscape

Take another look at those directors – stuffed to the gills with the usual suspects: G-Cloud, GDS, HMRC and Skyscape, the company with just one director, who owns all the shares – Whitehall SNAFU

Then take a look at the original plans for G-Cloud – efficient, consolidated, centralised, trusted, green: G-Cloud Overview

Remember that Skyscape claim to have picked up 50% of all G-Cloud business – they're no longer an SME: Skyscape – the Surprise as a Service company

What does that add up to?

It's not clear, especially with this latest revelation that the Cabinet Office have taken a 25 percent stake in ARK, but it doesn't add up to central government outsourcing to the private sector, especially SMEs, while taking advantage of the cloud with its mythically low costs (practically free), magically releasing billions to be spent on cakes, bunting and post-it notes for GDS's walls.

MPs 'alarmed' by millions of mugshots on Brit cops' databases

D Moss Esq

The appropriate response? Mockery

No-one who gave evidence to the House of Commons Science and Technology Committee's enquiry into biometrics said that mass consumer biometrics work. No statistics were put forward to measure how reliable this technology is.

Many witnesses went out of their way to say how unreliable mass consumer biometrics are. Not least the police themselves – "the technology is not yet at the maturity where it could be deployed", says Chief Constable Chris Sims at para.95 speaking for the Association of Chief Police Officers about face recognition.

There's no need to be alarmed by the deployment of a technology that doesn't work. It is more appropriate, surely, to mock the deployers, in this case the police, for wasting their time deploying it. You could also be angry that they are wasting their time. And our money. But not alarmed.

Chief Constable Sims is also quoted as saying that he is "not aware of forces using facial image software at the moment". Are we to believe that the police have gone to all the trouble of uploading 12 million+ faces onto their national database but they aren't using them? If so – and that's what the Chief Constable says – then cue more mockery.

Mockery or fury at the waste of time and money and the absence of logic. But not alarm. Alarm suggests that you think the technology works. Even the police don't say that. They say the opposite. It doesn't work. All you do by expressing alarm is to help the salesmen to sell this flaky technology. "Why would all these cowardly children with something to hide be alarmed", the salesmen may ask a prospective credulous customer, "if the technology doesn't work?".

There is plenty of room to be angry at the police for ignoring the High Court for 2 1/2 years. No room for alarm. And otherwise just wall-to-wall mockery at the twits for buying this rubbish and pretending that they are thereby doing something in the interests of crime prevention/detection.

Give biometrics the FINGER: Horror tales from the ENCRYPT

D Moss Esq

Wishful thinking as a platform

The House of Commons Science and Technology Committee published its report yesterday, Current and future uses of biometric data and technologies.

Drugs companies have to undertake extensive trials before letting their products loose on people and ditto aircraft manufacturers.

But not biometrics systems suppliers (para.54):

When biometric systems are employed by the state in ways that impact upon citizens’ civil liberties, it is imperative that they are accurate and dependable. Rigorous testing and evaluation must therefore be undertaken prior to, and after, deployment, and details of performance levels published. It is highly regrettable that testing of the ‘facial matching technology’ employed by the police does not appear to have occurred prior to the searchable national database of custody photographs going live. While we recognise that testing biometric systems is both technically challenging and expensive, this does not mean it can be neglected.

The deployment of mass consumer biometrics without first establishing that the technology is reliable is not scientific, businesslike or responsible. It is wishful thinking.

It is wishful thinking when it comes to biometrics based on face recognition and on all the other candidate modalities, including flat fingerprints.

The Science and Technology Committee made that point in July 2006. Here they are making it again, nearly nine years later. There has been no progress in between.

US Senators hope to crack down on the trade of private information

D Moss Esq

Nothing to do with the UK. No, wait ...

One company that will be following the progress of the DATA Act with interest is Experian, the credit referencing agency and data broker which unwittingly sold personal data to a crook for nine months until the US Secret Service told them about it, please see KrebsOnSecurity.

Experian were hauled over the coals by Senator Rockefeller's Committee on Commerce, Science, & Transportation on 18 December 2013. He put them on notice then. And now, good as his word, here's the DATA Act.

So what? Nothing to do with us here in the UK, surely.

But Experian are an "identity provider" to the UK Government Digital Service's Identity Assurance scheme, now officially known as GOV.UK Verify (RIP): "GOV.UK Verify is the new way for you to prove who you are online, so you can use services on GOV.UK safely". It wasn't very safe in the US. How safe is it in the UK?

Collecting personal data and then selling it is the business of all sorts of organisations. Take Verizon, for example.

You probably think of Verizon as a telco. That's not how they think of themselves: "Ultimately, we don’t see ourselves as a data provider; we see ourselves as an ad platform that helps brands and consumers connect".

Verizon, like Experian, are "identity providers" to GOV.UK Verify (RIP). If you use that system via Verizon, are you safely proving on-line that you are who you say you are? Or are you helping Verizon to connect you with brands?

EU governments are CRAP at cloud, moans Brussels' infosec watchdog

D Moss Esq

ENISA's consistent message

This latest report of ENISA's refers to their earlier one, January 2011, Security & Resilience in Governmental clouds, on p.8 of which they say about cloud compting: "its adoption should be limited to non-sensitive or non critical applications and in the context of a defined strategy for cloud adoption which should include a clear exit strategy".

They can hardly be surprised that many EU governments have, very sensibly, on ENISA's own recommendation, proceeded slowly.

The surprise, as noted by earlier commenters, is that so many EU governments, the UK included, have put sensitive and critical applications in the cloud with no known exit strategy – HMRC, the Home Office, the Ministry of Defence and the Government Digital Service, to name but a few – often with one-man companies like Skyscape.

UK.gov shuns IT support tower model. Now what the hell do we do?

D Moss Esq

EU ministers hold Big Meeting on Big Data. But how will they get you to hand it over?

D Moss Esq

"... how will they get you to hand it over?"

The standard answers include:

1. National security. You want to be safe? Give us your data. Ref. Communications Data Bill and Edward Snowden.

2. Money. You want to be rich? Give us your data? Ref. Stephan Shakespeare and Nigel Shadbolt, who appear to believe that open data causes innovation.

3. Health. You want to be well? Give us your data. Ref. Tim Kelsey and care.data.

4. Social responsibility. You want to pay your debt to society that provides you with public services? Give us your data. Tim Kelsey and care.data again.

5. Tax justice. You want everyone to pay the tax they owe? Give us your data. Ref. David Gauke and the G8 initiative on tax-dodging, see HSBC passim.

6. Paedophiles. You want to eradicate paedophilia? Give us your data. Ref. David Cameron and Anonymous.

After a while you get the idea that all good things come from open data.

There might be a lingering question whether the government could have access to all data and yet still somehow fail to maintain security, expand the economy, etc ... The Child Support Agency, for example, had unrestricted access to all data on its parishioners and yet still succeeded in multiplying their misery.

Inside GOV.UK: 'Chaos' and 'nightmare' as trendy Cabinet Office wrecked govt websites

D Moss Esq

GDS's response to criticism

"... in the information technology age, a government website really matters" – so said Liz Fisher of the UK Constitutional Law Association on 9 May 2013 at the end of a blog post about GOV.UK, which she found to be flippant.

There was no response to her criticisms from GDS. The party line, laid down on 19 July 2012 was: "Not feeding trolls is the biggest sign of the strength of our culture".

That hasn't changed, 18 February 2015: "Colleagues, not feeding trolls continues to be sound advice".

So much for understanding just how much the government website really matters.

Blighty quietly signs deal to read giant EU border control database

D Moss Esq

It seems like only six years ago ...

... that we read in the Observer:

Britain's police forces are still unable to use a pan-European database of criminals, prompting warnings that this could hinder their ability to track terror suspects entering Europe ahead of the Olympics.

The UK was given access to sensitive information on criminal and policing matters held on the Schengen Information System, an EU-wide directory, in 2000, but there have been repeated technical problems ...

Experts say the database could form a powerful weapon in the fight against crime and terrorism. In the past, Home Office officials have said that connecting British forces to the system had proved impossible due to technical difficulties and "acts of God", such as a fire that destroyed vital IT equipment.

How time flies.

Faster and faster.

The Guardian reported in July 2007 that:

Interpol said last night that the UK makes just 50 checks a month of the database; France by comparison makes 700,000 checks and Switzerland makes 300,000 ...

Mr Noble [the head of Interpol] said that Gordon Brown's promise last week to share a list of potential terrorists with other countries had yet to materialize. "British citizens might be surprised to find that this watch list announced by your prime minister last week has not been sent to Interpol," he said. "Why is it that some countries make sure passengers do not carry a bottle of spring water on to a plane, yet aren't careful to ensure convicted felons aren't entering their borders with stolen passports?"

And it was just over 10 years ago in December 2004 when the BBC told us that Interpol had complained that passport numbers aren't checked on entry to the UK – Interpol has a database of 5 million stolen passports, the EU has a database of 10 million lost and stolen passports and the UK doesn't check people on entry against either of them.

Border security has been away from the UK on a long eOdyssey. Will it really come home on 13.4.15?

Breaking news: BBC FINALLY spots millions of mugshots on cop database

D Moss Esq

Double whammy black eye for the police

QUOTE

MacGregor told the Beeb last night that there were "grounds for doubts" about the reliability of facial recognition tech.

UNQUOTE

Quite right.

There's lots of evidence that the technology doesn't work, – http://www.theregister.co.uk/2009/08/14/biometric_id_delusion/ – and no evidence that it does.

Not just an invasion of privacy but also a waste of money. The police may want to be seen to be "doing something" but this is a double whammy black eye and not a feather in the cap at all (Catch-22).

'Success'? Verify FAILED for 40% in self-assess tax trial

D Moss Esq

Here's one you can try at home

Of the five identity providers that have signed a contract with the GDS, only Experian and Dutch identity management firm Digidentity have so far won accreditation.

That's what GDS keep saying but it's not true.

Accreditation is awarded by tScheme.

tScheme's list of approved services for GOV.UK Verify lists Experian only. That's one "identity provider" that has so far won accreditation, and not two.

Digidentity still appear on tScheme's list of registered applicants, along with Mydex, the Post Office and Verizon. They're all in the same boat. The unaccredited boat, not yet certified trustworthy.

These five "identity providers" applied under the old framework for GOV.UK Verify. When the new framework comes in, they'll all have to start again – the new service will start with no certified "identity providers". Or two of them, as GDS will probably say.

Peers warn against rushing 'enhanced' DATA SLURP powers through Parliament

D Moss Esq

Wake up and smell the camphor

ElReg says: "The Tories have steadfastly stuck to its plans to reboot its mothballed Communications Data Bill, colloquially dubbed a Snoopers' Charter, if it returns to government after the General Election in May".

The Daily Telegraph says: "The Prime Minister said that the Security Services would be given the powers to read all messages sent over the internet, if the Conservatives win May’s general election".

Funnily enough, the Communications Data Bill said: "Nothing in these proposals will authorise the interception of the content of a communication. Nor will it require the collection of all internet data, which would be neither feasible, necessary nor proportionate" (please see Introduction, p.2).

Not proportionate. Not necessary. And not even feasible.

Must diarise: UK.gov Verify ID system will 'definitely' work by 2016

D Moss Esq

Digidentitywise, GDS are breaking their own rules

What were previously known in the science fiction/fantasy world of GDS as "identity providers" are now known as "certified companies".

All certified companies are certified by tScheme.

That's the rule.

Without that, they're not certified.

tScheme maintains a list of approved services, http://www.tscheme.org/directory/appserv.html

Digidentity are not on the list.

tScheme also maintains a list of registered applicants, http://www.tscheme.org/directory/appserv.html

That's the list with Digidentity on it.

They've applied for tScheme's seal of trust but they haven't been granted it yet.

What should America turn to for web advice? That's right: GOV.UK – says ex-Obama IT guru

D Moss Esq

This is the example an "ex-Obama IT guru" recommends for the US?

1. The UK Constitutional Law Association certainly weren't too impressed at the advent of GOV.UK.

2. There was some internal dissent on the GOV.UK development project, please see this blog post by the brilliant Jeni Tennison. (Brilliant? She produced this – a genuine example to follow.) How was that internal dissent handled? She became external. She left and is now at the Open Data Institute.

3. Who doesn't wish they'd been a fly on the wall at the offices of Her Majesty's Revenue and Customs when the crack team of experts from GOV.UK arrived with the future in their hands and told the taxmen they couldn't ask people to "submit" VAT returns any more (Value Added Tax/Sales Tax). "Submit" is too long and formal apparently and in future people will simply "send" their VAT returns.

4. And now there are hints that GOV.UK will be the model for all local government websites in the UK as well. Consolidate. Centralise. Standardise. States' rights? There's a model to follow.

D Moss Esq

Re: Where should America turn for advice? Not GDS. Not if it's the truth you're after

Thank you very much for your fast response tweaking. Very impressive.

D Moss Esq

Re: Where should America turn for advice? Not GDS. Not if it's the truth you're after

Yes, I thought her picture looked funny when I tweeted her just now. Then it occurred to me that maybe ...

D Moss Esq

Where should America turn for advice? Not GDS. Not if it's the truth you're after

She show the audience a table showing the cost and reach of the new GOV.UK website which replaced the old Direct.gov.uk (as well as numerous other services run by different government departments).

That seems like as good a place to start as any.

Miss McCarthy has been misled. So has Miss Pahlka. Certainly it says on https://www.gov.uk that "this website replaces Directgov and Business Link". But that's not true. It didn't replace these two websites two years ago when GOV.UK was launched and it still hasn't today.

It's safe to try this at home.

Start at GOV.UK, search for "jobseekers allowance", click on "claim Jobseeker’s Allowance (JSA) online" and you're taken straight to Directgov. Ditto if you try to log in to "universal jobmatch". Or try applying for a provisional driving licence.

Directgov is still there and so is Business Link. Search for "contracts finder" on GOV.UK, click on "start now" and you'll find yourself on https://online.contractsfinder.businesslink.gov.uk/.

GOV.UK "replaces Directgov and Business Link"? That is just one claim made by GDS, the UK's Government Digital Service, which is not to be trusted.

The same goes for GDS's claim that digital transformation has saved £10 billion or 4% of the UK gross domestic product. £10 billion is only 0.6% of UK GDP. Most money has been saved by laying off staff or negotiating better prices from suppliers. The saving attributed to GDS is only 0.0138% of UK GDP.

That 4% claim was made by GDS at Ms Pahlka's Code for America Summit 2013. She was misled. And now she has misled Ms McCarthy, no doubt inadvertently. And now Ms McCarthy is misleading her readers.

But before this falsehood is passed on into folklore as an unquestioned truth, let's nip it in the bud, shall we.

And let's try to correct the impression anyone at the CfA Summit might have got that GDS was already operating an identity assurance scheme (IDA) for 45 million Brits. It wasn't then and it still isn't.

IDA has already taken longer to develop than the much-maligned US Healthcare system and, despite all the fashionable agile development methodologies being used, it still doesn't exist.

You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES

D Moss Esq

Spooky

Some time back, ElReg carried an important medical report, Wacky 'baccy making a hash of FBI infosec recruitment efforts. The science is hard to follow but you don't think, do you, that the same problem now affects our own dear Cabinet Office?

D Moss Esq

It's beyond the power of FTSE-100 companies ...

Who can forget that 5 September 2012 press release issued jointly by BIS and the Cabinet Office (prop. F. Maude) Business leaders urged to step up response to cyber threats? That's when they wheeled in Sir Iain Lobban, the Director of GCHQ at the time, to tell the assembled chairmen of the UK's top 100 companies that they were no good at cybersecurity.

Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. My experience suggests that in practice, few companies have got this right.

You'd better forget it now because otherwise Mr Maude's comments don't make sense. Security – particularly in the cloud – is a unicorn. A lovely idea, but it doesn't exist.

If you can't forget it, then the question is what are those dreadful bullies at GDS going to make poor Mr Maude say next? Whitehall can't afford not to use consultants?

D Moss Esq

Be under no illusions ...

Central and local government departments need have no fear about the security of the cloud computing services they buy from CloudStore/the Digital Marketplace.

These are underpinned by HMG's stringent Cloud Security Principles.

And suppliers demonstrate their adherence to these security principles by saying that they do:

QUOTE

Assure

Suppliers will complete a number of pre-defined security statements asserting how their services meet the Cloud Security Principles.

UNQUOTE

It's called "self-certification" and it worked very well in the run-up to the credit crunch when borrowers self-certified their own mortgage applications.

D Moss Esq

Re: First draft of this speech read...

Funny you should mention that.

"When it comes to cyber security QinetiQ couldn’t grab their ass with both hands"

US Marshals commit DIRTBOX INTRUSION on Americans, says report

D Moss Esq

PKI

Once upon a time, in a land far far away, the theory was that all the equipment on the mobile phone networks used public key encryption for authentication. As a result, spoof radio masts, whether operated by the police or anyone else, could not be inserted into the networks. If they can be, then someone's letting them in through the back door.

Pitchforks at dawn! UK gov's Verify ID service fail to verify ID

D Moss Esq

Re: Experian are dreadful

And then there's Experian in the US, where an ID fraudster carried on his trade via Experian for nearly a year until the Secret Service told them what was going on. You may think you're angry but wait till you hear Senator Rockefeller.

D Moss Esq

Apart from his 2 July 2014 post on IDA, RIP IDA – "we're building trust by being open" with its 16 subsequent updates DMossEsq has nothing to add to Ms Fiveash's excellent and comprehensive coverage.

We already know that Mike Bracken was guilty of a number of terminological inexactitudes when he spoke to the Code for America Summit a year ago.

It is evident to all that DEFRA have no control over what's happening to them, while GDS and Experian are keeping shtum, leaving farmers with a vague notion that they're never going to be paid any CAP money ever again thanks to the popular transformation of public services.

As promised by FMaudeEsq, identity assurance is turning into a massive data-sharing bonanza in the midst of which you can have privacy or public services, one or the other but not both.

IDA is dead. We just have to drum our fingers while we wait for it to be buried. It has richly deserved its right to be forgotten.

We know all that.

No need to repeat it.

Australia mandates* cloud use by government agencies

D Moss Esq

Re: The Cloud vs Inhouse IT

What do you think happens to a company trying to negotiate a cloud services contract when they know nothing about the subject? They pay top dollar. That's what. And when the cloud service goes down, they're last in the queue for attention.

As the percentage of in-house IT departments closed down tends towards 100, the cost of cloud computing will tend towards or go through the roof. Bang goes the cost advantage.

Long before that happens, it will be cheaper to replace the shop and hospital IT staff you say are so hopeless with competent personnel.

It will also avoid the disappointment of discovering that the cloud suppliers' staff are just the same.

D Moss Esq

Re: Thank goodness we've got the cloud sorted out here in the UK

Glad you enjoyed it.

I compare cloud now with timesharing in the 70s, Comshare and GEISCO, not holiday apartments in Spain. Timesharing died. So will cloud.

D Moss Esq

"Maybe I'm an idiot"

– Was it Larry Ellison himself who said: "The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do, The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?"

– D'you know, I think it was.

D Moss Esq

Thank goodness we've got the cloud sorted out here in the UK

They do seem to be in a bit of a pickle cloudwise in Australia.

They should take a lesson from the UK, where "Cloud First" is the rule for central and local government.

And where we have the CloudStore, an on-line supermarket for cloudy products and services.

Admittedly no-one knows what "Cloud First" means and very few people have heard of it. Also, the CloudStore was meant to close down on 30 September but it's still limping along because someone can't get the replacement Digital Marketplace to work.

"Someone" is the Government Digital Service (GDS) and their advice to central and local government is "Don't procure. Commission". No-one knows what that means either.

The Government cloud programme (G-Cloud) has its own Twitter account, @G_Cloud_UK, and that's where we Brits go to find out what's happening. The Australians could usefully pay a visit.

Cloud computing depends on trust frameworks. Everyone knows that. Then a few months ago Chris Chant started Tweeting on @G_Cloud_UK about how trust can never be achieved, what you really need is truth. "24hrs to go" he said on 30 July 2014, "until @RainmakerCXO totally disrupts UK Cloud security capability. Truth better than trust. truth.rainmaker.solutions @G_Cloud_UK".

It wouldn't matter what he says if it wasn't for the fact that he's the principal architect and advocate of G-Cloud. And what he's saying is that you're wasting your time holding out for trust. What you need is GuardTime, an Estonian product marketed by Rainmaker Solutions. Let the Australians take note.

Some of us Luddites are a bit anti-cloud.

It's something to do with the OECD saying "cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties ...". And ENISA saying about cloud that "its adoption should be limited to non-sensitive or non-critical applications and in the context of a defined strategy for cloud adoption which should include a clear exit strategy ...". (ENISA is the EU's Network and Information Security Agency).

What with that and Kim Dotcom and Edward Snowden and Bruce Schneier, it's a relief to see that local goverment in the UK is generally forswearing the cloud.

The other day, a journalist tried to snap these fuddy-duddies out of the 18th century and wrote "Council IT teams overstating cloud security concerns". But he didn't really mean it and was last seen on @G_Cloud_UK asking "why is cloud any less secure than a server sitting under a desk?".

Then yesterday, when Bruce Schneier's #IPExpoEurope comments on the cloud were reported – "We’re losing control of our data because of the cloud" – the CEO of Omnis Systems leapt to the cloud's defence on @G_Cloud_UK: "Actually it's because of public #cloud hosted in other countries. Host them in UK/EU & you'll have no issues" before adding 17 minutes later "#Cloud is not safer or cheaper for many use cases but it sounds good so who cares, they say".

That shared understanding of the cloud that we have in the UK, the confidence in its security, that's what Australia needs. Just ask that lady whose pictures were leaked the other day. She'll tell you.

DVLA website GOES TITSUP on day paper car tax discs retire

D Moss Esq

Re: Worked for me....

Renew-a-tax-disc always has worked really well, ever since the web facility was introduced in 2006, eight years ago, five years before GDS sprang into existence.

D Moss Esq

Re: Worked for me....

Are you trying to suggest that because the site worked for you yesterday it isn't really down today?

D Moss Esq

"Transparency is the bedrock of change"

... that's what Oliver Morley said the other day. He's the Chief Executive of DVLA and he should know. What users are experiencing now is not an outage. It's a bedrock.

Further, as you know, the great virtue of using the cloud is that capacity expands instantly to meet demand. As demonstrated in this case.

Who runs taxdisc.service.gov.uk? NSLookup says the IP address is 62.25.101.198. And RIPE says that belongs to Energis UK in Watford.

Labour outsources digital policy, Tories turn up to finish it

D Moss Esq

BOGOF

There are at least two Labour Party digital manifestos.

The one Andrew Orlowski cites is by Jon Cruddas.

Then there's the one by Chi Onwurah which hasn't been published yet.

While we wait for Ms Onwurah's, let's remind ourselves of some of Mr Cruddas's obiter dicta. These are taken from a speech he gave at the Royal Society of Arts, Radical Hope, where he was channelling the thoughts of a consultant he approached, Plenty Coups, great chief of the Crow Indians (Native Americans). He says:

• Our welfare state is ill-equipped to deal with modern social evils like loneliness and the loss of community.

• Our health service is struggling to cope with the rise of chronic illnesses like depression, obesity and diabetes, and we literally lack a proper system of care for our growing elder population ...

• Our present model of education rewards conformity in pursuit of a narrow, logical and mathematical form of intelligence. It fails far too many children and it reproduces the power of the already privileged. It is wasteful of our most important economic resource which is human ingenuity ...

• The future represents a powerful challenge to my party. Historically, our instincts have too often been to centralize, conform and control. To shape the future of our country we in Labour know that we have to do things differently.

That's the problem.

And the solution Mr Cruddas proposes, him and the old Crow, is digital government.

Deploy digital government, and the buffalo will come back.

"I've always been ready to admit I'm on the romantic and conservative side of socialism" says Mr Cruddas, "one that values the local, the parochial and the magical as sources of political agency and power".

Ms Onwurah's manifesto, we may radically hope, will rely less on magic.

D Moss Esq

On-line voting

Armed with our free 1Gbps broadband I see that we are to have on-line voting in local and general elections, please see paragraphs 80 and 81.

This will ensure that the result of elections is not determined by the voters but by the body with the greatest hacking ability.

Not all that democratic but achingly fashionable.

Give us a digi-Czar and more bureaucrats, begs UK tech-services biz

D Moss Esq

Re: Is it just me or do Tech UK come across as ...

On reflection, sad and desperate seems about right.

D Moss Esq

Re: I'm confused

Can't help you there, sorry, Spine 2 will have to remain the object of confusion.

What is certain is that GDS released their application-to-register-to-vote system with no identity assurance worthy of the name. They've been promising identity assurance for years. If democracy is your bent, then further assistance with authentication of the electoral roll is quite an attractive prospect. But no, it was too much for them. No identity assurance.

D Moss Esq

Re: Trust the UK?

A. Several senior members of the industry have declared that IT trust can't be achieved. Acknowledge that fact, they say, take it on board, digest it and give up the hunt. You won't find a world-leading trusted domain and you can't become one. Because they don't exist.

Stop wasting your time bashing your head against the wall and try something else – truth.

B. "Truth, not trust". That's their motto. The truth is revealed, according to them, by using products/services from Rainmaker Solutions.

They could well be right about A. Which would leave the Czar with the same clothes as the emperor. As to B, you tell me.

Pedals and wheel in that Google robo-car or it's off the road – Cali DMV

D Moss Esq

Re: From the archives, 1999

No, a Sony Xperia. Restarting it involves taking the back cover off and jamming a 2" No.8 into the reset hole.

D Moss Esq

From the archives, 1999

http://www.snopes.com/humor/jokes/autos.asp

QUOTE

At a computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto industry and stated: "If GM had kept up with the technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon."

In response to Bill's comments, General Motors issued a press release (by Mr. Welch himself) stating:

If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:

1. For no reason at all, your car would crash twice a day. [Rather like my Android smartphone]

2. Every time they repainted the lines on the road, you would have to buy a new car.

3. Occasionally, executing a manoeuver such as a left-turn would cause your car to shut down and refuse to restart, and you would have to reinstall the engine. [Rather like my Android smartphone]

4. When your car died on the freeway for no reason, you would just accept this, restart and drive on. [Rather like my Android smartphone]

5. Only one person at a time could use the car, unless you bought 'Car95' or 'CarNT', and then added more seats.

6. Apple would make a car powered by the sun, reliable, five times as fast, and twice as easy to drive, but would run on only five per cent of the roads.

7. Oil, water temperature and alternator warning lights would be replaced by a single 'general car default' warning light.

8. New seats would force every-one to have the same size butt.

9. The airbag would say 'Are you sure?' before going off.

10. Occasionally, for no reason, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key, and grabbed the radio antenna. [Rather like my Android smartphone]

11. GM would require all car buyers to also purchase a deluxe set of road maps from Rand-McNally (a subsidiary of GM), even though they neither need them nor want them. Trying to delete this option would immediately cause the car's performance to diminish by 50 per cent or more. Moreover, GM would become a target for investigation by the Justice Department.

12. Every time GM introduced a new model, car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.

13. You would press the 'start' button to shut off the engine.

UNQUOTE

Go on, inhale our G-Cloud via 'Digital Marketplace' – UK.gov

D Moss Esq

Truth, not trust

"Truth, not trust" is a slogan that Chris Chant and Tim Hanley have been spraying around @G_Cloud_UK for the past two months or so.

What they mean is that it is impossible ever to achieve trust in the cloud.

Far better, they say, to go for truth, by which they mean some incontrovertible way of knowing that your data in the cloud has been changed or stolen.

How do you achieve that? By hiring Rainmaker, a consultancy promoted by Chant and Hanley.

And how will Rainmaker help? By deploying Guardtime, an Estonian product that uses some keyless authentication product.

Having these two point out that you can't trust the cloud doesn't seem to worry Tony Singleton, the head of G-Cloud. He's never bothered to deny their allegations.

But it may worry G-Cloud's prospective customers, whether they're buying from CloudStore or the Digital Marketplace.

----------

Cloud computing goes up in smoke

http://www.dmossesq.com/2014/08/cloud-computing-goes-up-in-smoke.html

FTC calls for Congress to crack down on consumer data harvesting

D Moss Esq

Re: Strange that they missed some big harvesters.

And Experian.

See Brian Krebs:

(a) Experian Sold Consumer Data to ID Theft Service, http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service/

(b) Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records, http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/

And it's not just the FTC taking an interest but the Congressional Committee on Commerce, Science, & Transportation, too, http://www.commerce.senate.gov/public/index.cfm?p=Hearings&ContentRecord_id=a5c3a62c-68a6-4735-9d18-916bdbbadf01&ContentType_id=14f995b9-dfa5-407a-9d35-56cc7152a7ed&Group_id=b06c39af-e033-4cba-9221-de668ca1978a

On 16 June 2014, 19 days time, Mr Hieu Minh Ngo will be sentenced in a court in New Hampshire, having already been found guilty of 15 charges related to identity fraud, http://krebsonsecurity.com/wp-content/uploads/2013/10/NgoIndictment.pdf

He conned personal data out of Experian for months and his scheme only came to an end when the US Secret Service told Experian it was happening. The new Hampshire judge may have a few choice words for Experian, as well as Mr Ngo.

Which has nothing to do with us over here in the UK, of course, we don't have "data brokers", we have "credit referencing agencies", that's quite different.

Experian is one of the Government Digital Service's five remaining "identity providers" on whom their invisible identity assurance scheme depends. Nothing to see here, http://www.dmossesq.com/2014/03/rip-ida-16-june-2014.html

PAF! MPs go postal over postal location data sell-off by Coalition.gov

D Moss Esq

Re: Barriers to entry – 3

Barriers to entry deprive society of the fruits of innovation.

What fruits of innovation?

Mr Shakespeare doesn't tell us in his report.

He appeared in front of the Public Administration Select Committee with Professor Sir Nigel Shadbolt on 22 October 2013. You can watch them performing here. But you still won't find out what it is we're missing.

Professor Sir Nigel is chairman and co-founder of the Open Data Institute, of course. The ODI think that open data will lead to all sorts of valuable innovative apps. Although they haven't said which apps those will be yet, nor how valuable.

He's also chairman of the midata programme. That's an initiative of the Department for Business Innovation and Skills. They want us all to have personal data stores (PDSs). PDSs will empower us, apparently, and they will help us stupid people to make rational lifestyle decisions and, what's more, they'll make the economy grow. How? By creating an enormously valuable industry of innovative apps, obvs.

What innovative apps?

Glad you asked.

Professor Sir Nigel set up the midata Innovation Lab (mIL). mIL were let loose, like innovation tigers, and they produced five prototype apps. The Prof was so pleased with these prototype apps that he said they would allow us to "get to the future more quickly".

"Prototype", here, by the way, means "not really apps, you can't buy them". Take a look at them. They're just like all the other apps you can already buy on Google Play and the iTunes App Store and the Windows Phone store. There's nothing innovative about them at all. They are not Professor Sir Nigel's HS2 to the future.

So what are we missing? What innovation is society being deprived of by barriers to entry? Answer, stuff you can already buy in the market for once-off prices like 69p.

Therefore there was nothing wrong with selling the PAF along with Royal Mail.

D Moss Esq

Re: http://www.royalmail.com/postcode-finder

Sure Don, let's see.

If and when they start charging let's see if we can guess whether charges would have been imposed if the company had still been owned by the Secretary of State for Business Innovation and Skills. The way they are for accessing Companies House data, for example.

D Moss Esq

Re: Typical Govt b0llox

Crimea.

Now there's a country that understands barriers to entry.

Page: