* Posts by Bumbling Fool

27 publicly visible posts • joined 1 Sep 2009

Quantum crypto boffins in successful backdoor sniff

Bumbling Fool

This is how it works

The reason why QKD works is because of the peculiar quantum rules for measurements.

Quantum states work like vectors and we can create superpositions of them. The basis states are actually associated with observables. Let's suppose we have an observable A and an observable B. Now let's suppose a measurement of A will yield two values a1 and a2 - this is the case for polarisation - and that the measurement of B yields two values b1 and b2.

The superposition means that we can write a state a1 as an addition of the states b1 and b2.

Thus a1 = b1 + b2

Now here's where the weird quantum rules come in. Suppose we prepare a state a1. If we measure the observable A we will find the state a1 with 100% probability. The state will be undisturbed.

However if we measure B then the quantum rules tell us that we get the result b1 with 50% probability and the result b2 with 50% probability. Furthermore, if we obtain the result b1 the system has been projected into the state associated with b1.

Now if we think of A and B as two coding schemes where a1 = 1 and a2 = 0 and b1 = 1 and b2 = 0 for example then we can see how we can use the quantum rules to give us a QKD system.

For each transmission we randomly choose whether to use the A or B coding scheme and we also randomly choose whether we will transmit a 1 or 0. Thus we end up with a list of transmitted data - an example is given below.

time slot 1 : state a1, bit value 1, coding scheme A

time slot 2 : state b2, bit value 0, coding scheme B

time slot 3 : state b2, bit value 0, coding scheme B

time slot 4 : state b1, bit value 1, coding scheme B

Now at the other end the receiver does not know which coding scheme has been chosen for each time slot and so must guess. If the coding scheme is guessed correctly then the laws of quantum mechanics mean that the transmitted bit value will be read correctly with 100% probability.

What happens when the receiver gets it wrong? Let's look at time slot 1 and suppose the receiver guesses that a B coding has been used. The laws of quantum mechanics tell us that the result of this measurement will be b1 or b2 with 50% probability of each. Thus half of the time the incorrect bit value will be read.

So in order to get consistent data the sender and receiver select all those instances where they used the same coding scheme and throw away all of the rest of the data. They can do this by revealing the coding scheme they used, but they do not reveal the actual bit that was transmitted/received. The actual bit values where the same coding scheme was chosen can be used to form a key - provided there has been no attempt at eavesdropping - but how do we know? Well the laws of quantum mechanics mean that we can tell.

If there is an eavesdropper we might have the situation

transmit A -> eavesdrop B -> receive A

The eavesdropper guesses the coding scheme wrongly - now the laws of QM tell us that there is a 50% chance each of getting the result b1 or b2. This projects the state into b1 or b2 depending on the actual result. So the eavesdropper who has no way of knowing whether this is correct or incorrect transmits the state she has measured. Now the state that arrives at the receiver is now a B state instead of an A state. Let's suppose it was b1

To the receiver's device, set to measure an A coding, this looks like b1 = a1 + a2 by the superposition rule. So the receiver has a 50% chance of getting the result right - even though he is measuring in the same coding scheme that the transmission used. This leads to an error rate in this data which can be detected.

The simple intercept strategy outlined here leads to an error rate caused by an eavesdropper of 25% if she measures and re-sends every photon.

Bumbling Fool

Quantum Jiggery

Thanks for the kind words Ed.

You are right - I was using the position/momentum uncertainty relation by way of explanation. The quantum property that is being exploited is that of complementarity. Position and momentum are complementary variables in that the quantum operators do not commute which leads directly to an uncertainty relation between them. In the case of a photon we can use phase or polarisation.

The standard implementation uses a long time division interferometer to create different path lengths and a phase modulator to establish the coding and measurement bases. It's a bit easier to work with phase than polarisation.

Essentially the key property is that two different, complementary or non-commuting, operators are employed to establish (at least) two different coding schemes. The coding scheme for each transmitted bit is chosen at random - as is the measurement basis. The measurement basis determines the 'read' code.

Now quantum mechanics ensures that a measurement in the wrong coding basis will scramble the information in the other correct coding scheme. The randomness of the choice ensures that an eavesdropper is forced to create an unavoidable error rate. The eavesdropper has no idea whether a measurement is wrong or right and the measurement irreversably projects the state onto the eigenbasis of the measured observable.

The key is only established from the photons that are received - and with Alice and Bob choosing their transmit and receive coding schemes at random this means that 1/2 of the data (on average) is potentially corrupted. It also means that the eavesdropper has to be active - a photon that never gets to Bob never forms part of the eventual key. An eavesdropper must do some kind of intercept re-send strategy in order to have a chance of getting information about the key.

Each transmission requires 2 bits of information - the coded bit and the coding scheme. After the transmission Alice and Bob compare for each time slot their send and receive coding schemes. The data in which they chose different schemes is discarded. The remaining 50% of the data should be in agreement. This procedure gives away 1 of the bits per transmission - but the actual value of the transmitted bit is not revealed. They then take a random sample of the non-rejected data which should agree and compare the actual bit value that has been transmitted and received. If there has been an eavesdropper there will be an error rate.

If this error rate is below a certain level then the data can be corrected. What Alice and Bob now have is a smaller set that they agree on but which is now only partially secret. They then have to distil a much more secure smaller secret from this using a classical technique of privacy amplification.

The operating error rate is obtained by assuming the most general measurement that can be performed by an eavesdropper consistent with the laws of quantum mechanics. These are Quantum Non-Demolition measurements (QND) and they are the most general measurements that can be performed - at least in theory because many such schemes are infeasible using current technology. It can be shown that with such error rates and with a BB84 protocol the minimum error rate that an eavesdropper can cause consistent with the laws of quantum mechanics is around 11% (if she were to measure every transmitted bit).

As with so many security systems it is the implementation that is flawed rather than the general principles. So even one time pads can be broken with a flawed key management implementation. The same is true here of the QKD implementation.

Bumbling Fool

It's Somewhat Uncertain

Well there are two variants on quantum key distribution. One uses entanglement as mentioned - but I don't think any of the commercial offerings use this technique. A more straightforward technique is to (effectively) exploit the uncertainty principle to provide the security.

Basically in quantum mechanics it is not possible to measure certain quantities with arbitrary precision. So, for example, it is not possible **in principle** to measure both the position and speed (actually the momentum) with arbitrary precision. If we do an experiment to find out how fast a particle is moving - then we lose some information about where the particle is. And vice versa. The actual limit is given by the uncertainty principle.

The idea behind QKD is to think of these properties as different coding schemes. So sometimes we encode the information as a 'position' and sometimes we encode the information as a 'speed'.

An adversary trying to measure this would have to make some choice about what to measure - position or speed - the adversary cannot measure both properly. If the adversary gets it wrong then this act of measurement destroys the information that is coded on the other property.

As you rightly say the man in the middle attack would work as you suggest IF we could copy these quanta. However the ability to accurately copy these quanta is impossible in QM (it's something called the no-cloning theorem). We can think of this as a kind of consequence of the uncertainty principle. In QM the object is described by a wavefunction which contains the knowledge of the object's properties - if we could recreate this then we'd have a way of being able to measure all of the system properties including those that are subject to an uncertainty relation - which cannot be done.

So Alice and Bob arrange it so that a random coding is applied for each transmitted quanta. The adversary or eavesdropper Eve does not know what coding scheme (position or speed) has been applied for any given quanta - so sometimes Eve will guess wrong and disrupt the information encoded on the correct property. This leads to an unavoidable error rate that can be detected.

But practical systems live in the real world and there are all sorts of noise mechanisms - and so classical techniques are employed to do the error correction. These can be done securely at the expense of some of the transmitted quantum key material. This attack has exploited a weakness in the implementation of these - it hasn't upset the quantum apple cart.

Entanglement uses another property of QM - that of correlation. The idea is that two correlated particles are created and one is sent Alice and one to Bob. Alice and Bob can perform measurements on their particles and show that they violate Bell's inequality - this is a quantum mechanical property. A classical system would satisfy this inequality. Basically it's showing that there are no 'hidden variables' in quantum mechanics - these hidden variables, inaccessible to experiment, give a more complete or definite picture than the wavefunction.

In an entangled QKD system the eavesdropper when making a measurement effectively acts as a hidden variable by forcing the system to be in a certain state. The transmitted particles will no longer violate Bell's inequality and so the eavesdropping can be detected.

Hope that helps.

Cyber attacks will 'catastrophically' spook public, warns GCHQ

Bumbling Fool

Science fiction or science fact?

Yes, it is true that a QKD system requires an authenticated channel to prevent against man-in-the-middle attacks. This is an unavoidable requirement for the initial set-up of such a channel. However, once the channel has been established the exchanged secrets can be used for subsequent authentication. Once a QKD system has been set up it pretty much runs itself automatically - which is an attractive feature in some cases. It also allows you to consider other key management possibilities in which the key refresh rate can be much higher than would be the case for security policies in which master keys are to be refreshed manually.

There's far too much hype surrounding both QKD and quantum computing. They are just different technologies for achieving very specific things. They work - they have been built. QKD is commercially available. Quantum computers exist only as small-scale lab demonstrators.

QKD is just an alternative method of exchanging, or rather establishing, keys. No more and no less. It offers some advantages over traditional methods, but it also has some weaknesses. It's just a different technology.

The same is true of quantum computing. In security terms the relevant thing to note is that a quantum computer can perform factorisation (or solve discrete logs) much faster than their classical counterparts. So if the inability to factor or find discrete logs is something that your security relies upon then the ability to do these things very quickly undermines that security.

The 'quantum' aspect is really irrelevant. If it helps just think of it as a new factoring algorithm that works in seconds rather than years. Such an algorithm running on a classical conventional computer would have exactly the same security implications.

Bumbling Fool

well yes, but . . . .

"People grumble and make a few phone calls, but all in all we get over it. Normal people are quite capable of dealing with minor inconvenience"

Yes I accept this point for a relatively minor outage.

Suppose it was possible to disable electronic payment and cash machine facilities for a few days. Most 'normal' people, as you put it, would probably manage through this. However, I think there would be the possibility that some would not cope so well and this could (note 'could') lead to some civil unrest.

The banks don't have to be the main target here - just creating enough chaos and difficulty to divert attention from elsewhere might be the goal. Who knows?

I think it's important to speculate about possible threats, however unlikely. Maybe it's this kind of exercise that has inspired GCHQ to describe a cyber attack as potentially catastrophic. Who knows what goes through their heads? They probably wouldn't want to explain their thinking on this anyway - just in case someone gets a bright idea from it!

Bumbling Fool

Don't bug me - well you can a bit

QKD channels can withstand a certain amount of eavesdropping and still retain their security.

The key is only ever established from photons that arrive at their destination so any eavesdropping has to be active. Simply trying to tap and 'read' the photons is not sufficient - something has to be sent on to the destination in its place. Quantum mechanics guarantees that one cannot copy or clone the photons.

The two ends of a QKD channel can assess the error rate on the quantum communication and, provided it is below a certain bound, can still establish a secure key between them. It is irrelevant whether these errors arise from active eavesdropping or from other system errors such as detector dark count noise.

There are classical processing techniques that will allow the distillation of a shared secret from a collection of partially secret bits. Knowing the error rate one can provably establish the maximum amount of key information that could have possibly leaked to an eavesdropper and reduce this to an arbitrarily small amount using these techniques.

Observation of a quantum computer IS what collapses the state onto the 'answer'. In a QKD channel observation by an eavesdropper is a source of errors that can be measured and dealt with. In quantum computation it is the act of observation, or measurement, that collapses the processed input state onto what is hoped to be the correct answer.

Bumbling Fool

still not quite true

Quantum computers using Grover's algorithm will reduce the key space by a factor of two - not the time. An important distinction.

So a key space of 128 bits becomes a key space of 64 bits.

For exhaustive key search the time scales as 2**n where n is the key size. Adding one bit to the length of the key doubles the time (approximately), and reducing the key length by one bit halves the time.

So you're reducing this time scaling by a square root with a quantum computer. Much, much better than halving the time!

Bumbling Fool

Quantum Jiggery Pokery

It's very important to distinguish between 'quantum cryptography' and 'quantum computing' as they are two quite different technical beasties.

Quantum cryptography is a terrible misnomer - invented to sound catchy but somewhat misleading. It should properly be called quantum key distribution (QKD). It uses the properties of quantum mechanics to establish a secure random sequence of bits between two users. This random sequence can be used as a key in symmetric crypto algorithms. It is just an alternative technology to traditional key distribution mechanisms.

QKD systems are commercially available. With some investment and a bit of adaptation and tinkering the entire UK telecommunications network could be protected using QKD within a reasonably short timescale. There is, however, no political or commercial will to do so.

Security is about risk management. Where are you most vulnerable? What failure will cause the biggest impact? etc etc. Existing arrangements for key distribution are not seen as sufficiently vulnerable in order to warrant the substantial investment it would take to implement a QKD mechanism as an alternative. With protecting a single link using QKD currently costing around the £50k mark just for the kit the assessment, quite rightly, is that the money is better spent protecting systems that are more vulnerable.

Quantum computing is another kettle of fish. It exploits the properties of quantum mechanics to perform some computations faster than can be achieved through classical means. Essentially it performs a massively parallel computation on the components of a wavefunction. The components each have a phase relationship and they are brought together to interfere to yield the correct answer. The principal reason why quantum computers are difficult to build is that this phase relationship is very sensitive. Even the slightest interaction with the environment will destroy the necessary phase coherence very quickly.

Quantum computers work and have been demonstrated but only very small versions have been built.

Furthermore there are only a few known algorithms for which a quantum computer provides any substantial benefit. Two of these just happen to be the ability to factorise and solve the discrete log problem - precisely the things you need to do to be able to crack the most popular public key crypto systems. So should someone figure out how to build a quantum computer of any size then we'd need to replace any crypto suite using these aysmmetric public key algorithms pretty quickly.

Symmetric algorithms like AES are not as vulnerable to attack using a quantum computer. In essence a quantum computer can halve the effective key size of a symmetric algorithm but it cannot do any better than this.

A successful 'cyber' terror attack on, say, the UK's banking network might have national security implications. If people cannot access cash or pay for goods there is the potential for short term civil unrest until the systems are back on line. This is just one example. Although if we all get smart meters then a cyber attack launched to turn off power might be more than a minor irritation. I'm sure there are other examples.

Anti-paedo vetting boss warns against relying on databases

Bumbling Fool

There's nothing wrong with databases . . . . .

. . . except

the data that's on them.

I have no problem with a record of criminal convictions being kept. It is sensible and necessary. It is a reasonable thing to do to consult this record in order to determine whether an individual has a previous conviction that might cast doubt on his or her suitability for a particular role, such as looking after children.

However, there are some fundamental requirements that often get overlooked.

1. The data must be accurate

2. It must not be possible to tamper with the data

3. The data must be fit for purpose

The problem isn't with the notion of databases, as such, but in what the Government believe such databases will achieve. Like anything else, databases, **when used appropriately**, can be very valuable things.

There are some very serious concerns over the operation of the enhanced vetting database.

- it would appear that even unfounded allegations will be recorded

- it would appear that judgements about what constitutes an appropriate 'lifestyle' are made

- it is not clear how the accuracy of the data is to be guaranteed

- it is not clear how the data can be effectively challenged

- it is not clear whether individuals will be able to see the data that is held on them so that it can be effectively challenged

And these are just a few.

There have already been cases of individuals being refused work, or effectively sacked, because of the appearance of completely unfounded allegations on their record. In some cases it has taken those individuals many thousands of pounds to attempt to get to the bottom of things and to attempt to set the record straight.

The saddest thing is that it will do very little to protect the vulnerable over and above the previous vetting scheme. What it will mean is that many more people will struggle to find suitable employment and that many people are dissuaded from working with vulnerable groups.

Google chief: Only miscreants worry about net privacy

Bumbling Fool

It's the principle, not the detail

AC - I largely tend to agree with you. However, what concerns me is the "if you've got nothing to hide" kind of thinking that Eric Schmidt's statement represents.

It's the pernicious assumption that if you like certain things to remain private then these things are necessarily 'wrong' in some way that worries me.

I'm not a google knocker. I actually appreciate the fact that I can use some of their tools and services for free - and speaking personally I'm happy for there to be some reasonable quid pro quo in terms of their use of the information they collect about my web habits. If that means I get the odd few targetted ads then that's OK with me.

But I do think it's important to stand up for the concept of the right to privacy which seems to me to be fundamental to the running of a truly free and democratic society. Obviously there has to be some balance - after all I believe we need the good guys to actually catch the bad guys once in a while and they need the tools and techniques to be able to do that. Getting that balance right in a fair, transparent and accountable way is very difficult, but essential.

I think we need to resist the 'something to hide' argument - yes there are people who do have something to hide, but the vast majority of us have something to protect, not hide. And that's our dignity and privacy and the opportunity to carry out our everyday lives, doing everyday normal things without excessive and unwarranted surveillance.

We shouldn't have to be looking over our shoulder every minute when we're doing absolutely nothing wrong. Nor should we be presumed to be guilty of something when we try to preserve our dignity and privacy - it's this huge and fallacious assumption in the thinking behind Eric Schmidt's words that must be exposed and defeated.

Don't know why, but I believe our freedoms, democracy and rights are actually quite important.

Bumbling Fool

We are hanging on - just

" . . . . wailing and bleating about privacy" ??

You're missing the point. Privacy is fundamental to a free society. Who do you turn to when you're rejected behind the scenes by your next prospective employer because you happen to be homosexual, or black, or Muslim, or have a subscription to The New Statesman - or whatever it is that they don't like about you? If everyone could be trusted to use your data repsonsibly, or think about it IN THE WAY THAT YOU DO - then maybe we can stop worrying.

However, suppose the government decided that having a sexual fetish - maybe you like people in wellies, or maybe you've got a thing for a little bit of bondage, whatever - if they decided that this makes you an inappropriate person to, say, have any kind of contact with kids, then what do you do if your entire career is centred around education, for example?

There's nothing wrong with most fetishes - but most people wouldn't want their sexual proclivities bandied about, erm how shall I put it? . . . . willy nilly.

It's about who gets to define, and ultimately control, what is acceptable. If you have the view that only certainly narrowly-defined behaviours and attitudes are acceptable then, if you're in a position of power, you can take steps to ensure that only acceptable people are given the opportunities on offer.

In extreme cases this can include the opportunity to carry on living.

If we all accept some kind of intrusive global monitoring infrastructure how long will it be before this is put to an unacceptable use by some government or organisation? Are you willing to trust that much? You really think the shower of shites who fiddled their expenses, claiming it was within the rules, or turning a blind eye when they knew it was going on, are people you want to entrust with the most intimate details of your life?

Bumbling Fool

Something to hide or to protect?

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place,"

This kind of pernicious thinking that equates privacy with 'something to hide' is something that must be attacked - and vigorously. Even the use of the word 'hide' is loaded in this context.

Yes I do have something to protect - that's my privacy and dignity, and that of my family.

The flaw in the logic of people like this Schmidt character is that wishing to preserve and protect these things is equivalent to wishing to hide something illicit or wrongful.

Does my Aunt Mabel really want ANYONE to know that she smears haemorrhoid cream on her nether regions every day? I don't have an Aunt Mabel, but hopefully the point is made.

Preserving and protecting the dignity and privacy of individuals is not the same as trying to hide something. Let Schmidt put his money where his mouth is and install webcams in every room in his house. Let ANYONE see what he and his family are doing.

After all - he's got nothing to 'hide' has he?

Fibreless fibre optics developed by US Air Force

Bumbling Fool

DoS Attacks

"What people are saying is that while quantum encryption is self-detecting, it does nothing to stop someone whose goal is simply to DISRUPT the communication. After all, in battle, sometimes a message disrupted is as bad as a message intercepted."

Absolutely and QKD systems are vulnerable to DoS attacks, but because the quantum and conventional channels do not have to share the same properties, ensuring a successful DoS attack on one is not necessarily equivalent to ensuring a successful Dos attack on the other - it certainly can be. Disrupting the quantum channel without disrupting the conventional channel ensures that keys cannot be distributed but does not stop the conventional communication.

But if your intent is to simply disrupt the conventional communication then no amount of crypto is going to prevent that. I haven't yet seen a key distribution system or crypto algorithm for fibre communications that is proof against a JCB.

Bumbling Fool

Quantum Hokum?

Hughes (amongst others) has been working on free space quantum key distribution for some time. The original idea, invented by IBM and the Uni of Montreal, was demonstrated using free space optics over a distance of about 30cm. At that time they didn't think it would work in fibre. A collaboration between BT and the Defence Research Agency (now Qinetiq) established that the technique could be made to work in fibre. Fibre systems can now reliably establish keys over about 150km and free space systems (both commercially available) have managed around 30km (the best I last heard of).

Calling the thing quantum encryption is a misnomer because it's basically a key distribution system in which the laws of physics guarantee the security of the key (provided everything has been set up right of course - there's more than one way to skin a cat). The key can then be used either in conventional symmetric crypto systems or, if the quantum key rate is high enough, in one-time pad systems which provide perfect secrecy.

The idea is that the key information is transmitted in a single quantum state. The security is provided by a clever use of, effectively, the Heisenberg uncertainty principle. The information being randomly encoded in one of two complementary bases. Precise measurement of one basis will destroy any information about the other - so if an eavesdropper gets the coding basis wrong she'll destroy the information contained in the actual coding basis.

Bits that never reach the reciever never form part of the key so the system is robust against loss. If the error rate, caused by an eavesdropper, or some other physical disturbance, is too high then a key cannot be securely established. But below a certain error rate a secret key can be established with precise limits known about how much information could possibly have been leaked about the key to an eavesdropper. This information leakage can be made arbitrarily small by sacrificing enough key bits.

The comms requirements on the quantum channel are different to those needed for the conventional communication. if you're going to use a symmetric algorithm (say 256 bit AES) then you only need to establish 256 bits of secret key. When this has been established you can use any channel you like to send your encrypted communication hopefully at a much higher data rate.

The security of QKD depends upon a number of factors

- the ability to generate, modulate, and measure single quantum states

- a true random number source

- establishment of an authenticated channel between sender and receiver

- the assumption that the laws of quantum mechanics cannot be violated

In a battlefield scenario, for example, the ability to send keys over free space could be quite useful. The beauty of QKD is that it also allows extremely rapid update of key material - giving it the ability to be used as a technique for securing sessions without the need for dependence upon a more secure 'master' key. Of course, one still needs to have established the necessary authentication mechanism, otherwise man-in-the-middle attacks can be performed (although technically difficult).

In terms of future threats then QKD may well prove to be an interesting alternative to conventional methods of key distribution, particularly when quantum computers start biting. With a well-designed algorithm the fastest form of attack is exhaustive key search (that's the design requirement). Quantum computers effectively can only reduce the key size by a half (the best they can do in search techniques) so QKD systems will remain secure against quantum computers, provided they don't use asymmetric crypto techniques based on factoring or discrete logs for their authentication.

Ralph Lauren says sorry for incredible shrinking pelvis

Bumbling Fool

I seriously don't get it

It's all a big puzzle to me.

I don't know very many blokes who are attracted to these stick insects - yet look in the pages of almost any catalogue and the models are like twigs. They look ill, under-nourished, most definitely NOT attractive, and, well, just plain wrong.

So given that so few blokes actually find this emaciated look sexy or attractive - indeed most seem to find it quite ghoulish - why does the fashion industry persist in this nonsense? Why do so many teenage girls seem to think that having arms and legs that look like they'll break in the slightest breeze is actually desirable?

Beats me.

I believe the position of the average bloke can be summed up in usual laddish fashion by "more cushion for the push'n" - who wants to make love to a lampstand?

Government swiftly backpedals on vetting scheme

Bumbling Fool

@Paedofile checking MUST go ahead

pienmashfilms wrote : "I can’t see the problem with vetting all people that have contact with children who are not their own - in a professional or semi-professional job."


"So these excuses for denying children their statutory human right of protection in these areas are verging on outrageous"


. . . . and most people would agree with you that **some** system of vetting is reasonable and appropriate and (ideally) provides **some** measure of assurance and protection.

The main criticisms aren't to do with the principle of such a scheme - but the cack-handed and inept implementation of the bizarre system they're putting in place.

Don't confuse the objections to THIS scheme with objections to ALL schemes.

No-one has said that children shouldn't be protected - what is under serious question here is whether the method they've chosen actually does what it says on the tin. In fact cogent arguments have been put forward to suggest that this particular scheme may be more harmful to children in the long run.

Ditch this scheme - come up with a better vetting solution that might actually benefit our kids - that's the general idea of the arguments here.

The cost argument has been interesting - there are obvious upfront financial implications of this scheme - but what has been persuasively argued on here is that there are a plethora of hidden costs that have been ignored (either deliberately or otherwise).

As one poster wrote - look up the "broken window" fallacy to see the problems with ignoring the overall cost/benefit picture.

Bumbling Fool

@the unasked question

There are a few hidden assumptions that I reckon proponents of the new scheme will jump to when answering this question.

Firstly, that the proposed system **will** actually save lives

Secondly, that it is the **optimal** system

Thirdly, the scheme brings only positive benefits

Fourthly, no child will be harmed as a result of the implementation of the scheme.

Let's imagine the scenario where someone has to undergo vetting, fails and loses his job. No longer able to afford mortgage payments his house is going to be re-possessed, his marriage is under strain etc etc.

There have been tragic cases where some people snap in these kinds of conditions and end up doing something very bad - like killing their wives and children and then themselves.

So in the interests of saving these lives maybe the scheme should be scrapped?

Isn't saving one child's life worth it?

Bumbling Fool

This has to be a wind up?

"the case worker will examine... 'predisposing factors', such as 'those factors relating to an individual’s interests or drives'; 'cognitive factors', such as 'strong anti-social beliefs'; and 'behavioural factors', including 'using substances or sex to cope with stress or impulsive, chaotic or unstable lifestyle. Drug use, sex life, favourite films."


So you have some 'case-worker' making a moral judgement on a person's lifestyle - on what basis?

predisposing factors?

cognitive factors?

behavioural factors?

And how in the name of holy f**k are they going to get this information?

What professional qualifications or experience will the 'case worker' have for forming an assessment based on such information?

What is the evidence anyway that the existence of such 'factors' necessarily imply that an individual is a danger to kids or others?

My flabber has been well and truly gasted. I knew this scheme was half-cocked - but this is absolutely unbelievable. The ramifications and implications of this are really quite sinister.

Home Office shifts feet as vetting database looms

Bumbling Fool

There has to be **some** system

I don't think many would disagree with the principle that there should be some check made on those who have frequent contact with children. As a parent I'd like to have some measure of assurance in the people my kids interact with.

But it seems to me that it's actually quite a difficult thing to get right, and despite my deep misgivings about the current vetting schemes in the UK, I'm not sure I have a better, or more effective proposal.

What seems to be lacking in the discussions I've seen, and that's not a criticism of the comments on here by the way, is evidence. What is the extent of the problem? Just how much at risk are our kids under the old system? How does the new system mitigate that risk?

The current scheme seems like a bit of a sledgehammer cracking a nut. I know the media have turned us into a paranoid society where pervy men lurk round every corner just waiting to abduct and abuse our children - but just how accurate is this perception? Not very, I would suggest.

And that's the problem - these measures seem more designed to lower the **perception** of risk without doing very much to lower the **actual** risk.

Just because someone has a criminal record does this make them a danger to our kids? Doesn't it rather depend on the nature of their previous offence or offences? So whilst an employer might well baulk at employing someone who, as a youth, was nicked for a spot of burglary, does this automatically mean that they are a danger to kids?

It seems that the CRB system and the enhanced system for protection of our kids are quite different and with quite different purposes. Maybe I've misunderstood the proposals, but it seems that the enhanced checks are not particularly well targetted.

And as for the inclusion of hearsay and allegation - well the mind just boggles. What moron thought that this was a good idea? I despair at times.

So yes - let's have a vetting system by all means - but for heaven's sake, the crude scattergun approach that will be implemented is just plain idiocy. Our kids deserve better than the current set of blithering idiots that seem to be running our country. But some of these people are not stupid - far from it - which does make me wonder about hidden agendas here, and I'm not normally one given to conspiracy-style reasoning.

We need some system of vetting, but it has to be reasonable, proportionate, targetted, and efficient. I'm pretty sure, given the evidence and requirements, most of the folk who read El Reg could come up with a better system than the government is going ahead with.

German Pirate Party MP charged in child porn case

Bumbling Fool

@I don't think our views are that far apart

No, probably not - I think there are dangers with certain 'laws' - witness the complete clusterfuck surrounding the anti-terrorist legislation (amongst other things) and the imaginative interpretations of it that seem to have been applied by plod to restrict everyday, normal activities. As you say . . .

"It is the idea that we need the state to have certified us to be trustworthy (and charged us for the certificate!) before we can trusted that I object to."

However, I really don't think the possession of child pornography really falls into this category. These are images of actual, real child abuse - with real victims and if you've ever met a victim of child abuse you'll know the deep and lasting harrowing pain that it invariably causes.

Clamping down on these images isn't some attack on civil liberties, or restriction of freedom, but a real, determined and genuine effort to prevent the appalling suffering that is the consequence of child abuse. We could argue about whether 'using' such images constitutes abuse, or a crime, but in my book anything that helps to discourage the perpetrators has to be good.

Some things have to be the subject of legislation and safeguards - working with hazardous chemicals, research into radioactive materials etc etc. Who else but the government should make the decision on who can be trusted?

But as with all things there is a balance to be struck - with things like the anti-terrorism legislation and the enhanced CRB vetting checks we may have tipped that balance a bit too far in the wrong direction.

Have a good weekend too.

Bumbling Fool

but he isn't 'innocent'.

"What is worrying following that argument is that once something is declared illegal, it cannot be questioned, as the mere act of questioning it is assumed to put you in breach of said illegallity."

Well I'm not 100% sure of German law, but let's suppose it's pretty much the same as in the UK on this issue. Possession of these images is illegal, unless one has authorisation (i.e. any professionals who are duly authorised to possess these images for the purposes of their profession). No ifs or buts.

Possession of these images, which is not disputed by this MP, is not the same thing as questioning. Question the law by all means - but you don't question the law by breaking it (leaving aside thorny issues of repressive regimes and freedom of speech and other things like that).

I totally agree with the principle of innocent until proven guilty. However, in this instance the man has admitted his guilt. He is in breach of the law by possessing these images - and is claiming an exception because he was doing 'research'. I stress again, possession of these images can in no way be construed as 'questioning' the law.

Even his claim of 'research' is somewhat dubious. If he was interested in researching legal issues surrounding these pictures - then one has to ask why he didn't approach the appropriate people, with the relevant expertise and authority, so that a more comprehensive research exercise could be performed. Or maybe he had another motive?

The balance of probability, on the facts before me, leads me to suppose his research was in the area of the effectiveness of wrist strengthening exercises.

Bumbling Fool

No, I'm not kidding

"Research has to be sanctioned? Since when? Who is high enough, powerful enough to sanction such research? Where....come on, out with it?"

So you don't think that research which involves doing something that is technically illegal has to be channelled through the appropriate authorities?

Tell you what, why don't you conduct independent research that involves keeping a large quantity of heroin? Perfectly legitimate, according to you, and something you wouldn't need to have permission to do?

I have worked on child protection technologies and I have had some contact with those who know and who are actively involved in investigating these crimes. It is most definitely NOT acceptable for some individual to claim to be conducting independent research. I'm well aware of the statistical studies and analysis of these images - maintaining a database of existing images so that potential new cases of abuse can be investigated (amongst other things). However, this research is done by professionals with the appropriate skills and authorisation to access and investigate illegal material - and not by some amateur.

I think it's you who has to 'learn', my friend.

Bumbling Fool

If I had a Pfennig

for every time someone claims to be conducting 'legitimate research'. In what capacity? Oh yes . . . . .

"Tauss admits to possessing the images, but insists he was merely conducting legitimate research aimed at breaking up a child pornography ring in his capacity as a lawmaker."

Clearly this 'research' wasn't officially sanctioned, or through any of the recognised bodies who actually have some expertise in investigating this stuff, but just as a freelance interest.

Now this 'lawmaker' might, one presumes, have sufficient awareness of the sensitivities of the issues to go through the proper channels if this was a legitimate investigation. The fact that he didn't is significant.

But perhaps more pertinent is what he thought he could bring to the table. What expertise in breaking up these rings does he have? Network forensics? Image analysis? If we add to this his interest in anti-censorship then I don't know about anyone else, but it smells fishier than a month old haddock to me.

Research? Possible but somewhat implausible. He's either criminally stupid in not getting official sanction for his activities, or more plausibly simply a criminal.

Florida cops cage 'Dracula'

Bumbling Fool

With 'added' bite?

Methinks the clue is in the title.

This looks like a photoshop job to me.

NZ woman sacked for SHOUTY EMAILS

Bumbling Fool

@It's not 'supposed to be convention'

I agree with much of what you write here. It's kind of the point I was making. Given the great variety of expression and nuance that face-to-face communication affords it can be difficult to properly assess the written word - and it seems misunderstandings abound when we try to communicate via electronic methods.

What I question is the AUTOMATIC assumption (by convention) that capitalisation is the equivalent of shouting, or being rude. Here I've used it for emphasis, and I would hope that all but the neuronically challenged would understand this from the context. Even if, upon appropriate consideration, we do indeed decide a particular capitalisation constitutes a 'shout', it remains to determine what kind of shout it is. Angry? Exasperated? Aggressive? Emphatic? Jubilant?

As you've mentioned, context is everything. Even if the lady in NZ deliberately intended to 'shout' in her email we still don't know the full context. Maybe it's a lot of hassle to her to sort out late timesheets and she was exasperated. Maybe she was trying to be a bit playful and trying to convey some humour. We simply don't know. Even with the accepted convention I don't think we can jump to conclusions. There's certainly not enough there to suggest she was being rude or impolite.

If 'most' people consider emails in capitals to be 'rude' then I'd suggest 'most' people need to get a grip and some perspective. They're just some words on a page written in a different case, for heaven's sake.

I know some people take offence at the strangest things, but we each own our own feelings of offence. We can choose not to be offended if we want to. There certainly isn't a deterministic relationship between comment and offence. If people choose to adopt the convention that capitalisation in emails is offensive and rude, then I guess it's something we'll have to live with, but it really does seem to be a hugely trivial thing to get worked up about.

Bumbling Fool

There must be more to life than this

Peyton wrote : "To most of us, it's discourteous, impolite, and unprofessional. Does that make better sense?"

No. Do people not exercise their judgement anymore? Has email rendered us incapable of 'reading between the lines' and appreciating variety, human expression and personality, or even finer subtlety and nuance? Does everything become black and white the moment it's committed to an electronic format?

If I'm turning a funny shade of purple and your ears are bleeding, it's a fair bet I'm shouting (rather aggressively) at you. If I'm simply talking to you these side effects won't be in evidence.

Are there no shades in between?

Do we get on the internet and think "lower case - reasonable, upper case - mad shouty bastard"? Just because it's supposed to be 'convention' that upper case characters are 'shouting', is there still not room for applying a little common sense and thinking for ourselves?

It reads to me like the lady in question was merely trying to emphasise the importance of something - not being rude, impolite, or offensive. Like I said, if I was an employer I would be seriously questioning the judgement, maturity and emotional stability of those who got their knickers in an etwist over a few capitals in an email.

But, as has been mentioned, I suspect there's more to this than just a case of misguided capitalisation.

Bumbling Fool

Never quite got this 'shouting' thing . . . .

I know it's considered to be 'shouting' when capitals are used - at least that's the convention, but do grown-ups seriously get all upset when they receive an email that's in capitals? Do those who are reduced to apoplexy when faced with an overabundance of upper case characters have this vision in their heads of someone actually shouting at them? (I'd like to emphasise the word 'actually' here - but if I put it in capitals I'm afraid some eejit may get upset because I'm 'shouting', apparently).

Text in capitals is a bit of a pain to read, admittedly, but I'm at a loss to understand why people get so upset. Lord only knows what these fragile types would do if someone really did shout at them.

There must be more to the reported story than this person simply firing off a few emails in the wrong case - surely to God? Personally, I'd have fired those people who got so 'upset' by thinking they were being 'shouted' at - they're the over-sensitive numpties who need dealing with.