Posts by Disgusted of Cheltenham

Re: The first question.

What makes it hard to provide serious comment on are notes such as

"For clarity, references in this section to consent are not intended to be read as references to consent as defined under the UK GDPR."

without an indication of what it is supposed to read as. It sounds as if a Minister has promised something that GDPR recital 43 explains is not allowed.

Many other Humpty-Dumpty words ring alarm bells. Surely they can't be too young to remember 'robust' from Post Office Horizon?

How do 'the highest standards of security' come with just 'medium' assurance?

And then there are some numbers to confuse the numerate:

GOV.UK One Login allows people to prove their identity once before using that digital identity to access more than 122 services across government." https://home.account.gov.uk/services-using-one-login has only 53.

Re: unsure whether she would be able to return to the UK

The ETA need has been widely published, but the exception for dual citizens was not. It looks like a mistake as a result of digitization, with failed 'agility' when the issue was spotted. For an Australian to be asked to renounce Irish citizenship to enter the UK (because they might be found to overstay as a visitor when entitled to stay anyway) is utterly daft. Unfortunately, the Home Office is able to point out that it brings UK into line with what Australia demands (for Ireland read New Zealand). Perhaps the Australians could explain why they did this?

Re: The exact opposite of what everyone else in Europe is doing

Prompt and efficient pruning of those not performing acceptably (as viewed by the party) hardly seems to be an affliction.

"not drawing on information available to him from working for the government to provide his new employer with an unfair advantage over competitors" seems irrelevant if no competitors were allowed.

Re: In House Project

That would mean NCSC marking its own homework. The DV is fundamentally about confidentiality: access to classified information. There was a protective marking system 1995-2015), and the techncal part of that would have covered all national systems, but the personnel policy was never updated by the Security Serice to cover threats to integrity and availability. Pick a department that is used to dealing with the public: DWP or even MoD (who do schools, housing, medical, travel as well as shooting things).

Re: TACO time

It was never obvious why there were tariffs against penguins (because US import figures showed millions from an island where nobody had been for 10 years) but not Greenland. But now it's now Iceland, which the US DID give back. IIRC it was invaded by the UK in May 1940, supplemented by Canadians, then essentially handed over to the US to manage in June 1941 - a a good while before the US was at war. US military agreed to leave within 6 months of the end of the war; they left in 2006.

Jerry's last words on that thread in 2014 were:

Once the policy has been fully implemented, PDFs should not be used for collection of data in the way you describe (“completion of forms”).

So why have I just been using pdf P87, R185 and all those other forms from the school of "let us spread this over so many pages in large font for you to print out, sign and return by non-reply-paid-post"?

The PO part of miscarriage has at least been recognised as such; the underlying problem with the way the law works with digital evidence is still with us, and the discrimination encouraged by this and the last government to make landlords and employers favour those with unverifiable digital credentials (their own, someone else's or made up) may turn out to have the PO as just the warm-up act. HMLR's enthusiasm for digital certificates replacing witnesses was bad enough before AI was fashionable.

As for 'jailed pensioners', colleagues facing real hardship because their pensions have not started when they should have done might not be identified as pensioners.

Re: onelogin

Red team gets in undetected would seem quite serious.

https://www.computerweekly.com/news/366623991/Security-tests-reveal-serious-vulnerability-in-governments-One-Login-digital-ID-system

But the tech claims here are more worrying.

Whatever hoops have to be gone trough to get the 'card' it's just a flash-past that could be made by photoshop of probably AI. I cannot rely on your phone, so it doesn't matter what form of security theatre is involved - but from the glacial pace and esoteric style it might be Noh.

As currently presented this is an UNverifiable credential, so for the relying party it's less secure than a nice card with a hologram. There is no checking mechanism.

That doesn't line up with any decent 'trust framework'.

Starting with an unnecessary date of birth is an immediate fail on privacy by design. And were is the impact assessment?

Digitally verifiable credential have been around for a while. Passport NFC has been for a couple of decades (but technically not government), and DVLA got rid of the counterpart paper licence by providing a suitable token: https://www.gov.uk/view-driving-licence

It does not offer discounts or anything else, just potential assistance in getting the relevant credential - railcard or whatever.

Re: A second form of photo ID would be practical for many

A passport is not a right and it's not government as it comes under royal prerogative (as Harry found out when daddy didn't like 'princess' instead of Miss). It can be withdrawn by the courts (eg football hooligans), whereas even convicted fraudsters need a way to pay tax. The number of fraudulently obtained genuine passports is significant.

A GB (sic) Driving (sic) licence (sic) controls the activity, not the person, and is not available to everyone for a variety of reasons. That could be changed, as it has been for the Driver's license in many US states, but surely it would make more sense for the settled status system that is required for (non-Irish) EU residents to be available to all residents (over 13/16/18..)?

The widespread abuse of the Driving licence for purposes for which it was not intended comes from the lack of anything else, with the inbuilt indirect discrimination againt those without ignored because it's said to the user's choice. But the whole thing is backwards because it is the relying party that needs to do the check, not the person asserting the attribute.

Re: Awesome...

There's no mandatory retirement age any more, indeed mostly illegal to exclude on age grounds, and being a pensioner does not stop the need to work, often part-time. (And nice not having to pay National Insurance.) Some old keyboard warriors would not trust our fat fingers to do anything important on a small phone with a sensitive touch-screen, but we increasingly need to hire in help, and becoming a legal employer is just too difficult and expensive (holiday and sick pay, pension, NI and PAYE monthly online).

Re: Have worked on several "bespoke" satellite ground control and on-board systems

or was it JOVEAL: JOe's VErsion of ALgol?

to lose something you have to have it in the first place.

Re: Hum

Foggy Bottom? Bottom is not the word that usually comes with licking.

Re: My hot tip

Maybe someone will publish a cross-grade to switch our working systems from W10 to Ubuntu LTS or something less bloated? (In case you ask, I needed Windows for full 'silverlight' to work from home, but for most people it's just too much trouble to get a Linux laptop since Dell stopped providing it on the low level ones.)

HMRC

The monolithic gov.uk big font simple language never gives confidence that your slightly unusual case is convered as you follow up and down or around until you've completed a circuit, having has to use an outside seach engine that can handle AND not just OR. It's also their mistakes that need to be sorted, which online just doesn't (e.g one computer is working on 52 weeks another on 53 and 4-6 weeks to get from one to the other). It would be good to have a press zero to skip the pious crud about using the wonderous online as you wouldn't be using the phone if you didn't have to. We don't know if there is a 15 minute wait, but I find the staff as helpful as they can be, even if most of the time it's not this number (given online or on the letter that has arrived in the post) that deals with this aspect, and they can't transfer the call but here's the next number to ring and be told the same tales plus assurance that this is not the number for whatever is the currently fashionable problem that too many people are ringing about.

Re: Enough rope?

It seems that once you have been granted a pardon then the self-incrimination exemptions no longer apply. That could make things much more interesting.

Re: Never blame on evil...

Seems you haven't had to deal with DWP. Whilst faster at answering than HMRC, it always seems that you have selected the wrong number or option despite that being the one given in their letter. The helpful person is unable to transfer the call to the right queue, but does have the number you need, so you start again with the recorded encouragement to use online (when only phoning because online hasn't worked for anything complicated), erroneous information on timing, plus an extra minute of don't call us about any of the following topics...

Technically the Irish are good Europeans and have GMT+1 as standard, but go back an hour in winter (IWT Irish winter time), thus keeping in time with the UK all year.

Re: Big if

So when will there be a system upgrade available for home users (without games) to go from Windows 10 to, say, Ubuntu?

Re: It's Widespread - even HMG

https://assets.applytosupply.digitalmarketplace.service.gov.uk/g-cloud-13/documents/709217/287037250953500-service-definition-document-2022-05-17-1441.pdf

Re: And good does not always triumph.

Do you have any evidence for this claim?

Re: Does anywhere in Wales have accented letters?

Malaŵi isn't in Wales, but..

In Cambridge there's St. Bene't's Church

Re: poor redaction

But why redact it anywhere? Unless Docusign will give you the document if you can quote it, what information does it or could it give away? Perhaps it's just someone told to redact the signature and not quite understanding that a digital signature is not the same as a scan of a wet one.

Re: So...

The reports of sloppy development also mentioned that finding this in the equipment they had looked at did not mean it wasn't in that of other suppliers. Note also that the UK was not in the vanguard of bans (just a limit on coverage), indeed HMG only acted when the US export controls on China made it impossible to get repairs, upgrades and fixes.

Re: It's simple really.

Alongside these opportunities, AI also poses significant risks, including in those domains of daily life. To that end,.... (i.e. posing significant risks?)

we resolve to intensify and sustain our cooperation, (i.e. be seen to do something, but not sure what)

All actors have a role to play... (yes, Equity rules. Surprisingly Euro-English)

development-orientated approaches (makes a change from customer)

We encourage all relevant actors to provide context-appropriate transparency and accountability on their plans to measure, monitor and mitigate potentially harmful capabilities and the associated effects that may emerge, in particular to prevent misuse and issues of control, and the amplification of other risks. (The light peppering of commas is always interesting in international paperwork, and a pain for translators. That last comma means amplification doesn't go with prevent - it seems to be provide... accountability...but is certainly unreadable on first pass)

scientific and evidence-based (tautology?)

The countries represented were:

Australia

....

European Union (no, it's not a country, but the footnote indicates

international organisations acting in accordance with their legislative or executive competences.

So which is the other such organisation?)

Re: Ubiquity

The focus on just a single technology remains a bad idea, although cards could be part of the mix as the Irish have deftly done: allowing one of the two forms for the passport allows that travel document to look and feel like an ID card and offers the functionality without igniting panic. A compulsory unique physical token offers scope blackmail and control (e.g. over wives and daughters) that may not have been a significant issue when the German Ausweis was introduced (in the same year the UK wartime ID card was scrapped).

Re: Wrong decision

https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely is, rightly, published and not specific to MPs, officials, nor any other group of folks who would prefer not to be ignored.

Re: Proof???

GCHQ's early published comments on Huawei kit gave specific examples of very sloppy and insecure programming, but also noted that this did not mean it was worse than that from any other source since the others had not been scrutinised to the same level of detail. For more recent see https://www.ncsc.gov.uk/information/hcsec-ob-report

It's worth recalling that the UK ban came in response to the US/Trump controls which would make it impossible to repair the infrastructure.

Re: How many engineers does it take to change a light?

Once upon a time the Swedish lights had amber+green before green, but they had to change to comply with the Common Market. For a really clever system, badly implemented, look to Quebec, where the shape of the light can be used by the colour-blind: Square red, triangle amber, circle green. It would have been much safer to have a red circle to avoid the rest of the world's red circles being mistaken for go. Presumably zero engineers involved in that choice of light change.

Re: The law on signatures

See also Stephen Mason's work, freely available from

http://ials.sas.ac.uk/about/about-us/people/stephen-mason

Re: "the holdup is due to DCMS having failed to notify the European Commission in time"

The 50th was on a Monday, and what would have been the first May 1 bank holiday to be on May 1 was switched to Monday 8th. Perhaps you should put 100th in the diary now; banks may be a thing of the past by then, but I imagine we'll still want the holidays.

Re: What schools are for

But there are a few things that could be done. Teaching touch-typing, for example.

Re: Estonia

The Estonians have kindly provided their service to anyone else who wants it, and in English...

https://e-resident.gov.ee/

Re: Really?

And how else do you use an employer's system that calls for silverlight?

Re: Suggestion for a new name

Just Merde.

Re: a salary of up to £65,535

Surely you would want a bit more?