Wednesday, December 21, 2005

Boom Bang a Bang

BBC are reporting that a teenager has been held over 'bomb making', and that "four controlled explosions were carried out".

"Detectives stressed it was not a terrorist incident but believed it was an over-enthusiastic chemistry student."

Apparently we're not a nanny state [one, two, three], but if I recall correctly from my days of being a pupil, the biggest reason why people got into chemistry was to blow shit up, so it's interesting to see a "crackdown" on one of these potential chemists. Teenage boys will always, it seems, have an affiliation with the power to overcome nature and find new inventive ways to make things go bang. Cap guns and an inherent interest in the Anarchist's Cookbook are further evidence that there's something naturally alluring about the way stuff works.

Blair would love to see more scientists on the education enrolement list, but is arresting them (probably increasingly under anti-terrorism laws) the right way of doing it? How many 14-year-old potential chemists will need to be sacrificed (read "victimised" and "media-circused") before the link between perceived popularity of the subject and industrial prosperity is made?

Monday, December 12, 2005

Harsh Realities of Security - Part 1 of 2

Stephanie Schuckers at Clarkson Uni in the USA is investigating the foolproofness of biometric scanners (although only mentions fingerprints, plus I'm sure technology to detect "live" vs "dead" fingers existed already...)

The article reads more like a press release at times, but serves as a good introductory point for some thoughts on niometric technology. Far too many times, "biometrics" is mentioned as a buzzword to conjure up all kinds of sci-fi images based on "not-so-far-fetched" movies and security company marketing campaigns. But there's a very serious reality that sits just out of sight, obscured by politicians' imaginations and lust for infallible technology.

In this "reality", things like costs and human fallibility exist - d'oh. The great thing about writing a sci-fi story is that, well, it's "fi". The details of implementation in an economically-acountable society can be glossed over (not so far removed from reality there, then), and humans act as... well, as you want.

The UK government have made it clear that want as many people using the NIR as possible. This means that "access points" need to be just as equally widespread. Now, the purpose of the card itself has always been somewhat fuzzy - the argument that because biometrics tie an "identity" with a person extends to explain the reason why carrying a card won't be necessary, but also also therefore questions whether the card even need be optional. People don't mind cards, but might start at having things scanned all the time instead.

So the card is optional, technology-wise, but is set as a "limit" in terms of acceptance. Now when the scheme comes in, you're obviously going to want card-readers wherever proof of ID is needed - just like we have credit-card readers everywhere currently. In terms of relative cost, I suspect this won't be too much. It'll still be a large sum, but relative to part 2, it's not so bad. Card technology is (I assume) pretty simple and cheap, compared to the more complex biometric technology. The majority of card costs will likely be in the development of anti-forgability measures (although I'd love to see figures for the breakdown of card development).

But I can foresee situations where simply checking the card that someone is carrying won't be enough, and that an optional biometric scanner will be brought in - extra checks for added security for instance (e.g. Police checks), or because the validity of the cards is questionable after some time perhaps (the race against technology), or maybe even just to make it easier for people who forget their card a lot.

So we end up with a dual-verification system, which is important as it provides a dual-vector mode of attack against the system. To return to costs, biometric systems are more likely to cost more. In a public-sector environment, this isn't generally a good thing - budgets are getting tighter and "efficiency" remains on the lips of most.

It's worth mentioning now that there is a "good" reason why so many computer systems are, and remain, vulnerable to crackers - because securing a system isn't good value-for-money. If security is good, then no-one will notice - nothing will have changed after an attempted attack, and nothing will look different to before the attack. You are, then, paying to "get" nothing, as it were. Hence, people spend the cash on things that people can see does make a difference, and security gets forgotten about.

This principle applies on a micro level as well though. In an environment where efficiency and cost-cutting often seizes the rudder, expensive bioemetric systems can be a burden. But the hype around the system - the push to ensure that the system gets used so that the government doesn't look foolish - will mean that people will want to/attempt to implement a biometric channel as well. The end result of all this is that we will have some systems that have a "standard" card-reader validation channel, alongside a "cheapest-option" biometric validation channel.

As the article above points out though, there are different levels of biometric validity. And just as with all products, a range of functionality will likely be offered by the biometric equipment vendors, the cheapest probably being of the "90% false verification rate" set, and the most expensive being, perhaps fool-able 0.01% of the time (a completely random assumption, but no system is foolproof). Given the afore-mentioned budgetary constraints, which end of the scale will most public bodies go for, do you think?

If the government are taking their concerns about identity theft seriously, on a national basis, then this clash between security and economics needs to be taken seriously. To date, I've not heard any minister address anything like the issue. Inspire confidence?

Part 2, to follow later (I have a talk on hacking to go to...), will look at the more human aspects of validation.

Thursday, December 08, 2005

Define "protest"

Via CuriousHamster, a BBC article abouta peace campaigner getting arrested after reading out the names of soldiers killed in Iraq and, um, ringing a bell. The problem was that she did it at the Cenotaph in London, covered by the Ring of Silence around Whitehall (imposed to (unsuccessfully) remove Brian Haw).

The intent of the law - banning protests where politicians might see - is dubious in itself, but this case also tests the understanding* of what constitutes "protest". Here, the fuzzy line between protest and "remembrance" is being explored - with the outcome observed.

It's one thing (although an arguable thing) to ban protests based on, say, security measures or disruption of daily lives. It's quite another to mark something as a crime purely because the effects aren't liked by the lawmakers. This is the creeping death of both politics and morals in this country - that the wishes of the politicians can become law on that ground alone and for that end solely, rather than because they represent public interest. This is why it becomes ever more important to question the things that people say we shouldn't be questioning.

* Rather than "definition". I suspect (I'll check later) that "protest" has a particular - and sufficiently broad - legal definition under the SOCPA, but what I'm interested in here is the common understanding of what laws are supposed to achieve. Hence I use the word.

Wednesday, December 07, 2005

The Information Identity Age

The Forest Suite of the Quality Hotel in Brighton yesterday saw an interesting "showdown" between Andy Burnham and Peter Tatchell the audience. A few interesting points and thoughts coming off it which I hope to blog properly later. Audio should also be available some time in the future.

In the meantime, my quote of the day goes to Burnham himself in his answer to a written question:

"no quantifiable benefits connected with online fraud have, as yet, been claimed with the scheme's benefits case."

Addendum: Why is Technorati ridiculously off-the-ball?

Tuesday, December 06, 2005

Transparent CCTV

2 men charged with voyeurism after they allegedly used CCTV to spy on a woman going to the toilet, and undressing in her bathroom. Ironically, their actions were caught by a CCTV camera in the CCTV monitoring room, lending hints of an answer to that age old question, "who watches the watchers?"

There are 2 - closely-related - "feedback" aspects of Bentham's Panopticon that tend to get ignored in its usual mentions, but that are mentioned by Foucault in Discipline and Punish.

First is that the "observability" inherent in the architecture/technology makes it easy for anyone else to assess the performance of the system, and to judge not just its effects, but also the actions and efficiency of the "director" (as Foucault puts it) - the watcher, in this case. (p.204)

Secondly, this "transparency" relies on the idea of "accountability", which can be thought of as an institutional choice to allow external observers (the "meta-watchers" here) unrestricted and, more importantly, unexpected access to observe the system at work. (p. 207)

This overall concept of "accessibility" is vital to the functioning of a surveillance society. To see 2 people being picked up on it is encouraging, but unless we confront the debate surrounding it, how can we tell that abuse isn't rife within the system as a whole? If this access is selective (defined according to how easy it is for the monitors to know when their action is being watched, regardless of who may be watching) then there are obvious holes. Similarly, if limited parties are allowed to watch over the system (without, necessarily, watching the content being recorded) then how do we establish a line of trust towards them?

The problem is recursive unless accountability measures are put in place - preferably at an early stage in the chain.

It's also worth noting that many CCTV cameras are directional surveillance, compared to the truly ubiquitous nature of the Panopticon set-up. This has an effect for both the subjects of monitoring (as they can - possibly - tell which direction a camera is pointed in) and the meta-watching (as it's easier to tell what the watcher is looking at - more difficult in a "static", omni-directional system). Either aspect of this will gradually "resolve" as we progress,

"Selling off" the DNA Database

Andy Burnham sets out some details on the future of the National DNA Database (NDNAD), as Forensic Science Service (FSS), the body in charge of it, moves from being a Trading Fund to a Government-Owned Company.

As I don't know much about any of this, I did some quick Googling, which reveals that FSS staff want to retain transparency (back in March, at least). Andy also mentions that - while the overseers of the NDNAD are the Home Office, ACPO, and the Association of Police Authorities - the Human Genetics Commission (HGC) will have its board presence doubled (to, uh, 2 people). I'm not sure how big the board is in total, but as the HGC is chaired by Baroness Helena Kennedy, I'm assuming this is at least a move in the right direction (or to partially offset the move towards being a GovCo).

There's also talk by Burnham that "a new and dedicated ethics group is required to provide independent oversight of Board decision-making", in conjunction with Department of Health support. Perhaps it's worth finding out what these plans actually involve.

Reminder: Perhaps we can ask him when he comes to Brighton this evening, for his public debate against Peter Tatchell. 6.45pm, in the Forest Suite of the Quality Hotel, West Street.

Monday, December 05, 2005

Flame-Grilled Shopper

Brighton doesn't need terrorists - we have teenagers setting light to buses instead. Good-oh.

(will update link once it hits the Argus archive...)

The Worm That Turned (and was caught on CCTV)

Looks like Tony Blair wants to push CCTV into the EU, but is coming up against resistance by France. The case is interesting because of the shared effects of surveillance systems, and parallels with - and contrasts to - the motivations of the web of cameras that covers Britain today.

Blair's reason for cameras (as we have in the House of Commons and Lords presently) is that "opening up lawmaking to increased public scrutiny would help to address the growing gap between European citizens and Brussels."

However, on the counter, French officials "fear that the council could cease to operate effectively. Sensitive decisions would simply be taken in the corridors or outside the ministerial chamber by civil servants, they say."

Whether or not British "decision-making" has been affected after the introduction of cameras is another discussion. For now, I just want to bring attention to this continual clash between accountability, and the ability to make decisions based on confidential truth. We've seen this before, in the guise of OGC reviews for ID Cards. The UK government should be commended for opening up the 2 Houses so well, but it should also be noted that this is to some much extent simple lip service to openness, and that unless the idea is taken yet further, then yes, all that's achieved is a diversion. This is pretty much the same argument "against" CCTV as a placebo for street crime - merely opening people up to observation does nothing to address the values that we would prefer to be inherent in the system.

In a publically-accountable democracy, there will continue to be this idea of "efficiency" vs transparency. I fear, however, that unless we start to push through a culture of transparency and responsibility - beginning with making discussions open to scrutiny, et al - then all we'll get is a dud, biased system in which we have efficiency at the cost of impartial decisions.

I know the French haven't really been on the surveillance bandwagon (up until recently, that is), but that shouldn't stop us from recognising when technology can be used to give more access, and more control, back to the (increasingly aptly-named) "public".

Brown gets all Arty

At 3.30 today, Gordon Brown gives his pre-Budget report. Growth and GDP come up, but for now let's take a quick look at what's in store for the idea of an "innovative nation"...

"Making Britain 'world leaders in science based and creative industries' will also be a key theme. There could be new incentives for investment, possibly including enhanced and reformed tax breaks.

"The chancellor is also set to use the statement to detail a range of new measures designed to boost Britain's enterprise culture. This will include details of new 'enterprise scholarships' which will allow British students to 'learn from the best of enterprise in the US'."

It's obvious that the government want us all to be lovely, lively, creative types so that we can beat the idea-filled pants off other countries. "Economy-Driven Knowledge" is the light at the end of the tunnel, because we've got bugger all else to compete with now. So the big, sky-blue question at the end of the day is "How?"

At least there's some realisation that you can't just force people to be innovative. Which is a pity, as that approach seems to be what the present government loves to do best. A quick clip round the ear if you haven't had a good idea today would fit in well with other equally "strong" tactics. So perhaps this is actually a blessing in disguise - but not necessarily for the government.

I'm going to go out on a limb here, and say that most innovation comes from an individual, independent desire to create - not from financial incentives or threat of punishment. The government realises this, hence incentives for investment rather than motivation - from a top-down perspective, the best thing you can do is to establish an environment in which people can develop their ideas without having to worry so much about the bottom line.

But this is why the "range of new measures" will be crucial to the success of such a scheme. People don't just have ideas because there's money to develop them. And here the idea of "enterprise scholarships" (taking after Police initiatives, no doubt) is intriguing - would these students be going over to pick up lessons on how to get ideas? How to turn ideas into GDP? How to run a "creative" business? All of the above, no doubt. It sounds flashy - "learning" and all that, but will it work? Probably not.

Many people (see, for instance, MacKinnon, Cumbers and Chapman) note that to have an innovative nation (as opposed to simply an innovative individual), you need much more than simply financing and personal ability - you need networking and communication. A large amount of ideas come out of pub discussions more than company meetings, and to make it big, they need webs of support to help others get into the idea, and to foster progress of the concept.

I'm not sure of the level of networking that Britain really has, compared to, say, the US or Europe. We're certainly organised in a very London-centric pattern, with a few "outbreaks" of clustered creativity in a few University towns and cities, and the effect of this distribution should certainly be taken into account when trying to induce a sense of innovation on any level.

I believe we can be creative, but the roots for it are deeper than Gordon Brown and Tony Blair would like - cultural roots, rather than financial ones. We need people doing things out of curiosity and passion, but these days, with purse-strings being tightened all over the shop, there's not a huge deal to maneuvre along these axes.

There might well be some decent ideas coming out in a few hours. We shall have to see.

Friday, December 02, 2005

New addition

Have added The Jarndyce Blog to the blogroll on the right, after some fruitful, intelligent (for once) discussion on Iraq.

Thursday, December 01, 2005

School Bullies

Ruth Kelly has denied that the Government is a bully, after MP Martin Salter resigned as parliamentary private secretary to the Schools Minister, Jacqui Smith.

While Kelly claims that she doesn't "really understand why he's resigned", it seems clear (from the article, at least) that Salter resigned because he was in a difficult position - between representing other MP's views, and simultaneously working within the confines of Labour HQ's plans. Anyone who's been watching UK politics over the last few years - and anyone who's tried to draw my MP on an issue - will probably understand the effects and conflicts inherent in such a situation.

So Kelly doesn't exactly cast any falsehoods when she says:

"I don't think talking to my colleagues and explaining policy to them and listening is bullying ... I think it's a really good way of policy-making."

Of course, everyone's opinion is subjective by definition. However, it's hard to draw the conclusion that Kelly is "listening" with intent, as it were, when Salter has laid out his reasons in public, and which any fule with a brain could read between the lines of.

I am only left to imagine the definition of "explaining policy" as some scheme involving a wooden chair, a length of rubber tubing, one spotlight and 5 large-knuckled grunts. So no, no bullying going on - bullies are far more subtle. When MPs start getting txt messages at midnight "explaining" policy via phone-video-clip, then we might be making some ground.