What keeps me mad throughout the ongoing corporation tax bunfight is that I agree with no-one.
On one [typically right] side, there is the argument that companies such as Amazon, Vodafone, Starbucks, Google, etc, etc... should not be criticised because they're only doing what they are obliged to do: minimise their tax bill.
Fair enough, but we live in a democracy, so claiming they shouldn't be criticised or the subject of peaceful protest is a bit far fetched. If enough people feel aggrieved enough to protest outside a shop then in a civilised democracy there's not much we can or should do.
On the other [largely left] side there is the view that such companies are not pulling their weight and should contribute more.
Well, I don't agree wholly with this either.
Many (but not all) of the companies criticised have a UK workforce and end up paying considerable sums in employer's tax (AKA employer's National Insurance contributions) at around 13.8% of salary, plus provide employment (useful, right?) and hence generate even more tax through PAYE paid by their employees.
The trouble with corporation tax in a global economy is that it is unfair to many smaller, local firms; in that they cannot afford the set-up costs of an offshore headquarters to launder their profits through.
Competition theory largely states that governments should encourage entrepreneurship and regeneration to keep the markets competitive; a market which makes it hard for new entrants tends to get lazy, with the incumbents carrying on as before, unchallenged.
But non-global new entrants find it hard to challenge the global giants if they end up paying more tax - until they get big enough to avoid tax. Get the idea? The market becomes skewed against the new entrants.
So one answer - and the left won't like this - is to get rid of corporation tax altogether.
But this creates a new problem. Not all companies provide such large returns to the exchequer through employment taxes. E.g. city fund managers may rake-in millions yet employ a handful of staff, whilst large retailers such as Marks and Spencer, Tesco, etc each employ tens of thousands of workers.
So to me the answer appears obvious. Companies should be allowed to offset their corporation tax bill against their total employer's Class 1 National Insurance contribution.
Essentially many companies making modest profits yet already paying millions of pounds a year through employment taxes would be exempt from paying any corporation tax, yet companies who didn't employ many UK staff would be left with a largely unchanged corporation tax bill.
This would perhaps have a secondary advantage of making it more attractive to employ UK staff, as the employer's tax - widely seen as a disincentive to employment - would be offset against corporation tax.
And, importantly, it would allow smaller, growing UK firms who choose to have UK-based staff to pay corporation tax on a similar rate to the global giants.
@JamesFirth
Friday, 17 May 2013
Tuesday, 14 May 2013
The Data Plutocrats and a need for a Data Democracy
Yesterday certainly wasn't the first time someone opined the term privacy was counter-productive in relation to data.
"Privacy" is a one-sided open-ended discussion about risk with no consideration of reward.
"Privacy" is an amorphous concept easily spun by proponents of one side or the other.
Privacy: is wholesome, positive, for victims of crime themselves becoming victims of press intrusion; or, privacy gives terrorists and child abusers the space they need to hide amongst us in society.
Discussion about data privacy and related topics could, perhaps, be more constructive if framed as a discussion about balance of power.
After all, privacy primarily concerns us because of our fear that our secrets can be used against us, creating an "information asymmetry" (ht @OrwellUpgraded) that could be abused by the nefarious and amoral.
So should privacy advocates instead be arguing for a data democracy?
Taking a step back, democracy is not a goal in itself. The end game is a comfortably stable, affluent and sustainable society; which, if one trusts in the inherent good in human nature will itself be a fair and just society.
Similarly, in data terms, we want a society where we are all "data wealthy" - ie have access to information, communications, entertainment; and benefit from the resulting advances in science, medicine, etc only possible through smart use of data.
We want relative stability - a society nimble enough to keep pace with advancing technology, yet resilient enough not to be cajoled into dangerous change.
We want a just and fair society where individuals, corporations and governments can't use our personal data, our everyday secrets, to exert undue control on anyone.
Democracy is probably the best place to start - at least in analysing and attempting to understand the problem.
Today we probably have a data plutocracy, where data power is concentrated in the hands of a few global corporations.
No-one knows for sure whether this itself is inherently dangerous.
Data power has certainly been used for good: the rapid emergence of useful services, the construction of data infrastructure on a truly massive scale, a level of free "social" services.
Data plutocrats like Google provide services like Blogger, which in turn strengthens the power of the individual to challenge traditional autocracies and, for the time being at least, discuss the issues associated with a data plutocracy.
But clearly such concentrations of data power could easily be abused; either by sticky-fingered employees dipping their hands in the data till, by governments, or by corporations themselves in search of profit.
So maybe we should be looking to promote data control structures and data economies that are inherently more democratic.
But how can we go about understanding the data power balance?
I believe we'll find, over time, that many democratic (and economic) concepts are applicable to data.
Already I see a clear left-right political spectrum, at one end "the state" or other controlling force being responsible for administering and apportioning "data fairness" if you like. The "clean internet" brigade - a worthy cause... But, as we all know, some data animals are more equal than others. Who governs the governors, who watches the watchmen?
And at the other end, the right-libertarians, who argue the state should not interfere, leaving the question of who will protect the "data weak"? Who will guard the technologically incapable from losing out when real-world services increasingly rely on the internet? Who will provide their broadband, guard their personal data, and defend their computers from hackers?
Over the last two decades the data privacy debate has entered the mainstream - that itself is a good thing, but it's now time to move on to talk about the wider issue: a data democracy.
@JamesFirth
"Privacy" is a one-sided open-ended discussion about risk with no consideration of reward.
"Privacy" is an amorphous concept easily spun by proponents of one side or the other.
Privacy: is wholesome, positive, for victims of crime themselves becoming victims of press intrusion; or, privacy gives terrorists and child abusers the space they need to hide amongst us in society.
Discussion about data privacy and related topics could, perhaps, be more constructive if framed as a discussion about balance of power.
After all, privacy primarily concerns us because of our fear that our secrets can be used against us, creating an "information asymmetry" (ht @OrwellUpgraded) that could be abused by the nefarious and amoral.
So should privacy advocates instead be arguing for a data democracy?
Taking a step back, democracy is not a goal in itself. The end game is a comfortably stable, affluent and sustainable society; which, if one trusts in the inherent good in human nature will itself be a fair and just society.
Similarly, in data terms, we want a society where we are all "data wealthy" - ie have access to information, communications, entertainment; and benefit from the resulting advances in science, medicine, etc only possible through smart use of data.
We want relative stability - a society nimble enough to keep pace with advancing technology, yet resilient enough not to be cajoled into dangerous change.
We want a just and fair society where individuals, corporations and governments can't use our personal data, our everyday secrets, to exert undue control on anyone.
Democracy is probably the best place to start - at least in analysing and attempting to understand the problem.
Today we probably have a data plutocracy, where data power is concentrated in the hands of a few global corporations.
No-one knows for sure whether this itself is inherently dangerous.
Data power has certainly been used for good: the rapid emergence of useful services, the construction of data infrastructure on a truly massive scale, a level of free "social" services.
Data plutocrats like Google provide services like Blogger, which in turn strengthens the power of the individual to challenge traditional autocracies and, for the time being at least, discuss the issues associated with a data plutocracy.
But clearly such concentrations of data power could easily be abused; either by sticky-fingered employees dipping their hands in the data till, by governments, or by corporations themselves in search of profit.
So maybe we should be looking to promote data control structures and data economies that are inherently more democratic.
But how can we go about understanding the data power balance?
I believe we'll find, over time, that many democratic (and economic) concepts are applicable to data.
Already I see a clear left-right political spectrum, at one end "the state" or other controlling force being responsible for administering and apportioning "data fairness" if you like. The "clean internet" brigade - a worthy cause... But, as we all know, some data animals are more equal than others. Who governs the governors, who watches the watchmen?
And at the other end, the right-libertarians, who argue the state should not interfere, leaving the question of who will protect the "data weak"? Who will guard the technologically incapable from losing out when real-world services increasingly rely on the internet? Who will provide their broadband, guard their personal data, and defend their computers from hackers?
Over the last two decades the data privacy debate has entered the mainstream - that itself is a good thing, but it's now time to move on to talk about the wider issue: a data democracy.
@JamesFirth
Monday, 13 May 2013
Marks and Spencer latest victim of automated content filtering
Your can forget using Marks and Spencer's free ecard service if your friend is called Dick (or, presumably, lives in Scunthorpe).
After reports that a pensioner was unable to send a card to her friend Dick due to the firm's automated profanity filter, a spokesperson claimed the filter was there "to protect people from harassment" and consequently would not be altering their policy.
Which got me wondering how much protection their automated system offered...
There's a serious point: time and time again I see a reliance on automated content blocking to offer some level of "protection" that impacts legitimate uses of the system whilst being relatively easy to workaround.
In this case I could harass someone simply by spacing-out the insults.
If the service provider then tried to catch insults with spaces in between they would undoubtedly end up blocking even more legitimate uses, like a card to my good friend* Alf Ucker.
I have no issue with companies like Marks and Spencer using such content filtering to warn people against a thoughtless use of offensive language, but to claim such systems are there to protect people from harassment is a stretch - especially since, as I have shown, they can't stop all offensive messages getting through.
(* = imaginary!)
@JamesFirth
After reports that a pensioner was unable to send a card to her friend Dick due to the firm's automated profanity filter, a spokesperson claimed the filter was there "to protect people from harassment" and consequently would not be altering their policy.
Which got me wondering how much protection their automated system offered...
Here's an ecard I sent to myself that didn't get blocked (forgive my childish use of language):
There's a serious point: time and time again I see a reliance on automated content blocking to offer some level of "protection" that impacts legitimate uses of the system whilst being relatively easy to workaround.
In this case I could harass someone simply by spacing-out the insults.
If the service provider then tried to catch insults with spaces in between they would undoubtedly end up blocking even more legitimate uses, like a card to my good friend* Alf Ucker.
I have no issue with companies like Marks and Spencer using such content filtering to warn people against a thoughtless use of offensive language, but to claim such systems are there to protect people from harassment is a stretch - especially since, as I have shown, they can't stop all offensive messages getting through.
(* = imaginary!)
@JamesFirth
Tuesday, 7 May 2013
The Tech Chasm Series: 1. The Delivery Window
Over the last 20 years technology has changed so many aspects of life it's now hard to imagine a time when flights had to be booked in person at a travel agent and a vandalised phone box was a good enough reason for not letting your parents/partner/butler know you were going to be a bit late home.
But in some areas a technological overhaul is well overdue, leading to a widening chasm between the theoretical capabilities and the practical application of technology.
1. The Delivery Window
The list of items that can't be [legally] ordered online for home delivery can be written on the back of a Royal Mail "I'm sorry we missed you" delivery card, yet few delivery firms provide a delivery window smaller than ten hours.
In fact you're lucky to get word of a delivery before you've missed it, with many firms relying on drivers themselves to give notice of delivery by buzzing your doorbell, before deploying a missed delivery card worded to make you feel like a naughty schoolchild late with a homework assignment: 'You have one more chance to receive these goods'...
I'm sorry for putting your driver out by not waiting by my door for the entire estimated delivery window of 1st May-7th May. Next time I will help your driver by driving myself to PC World, running the gauntlet of credit offers at 26.3% APR and over-priced extended warranties costing nearly as much as a replacement laptop, only to find what I want is out of stock - but can be dispatched immediately for home delivery...
Now where was I...
Oh yes, once upon a time the avid mail-orderer needed to know the location of just 2 buildings: the nearest "main" Post Office and the local Parcel Force warehouse.
Today, each expedition is a veritable adventure; a 60-mile round trip to the "local" depot for Generic Delivery Services Ltd whose postcode, at least according to any satnav on the market, is just far enough away from the actual building to render your chance of getting to the collection office after work before it closes about as good as getting the full delivery charge refunded from the vendor if the delivery ends up boomeranging back because you failed to collect the package within a week.
That's assuming your package made it back to the depot, unlike the soggy books inside the soggy cardboard box left on my doorstep last October...
Or the pillow thrown over the gate - of the wrong house! Eventually finding its way to its intended recipient a week after the replacement had been delivered - and returned.
Are we to believe that tracking a parcel within these delivery operations is computationally impossible? At least given the computing power of a ZX Spectrum (with 48k Ram Pack and ZX Microdrive)..
Granted, we have an extremely complex problem: a parcel at location A needs to get to location B, and the recipient R needs to be notified somehow.
You'd have to request their email address and everything...
Plus you'd need to know how long it takes for a parcel to reach the trunk network, travel the trunk network; I mean, it would take some effort to plan shipping routes and schedules (rather than leave them to the driver's discretion, as I assume they must do now), collect actual data - maybe even build a database if it doesn't all fit on a Microsoft Excel spreadsheet...
And provision delivery vehicles with the latest state-of-the-art satellite technology - or at least ask delivery drivers to keep their phones switched on whilst working.
Maybe NASA could help? After all they seemed to predict the landing time of Curiosity on Mars to a better accuracy than Rural Link Express can track a parcel from Manchester to Woking.
Is it really that hard for a company the size of a small country to divert some of the money it saves avoiding tax in to technology that lets its customers know with reasonably accuracy:
@JamesFirth
But in some areas a technological overhaul is well overdue, leading to a widening chasm between the theoretical capabilities and the practical application of technology.
1. The Delivery Window
The list of items that can't be [legally] ordered online for home delivery can be written on the back of a Royal Mail "I'm sorry we missed you" delivery card, yet few delivery firms provide a delivery window smaller than ten hours.
In fact you're lucky to get word of a delivery before you've missed it, with many firms relying on drivers themselves to give notice of delivery by buzzing your doorbell, before deploying a missed delivery card worded to make you feel like a naughty schoolchild late with a homework assignment: 'You have one more chance to receive these goods'...
I'm sorry for putting your driver out by not waiting by my door for the entire estimated delivery window of 1st May-7th May. Next time I will help your driver by driving myself to PC World, running the gauntlet of credit offers at 26.3% APR and over-priced extended warranties costing nearly as much as a replacement laptop, only to find what I want is out of stock - but can be dispatched immediately for home delivery...
Now where was I...
Oh yes, once upon a time the avid mail-orderer needed to know the location of just 2 buildings: the nearest "main" Post Office and the local Parcel Force warehouse.
Today, each expedition is a veritable adventure; a 60-mile round trip to the "local" depot for Generic Delivery Services Ltd whose postcode, at least according to any satnav on the market, is just far enough away from the actual building to render your chance of getting to the collection office after work before it closes about as good as getting the full delivery charge refunded from the vendor if the delivery ends up boomeranging back because you failed to collect the package within a week.
That's assuming your package made it back to the depot, unlike the soggy books inside the soggy cardboard box left on my doorstep last October...
Or the pillow thrown over the gate - of the wrong house! Eventually finding its way to its intended recipient a week after the replacement had been delivered - and returned.
Are we to believe that tracking a parcel within these delivery operations is computationally impossible? At least given the computing power of a ZX Spectrum (with 48k Ram Pack and ZX Microdrive)..
Granted, we have an extremely complex problem: a parcel at location A needs to get to location B, and the recipient R needs to be notified somehow.
You'd have to request their email address and everything...
Plus you'd need to know how long it takes for a parcel to reach the trunk network, travel the trunk network; I mean, it would take some effort to plan shipping routes and schedules (rather than leave them to the driver's discretion, as I assume they must do now), collect actual data - maybe even build a database if it doesn't all fit on a Microsoft Excel spreadsheet...
And provision delivery vehicles with the latest state-of-the-art satellite technology - or at least ask delivery drivers to keep their phones switched on whilst working.
Maybe NASA could help? After all they seemed to predict the landing time of Curiosity on Mars to a better accuracy than Rural Link Express can track a parcel from Manchester to Woking.
Is it really that hard for a company the size of a small country to divert some of the money it saves avoiding tax in to technology that lets its customers know with reasonably accuracy:
- What day, at the time of ordering, a parcel will arrive; and,
- At some point the day before the time, to within a couple of hours, the parcel will be delivered?
@JamesFirth
Tuesday, 30 April 2013
Life in Waverley, Surrey
Depressing reading, for anyone wanting to buy property in my locality.
Mortgage companies are currently offering around 3.5 times basic salary in home loans, and requiring around 20% deposit to access the bulk of their deals, meaning one needs to earn around £70,000 per annum and have £60k equity in their existing property or tucked away in order to afford the average semi.
Even the average flat requires a £40k salary plus a £40k deposit.
(source: BBC, data date: Oct-Dec 2012)
Compared to my birthplace the difference is stark...
Still, things could be worse. I could be based in a London borough such as Hammersmith...
@JamesFirth
Mortgage companies are currently offering around 3.5 times basic salary in home loans, and requiring around 20% deposit to access the bulk of their deals, meaning one needs to earn around £70,000 per annum and have £60k equity in their existing property or tucked away in order to afford the average semi.
Even the average flat requires a £40k salary plus a £40k deposit.
Waverley
Average house price
£422,155
£422,155
| Detached | £636,759 |
| Semi-detached | £361,069 |
| Terrace | £299,749 |
| Flat | £199,568 |
Compared to my birthplace the difference is stark...
Calderdale
Average house price
£150,071
£150,071
| Detached | £270,960 |
| Semi-detached | £149,053 |
| Terrace | £109,777 |
| Flat | £126,373 |
Still, things could be worse. I could be based in a London borough such as Hammersmith...
Hammersmith and Fulham
Average house price
£653,439
£653,439
| Detached | £0 |
| Semi-detached | £1,334,153 |
| Terrace | £1,092,643 |
| Flat | £493,058 |
@JamesFirth
Thursday, 25 April 2013
What the Letzgo Hunting vigilantes can teach the Home Office
One of my many criticisms of this and recent governments' obsession with online snooping is that it diverts resources away from other policing methods.
Governments are obsessed with creating (or restoring, depending on who you talk to) a power imbalance they say is necessary to maintain order and prevent serious crime and terrorism.
I and many other technologists argue to the contrary - that blanket surveillance will have little long-term impact on seriously organised criminal and terrorist activity as perpetrators will adapt quickly to evade today's proposed imperfect monitoring systems as technology continues to evolve quickly.
At most such technology will trap mid and low-level criminals, giving a short-term advantage that will soon be lost as even petty thieves learn how to hide their online trail more efficiently.
Whilst reducing crime of any description is undoubtedly a good thing, this must be balanced against the cost and risk to all non-criminals in society who face having even more of their secrets held by state agencies and other third parties without their consent.
Additionally, such monitoring carries a significant cost.
Not just the monetary cost in siphoning off, storing, filtering and retrieving large quantities of data - but a cost to technological progress. Internet service providers may shun network upgrades because of the added complexity of accommodating the surveillance regime, denying customers increased bandwidth and other benefits of the latest technology.
Additionally - or so a network engineer at a very large mobile phone network once told me - network changes required to meet today's data retention laws made the system, in his opinion at least, more vulnerable to failure because all transactions had to be routed through one of a few data collection points.
Police in the UK still don't carry guns on routine patrols - why? Because the risk outweighs the benefits. Society is generally better off with a softer balance of power - consensus policing - and not carrying a firearm is a powerful reminder to the public.
The benefits of a more consensual approach to policing is that the public are more likely to do their bit to help the police in their duty; contrasted with more militaristic approaches, which pit the public - even the law abiding public - against the police, whom they often live in fear of.
I believe analogies can be drawn with policing the internet. I'm afraid of snoopers taking a snippet of my data out of context or misidentifying someone else's transaction as originating from me. I'm afraid of a large mountain of my personal data leaking, leaving me vulnerable to identity theft.
I'm afraid of police creeping around in bushes watching ordinary citizens go about their lives - because this, quite frankly, just freaks me out.
Of course the state must be involved in some way; a free-for-all leaves the weak unprotected.
But the level and manner of involvement I have in mind usually contrasts strongly with what governments around the world are pushing for.
I believe the internet should be policed to a large extent via the front door, not by creeping around the back or hiding in bushes with the digital equivalent of a long-lens camera and parabolic microphone.
The Home Office often cites the hunt for dangerous paedophiles as justification for blanket surveillance, playing to the public's fears.
A group of vigilantes recently showed us all that progress in the fight against paedophiles can be made without snooping around behind the scenery planting bugs in the very fabric of the network.
Police condemned the action of vigilantes as potentially illegal itself, but this perhaps says more about police wanting to maintain an illusion of control, or says something about the contradictory state of current privacy laws which are seen by some as limiting police operationally whilst allowing the state to watch us all via our mobile phone activity, etc.
If we could find some way for police to use the internet via the front door, connecting via an ISP to inhabit the places people hang out online - in a similar way to the mix of visible and plain clothes patrols inhabiting the streets; then this surely will be more proportionate and more sustainable than relying on blanket surveillance.
@JamesFirth
Governments are obsessed with creating (or restoring, depending on who you talk to) a power imbalance they say is necessary to maintain order and prevent serious crime and terrorism.
I and many other technologists argue to the contrary - that blanket surveillance will have little long-term impact on seriously organised criminal and terrorist activity as perpetrators will adapt quickly to evade today's proposed imperfect monitoring systems as technology continues to evolve quickly.
At most such technology will trap mid and low-level criminals, giving a short-term advantage that will soon be lost as even petty thieves learn how to hide their online trail more efficiently.
Whilst reducing crime of any description is undoubtedly a good thing, this must be balanced against the cost and risk to all non-criminals in society who face having even more of their secrets held by state agencies and other third parties without their consent.
Additionally, such monitoring carries a significant cost.
Not just the monetary cost in siphoning off, storing, filtering and retrieving large quantities of data - but a cost to technological progress. Internet service providers may shun network upgrades because of the added complexity of accommodating the surveillance regime, denying customers increased bandwidth and other benefits of the latest technology.
Additionally - or so a network engineer at a very large mobile phone network once told me - network changes required to meet today's data retention laws made the system, in his opinion at least, more vulnerable to failure because all transactions had to be routed through one of a few data collection points.
Police in the UK still don't carry guns on routine patrols - why? Because the risk outweighs the benefits. Society is generally better off with a softer balance of power - consensus policing - and not carrying a firearm is a powerful reminder to the public.
The benefits of a more consensual approach to policing is that the public are more likely to do their bit to help the police in their duty; contrasted with more militaristic approaches, which pit the public - even the law abiding public - against the police, whom they often live in fear of.
I believe analogies can be drawn with policing the internet. I'm afraid of snoopers taking a snippet of my data out of context or misidentifying someone else's transaction as originating from me. I'm afraid of a large mountain of my personal data leaking, leaving me vulnerable to identity theft.
I'm afraid of police creeping around in bushes watching ordinary citizens go about their lives - because this, quite frankly, just freaks me out.
Of course the state must be involved in some way; a free-for-all leaves the weak unprotected.
But the level and manner of involvement I have in mind usually contrasts strongly with what governments around the world are pushing for.
I believe the internet should be policed to a large extent via the front door, not by creeping around the back or hiding in bushes with the digital equivalent of a long-lens camera and parabolic microphone.
The Home Office often cites the hunt for dangerous paedophiles as justification for blanket surveillance, playing to the public's fears.
A group of vigilantes recently showed us all that progress in the fight against paedophiles can be made without snooping around behind the scenery planting bugs in the very fabric of the network.
Police condemned the action of vigilantes as potentially illegal itself, but this perhaps says more about police wanting to maintain an illusion of control, or says something about the contradictory state of current privacy laws which are seen by some as limiting police operationally whilst allowing the state to watch us all via our mobile phone activity, etc.
If we could find some way for police to use the internet via the front door, connecting via an ISP to inhabit the places people hang out online - in a similar way to the mix of visible and plain clothes patrols inhabiting the streets; then this surely will be more proportionate and more sustainable than relying on blanket surveillance.
@JamesFirth
Wednesday, 24 April 2013
Hell, yeah! Let's flood our public spaces with lots of "clean", porn-free WiFi...
I have no idealistic or moral objection to the Prime Minister wanting to appear to be doing the good and proper thing to appease campaigning children's charities and electors with kids.
But technically what the Prime Minister wants (and this smells like another shambolic policy emanating from the general direction of "Minister for the Internets" Ed Vaizey) - porn-free WiFi in open spaces, is both unworkable and misguided.
Misguided because it sends the message that pornography is the biggest danger kids face on the internet.
Not even close. I haven't got references to hand but I've read studies showing the effects on children of exposure to sexualised imagery are minimal in most cases.
Bar a minority who have a tendency to become obsessive, most children can adapt to effectively "block out" sexual imagery and it loses its effect.
Yes it can normalise abnormal behaviour (such as sexual violence) but even here the jury's out and the debate is along similar lines to violent films and video games: is a society which does little to discourage the availability of violent imagery more violent than one that discourages it?
My premise is that the biggest danger children face on the internet is physiological. Just one example: interacting with others online in text-based formats with the absence of non-verbal cues (such as facial expressions) seems to lead to some extremes of behaviour (eg flame wars) and passionately entrenched arguments can become an obsession.
Also in that department there's bullying (again exacerbated by the shielding the internet brings, ie being unable to see the effect bullying has on the bullied), mob behaviour, and other extremes that can sometimes lead to illegal activity such as harassment or hacking in order to get a greater hold over a perceived opponent.
And unworkable for two reasons.
On the legislative front it will be very hard to impose what amounts to state-mandated decency rules on all "public" WiFi. The risk of being fined for allowing a bare nipple to slip through your modesty filter will merely discourage businesses from providing WiFi.
So instead I'm hearing what the Prime Minister wants - "clean, porn-free WiFi" - won't be enforced by legislation. It will instead be secured by a classic fudge that I've heard Ed Vaizey mutter tens of times: an industry code of conduct. The threat being if the industry doesn't enforce the rules, legislation will follow.
But which industry? The cafe industry? Or the hotel industry? Or the ISP industry? If the latter, then will ISPs providing a service to a cafe have to block porn at source? And if so, how will the cafe owner get his daily fix of flesh if he or she requires, behind closed doors, of course?
And on the technical front it's a running battle to filter all porn. A battle the filtering companies aren't winning and probably will never win - particularly in regards to over-blocking of 'legitimate' sites.
Plus there's the tricky issue of "dual-use" mainstream websites such as Flickr.
Flickr wasn't blocked when I tested a multitude of content filtering systems 18 months ago whilst with Open Digital.
But if you're over 18, not easily offended, in a private space and not using a work internet connection, you might try this:
It's not hard to find flesh. From there you can even get list of users who have favourited such images, and from there find other similar images favourited by that user. Or so my research assistant tells me!
So I assume Flickr will have to be blocked in internet cafes across the country.
Now imagine the following scenario: a tourist visiting London, uploading their day's photos to one of the world's most popular photo-sharing websites...
David Cameron's wish for clean public WiFi - noble, but utterly unworkable.
What we should be telling all parents is that they must work with their children on what is the digital equivalent of the green cross code re internet safety. Be aware of the dangers, mitigate the risks, and be careful chosing the devices you allow your children to use - consider devices with built-in locks on internet use for younger children, allowing only supervised access.
@JamesFirth
But technically what the Prime Minister wants (and this smells like another shambolic policy emanating from the general direction of "Minister for the Internets" Ed Vaizey) - porn-free WiFi in open spaces, is both unworkable and misguided.
Misguided because it sends the message that pornography is the biggest danger kids face on the internet.
Not even close. I haven't got references to hand but I've read studies showing the effects on children of exposure to sexualised imagery are minimal in most cases.
Bar a minority who have a tendency to become obsessive, most children can adapt to effectively "block out" sexual imagery and it loses its effect.
Yes it can normalise abnormal behaviour (such as sexual violence) but even here the jury's out and the debate is along similar lines to violent films and video games: is a society which does little to discourage the availability of violent imagery more violent than one that discourages it?
My premise is that the biggest danger children face on the internet is physiological. Just one example: interacting with others online in text-based formats with the absence of non-verbal cues (such as facial expressions) seems to lead to some extremes of behaviour (eg flame wars) and passionately entrenched arguments can become an obsession.
Also in that department there's bullying (again exacerbated by the shielding the internet brings, ie being unable to see the effect bullying has on the bullied), mob behaviour, and other extremes that can sometimes lead to illegal activity such as harassment or hacking in order to get a greater hold over a perceived opponent.
And unworkable for two reasons.
On the legislative front it will be very hard to impose what amounts to state-mandated decency rules on all "public" WiFi. The risk of being fined for allowing a bare nipple to slip through your modesty filter will merely discourage businesses from providing WiFi.
So instead I'm hearing what the Prime Minister wants - "clean, porn-free WiFi" - won't be enforced by legislation. It will instead be secured by a classic fudge that I've heard Ed Vaizey mutter tens of times: an industry code of conduct. The threat being if the industry doesn't enforce the rules, legislation will follow.
But which industry? The cafe industry? Or the hotel industry? Or the ISP industry? If the latter, then will ISPs providing a service to a cafe have to block porn at source? And if so, how will the cafe owner get his daily fix of flesh if he or she requires, behind closed doors, of course?
And on the technical front it's a running battle to filter all porn. A battle the filtering companies aren't winning and probably will never win - particularly in regards to over-blocking of 'legitimate' sites.
Plus there's the tricky issue of "dual-use" mainstream websites such as Flickr.
Flickr wasn't blocked when I tested a multitude of content filtering systems 18 months ago whilst with Open Digital.
But if you're over 18, not easily offended, in a private space and not using a work internet connection, you might try this:
- Sign up to the 74th (according to Alexa at time of writing) most popular website in the world
- Type your favourite sex words* in to the search box
- In the results, click on Advanced Search and change the SafeSearch setting to "SafeSearch off"
It's not hard to find flesh. From there you can even get list of users who have favourited such images, and from there find other similar images favourited by that user. Or so my research assistant tells me!
So I assume Flickr will have to be blocked in internet cafes across the country.
Now imagine the following scenario: a tourist visiting London, uploading their day's photos to one of the world's most popular photo-sharing websites...
David Cameron's wish for clean public WiFi - noble, but utterly unworkable.
What we should be telling all parents is that they must work with their children on what is the digital equivalent of the green cross code re internet safety. Be aware of the dangers, mitigate the risks, and be careful chosing the devices you allow your children to use - consider devices with built-in locks on internet use for younger children, allowing only supervised access.
@JamesFirth
Wednesday, 10 April 2013
What's the real reason for Amazon resetting customer passwords?
I got an email this morning from Amazon. A legit email, DKIM signed by Amazon's email server.
Amazon have reset my password because they say I 'may have been subject to a phishing scam'.
But why now? Running my own mail servers and a string of public email addresses I'm subject to Amazon phishing scams on an almost daily basis, as I am with many other companies.
And why did Amazon suspect I've been subjected to a phishing scam? Have they read the phishing emails on my private mail servers?...
No, of course they haven't. Phishing Amazon customers is an activity that only involves Amazon infrastructure when the scammers use credentials phished from me to perform illegal transactions on my account.
And since I'm pretty certain my credentials haven't been phished from me - as a professional involved in this area I'm on high alert for odd emails - the only reason I can think of for Amazon to suspect I'm at increased risk of phishing is if my email and perhaps other personal details have somehow leaked from Amazon.
I don't mind my password being reset as a security precaution.
But I do mind the tone of the email they sent, which makes it sound like it's my fault for being at increased risk of phishing, along with handy links to protect myself.
When I reset my account I will take the precaution of removing all my credit card details. Much as it is a pain to re-enter whenever I buy music I suspect there is more going on here.
Here's the email in full (my bold - I'm curious why they don't want me to use my previous password if I know I haven't been subject to a phishing attack...):
@JamesFirth
Amazon have reset my password because they say I 'may have been subject to a phishing scam'.
But why now? Running my own mail servers and a string of public email addresses I'm subject to Amazon phishing scams on an almost daily basis, as I am with many other companies.
And why did Amazon suspect I've been subjected to a phishing scam? Have they read the phishing emails on my private mail servers?...
No, of course they haven't. Phishing Amazon customers is an activity that only involves Amazon infrastructure when the scammers use credentials phished from me to perform illegal transactions on my account.
And since I'm pretty certain my credentials haven't been phished from me - as a professional involved in this area I'm on high alert for odd emails - the only reason I can think of for Amazon to suspect I'm at increased risk of phishing is if my email and perhaps other personal details have somehow leaked from Amazon.
I don't mind my password being reset as a security precaution.
But I do mind the tone of the email they sent, which makes it sound like it's my fault for being at increased risk of phishing, along with handy links to protect myself.
When I reset my account I will take the precaution of removing all my credit card details. Much as it is a pain to re-enter whenever I buy music I suspect there is more going on here.
Here's the email in full (my bold - I'm curious why they don't want me to use my previous password if I know I haven't been subject to a phishing attack...):
Hello J * Firth,
This is an important message from Amazon.co.uk
As a precaution, we've reset your Amazon.co.uk password because you may have been subject to a "phishing" scam.
Here's how phishing works:
A scam artist sends an e-mail, which is designed to look like it came from a reputable company such as a bank, financial institution, or retailer like Amazon.co.uk, but is in fact a forgery. These e-mails direct you to a website that looks remarkably similar to the reputable company's website, where you are asked to provide account information such as your e-mail address and password. Since that website is actually controlled by the phisher, they get the information you entered.
Go to amazon.co.uk/phish to read more about ways to protect yourself from phishing.
To regain access to your Amazon customer account:
1. Go to Amazon.co.uk and click the "Your Account" link at the top of our website.
2. Under Account Settings, click the link that says "Forgotten your password?"
3. Follow the instructions to set a new password for your account.
Please choose a new password and do not use the same password you used with us previously. If you have used the same password for your email account as on your Amazon.co.uk account, you should also change your email account password to prevent phishers from reading and/or stealing your emails.
I hope this helps.
We look forward to seeing you again soon at Amazon.co.uk
Sincerely,
Amazon.co.uk
Please note: this e-mail was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.
@JamesFirth
Friday, 22 February 2013
The Stirling Engine and the iPhone
 |
| The Epiphany One Puck Credit: Epiphany Labs |
Two things interest me.
Will it work? I'm interested not just from an engineering perspective but also curious as to whether Kickstarter and other crowd funding platforms will ultimately end up pushing developments in engineering and technology or simply fund lifestyle projects with no realistic use, value or chance of success.
And the resurgence of the Stirling engine - invented nearly 200 years ago - used not just in The Puck but undergoing something of a renaissance of late, featuring in a variety of other micro-generation and transportation projects that have come to my attention.
How can a technology conceived of in 1816 suddenly come of age like this? A lesson perhaps for any inventor or entrepreneur hoping to make a fortune from a Killer App or other gadget.
~~~
If The Puck works - as in is capable of charging a mobile phone from a common domestic heat source - it could spawn a revolution in micro-generation which until recently has focussed on fuel cell technology.
The physics says it could work - but it's on the margins and a lot will depend on how efficient The Puck is at turning heat into electricity.
A typical smartphone battery stores around 18,000 joules (5 Watt-hours) or energy and is surprisingly efficient to charge - manufacturers claim 80-90%.
So we'll need around 5.5-6 Watt-hours of energy to fully-charge a phone.
A 350ml cup of boiling water has theoretical stored energy of 117,600 joules (32.7 Watt-hours) in a room at a temperature of 20 degrees C (weight of water in grammes multiplied by the specific heat capacity of water (4.2) multiplied by the temperature difference in Celsius/Kelvin).
So in theory the Stirling engine in The Puck need only achieve 17% efficiency to fully-charge a modern smartphone, and the laws of thermodynamics says the Stirling engine is - in theory at least (and yes, I do hold a Physics degree) - extremely efficient at turning heat energy into mechanical motion.
~~~
But that is sadly just theory. In practice larger Stirling generators on the market have an efficiency of between 10-28% (example) without heat regenerators.
Running at a lower temperature difference means the theoretical thermodynamic efficiency of The Puck will be far higher (Carnot cycle), however the lower power output at lower temperature differences means mechanical friction will play a much greater role in lowering the overall efficiency.
A low temperature difference could also add to the engineering challenge in building a usable generator into a small space.
And then, in the efficiency equation, we have the dynamo required to turn the mechanical energy into electricity, and the voltage stabilisation circuitry to provide a clean 5v of power to your phone.
If I had to guess I'd say the manufacturers will struggle to top 10% efficiency in turning heat into 5-Volts of electrical power but this is just my opinion. I've been unable to find any published claims by the manufacturers.
~~~
Still, that would charge even the most power-hungry phone to two thirds from one cup of coffee, which ain't that bad... Or would it?
When talking about the theoretical energy in a cup of boiling water I didn't mention leakage - heat lost into the local environment through a surface other than the Epiphany One Puck.
Heat rises - or rather the heat energy in the cup of hot water concentrates at the top due to convection currents in the water, and consequently far more heat is lost through the top of the cup than the sides or bottom, where The Puck sits.
And then there's evaporation. A large percentage - it can be as much as 70% from a well-insulated cup - of heat energy lost from a hot liquid is via evaporation.
Without taking extra steps to insulate your heat source (coffee), using a lid to minimise evaporation and perhaps placing The Puck above rather than below your well-insulated cup you could end up losing 90% of the energy stored in the boiling coffee.
And now we're only talking about charging 6% of your phone's battery and being left with stone-cold coffee in the process.
And I haven't even mentioned a potential mismatch between the rate of cooling of your coffee and the power consumed by your phone. My phone takes a couple of hours to charge from mains electricity - making insulation of the heat source used by The Puck essential over this time frame.
~~~
Yet I'm still quite excited by the project. Coffee is only one heat source - there's always the sun (in some countries) and in cold countries it's easier to find a heater on e.g. a train in the UK than it is an electrical socket.
I like the idea of having a handy, portable, well-packaged Stirling generator even though I might need a dozen cups of coffee to charge my phone. If Epiphany Labs can pull this off they'll have solved a number of engineering challenges that make projects like this very worthwhile.
@JamesFirth
Wednesday, 9 January 2013
Inventiveness and the noble art of shirking
This post isn't meant to be politically motivated, but politicians right now do seem obsessed with "work" in a Dickensian sense: hard work; dividing the population into two disparate groups: those striving to get by and shirkers.
The problem? It's nearly 150 years since Dickens died and automation means only a modest portion of the total workforce is required to maintain the supply of essential goods and services needed to keep the country running.
That is, we aren't all needed to tend to the fields and keep the factories running in order to make sure the population is fed and clothed.
And as machines get cleverer and more versatile even fewer workers will be required for essential jobs.
The problem with the Victorian juxtaposition of hard work and valour is twofold. It rewards needless labour and stigmatises those who struggle to find a way to make themselves useful.
And it can end up punishing some sections of society in a perverse way - notably those who care full time for a relative or child.
Should these people be forced against their wishes to work, leaving their loved one in the care of a stranger?
Logically it makes no sense; swapping one person's labour for another so that the one more suited through a family bond can go and earn money to pay for the labour of another to look after their relative.
Laziness, the root of all evil?
I'm incredibly lazy - at times. I've been known to put-off boring tasks for months. Yet I've worked round the clock - literally - on some projects to ensure things that need to happen do happen.
How I respond to "work" is pretty much based on the reward on offer.
And reward is a complex equation, not a chunk of money.
Reward can be intellectual nourishment or satisfaction in some way, knowing I've solved a problem or made life easier for myself and others in future.
What I see as my inherent laziness often drives my inventive side. Many years ago I was tasked with a very tedious job setting up and running software tests using a complex, buggy, outdated and laborious system.
At 24 I was mortified that my new relatively senior job at a major company had been reduced to following a long list of detailed instructions; effectively pressing the right button at the right time.
And I was horrified that no-one had found the time to fix the situation.
I didn't want to do this well-paid job but my manager at the time wouldn't listen to reason. Do the assigned work or get fired (I was on a 3-month trial).
Was I a shirker? Probably.
I just couldn't be bothered to do this mind-numbing task, doing pretty-much nothing for a week, before resolving to re-write the whole system - no small feat given the size of the project I was working on.
But I was already behind on running the tests, so I worked 14-hour days to automate the testing process, leaving a legacy saving effort on future projects and bagging a promotion.
If it wasn't for my laziness I'd have done it the way it had always been done - the hard way.
@JamesFirth
The problem? It's nearly 150 years since Dickens died and automation means only a modest portion of the total workforce is required to maintain the supply of essential goods and services needed to keep the country running.
That is, we aren't all needed to tend to the fields and keep the factories running in order to make sure the population is fed and clothed.
And as machines get cleverer and more versatile even fewer workers will be required for essential jobs.
The problem with the Victorian juxtaposition of hard work and valour is twofold. It rewards needless labour and stigmatises those who struggle to find a way to make themselves useful.
And it can end up punishing some sections of society in a perverse way - notably those who care full time for a relative or child.
Should these people be forced against their wishes to work, leaving their loved one in the care of a stranger?
Logically it makes no sense; swapping one person's labour for another so that the one more suited through a family bond can go and earn money to pay for the labour of another to look after their relative.
Laziness, the root of all evil?
I'm incredibly lazy - at times. I've been known to put-off boring tasks for months. Yet I've worked round the clock - literally - on some projects to ensure things that need to happen do happen.
How I respond to "work" is pretty much based on the reward on offer.
And reward is a complex equation, not a chunk of money.
Reward can be intellectual nourishment or satisfaction in some way, knowing I've solved a problem or made life easier for myself and others in future.
What I see as my inherent laziness often drives my inventive side. Many years ago I was tasked with a very tedious job setting up and running software tests using a complex, buggy, outdated and laborious system.
At 24 I was mortified that my new relatively senior job at a major company had been reduced to following a long list of detailed instructions; effectively pressing the right button at the right time.
And I was horrified that no-one had found the time to fix the situation.
I didn't want to do this well-paid job but my manager at the time wouldn't listen to reason. Do the assigned work or get fired (I was on a 3-month trial).
Was I a shirker? Probably.
I just couldn't be bothered to do this mind-numbing task, doing pretty-much nothing for a week, before resolving to re-write the whole system - no small feat given the size of the project I was working on.
But I was already behind on running the tests, so I worked 14-hour days to automate the testing process, leaving a legacy saving effort on future projects and bagging a promotion.
If it wasn't for my laziness I'd have done it the way it had always been done - the hard way.
@JamesFirth
Tuesday, 18 December 2012
ePetitions: 5 million signatories per year, run on a modest budget. An eGovernment success story?
Not every FOI request reveals a costly waste of taxpayer's cash.
I requested some statistics on the government's ePetitions service epetitions.direct.gov.uk and was pleasantly surprised by what I found.
I was - still am - quite concerned that a deal of effort seems to go into moderating what petitions are allowed, with some petitions rejected e.g. for duplication when the text is substantially different to the nearest similar petition.
I'm a bit of a purist. I believe a petition is a petition and it's not up to the government to decide which are valid and which are not. Duplication is a fact of life with user-generated content and the online crowd seems to deal with it in its own way.
Some petitions will get forgotten and others will rise to prominence on some trend or other.
Anyhow, that aside I was pleasantly surprised to find the epetitions service runs on a relative shoestring of £25,680 per annum in the last financial year.
Between April 2011 and March 2012 it serviced 5.1 million signatories, created around 15,000 new petitions and was relatively popular with 13.4 million visits (55.2 million page views).
In my opinion this service provides good value.
Whereas online popularity, signatory counts, etc are notoriously easy to game; the government's own service requires a UK address one assumes is validated in some way. If not correlated with the electoral role, storing a physical address should make it easier to detect all but the most modest anomaly.
It's logical to assume the government trusts the signatory count on its own service far more than it would a. n. other ePetition service.
Assuming the Cabinet Office uses the feedback on this service when developing government policy I'm more than happy to have public funds spent in this way.
Full details here, with thanks as always to MySociety.org's FOI tool WhatDoTheyKnow.com.
@JamesFirth
I requested some statistics on the government's ePetitions service epetitions.direct.gov.uk and was pleasantly surprised by what I found.
I was - still am - quite concerned that a deal of effort seems to go into moderating what petitions are allowed, with some petitions rejected e.g. for duplication when the text is substantially different to the nearest similar petition.
I'm a bit of a purist. I believe a petition is a petition and it's not up to the government to decide which are valid and which are not. Duplication is a fact of life with user-generated content and the online crowd seems to deal with it in its own way.
Some petitions will get forgotten and others will rise to prominence on some trend or other.
Anyhow, that aside I was pleasantly surprised to find the epetitions service runs on a relative shoestring of £25,680 per annum in the last financial year.
Between April 2011 and March 2012 it serviced 5.1 million signatories, created around 15,000 new petitions and was relatively popular with 13.4 million visits (55.2 million page views).
In my opinion this service provides good value.
Whereas online popularity, signatory counts, etc are notoriously easy to game; the government's own service requires a UK address one assumes is validated in some way. If not correlated with the electoral role, storing a physical address should make it easier to detect all but the most modest anomaly.
It's logical to assume the government trusts the signatory count on its own service far more than it would a. n. other ePetition service.
Assuming the Cabinet Office uses the feedback on this service when developing government policy I'm more than happy to have public funds spent in this way.
Full details here, with thanks as always to MySociety.org's FOI tool WhatDoTheyKnow.com.
@JamesFirth
Friday, 7 December 2012
Richard O'Dwyer fined £20k - but what of the "missing" £120k, or did the prosecution exaggerate?
The Guardian this morning reports Richard O'Dywer was fined £20,000 and ordered to undergo 6 months of some kind of US-UK remote probation as part of a deal which resulted in extradition proceedings against Richard being dropped.
Now, I don't blame Richard for accepting a deal in which this blog understands will result in no criminal record for Richard on either side of the Atlantic. Proceedings against Gary McKinnon dragged on for ten years; the deal allows Richard O'Dwyer to put this behind him and get on with his studies and the rest of his life.
But I have a serious question about the fine, which is reported in the Guardian as (my bold):
So if the Guardian has got its facts straight here either TVShack had operating costs of £120,000 over 3 years - equivalent to £40,000 per year for what can't be more than a couple of servers - or the figures provided by the prosecution in the extradition request were a gross over-estimate.
Either way the deal, whilst a relief to Richard and his family, is quite distasteful.
"Pay or we'll extradite" is a high-stakes extension of the "pay or get sued" letters about to hit the doormats of 1,000 UK ISP subscribers for paying the internet bill in a house where someone allegedly used the internet to watch porn.
I don't doubt the extradition collapsed because either the prosecution realised its case wasn't as strong as presented to Westminster Magistrates' Court; or the Home Secretary, whilst publicly supporting extradition, realised how unpopular the decision would be and so privately warned the US Attorney General in his visit last month that they wouldn't get their man.
Either way this fine and charade of 6 months remote probation is a face-saving exercise.
We need to ensure that people who commit crimes whilst in the UK are tried in the UK.
And we need to keep a check on the scam forcing people into cash settlements because the cost, stress and risks in clearing their name through the courts are disproportionately higher than the settlement figure.
@JamesFirth
Now, I don't blame Richard for accepting a deal in which this blog understands will result in no criminal record for Richard on either side of the Atlantic. Proceedings against Gary McKinnon dragged on for ten years; the deal allows Richard O'Dwyer to put this behind him and get on with his studies and the rest of his life.
But I have a serious question about the fine, which is reported in the Guardian as (my bold):
He was also ordered to pay the US dollar equivalent of £20,000, which represents profits earned by his website between December 2007 and November 2010. The money will be used to "repay victims whose copyrights were infringed by TVShack", according to the agreement.Comparing this to Westminster Magistrates' Court records, where the prosecution alleged:
Complaint is made of the operation by Richard O’Dwyer of a website “TVShack.net” by which, in essence, he is said to have enabled the web surfing public free access to copyrighted feature films/ “movies” and TV programmes earning “over $230,000 in advertising revenue”. The complaint runs from about December 2007 to 29th June 2010 when a U.S. “seizure warrant” seized the domain name “TVShack.net”.The prosecution alleged TVShack received the equivalent of over £140,000 in revenue, yet settled for £20,000 as equivalent to the profits of the venture.
So if the Guardian has got its facts straight here either TVShack had operating costs of £120,000 over 3 years - equivalent to £40,000 per year for what can't be more than a couple of servers - or the figures provided by the prosecution in the extradition request were a gross over-estimate.
Either way the deal, whilst a relief to Richard and his family, is quite distasteful.
"Pay or we'll extradite" is a high-stakes extension of the "pay or get sued" letters about to hit the doormats of 1,000 UK ISP subscribers for paying the internet bill in a house where someone allegedly used the internet to watch porn.
I don't doubt the extradition collapsed because either the prosecution realised its case wasn't as strong as presented to Westminster Magistrates' Court; or the Home Secretary, whilst publicly supporting extradition, realised how unpopular the decision would be and so privately warned the US Attorney General in his visit last month that they wouldn't get their man.
Either way this fine and charade of 6 months remote probation is a face-saving exercise.
We need to ensure that people who commit crimes whilst in the UK are tried in the UK.
And we need to keep a check on the scam forcing people into cash settlements because the cost, stress and risks in clearing their name through the courts are disproportionately higher than the settlement figure.
@JamesFirth
Subscribe to:
Posts (Atom)