On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu

Tuesday, 22 October 2013

The BBC Worldwide online content that British license payers aren't allowed to see

I imagine it takes a very special type of BBC executive to arrive at a decision like this - you know, the kind of executive raking in a 6-figure salary with a large golden handshake awaiting them when they finally run out of sideways promotions after messing things up just one too many times...
Foreigners Only!

BBC Worldwide content is available free to worldwide audiences, funded by advertising; therefore it follows that BBC license payers back in the UK must not be allowed to access this ad-funded content because they haven't "paid" to see it by being subjected to adverts.

As the BBC help page I was redirected to after being sent this story by a friend overseas states:
"We're sorry but this site is not accessible from the UK as it is part of our international service and is not funded by the licence fee. It is run commercially by BBC Worldwide, a wholly-owned subsidiary of the BBC, the profits made from it go back to BBC programme-makers to help fund great new BBC programmes. "
Yes, it makes perfect sense.  If UK license-fee payers were allowed to see this content for free then Great Programmes wouldn't be made and the world would end.

No mention of the complex cross-funding deals that allow BBC Worldwide to sell license-fee funded programmes whilst returning a meagre 10% of its turnover to the Beeb Proper, or the £687,333 redundancy payment made to a BBC executive leaving the BBC to join... BBC Worldwide, its wholly-owned subsidiary.


Good value? Where's the data behind "the most transparent deal ever made"?

Here's a thing - I'm actually quite good at modelling costs.

So when the Energy Secretary yesterday announced an effective tax on electricity bills to support the building of a £16bn nuclear power station at Hinkley Point I naturally started to pick apart the details of the deal.

But I came unstuck.  Whilst Ed Davey trumpeted the investment in nuclear power as good value for British energy consumers and "the most transparent deal ever made", I struggled to find any substantial data to explain the inflation-linked "Strike Price", a consumer-subsidised rate of £92.50 per megawatt hour that the private consortium building the plant will receive for electricity until 2058.

Yes, the government's website is flush with press releases and infographics trumpeting job creation and low-carbon energy production, but what I really want is the business plan that justifies the public subsidy.

Given such information I will be able to give a better view on whether the deal really does represent a good deal for the taxpayer.

After all, capital costs of £16bn seem rather high, even for a nuclear power station. And given the nature of the deal - what amounts to a Wonga-funded hire purchase with investors expecting a 10% annual return on their investment (FT subscription required), it's all a bit incestuous; the supplier also gains through the provision of finance, tempering the market forces that should otherwise be driving down construction costs.

The government seems to be taking all the risks: fixing prices, providing guarantees against cost overruns; why its even committed to underwriting 65% of the capital costs as public debt - are the investors hoping to make a 10% return on the government's own money, too?!

Yes we know it costs a lot to build a nuclear power station, and its widely accepted that the capital costs are by far the largest contributor to the price of nuclear power, but estimates on the actual operating costs (excluding capital) of a nuclear power station vary widely: from just over a cent per kilowatt hour to 2.6p averaged over the UK fleet in 2009 to many times higher.  For a wider discussion try Wikipedia.

With no solid data in the public domain its impossible to judge whether we're being sold up the river.

And here's a thing. Building a model with the data that is available (an inflation estimate of 2%, a strike price of £92.50, construction costs of £16bn and a best-estimate of operating costs of 2.8p per kWh - adjusting the 2009 UK fleet average data for inflation) the investors won't be getting the equivalent of a 10% average annual return.  It will be more like 9%, after adjusting for the absence of dividends over the construction period.

However should inflation average 2.5% they will see a return of around 9.5%

But as I mentioned I can't find details behind the government debt underwriting 65% of the initial outlay.  If investors are only providing 35% of the funds then either the government stands to make a hidden return on underwriting the deal (UK 30-year gilts currently yield around 3.6% -  far less than the 9% return my model indicates), or the private consortium stands to make a far higher return on their 35% contribution than they have so far admitted.

Of course my calculations all hinge on inflation-linked best-guess operating costs of 2.8p per kWh.  This includes everything from fuel and staff costs to waste processing and storage and setting-aside the required decommissioning costs under a Funded Decommissioning Programme.

It's not inconceivable that EDF believes it can run the plant more cheaply than the average for the UK fleet.  After all this will be a modern high-output plant with associated economies of scale.  Some US studies claim operating costs as low as around one cent per kWh.

If EDF can get the operating costs down to around 1.8p/kWh they should easily make a return of 10% on the £16bn capital outlay, even if inflation hovers around 2%.

But here's the kicker.  If the government actually funded the whole project with public borrowing, assuming it was capable of delivering on time and on budget, the cost of borrowing would fall to around 3.6% - the price the government pays on its long-term debt.

Now with debt at this price and inflation-linked operating costs of 2.8p per kWh the strike price could be as low as £54.00 per megawatt hour - not far off the current wholesale price of electricity.

Additionally if operating costs of a modern plant can fall to around 1.8p/kWh the plant could be undercutting current power generators with a unit price of £48.50 per megawatt hour once capital costs are included. Bearing in mind capital costs and interest in this model are amortised over the first 35 years of the plant's planned 60-year life, costs should fall substantially in the second half of its life.

So has the government got it wrong? In its eagerness to involve private finance it has been forced to rig the market, sacrificing one free market ideal for another.

This market rigging tempers incentives to innovate to reduce construction and operating costs whilst providing a bad deal for customers; driving-up the overall cost of electricity and skewing the wholesale market for all generators.  Britain will be paying twice as much for electricity in real terms by 2050.

Whilst it seems to go against the ideology of a right wing government, a better option may well have been to leave the price to the market and fund the construction as a government project.


PS George Monbiot has a wonderful critique on the "farce" of investing in ageing nuclear technology.

PPS assumptions in my model:  the power station capacity is 3,200 megawatt, reactors are likely to be offline for around 40 days every 18 months for refuelling, electricity will be sold at £92.50 per megawatt hour and government sources are talking a lot about CPI inflation of 2% in relation to this deal, so we can assume that might be the figure EDF used in its own economic modelling. We also know investors expect a return of around 10% and the initial outlay is £16bn.

Tuesday, 1 October 2013

Will we ever reach peak tolerance of crap software and unfair terms?

If you've ever bothered reading a software license of the sort that comes with everyday software you'd probably struggle to cope with the rage against unfair and restrictive practices.

For example, as a small business owner I often choose to build my own computers; that way I ensure key components like the motherboard allow an upgrade path that will give me reasonable performance over 6 or more years' of life.

However, try and buy an OEM (Original Equipment Manufacturer) copy of Windows 8 Professional for a new home-built PC and you find that whilst your hand-assembled computer does fit all the requirements set down by Microsoft in the OEM license, as a small business owner I'm prohibited by this:
3. Key licensing terms for your use of this product are:
      * As the operating system on a PC you build for personal use 
(my bold)
This is exactly like turning up at a car showroom to buy a brand new car, only to be told the price doubles if I want to use my car to drive to business meetings.

Where is the fairness about being told what I can and cannot do with something I just bought?

The answer is in the question.  I didn't buy anything; at least not according to the software vendor.  The view of the software vendor is that they are only selling you a license to use their software, and that means they can also set down terms over how you use their software.

As it happens the licensing quagmire with Windows 8 with respect to "personal use" gets even more interesting since the license seemingly goes on to contradict itself:
The software package may not be used:
* [...]
* To license more than five copies of the software (in total) for commercial use  
So it's far from clear whether a small business owner with 5 Windows 8 Professional PCs risks death by lawsuit at the hands of Microsoft until such a case hits the courts.

Presumably then one could also test whether the use of the word "Professional" in the title implies commercial use, as I had assumed myself when I bought the software.

Of course all this is moot since I found Windows 8 practically unusable and instead opted to buy a Windows 7 upgrade for an existing copy of Windows Vista and upgrade the hardware rather than struggle on with Windows 8.

But the point is that many such conditions are largely untested in court, and they will probably never get tested because of the huge costs that would be awarded should one lose such a case.

So consumers - small business owners especially - will play it safe, potentially paying over the odds for software because software vendors include increasingly restrictive terms in their licenses in order to milk every last drop from the market.

And such terms aren't the only trick up the software vendors' sleeves. The other big con is built-in obsolescence.

I don't mean to be mean to Microsoft here but they are making it hard for me not to use their strategy to highlight my case.

The main reason I need to upgrade from Vista, apart from it [still] having a few performance snarls, is that I want to upgrade from Office 2007.

Microsoft has in its wisdom decided that Vista users cannot install Office 2013.  They also decided Vista users can't have Internet Explorer 10 either, but that doesn't bother me so much as I only use Internet Explorer for software testing and we have separate machines for that.

Whilst Microsoft officially defend these limitations on technical grounds I strongly suspect otherwise.

Oh, and the main reason I want to upgrade from Office 2007 is that the crappy half-baked ribbon still annoys the hell out of me.   So really I need to upgrade my duff operating system because I want to fix some duff office software.  Thanks guys!

But I am being unfair to Microsoft because they aren't the worse culprits on obsolescence.  No, seriously, I mean that, without even mentioning the Windows XP end-of-life exploit timebomb...

I previously blogged my frustration about VMware releasing a new version of their virtualisation product Workstation every year, effectively leaving those who don't pay to upgrade with no long term support.

And mobile phone and tablet manufacturers could be leaving me open to a greater peril: malware.

My phone, an original Samsung Galaxy S, is 3 years old and the last software upgrade available from Samsung was over a year ago.

Federal authorities in the US estimate millions of Android users are vulnerable to cyber threats and I can only assume my phone, having had no software update in over a year, is one of those.

Buying a new phone so that I can protect myself just reinforces the new norm that a piece of equipment originally costing me £500 has a lifespan of a measly couple of years.

If my washing machine broke after 2 years I would be filling the consumer review websites with my dissatisfaction. TVs, fridges, dishwashers - we expect all these appliances of similar value to last 5 years at least; and hope for 10!

But mobile phones are more like a computer than a fridge freezer so I should scale my expectations accordingly.

However phones generally have one major limitation: the hardware and software is typically locked so that owners can't take matters into their own hands should the operating system provider abruptly end support.

Yes, that old PC running Windows 2000 could still be useful if you can be bothered to install Linux and only want to use it for basic tasks like typing letters.

But when hardware is locked down it is essentially like buying that new car I mentioned earlier, but with the engine compartment padlocked so that only authorised dealers can perform repairs.  Doesn't sound very free market to me; especially since competition authorities around the world have by and large already dealt with the monopolistic threat from requiring drivers to use only "authorised service centres".

How long will consumers continue to lap up the slop that software vendors are forcing us to eat?  Perhaps until something or someone forces their hands.

Maybe if my phone gets a virus because the manufacturer has stopped providing updates I could sue for any material losses suffered?  After all I have no options available to me bar stopping using the phone, and this is by design of the manufacturer, rather than accidentally ending up with a car that no-one is capable of servicing.

The global software giants will continue to focus on profits above software reliability, security and consumer satisfaction until something changes; because, at the moment, there's no downside for an industry simply doing what it pleases to sell more and more stuff to people; people who have a rather narrow range of options available to them.


Tuesday, 20 August 2013

Attacking responsible journalists will only lead to more irresponsible disclosures

It's hard to see the detention of David Miranda and seizure of his data or the arrival of GCHQ spooks at a national newspaper's offices to witness the destruction of hard disks as anything other than a warning shot across the bows of anyone daring enough to handle leaked classified data in future.

Anti-terror laws are broad enough to get anyone or anything we want.  We can and we will get you.

Of course this won't stop the leaks.  History is littered with examples of people willing to put themselves on the line for government transparency.

Pioneers of political journalism such as William Cobbett served a prison term for objecting in print to actions of the government; others risked the Tower for standing up for public scrutiny of Parliament.

What it will do is make responsible journalists wary of dealing with leaked sensitive information, leaving the leakers with few options other than dump the whole lot on the internet; with no opportunity to redact or withhold highly sensitive sections that are not directly relevant to the issue at stake.

Of course the intelligence agencies of Britain and her allies with their tentacles seemingly into every corner of the internet  may well have a plan to wipe any such site off the face of the net.

But with quite a few well-motivated transparency fanatics out there willing to replicate and retransmit leaked data and I wouldn't bet my money on this plan being successful.

Each additional measure security agencies are forced to take to guard against leaks by renegade staff adds to the data handling burden, which in turn makes our security agencies less effective in their primary aim of defending us against truly evil forces.

So it really is in everyone's interests to see the leaks stopped... But not by force!


Tuesday, 6 August 2013

Equip children to deal with the web, threats and all

When a teenager takes their own life it's bloody awful... Noteworthy is that the bullying allegedly happened not on Twitter - a company in the press at the moment for their "lack of action" over abuse - but on ask.fm. 

No sooner is one platform sanitised than the kids move to other places to interact.

Instead of the sole focus being on platforms to deal with abuse we have to do more to equip young people to deal with the web.

That involves prevention, ie avoid getting into all-out flame wars in the first place; handling threats and negative comments; teaching how to hit the off or ignore button and take a break in the real world; and, in the case of substantive threats to life, taking up the issue with police.

It's easy to make a noise and say that social media platforms and web companies "must do more" but it's a rich and complex problem which cuts through the whole of modern society.

There is not one simple solution - like censoring/blocking sites that don't take a duty of care - as others will pop up.

I'm not defending the abusers in any way but part of the solution has to be to help the victims deal with abuse and ignore unsubstantiated threats; this goes against the current noise being made of late in the mainstream press - looking for the platforms, police and censorship to fix the problem - but the web as it is there will always be a way to upset someone online.

If we want to prevent the level of despair that leads to suicide we need to teach young people how to (a) limit their exposure to threats by the platforms they choose to use and the way they interact; and, (b) deal with them when they happen.


Friday, 26 July 2013

The usability recession

Back in the 80's, life for technophiles was pretty frustrating.  Just loading a game on a home computer such as a ZX Spectrum or Commodore 64 would take around 5 minutes.  Games were stored on cassette tapes, and loading would occasionally crash part way through, forcing the frustrated gamer to rewind the cassette and start again.

With the affordability of disks (floppy and hard) things got a lot better in the 90's.  But, as fast as old frustrations disappeared, new ones appeared.

Faster computers, more memory and larger storage meant more complex systems; and more complex a system, more frequently it would crash. 

Word processors would freeze, printers would seize and operating systems core-dump sometimes several times a day.  Still today I save documents through habit learnt in the 90's after every paragraph written - despite my PC or word processor not crashing once in around 2 years.

Things did get better.  Windows 98 fixed many of the bugs in Windows 95, and by the time Windows XP appeared I had a computer that did pretty much everything I wanted it do to.

Over a decade later and technology has got a hell of a lot smarter.  Portable devices, smart TVs, streaming movies. 

We should be basking in mankind's achievements in science, technology and engineering...

Yet today, nothing bloody works any more! 

Well, lots of things do work, but suddenly everything just feels difficult again.

The explosion of devices and operating systems has lead to an implosion of compatibility and a fragmentation of refinement. 

When one manufacturer fixes an Android bug on one model of phone or tablet it's pot luck as to whether they'll apply the same fix to the same bug on other models. 

As different manufacturers deal with a different subset of issues the customer is left running a gauntlet of crashy, bloaty software.  Of particular note is the agonisingly unusable "PC sync/upgrade" software shipped with mobile devices.

I still can't find a decent word processor for my Asus TF300 tablet - like one that allows me to type words that remain in the same order typed, with spelling mistakes underlined and where the save button works 100% of the time it is used; the browser crashes occasionally when typing email - basic stuff.

And service providers are doing their best to stop me wanting to use their service.  Whilst Facebook works fine on my powerful desktop machine, it can crash the browser on some of my computers - as, incidentally, can loading the front page of the Independent.

Whilst mobile Facebook works reasonably well for posting a picture, half the features are missing.

Twitter have done their best to make me never want to tweet again.  They practically killed my interface of choice - TweetDeck. 

TweetDeck used to be a relatively simple app that helped manage multiple streams.  Twitter, after all, is about streams of short bursts of information - too much information to be consumed in the traditional, linear, way.  Instead one dips in and out.  Set a search for my home town to see what people are saying, check for the latest super-injunction scandals, etc.

The original software did 2 things well.  It allowed the user to flick through incoming tweets, and it allowed the user to tweet - with a spell check and everything.  Plus - particularly applicable to mobile - it had a nifty alert feature so you could see from your phone's status bar if someone was tweeting at you.

Now all that is gone.  The surviving desktop app is 3rd rate, can't even get a spell check to work, and the mobile versions have been officially killed - not just discontinued but disconnected at source.

And don't even get me started on mobile phones.  Even the model names are unfathomable: does the HTC One support 4G? Only the HTC One 4G, apparently. What about the HTC One X? Or the One XL?  The HTC One 4G LTE has a full-HD screen (1920x1080 pixels - on a phone!) whilst the HTC One XL 4G has only 720p HD screen.

What is the Google Nexus? Don't even go there if you're looking for clarity..  The "Google Nexus S" could be any one of four phones, of which only the SPH-D720 has 4G capability.

And 4G capability is dependent on the country and the operator.  Whilst the iPhone 5 works on the UK's EE 4G network, it won't work on some 4G networks being launched by rival operators because of the frequency bands being used.

On the subject of phones, bad things happen to my address book each time I change handset. 

Twice I got duplicates of my contacts; now I have four entries for everybody.  And, when I once tried to sync my address book to the NSA's Google's servers, they helpfully added around 350 people I had in various circles to my phone address book.  So now I have Mum, Dad, Wife, plus 350 people I've never met.

Practically everything, from watching Netflix on your smart TV (depending on the manufacturer) to transferring and editing video from your camera, to tweeting or updating your contact list has gotten difficult of late.

Perhaps, with the explosion of data, of devices, of services, and of uses, the focus on usability has been lost. 

Whilst things got better - a lot better - in terms of usefulness and usability each decade for the last 30 years, perhaps we've entered a usability recession.


Thursday, 4 July 2013

Extracting Snowden

A single tweeter is claiming Edward Snowden has left Russia on board a diplomatic jet.
A single claim isn't really worthy of a mention, even on this blog, however there is one detail above worth looking at.  The mention of a Gulf Stream jet.

A Latin American country looks the most likely chance of asylum for Snowden, even more so since yesterday's grounding over Europe of a diplomatic flight carrying president of Bolivia Evo Morales managed to rile a whole continent against the US.

But as we saw yesterday, travelling from Moscow to South America with a contentious cargo isn't that easy since the flight would ordinarily pass through the airspace of quite a few staunch US allies.

Not only that, but the range of many aircraft would necessitate a refuelling stop en route.

Re-routing to avoid such airspace is pretty much an impossible task, and going the long way round, east over Russia then over the Pacific, is even harder.
Click to enlarge. Source/copyright: maps.google.com
The best, if not the only, feasible route would be to head north from Moscow, refuel at Murmansk then skirt the airspace of northern European countries before heading south over the Atlantic.

Such a trip would require an aircraft with a rather long range of around 6,000 nautical miles.  A bit like the Gulf Stream V.


Wednesday, 3 July 2013

Q. Where are we without clear ground rules? A. We are where we are now - and that frightens me.

But where are we heading in a world without clear rules?

In a world where men are detained a decade without trial, tortured, punished by sleep deprivation before a trial has even begun.

Where the people exposing such abuses are jailed.

Where international borders are disrespected, executive assassination orders re-instated, diplomatic protocols disrespected.

Where everyone is a suspect, everyone is watched, and, through the excessive use of secrecy, few are afforded the right to challenge what their governments do in their name.

Yes we have been wronged, and yes we are fighting unsavoury enemies who threaten to use the open nature of our society to attack us.

But without clear rules not only are we endangering the very thing we set out to protect: we give comfort to our enemies.

Humanity is a cornerstone of democracy, once we start acting inhumanely our house comes crashing down.

We demonstrate to those who oppose democracy that even the loudest proponents of democracy can't practice what they preach.

Each line we cross opens hundreds of doors to even more unsavoury outcomes.

What can possibly follow rendition and indefinite detention but death, whether it be at the direct hand of the state, from hunger strike or through a whole life incarcerated.

What can possibly stop states acting on intelligence to further their political goals.

What can possibly prevent state-sanctioned murder when the self-restraint of our leaders evaporates.

What can possibly safeguard against the actions of a few when so many are shackled by over-arching vows of secrecy.

In a world where the rules of normal diplomacy are disobeyed the instruments of peace are blunted.


Tuesday, 2 July 2013

So the entire internet is tapped - let's put the power to good use and keep spies too busy to do evil

The frightening thing about the revelation that practically the entire internet is tapped is not the capacity for governments to enforce the law (crime, terrorism) but for them to use this power to affect the democratic process by e.g. spying on political opponents to fish for dirt.

So now we know the entire internet is bugged let's call for the government to use this power for good, in the hope that doing good will keep them too busy to do evil.

After all, we are constantly told the state needs these powers to keep us safe from cyber-criminals, terrorists and paedophiles.

Let's start with the so-called darknet.  If we believe press fodder its full of crime.

The darknet is basically a collection of websites whose server location is hidden.  Instead of talking directly to the IP address of the website's server, users are forced to talk to an intermediary which shields the visitor from the website's real location and vice-versa.

Because practically all internet end-points in the UK and US are monitored, it is relatively trivial to flush-out darknet servers in these jurisdictions.

Even though many "hidden" service providers claim to take steps to hide traffic signatures, there's only so much any service can to do disguise what is, in effect, an end-to-end pipe.

You wiggle one end and watch all possible other ends for movement.

Step 1: our security services start by identify target sites on the darknet...  The ones offering to supply guns, hit-men, child abuse images, etc.

Step 2: hit each of  these target websites with a series of page requests at specially-timed intervals - a signature pattern of visitation that is unlikely to happen too often in the real world.  Intelligence analysts can then create a filter to look for this signature amongst a pre-filtered list of connections which are identified as carrying some form of hidden traffic.

Step 3:  the short list of internet connections suspected of hosting illegal content from step 2 should be enough suspicion to obtain a targeted surveillance warrant and perform more extensive evidence gathering - visiting each darknet site with another signature pattern of visits whilst actively monitoring the suspected connection -  to prove (or disprove) that the connection is being used to host illegal content.

Step 4: enough evidence now to obtain a physical search warrant and seize the server and build a case against the owner.

Note here an interesting moral dilemma: in some ways surveillance is less intrusive than traditional policing.

Up to step 2 can be performed without looking at the content of communications, analysing only the so-called meta- or communications-data.

But by looking at the content data of the identified short list in step 3 before booting down doors at 6am saves any innocent party wrongly implicated by step 2 the inconvenience of a police raid and having all computer equipment confiscated for up to a year or so as police forensics crawl through their backlog.

I've since argued against legislation to allow mass monitoring of the internet in the UK, however it looks like we already got there without legislation.

Since I believe there's no realistic prospect of a reversal of the surveillance state in the near future - I'm resigned to the state grabbing what it can - we may as well start using the tools for good; and, at the same time, pushing for safeguards to prevent the power being used for nefarious purposes.

In fact given the revelations of late I'm thinking it might now be better to call for the legislation I previously opposed in order to have an open debate about limits and safeguards for an activity that until very recently went on entirely in secret.


Friday, 28 June 2013

Timezones and sloppy journalism: why I have much sympathy for Alec Baldwin

Alec Baldwin had a twitter meltdown over an accusation that his wife Hilaria was tweeting during James Gandolfini's funeral, and I have a lot of sympathy for him.

What appears to have happened is that Hilaria has her Twitter location set to PDT, ie the time zone for California, which is 3 hours behind New York (EDT) where James Gandolfini's funeral was held at the Cathedral of Saint John the Divine at 10:00 am EDT.

The Tweets highlighted by the Daily Mail [here, and here] appear to have been posted at 10:17 and 11:09 respectively, but this is definitely not EDT.

As you can see from this screen grab, Twitter reports right now these tweets as being posted 20 and 19 hours ago respectively:

At the time of writing it is 23 hours since the funeral, meaning the tweets were posted three to four hours after the funeral started; ie at 13:17 and 14:09 EDT.

As Alec Baldwin points out, his wife is heavily pregnant, so they didn't stay too long after the funeral.

Since it's almost certain from the timestamps she wasn't tweeting at the funeral and I've seen nothing Hilaria is alleged to have tweeted that is anywhere near out of order for 3-4 hours after a funeral I'd say Alec Baldwin can be forgiven for being very cross indeed.


Support UK justice

I just signed a petition after receiving the following email:
The odd scandal here and there, the UK has one of the fairest legal systems in the world, and much of that is down to our legal aid system which supports the critical right of defendants to access specialist legal advice.  
If Grayling gets his way, defendants will be assigned the cheapest public defender, regardless of whether they need a legal specialist in a complex case.

Justice will suffer. This isn't about politics, but about justice. 99,000 people have already signed this petition. Just 1,000 more are needed to force a Parliamentary debate on this critical subject:


Wednesday, 26 June 2013

The Bastard of Convenity

Empirically it is clear we can have incredible convenience, or we can have tight digital security, but not both.

This bastard of convenity - the child of security and convenience - sets a maximum for (security + convenience) and is a function of time.

When a new technology comes along, eg HTTPS, we can have security and convenience - but only for a brief period...

.. Because a high convenity factor prompts wide adoption.

Wide adoption piques the interest of governments, corporations and others wishing to exert control.

One way or another over time the security is circumvented.

Whether by legislation governing its use/deployment - ie the technology becomes bastardised at the behest of incumbent power - or by further advances in technology rendering the security obsolete, convenity drops off over time.

We can have security, or convenience, but not both; at least not over a sustained period in time.

Well, at least that's my premise!


Tuesday, 25 June 2013

Don't even bother asking governments not to spy on us

Electronic privacy is dead, now let's deal with the aftermath

Unlike most other technological innovations - particularly advancements in communication and mass media - for a relatively brief period the internet gave individual citizens an unprecedented edge over the state.

Previously everything media and comms was regulated by the state: from printing, broadcast radio and television to ownership of radio transceivers;  any UK citizen who feels oppressed by the state today should be reminded that until 1968 we had formal state censorship of theatres and stage plays.

Four factors made the internet impossible to regulate - at least in its early years:
  1. It happened by accident; governments around the world simply weren't anticipating the speed of growth, nor the impact the internet would have across many areas of life
  2. Even after (1) was appreciated, regulation during a period of intense growth would almost certainly have stifled development because growth relied mainly on private initiative
  3. The international nature of the network made many local laws irrelevant, e.g. in the UK, the Obscene Publications Act effectively banned hardcore pornography, but could not be applied against foreign websites 
  4. The nature of the network - a coalescence of many inter-connected autonomous networks - provided no centralised control point; and [early] limitations in technology, in particular latency and bandwidth, severely limited any government's ambition to impose content filtering and monitoring obligations on each of the autonomous networks
But what the internet giveth, the state can regulate away - it just takes time for the legislative machine to catch up.

And, now that technology has advanced to render point (4) obsolete, the legislative march is unstoppable.

It's unstoppable because it's impossible to change a mindset overnight.

The Government, its members and its security services all share one primary role: to defend the state; and currently defend is synonymous with control.

Until the collective thinking of law-makers advances to accept that a highly autonomous public does not itself threaten an established democracy - in fact it might well make us stronger - defending the state will necessarily involve maintaining a reserve of power and control over its people, just in case.

And the state now has these powers in respect to digital communications.

They have mastered the internet, in that it is now pretty much impossible to do anything of any significance online without running the risk of being tracked.1

I'm not saying you will be identified, but there's certainly now a non-negligible risk.

And I'm not saying that the internet does not still bring significant power to the people - it does, despite the tracking and monitoring.

But there are now two new realities.

One: everything online is monitored and traceable - if not [yet] by the state, by private companies be it Google, Facebook, your operating system vendor or ISP.

Two: there is nothing you can do, in calling for legislation or in your use of technology, that will be effective in stopping governments and corporations spying on you that doesn't severely impact what you want to achieve.

Any new laws will be symbolic because everyone, from states to corporations to private individuals - has become addicted to snooping.  (Yes, you, cruising Facebook to find out what your ex is up to...)

Only a step-change in technology can save us from ourselves, but don't sit on your hands waiting for any advancement that guarantees electronic privacy.  Encryption is creaking at the edges and passwords are becoming practically useless.

It's time to give up trying to prevent snooping and admit defeat.

Let them spy, for if we try and stop them they'll just do it anyway.

Instead, focus on building a wall around the spying that makes it hard for the state to wield its power against individuals.

We need to ensure robust laws are in place to mitigate the risks and dangers of a surveillance culture.

We need democratic transparency and oversight of the watchers.

We need to lift the veil of secrecy from the watchers and make them fully accountable.

And for that we need an end to ambiguous and unenforceable boundaries defining 'acceptable' and 'unacceptable' monitoring2. We need the intelligence services to run within a framework of detectable and enforceable offences - ie governing how the state acts on data in its possession to guard against persecution.

Those who feel unfairly targeted by surveillance deserve to have their cases heard in public, open to media scrutiny, not by a "judge" sitting twenty metres under ground in the Home Office bunker.



1. TOR, VPNs and other encryption and anonymity systems help to some degree, but once the state has its claws in the heart of the network, as it seems to have today, the risk of being tracked increases significantly.

E.g. post to a public bulletin board using TOR.  The size and timestamp for that post can be correlated against all active TOR sessions.  Successive posts will, over time, identify the poster.  "Hidden" services on the so-called "darknet" can all be traced with relative ease now that network surveillance is widespread.

Use an internet cafe: risk CCTV either in the cafe or en route. Use an unregistered mobile and give away your location, which can be correlated with road monitoring (ANPR), street CCTV, etc.

2. e.g. there is no real distinction between so-called metadata - aka communications data - and content.  Part of the Content at one level can become metadata at a lower level.  At the IP level the metadata shows my internet connection talking to Facebook.  Within IP packets other metadata can be carried, e.g. showing I'm writing a message on Facebook to Bob.  Some data stacks have metadata nested 3 or 4 levels deep.

Friday, 21 June 2013

A collapse in trust could stall tech development by decades, causing substatial damage to the hi-tech economy

One message, a message that drove me into digital politics, still isn't getting through.

It's the link between trust and growth.

Economists and social scientists understand this.  Robert D Putnam looked at the concept of social capital and how bonds of trust within communities help them prosper over 10 years before Facebook launched.

Zak and Knack (1998), and Dincer and Uslaner (2007), went on to study how generalised trust - that is, the propensity of strangers to trust each other - contributes to economic growth.

The logic is incredibly simple.

Generalised trust is critical to an entrepreneurial society.

In the absence of generalised trust it is not possible to do business with strangers because they are unlikely to stick to their end of any deal.

Therefore you will be far less inclined to trade outside your own established network, and far less inclined to try something new as you would in a society with a high degree of generalised trust.

Generalised trust within a society is maintained through fairness at all levels through access to justice, and a belief in social structures and the political system.

Studies show a link between trust and prosperity, and I argue exactly the same principles apply to data.

If we don't trust the custodians of our data - companies we choose to share our personal data with - then we will be less inclined to share our data, and also less inclined to try new products and services.

If we're less inclined to share we are unlikely to see continued growth in a sector which is becoming increasingly reliant on trust; and, if we're less inclined to try new products and services, then competition and innovation will be affected.

Trust brings convenience; and, from our willing participation in networked online communities, the prospect of further technological advancement, and further benefits in future.

If we want convenient access to what has become for many a digital extension of our brains, from anywhere, at any time, then we need to trust someone to look after our data in the cloud as we would ourselves in our home.

A collapse in trust could stem from wholesale misuse of our data by big companies themselves; or from the recent revelations that governments snoop on our data - a practice that tech giants can't distance themselves from.

Technology companies asked us to trust them with information that we would otherwise keep close - within our homes or about our person.

With than comes an expectation of legal safeguards comparable with those preventing police from entering our homes to read our diaries and letters.

Yet the tech giants failed to fight for our rights as we would have fought ourselves had the police been battering down doors to read our email.

And governments, whilst reaping many benefits of the high-growth technology sector, have failed to appreciate a potential impact on digital trust.  

The land grab for our data and control of  the data networks might bring short-term rewards for law and order and through the gathering of foreign political intelligence.

But it might have a longer-term impact on the digital economy through a collapse in trust.

President Obama claims the balance between privacy and security is about right.

I disagree.

I think we need to look to replicate the law of the physical world - a balance that has evolved over centuries - in the digital world.

Our personal data that we choose to store remotely needs to be afforded the same protection as our homes - the state should not access either without equivalent judicial oversight.

And because data can transcend jurisdictions it's not good enough to offer one level of protection to "citizens" whilst offering almost no protection and zero safeguards to "foreigners" - at least not without causing those "foreigners" to distrust your jurisdiction entirely.


Tuesday, 18 June 2013

Why you need to strip-search your child EVERY DAY

By staff reporter Moor L Panic

Irresponsible global technology giants are selling thumbnail-sized devices capable of storing millions of pornographic images and are REFUSING to make such devices safe for children.

Yes, on the very day the government has finally tackled the menace of rogue internet service providers not doing enough to protect your child online, a new threat emerges.

The widespread availability of such tiny devices make it possible for one enterprising youngster to circulate vile pornographic images to hundreds of other children, virtually undetected.

If you're a parent concerned that your child may have access to such devices we can only recommend installing an airport-grade body scanner at your front door until manufacturers of such devices face up to their responsibilities.

Failing that, strip searches on entry act as a major deterrent.

Friday, 14 June 2013

Join the dots - Snowden has defected to China

NSA whistle-blower Edward Snowden was quoted last week as saying "I don't want to live in a society that does these sort of things"

Yet in a supreme act of irony he may end up living his life in the privacy equivalent of the fires of hell, having leapt there from the NSA's frying pan to expose that the USA does "these sort of things", things that one expects of China or Russia.

First Russia seemed to come out with an offer of asylum.  Then Putin went on telly and seemed to praise the NSA for doing what he would expect then to do to fight terrorism.

But what grounds are there to suspect Snowden has already struck a deal with Beijing?

First there is the lack of arrest warrant and no start of formal extradition proceedings.  This strikes me as strange - surely the USA would want to do what it can, in addition to the persistent threat of a CIA rendition squad on Snowden's tail, to prevent him leaving Hong Kong for another territory.

If the US already knows - or at least suspects - Snowden now has the formal protection of China it wouldn't want to suffer the embarrassment of fighting an extradition demand doomed to fail.

Secondly there's Snowden's interview with the South China Morning Post, in which he alleges US cyber attacks against Hong Kong and China.  

This seems out of character from a man who seemed primarily focussed with the privacy of Americans.

Remember this is a guy who signed-up, at first directly and then later indirectly, to work for military arms of government.  Now he's all squeamish about the odd electronic bombardment..

He must also surely see these kind of revelations might affect his home support; currently one in three Americans see Snowden as a patriot, not a traitor whilst less than a quarter take the counter view.  

So why give that interview?  Or was that part of the deal to keep the extradition warrant at bay.

And thirdly there's the bizarre revelation that Edward Snowden is officially banned from entring UK.  

What purpose could such a ban serve?  Surely as an ally of the US the UK would welcome the leaker with open arms, before promptly attaching a GPS ankle bracelet and assigning a crack team of G4S security guards to enforce strict bail conditions pending extradition to his homeland.

It's possible the UK just didn't want another Assange holed up on its territory fighting a lengthy case against extradition, but it's equally likely he's been classified as a foreign intelligence threat.

If Snowden has won the protection of China he may end up regretting his words:  I don't want to live in a society that does these sort of things.


Shocking: UK minister promotes commercial tool directly to industry at closed-door ministry meeting

On 30th May I reported yet more delays in implementing the UK's three strikes law to combat online copyright infringement.

I reported sources telling me the first copyright infringement warning letters were now unlikely to go out until 2016.

With thanks to Glyn Moody for pointing me in the right direction, it seems the government's own civil servants agree... Well, to within 6 months.

Published 5 days later on the 4th June, minutes of a recent quarterly lobby parlour, where Ed Vaizey, the UK's minister responsible for the internet, invites copyright lobbyists and global internet giants to tell him how to do his job whilst shutting out the likes of you or I, reveal:
"DCMS expects the first letters to be sent in the latter half of 2015"
Considering the Digital Economy Act was passed in early 2010 this official assessment marks a delay of well over five years.

Sources for my original story were clear that the remaining legislation - two statutory instruments (that might possibly, now, be rolled into a single instrument) - were unlikely to go before Parliament until after the 2015 General Election.

By my own estimates it will then take around 9 months to establish the systems necessary to get the first letter out, including the crucial appeals process, hence my claim of 2016.

It seems the Department for Media, Culture and Sport (DCMS) thinks it can be done slightly faster, hence their note of optimism in their timetable of back-end of 2015.

Commercial infringement tool promoted

The same minutes note an alarming development.

A commercial system by whiteBULLTET,  whose representative was present at this meeting with minister Ed Vaizey, is being touted as a potential tool to prevent online advertisers serving ads on websites hosting copyright infringing content.

Alarming for 2 reasons.  Firstly, what transparency and oversight will there be for an automated system that could potentially ruin any online business unfairly accused of hosting infringing content by an automated system?

What redress will there be for websites unfairly tarred?  Will the government be culpable for any loss suffered by a legitimate business for allowing this solution to be presented to advertisers at a formal meeting held in a UK government ministry?

And the second reason for alarm: have rules concerning market procurement processes and commercial promotion been revoked?

Is it now acceptable for a UK government minister to allow a commercial company to promote what is effectively a compliance product directly to key industry representatives?

How was whiteBULLET chosen? Have any other commercial systems been evaluated? How many companies were invited to bid for this compliance work?

In fact it's even more alarming, given that the compliance element is to unwritten rules drafted by a bunch of lobbyists and endorsed by the chair, a government minister.



Another example of that 95-year copyright term fostering cultural innovation

Want to include a rendition of "Happy Birthday To You" in your next film or documentary?  Well, it will cost you $1,500 to license the copyright in the music and lyrics; that is, unless a lawsuit claiming the song actually dates back to 1893 rather than 1924, as held by the current licensors, succeeds.

The case itself doesn't interest me, but it highlights the stupidity of the argument that copyright fosters innovation: when companies can exploit a single work for a lifetime and then some, where's the financial incentive to come up with something new?

If, as I've argued for, copyright terms were limited to 20 years - comparable to patent protection, then producers would be forced to find something new to keep the cash rolling in.

Furthermore, the courts would be freed up from ruling on this guff whilst media lawyers and indemnity insurers skimming from the kitty meant to remunerate original artists would have to find something more productive to do with their time.

One of the symptoms of long copyright terms is that rights owners continue to market their catalogue many years after its sell-by date.

Not only that, but holders of previously successful franchises have a great deal of cash to reinvest in future marketing, keeping the likes of Superman, Batman, Iron Man, Spiderman, etc on our screens in perpetuity.

Is it any wonder that directors like Spielberg and Lucas are predicting a meltdown of the film industry - although perhaps not sharing my view that long copyright terms are to blame.

The market for creative ideas is skewed.  Owners of previously successful franchises have a loud voice, whilst contemporary innovators are often struggling for cash to support themselves, never mind push their ideas to directors and producers.

The result is the same shit, different decade; decade, after decade, after decade...


Tuesday, 11 June 2013

The morning after the weekend the Big Data bubble burst

A cynic might say worldwide intelligence services are only doing to our data what countless Big Data Corporations have done for well over a decade now.

That cynic might say government security services, even with the types of data syphons revealed in the Guardian over the last few days, generally know far less about our lives than our supermarket or bank.

But for some reason, and despite the power large corporations hold over our lives (the power to deny: deny credit, deny access to a service, or erase an online identity...), exposure of a government tap into this data has, finally, causes a shit storm big enough to seriously damage a whole industry.

My surprise is only that it has taken this long for people to realise that there are practically no legal safeguards for the data of non-US nationals held by US companies, wherever the data is physically stored.

Yes, that's right.  If you pay a US company for a service, even if the data is physically stored on servers based wholly in the EU, your data can still be sequestered by the US government.

Last weekend politicians and spy chiefs lined up to defend the actions of the NSA as invaluable in defeating terrorism.

Cut through the rhetoric and there were numerous admissions that spying on electronic communications of foreign nationals was to be expected as just something nations do.  They spy on other nations; they always have, and they always will.

Last weekend was the weekend when the world woke up to conspiracy fact.

It was the weekend that British MPs, many of whom I know to use gmail, Yahoo or Microsoft to conduct their political affairs outside parliament, realised there were no safeguards in place to prevent a foreign government spying on their private correspondence.

Note: MPs are expected to have secondary email accounts, they're essential because MPs only have access to Parliamentary email once elected - they need to get elected first!

It was the weekend that corporations, some of whom were already alerted to laptop seizures at border posts and had previously instructed employees to travel only with a "clean" laptop in order to protect industrial secrets such as pharmaceutical research being cloned on entry, realised all their data was already at risk because they purchased "secure" cloud storage and other data services from a US-based company.

Despite legislation being brought-in over a decade ago, many have only taken note when hard evidence emerged that this was actually happening.

There is in place today a mechanism for US government agencies to read nearly all our email, check our web searches, possibly what websites we visit - since each click may be sent to Google or Microsoft depending what browser features are enabled...

And there are no safeguards or limits unless you are a US citizen.

I hypothesise this revelation has burst the Big Data Bubble.

The immediate effects will be small.  Charities and NGOs lobbying on changes to US policy, politicians worldwide and companies at the cutting edge of innovation will be the first to turn their backs on a jurisdiction that offers no legal safeguards for data that can be shown to belong to a foreign entity.

A jurisdiction, remember, that spear-headed the fight against copyright infringement with extra-judicial take-downs of websites worldwide.

It's a bubble that will take a while to deflate, for there are at the moment few alternatives to many of the services run by US-based tech companies.

But the damage is done and the trend will, in all likelihood, be irreversible - at least in the short term.

Last week I asked whether people cared enough about their data to make a difference.  Today I'm under no doubt that the slow demise of Big Data, and particularly data hosted outside the EU, will snowball as viable EU-based alternatives emerge.

This time next year we may see Silicon Valley bosses scratching their heads and licking their corporate wounds; and, maybe, finally fighting the cause they should have fought a decade ago.

For only when citizens worldwide are given the same legal protection as US citizens will EU-based companies and citizens feel comfortable handing their data over.


Bootnote: The British lobby effort against enhanced EU data protection will find it much harder to garner support from the public and businesses alike - which may be a shame as the EU really messed up with the cookie law, focussing on the method rather than the overall trade and exploitation of personal data.

Friday, 7 June 2013

Does the public really care if governments spy on them? The acid test may have just begun...

Beyond what looks like irrevocable evidence that US government electronic surveillance goes way beyond what all but the most conspiratorial of conspiracy theorists have theorised is one uncomfortable question: do people care in sufficient numbers to make a difference?

Even more distasteful for me is the blanket secrecy around surveillance.  If we knew what governments actually did in our name to keep us safe we might worry less.

If there was less secrecy we might trust safeguards to actually guard our data, safely.

But the secrecy was necessary to keep us safe, claim the spies.

In fact we were told we couldn't be told if this surveillance was even going on, the names of companies compelled to hand over our data, or how often such requests were being made.

Blanket secrecy around blanket surveillance is an incredibly convenient way of ensuring surveillance practices are never scrutinised by the public.

Democracy is broken if the voters can't know what the government does in their name.

The acid test?

But now, over the next few years, we will finally get to see how the public react to a large-scale general threat to our privacy.

We will also see how market forces react to that threat.  Will citizens in Europe turn their backs on the US tech giants, sparking a new phase in the internet's evolution?

Or will they find it hard to escape the gravitational pull of the established giants? Is privacy worth the effort?

I'm prepared for either outcome.

The public might not care in sufficient numbers.

The public might actually like the increased security (perceived or actual) that such surveillance programmes bring.

A new era

The secret is out.

Once data leaves the devices under your direct control you no longer control who accesses that data.

But does such spying by governments really skew the power balance today; compared, eg, to how it is understood to have done during the reign of the Stasi, since technology has made us all more powerful?

In fact technology brings tools for privacy as well as tools for surveillance; will ready access to tools such as cryptography blunt the instruments of surveillance?

And, given the decentralisation of power with the emergence of strong and powerful corporations - something the anti-capitalists worry about - coupled with the foreign cyber-threat, are governments even the threat they once were?

Or will the new decentralised global power balance work in a twisted way to improve citizens privacy and autonomy; with corporations fighting to keep valuable commercial secrets secret, challenging governments, and challenging each other.

Realistically, can anything change, or is our future predestined?

Whilst I'm absolutely convinced that excessive secrecy is dangerous to democracy, I'm less convinced that the public will care about mass surveillance in sufficient numbers to make a difference.

Can we even expect to control data that leaves our private network?  Why should we expect to; what makes us think we can transmit bytes into the ether and expect to keep them private?

Additionally, few have any real control any more over what data leaves our local devices; things just happen automatically.

So we're left facing a stark choice: join in and put our data at risk, or stay dark and deny ourselves the benefits.

Is privacy synonymous with democracy?

Even if "privacy is dead" (it's not, by the way - we just have to adapt), does that necessarily mean that democracy is dead?

Or can we focus on the wider goal, beyond privacy, of building a data democracy, with privacy just one aspect?  

Can structures providing effective accountability, strong judicial oversight and public transparency mitigate the democratic risks?

Now that the veil of secrecy has been lifted we might all - even the spies - be surprised to learn how the public reacts in the long term.

Increased surveillance might become an accepted and necessary part of life in a modern democracy.

Granted this may seem an absurd position - especially given my previous bloggings about privacy.

It's a no-brainer, right? Democracy is threatened if the government spies on the opposition - using their secrets against them.

But might we all just adapt, relying on fewer secrets, thereby removing our vulnerability to exposure and becoming inherently stronger, rather that merely being good at exploiting others' weaknesses?

Yes, such widespread eavesdropping is worrying.  But there really is no precedent; and no simple answers.


Tuesday, 4 June 2013

We don't need less lobbyists - we need more, from a wider cross-section of interests

I started lobbying in 2010 when I realised writing blogs and forum posts, whilst useful, had limited reach.

Since then I've spoken in Parliament, had face-to-face meetings with a government minister, been invited to drinks receptions and conferences inside the Palace of Westminster, and got close enough to power to have the vested interests lined up against me - and some lined up with me - close ranks to make it clear my participation was unwelcome.

There is a stench in Westminster, but the lobbyists are only part of the problem.

Lobbyists have the power they have, in some part at least, simply because they have bothered to build a relationship with those holding office.

Parliament is not a closed place. Excluding special events like the State Opening citizens can, on most days Parliament sits, enter the Palace and lobby for themselves.

All you need do is state your reason for attending at the entry gate, join the queue, navigate security and stick to the public areas.

Whilst there's usually a queue to watch the main chambers there are numerous groups and committees which  sit in public.  Some less formal meetings offer the public a chance to ask questions or mingle with the odd Lord or MP.

It helps to plan in advance so that you can explain on entry where you're heading.

But if you want to get your voice heard above the noise you face a string of problems.  After 2 years I ran out of cash - it takes a lot of time and effort to find your way around Westminster and keep track of what's going on and where.

One of the current problems with lobbying is that the lobbyists themselves control many of the groups meeting inside parliament.  They offer "secretariat services"  which usually includes general admin like sending out invites and providing a website - which the lobby group often ultimately controls(!) - and paying for drinks receptions to ensure the attendees are, well, refreshed.

Coming from outside the lobbying clique I had to build my own network to find out what went on, when, and where.

Although many sessions are "public", space is often limited.  Sometimes an invite is needed (although never checked), and turning up ahead of time is always essential to bag space in Parliament's cramped committee rooms.

But the lobbyists offering secretariat services sit at the heart of this information web.  As event organisers they are responsible for sending out the invite lists.  They even get a say over who writes what on the Parliamentary Group's website.

It's a delicate equilibrium - MPs themselves can't hope to organise such a wide and diverse range of discussion groups - known as All Party Parliamentary Groups - themselves.

There are hundreds of them (I haven't counted, a current list is here) - and it's reassuring to me at least that such a diverse range of interests get represented in Parliament.

Lobbyists fund and help run these groups, but in return they get a degree of control and influence.  It's not unbridled power, as MPs and Lords are ultimately left holding the reins - but it's a useful influence.

However it's an imperfect system which marginalises all but the most persistent and powerful voices and encourages the creation of Parliamentary groups which, occasionally, are less than useful.  In fact one could argue some groups serve just one aim - that of the lobbyists.

But I don't argue for radical overhaul - the system on the most part seems to result in vibrant debate with reasonable access to outsiders - which is why I argue that Government and Parliament should look instead at opening up access to a wider group of interested parties rather than focussing on clipping the lobbyists' wings.

One area that badly needs overhauling is access to Government ministries.

I noticed the same faces milling round Westminster and listed on minutes of meetings - minutes which I or other activists struggled to obtain through protracted Freedom of Information requests rather than being published by default.

Whilst a small guy like me occasionally slips the net, for the most part these Westminster Faces usually represent large commercial interests.

Smaller businesses are only usually represented through umbrella groups like the Federation of Small Businesses (FSB).  But groups like the FSB have a lot of bases to cover with limited resources, so the interests of Britain's small and entrepreneurial businesses are rarely heard at the heart of Government - especially on niche issues such as internet regulation.

Ministries need to open up on two fronts: do more to listen to a wider range of voices, and be far more transparent on the meetings they do have - rather than attempt to keep contact with lobbyists under the radar.

But the really seedy side of Parliament that badly needs an overhaul is how the lobbyists themselves trade on their influence.

For example, many of the lobbyists offering secretariat services are given Parliamentary passes by a sponsor MP or Lord who usually chairs the Parliamentary group.

Such a pass to a lobbyist is gold dust - it's a badge of honour, a seal of approval.  The badge says these are the men and women (note: I met far more men than women) with access worth paying for.

These are also the people who I know to have organised banquets and dinners inside Parliament itself.

Invites go out to companies and other people the lobbyist wants to impress.

Where tickets are paid for I couldn't say who keeps any profit, but either way the lobbyist who is seen to organise a dinner inside the Palace of Westminster sits bright on the radar when a company is looking to get their voice heard in Parliament.

Again there is a balance to be struck - my first taste of Parliamentary cuisine was at an event organised by my former university.

I'm not necessarily saying that lobbyists are cash-hungry, power-crazed demons - I'm saying that their well-polished messages delivered on behalf of a narrow but wealthy section of society often reaches the ears of MPs at the expense of a louder but distributed voice from the rest of society.

Again the way to fix this is for more people to get involved to widen the debate and temper the power of the professional lobbyists.


Thursday, 30 May 2013

Sources: no Digital Economy Act copyright warning letters until 2016 at the earliest

It's been a while since I wrote anything on the Digital Economy Act.

As a quick recap, although the primary legislation to notify and punish those whose internet connection is repeatedly used to infringe copyright was rushed through the dog end of the Labour government - with Conservative support from the then shadow Culture Secretary Jeremy Hunt - progress has since stalled.

Two Statutory Instruments were expected to flesh-out how the copyright infringement warning letters will be dispatched, paid for and appealed: a so-called Initial Obligations Code and a shorter Cost Sharing Order defining how the cost of scheme will be split between copyright owners and internet service providers.

Two attempts have so-far been made to enact the shorter Cost Sharing Order, but even this relatively simple piece of legislation only got as far as the notification phase, where other EC member states are notified of draft changes to policy potentially affecting cross-border trade [refs: here, and here].

Both times the Order was quietly dropped, and nothing much has been heard since.

In response to a Tweeted question this morning I thought I'd see if my old Westminster contacts still wanted to talk to me.

Two separate sources told me not to expect the remaining secondary legislation this side of the general election.

Assuming a 2015 general election, and factoring-in time to establish the necessary body or bodies to oversee the operation of the notification and appeals systems, it will be 2016 at the very earliest - and possibly 2017 - before the first warning letters go out.

UPDATE 19-June

5 days after I posted this, DCMS released minutes [link] outlining their expectations:
"DCMS expects the first letters to be sent in the latter half of 2015"
My own sources were clear that the remaining legislation - two statutory instruments (that might possibly, now, be rolled into a single instrument) - were unlikely to go before Parliament until after the 2015 General Election.  By my own estimates it will then take around 9 months to establish the systems necessary to get the first letter out, including the crucial appeals process, hence my claim of 2016.

It seems the Department for Media, Culture and Sport (DCMS) thinks it can be done slightly faster, hence their note of optimism in their timetable of back-end of 2015.

So what's the delay?

One source described the copyright provisions in the Digital Economy Act 2010 as "un-implementable".

The legislation rushed through parliament in 2010 - at the behest of copyright lobbyists asserting prompt action was essential to the survival of the creative industries - was bad.

Since then the UK music and film industries have grown despite the gloom in the rest of the economy and 2012 saw an 11% revenue growth for legitimate downloaded media content in the UK despite progress on the Digital Economy Act stalling.

Tuesday, 28 May 2013

Do established economic models apply to data, and will they spread wealth, or is Jaron Lanier wrong?

Jaron Lanier's article on the BBC is really worth reading.  His is the first mainstream article in a while that has got me wrestling with my instincts on big data, privacy and digital democracy.

I agree with a many of his observations.

Yet I disagree with his primary thrust, that "open" has backfired and instead created a new data inequity; and, controversially:
"monetising information will bring benefits that far outweigh the inconvenience of having to adjust one's worldview."
That there is a new power "asymmetry" is undoubtedly true.  I wrote about the new data plutocrats just a fortnight ago.

But would monetisation of our data have worked any better?  

I argue not.  I believe the largely cashless and open information society emerging over the last two decades was a necessity in order to overcome intransigence and challenge the existing economic power balance; and that, had our data been monetised along the lines suggested by Lanier, we'd be far worse-off today.

Had data been monetised, the primary beneficiaries would have been those who currently control the money supply; "data" power would be controlled by those who already wield a great deal of economic power, and democracy would have suffered.

Essentially, Google and gang have emerged, warts and all, to counter the dominance of not just the more established technology companies but also the big banks, and even governments.

Not that I don't foresee severe problems ahead with the path we're now travelling, most of these problems adequately covered in his article.

But, for the time being at least, the old economy tempers Google's power just as Google threatens the old economy.

Inherent constraints of cash

Perhaps, even more importantly, monetising data might have constrained innovation because there is not [yet?] an effective mechanism for setting a price on such a rich and nuanced commodity.

What's a Tweet worth? How much should I be paid, or pay, to participate daily in Facebook? Is my social capital worth anything?.. To me?.. To you?

Such questions may prove unanswerable because the concept of money a hundred millennia old has its limitations.

It may simply prove impossible to create a market that accounts for the diversity of the information economy and its many applications: from furtherance of knowledge to private and personal sharing to providing transparency of governments.

And attempting to do so in a flawed way may derail rewarding but otherwise economically non-viable data services.

For it is possible for us to be getting monetarily poorer and richer at the same time when our lives are getting richer in other ways, even as the 'real' economy stagnates.

Data, and with it, cheap access to communication tools, undoubtedly enrich our lives, and this is both the reason data is hard to monetise and the foundation of the data bartering Larnier sneeringly dismisses as "usually associated with the developing world."

Instead of trying to shoehorn data into GDP we should be looking to an evolution of money to measure our overall wealth, and also to restore equity to contributors and remunerate "workers" - something Lanier correctly notes as absent today.

A Necessity: the Open sledgehammer

As well as overlooking the limitations of money, Jaron Lanier fails to address the positive and necessary role the Open movement played in challenging the inertia present in any stable society.

When I started my career in software in the mid 90's there were sizeable barriers to entry.

Firstly, the software tool chain was largely closed, and licencing costs were huge.  A handful of then-dominant global corporations controlled access to most platforms. (In a way that Apple does, albeit with much lower barriers to entry for developers, today.)

To get [legal] access to a software compiler and the rest of the development kit (SDK) companies had to fork out thousands.  Add to that: revision control software, a defect tracking database, operating system licenses for servers and worksations, etc, and you were talking considerable start-up costs.

It was a system that actively prevented the kind of "bedroom innovation" that has created revolutionary apps and services in the last two decades.

In fact, for a while at least, innovation throughout the sector seemed to stall as larger tech companies, in the absence of serious competition, took their foot off the gas in order to consolidate.

Some large corporations placed emphasis on pursuing licensing revenue for existing products above investing in product innovation, choosing to pursue patent and other IPR infringement at the expense of developing better software.

It really was a frustrating time - at least through the eyes of a twenty-something-year-old.

Developers were left with buggy, feature-void tools.

Smaller companies in particular hesitated to buy the latest software.

And suddenly, innovation was threatened on every front: big companies wanted to return a dividend to their investors, smaller companies were stuck doing things the hard way and tiny companies couldn't even afford to enter the market.

Around that time many in my position had been exposed to Linux and the Open Source movement at schools and universities (Slackware for me, circa 1994).

Before long I could build bigger and better software on my home-built server (primarily around Apache and Perl or related CGI scripting language) than I could using the licensed tool-set my company paid for at work.

In asserting that we may have denied ourselves something even better by turning our back on monetisation overlooks how and why we are where we are now and  fails to acknowledge necessity - the driving force for many open source projects.


Friday, 17 May 2013

Time for a new plan for corporation tax to re-level the field for local employers

What keeps me mad throughout the ongoing corporation tax bunfight is that I agree with no-one.

On one [typically right] side, there is the argument that companies such as Amazon, Vodafone, Starbucks, Google, etc, etc... should not be criticised because they're only doing what they are obliged to do: minimise their tax bill.

Fair enough, but we live in a democracy, so claiming they shouldn't be criticised or the subject of peaceful protest is a bit far fetched.  If enough people feel aggrieved  enough to protest outside a shop then in a civilised democracy there's not much we can or should do.

On the other [largely left] side there is the view that such companies are not pulling their weight and should contribute more.

Well, I don't agree wholly with this either.

Many (but not all) of the companies criticised have a UK workforce and end up paying considerable sums in employer's tax (AKA employer's National Insurance contributions) at around 13.8% of salary, plus provide employment (useful, right?) and hence generate even more tax through PAYE paid by their employees.

The trouble with corporation tax in a global economy is that it is unfair to many smaller, local firms; in that they cannot afford the set-up costs of an offshore headquarters to launder their profits through.

Competition theory largely states that governments should encourage entrepreneurship and regeneration to keep the markets competitive; a market which makes it hard for new entrants tends to get lazy, with the incumbents carrying on as before, unchallenged.

But non-global new entrants find it hard to challenge the global giants if they end up paying more tax - until they get big enough to avoid tax.  Get the idea? The market becomes skewed against the new entrants.

So one answer - and the left won't like this - is to get rid of corporation tax altogether.

But this creates a new problem.  Not all companies provide such large returns to the exchequer through employment taxes.  E.g. city fund managers may rake-in millions yet employ a handful of staff, whilst large retailers such as Marks and Spencer, Tesco, etc each employ tens of thousands of workers.

So to me the answer appears obvious.  Companies should be allowed to offset their corporation tax bill against their total employer's Class 1 National Insurance contribution.

Essentially many companies making modest profits yet already paying millions of pounds a year through employment taxes would be exempt from paying any corporation tax, yet companies who didn't employ many UK staff would be left with a largely unchanged corporation tax bill.

This would perhaps have a secondary advantage of making it more attractive to employ UK staff, as the employer's tax - widely seen as a disincentive to employment - would be offset against corporation tax.

And, importantly, it would allow smaller, growing UK firms who choose to have UK-based staff to pay corporation tax on a similar rate to the global giants.


Tuesday, 14 May 2013

The Data Plutocrats and a need for a Data Democracy

Yesterday certainly wasn't the first time someone opined the term privacy was counter-productive in relation to data.

"Privacy" is a one-sided open-ended discussion about risk with no consideration of reward.

"Privacy" is an amorphous concept easily spun by proponents of one side or the other.

Privacy: is wholesome, positive, for victims of crime themselves becoming victims of press intrusion; or, privacy gives terrorists and child abusers the space they need to hide amongst us in society.

Discussion about data privacy and related topics could, perhaps, be more constructive if framed as a discussion about balance of power.

After all, privacy primarily concerns us because of our fear that our secrets can be used against us, creating an "information asymmetry" (ht @OrwellUpgraded) that could be abused by the nefarious and amoral.

So should privacy advocates instead be arguing for a data democracy?

Taking a step back, democracy is not a goal in itself.  The end game is a comfortably stable, affluent and sustainable society; which, if one trusts in the inherent good in human nature will itself be a fair and just society.

Similarly, in data terms, we want a society where we are all "data wealthy" - ie have access to information, communications, entertainment; and benefit from the resulting advances in science, medicine, etc only possible through smart use of data.

We want relative stability - a society nimble enough to keep pace with advancing technology, yet resilient enough not to be cajoled into dangerous change.

We want a just and fair society where individuals, corporations and governments can't use our personal data, our everyday secrets, to exert undue control on anyone.

Democracy is probably the best place to start - at least in analysing and attempting to understand the problem.

Today we probably have a data plutocracy, where data power is concentrated in the hands of a few global corporations.

No-one knows for sure whether this itself is inherently dangerous.

Data power has certainly been used for good: the rapid emergence of useful services, the construction of data infrastructure on a truly massive scale, a level of free "social" services.

Data plutocrats like Google provide services like Blogger, which in turn strengthens the power of the individual to challenge traditional autocracies and, for the time being at least, discuss the issues associated with a data plutocracy.

But clearly such concentrations of data power could easily be abused; either by sticky-fingered employees dipping their hands in the data till, by governments, or by corporations themselves in search of profit.

So maybe we should be looking to promote data control structures and data economies that are inherently more democratic.

But how can we go about understanding the data power balance?

I believe we'll find, over time, that many democratic (and economic) concepts are applicable to data.

Already I see a clear left-right political spectrum, at one end "the state" or other controlling force being responsible for administering and apportioning "data fairness" if you like.  The "clean internet" brigade - a worthy cause... But, as we all know, some data animals are more equal than others.  Who governs the governors, who watches the watchmen?

And at the other end, the right-libertarians, who argue the state should not interfere, leaving the question of who will protect the "data weak"?  Who will guard the technologically incapable from losing out when real-world services increasingly rely on the internet?  Who will provide their broadband, guard their personal data, and defend their computers from hackers?

Over the last two decades the data privacy debate has entered the mainstream - that itself is a good thing, but it's now time to move on to talk about the wider issue: a data democracy.