Friday, 26 June 2009

How fragile is our society?

The UK's Institute of Civil Engineers (ICE) recently published State of the Nation: Defending Critical Infrastructure. Having seen the press reports I eventually got around to looking at the original. Entertainingly, its publication nearly coincided with the Government's decision to announce (or admit) that it was steeping up its strategy to defend against (or initiate?) cyber-attacks.

It turns out that the BBC's report is a fair summary of the ICE original. The thing that strikes me is that we have 'sleep walked' into a position where so many things are fragile. Here are a few examples:
  • Many homes only have a central heating system that relies on both gas and electricity to work. Remove either in a cold snap and how many will freeze?
  • New supermarkets have almost no storage space. One missed delivery and the shelves will empty.
  • People purchase enough food for a couple of days. They have little or no staples in store - and probably couldn't cook them if they did.
  • The interlinking of support contracts between communications providers which means that two simultaneous failures could be difficult to manage. For example, Virgin Media has outsourced its voice network management contract to BT - while, I understand, offering BT backup circuits for voice communication.
  • Striving for 'efficiency' often means cutting back to the bone - shown in how stretched the NHS is each winter.
Those who work with complex systems will tell you that real failures usually involve many things going wrong at the same time - hence the "Swiss Cheese" safety model. There is one crucial layer missing in the current security systems - security at home.

Interestingly, there are things that the individual can do to reduce the problem - both for themselves and for their neighbours. The first rule is "do not add to the problem". This means that if there is panic buying at the supermarket, you don't want to be there.

Here are some practical suggestions:
  1. Do not rely on any particular service or supply. Do not get rid of that gas fire, or block up that chimney.
  2. Keep a stock of food that will mean that you won't starve if you can't get to the supermarket for a week. If you don't have a cold water tank, include some cheap bottled water - if you do, keep some empty PET bottles to fill up.
  3. Make sure that you have something to cook on (and fuel for it) - if you go camping, you probably have this already.
  4. Be prepared to check on your neighbours, and help them if the need arises.
If we decided to build a truly resilient society, it would be based on distribution of resources and systems. Homes would be responsible for not only reducing their consumption when there were shortages, but in storage when there were surpluses. This can be applied to food, water or energy. Unfortunately, the government is too focused on the short term to find such sensible solutions attractive.

Monday, 22 June 2009

Our leaders have learnt - nothing?

The public are clearly disgusted at the behaviour of our political leaders and the bankers. So how have they changed?

  • Fred Goodwin has 'handed back' about 1/4 of his pension pot - leaving him with a mere £12M - so he still gets a pension of £342,000 a year, on top of the tax-free £2.8m he took out of the fund in February.
  • Royal Bank of Scotland is planning a pay package worth up to £9.6m for Stephen Hester, its new chief executive.
The Speaker
  • There is, apparently, pressure from the Whips to get Margaret Beckett elected as Speaker. Change? What change.
  • The political class are trumpeting the 'openness' of the secret ballot for a new Speaker, ignoring the fact that this was only introduced to prevent the Whips from being able to monitor how MPs voted.
The Police
  • The police are still getting stressed about people taking photgraphs of their vehicles parked in disabled bays, in spite of the official statements, including the letter I received from Vernon Coaker.
  • More revelations are coming out about police behaviour at Climate Camp last year, including two people being held for 4 days because they demanded to know who the were dealing with.
Quangos and incompetence

It is difficult to know where to start:
  • LSC
  • PFI
Any answers?

Well, the Modern Liberty movement is proposing "Real Change: open politics" - it is worth a read, and may be our best hope.

Saturday, 20 June 2009

Secure communication over Twitter and

Proposal - Securing communications through microblogging

It is possible for microbloggers to publish their public keys as a link from their profile. This might be indicated by preceding the URL with a code, such as a double $ dollar sign. Add an agreed symbol, $ for example, at the beginning of the message to indicate that it has been signed by being encrypted with the matching private key.

Similarly, a message encrypted with another's public key could be preceded by $username. A message starting with:

$username $encrypted text

though as will be clear in due course this might not always be desired.

As the message string is short, it should be encrypted directly to as to not lengthen it. As a result, if PGP type encryption were to be used, the message should be treated as the session key, not the body text. Given the sixe of microblogs this should not be onerous.

Message signing

  • creates a micro blogging account
  • publishes a link to her public key in her profile
  • posts a message encrypted with her private key, preceded by the $$ code.
  • anyone can read the message, by using Alice's public key
  • only someone knowing Alice's private key could have sent it
Secure Messaging

Alice and Bob:
  • create a micro blogging account each
  • publish a link to their public key in their profiles

  • posts a message encrypted with her private key, and Bob's public key preceded by the sequence $$bob $$.
  • anyone can see that Alice has sent Bob a message
  • only someone knowing Bob's private key can decode the message
  • only someone knowing Alice's private key could have sent the message
Anonymous Addressing

Alice and Bob:
  • create a micro blogging account each
  • publish a link to their public key in their profiles
  • creates a string encrypted with her private key and precedes it with the sequence $$bob.
  • This concatenated string is then encoded with Bob's public key and posted as a message, preceded by $$$.
  • anyone who uses secure communication with Alice attempts to decode the message using their private key
  • Bob alone will find an encrypted message starting with $$bob, which Bob can then decode
  • no-one can see that Alice has sent Bob a message
  • only someone knowing Bob's private key can know that the message was for him and decode the message
  • only someone knowing Alice's private key could have sent the message

Friday, 19 June 2009

Twitter and - secure communication?

Just tell me how to communicate securely over Twitter.

or read the blog entry...

There have been many attempts to monitor communications over the Internet. Governments seem intent on listening to us at any opportunity. The use of Twitter as a robust communication channel during the Iranian post-election protests must be sending a shiver down the spines of many a national leader.

One interesting thing is that, at the moment, these channels are used to communicate in plain text. There have been several discussions of using them securely - but none seem to have taken this to its logical conclusion. I believe it is possible to construct a straightforward method of communicating securely and relatively anonymously over the existing micro-blogging services, and have published an outline of how to do this.

Please note, I've moved the outline to this blog to allow comments.

Other interesting articles on this topic include:
* Proof-of-concept hack for encrypted direct messages on Twitter
* DSNP: Distributed Social Networking Protocol

Once again our leaders seem to have no understanding of the possibilities of the technology.

Monday, 15 June 2009

Iraq - Here comes the cover-up

Freedom of Information - Open Government - The End of Spin

Clearly all of these are just slogans, and not taken to heart in our executive. Today Gordon Brown has announced that the Iraq War inquiry will be held in private. Brown is clearly scared of what will be said. He cannot stand the scrutiny of the public. This is the action of a corrupt and morally bankrupt leader.

So, what will the outcomes of this inquiry be? Well look at the cv of Sir John Chilcot...
  • Member of the Butler Inquiry into Weapons of Mass Destruction.
  • Staff Counsellor to the National Criminal Intelligence Service since 2002.
  • Chairman since 2001, of the Police Federation, the leading research foundation on policing in the UK.
  • Member, the National Archives Council (formerly the Lord Chancellor’s Advisory Council on the Public Records) since 1999.
  • Trustee, the Police Rehabilitation Trust since 2002.
  • Director, Abraxa Ltd and NBW Ltd.

So we can expect another cover-up.

Sunday, 14 June 2009

Flu pandemics and forest fires

Just a thought...

Stopping small forest fires has been found to be a mistake. Not only does it mean that eventually there will be a really big forest fire, but also the small fires are crucial to the ecology of the wood.

Stopping small outbreaks of new viruses...

Saturday, 13 June 2009

Home education under inspection

OK - the "logic" of the Badman Report on Home Education goes like this...
There is no evidence that home educated children are more likely to be abused than the general population.


There is a risk that home educated children could be being abused, so local authority officers should have the right to demand access to the family home and inspect evidence of the education they are to receive over the next 12 months.
I wonder if this is not another example of 'nominative determinism' - that 'Badman' sees bad men everywhere...

There is, however, a very serious issue here. Independent schools are not required to register their pupils with the state, they are normally inspected by non-government organisations. Families who, for a variety of reasons, decide to educate their children themselves are identified as a suspicious and in need of state inspection.

The state seems to want to know more and more about us. Invade more of our lives, open them up for inspection and scrutiny.

Why does our government want to do this?

I think it is because our leaders and their representatives think that the public are a untrustworthy - probably unwashed and stupid. They view themselves as enlightened.

Somehow I think that the evidence demonstrates the reverse - I have much more trust in my neighbour than my MP.

Tuesday, 9 June 2009

Science Fiction policing - again!

The BBC has reported today that the police are looking at a portable microwave scanner to help police identify individuals carrying concealed guns and knives. This will of course sit alongside the much reported, but impossible, universal computer decoder. I enjoyed the satire on this subject on "notnews".

I encountered a police demonstration of a 'knife arch" at my local shopping centre. I walked through it and it failed to detect my Leatherman. This is a large lump of steel - at least as big as butterfly knife. So if their arches don't work, what are the chances of a remote scanner working?

How stupid are these people?

Do they think that given the new mass communication media they can run another scam like the "TV Detector Van" one? We do not need a highly interventionist, arrogant police force - we need a civil policeman on the streets. We should be proud of the fact that we have a largely unarmed police force, and build policy around that approach.

The IPCC report on the death of Ian Tomlinson will come out soon, and is likely to be either a whitewash or a damning indictment of the police. Either way is not good.

To get out of this mess, then a new contract between the state and the public is needed. There is an increasing demand for a sensible constitutional settlement which establishes our liberties. This demand will get louder over the next few months. The British are, in general, a peaceable lot, but they have their limits. Inaction risks pushing them over the brink and then this call for change will inevitably overflow.

Monday, 8 June 2009

Make your own No ifs No buts poster

You can now produce your own version of this poster.

Saturday, 6 June 2009

Vernon Coaker says I can take pictures of the police

Following the killing of Ian Tomlinson at the G20 demonstrations, I wrote to my MP about the behaviour of the police. My letter included the suggestion that taking photographs of them was more important than ever.

Eventually I got a reply from her, which included a long letter from Vernon Coaker, Minister of State at the Home Office. I have uploaded the complete letter, but here are the relevant portions:
With regards to Mr Rothwell's concerns relating to photographing police officers, there is a misconception regarding the new section 58A of the Terrorism Act 2000.
I would like to confirm that a person carrying on legitimate journalistic activity (including taking and publishing photographs of a police officer in the context of responsible journalism) would not be caught by this offence.
Now I would argue that blogging is legitimate journalism, so I can take pictures of the police. I carry this letter with me - please feel free to download it and use it, or pester your MP for your own copy.

Friday, 5 June 2009

Police looking at 'Future Crimes'

It would seem that the police in Camden are arresting young people to get their DNA on to the database. It is difficult to pin down the origin of this story, but The Mail has a comprehensive report. The data comes from a well placed Freedom of Information request.

Once again it would seem that the authorities are basing their actions on Science Fiction plots... Is this one the Minority Report? At to this that the police are thinking about doing DNA swabs for speeding offences and littering, and you can see where this is going.

This has got to be stopped!

Wednesday, 3 June 2009

Expenses Fraud Poster

It was pointed out to me that the government seemed to have backed down on the benefits fraud campaign, so I thought we might be able to reuse all the work that had been put into the posters... Please feel free to improve on my efforts.
Update: I've put up a 'design your own poster' php script.