December 2008 Archives

Protecting personal data needs special attention.

Just when is this message going to get through to everyone in charge of personal data in the UK?

Despite the series of high profile personal data losses by government and third part contractors it uses, people in charge of personal data apparently still do not take the task seriously.

Every week, it seems, there is yet another incident. This week it has come to light that 12,000 barristers and trial witnesses have been exposed to risk of data theft.

Disks containing their personal details were taken in a burglary at the Bar Council offices is Holborn, London, according to the Metro newspaper.

The Bar Council claims the disks were encrypted, and I suppose they do get some points for that if it is true, but why were the disks accessible to thieves in the first place?

If a company is going to store 12,000 records on easily portable media like four backup disks and a laptop computer, why not keep them under lock and key?

One also has to ask what backup disks were doing in the office? What is the point of having backup disks in the same place as the primary storage disks? 

Not much use in the case of a flood, fire, or burglary...

It's time for business to take a fresh look at Virtual Worlds. It's time for business to stop being scared, and to recognise the cost benefit, and dramatic savings that can be attained throigh using the Metaverse rather than traditional web conferencing tools.

Read Write Web - a blog that I think has always talked a fair amount of sense, comments on a forthcoming report from Forterra.

Now I may be biased, being not only a user of Virtual Worlds, but I am also a big fan of collaboration and the social media aspects of the Metaverse (after all I am the Community Editor here at ComputerWeekly.com - it's sorta my job!).

I can see how the costs of web conferencing can be stupidly high, and for more than 3 or 4 people this would be prohibitive, but in a virtual world, you don't have high speed video costs, you have a virtual space.

As a Machinimatographer I am currently working on a series of films for a friend who is using a virtual space and a virtual build in lieu of the traditional architectural scale mock up of a new build he is working on. The new build is to scale in the virtual world he is using so potential buyers can walk around their prospective purchase to get a feel for the layout etc.

Virtual Worlds are not about orcs and elves and strange deviations - at least no more than they were a few years ago ... but the same can be said to be true on the rest of the web.

IBMis working very seriously with interoperability between grids, and they generally don't throw good money away!

Investigate the possibilities, the time of the virtual world is here, or is it?

An irate reader phoned me this morning with a tale of woe about his anti virus software. Ian Margetts; was unlucky enough to be hit by a nasty piece of malware which flashed up a warning sign on his computer. He phoned his anti-virus supplier for advice. "I contacted my anti-virus supplier. they were completely unhelpful. Some guy emailed me back, saying you have contacted the wrong group of people. Here are two email links. They did not work." Then his machine failed. Mr Margetts is less than impressed. Given the amount he pays each year for his anti-virus software, he believes he is entitled to better service. "When you are on a limited timescale you need help straight away."

Sorry about the toilet humour at Christmas but I cannot resists passing on the details of a clever PR mind trick. These are used to get journalists to open emails.

This one worked on that front, but an unecessary apology email made it irresistible.

Downtime received a press release this week that told me that a company was more about solids than warm air when it comes to its green strategy.

A PR was so keen to do something different to get a press released noticed she sunk to the depths. In theory describing her client's green strategy as being more about poo than farts was a good idea. It got our attention

She followed through, oh I mean followed up with an apology, which was not required, which was digging the hole even deeper and quite literally putting her further up that well known creak without a paddle.

The follow up email:

"Hello all

I apologise for my previous email, it was a bit vulgar and I think I was just carried away with festive joviality! I would like to stress that the 'all fart and no poo' comment has nothing to do with **client** and should certainly in no way be attributed to them - it was just me trying to add an interesting (however misguided my humour may be) subject for my email to get people's attention and is not intended to be printed. I'll probably be sacked if it is printed!

In hindsight, maybe it wasn't the greatest idea in the world! Hope I haven't offended anyone."

 

We hope this person is not sacked but congratulated on a new angle to a s**t story.

 

Ian Grant writes:

 

So someone sent Wikileaks a copy of the non-disclosure agreement that the Home Office wants suppliers of the national ID card project to sign. What twisted Phil Booth's knickers, as boss of anti-ID card activist organisation No2ID, was a clause that Home Secretary Jacqui Smith could send in the cops, apparently without a warrant, to any premises, computer etc used by contractors and subcontracts on the project, to make sure her data was secure. Well, it certainly seems a responsible move on Jacqui's part.

One hopes that giving the cops the powers of the Spanish Inquisition to arrive unexpectedly would concentrate their minds. If they don't like it, they needn't pitch for the business. Phil would get more sympathy from this quarter if he campaigned for everyone to have access to the data that the ID number will be the key to. I'd like to be able to know which brand of tea Jacqui buys from Waitrose, just in case I wanted to invite her over for a chat about privacy. Who wouldn't?

Self-confessed British hacker Gary McKinnon, I am pleased to see, has won another chance to appeal against extradition to the US for trial and a possible imprisonment for breaking into US military computers.

According to the Free Gary blog, McKinnon's lawyers have succeeded, "despite fierce opposition from the UK Government" in getting a court date for a judicial review of the decision to extradite Gary to the US on 20 January.

McKinnon's lawyers filed the request in October after the Home Office rejected an appeal for the extradition to be set aside on health grounds because he has Asperger's Syndrome.

Although McKinnon has admitted that he gained illegal entry to US military computers between 1999 and 2003, he has denied the alleged extent of his incursions or that he caused damage.

He claims he was just looking for evidence of UFOs, and who would not given the time, know-how and opportunity? Please post a comment and let us know what you think.

McKinnon has won strong support in opposing extradition. His MP, David Burrowes, has called on Prime Minister Gordon Brown to intervene to ensure the hacker is not jailed in the US.

Burrowes is leading a campaign by several politicians to halt McKinnon's extradition unless the US allows him to serve any sentence in Britain.

David Blunkett, former home secretary, is among supporters who have called for McKinnon to be repatriated immediately because the hacker has Asperger's syndrome.

This week Burrowes asked during Prime Ministers' questions if the PM will ensure UK citizens such as McKinnon are not routinely extradited.

Brown responded by saying the UK and the US are signatories to the Council of Europe convention on the transfer of sentenced persons, which enables a person found guilty in the US to serve their sentence in the UK.

Burrowes said, "I am pleased that the possibility of repatriation has been acknowledged by the Prime Minister and I will continue to press for this to become a reality."

According to the Free Gary blog, a letter to president-elect Barack Obama will be handed in to the US embassy in London on 5 December.

Under utilised technology and security risking my security

I am amazed sometimes at how major corporations are under utilising their IT systems. Banks have been telling me how they are trying to create what is known as a single view of customers. This is where they know who the customer is when the contact them regardless of which product or service they are using.

For example this comes in very useful if a customer applies for a loan or a mortgage for example. At the push of a button the bank knows all this customers details and how much they can afford. Automatic verification and risk assessment.

Well you would think so.

I had to change my address with Barclays when I moved house recently. I lost my passport a couple of weeks before and was told by the bank that in order to change my address I would have to write a letter and sign it for verification.

I wrote the letter. In the meantime a statement was sent to my old address (containing lots of personal details). A week or so later I received a reply saying they could not verify my signature (they have one from my university days years ago). Please fill in a form, asking for personal details, and write and sign ANOTHER letter.

So I call customer services and explain to them that I actually have a mortgage with (Barclays/Woolwich) at my new address. This is what is known as a mortgage current account where my mortgage details appear alongside my current account details on my online banking.

Why can't the bank just transfer my new address to my other bank details? It knows I am the same person.

Guess what? "The system will not let us. The only way to do it is......."

Funny that, only in February Barclays told me it was weeks away from completing a two-year IT project to link legacy systems to frontline applications using Java-based web services.

The goal of this is to make all customer data available from one place.

The project also cuts the cost of processing customer applications, reduces the risks associated with selling additional financial products to existing customers.

Traditionally, customer information in different businesses (Woolwich per chance) units was kept separate (and isn't now?). For example, the credit card business was not integrated with the retail business, and the mortgage, insurance and brokerage businesses used separate systems."