I am not looking for any recognition, as you know these things don’t matter to me at all and I am profoundly disinterested in where this blog comes in the annual Total Politics ranking of political blogs, so I really am not asking for you to vote for me or my blog ……..

but ……..

should you be so inclined (and I repeat I really, really don’t mind one way or the other), this is what you have to do:

The rules are:
1. You must vote for your ten favourite blogs and rank them from 1 (your favourite) to 10 (your tenth favourite).
2. Your votes must be ranked from 1 to 10. Any votes which do not have rankings will not be counted.
3. You MUST include at least FIVE blogs in your list, but please list ten if you can. If you include fewer than five, your vote will not count.
4. Email your vote to toptenblogs@totalpolitics.com
5. Only vote once.
6. Only blogs based in the UK, run by UK residents or based on UK politics are eligible. No blog will be excluded from voting.
7. Anonymous votes left in the comments will not count. You must give a name.
8. All votes must be received by midnight on 31 July 2010. Any votes received after that date will not count.

So I’m not asking you to do it, but I really won’t mind if you do……

The New York Times reports that an English-language manual on “How to be a Terrorist” has been produced by the propaganda arm of Al Qaeda in the Arabian Peninsula.  The manual in magazine format includes instructions on how to “make a bomb in the kitchen of your mom,” an article on “Mujahedeen 101” and a lesson in sending and receiving encrypted messages.

Apparently, the publication which was circulating on the internet earlier this week was only three pages long.  The reason?   Some sort of virus seemed to have corrupted the remaining 64 pages.

And the New York Times speculates that this:

“could have been the work of hackers, possibly working for the United States government.”

Interesting, if true.

According to “The Voice of Russia“, Kyrgyzstan is on the verge of cyber war.  Apparently, the escalating ethnic conflict in Kyrgyzstan has already given rise to cyber attacks carried out on government and media websites.  Official information servers with .kg domain names have been broght down by DDoS attacks, so that local residents and others are denied access to official information.

The article warns that:

“The information war has not yet started in full force and effect in Kyrgyzstan, according to Russian IT-analyst Andrei Masalovich of DialogueScience Inc. He believes cyber attacks could be launched on every country which will send its troops to Kyrgyzstan to help resolve the ethnic conflict. Russia should not therefore intervene in the current situation, the businessman said.

Further aggravation of the ongoing conflict will result in a full-scale information war. Those who will bring armed forces to the republic, will be definitely exposed to massive cyber attacks.

Battles in cyberspace are an integral part of armed conflicts, like for instance, the Georgian aggression against South Ossetia in 2008. Tbilisi then unleashed another kind of war, blocking the country’s entire web segment, so that the world could not find out the truth about the origins of the conflict.”

The comments are interesting in that they put forward the argument that because of the risk of cyber-retaliation Russia should not intervene in the conflict.  This either suggests that the author has little confidence in the ability of the Russian Government to withstand cyber-attacks or that virtually any excuse will be sufficient to keep Russia out of Kyrgyzstan.

Of more general salience is the point that battles in cyberspace are becoming an integral part of more conventional armed conflict.

I wonder how prepared the UK would be?

It has been reported by Reuters that 178 people suspected of cloning credit cards have been arrested in a major international police operation initiated by Spanish police.

The scam itself was worth €20 million.  In Spain alone, where76 people were arrested, 120,000 stolen credit card numbers and 5,000 cloned cards were discovered and six cloning labs were dismantled.

Police in fourteen countries participated the two-year investigation and there were also major raids in Romania, France, Italy, Germany, Ireland and the United States, with additional arrests in Australia, Sweden, Greece, Finland and Hungary.

According to the police, the detainees are also suspected of armed robbery, blackmail, sexual exploitation and money-laundering.

Hardly the time for the Coalition Government in the UK to be cutting the money it gives to the national Police e-Crime Unit.

The Register is reporting that GCHQ has refused to authorise the use of iPhones by Ministers and civil servants for official business, although Blackberries are permitted for material up to “Restricted” level.

I wonder how long the ban will last?

My guess is that the desire of politicians and senior mandarins to have the latest technological toy to play with and the advent of the iPhone 4G will mean that subtle pressure is applied to CESG (the part of GCHQ that decides these things) to find a way of permitting the iPhone’s use.

ITV has had to apologise to its HD viewers after “a transmission problem” meant that viewers missed England’s goal against the United States on Saturday night.  Viewers saw an advert instead.

ITV has not explained what exactly happened, but I wonder whether they are going to adopt the Al Jazeera defence.

Al Jazeera, whose World Cup coverage has been repeatedly interrupted, have said their feed was hacked into and saboteurs somehow altered the feed.  Rather chillingly, reports add:

“The company said in a statement it did not know the identities of the perpetrators, but Nasser al Khalifi, its chairman, vowed yesterday to “go after whoever has caused this terrible act” and that the perpetrators would be found out “very soon”.”

Apparently, an elite jihadi forum with strong Taliban links has been warning subscribers that it has been “infiltrated”.  It is not clear who has done the infiltration nor what the nature of it is (although potentially it would enable the infiltrator to obtain details of those logging into the site and identify their location).

There has, of course, been a large amount of discussion in the United States about the importance of building not only a defensive cyber capacity but also an offensive capacity.  Usually, the offensive role is described as being available for retaliation against an individual, organisation or nation that threatens US cyber space.  However, the principle might easily be extended to others – such as the Taliban – who threaten US interests and troops.  So is this the first example of the talked-of US offensive capacity in action?

It is early days yet but I am beginning to hear that the various civil liberties lobbying organisations and activists are questioning whether the Coalition’s commitment to their agenda is quite as strong as they were led to believe before the General Election.

Even though the Coalition Government in its document “Our Programme for Government” trumpets that:

“We will be strong in defence of freedom. The Government believes that the British state has become too authoritarian, and that over the past decade it has abused and eroded fundamental human freedoms and historic civil liberties. We need to restore the rights of individuals in the face of encroaching state power, in keeping with Britain’s tradition of freedom and fairness.”

and Nick Clegg has made bizarre statements about the greatest reforms since 1832, those who are picking over the details are clearly not impressed.

For example, Ross Anderson at Cambridge University is already talking of “A very rapid betrayal“, saying:

“The coalition Government plans to keep the Summary Care Record, despite pre-election pledges by both the Conservatives and the Liberal Democrats to rip up the system – which is not compliant with the I v Finland judgement of the European Court of Human Rights.”

And Hawktalk says:

“Ah! The reality of power! For all the Opposition talk about strengthening the protection of privacy, in the first weeks of Government, the pro-privacy proposition has become more difficult to implement. The inevitable result is that gears are being put into neutral or reverse (as quietly as possible, mind you!).

So it is with the repeal of the ID Card Act and the abolition of the National Identity Register by the “Identity Documents Bill 2010-11” whose Second Reading is today. We all know that from their respective manifestos, both Lib-Con coalition partners wanted to scrap ID Cards and strengthen the penalties in the Data Protection Act. We know that the previous Government had draft legislation on the stocks which provided for custodial penalties for misuse of personal data under the Data Protection Act.

With apparent political unity about the weak data protection offences associated with the deliberate misuse of personal data, one would have thought that an stronger penalty could have been introduced quite quickly. Alas, this is not the case. The Identity Documents Bill has used a contorted definition of “personal information” in order to avoid strengthening the offences in the Data Protection Act.”

And then there is the huge anger already generated by the plans to repatriate asylum-seekers to Iraq and the deportation of children to Afghanistan.

I always thought that the Tories were cynical and opportunist in their attacks on the last Government’s record on civil liberties and human rights, but I suspect the LibDems believed their own rhetoric.  I suspect that faultline is going to get increasingly strained as the Coalition comes to grips with the realities of being in Government.

I have always taken a fairly robust view on the question of whether Gary McKinnon should be extradited to the United States, tending to take the position that the crimes of which he is accused are potentially extremely serious and that the US Courts should be given an opportunity to consider his case.

I have, of course, listened to the views expressed stridently by those who argue that Gary McKinnon’s Aspergers condition means that it would be better if he were tried in this country. 

Most people have taken a consistent position on the issue – one way or the other.

Not, however, the Deputy Prime Minister and Leader of the Liberal Democrats, Nick Clegg – as can be seen from a piece in the New Statesman:

“On 15 December 2009, a photograph was taken of Janis Sharp, the mother of Gary McKinnon, and the Liberal Democrat leader, Nick Clegg, outside the Home Office in Westminster. They were there to protest against the extradition of McKinnon, aged 44, to the US on charges of computer fraud. Eight years earlier McKinnon, an Asperger’s syndrome sufferer, had hacked repeatedly into Pentagon and Nasa networks.

“They could try him here if they wanted to, so it’s up to the government here to do the right thing,” Clegg said in an interview that day. “If Gordon Brown really had a moral compass, he would do the right thing and try Gary McKinnon here instead.”

Little more than five months later, on 25 May, Clegg, the new Deputy Prime Minister, said of the McKinnon case in a radio interview that “what I haven’t got the power to do – neither has the Home Secretary, neither has even the Prime Minister – is to completely reverse and undo certain legal aspects of this. But that, of course, you wouldn’t want politicians to do. It’s legally very complex.”

Opposition made adopting principled positions simpler. Clegg also stated that his personal view on the case remained unchanged – McKinnon should ideally be tried in a British court. But his equivocation on the law had upset Sharp and, when I visited her recently at her home in Hertfordshire, she wept as she spoke about her son.

“I think we all thought that we had waited until this, the new government; and then we’d done it. They’ve all made promises,” she said, referring to the support offered to the McKinnon campaign not only by Clegg but other senior Lib Dem MPs, as well as David Cameron.”

It seems that promises made in Opposition don’t count for much once you are in the Coalition Government.

Last week at ten hours notice I was asked to speak at a major conference on security and resilience (I’m not proud – I knew I was standing in for another speaker who had dropped out at the last moment).  One of the topics that came up was the importance of small and medium-sized businesses in the supply chains of parts of the critical national infrastructure and the fact that such businesses are often likely to be less well-protected in terms of cyber security.  The consensus view was that more needed to be done to encourage and support such businesses to adopt better security.

I raised the issue again this morning at a private briefing given by Melissa Hathaway, the former Senior Director for Cyberspace for the US National Security and Homeland Security Councils.  She agreed with my concerns on the matter, but then took my breath away by referring to a current case working its way through the US Courts (which I had not previously heard about) where a bank is suing a company for not having adequate internet security in connecting to the bank for internet banking purposes.

What seems to have happened is this:

In early November 2009, cyber thieves initiated a series of unauthorized wire transfers totaling $801,495 out of the account of Hillary Machinery, a Texas-based machine equipment company.   The bank, PlainsCapital, managed to retrieve roughly $600,000 of that money, but are now suing the company for the balance on the basis that the bank had processed the transfers in good faith.  Apparently, the fraudulent transactions were initiated using Hillary’s valid online banking credentials.

It would appear that the transfers were initiated from computers in Romania and Italy, among others, and sent to accounts in Ukraine, Russia and other Eastern European nations – allegedly using credentials stolen from the computers of Hillary Machinery.

No doubt, this case will make some businesses think twice about whether their own internet security is good enough.  It may also make them think twice about using internet banking.

However, there has to be a better way of ensuring that businesses improve their own security without the banks resorting to suing their customers.