John Naughton in today’s Observer has an interesting article on the proposed new EU data protection directive and the way in which Facebook is getting “its retaliation in first”.  The proposed “right to be forgotten” is likely to conflict with Facebook’s newish “timeline” facility.  And the retaliation?  This is how John Naughton puts it:

“The day before the commission made its announcement, Facebook’s chief operating officer, Sheryl Sandberg, gave a speech to a technology conference in Munich. Her menacing subtext was neatly summarised by the New York Times thus: “Concerned about privacy? Maybe you should be concerned about the economy instead.” Translation: mess with us, Eurotrash, and we’ll screw you.

Sandberg’s speech was revealing because it exposes the line of argument that Google, Facebook, et al will use to undermine public authorities that seek to control their freedom to exploit their users’ identities and abuse their privacy. The argument is that internet companies create lots of jobs and are good for the economy and European governments shouldn’t stand in their way.”

Apparently, to back this argument Facebook referred to a report that they had commissioned from Deloitte which concluded that Facebook had  indirectly helped create 232,000 jobs in Europe in 2011 and enabled more than $32bn in revenues.

John Naughton is sceptical pointing out that Facebook itself only has about 3,000 employees world-wide and he continues:

“Inspection of the “report” confirms one’s suspicion that you couldn’t make this stuff up. Or, rather, only an international consulting firm could make it up. Interestingly, Deloitte itself appears to be ambivalent about it. “The information contained in the report”, it cautions, “has been obtained from Facebook Inc and third party sources that are clearly referenced in the appropriate sections of the report. Deloitte has neither sought to corroborate this information nor to review its overall reasonableness. Further, any results from the analysis contained in the report are reliant on the information available at the time of writing the report and should not be relied upon in subsequent periods.” (Emphasis added.)

Accordingly, continues Deloitte, “no representation or warranty, express or implied, is given and no responsibility or liability is or will be accepted by or on behalf of Deloitte or by any of its partners, employees or agents or any other person as to the accuracy, completeness or correctness of the information contained in this document or any oral information made available and any such liability is expressly disclaimed”.”

Although Deloitte is normally regarded as a respectable organisation, these caveats plus the rather tendentious conclusions should raise alarm bells.

Or as John Naughton puts it:

“The sole purpose of “reports” such as this is to impress or intimidate politicians and regulators, many of whom still seem unaware of the extent to which international consulting firms are used by corporations to lend an aura of empirical respectability to hogwash.”

Yet reports like this with sensational conclusions seem a particular feature of commentary on the internet.

And especially so in respect of information security, last year the UK Government published figures saying UK cyber crime was costing £27 billion per year and not to be out-done Symantec suggested that the global figure was $388 billion.  The reality is that all these figures are unverifiable – and whilst I am quite clear that cyber-crime is a very serious problem for the world economy these estimates are, to use John Naughton’s word, “hogwash”.

Spurious precision – whether it is Symantec’s $388 billion or Facebook’s 232,000 jobs in Europe – should always be treated with caution.

The Government’s e-petition site has rejected an e-petition calling on the Government to improve “the flow of passengers through busy London Underground stations” by installing slides in place of escalators.  The e-petition also suggests that:

“Small prizes should be available for those reaching the bottom in the fastest time. These would be paid for out of the savings of not having to maintain and operate down escalators.”

The e-petition has been rejected because this is a matter for a devolved authority – in this case the Mayor of London – and therefore it is for the Mayor of London to consider this proposal.

The Wall Street Journal reports that:

“British intelligence picked up “talk” from terrorists planning an Internet-based attack against the U.K.’s national infrastructure, a British official said, as the government released a long-awaited report on cyber security.

Terrorists have for some time used the Internet to recruit, spread propaganda and raise funds. Now, this official said, U.K. intelligence has seen evidence that terrorists are talking about using the Internet to actually attack a country, which could include sending viruses to disrupt the country’s infrastructure, much of which is now connected online. The official spoke on condition of anonymity and didn’t say when the infrastructure threat was detected and how it was dealt with.

Terrorists, however, are still more focused on physical attacks that lead to high casualties and grab attention. “For the moment they prefer to cover the streets in blood,” he said.”

I first started raising these concerns more than seven years ago, pointing out in a debate in the House of Lords on the 9th December 2004:

“As a nation, the systems that are essential for our health and well-being rely on computer and communications networks – whether we are talking about the energy utilities, the water and food distribution networks, transportation, the emergency services, telephones, the banking and financial systems, indeed government and public services in general – and all of them are vulnerable to serious disruption by cyber-attack with potentially enormous consequences.  Indeed, the Coastguard Service was laid low by the “Sasser” worm in May this year.

The threat could come from teenage hackers with no more motivation than proving that it could be done, but even more seriously it could come from cyber-terrorists intent on bringing about the downfall of our society. “

At the time, I was assured that there was no intelligence to suggest that such a threat was significant.  The then junior Home Office Minister, Lord Steve Bassam, now no less a person (if such a thing were possible) than the Opposition Chief Whip in the Lords, said:

“there are also terrorists who would challenge and seek to undermine democratic society using any methods within their grasp. It is not complacent to say this; but perhaps it should be made plain that at the moment they do not appear to be interested in attacking us electronically.”

Of course, in the intervening seven years there has been a burgeoning realisation of an increasing number of cyber-threats and, if there is now intelligence to suggest that international terrorists are thinking in that way, I take no satisfaction from having predicted it in 2004.

What is important is that the substantial resources provided to GCHQ under the Government’s new Cyber Security Strategy, published last week, are used effectively to combat the threat. GCHQ and the other intelligence agencies are to get 59% of the £650 million that the Government has allocated to cyber security over the next three years.  It is unlikely that there will ever be much detail published as to how the resources are used, so we can only hope ….

Last Thursday, I reported the debate at the Metropolitan Police Authority about the possible wider use of Tasers in London.  There were considerable reservations about this expressed by some members of the Authority (and by some in the public gallery).

I am personally keen that there should be proper consultation and debate on the issue and I do not think the arguments are clearcut.

The use of any weapon by the police has got to be proportionate and appropriate to the risks involved.  Any weapon can cause more harm than originally intended.

However, temporarily incapacitating someone with a Taser, so that they can be restrained and arrested, is likely to be better than killing them by shooting a large hole in their chest or head with a firearm.

Nevertheless, putting a 50,000 volt charge through someone should not be done lightly – it is unlikely not to lead to adverse consequences in at least some circumstances.  But these risks need to be weighed against the risks of not using a Taser, such as the risks of harm coming to a member of the public or to a police officer by not quickly restraining someone who is running amok.

Therefore, this evening’s piece on the Inspector Gadget blog makes instructive reading.  His police force makes Tasers available to all front-line patrol teams, and he offers three recent incidents where Tasers have been deployed as part of routine patrol duties as follows:

“1. The usual call to a ‘male with a samurai sword’ running about in Ruraltown High Street threatening to kill passing members of the public, stripped to the waist (why are they always stripped to the waist?) high on something and very, very violent. TASER crew arrives within 4 minutes, draws TASER, red-dots the man and orders him to drop the sword.

In a miracle of instant recovery, all the man’s mental health and drug issues disappear and he drops the sword. A completely compliant arrest follows with no injuries to anyone.

Previously this would have required shields, large batons, a firearms unit and a long delay during which he could have killed anyone he wanted, including the first police officers on the scene.

2. A disqualified driver, known for violence against police officers, bailed out of a stolen vehicle after a pursuit. Armed with a 2 ft long iron bar in one hand and a knife in the other, he became cornered by the two policemen from the pursuing vehicle. Red-faced, drunk, very angry and screaming death threats, a stand-off ensued which without TASER would have taken hours to resolve (remember, the public don’t like it when we pile mob-handed onto one man). The TASER crew arrived within a few seconds and red-dotted him in the chest.

Another miracle occurred. Right in front of the police officers eyes, a complete change in character. Weapons dropped, hands behind the back and a compliant arrest.

3. My own patrol officers end a siege without calling for tactical response units and bringing the whole town to a halt for hours by using TASER on a male who is clearly intent on cutting his own throat, while at the same time threatening t0 stab any police officer or paramedic who approaches him. All this in the isle of a busy local supermarket.

In this case, TASER was fired at the man. He was immediately incapacitated and arrested without any injury to anyone. In the past, this could have been another Kingsbury or it could have taken hours and hours of negotiation, maybe even a fatal shooting by police.”

His accounts also accord with the experience in the Metropolitan Police, where – in more limited circumstances – Tasers have been deployed, and reported through monitoring arrangements to the – shortly to be abolished – Metropolitan Police Authority: in these cases too often the appearance of the red dot on someone’s chest (indicating the laser sights of the Taser) has been sufficient to persuade someone otherwise presenting a risk to themselves, members of the public or police officers to calm down and relinquish their weapon.

Inspector Gadget concludes in typical – but telling – style:

“Refusing to let us have TASER in case we shoot the wrong person is like refusing to let us have cars in case we run someone over, boots in case we kick someone in the head or a first aid kit in case we give the wrong treatment. On my team we take the deployment of TASER very seriously. I haven’t even heard the team joke about it.”

I see that the US Congress is to investigate Chinese equipment suppliers Huawei and ZTE to see whether they present a threat to US national security.  According to PC World, the House Intelligence Committee wants to:

“examine if Huawei’s and ZTE’s expansion into the U.S. market gives the Chinese government an opportunity to hijack the nation’s infrastructure to conduct espionage. U.S. lawmakers worry that the networking equipment sold could secretly contain Chinese military technology to spy and interfere with U.S. telecommunications.”

Huawei has many links to the Chinese Government and its security apparatus.  As Jeffrey Carr summarises the key facts as follows:

1. The company’s founder Ren Zhengfei was an engineer in the PLA prior to forming his company.
2. The company’s chairwoman Sun Yafang worked for the Ministry of State Security and while there helped arrange loans for Huawei before joining the company as an employee.
3. The government of China is Huawei’s biggest customer; specifically the State-owned telecommunications services.
4. Huawei equipment is used to intercept communications in China for state-mandated monitoring.

Nevertheless, despite this its products are already widely used in the UK’s infrastructure particularly given its role in providing key components to BT.  I have expressed concern about this before and back in 2006 Newsweek recorded the Conservative Party’s concerns, saying:

“Political conservatives in Britain expressed the same security concerns about Huawei last spring. In April, the company won a $140 million contract to build part of British Telecom’s “21st Century Network,” a major overhaul of its equipment. But when rumors began circulating that the Chinese company might then bid on Marconi, a landmark electronics and information technology firm that was being put up for sale, a Conservative Party spokesman sounded the alarm. The Tories asked the British government to consider the implications for Britain’s defense industry of a Chinese takeover of Marconi. In the end, Huawei didn’t make an offer, and the Swedish telecom giant Ericsson is in the process of buying Marconi.”

Huawei continue to try and expand their access to the UK infrastructure market – see, for example, their wooing of Mayor Boris Johnson with an offer to provide mobile phone infrastructure for the Underground in time for the London Olympics.  In August, they recruited the former Government chief information officer, John Suffolk.

Their latest move to gain respectability is to sponsor a charity Christmas concert in support of The Prince’s Trust at the Royal Festival Hall next month, to which they have invited large numbers of senior Government officials and Parliamentarians.

No doubt, Huawei will say they are much-maligned, but I do wonder whether a UK Parliamentary Committee shouldn’t be following the lead of the US House Intelligence Committee and launch an investigation into the company’s growing influence in the UK and any possible implications for security.

I’ve already asked what exactly was William Hague’s grand international conference on cyberspace for, but it is clear that my scepticism is shared by the journalists who were sent to cover it and came away disappointed or as the Daily Telegraph put it:

“So what did we learn over the course of the two-day meeting? Well, in short, almost nothing. ….

As the show limped to its finale on Wednesday, many of Mr Hague’s conclusions could have been written at any point in the last six months.

“All delegates agreed that the immediate next steps must be to take practical measures to develop shared understanding and agree common approaches and confidence-building measures,” the Foreign Secretary declared. Well, quite.”

In August, David Cameron wanted to block Twitter, Facebook and Blackberry Messenger.

Today, William Hague said:

“Some governments block online services and content, imposing restrictive regulation, or incorporate surveillance tools into their internet infrastructure so that they can identify activists and critics. Such actions either directly restrict freedom of expression or aim to deter political debate.”

And just in case the Prime Minister had missed the point went on:

““Human rights are universal, and apply online as much as they do offline… Everyone has the right to free and uncensored access to the internet.  … We saw in Tunisia, Egypt and Libya that cutting off the internet, blocking Facebook, jamming Al Jazeera, intimidating journalists and imprisoning bloggers does not create stability or make grievances go away.”

Oh dear …..

In July the Foreign Secretary announced that the UK would be hosting an international conference on cyberspace.  The purpose was to bring together governments, international organisations, NGOs and businesses from around the world to “address the challenges presented by the networked world including cyber crime that threatens individuals, companies, and governments.”  William Hague said that it was “vital that cyberspace remains a safe and trusted environment in which to operate. This can only be done effectively through international cooperation, engaging both the public and private sectors. Together I hope that we can begin to build the broadest possible international consensus.”

In case you missed it this major attempt to build international consensus is taking place tomorrow and Wednesday – indeed the process of international bonding began over drinks and nibbles at the Science Museum earlier this evening.

However, looking at the programme, it is not clear what the programme offers that is going to be different from numerous similar gatherings over the last few years.  Nor is it apparent where the “broadest possible international consensus” is going to be hammered out.

But we are assured that it is going to look good …..

But this picture really does deserve a caption competition:

Printable suggestions only please.

What would the people in your office do if a couple of people looking the part turned up at your office door saying that they were there to do a fire inspection?  Or said they were more or less any other branch of officialdom flashing ID and saying they needed to do an inspection?

Here is a salutory warning:

“Let’s say I am posing as a fire inspector. The first thing I will have besides my badge and uniform is a walkie-talkie, like all firemen. Outside, we’ll have our car guy. The guy that sits in the car, and basically his job in the beginning is to send chatter through to our walkie-talkies. We will have a recording of all that chatter you’ll hear on walkie-talkies. He sits in the car and plays it and sends it through to our walkie-talkies.

We walk into the facility and make sure that all the chatter is coming loudly into to the walkie-talkies as soon as we walk in their door so that we are immediately the center of attention. When I walk in, I want everyone to know that I mean business. My walkie-talkie is loud and everyone looks over as I apologize and turn it down.

I show the person at the front desk my badge. They’ll say “Hi, how’s it going?” I’ll say “Good, I’m here to do a fire inspection.” They say “Great” and assign someone to us, like a teller. It’s generally someone who’s nice. I’ll start talking with them, flirting with them, or whatever it takes. We’ll start walking around.

While I’m talking with the person who has been assigned to us, my partner knows his job is to immediately wander away from us. So, my partner will immediately walk off. In most cases our escort will say “Can you come back here? I need to keep you guys together.” We say “Sure, sorry.” But really that means nothing to us. All it means is that we keep doing it until she gives up. My partner will wander off two or three times more times and get warned until she finally stops and gives up. She just thinks he’s a fireman and thinks “Let’s just let him do what he needs to do.”

At that point, my partner’s job is to start stealing everything he can steal and start putting it in his bag. And he also has to get under the desks of any employee he can find and start installing these little keyboard loggers. I stay with the person who is escorting me and my whole job now is keeping them entertained. I keep walking around rooms, giving them advice on keeping their facility fire safe, even though I really have no idea what I’m talking about. I make stuff up and probably give the worst advice ever. I’ll pull out cords and say “This looks a little bit dangerous.” I’ll comment on space heaters. I’m completely winging it.”

You can see how it might happen.  Read on here …..

I have just come across this YouTube clip of my report back to the Parliament and Internet Conference last week of the session I chaired on the opportunities presented to the creative industries by the internet.