UK ID card fuss is only temporary

Keynote RSA Conference 2008
Keynote RSA Conference 2008

That was the warning from security guru and BT chief security office Bruce Schneier who said that in five years or so, people won’t have to worry about ID cards anymore.

Not because libertarians will triumph and prevent the technology from being developed, but because ID checks will happen in the background without us even realising.

“I know there are debates on ID cards everywhere but in a lot of ways,they are only very temporary. They are only a temporary solution till biometrics takes over,” he said, speaking at the RSA Conference Europe on Tuesday.

“When you walk into the airport they will know who you are. You won’t have to show an ID – why bother? They can process you quicker,” he said.

I am not quite convinced about Schneier’s time-frame as look at how long its taken to get a plastic card with a photo on it approved so how long are we really looking at for sophisticated biometrics technology and the databases in the background to make it all work.

Still while biometrics for high-level uses in airports and law-enforcement might be a longer way off – more low-level uses by commercial organisations might be rolled out a lot sooner.

Even tech-savvy telcos can’t look after data

As if being crunched by credit wasn’t bad enough, some banks,and other firms, are facing more shame on Weds following the publication of a report from the information commissioner Richard Thomas.

We are used to seeing public sector organisations being lambasted for losing vital data – such as the HMRC incident last November – but this week Thomas is gunning for private companies claiming that around one quarter of the 277 breaches reported to his organisation in the last year concerned businesses.

More worrying is the fact that Thomas is set to get additional powers to fine companies over data breach issues.

Aside from banks, supposedly tech-savvy organisations such as telcos are also failing to keep control of their data according to Thomas. Over the past 18 months, four telecoms companies including Virgin Media, Orange have been warned over data management issues.

Thomas is set to speak this afternoon at the RSA Europe IT security show in Docklands this afternoon, and judging by the results of this report, he shouldn’t be short on stuff to say.

Safecode initiative fails to attract open source players

Industry group Safecode hasn’t managed to encourage any open source players to join in its mission to improve the inherent security of software despite being around for nearly a year.

Speaking at the RSA Security Conference Europe, in London, the organisation’s executive director Paul Kurtz admitted that although the foundation of the organisation was announced at last year’s show, the group hasn’t managed to add any open source players to its ranks so far.

For more go to Heise UK.

US Homeland Security spat comes to London

What are the chances. You get away from Washington for a few days and escape the criticism that your division of Homeland Security has been getting for not doing its job, only to find that one of your main critics is at the same event that you are at in London.

Well that it is the slightly unfortunate position that DHS Undersecretary Robert Jamison has found himself in at the RSA Conference Europe in London this week. Members of an cybersecurity oversight commission have been very publicly criticising the role of the DHS in managing the country’s cyber defences including claims that there is basically no leadership around the issue.

As head of the cybersecurity division at DHS, Jamison is probably going to take that personally, well he can’t fail to really when confronted by statements such as: “There really is no one in charge right now at DHS”.

And who made that very direct criticism? None other than cyber commission member Paul Kurtz, who just happens to be at RSA too. Kurtz is here pushing his own iniative to promote secure approaches to software development – Safecode – launched at last year’s show. I am not sure if the two security gurus have bumped into each other, but I am guessing that right now even the cavernous halls at Excel don’t feel big enough.

Having chatted to Jamison, it seems that the commission hasn’t been very good at actually getting in touch with his department. The commissions main mission is to prepare a report for the next administration around cyberthreats/security policy – but according to a Jamison’s office, the commission has made very little attempt to get in touch with the body that has been doing the job for the last few years.

I will try and get in touch with Kurtz and find out his side of things and report back…

For more go to CNET.

RSA: Downturn will stifle IT innovation


Keynote RSA Europe 2008
Keynote RSA Europe 2008


Increased regulation triggered by the crisis in the banking sector could encourage governments to introduce more regulations that could divert IT resources away from innovation, according to RSA boss Art Coviello. Speaking at the first day of the RSA Security Conference Europe in London, Coviello told the audience of IT professionals that IT innovation was key to lifting struggling economies out of the current financial downturn. But that process could be derailed by an increased legislative burden combined with fear over costly IT mistakes in tough economic conditions.

For more go to Heise UK.

Industry expects e-crime unit to ‘knock on doors’

I just completed this analysis piece for ZDNet UK around the new Police Central E-crime Unit (PCEU). Thanks to Geoff Donson from Telecity Group for the background and quotes and for the cooperation of Janet Williams from ACPO for answering some tricky questions:

The rise of e-crime is no longer news. But could UK law-enforcement agencies have done more to prevent internet and IT-related crime reaching a value of £6bn per year, the latest figure reported by the Department for Business, Enterprise & Regulatory Reform?

The announcement last month of theformation of the new Police Central e-Crime Unit (PCeU) will be seen by some as an admission that the April 2006 decision to roll the former National Hi-Tech Crime Unit (NHTCU) into the more strategic Serious Organised Crime Agency (Soca) was a mistake.

The amalgamation was viewed by some as a distraction from the job at hand, just as computer-related crime was becoming more sophisticated and prevalent.

“We had a splendid, long relationship with the NHTCU, but that doesn’t appear to be re-emerging in Soca,” David Roberts, chief executive of industry body the Corporate IT Forum, told last year. “A lot of the difficulty with Soca is the period of silence [since its formation], which is such a stark contrast to the NHTCU, who were really visible and proactive.”

Asked whether the creation of the PCeU is an acknowledgement that the government got it wrong when it absorbed the NHTCU into Soca, Janet Williams, Metropolitan Police deputy assistant commissioner for the Specialist Crime Directorate, who is heading up the development of the new unit, said that, ultimately, it is not a question she can answer.

“That is a political question and I don’t do those,” she said. “I think police officers should just get on with it.”


Levels of IT crime on the up in the downturn?

This interview I did with the chief executive of RSA Security Art Coviello has just been posted on SC Magazine:

SC was granted an exclusive interview with Art Coviello, RSA president and executive vice president of EMC. He spoke to Andrew Donoghue on whether organisations should be compelled to disclose data breaches and whether he expects to see general levels of IT related crime increase during the tough economic times ahead.

 You are a bigger supporter of the idea of data breach notification regulations but some people – such as Microsoft UK’s chief security advisor and former FBI agent Ed Gibson – have questioned whether they are really a good idea?

 Consumers have every right to know that there personally identifiable information has been compromised. If that personally identifiable information has been breached, you need to go public and explain that. Data breach regulations engender the following kinds of behaviour: ‘Wow, I could be embarrassed if this happens. Wow, I could be subject to subject to liabilities if this happens. Wow, I could suffer significant loss of reputation if this happens. Therefore I need to take appropriate action to make sure this doesn’t happen in the first place’. There is no technology that has been purchased just an awareness on the part of the company that they need to do something, they need to do the right thing. 

You can find the full interview here

Braving 8 hours of wind and rain to see a…wind turbine

Just got back from a slightly surreal trip to Germany yesterday to see wind turbine facility run by GE. The factory was basically in a small town called Salzbergen quite close to the Dutch border but getting their from the UK at a reasonable hour meant flying all the way to Hannover and then pegging it down an autobahn at 100mph in the wind and rain – for almost two hours to get to the site in time. 

Along for the ride was Tim Probert, deputy editor of Power Engineering International, who like me found the whole experience slightly unreal – 8 hours of traveling for what turned into a two hour meeting and factory tour.

I did get some useful stuff from it which I am writing up for BusinessGreen but the fact that we didn’t even get lunch for our 8 hour schlepp – just some German cakes and coffee – added insult to injury. However we did get our wind turbine – albeit a little desk mounted one with no practical purpose apart from too look nice. 

On the plus side, we did get to see just how much Germany has fell in love with the turbine – there were stacks of the things all up and down the road from Hannover to Salzbergen which I managed to get some OK shots of – despite the wind, the rain and the 100mph we were doing.

BusinesGreen: GE warns of turbulence ahead for turbine production

US engineering giant General Electric (GE) yesterday warned that rising steel prices and turmoil on the financial markets will have a negative impact on its fast expanding wind turbine business.

Speaking at an event in Germany to publicise its latest turbine, GE Energy’s global sales leader for wind energy, Mete Maltepe, said that the rising cost of steel would drive up the price of turbines.

“There is a lot of steel in our turbines, so the cost of steel going up makes turbines more expensive,” he said. “It is a major issue for the industry,”

The price of steel has risen by about 30 per cent this year, driven largely by increased demand for raw materials from developing countries such as China. In 2007, the Chinese economy accounted for 37 per cent of global steel consumption, according to a report from financial services group Atradius.

But despite the negative impact that steel pricing could have on its turbine business, GE’s Maltepe added that at least the wind industry was not greatly affected by the rising cost of other commodities such as fuel. “We have a world where all commodities are going up including fuel,” he said. “Wind at least has free fuel and we don’t get affected twice.”

Maltepe made the comments at GE’s centre for renewables in Salzbergen, Germany, close to the Dutch border, where GE unveiled its latest turbine, the GE Energy 2.5xl, which it claims has been developed specifically for the European market.

More on BusinessGreen

mySociety: Open democracy, open source

Just finished this piece for Heise UK on mySociety the organisation behind site’s such as Theyworkforyou which provides tools for tracking what your MP is up to:

A group of free and open source enthusiasts are challenging the UK government to use the internet to its full potential

About a quarter of one percent. That’s the extent to which Tom Steinberg, director and co-founder of thinks the UK government has managed to embrace the potential of the Internet to re-shape democracy as we currently understand it.

For the full article go to Heise UK

Computer Aid media training

Thanks goes out to Tony Roberts from Computer Aid for asking me in to impart whatever tidbits I might have gleaned over the last ten years on dealing with journalists.

Computer Aid had seven of their Africa team over from Nairobi for a week of training – and they asked me into play the good cop with some media training and bad cop with some tough mock interviews.

We went over issues such as how to talk to journalists (answer – very slowly), different types of media, tricks and tactics that journalists use and how to defend against them, as well as how to put together an effective press release, and quite a lot on interview technique including how to talk in quotes.

As is usual with this type of thing, I am sure that I learnt a lot more from them than they did from me, especially when it comes to how some African journalists operate. I could only really give them my take on journalist/spokesperson relations in the UK. But I wasn’t really prepared for some of the horror stories they had to impart about how things operate in Africa including one story of a journalist asking for an contributed article which he not only printed verbatim – but put his own name on.

The other issue the spokespeople run into is journalists asking for money for stories. That isn’t magazines asking for money to print stories – although that does happen too – but rather individual journalists basically asking for cash bribes to cover a story. It sounds shocking to hear, but then given that journalist salaries are next to nothing in many parts of Africa, it’s not actually that surprising.

It was a pretty intensive session but it must have gone alright as I am going back to Computer Aid later this month to do something similar with the executive team including chief executive Louise Richards.

Thanks goes out to:

Gladys Muhunyo – African programme manager and the lady who makes it all happen

Dr. Hillar Addo – Southern Africa programme officer

Benjamin Makai – East African programme officer

Anne Musyoki – West African campaigns officer

Tito Mbua – Tito Wambua Francophone Africa