Budapest via Australia odyssey begins

Yep, it’s been a long time in the making but we are finally off tomorrow morning to begin our two month around the world ramble which will see us eventually relocating to Budapest for a while.

Credit-crisis? Global warming? Yes these are all concerns but sometimes you just have to say what the hell and run for the sun. I am still planning to do some assignments and try and pick up some interesting blog material along the way – there are some very cool geothermal projects happening in New Zealand and Fiji that I would like to check out. But mostly it’s a chance to just to escape the gloom and doom with some hard-core mooching.

The flight/travel itinerary goes something like this:

Nov 16 – London to Hong Kong 

Nov 21 Hong Kong to Darwin (Aus)

Nov 26 Darwin to Alice Springs

Nov 30 Alice Springs to Cairns

Drive Cairns to Byron Bay

Train Byron Bay to Sydney

17 Dec Sydney to Christchurch (NZ)

Drive Christchurch to Auckland

31 Dec Auckland to Nadi (Fiji)

11 Jan Nadi to Honolulu (Hawaii)

14 Jan Honolulu to London (back on 15 jan)

18 Jan London to Budapest

Facebook is probably the best place to catch-up with where we are but I will be updating this blog with anything journalism or blog related I get around to over the next 8 weeks or so.

Going to be back in London for two or three days when we are back but then we are off to live in Budapest for 6 months or longer – depending on how it all works out and whether this freelance thing is really possible from anywhere.

Is Google playing fair in Africa?

Just been at a really interesting event at Chatham House in London called Technology: A Platform for Development. (ZDNet.co.uk is one of the media partners). The conference had lots of very interesting speakers from NGOs and development agencies as well as lots of vendors who are keen to show their philanthropic sides whilst also getting very excited about how much dosh they can make out of growing markers such as Africa and India.
During the obligatory coffee break, I got chatting to someone (journalist ethics and Chatham House rules prevent me from saying who) who does a lot of tech-related work in Africa. He brought up the subject of Google and how from his perspective, it’s “Don’t be Evil” motto is not quite standing up in Africa at least (just as it was put under considerable strain over censoring in China).

My coffee-partner claimed that the line between the philanthropic side of Google, managed by the marvelously named Dr Larry Brilliant, and the commercial Google, appear to be blurring in Africa. And it goes beyond the normal branding exercise that a lot of tech companies go in for when it comes to doing good deeds, but actually seems to involve Google using its philanthropic work as a shoe-in to organisations who might be future clients of Google Inc – even down to data/leads changing hands betweem the two.

Now I can’t stand any of this up you understand, so it might be complete rubbish, but this guy was one of the speakers at the event and someone who should know what he is talking about. Even if there is any truth in it, then I am not sure how hard we can be on Google as other companies are certainly guilty of using philanthropy as a loss leader.

Take Microsoft’s international student discount iniatives which creates long term demand for their apps, or the companies Digital Pipeline iniative to help send refurbished PCs to the developing world – which mostly (it would have been exclusively but MS couldn’t argue the charity commission around) have Windows and Office preloaded.

The truth is that just as green IT goes hand in hand with cost savings, philanthropy for most tech companies has to have some profit generation effect to – even if its just a marketing one. As I said, it might not be true, but I thought better of Google but maybe that’s my problem.

No spat here says US cybersecurity investigator

In an earlier post I flagged up the fact that the head of cybersecurity at the Department of Homeland Security (DHS) just happens to be at the same IT security show in London as someone who appeared to have made negative comments about his departments leadership.

I have managed to speak to both parties involved now, and one of them claims their relationship is not as antagonistic as it has been reported.

After one of his presentations at the RSA Conference Europe, I managed to catch-up with homeland security expert Paul Kurtz, who was recently quoted as saying that, “There really is no one in charge right now at DHS”.

Kurtz (part of a Center for Strategic and International Studies (CSIS) panel that is undertaking a review of cybersecurity with the aim of creating recommendations for the new US administration) appeared to have a negative view on the role the DHS is taking around cybersecurity strategy judging from this article. Unfortunately, the man charged with running the cybersecurity division of DHS – Robert Jamison –  was also attending RSA in London.

When I spoke with Kurtz, he claimed that my earlier post and presumably the CNET story, was misleading and that he and Jamison have worked in the same circles for a long time and that there was no personal animosity between the two of them. In fact, it turns out that they ended up going out for dinner at the event according to Kurtz. “It is not personal at all,” he said.

However Kurtz did admit that he felt there was a leadership issue at the DHS. “There is a legitimate question of who is in charge at the DHS, who is directing the traffic there? But that shouldn’t all be laid at the feet of Robert Jamison, that is unfair.”

For his part, when I spoke to Jamison yesterday, he didn’t disagree when I claimed that Kurtz had been critical of him but just gave me a kind of knowing smirk. One of this spokespeople also made it clear that the CSIS panel had not been very communicative with Jamison or his office in the course of investigations which Jamison’s people found obviously frustrating. Kurtz on the other hand maintains that the panel did meet with Jamison and communication channeles were open  – so who is right? Probably both but with different perspectives on “communication”.

But when it comes to his wider views on the performance of Homeland Security and it being the best place to coordinate US cybersecurity policy, Kurtz said that one of the options the committee is considering is pushing the responsibility into the White House. “There is a lot of thinking that given the complexity of the issue, the broad strategic policy and programme coordination should emanate from the White House,” said Kurtz.

That is not to say that the DHS wouldn’t have role in cybersecurity but possible only one on the same level as other departments such as Defence and Justice said Kurtz. The White House’s involvement would allow for a “broader perspective” beyond that one just one department and also encourage the involvement of the private sector, Kurtz added.

The report from the CSIS is due around a week after the election so we will just have to see what the findings are but if the rest of the panel follow Kurtz’s views then DHS under a McCain or Obama leadership could well find itself relegated to being just one contributor to cybersecurity strategy.

UK ID card fuss is only temporary

Keynote RSA Conference 2008
Keynote RSA Conference 2008

That was the warning from security guru and BT chief security office Bruce Schneier who said that in five years or so, people won’t have to worry about ID cards anymore.

Not because libertarians will triumph and prevent the technology from being developed, but because ID checks will happen in the background without us even realising.

“I know there are debates on ID cards everywhere but in a lot of ways,they are only very temporary. They are only a temporary solution till biometrics takes over,” he said, speaking at the RSA Conference Europe on Tuesday.

“When you walk into the airport they will know who you are. You won’t have to show an ID – why bother? They can process you quicker,” he said.

I am not quite convinced about Schneier’s time-frame as look at how long its taken to get a plastic card with a photo on it approved so how long are we really looking at for sophisticated biometrics technology and the databases in the background to make it all work.

Still while biometrics for high-level uses in airports and law-enforcement might be a longer way off – more low-level uses by commercial organisations might be rolled out a lot sooner.

Even tech-savvy telcos can’t look after data

As if being crunched by credit wasn’t bad enough, some banks,and other firms, are facing more shame on Weds following the publication of a report from the information commissioner Richard Thomas.

We are used to seeing public sector organisations being lambasted for losing vital data – such as the HMRC incident last November – but this week Thomas is gunning for private companies claiming that around one quarter of the 277 breaches reported to his organisation in the last year concerned businesses.

More worrying is the fact that Thomas is set to get additional powers to fine companies over data breach issues.

Aside from banks, supposedly tech-savvy organisations such as telcos are also failing to keep control of their data according to Thomas. Over the past 18 months, four telecoms companies including Virgin Media, Orange have been warned over data management issues.

Thomas is set to speak this afternoon at the RSA Europe IT security show in Docklands this afternoon, and judging by the results of this report, he shouldn’t be short on stuff to say.

Safecode initiative fails to attract open source players

Industry group Safecode hasn’t managed to encourage any open source players to join in its mission to improve the inherent security of software despite being around for nearly a year.

Speaking at the RSA Security Conference Europe, in London, the organisation’s executive director Paul Kurtz admitted that although the foundation of the organisation was announced at last year’s show, the group hasn’t managed to add any open source players to its ranks so far.

For more go to Heise UK.

US Homeland Security spat comes to London

What are the chances. You get away from Washington for a few days and escape the criticism that your division of Homeland Security has been getting for not doing its job, only to find that one of your main critics is at the same event that you are at in London.

Well that it is the slightly unfortunate position that DHS Undersecretary Robert Jamison has found himself in at the RSA Conference Europe in London this week. Members of an cybersecurity oversight commission have been very publicly criticising the role of the DHS in managing the country’s cyber defences including claims that there is basically no leadership around the issue.

As head of the cybersecurity division at DHS, Jamison is probably going to take that personally, well he can’t fail to really when confronted by statements such as: “There really is no one in charge right now at DHS”.

And who made that very direct criticism? None other than cyber commission member Paul Kurtz, who just happens to be at RSA too. Kurtz is here pushing his own iniative to promote secure approaches to software development – Safecode – launched at last year’s show. I am not sure if the two security gurus have bumped into each other, but I am guessing that right now even the cavernous halls at Excel don’t feel big enough.

Having chatted to Jamison, it seems that the commission hasn’t been very good at actually getting in touch with his department. The commissions main mission is to prepare a report for the next administration around cyberthreats/security policy – but according to a Jamison’s office, the commission has made very little attempt to get in touch with the body that has been doing the job for the last few years.

I will try and get in touch with Kurtz and find out his side of things and report back…

For more go to CNET.

RSA: Downturn will stifle IT innovation

 

Keynote RSA Europe 2008
Keynote RSA Europe 2008

 

Increased regulation triggered by the crisis in the banking sector could encourage governments to introduce more regulations that could divert IT resources away from innovation, according to RSA boss Art Coviello. Speaking at the first day of the RSA Security Conference Europe in London, Coviello told the audience of IT professionals that IT innovation was key to lifting struggling economies out of the current financial downturn. But that process could be derailed by an increased legislative burden combined with fear over costly IT mistakes in tough economic conditions.

For more go to Heise UK.

Industry expects e-crime unit to ‘knock on doors’

I just completed this analysis piece for ZDNet UK around the new Police Central E-crime Unit (PCEU). Thanks to Geoff Donson from Telecity Group for the background and quotes and for the cooperation of Janet Williams from ACPO for answering some tricky questions:

The rise of e-crime is no longer news. But could UK law-enforcement agencies have done more to prevent internet and IT-related crime reaching a value of £6bn per year, the latest figure reported by the Department for Business, Enterprise & Regulatory Reform?

The announcement last month of theformation of the new Police Central e-Crime Unit (PCeU) will be seen by some as an admission that the April 2006 decision to roll the former National Hi-Tech Crime Unit (NHTCU) into the more strategic Serious Organised Crime Agency (Soca) was a mistake.

The amalgamation was viewed by some as a distraction from the job at hand, just as computer-related crime was becoming more sophisticated and prevalent.

“We had a splendid, long relationship with the NHTCU, but that doesn’t appear to be re-emerging in Soca,” David Roberts, chief executive of industry body the Corporate IT Forum, told ZDNet.co.uk last year. “A lot of the difficulty with Soca is the period of silence [since its formation], which is such a stark contrast to the NHTCU, who were really visible and proactive.”

Asked whether the creation of the PCeU is an acknowledgement that the government got it wrong when it absorbed the NHTCU into Soca, Janet Williams, Metropolitan Police deputy assistant commissioner for the Specialist Crime Directorate, who is heading up the development of the new unit, said that, ultimately, it is not a question she can answer.

“That is a political question and I don’t do those,” she said. “I think police officers should just get on with it.”

More…

Levels of IT crime on the up in the downturn?

This interview I did with the chief executive of RSA Security Art Coviello has just been posted on SC Magazine:

SC was granted an exclusive interview with Art Coviello, RSA president and executive vice president of EMC. He spoke to Andrew Donoghue on whether organisations should be compelled to disclose data breaches and whether he expects to see general levels of IT related crime increase during the tough economic times ahead.


SC:
 You are a bigger supporter of the idea of data breach notification regulations but some people – such as Microsoft UK’s chief security advisor and former FBI agent Ed Gibson – have questioned whether they are really a good idea?

 Consumers have every right to know that there personally identifiable information has been compromised. If that personally identifiable information has been breached, you need to go public and explain that. Data breach regulations engender the following kinds of behaviour: ‘Wow, I could be embarrassed if this happens. Wow, I could be subject to subject to liabilities if this happens. Wow, I could suffer significant loss of reputation if this happens. Therefore I need to take appropriate action to make sure this doesn’t happen in the first place’. There is no technology that has been purchased just an awareness on the part of the company that they need to do something, they need to do the right thing. 

You can find the full interview here