Plus worries

So, I’m in on that whole Google+ thing, and my experiences of 2007 are coming back to haunt me. It’s like some kind of existential self-doubt: if my social network accounts are shut down, was I ever there? Did I ever have those memories? Did people reply to me in the way I remember? Are my social connections in the state I think they are?

On a more practical note, at least now all of my photos (which go to both Facebook and Flickr and now Plus depending on topic) are all backed up at an off-site location. The same can’t be said for the Facebook wall posts, although I do use the "Download your information" feature to take infrequent data dumps. Twitter is pretty much dead to me, so although I have historical backups, I’m don’t plan on taking any more.

Related to all this, I feel sad that my son will likely grow up in a world where licensing content will be more normal than owning it, which reminds me of this story.

Safeguarding our data

Danger! Mental dumping ground ahead!

Like loads of other IT people in the UK, I’ve been pretty worried about the forthcoming compulsory centralised ID database in the UK. I’ve previously written to my MP, joined ORG and tried to spread the word.

In recent months there have been at least five large-scale (10,000 people or more) data security breaches where carelessness has put unencrypted data into what is effectively the public domain.

The press have been really picking up on this and running an awful lot of related stories. The BBC at the moment are running a “Have Your Say” on the subject of “How can we safeguard our data?” (yes, I know about its general quality, thanks), and there are a worrying number of comments like this one:

The nation should have a referendum now on whether this Government is fit to remain in power.

peter gallagher, london

Recommended by 82 people

In every one of the security problems to date, its not been the direct fault of the Government, but the Civil Service. That is to say, it’s not as if Gordon Brown’s been handing out people’s details on memory sticks; regardless of who we vote for, we’ll always get the Government. Even then, you can expect things like this to happen from time to time – they’re just people after all. It’s just that there are so many things that they could have been doing for years to make life easier for themselves such as routine encryption, file transfer by internal network (such as the Government Secure Intranet), strict laptop carry-out procedures and so on (also see the Cabinet Office’s page about risk management in the public sector). I’m sure they must live with a mountain of similar procedures already for their paper assets, the same needs to apply for their electronic ones as well.

Stuart Langridge recently asked a question along the lines of “Is it my fault if I make some piece of information public, and it is used against me?” – my worry with data security isn’t that I make something public, but that someone else, like a governmental body, does it for me. What rights do I have to make sure that my data is always encrypted? What rights do I have to withdraw data from their databases? What rights do I have to be informed if my data is leaked? (OK, this last one is currently up for debate)

If the government is at the stage where it thinks it can successfully roll out large single-centre data centres (which AFAIK it hasn’t managed to previously), all these details have presumably been dealt with already. Documents like the

Data Sharing Review Consultation suggest not.

A rough transcript of Richard Clayton’s BBC interview

Dr. Richard Clayton from the University of Cambridge (who writes for the very good Light Blue Touchpaper site) was interviewed for the Pods and Blogs podcast on the 18th December 2007 in the wake of the massive data loss at the end of last year. He had some harsh words to say (this is the same Dr. Richard Clayton who signed a joint letter to Parliament’s Joint Committee on Human Rights).

This is only a very rough transcript, and is only word-for-word when the text is surrounded by speech marks. I’m afraid I’m not sure which of the hosts was the interviewer. I do have audio file for anyone who wants to listen to the original (the BBC removes the mp3 after seven days for reasons of rights, apparently, despite this sucking horrendously).

Starting at 1 minute 25:

What lessons could be learnt from this latest security breach?

“.. it’s not possible to build computer systems which are accessed by large numbers of people which are secure.”


“.. what’s the key problem with these big data concentrations?”

“You can’t make systems like that secure – you don’t just lose the information for one GP surgery you lose information for the whole population all at the same time”

What’s the alternative?

“The alternative is small databases and good communication between them – most of the time that doesn’t happen”

Can anyone make these databases work?

“The commercial sector is a little better at building them … the national health database will be accessed by a million people … if you look at the data collected by a supermarket it’s only accessible by a few dozen people in the marketing department, the risks are completely different.”

“The real problem is we do not know how to build very large databases, have them accessed by hundreds of thousands of people and keep them secure. The government believes this is possible, and I’m sorry but it just isn’t.”

Is there any way to build a big secure database? you seem to be saying no.

“I’m saying no. it’s as simple as that. you can’t build these, the government should stop trying.

Ends at 6:53

(Incidentally, when you start dragging the progress indicator in Windows Media Player, it blanks the time panel, so you can’t tell when you’re moving to until you drop it again and the file starts playing. Very frustrating. Media Player Classic doesn’t suffer from this.)