The weekly newsletter for Fed2 by ibgames

EARTHDATE: November 25, 2007

Official News page 12


WINDING DOWN

An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton

I got a note from reader Lois concerning my snippet last week about Microsoft getting 50GB of data a day from users whose Windows programs have crashed. It seems that a Microsoft employee once told her that Microsoft receives thousands of gigabytes of corrupted Outlook PST files people send in, in the - vain - hope that Microsoft can decipher what is in them. I'm not sure I would want Microsoft deciphering what's in my mail files!

But don't worry, Lois, we won't hold it against you (much) that you talk to Microsoft employees :)

Oh, and while I remember, there won't be a Winding Down next week. I know you will all be heartbroken over this, but be brave readers. I'm going to be out of town for the whole weekend, so I won't be around to entertain you with my scintillating prose. I'll be back the following week, which is, after all, when the Xmas parties start on this side of the pond.

In the meantime, this week we take a look at the story that's dominated the news here in the UK this week - the government's loss of identity information for half of the entire population. On a more cheerful note we also go and look at some Xmas shopping options for the geeks among us.

So...


Story: Two disks to find them, and in the darkness bind them

It's difficult to grasp the sheer scale of this week's lead UK news - the government has lost two disks (CDs or DVDs, no one seems to know which) containing unencrypted critical identity information for 25 million people - half of the population. The missing information includes:

National Insurance number
Name, address and date of birth
Partner's details
Names, sex and age of children
Bank/savings account details

What more could you need to impersonate someone and steal their identity?

Initially, the government tried to pass it off as a junior official breaking the rules. But then it started to emerge that the 'authorisation' for sending the information off from the Revenue and Customs Department to the National Audit Office came from much higher up.

That's not all - the National Audit Office didn't ask for all the information that was sent, just for a much smaller subset. However, it was deemed, again by senior officials, to be too expensive to strip off the identifying information, and so the material went out intact.

I'm not going to give a blow by blow account of this; if you haven't seen it already you can read it in the URLs. However, there are a large number of unanswered questions, some of which have been posed - such as how did a junior staff member come to be able to access this information, and, was the recent cost cutting in the department responsible for it being too expensive to strip off the identifying information?

One question, probably the most important, has not yet been posed. If all this information can be loaded onto a couple of disks so easily, how do we know that other employees haven't already done so and passed on the material to criminals? In addition, it's entirely possible that the lost disks are just lost. But even if they are found who is to say that copies weren't made before they were found?

Any serious criminal wouldn't use the information immediately, it's too hot at the moment. But the sort of information the government has given away is far more valuable than credit card numbers; they at least expire. This stuff is valid for years and years. How many people will still be checking for suspicious events relating to this affair in two or three years time?

In the meantime, the fiasco has for the first time created real public awareness of the potential dangers inherent in the government's massively expensive ID card scheme. It's not beyond the realms of possibility that the ID scheme will fall as a result of this data loss.

In an unrelated, but pertinent, event, the Information Commissioner has proposed that doctors should be fined up to UK 5,000 pounds (about US$11,000) if they lose laptops with confidential patient data. That's a great idea, but why only doctors? Anyone who loses confidential personal data on other people should be risking a substantial fine.

Anyway, here is the BBC's take on the affair, followed by a selection of URLs from The Register.

http://news.bbc.co.uk/1/hi/uk/7103911.stm
http://news.bbc.co.uk/1/hi/uk_politics/7104368.stm
http://news.bbc.co.uk/1/hi/uk_politics/7103828.stm
http://news.bbc.co.uk/1/hi/uk_politics/7106826.stm
http://news.bbc.co.uk/1/hi/uk/7106484.stm

http://www.theregister.co.uk/2007/11/22/darling_disaster_good_id_cards/
http://www.theregister.co.uk/2007/11/21/response_data_breach/
http://www.theregister.co.uk/2007/11/21/hmrc_spot_checks/
http://www.theregister.co.uk/2007/11/16/doctors_fined_for_losing_data/


Shorts:

Here in the UK the dinosaurs of the music industry are under pressure from a surprising source - the music retail industry - who want copy 'protection' dropping. Yes, the guys who actually sell the music in the shops, via their organisation the Entertainment Retailers Association (ERA) are blaming the music industry for slow sales this quarter.

This week ERA director Kim Bayley told the 'Financial Times' newspaper that copy protection mechanisms are "stifling growth and working against the consumer interest." You can't get more blunt than that - and you can't have much better credentials for making such a statement! Whether the music industry execs will listen or continue their lemming like march to total destruction, remains to be seen. [Note to self: Check Wikipedia to see if dinosaur lemmings existed. If not, write a Wikipedia article inventing them and then quote it in evidence...]

Incidentally, I spotted a short piece on Slashdot about where you can find 'non-RIAA' music. I didn't know the RIAA produced music :) If they did I guess it would be very discordant... Anyway the Shashdoter suggested www.sellaband.com and www.amiestreet.com - I had a quick look and they both seem quite an interesting choice for non-mainstream music. Good work on their part.

http://ask.slashdot.org/article.pl?sid=07/11/22/181242
http://arstechnica.com/news.ars/post/20071121-uk-retailers-to-record-labels-drm-is-killing-us.html

The controversy over e-voting has taken an interesting new twist. California Secretary of State Debra Brown's office is suing Election Systems & Software Inc (ES&S) because they changed round components in their voting machines without getting them re-certified. The changes seem to have been to mounting brackets and rerouting existing cables.

Minor enough, you might think, but the original certification by the Secretary of State's office specifically said that the certification had a condition that no "...substitution or modification of the voting systems shall be made with respect to any component of the voting systems..."

Personally, I doubt if the modifications made any difference, but that's not the point. These are voting machines and their certification was very clear about there not being changes. Manufacturers of voting machines have to understand that their certifications are not advisory, they are mandatory, and the penalties for illegal changes are severe.

http://www.computerworld.com.au/index.php/id;1601140129

There's an interesting story about the German police in the New Zealand Herald this week. It seems that the police are unable to break Skype's encryption so they can listen in to the conversations of suspects. There's two problems. One is the actual encryption. The other is common to all Voice over IP (VoIP) phone calls - the data is broken up into small packets and the packets travel to their destination by different routes.

This means that you have to capture the traffic either at its source or at its destination. And, of course you have to decrypt it. The police aren't asking Skype to put a back door into the encryption (that's unusual, but experiences with Hitler's Gestapo and former East Germany's Stasi have made the population very sensitive to these issues). What the police are looking for is powers to slip in on-line trojans to search suspects disks for incriminating material. Hmmm. I if I was going to do criminal things I suspect I would encrypt my disk as well.

Even so, I can't say that the idea of anyone, police or not, being allowed to add to the vast level of malware already circulating on the net appeals to me.

http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10477899

ZDNet have just published a fascinating piece on the top 10 IT disasters of all time. All the usual suspects are there, including Year 2000, the Mars Climate Observer metric/imperial measurement screw up, and the grounding of 17,000 planes at LAX earlier this year.

What I hadn't come across before was the 1983 Russian early warning system software bug that reported to the old Soviet Union that the US has launched a nuclear attack! Fortunately, the duty officer reasoned that the US would probably launch more than five missiles in such an attack and delayed retaliation while checks were carried out. I'm glad I didn't know at the time.

http://newsletters.zdnetuk.cneteu.net/t/250463/921984/420553/0/


Geek Toys: Christmas Shopping

Now is the time for all good geeks... Yes it's Xmas shopping time, and here is a selection of goodies (and baddies) for you to add to your wish list.

Top of my list is the ASUS Eee PC 4G 701 micro-laptop. It's like a standard 13 inch notebook that's been shrunk to two thirds of its usual size. It has 4GB of flash memory instead of a hard drive. The Linux operating system and the built in applications take up 3GB leaving 1GB for data. The built in applications include Skype, Firefox, Thunderbird, KDEMail (used for PIM data), Open Office, Acrobat Reader, Pidgin multi-network IM software, photo, music, and video managers and a media player. Plus, of course a selection of utilities like a file browser. The only down side is that the battery life isn't all that brilliant.

The screen is a 7 inch 100dpi, LED backlit, and 800x400 pixels. and the price is a mere 220 UK pounds (US$350-400), which, as The Register puts it is 'Cheaper than an iPhone, less gorgeous but a darn sight more useful...'

http://www.reghardware.co.uk/2007/11/16/review_asus_eee_pc/

Got enough computers already? Then how about the EyeClops Bionic Eye? It's a cam that plugs into your TV and displays anything you point it at - magnified two hundred time. And it's a mere US$40 to buy. A microscope with a large dollop of coolness!

http://eyeclops.com/

Do you make heavy use of your PC for gaming? You know, just 'testing' Half Life 2 for a mate of yours who's a programmer for Valve... Then maybe you might like to have a look at WolfKing's weird combination of a game pad and keyboard, the subtly named 'Warrior Xxtreme' This rather weird shaped piece of kit resembles a keyboard that was left on a very hot radiator overnight and melted a bit. But I doubt if anyone else you know has anything like this. As Country Joe and the Fish used to sing, "Be the first one on your block..." A snip at US$80.

http://www.reghardware.co.uk/2007/11/21/wolfking_warrior_xxtreme/

And talking of keyboards, most of them soon acquire enough dodgy biological material (crumbs, skin cells, hair, pizza, etc.) under the keys to qualify for a bio-hazard sticker. If you suffer from this problem, then online retailer Drinkstuff has just the solution for you - a retro style USB vacuum cleaner. Only 7 inches long, it looks just like a 1950s Hoover cleaner and costs a mere US$8. Go for it - you know your mother would approve.

http://www.drinkstuff.com/products/product.asp?ID=4098&title=USB+Desk+Vac

And if none of the above appeal to your jaded appetite, but you have money to burn, you need to go to the Wired website where they have a fabulous feature on the Ten Greatest Snake-Oil Gadgets. 'Perpetual motion' machines, 'quantum' search devices, a 'Tesla' watch, a bottle of 'Magnetic Defense Complex' - wonderful stuff.

I particularly liked the wooden control knobs for hi-fi kit - a real bargain at US$485 - what a talking point. As Wired point out, the one thing all these devices are successful at is teleporting money out of customers wallets!

http://blog.wired.com/gadgets/2007/11/10-awesome-gadg.html


Acknowledgements

Thanks to readers Barb, Fi, and Lois for drawing my attention to material used in this issue. Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voratious Spamato spam filter...

Alan Lenton
alan@ibgames.com
25 November 2007

Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan.

Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html


Fed2 Star index Previous issues Fed 2 home page