A Question Of Identity

NEVILLE WATSON, in his reply to Julian Ware-Lane, on this blog, raises some interesting issues regarding the right to hide behind an online alias.

His remarks actually take me back to the ‘80s when the World Wide Web was just being established and there was a hard-core Internet community consisting mainly of students, technicians, scientists and journalists. Software was not so advanced in those days and, to access most material, it was necessary to know the telephone access number to a server (or Bulletin Board) and connect your own machine via a modem with the help of a command-line interface.

In those days, the Internet community was focused upon one important aspect – how its users could ensure that whom they were apparently speaking to was the actual party they thought. There were not any online scams or paedophile activity in those days; but Internet users were concerned about the relative ease by which criminals might exploit a World Wide Web when it eventually came about.

The old Internet policed itself. In order to establish a connection, you generally needed access to a University’s intranet – and that was often by being permitted to use one of its own terminals. But the move towards cabling all universities together and permitting private networks to join the expansion focused everyone’s attention on the security aspects.

At that time, the best solution seemed to lie in encryption; and many mathematicians, all over the world, joined forces on the Internet to establish a secure public key system. It would mean having a secure node from where uses could publish a unique key and others could then use it to decrypt communications apparently produced by that individual. But the trick was that anyone could use the public key to encrypt communications to the person that published it – and the only person that could decrypt that information would be the owner of that public key. (In other words the full key was composed of a public and private component).

That system was originally referred to as RSA and is now better known commercially as PGP (standing, with typical Internet understatement, for ‘Pretty Good Privacy’).

It never took-off.

The problem with RSA was that it was not ‘instant.’ Some time was needed to encrypt and decrypt what was being exchanged (although you would hardly notice it now with modern-day processors).

There is a fundamental problem with the World Wide Web – it has no rules except those imposed by responsible Websites and Internet Service Providers (ISPs). But the lack of being able to identify the particular person behind an Internet chat-room exchange has put many of our children at risk. Never before have paedophiles been able to gain easy access to their prey. And, the fact is, Websites like Facebook, do not have the tools to ensure their facilities are not misused. (I am still awaiting a charge-back on my credit card regarding a bogus Facebook advertiser who used a PayPal account to defraud me).

All these problems could be solved by a mandatory public-key system in which the main database recorded specific details regarding its clients – and allowed ISPs the ability to provide a user’s public key to Websites along with their Internet Protocol (IP) address.

We can argue about what information should be made available by public key providers; but top of the list must surely be sex and date-of-birth. Just permitting such basic information would enable chat-room hosts to screen users and immediately flag possible problem areas. Webmasters could also make use of the information by explicitly showing, alongside an individual’s screen name, their actual age and sex.

Civil rights campaigners will not like what I am suggesting; but maybe we should be looking at some kind of, vetted, internet ID – perhaps by providing an individual with a public key as part of a passport or national ID system.

And I would go further. I would suggest that that no ISP should permit any UK resident to have an internet account without a valid public key – and I would move that all other countries do the same.

I am not advocating that all one’s personal details should be made public. Nor am I advocating that posting comments under an alias should be prevented. Web users would still be able to set-up email accounts in various names, with different providers – but they would be unable, as suggested here, to prevent all Web users from knowing their actual age and sex. (Just those qualities that we reveal to others whenever we face them).

Whichever government is returned at the next general election will seek to make savings by replacing existing paper systems with new technology. There are even rumours that polling too will be placed online. The question raised by all such moves is how government can be certain that a vote is actually made by the individual it is allocated to – and how citizens, when accessing their personal records, can actually prove who they are.

And, for the critics, adopting such a system would have one considerable benefit. While Internet users could still communicate openly in unencrypted emails, everyone would have the opportunity of holding secure conversations away from prying eyes. It would establish, on the Internet, the same security in personal conversations as offered by the Royal Mail.

It might be thought that, given the threat from terrorists, Britain’s Security Services would be at pains to prevent such a world-wide system. But, the fact is, it is not what is actually said in email exchanges that those services initially respond to. It is to whom and from where communications are taking place. Implementing a public key system would not prevent that surveillance from taking place.

True, they would not then be able to immediately focus their attention on what was being said; but they cannot do that now when terrorists choose to use their own form of encryption. All it would do is ensure that the Services would need to obtain a warrant to access an individual’s private key – in much the same way as they now need a warrant to intercept an individual’s post.

Please feel free to comment – using an alias; or not…

Something for the techies: Permitting a user’s public key to follow them wherever they go would remove the need to provide passwords. When providing personal details or information that is only directed at an individual, the server just needs to encrypt the resulting Web page using the previously registered public key. (There is no need to try and validate the visitor’s identity – other than to determine if someone else is trying to access information to which they are not authorised).

Tax Payers Could Pay Too Much Due To HMRC’s New System

(Telegraph) – TAXPAYERS HAVE BEEN WARNED that they could end up paying too much tax later this year after HM Revenue & Customs introduced a new computer system.

The Chartered Institute of Taxation said wrong information may have been sent out to “huge numbers of people” and warned that unless it was corrected, it could cost them hundreds of pounds.

The group said many people with complex tax affairs – workers with more than one job, or separate sources of income – had been sent out so-called “coding notices”, many of which could be wrong.

It said if the error was not corrected by the time the new codes come into force in April, wrong information could be sent to employers and pension companies, leading to them deducting too much tax through the Pay As You Earn (PAYE) scheme.

In the worst case, the group said people could pay £108 a month, or £1,295 a year, too much.

Twice as many coding notices have been sent out this than in previous years after HM Revenue & Customs introduced a new computer system to simplify tax collecting. Up to 25 million codes were sent out this year, compared with 12 million last year.

The CIOT said: “It is clear that a significant proportion of these are wrong.”

An HMRC spokesman said that “with the best will in the world, there might be some incorrect codes” but added that taxpayers had two months to check their codes and inform the tax office if there was an error.

However, Andrew Hubbard, president of the Chartered Institute of Taxation, said: “Most people on PAYE are used to assuming that what the taxman sends them is correct. Many file away coding notices without even bothering to check them.

“But this year, many of them are being given wrong information and unless they spot it and tell HMRC, their employer will receive the wrong information too and they could get a nasty shock when they open their April pay packet and see it is as much as a hundred pounds lighter than they are expecting.

Coding notices are sent to many people in the PAYE system each year between the beginning of January and the first week of March.

This year’s problem has arisen as the result of the introduction of a new system, which combines information on people’s National Insurance contributions and PAYE for the first time.

In some cases, the system appears not to have information on people leaving jobs, meaning those who have changed jobs during the past few years are often being treated as if they have two jobs, and much higher earnings than they do.

This could lead, in the worst case scenario, to taxpayers losing out on £108 in their April pay packet, equating to to an annual loss of £1,295.

A spokesman for HMRC said: “The new system is working as it should. It creates a single record for customers for the first time, and this, together with increased automation compared to previous years, is resulting in many more people having more accurate codes than before.

“As part of our transition to this new system, in this first year, as the system we also expect some the codes we issue to be incorrect.”

Labour’s Computer Blunders Cost £26bn

(Independent) – A SERIES OF BOTCHED IT PROJECTS has left taxpayers with a bill of more than £26bn for computer systems that have suffered severe delays, run millions of pounds over budget or have been cancelled altogether.

An investigation by The Independent has found that the total cost of Labour’s 10 most notorious IT failures is equivalent to more than half of the budget for Britain’s schools last year. Parliament’s spending watchdog has described the projects as “fundamentally flawed” and blamed ministers for “stupendous incompetence” in managing them.

Further evidence has emerged over the failings of Labour’s most costly programme, the mammoth £12.7bn IT scheme to revolutionise the NHS. The Independent has learnt that just 160 health organisations out of about 9,000 are using electronic patient records delivered under the scheme. The vast majority of those were GP practices. New figures have also revealed that millions of pounds have been paid out in legal fees. The taxpayer has footed a £39.2m bill for “legal and commercial support” for the National Programme for IT (NPfIT).

Alan Milburn, the former health secretary, said in 2001 that everyone would have access to their health records online by 2005, but it is understood that the Department for Health is still “years away” from fulfilling the pledge.

Government departments right across Whitehall have been guilty of overseeing embarrassing IT failures. A project that was meant to save the Department for Transport (DfT) about £57m eventually cost £81m, and workers at the Driver and Vehicle Licensing Agency (DVLA) were forced to brush up on their language skills when computer systems gave them messages in German.

Another ill-fated IT scheme, designed to allocate subsidies to farms, cost the Department for Environment, Food and Rural Affairs about £350m and left British farmers more than £1bn out of pocket. Last year the Public Accounts Committee (PAC) warned that the system was already “at risk of becoming obsolete”. In 2004, the Department for Justice gave the go-ahead for the National Offender Management Information System (C-Nomis) to be rolled out to prisons and the probation service in an attempt to make sharing information about offenders easier. But in 2007, when the estimated cost doubled to more than £600m and senior officials questioned the validity of the project, it was abandoned – after £155m had been wasted.

The MoD’s Defence Information Infrastructure project is currently running more than £180m over budget and 18 months late, and is now set to cost £7.1bn. Last year, Edward Leigh, chairman of the PAC, said: “No proper pilot for this highly complex programme was carried out, and entirely inadequate research led to a major miscalculation of the condition of the Department’s buildings in which the new system would be installed.”

Other botched IT projects include the identity cards scheme; the Libra system for modernising magistrates’ courts; an attempt to move the Government’s GCHQ computer systems into a new building which ended up costing more than £300m; the Benefit Processing Replacement Programme; and the Foreign and Commonwealth Office’s Prism system.

IT experts blamed ministers for being too easily wooed by suppliers. Insiders said a lack of expertise within the Government about the technology industry meant they were willing to believe claims made by major IT firms before contracts were awarded.

Several projects are now under renewed threat of being cut back or abandoned altogether as Alistair Darling, the Chancellor, has targeted them as an area of government spending that can be reined in as he attempts to tackle Britain’s record £175bn deficit.

Tony Collins, an expert on the Government’s IT failures, said Labour had displayed an “irrational exuberance” for IT projects that has often led them to throw good money after bad at failing schemes. “There are too few people in the hierarchy of Labour who understand IT enough to understand that it is not a talisman – there is nothing magical about it.”

David Cameron, the Tory leader, has signalled a move away from big IT projects, suggesting he will use technology to increase the transparency of government. “It is easy to make these noises out of office,” said Mr Collins. “Once you’ve got civil servants giving you a host of reasons why you should not be more open, I fear the Tories will sink into the same depths of secrecy that Labour has found itself in.”

Botched projects: The cost of failure

£12.7bn National Programme for IT (NHS)

It was meant to revolutionise the way the health service worked. But far from heralding a new age of efficiency, the National Programme for IT is now widely perceived as the greatest government IT white elephant of history. As well as the huge costs involved, suppliers have walked away, projects are running years behind schedule, while medical professionals have complained that they were never consulted on what they wanted the new system to achieve.

£7.1bn Defence Information Infrastructure (DII)

It seemed like a good idea at the time. In 2005, the Ministry of Defence decided to offer a contract to a consortium of suppliers to replace the hundreds of different computer systems being used by the military with a single system that would be used by the army, navy and air force, as well as the MoD itself. It was to be used by 300,000 people across 2,000 sites. However, it is running more than £180m over budget and 18 months late. A parliamentary inquiry also warned that forces’ reliance on older systems put them at risk of a security breach.

£5bn National Identity Scheme

Originally budgeted at £3bn, the Government’s plan for new identity cards, containing biometric data and linked to a central database, soon came under heavy criticism from civil liberty campaigners. As the costs spiralled, so the Home Office began to water down the aims of the scheme to assuage the critics. In July, Alan Johnson announced that the cards would no longer be compulsory, while moves to force all airport workers to use the cards were also abandoned.

£400m Libra system (for magistrates’ courts)

An attempt to bring records used by magistrates courts into the digital age backfired when trying to introduce one universal IT system to all courts descended into a costly mess. Fujitsu originally bid £146m to deliver the Libra system in 1998. However, the project proved more complicated than anticipated, and costs have now been put at more than £400m.

£350m Single Payment Scheme system (SPS)

The Single Payment Scheme system was designed in 2003 to be a sophisticated way of giving farmers their subsidies, by mapping their land and working out their level of payment. But failures with the IT systems being used mean that farmers were left short-changed. In 2006, around £1.28bn of the £1.5bn subsidies destined for British farmers still had not been given out. The Rural Payments Agency overseeing the project was ordered to make 23 major changes to the system. Despite the £350m spent on the technology, the Public Accounts Committee warned last year that it was already “at risk of becoming obsolete”.

£300m GCHQ “box move” of technology

When the Government’s intelligence organisation, GCHQ, decided to move its complex computer systems into a new building in 1997, the projected £41m cost was so small that officials believed it could be absorbed within existing budgets. That was until the Curse of the Government IT Project struck. Costs of the so-called “box move” soon began to rise out of control. In 2003, the National Audit Office (NAO) put the costs at more than £300m. Edward Leigh, Tory chairman of the Commons Public Accounts Committee, called the original budget “staggeringly inaccurate”.

£155m National Offender Management Information System (C-Nomis)

In an attempt to make sharing information about offenders easier, the Department for Justice gave the go-ahead for the National Offender Management Information System (C-Nomis) to be rolled out to prisons and the probation service. As the estimated cost doubled to more than £600m and senior officials questioned the whole point of the project, it was abandoned in 2007, with £155m already spent.

£106m Benefit Processing Replacement Programme

In June 2006, the Department for Work and Pensions confidently assured Parliament that new funding for its Benefit Processing Replacement Programme (BPRP) had been approved. So it came as a surprise to many when it emerged just three months later that the project had been quietly scrapped. Little information has emerged on why BPRP was abandoned, but the Government has admitted that £106m had already been spent on it before it pulled the plug.

£88.5m Prism IT project

Undeterred by past failures, the Foreign and Commonwealth Office (FCO) thought it would be a good idea in 2002 to order a new computer system for their 200 offices around the globe. The result was the Prism IT project, seemingly a bargain at just £54m. However, delays and costs have risen, while the contractor was even forced to temporarily halt the scheme in 2005 while an investigation took place into its various problems. The system has not proved a hit with staff. One wrote in 2004: “In all the FCO’s long history of ineptly implemented IT initiatives, Prism is the most badly designed, ill-considered one of the lot.”

£81m Shared Services Centre

To officials at the Department for Transport, the Shared Services Centre seemed to good to be true: not only would it integrate the human resources and financial services of the department and its various agencies, it would even save the taxpayer £57m. Unfortunately, those hopes were dashed as the scheme became another example of an IT project going horribly wrong. Workers at the Driver and Vehicle Licensing Agency (DVLA) were forced to brush up on their language skills as computer systems gave them messages in German. It will now cost £81m, a failure in management that the Public Accounts Committee described as a display of “stupendous incompetence”.

TOTAL: £26.3bn

Peers Criticise Food Industry Secrecy Over Nanotechnology

(Guardian) – THE UK FOOD INDUSTRY comes under attack from peers today for being secretive over its development of nanotechnology in food and drink.

The Lords science and technology committee is urging the government and research councils to carry out more checks into the use of nanomaterials in food and in particular the dangers for the human body.

Nanotechnology involves whittling common materials down to the size of microscopic particles, allowing them to acquire unusual properties.

Nanoparticles have been used in cosmetics and sun-cream products. They can help create foods which taste the same as conventional alternatives but have lower fat, salt or sugar levels, or enrich foods with supplements, or even be used in packaging to extend products’ shelf-life.

Nanotechnology is also being seen as a successor to genetically modified (GM) techniques. This week Professor John Beddington, the government’s chief scientist, said GM crops and developments such as nanotechnology must be embraced to avoid catastrophic food shortages and future climate change.

But today’s warning from eminent scientists including Lord Krebs – the former chairman of the Food Standards Agency – is the third in two years, after calls from the Royal Society and the Royal Commission on Environmental Pollution for more stringent safety checks.

Research has shown that nanoparticles can penetrate into places larger particles cannot go, such as through the “blood-brain barrier”, which stops toxic molecules passing from the blood into the brain. They find their way into vital organs including the kidneys and liver, but precisely what they do in them has yet to be fully investigated.

In a 112-page report, Nanotechnologies and Food, the Lords committee says transparency is key to ensuring public trust in food safety but warns that the food companies’ failure to publish details of their research in this area is “unhelpful”.

It warns the industry that appearing to be secretive about its research “is the type of behaviour which may bring about the public reaction it is trying to avert”.

The report recommends that the Food Standards Agency watchdog should keep a public register of food and food packaging containing nanomaterials.

But Julian Hunt, of the Food and Drink Federation, said: “Given that nanotechnology is in its infancy in the food and drink sector and that bringing new innovations to market is a long and complex process, we are surprised that the report seems to criticise the food industry for an apparent reluctance to communicate extensively on this subject.”

Which? chief policy adviser Sue Davies said: “We must fill in the significant gaps in our knowledge about how nanomaterials behave in the human body to ensure that there are no safety concerns in this rapidly developing area.”

Peter Melchett, the policy director of the Soil Association, added: “The report is good in drawing attention to the huge risks and uncertainties of nanotechnology. This is a ticking time-bomb.”

More MOD Incompetence

(BBC) – AN INVESTIGATION IS UNDER WAY after a laptop containing secret data was stolen from the Ministry of Defence.

It was taken from the ministry’s headquarters in Whitehall, central London, in late November, along with a key used to decode encrypted files.

A spokesman said: “An investigation by MoD police is ongoing and it would be inappropriate to comment further.”

The incident is the latest in a string of thefts involving MoD laptops containing sensitive information.

Figures from the department earlier this year showed that 28 had been lost or stolen between 1 January and 11 May.

And last July, the MoD admitted that 658 of its laptops had been stolen in the past four years.

In just one incident, personal information belonging to 600,000 people considering applying to join the services was lost, including National Insurance numbers and bank details.

The Sun newspaper reported that the latest machine to be taken had been left at the building in Whitehall by a senior RAF officer.

Freeview Shake-Up

(Daily Mail) – MORE THAN 20 MILLION digital TV set-top boxes linked to the Freeview broadcasting system will stop working this week unless they are retuned.

Five million television sets that have the Freeview digital technology built into them will also have to be retuned.

The exercise is the result of major changes to the frequencies used to broadcast more than 50 TV channels and another 20 radio stations to rooftop aerials.

It is part of a plan to make Channel Five available to a greater part of the country and clear the way for high-definition digital TV channels.

However, the change threatens real confusion for millions, particularly the elderly, who may not understand how to retune their sets. Electrical retailers say many customers are unaware that their Freeview equipment will stop working unless they retune it.

The changes to the transmissions, which will take place on Wednesday morning, will also mean that 22,000 older digital TV set-top boxes will no longer work.

These are the Daewoo DS608P, the Labgear DTT100, the Triax DVB 2000T, and the Portland DP100. Combined set-top box and video recorders that will not work are the Daewoo SV900 and the Bush IDVCR01.

The changes also mean that some 460,000 households, which get their TV channels from a relay transmitter, will no longer be able to watch ITV3 and ITV4.

This will be a blow to football fans because coverage of the UEFA Europa league is shown on ITV along with other sports, including cycling.

These channels also show re-runs of popular series such as Poirot, Heartbeat and Cracker.

From September 30 there will be some 50 TV channels, including mainstream ones, Film 4, those from Sky and Virgin, and various shopping services.

A new channel called Quest — a mix of factual, lifestyle and entertainment programmes from the archives of the Discovery Channel — will be introduced.

The switch is being organised by the Freeview organisation in partnership with the BBC and the commercial channels.

It does not apply to viewers who get their TV and radio channels from set-top boxes linked to Sky TV or Virgin Media. Nor will it apply to set-top boxes and TVs tuned in to the Freeview satellite system.

One independent Scottish electrical retailer said: ‘We have been amazed at how few people know what is going to happen.

‘This national retune may cause problems for some people.’

Freeview said the changes are necessary to ensure wider access to Channel Five which, despite being a national channel, cannot be viewed in many parts of the country.

It said it is also necessary to create space for new HD channels.

A spokesman said the changes are expected to be complete by lunchtime on Wednesday, September 30.

‘All Freeview boxes, Freeview+ digital TV recorders and digital TVs can be retuned at any point after this.’

A spokesman for Age Concern/ Help the Aged — now a single charity — said: ‘It seems likely some people will struggle to retune.

‘However, if they already have Freeview, they probably have access to help from a family member or retailer to sort it out.’

Plans To Cut Web Access To File Sharers

(Reuters) – REPEAT OFFENDERS WHO PERSIST in illegally downloading music from file-sharing sites such as Limewire could be blocked from accessing the Web under government proposals issued today.

The government said it was publishing new ideas to speed up the process of tackling unlawful peer-to-peer file sharing to prevent damage to the content industries.

Proposals include requiring Internet Service Providers to take action against individual repeat infringers, including blocking access to download sites, reducing broadband speeds or by temporarily suspending an individual’s Internet account.

Earlier government proposals had said media regulator Ofcom would need to ascertain that technical measures were needed, meaning the earliest measures to counter the problem would not come into play until 2012.

‘The government has now reached the view that, if action was deemed necessary, this might be too long to wait given the pressure put on the creative industries by piracy,’ it said in a statement. ‘The new ideas outlined today would potentially allow action to be taken earlier.’

Under the new proposals, the Secretary of State would direct Ofcom to introduce technical measures to clamp down on piracy if necessary.

‘Technology and consumer behaviour is fast-changing and it’s important that Ofcom has the flexibility to respond quickly to deal with unlawful file-sharing,’ Minister for Digital Britain Stephen Timms said in a statement.

Governments around the world have been trying to find a solution to the problem of Internet piracy, with varying levels of success.

A law backed by French President Nicolas Sarkozy to cut Internet access to those found guilty of downloading music illegally has already been watered down by France’s top constitutional court, and a vote has been delayed until September.