Shiny Babules I Have Grasped This Week

Time to take a very brief break from hoisting bile about the place and look at some things that I’ve actually liked this week, and when I say this week, I mean last week, because this was supposed to go up on Saturday but I was busy writing something else.

No News is good news

I like news, me. On a pacey news day, I lke to keep track of several channels at once. Up until now, if I wanted one of those to be SKY I had to get up and put the TV on, but yesterday I noticed that you can view SKY News live on line from their website. Good Oh.

For other news channels I also like Zattoo and Livestation. Both of which give access you a number of news channels that you can watch on your desktop. Shiny.

Still on the subject of news, an excellent BBC Newswatch program which focuses on changing audience attitudes to news delivery and the effect of new media, mobile tech, and social networking on the news agenda.

Not on iPlayer, but you can watch the latest episode here.

Twitter Toys

I seem to be getting more and more into twitter, which is a great surprise to me, because I have no time at all for, e.g., facebook.

This week I have played with various bits if twitter tomfoolery, as previously mentioned I have quite enjoyed @tweetminster’s Tweetminster Wire, which is a twitter client for aggregating MPs’ and PPCs’ tweets, as well as various other things.

There are two slight drawbacks with it (but then it is in beta), firstly you have to keep refreshing it, and secondly most MPs are fucking tedious. Still, it lets you see who’s tweeting during #pmqs, which is frankly what we all want to know.

Next is a web based app called TrendMaps which shows twitter trends by geographic location, allegedly in real time. Neat.

Finally, another web app Twitterfall which is pretty useful for watching twitter witch hunts, or keeping abreast of the shouting during #bbcqt. Twitterfall presents a waterfall like animated display of tweets matching your chosen search term, you can adjust the speed of the display to suit. Quite handy when there is a high volume of tweets on a hashtag and you want to get a good sample of them.

Digital Democracy – Part The First : Good uses for biometric ID

Next Stop : Utopia Island

Let us imagine for a moment a world without New Labour’s overarching Orwellian horror of a vision for a national ID card and the cripplingly expensive behemoth of a database that would be required to back it.

Ahh. Nice, isn’t it. Now, hold onto that thought for a moment, because in the first in this (possibly) series of posts I’m going to suggest that the functionality proposed for a biometric ID card, quite contrary from being used to enslave us all in some dystopian socialist police state, could in fact be a cornerstone of our future democracy. Yes, really.

Identity Politics

First up, what do we actually mean by ‘identity’ ? For the purposes of this post – hopefully the first in a series, and hopefully mercifully brief – we will cheat a bit and redefine ‘identity’ to mean a token issued to you by some third-party (the Electoral Commission, say) which can be used to prove your eligibility to do something (vote, in this case), and which, since it is unique to you, can be used to make sure you have only done it once. It can of course also be used in all transactions with the third-party, much like a ‘customer number’ of which it is a variant.

For our purposes, then, we have decoupled this from an actual ‘identity’, as traditionally defined. We assume that if it is necessary to prove eligibility or identity it is done at the point at which the token is issued.

We also assume, just for the purposes of this post mind you, that at the point of issue, the token is not actually associated with any identity information. Pie in the sky, no doubt, but let’s just assume it for now as we’re talking utopian techno democracy here.

Now, we don’t want anyone else to be able to get at this token and use it, or change it so we will encrypt it. In fact, it is probably already some kind of cryptographic token, we’ll get to the tech later, but basically the issuing party will have ‘signed‘ it cryptographically so that they can verify it has not been tampered with at the point of use.

Not just a pretty face

What we want now is some way to encrypt the token so that only you can decode it and use it. This is where the biometric part comes in. Please bear in mind that there are other ways of going about this that may be more appropriate. We will use biometrics only as an example.

Using a set (not a single one, oh no sir) of biometrics (or by some other method) we now generate a cryptographic key (or possibly a set thereof) and use one of them to encrypt the voting token which is stored on your ‘ID card’ At this point it is necessary to be weasely again, and redefine ‘ID card’ to mean some mechanism for storing identity data as defined for the purposes of this post. It may be in card form, but one way or another it will be some kind of computing device, like the chip on your Chip’n’Pin card.

At this point, only you can decrypt the token and use it. Still with me ? Good.

Third Party Politics

The key thing to remember at this point is that when you authenticate yourself in order to unlock this token, you do not do it with a third-party. This is quite different from NuLab’s proposed scheme where checks are made against a central database. In this model, you authenticate yourself to the ‘ID card’.

Your only interaction with a third-party begins with the presentation of the token. This may, or may not, infer further information about you.

Secure exchange is no robbery

Now we need some means to get the token securely to its destination, again we will use cryptography. Let’s assume that our existing protocols are secure and that as such we can easily set up a secure end to end connection much as we do every day with online shopping or banking.

Vote Early, Vote Often

Next thing to do is cast our vote! To prevent just anyone at the far end changing our vote (naughty!) we will also to encrypt that, we will encipher it with the ‘public key‘ of the third-party who issued our token. This means that only they can decipher it and read it.

Livin’ in America

Now then, we need to bring to mind for a moment the horrors of the epic fail that has befallen every e-voting system so far tried, particularly in the USA. Especially in California. Bearing in mind that most of these were straight replacements for other ‘in person’ voting methods, we need not dwell too much, but we need to overcome the major problems that they reveal.

The ones that concern us are twofold. We shall not fear to speak their names, which are Auditing and Transparency. Auditing we can deal with some more technical trickery, which we will explore in more depth later on. Transparency is something else entirely. I will explore this is some depth at a later date

For the purposes of this post, let us assume that the problems are surmountable.

Put ’em all together and whaddya got?

Well, what have we got ? It’s slightly different from the rather more statist, centralist model proposed by the Home Office and its pets, but we have many of the same ingredients. A card, some set of tokens for doing stuff with, and a way to make sure that only the person who is supposed to can access them (we are missing some very important technical mechanisms, but again, that’s for later)

To some extent, we have decoupled the card holder’s ‘identity’ from the contents of the card. As described, it doesn’t even need a photo on it. No policeman can stop the holder in the street and ask “papers, please”, because the only person who can get the data off the card is the person who can authenticate themselves to the card.

But what we can do with it is this. We can use it to provide a universal rolling plebiscite. Universal meaning that anyone who wants to vote (and is eligible to do so) can vote.

In this utopian e-voting world, we no longer need MPs to represent our interests in parliament, not that the fuckers do much of that in any case, because we can all do it for ourselves. No more representative democracy, a genuine, direct democratic process. What kind of ‘government’ you would need to support this kind of democracy is an interesting question, sadly outside the scope of this post.

And the really cool thing is that we can genuinely achieve much of this, from a technological point of view, already. The components are there, for the most part, as we shall see in a later digital democracy post.

And, of course, you could, in fact, still do this with Blunkett and Co’s National ID scheme. Although you’d still have to put up with all the other crap.

Avast! Pirates! Mandelson set to lash ye scurvy currs. Yarr!

Blow me down (that’s enough piratical merriment – ed) it’s a tech post. These don’t come along very often, but when they do they tend to draw a lot of attention and comment. This is because :

  1. The web is (obviously) full of tech geeks.  We were in the internets long before all you normal people got here, long before there was even a web.
  2. All tech geeks believe that they know tech much better than all other tech geeks, even when the evidence stands clearly against them.
  3. See below.

Duty Calls

So it is with a certain amount of trepidation that I venture in the frosty waters of the ‘illegal file sharing’ meme, which I have no doubt is already the subject of bitter infighting in the techier parts of the blogosphere that I tend to avoid.

 

Full disclosure : I am a professional tech geek, part of my job involves reverse engineering security systems and encryption and that sort of thing. Right then, on with the post.

It has been all over the MSM today that once again, the disconnection of ‘illegal’ file sharers is back on the cards, we’ll skip most of what’s actually in the MSM reports, because they employ people who know the square root of fuck all about technology with very few exceptions, and jump straight to the source, a speech given by Lord Mandy of Gobshite at the cringe inducingly named “C&BInet” forum (erm, guys, that would actually expand as ‘candbinet’).

I will try really hard not to fisk to much of it and get to the issues, it’s hard with Mandy, just take this for instance

I’ve been trying to think of the first time that I was really aware of just how seriously Britain’s impact as a creative economy is out of all proportion to its size. I think it was some time in the last decade, probably looking up at Norman Foster’s glass dome for the Reichstag or reflecting on Harry Potter’s decade of global conquest, or maybe it was watching Robbie Williams charm the socks off 15000 Belgians – and at least one Englishman – in Antwerp a few years ago.

Oh, puke. Or was it perhaps while you were dining in Corfu with billionare producer David Geffen, well known file sharing hardliner ? Hard to tell, but since it was only a couple of days afterwards well, I think we can draw our our own conclusions.

Anyway, the upshot is that Mandy now has a hard on for content protection, and when a New Labour type has a hard on for any issue, you just know they’re going to be jizzing out some new legislation so they can be seen to be doing something. When it’s Mandy, you know he’s about to stick his spanner in the works of the market and start twisting it about, and so it came to pass

Now, it seems self-evident to me that trying to evolve new business models against these kind of attitudes is very hard, and I take my hat off to those who have tried. Further investment in new business models is important

Wait for it …

But the Government also has a responsibility to act.

Here it comes …

That is why we have decided to intervene and legislate to tackle the problem of file-sharing

Thar she blows! (avast! – ed)

So, M’Lord, what is it exactly that you intend to propose in your legislation ?

What we will be putting before Parliament is a proportionate measure that will give people ample awareness and opportunity to stop breaking the rules. It will be clear to them that they have been detected, that they are breaking the law and that they risk prosecution. If necessary we have also made it clear that we will go further and make technical measures available, including account suspension. In this case, there will be a proper route of appeal

Ah, the old ‘three strikes’.

Let us not dwell to much further on the emetic speech, lest we start to imagine Mandy’s voice, which is a little like being caressed by the blade of a serial killer, we shall leave it at this last extract.

Neither do we want Internet Service Providers to be unfairly burdened. ISPs and rights holders will share the costs, on the basis of a flat fee that will allow both sides to budget and to plan.

Which pretty much sums up the kind of market meddling the man thinks is acceptable in one sentence, really.

I haven’t looked yet, but I expect the ISPs will be incandescent about this for several reasons. Avast! I shall have a quick Google …

ISP TalkTalk said the plans were “ill-conceived” and said it was prepared to challenge measures “in the courts”.

“What is being proposed is wrong in principle and won’t work in practice,” the firm said.

“In the event we are instructed to impose extra judicial technical measures we will challenge the instruction in the courts.”

Yeah, pretty incandescent.

Anyhoo, this will all lead to a seriously epic fail, there are technological reasons, and there are legal reasons. And of course there are economic reasons. With some trepidation of the storm of geek comments about to be flung at me, I will elucidate some of them just far enough to illustrate what a typical FUBAR this will end up as when the relevant legislation passes through parliament. Which it undoubtedly will if Mandy’s gnomes can get it before the house while it’s full of Labour seat warmers.

Technical Fail
Lets cut to the chase and skip lightly over the details, which I can fill in later if anyone decides they care. It is not technically possible to implement an automated solution that will work at the level of a large ISP. It simply isn’t. Let no one tell you different. The ISPs know this.

The problem is that you have to be able to identify illegal content. There are a number of ways of going about this, some cleverer than others, but none (so far) that can’t be subverted. All of these, even the clever ones, rely on being able to intercept (note that word) the traffic flowing through the network and then perform some processing on it to see what’s in it. Then if it looks like it might be some file sharing traffic, perform some more processing on it to see if it’s protected content. The cleverer the method, the more processing is needed. More processing means more processors. Which means more money. And more electricity, which also means more money. And more air conditioning to stop the whole lot catching on fire. Which means even more money, and even more electricity, and even more money for electricity. And so on.

Quite apart from which, even the cleverest methods like ‘acoustic fingerprinting‘ require an unencrypted stream of traffic to work with. Once you introduce end to end encryption into the mix, your clever technical solution has stopped working and you are left with a warehouse full of hot, noisy, power consuming paperweights. Epic fail. Encryption is already available in most P2P file sharing clients.

As it is, from the bum gravy I have seen in the MSM, the proposed technical solution is not even that clever. We shall not examine it in any detail, because it will almost certainly be freshly minted bullshit dreamed up by some bright some thing in Mandy’s employ and wilfully misinterpreted by the retards who deign to call themselves technology journalists. We may return to the subject once the proper tech media have had a chew on it. No, let us skip lightly over to the next issue.

Seriously Epic Legal Fail
We can sum half of this up in a single word. RIPA. Ok, that’s an acronym, RIPA is the Regulation Of Investigatory Powers Act 2000.

Without digging through the minutiae, much of which is tedious beyond belief, RIPA makes what Mandy wants the ISPs to do illegal. Put simply, an ISP is allowed to look at as much of your network traffic as is required for them to deliver it properly, anything further than that is classed as an interception (remember that word from earlier ?).

Interception without a warrant is serious offence, worth up to five years at Brenda’s pleasure, and while some ISPs have Phorm for playing fast and loose with these regulations at the behest of the Home Office, they don’t have any particular urge to get into the business of mass interception.

RIPA neophytes please note that interception is not the same as looking at your ‘communications data’, which you can do with a note from your mum.

More importantly from the ISPs’ point of view is the catchily titled Electronic Commerce (EC Directive) Regulations 2002. Again, avoiding the gory detail, which is all in there if you want it, this piece of EU legislation essentially indemnifies ISPs against claims for, e.g., libel in the case that some libellous material is transmitted across their network.

ISPs are naturally very keen to keep this indemnity, because if they don’t, some waste of oxygen horse fuckers libel law firm like Carter-Ruck will sue them all to oblivion then next time someone puts up a blog post.

The catch is, though, that the definition of an Internet Service Provider in the regs is very tight, and intercepting traffic to look for illegal file sharing traffic falls explicitly outside it. Currently ISPs skim very close to the edge in implementing the Internet Watch Foundation’s kiddy porn blacklist. That’s just about allowed, because of vagaries in the technical implementation and because it’s a child protection issue. No one has the guts to challenge child protection issues. Of which much more later.

Anyway, that’s by the by. It would be a bloody impressive piece of legislation that could rewrite the EU regs, and I’d like to see it. It would have to start off something like “We hereby secede from the European Union”.

So basically, Mandy’s super legislation will have to modify the RIPA definition of interception, and then either modify or repeal the EU regs, or make the ISPs relinquish their ‘mere conduit’ status, thus exposing them to so much liability that we may as well switch the internet off the day the bill passes.

This is not going to have a happy ending.

Twitter Capacity Twatter

Apparently at some point shortly before I started typing this, twitter went over capacity and started showing people the fail whale.

Apparently someone told twitter that Kanye West, who I believe is a singer, was dead. Kanye west is not dead, but the storm of tweets continues unabated.

Rather humorously, one of the trending topics is ‘capacity’ as loads of people log in and post messages about twitter being over capacity, some times more than once.

Oh the humanity. And that is what I find so entrancingly attractive about watching twitter.

Tories in a PR Pickle over Spotify ?

There was a story going around last week about the Conservative party buying up ads on Spotify.

For the uninitiated, Spotify is a streaming internet music service funded by advertising. The user selects a play list or a type of music that they would like to listen to to and hits play. Periodically the user hears some advertising, or they can pay for an ad free service.

Here’s an example of some of the coverage it garnered at the time, mainly from the tech and music media. A story from PC Pro

Tories to campaign on Spotify

The Conservatives are to campaign on Spotify, as the party reaches out to tech-savvy voters.

The ad will feature Tory party chairman, Eric Pickles, lambasting the Government’s handling of the recent economic crisis, and urging listeners to vote Conservative at the next General Election.

It resurfaced again yesterday, this time the coverage was of a somewhat different tone. Here’s auntie beeb :

Tories stop music to woo voters

Conservative chairman Eric Pickles will apologise to music lovers later – as he interrupts their favourite tunes to ask for their vote.

Mr Pickles’ distinctive Yorkshire tones will interrupt music to attack the government over the economy.

Somewhat harsher, I think you’ll agree. Now, instead of ‘buying ads’ Pickles will ‘interrupt music’. Damn you, you Evil Tory fun spoiler !

Some folks have suggested that the article displays the BBC’s bias against the tories. Let’s see what the Times has to say

A 45-second message from the Conservative Party chairman, in which he interrupts listening pleasures to attack Gordon Brown’s ‘reckless spending’, is the latest attempt by politicians to get their messages across to the digital generation.

Hmm, spookily similar. Looks like we have a fine example of cut’n’paste journalism, which means there should be a press release a couple of clicks away. Yup.

The Conservatives are launching a bid to woo young, internet-savvy voters by advertising on digital music service Spotify.

A 45-second message from party chairman Eric Pickles will interrupt listeners’ choice of tracks to criticise Gordon Brown’s “reckless spending”.

Ouchies. Possibly time to sack the PR firm who wrote that. “interrupting” is a much poorer choice of words than “advertising”

Possibly also time to sack whoever came up with the idea in the first place, here’s a sample of Spoitfy users response to hearing repeated ads :

The ‘alcohol-know your limits’ one is so smug it makes me want to punch my monitor. I have to turn the volume down fully, and this is from someone who doesn’t even drink!

Joanathan was such a ****. If he’d hung around longer, I would to have had to construct some sort of effigy of him, then savagely beat him to alleviate my anger whenever an ad came on.

I can’t wait to see how they react to Pickles.

Thought for the day

Stop reading this blog right now and go away and do a backup of all your important shit. Even if it means you have to buy extra storage. Go on, do it. You know you haven’t.

Don’t end up like the person on the phone who just lost 2 years work because it was on a USB stick, there were no copies, and it got left behind, probably never to be seen again.

Quelle horror!

Broadband speeds the last few days have been substantially slower than those achieved by my last dial up modem many moons ago (a rather nice external 56kbps voice modem with the lights and the switches and the excellent features for wardialling, but I digress).

I am told that this will improve “sometime in the next 72 hours”, will require an engineer to “visit my exchange” (where are all the engineers hanging out if not at the exchange, which is a fair sized staffed branch office ? Would have thought there would be at least a couple handy.) presumably to reset the DSLAM which appears to have decided that my connection should be running at 256 Kbps, some 16 times slower than it should be configured, and that in fact I can’t really have all of that either (my typical data transfer rates at the moment are around 29 Kbps, approximating the third dial up modem I ever owned. In about 1990.) and may even constitute “an outage in my area”.

Hmm.

%d bloggers like this: