Categories
End User internet online safety Regs security surveillance & privacy

Julian Huppert MP proposes that the next government implements an online rights framework of principles

Online rights framework will help safeguard privacy

The internet is increasingly key to our daily lives and a crucial part of public policy making with ramifications across all areas. However, too often what we get from politicians is poorly thought through kneejerkery. I’ve seen this myself, on far too many occasions.

Just to pick up a few examples, when we were re-writing the Defamation Bill, there was a proposal being pushed that ISPs should be required to filter out any defamatory content on their network – quite a tall order.

David Cameron has been particularly bad – you may remember his suggestion at the time of the riots that he should be able to turn off social media to avoid panic. It took a lot of work to stop that and make it something that was ‘not even considered’. More recently, he’s been insisting that we should ban any messaging system that cannot be decrypted by GCHQ, completely failing to understand the essential link between encryption and cyber-security.

But this problem strikes the opposition too. There have been some really alarming comments about filtering out legal material online that completely miss the point of what is technically possible or desirable. And of course there are people in each party who do actually get it, although not all of us get to have the necessary influence over our front benches to achieve sensible outcomes.

My party has taken these issues seriously, and there are several things we hope to achieve in this area. One of these is stable sensible regulation – something that almost shouldn’t need to be said. Brilliant new ideas can easily be killed off if regulation is tweaked unexpectedly and long term investment will drop off if there is a risk of irrational rule changes. We as politicians should set a framework of principles, which should then be relatively stable. We should call on technical experts for help and have  discussions with the community and businesses. We can then setting the detailed online rights rules in a rational way. That has to be the best way forward.

I’ve been particularly working to develop a Digital Bill of Rights, setting a basic framework for what people should expect online when it comes to issues like privacy, net neutrality and more. This has become especially important since the Snowden revelations. All of us want security, and all of us want privacy.  How do we try to achieve both of those goals? When should the police or security services be allowed to collect information on us, and for what purposes?

Typically, these issues have been dealt with largely secretively and reluctantly, and with a focus on specific data types. For example, strong controls were introduced on DNA data in the Protection of Freedoms Act, but the Police just sidestepped them when storing biometric information, without even attempting to learn the principles from DNA data.

So those are my two key points – stable and sensible regulation, and a clear principle framework for our online rights. If I’m re-elected I’ll fight for those but it would be great to have more colleagues to help with that.

If you want to help me achieve this vision, please consider helping me out – http://www.backjulian.co.uk has the details.

Julian Huppert is Liberal Democrat MP for Cambridge. He has a scientific background and is one of a very small minority of our MPs who can grasp issues relating to internet technology.

Although one or two more might creep in that pretty much concludes the week’s posts on advice to the next government. Other political week posts on trefor.net are linked to below:

James Firth on why government should stop looking to big corporates for tech innovation
Gus Hosein on Data Protection Reform and Surveillance
The Julian Huppert crowd funding campaign here
Paul Bernal suggests government should hire advisers who know what they are doing
Domhnall Dods on Electronic Communications Code reform
James Blessing Says “No matter who you vote for…
Peter Farmer on Ofcom really isn’t an all powerful deity
Dr Monica Horten on Why the Magna Carta applies to technology policy

See all our regulatory posts here.

Categories
Bad Stuff End User online safety security

I blog about nail polish – what’s wrong with your filters?

 

Web filters block list includes fashion blog

https://twitter.com/SmashleighJayne/status/559720386112552960

https://twitter.com/SmashleighJayne/status/559720218155835394

https://twitter.com/SmashleighJayne/status/559722059660795904

https://twitter.com/SmashleighJayne/status/559722582921207808

The point about this is that the only reason Ashleigh-Jayne found about about this is because she is a TalkTalk customer. TalkTalk’s own web filters block list had her site down as being adult only.

Now maybe parents wouldn’t want little girls (or boys) checking out nail polish and fashionable shoes. The little darlings grow up too quickly these days. However we hope this is just a mistake. Ashleigh-Jayne will almost certainly be able to contact TalkTalk and get her site taken off the black list.

However if she hadn’t been a TalkTalk broadband customer she might never have found out whether her site was on the list. Millions of people might be wrongly denied access to her site. This is a problem with the system. The blacklists are automatically produced by machines that tbh are inherently untrustworthy because they get it wrong too often.

The following link takes you to an Open Rights Group website that can test your own website to see if it is blocked

http://linkis.com/www.blocked.org.uk/TJZCq

I took a look at trefor.net and the results are in the featured image. The BT and TalkTalk results that are inconclusive don’t necessarily mean they are blocking me buy it is certainly raises an eyebrow or two.

Haven’t actually looked at Ashleigh-Jayne’s blog but I’m taking her word for it that it’s not pornographic. As far as I’m aware she is a fine upstanding member if the blogging fraternity (sorority?).

As I write I realise that I will soon need a new pair of shoes. I doubt I’ll find them on her site mind you but I should be OK. I don’t think that ja.net has the same filtering policy. I’ll leave you with a little story about dubious websites that perhaps should be blocked from viewing by children (once the parents have opted in to the filter of course).

A year or two ago I gave a talk on VoIP security at a ja.net conference. An engineer came up to me afterwards for a chat and the conversation got round to how ja.net would have coped had they had to implement the Digital Economy Act and monitored its hundreds of thousands of users for their downloading habits.

The guy told me a story of how they had one been alerted to a really high bandwidth usage coming out of one room in a hall of residence. They went on an investigative visit and found that the female occupant of the room had moved in with a pal. The room had been painted purple and now had a pole in the middle of it surrounded by 4 webcams. Four enterprising female undergraduates had been paying for their university education by doing some professional internet pole dancing.

Now will that get me on a web filters block list?

Categories
End User online safety

Sky asking customers to tell them if they want to access adult content

Sky adult content filtering to be left on as standard unless asked otherwise

It was in the news yesterday. Sky is phasing in the inclusion of an enabled Sky adult content filtering as standard unless specifically requested not to. I was told by Lyssa Mcgowan herself. Well on her blog.

This is going to be an  interesting one to watch. I’m not going to rabbit on about how it should be the other way around – that families should opt in. I’m just going to see how long it takes for someone to hack in to the Sky database and publish the list of clients that have opted out. Just to show they can. Someone will take on the challenge.

It’s the same issue as why we shouldn’t be thinking about saving internet browsing data. Someone will leave it on a bus or it will get hacked and published on a server somewhere around the world.

Name and shame I say. Who wants to look at filthy pornography anyway. Bring back the high necked collar and floor length dresses. They had it right in Queen Victoria’s day. They also used to hide kids away in the nursery with their nannies. It’s no different today except now Sky provide the parental services by proxy.

The knock on effects of this type of decision will reverberate around the world. At least around the world’s browser manufacturers (does one manufacture a browser?). Sky customers that have opted out and who for reasons of privacy want to use incognito windows will now see a new message:

“Going incognito doesn’t hide your browsing from your employer, your internet service provider or the websites that you visit. ESPECIALLY IF YOU ARE A SKY BROADBAND CUSTOMER WINK WINK”

Interestingly Sky come out very well in our BROADBANDRating rankings. Getting the product mix right continues to be a difficult exercise but I’m not so sure they have it right with this one. There hasn’t been much adverse customer reaction on Twitter, as yet. Just people noting that filters are automatically on. Time will tell.

Fnar fnar.

Later – found a fair few negative tweets on this subject after all. Sample below:

https://twitter.com/kentindell/status/557654044232409088

https://twitter.com/misterjorgensen/status/557843887004606465

https://twitter.com/calh15/status/557656535485411328

https://twitter.com/Chagr1n/status/557590528188235777

Categories
Bad Stuff Business ecommerce Engineer internet online safety Regs security surveillance & privacy

A quick guide to problems that will arise if we implement further internet surveillance measures

Snoopers Charter revisited

The aftermath of the Charlie Hebdo murders has lead to goverment and opposition calling for more internet surveillance. Here are a few points for your consideration.

  1. Storing this data will inevitably result in it being hacked, left on a train/taxi on a laptop/memory stick and details of a government minister affair with another MP being made public. Example here (29 Jan 2015)
  2. The overhead associated with having to gather and store the data in a secure way will be proportionally huge compared to the size of the business and to the number of customers for smaller ISPs. This will result in the government deciding not to force these businesses to store the information and settle just for the biggest 7 ISPs aka the Digital Economy Act. The consequence will be that potential terrorists will just use these smaller ISPs for their internet services leaving a big hole in the “surveillance net”
  3. The resources required to make this happen will be huge. The French government already knew about the Charlie Hebdo killers. They just lacked the feet on the street to keep tabs on them. Diverting staff to managing the data gathering project will mean even fewer feet on the street or divert cash from adding more feet.
  4. The technical challenges with managing sender and receiver data for email clients is not small due to the hundreds of different clients out there with non standard formats.
  5. Most email is in any case encrypted these days and is run on platforms that are not necessarily owned by UK businesses. The difficulties associated with extracting these data will not be small (if not impossible). Ditto social media platforms.
  6. Forcing these platforms to provide a back door into the encrypted data (assuming it will be doable) will erode trust in areas of the economy that also rely on such encryption such as banking and ecommerce.
  7. Businesses will move away from the UK. It will be the start of the rot and leave us with a reputation akin to China et all when it comes to “surveillance society”.
  8. Terrorists will move deeper into darknets and continue to kill innocent people.
  9. On balance I’d spend the money on more feet on the street.

The rush to call for the snooper’s charter to be implemented would result in a bad law that will not have had adequate scrutiny. My wife and one of the kids were in the audience during last night’s BBC Question Time filmed in Lincoln’s Drill Hall. I watched despite it being well after my bedtime.

None of the panellists or the audience really had a grasp on the issues which reflects its highly complex nature. It’s very easy for MPs to support this type of legislation. Most right minded people will agree that it’s a good thing to stop terrorism. It’s just that they don’t understand the implications.

Check out other snoopers charter type posts here.

Categories
Business online safety security voip

Voice Fraud – You Need to Act!

Trefor.net welcomes VoIP guest contributor Simon Woodhead, CEO of wholesale voice provider Simwood.

In February, we published VoIP Fraud Analysis, a white paper that details Simwood’s three years of operating a Honeypot, coloured in by many years of real-world experience servicing wholesale voice clients of all sizes and seeing them compromised. Our research has been very well received in official circles from OFCOM to ACPO, at industry events comprising scarily competent people, and we’ve since been able to compare notes with others in darkened rooms who study this for a living. Of course, I won’t repeat the full content of the white paper here — and it certainly wouldn’t be appropriate to do so — but I will be glad to share a few observations from it.

VoIP fraud — an estimated $46bn a year problem — has come as no surprise to anyone, and as we’ve run through the mechanism of attack the majority of people in the audience have seen at least parts of the behaviour we describe in the wild. If we were describing other kinds of crime most people would be looking in from outside, but VoIP fraud is pervasive and everyone in the industry has seen it at some level. Similarly, nobody has questioned the solutions proposed; some of which are unique to Simwood though they can be employed by any provider on almost any equipment. Despite this, people remain reluctant to act and, dare I say, a little complacent. It is somebody else’s problem until it is their problem, and by then it may very well be too late. Remember, $46bn is the estimated measure of the good guys’ incompetence…the bad guys’ intent is infinite and, as we’ve seen, can quite literally put a provider out of business in just hours.

The sad fact is that the bad guys are becoming far more professional. Gone are the days of script-kiddy intruding with such blunt force that it was apparent as a DoS attack. They are still there, of course, and can still be very effective in breaching completely unprepared networks, but the serious people — the professionals — are…well, professional. There’s no impatience or fervour to their attacks and they do their homework very very well. Their reconnaissance is unobservable to those not looking out for it at the packet level, and their early compromise testing is lost amongst legitimate call traffic for those unaware of the test numbers identified. Then they wait, patiently.

Christmas 2013 was a busy time for us with almost every night seeing one of our customer’s end-users compromised. Actually, we saw the same customers compromised repeatedly night after night, as the bad guys had identified a specific vulnerability present in the equipment they’d deployed to their end-user businesses. Where the customers were ISPs (with a defined block of IP addresses containing customer equipment) the attackers had been able to identify a list of similar targets on their network vulnerable to the same attack. This would have taken a long time and a lot of patience, before striking when eyes were furthest from the ball. On every single occasion we identified the incident, proactively made contact with our customers to advise and help resolve the incident. The attackers left quietly, knowing they had a long list of other targets and could come back later. They did, every night for the Christmas period.

Don’t be fooled into thinking this is just a “VoIP” problem. Many incidents are targeted and exploit non-VoIP technologies (e.g., those present by virtue of traditional PBXs being retro-fitted with IP capability) while many others are at other levels altogether, such as the http interface of CPE or provider admin systems. The traffic may pass over VoIP as a consequence, but in many cases once the VoIP side of it has been contained it will then pass over traditional phone lines connected to the same equipment. It must be an anxious time waiting for the CPS invoices afterwards!

My point here is not to scare you, but to highlight two trends: (1) providers are becoming more complacent, and (2) attackers are becoming more professional. A destructive combination, indeed, and one that is sure to end in more tears. Attackers are not going to become less capable and less professional, so the only option is for providers to be less complacent and to — this is critical — take action. Very few if any are doing everything they could, whereas others dismissively rely on techniques that may help but are incomplete and therefore give false confidence. The bad guys can turn on an attack at any point after the reconnaissance is complete, and if you think they cannot then how will you notice and be able to react when they do?

The solutions are often simple and free, however they require a willingness to implement and generally bring many other benefits. By way of example, the vast majority of providers operate SIP on UDP 5060 because that is the out-of-the-box behaviour, whilst you’d struggle to find equipment nowadays that doesn’t support TLS. Not only are TLS endpoints far less common targets, but TLS and SRTP also give end users the privacy I think they already expect they have. Similarly, billing more frequently and getting as close to real-time as possible not only enables fraud monitoring but provides massive operational and commercial benefits too. Your carrier monitoring and enforcing fraud controls on your wholesale account, safely away from your network, is by far the most effective preventative measure, and some of us do that to varying degrees.

simwoodlogo

There are many more solutions contained in the Simwood VoIP Fraud Analysis white paper, and we urge you to implement them, and also to lean on your carrier to help you to do so. Please note that in all the “Christmas” examples it was we the carrier — not our customers — who noticed end-user compromise.

The key take-away I want to leave you with is that if you are having no trouble sleeping at night because you believe it can’t/won’t happen to you, then you really need to act now. Your network may already be compromised, with eyes awaiting your being off the ball, perhaps over a coming Bank Holiday.

VoIP Week Posts:

Categories
Bad Stuff End User online safety security

Heartbleed – a pain in the proverbial

Big fuss doing the rounds over the Heartbleed bug. Google it. Every man and his dog1 is saying it is really bad and offering advice which basically says change your passwords oh and btw it might not make sense to change it yet because your specific service might not have patched their SSL.

Now this is the problem. I have 75 sets of credentials for accessing online services. Each one has a complex and unique password. It’s going to take hours to change them all.

A few are more important than others, Google and banking for example. I checked Lloyds Bank. There are no notifications on their website. No advice. No words of comfort saying “don’t worry Tref you are ok son”. Now I can’t believe that a bank like Lloyds with presumably a huge security team hasn’t got it covered.

I checked them using LastPass and got the message “A Server header was not reported, you should assume this site could be vulnerable.” Now this may be because the site is vulnerable or it may be that Lloyds has its website nailed down so that services such as LastPass can’t ping it for information. Not being an expert in this field I don’t know.

Maybe I don’t need to worry about it anyway. Lloyds uses 2 factor authentication. Is that affected? Hmm. No idea.

I read about  tech so picked up the Heartbleed story. My dad doesn’t read this stuff. He is 80. He reads the sports pages, the political news and, oh I don’t know, headlines from 1956. Anything really but not news about Heartbleed.  Yeeeeoooooooowwwwnggg – right over his head. He probably doesn’t even know most passwords he has created. Probably a majority of the population will be in the same boat.

A lot of people out there will be oblivious to Heartbleed, oblivious to whether their services are affected and oblivious as to whether they need to do anything about it. What’s to do?

I’d envisage each of the 75 services I have an username and password with will be wanting to send me an email advising me of a course of action. Not received one yet…

lastpass heartbleed check

Other security related posts:

Who sells your contact information?
1 Rover2
2 Could be Bonzo

Categories
End User fun stuff nuisance calls and messages ofcom online safety Regs social networking

TripAdvisor

I’m not a lawyer. This is something of which I am proud. Nor am I a chartered accountant, this is something of which I am equally proud.

People that are in Regulatory Affairs (telecoms or otherwise) often individually present a real Heinz 57 of backgrounds, abilities and skills. As far as I am aware, no-one leaves school thinking “I want to be in Regulation!”. You sort of fall into it, from a carrier in the faculties of law, economics, accounting or the commercial arena – and have to be able to hold your own, at a high level, in all of them. In all cases, you need a desire and drive to get under the skin of the regulator and former incumbents alike; those that know me know I revel in this sort of protagonism.

Oh, and in case you’re wondering, I have an academic background in Finance and Management and a professional background in commercial affairs and compliance, hence my ultimate arrival in Regulatory Affairs. 18 year old Pete Farmer would’ve laughed if anyone suggested this is where I would end up.

So, this isn’t legal advice. It isn’t to be relied upon. It’s to be taken on an “as-is” basis as a way of stimulating debate and discussion around a subject of which I am as passionate about as annoying the Office of Communications; food.

Believe it or not, in my spare time I run a foodie

Categories
bitcoin Business online safety piracy

Bitcoin bet or bubble bursting?

two_pence Mt Gox is dead. Apparently. More than 750,000 Bitcoins missing, so they say.  Rumour mill an’ all.

Careless that, or criminal. Either way someone has lost a lot of Bitcoin (Mt Gox has previous – see here from 2011).

Now could be a good time to invest in Bitcoin. The price has dropped considerably. Mind you anytime could be a bad time to invest in Bitcoin, unless you make a living being successful at roulette.

I’m thinking of buying one. Just the one. Just so’s I can feel part of the action. It won’t be a big investment. I once knew a bookie in my local pub. He had a pitch at Market Rasen races and at one race meet I put a two pound bet on a horse with him. He accused me of trying to manipulate the odds with heavy betting 🙂

bitcoin market priceCurrent price is £295 or so (it was earlier this pm – changed already by the time of publication – gotta move faster – see preev.com). That’s a new washing machine, or simlar. Mrs Davies would say that a new washing machine would be more useful and not depreciate quite as quickly as Bitcoin has over the last 24 hours.

Wives just don’t understand do they?

I’d like to bet that many of the readers of this blog are multi-millionaires thanks to Bitcoin and  here’s me still trying to hack out a living writing blog posts. It could be the answer.

Mind you I do occasionally buy a lottery ticket and I honestly can’t remember the last time I got a single number right. I think there is something going on there. Must be.

I’ll keep you posted.

Mt Gox is dead. Long live Mt Gox.

PS I realise I’m taking a risk publishing a picture of a two pence piece but I think it is in the public interest to do so. The two pence photographed is worth two pence and will be used as part of a transaction to buy something – box of matches1 etc. It may not be possible to do this with a bitcoin.

1 can you actually buy anything for two pence anymore?

Categories
Business online safety Regs social networking

Edward Snowden – Facebook charges its users!

Facebook charges its users!

A dramatic byline….. ostensibly it hasn’t broken its vow that it is “free to use and always will be“, and there isn’t a pay-wall being erected around it. That said, with the hefty price tag it just paid for WhatsApp, it may well have to consider things!.

But Facebook has always charged, as has Twitter, and Google and so on. So it hasn’t had a Direct Debit mandate, but they have taken something you have freely offered in return for perpetual use of the site for free, and have marketed that. Your most valuable information; your preferences, your search history, your favourite band, most checked in pub, your beach snaps, all of this adds up to a data-miner’s paradise.

A quick calculation on Facebook’s market capitalisation just prior to the

Categories
Business online safety Regs

To decapitate or not to decapitate – a political bet? Vodafone filter

An eagle eyed reader spotted this little piece of bemusement from Vodafone.

decapitationHis newsfeed this morning had an interesting enough looking headline “Labour to launch decapitation strategy against Clegg” meaning that they were going to have a go at unseating him in the next general election.

vodafone_filteringInterest piqued, the reader clicked on the link only to come up against Vodafone’s content filter.

What was the content one wonders that made the Vodafone filter kick in? The reference to decapitation? Or did it find the politics of the host blog politicalbetting offensive.

Points arise:

Categories
End User online safety piracy

Indian call centre scammers need to up voice quality

pirate flagYou see before you a partially disappointed man. Not very disappointed. Just partially so.

I’m waiting in this morning so that there is someone in the house when two parcels get redelivered. The phone rang. It was an Indian call centre scammer.

I was only recently pontificating on the fact that I didn’t seem to have had many scam calls of late. This in particular is disappointing because the post about the 08000641087 scam number is amongst the most popular on this blog. Lots of annoyed folk out there.

So the phone rang and I was instantly excited.

Categories
End User online safety social networking

eTagged.me – you are a pest & @LinkedIn should know better

eTaggedmeI got an email from LinkedIn saying ‘ “xxxxx” (name withheld)  has requested to provide them with some feedback based on their personality using the short link below’.

Apparently eTagged.me, according to them, is “a new way to identify yourself to the world including ratings & reviews from your peers that shows how awesome you are”.

They look dodgy to me. A link was very handily provided for me to unsubscribe from further emails. This link seemed to be from eTagged me but I had to insert my LinkedIn password to unsubscribe. !!!!!

This is totally outrageous. I never asked them for the email in the first place and they want me to give them my LinkedIn credentials to stop them sending me any more junk.

I’ve reported them to LinkedIn. I also looked at their website. There is an email address but I’m blowed if I’m going to send them an email to complain. There needs to be a way within LinkedIn of blocking this stuff but I can’t immediately see it.

Beware of eTagged.me. We don’t need any new social media platforms thanks a lot. At the very least they need to change the way they work so that people can block them without having to enter secure credentials that are none of their business. I realise that access to the large databases that are LinkedIn et al is an attractive proposition but on this occasion they didn’t get it right.

Rant over. I must be going through an angry phase – just stay away from me for a while – okaaay 🙂

ttfn

Wasn’t so long ago that someone stole 6.5 millions LinkedIn passwords – here.

Categories
Business internet online safety piracy Regs surveillance & privacy

An evening with Julian Huppert MP – Internet Hero #fundraiser

julian_huppert_mpI’m not in the least bit political. If I get involved on the periphery of Parliamentary discussions and debate it is because I occasionally see MPs trying to implement legislation that doesn’t make sense in our modern internet based world. This is often because MPs have so much information thrown t them that they have to resort to keeping ideas simple so that they can get their brain around them.

Unfortunately when it comes to legislation that touches the internet, and by default touches those of us whose livelihood depends in one way or another (an increasingly large cohort of people) on the internet, the simplistic view often taken by MPs is often at odds with the practical workings of internet technologies.

We end up spending a lot of time and money fending off such legislation, more often than not pretty successfully but usually after great effort and pain. This is because it takes an age for people (MPs) who because of the practicalities of their job have to look at complex issues very simplistically.

I’m all for keeping things simple (stupid) but we also need people in our Parliament who can get their brain around the complexities associated with the internet. What to the layman is a simple network that “just works” is in reality a hugely complex ecosystem. In fact the complex issues faced by MPs often extend to non-technical considerations such as the privacy of the individual In reality it is difficult to separate the technical issues from the non technical as they feed off each other.

One of the few Members of Parliament who does understand these issues is Dr Julian Huppert, MP for Cambridge. His background is research science at Cambridge University. Julian has taken a very active participation in internet and technology related debates in the House of Commons and was one of the leading opponents of the Digital Economy Act that was (outrageously in many people’s view) rushed through in the dying days of the last Labour government.

Because of his work supporting the internet industry, last summer Julian was awarded the Internet Hero Award at the annual ISP Association Awards dinner. Since then he served on the Parliamentary Select Committee looking at the Draft Data Communications Bill (Snooper’s Charter) and was highly influential in the decision making that lead to the Bill being killed it off for this Parliament.

We need to keep MPs like Julian in the House of Commons. He is good for the internet. He understands the issues. MPs need to raise a lot of cash to pay for their election campaign. I assume the next election will be in 2015 but much will go on between now and then.

I have agreed to help Julian by organising a fundraising dinner on his behalf. He is a Liberal Democrat but this is not a party political issue. In fact this is a technology blog not a political blog.

Whatever your political beliefs, if you work in a business, or maybe it is your business, that makes its living from the internet it is in your interest to support Julian.

So this is an invitation to you to a Fundraising Dinner entitled “An  Evening with Julian Huppert – Internet Hero”. This dinner, on Tuesday 25th February,  is a sit down job at the National Liberal Club in Whitehall – a totally high class environment if you’ve never been.

At £300 a head this isn’t a cheap do but we have to remember that the idea is to help raise funds to get Julian re-elected. We won’t be stinting on the quality of the food and drink in any case.

You will be in the company of 49 other influential people from the internet industry so it will also be a great night for networking. We shouldn’t forget that it will also be an opportunity to share your thoughts with Julian.

Click here to find out more or drop me a line if you want to talk about it.

That’s all for now. Please help if you can.

Categories
Business online safety security spam

Gmail update – Google+ comment

gmail_updateGot an email yesterday from Google about a change to Gmail. Everyone probably got the same mail. Certainly the mainstream media made big news of it, in the tech sections. When you are sending an email from a gmail account you will now be offered Google+ account holders as recipients of the mail.

One site, whose name is oft misspelled, even published a post on how to change your settings to stop people from being able to contact you via Google+. This would appear to me to be a blatant sop to search engine rankings – a big part of the email I got was all about explaining exactly this so the repetition of this info seemed particularly unnecessary. Whoever gets news out first attracts the visitors so it’s dog eat dog out there in the www.

Anyway “starting this week, when you’re composing a new email, Gmail will suggest your Google+ connections as recipients, even if you haven’t exchanged email addresses yet. Your email address isn’t visible to your Google+ connections until you send them an email, and their email addresses are not visible to you until they respond.

I’ve tried but I can’t seem to get it to work. I guess “this week” must mean “next week” or at least from Monday onwards.

If someone from outside your Google+ Circles emails you then the mail gets filtered into the “Social” tab in your inbox. In my case this means it is unlikely to get read because I never look in that tab. I don’t look in the “promotions” tab either unless I’m expecting a particular mail – eg a password reset.

The tone of the online commentary about this “feature” is in the vein of “Google trying to increase/stimulate Google+ usage” and also all about privacy.

In my mind this is a very useful feature. I want people to be able to get hold of me. The principle is no different to your telephone number. Unless you want to be ex-directory anyone can look up your number. Of course there is the concern about spam but Google has a fantastic antic-spam engine and if it turns out to be “legitimate” spam from a business then this gets filtered into the “promotions” tab as previously mentioned. You can also label a sender as being a spammer which I frequently do if the email addresses me as “Hi”.

So all in all I think this is good. Except as I mentioned it doesn’t seem to work for me! That’s all folks.

Categories
Business online safety spam

Google blocking Microsoft Office365 mail as spam

I note from Twitter this morning that Google is blocking some emails from Microsoft Office365  to Gmail recipients as spam.

The message reads: [157.56.116.103 1] Our system has detected an unusual rate of unsolicited mail originating from your IP address 

I note also that the ip address is ascribed to AS8075 (ours is AS8607  fwiw – pretty contemporary) otherwise known as Microsoft Corporation. This address has been identified in the past as a source of spam – check out Project Honeypot. That link also displays some example mail messages that are clearly spam – “loans available”, “Attention ATM card beneficiary” and so on.

I sense a wry smile as you read this. Global commercial internet wars! “Google tries to shut down Microsoft email”. I suspect though that there will be no malice aforethought here. Managing mail platforms is a 24×7 job. As an email service provider you can’t afford for your server IP addresses to be blacklisted because of some customer generating spam. It might not even be that customer’s fault. It’s almost certainly an infected PC.

spam attacksMicrosoft will have a huge team of people managing their email platform. That spam was identified is also a testament to the Google anti spam capability which is widely considered to be the best in the game.

The pic inset is an old screenshot depicting incoming spam attacks – the legitimate mail has had to be amplified x10 so that you can actually see it. Fortunately the vast majority of the spam never makes it to the desktop.

IP addresses blacklisted as a source of spam don’t usually stay on the blacklist for very long – 24 hours maybe but it can certainly be a nuisance for those trying to send or waiting to receive emails.

I don’t think email has a long term future in any case or at least it is going to have niche applications (spam etc :)), but lets not get into a lengthy debate.

Ciao

Categories
End User online safety security

Eventbrite security really on the ball – Adobe hack

Had an email from Eventbrite yesterday with the subject “Keeping your account protected”. Fair play to them. Eventbrite have looked at the 3 million user name email addresses recently hacked at Adobe and cross referred them to any in use on the Eventbrite platform.

They have then let the Eventbrite users with these identical email addresses subs. I was one of them.

Most of my passwords are different and far too complicated to remember even. I didn’t even know I had an Adobe account. I checked. I did. I changed the password.

I also checked for any other account with the same email/password combo. There were two. They had not been used for some time (years maybe) but I changed each password.

One of the sites was Kodak. It took me some time to find out how to login on the Kodak website and I found I was locked out of that account!! Had someone tried to login a few times and locked the account? (could have been me – I dunno).

I also got a message saying “NOTE: Your MySupport account is different from your KODAK Store, KODAK Gallery, KODAK Pulse Digital Frame, Tips & Projects Exchange, and Google Cloud Print™ accounts.”

Goodness knows how I’m supposed to figure out/remember which is the right one to log into. Why can’t they have one login for everything?

Anyway well done to Eventbrite – this is great customer service. I looked but saw no email from Adobe letting me know my details had been compromised. Might have been caught in a spam filter I guess.

Tata.

Categories
Business online safety

51 years old and still single? Well yes and no Facebook.

facebook_adI’d be interested to see if anyone else gets this ad in their Facebook timeline. There’s no denying I am 51 years old – this Facebook knows.

Facebook also knows I’m married mind you and very happily so I hasten to add.

It’s one of those links you daren’t click on in case there’s some malware behind it though one would think that Facebook would have that covered. The photo of the girl is very small but she could well be one of the 160 “mature” women referred to. I suppose. I’d be surprised if this website had that many female customers in Lincoln though. Even if we take in the surrounding area.

I wonder whether the business model works. Suppose it must. This isn’t the first time I’ve seen this ad. I guess Facebook will take anyone’s money.

Ciao.

Categories
Engineer online safety

More on Team Cymru

team cymruSeeing as  I mentioned Team Cymru (Teem Come-ree) yesterday I just noticed that I’ve had their quarterly newsletter (Cymru Quarterly) on my desk since June. This is a personalized high quality newsletter that I specifically signed up for. I remember when doing so they asked me a second time whether I really wanted the newsletter in hard copy. I rarely read hard copy but in their case I did so I’ve been getting it through the post.

I’ve just noticed that on the cover of this edition they ask me whether I want to continue receiving the newsletter. In order to do so I have to click on a link and fill out a survey.

This is pretty cool and efficient. I get a fair bit of junk mail/magazines that I never look at and which are a total waste of space (and money). I’m not going to carry on with the hard copy. I follow them on twitter @teamcymru and am happy that I get my news in that way and save them some cash.

I wonder if they will be supporting Wales v South Africa at the Millenium Stadium on Saturday 🙂 They are based in Florida mind you. I expect they are so busy they will have forgotten the match is on…

Categories
Business online safety Regs security

Government Minister responsible for leaking secrets to enemy spies?

I note that old Francis Maude, Cabinet Office minister, has taken his communications services into his own hands and  installed a WiFi connection. The Telegraph article doesn’t go into any great detail as to what the WiFi is connected to. You get the impression he has ordered a separate broadband line to his office.

I was pondering on a comment on this article. Should we the great unwashed have a view on this? On the one hand if he is just using the WiFi to hook up his iPad etc just to catch up with his pals on Facebook and Twitter what’s the harm in that? I’m not sure he uses Twitter mind – I could only find a couple of parody accounts in his name. Maybe he uses an alias. I digress.

On the other hand he could be opening up the whole government communications infrastructure to foreign spies hell bent on infiltration and bad things. FM could be the cause of us having enemy sleepers (is that the correct terminology, it’s been a while since I read Le Carre – curse you #Twitterthiefoftime) deep into Whitehall ready to spring into action when the activation code word is broadcast on the BBC Radio4 Today programme or in a classified ad in The Financial Times (or Telegraph).

It might be argued that all the security that makes Government systems so clunky as described in the Telegraph article is all a waste of time anyway when it seems inevitable that Edward Snowden will one day leak all the secrets. We may well find that most of the info is routine stuff like what is Francis Maude’s favourite sandwich filling. Could of course be of use to an enemy seeking to poison him. Look out for yourself Francis. Take care now.

Whatever happens I’m all in favour of reducing the cost of Government, especially if he is paying for the broadband himself which I doubt but don’t know really. If we the unclean are paying lets hope he got a good deal – 50% off for the first six months or something like that. Maybe even unlimited calls to geographic numbers bundled in.

It’s not a Friday afternoon but I feel a competition coming on here. What keyword will our fiendish enemies use for a wakeup call and where will they publish it? It might be a phrase.

“The snow geese have arrived early this winter” is not an eligible entry – that one is too obvious and would immediately put MI5 on the alert. Or is it MI6?

Entries in the comments section please. Winner gets a terrific Timico megamug which they can collect in person at #trefbash2013. As a supplementary question if you want to guess what is FM’s favourite sandwich filling then I may use that as a tiebreaker in the event of a draw.

Your mother wears army boots.

Categories
End User online safety piracy scams

Gone phishing

pirate flagHad a wonderful little phishing attempt over the weekend that I feel compelled to share with you. I wonder how many people got this one and what its success rate will be. I imagine these guys are running a business with a dashboard and KPIs. There must presumably be a ROI for them to bother.

They do need a graduate entry scheme though or to employ some former civil servants to get the lingo right because the construction of the email isn’t totally convincing. Did anyone else get this one? I would say “bless em” if they weren’t such thieving [email protected]$%@&^%.

DIRECT GOV

LOCAL OFFICE No. 3819

TAX CREDIT OFFICER: Rodney Williams

COUNCIL TAX REFUND ID NUMBER: 983258661

REFUND AMOUNT: 324.39 GBP

Dear Applicant,

Unless expressly authorised by us, any further dissemination or distribution of this email or its attachments is prohibited.

I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 274.39 GBP

The dispute follows miscalculations of Pay As You Earn (PAYE) liabilities last year, which DIRECT GOV originally also denied when reported in this space but later admitted affected millions of people. You can now reclaim your over paid tax now by complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at DIRECT GOV

Rodney Williams

DIRECT GOV Credit Office

Preston

COUNCIL TAX REFUND ID: UK983258661-HMRC

DIRECT GOV denies profiting from tax refund delays which leading accountants claim are becoming more widespread and make taxpayers wait months to get back what they are due.

Copyright 2013, DIRECT GOV UK All rights reserved.

Categories
End User online safety piracy

Credit card – phone line scam from a friend of my sisters on Facebook

pirate_flag_thumbCredit card-phone line scam from a friend of my sisters on Facebook. I’ve just reposted it verbatim as it says everything it needs to say. It does make you wonder what on earth can be done to stop these. If everyone had an intelligent line that allowed you to block number withheld calls that might go some way towards sorting it though scammers would just start using a fake CLI.

An alternative might be to have a voice rec asking you who you wanted to talk to. Anything other than Tref, Anne etc would just go straight to voicemail. Schools should cover this sort of thing in lessons. It goes along with safe internet use.

Anyway the Facebook post is repeated below – the author stated that she wanted it sharing:

 

“Received a phone call from BT, informing me that he was disconnecting me because of an unpaid bill. He demanded payment immediately of £31.00 or it would be £ 118.00 to re-connect at a later date. The guy wasn’t even fazed when I told him I was with Virgin Media, allegedly VM have to pay BT a percentage for line rental! I asked the guy’s name – he gave me the very ‘English’ John Peacock with a very ‘African’ accent – & phone number -0800 0800 152.

Obviously the fellow realized I didn’t believe his story, so offered to demonstrate that he was from BT. I asked how & he told me to hang up & try phoning someone – he would disconnect my phone to prevent this. AND HE DID !! My phone was dead – no engaged tone, nothing – until he phoned me again.

Very pleased with himself, he asked if that was enough proof that he was with BT. I asked how the payment was to be made & he said credit card, there & then. I said that I didn’t know how he’d done it, but I had absolutely no intention of paying him, I didn’t believe his name or that he worked for BT.

He hung up. I dialed 1471 – number withheld I phoned his fictitious 0800 number – not recognized. So I phoned the police to let them know. I wasn’t the first! It’s only just started apparently, but it is escalating. Their advice was to let as many people as possible know of this scam.

The fact that the phone does go off would probably convince some people it’s real, so please make as many friends & family aware of this. How is it done? This is good but not that clever. He gave the wrong number – it should have been 0800 800 152 which takes you through to BT Business.

The cutting off of the line is very simple, he stays on the line with the mute button on and you can’t dial out – but he can hear you trying. (This is because the person who initiates a call is the one to terminate it). When you stop trying he cuts off and immediately calls back. You could almost be convinced!

The sad thing is that it is so simple that it will certainly fool many. By the way this is not about getting the cash as this would not get past merchant services – it is all about getting the credit card details which include the security number, to be used for larger purchases.”

The end – for now…

Categories
End User internet online safety

Government surveillance and the issue of personal privacy

The whole issue of government surveillance seems to have reached a crescendo over the last few days. It makes you wonder what the whole Draft Communications Data Bill was all about if “they” can already see everything.

I don’t even know whether encrypted communications are particularly secure anymore. I thought they were but does government secretly have the capability to do really advanced tech that is not in the public domain. Quite probably. We expect it of our own side and hope that we are better than the opposition (whoever they are) – the James Bond movie Skyfall confirmed that it goes on 🙂

I don’t know what to think about the whole privacy thing anymore though. Every online platform seems to know an awful lot about us. Tesco knows the intimate details of my lifestyle from what I buy from it. Google knows absolutely everything about what I’m doing with all my waking hours.

The old joke about a bloke having an affair with his secretary after work and then rubbing snooker chalk on his collar so that his wife would think he’d been playing with his mates doesn’t work any more. She just needs to follow his movements online, or have the difficult conversation about why he switched his phone off for an hour (5mins? 🙂 ) on his way home from work1 .

The Domesday scenario here is that all this information is opened for all to see, accidentally of otherwise. Worst case is that our bank accounts could be emptied.

Aside from ferociously safeguarding your bank password details, though it seems that crooks use back door techniques for breaking into accounts these days rather than brute force password hacks, it seems to me that we need to up the profile of the whole issue of security of our own personal data.

I can’t see how we can stop people/organisations from collecting this data but if they lose it or expose it for others to see then the penalties need to be suitably robust. The world needs to fast track a move to an online security conscious culture.

1 On Sunday I nipped out to the pub for a swift one before dinner and forgot my phone. When I got home there was a text message from my wife asking which pub I was in! Nothing was mentioned though.  I did feel an element of freedom being out without the mobile phone but was also conscious that the clock in the window of acceptability was ticking away.

Categories
Business online safety spam

spam blocking strategies

Trefor DaviesI am pretty aggressive in protecting my gmail account from unwanted email. The Timico mail is beyond redemption after years of attending trade shows although my strategy of signing up as The Reverend or Lord Trefor Davies seems to be working. Any mail or phone calls I get for one of those titles gets shoved straight in the bin.

The main problem I have with my trefor.net/gmail account is people wanting to sell me SEO or web development services. Often these emails come with elaborate messaging in the footer telling me that this is absolutely not spam and that they provide an unsubscribe function. However they usually can’t be bothered to find out my name and address the email as Hi. On this basis I tell Google that they are spammers. It gives me pleasure.

I’ve started to add similar emails to my block list on my Microsoft Exchange account. This morning someone I have never heard of from a company I have never heard from invited me to hook up on LinkedIn. I ignored it. This afternoon that same person has sent me a generic mailer addressed to “Hi”. If he went to the effort of looking me up on LinkedIn he might as well have gone that extra step and added my name into the email!

Ciao baby…

Categories
End User internet online safety security

The return of the “virus on your Microsoft PC” scam #speedytechies @TeamViewer

The “you have a virus on your Microsoft PC” scam is back. I thought they had locked up the people responsible and this was dead. Like everything related to the internet crime – spam, botnets they always find a way back.

I got home from work on Friday and took a call from Anna of http://speedytechies.com/. They apparently have thousands of staff servicing thousands of customers every day despite the fact that the website is only around 3 months old. Pretty impressive business growth.

Either that or Anna is lying and she doesn’t work for speedytechies. She sounded as if she was from India or maybe the Philippines – that general part of the world anyway.

http://speedytechies.com/ is owned by a small business based at a residential address in Houston Texas. You can easily find out lots of info about the business and its owner by shelling out a few dollars to an online resource that does this kind of thing. Not worth it because the chances are the scammer has nothing to do with this guy. Slightly suspicious that the website is only 3 months old though.

Anna wanted me to go to www.teamviewer.com so that she could take over my laptop to check out the virus. www.teamviewer.com looks like a legit site though it would be interesting to audit their list of paying customers to get a trail back to the scammers.

Anna gave me a phone number to call back if I had a problem: 18007137734. The line with Anna was not great so it might be wrong and don’t know where it terminates as I’ve not tried ringing it. Her line quality kept disappearing so she was probably using Skype or some similar OTT service.

I guess it would be possible to trace where Anna was calling from and compile a list of times that her ilk had tried the scam. It isn’t easy though for a punter and it would take a concerted effort from a number of stakeholders. It would be easier if the whole world was VoIP but it isn’t. Also the level of individual harm that will probably accrue from a single incident is not worth the effort it would take. This would have to be coordinated on a wide scale to build up a body of evidence for cross border efforts/cooperation to kick in.

That’s all for now. Ciao.

Categories
Engineer internet online safety security

How would Huawei spy on your network?

Last week the talk was about a story about former head of the CIA and the NSA, Michael Hayden, who thinks Huawei are spying on networks that have installed their kit. Link here to the Register story though it appeared in a lot of places.

One has to think about how Huawei might do this without the network operator knowing?

paul sherrattI had a chat about this with one of our networking gurus Paul Sherratt (pic inset – good looking boy) and this is what he had to say:

“They would write traffic tap/backdoor code into pre-shipped FPGA firmware or on an ASIC, hidden from any local intelligence agency code review body.  If for spying/traffic tap function, there would be some safeguards against activating the code if the router believes it is under test/non-production conditions.  There may also be some kind of ‘Hello, I am here’ call-out, which for example may be done by modifying a large DNS request packet contents and padding to the same length to avoid detection by looking at packet headers.

Whether that is even possible will depend on the hardware design – so that should also go through a full review by an intelligence body to determine if pre-shipped chips are an intelligence risk.  If they are, the only way to 100% prevent it happening would be to fully review the ASIC design and manufacture outside of China, which would probably rule out Huawei as a supplier.

It would be easier to implement in software/FPGA firmware, but easier to tackle from a security standpoint.  All software and FPGA firmware would be compiled after intelligence review and installed on network equipment after shipment.  If I were China, I may find it easier to get software engineer spies working for a more ‘trusted’ vendor not imposed with the same level of hardware and software review.”

It’s a tangled web innit? It feels as if we should be looking over our shoulder all the time.

As a footnote I used to work in the chip business. The company I worked for produced military ASICs amongst other things. it was quite common for chip designers to leave little messages or their names etched into the metal layers in empty spaces a chip. I remember once one of the guys leaving the words  “live fast die young” in the corner of a chip. They had to redo the metal mask and re-manufacture the whole chip. It was destined for a high reliability application where the notion of dying young was not too popular! Good times…

Categories
Business media online safety

Maria Miller ISP Safety Summit

PortcullisThere’s been a lot in the news about the Government’s Safety Summit where a number of consumer  ISPs and online entities (such as Google) have been asked to attend a meeting to discuss how they can do more to prevent people accessing illegal online child abuse material.

Sometimes when this kind of news hits our screens I don’t bother to comment. It seems like every man and bonzo gets their word in.

It is worth however emphasising a point made this morning by The Today Programme on BBC Radio4 which was that there are two issues here. One is accessing illegal child abuse material and the other is preventing children accessing legal pornography.

Access to illegal online child abuse material is totally wrong and the ISP industry already works to stop accidental access to this stuff via the Internet Watch Foundation which produces a list of sites to be blocked. Most of these sites reside outside the UK and really it needs a concerted global Government effort to take them down. They should discuss it at this week’s G8 Leaders’ Summit.

Consumer ISPs have measures in place to block access to these sites where they are known. However the nature of the internet being what it is all that these measures do is to prevent someone accidentally landing on an illegal page. The determined sicko will easily find a way around the blocks. Interesting to note the BBC report that the Government has actually cut funding in the area of online child protection (CEOP).

There may be a discussion to be had with Google and other search engines (are there any others?) re how they themselves prevent illegal material coming up in search results but it seems to me that the real issue here is how we identify the sites so that they can be included in the IWF list and ultimately taken down.

The issue of how to prevent kids accessing porn is totally separate.

Categories
Business online safety piracy

School connectivity and filtering – google translate

Trefor Davies thumbnail pictureDropped the kids off at school today. I don’t normally do it. It’s out of my way and gets in the way of my early morning swimming regime. It’s the last GCSE so it was only fair that the run in would be comfortable. Let the lad get in the zone.

I mentioned that last night I had sent their headmaster an email. This of course naturally sets off the alarms bells but I explained that I am planning a talk on connectivity trends to a room full of headmasters and school IT staff and thought it would be a good idea to chat to a horse’s mouth. Get my drift.

The car heaved a sigh of relief and someone mentioned the fact that the school had added Google translate to their list of blocked sites. The kids were somewhat puzzled at this and thought it might be to stop them cheating with their French translation homework.

I then explained that it was almost certainly because Google translate could act as a proxy to bypass their school filter. They didn’t know this. Oops. It was also mentioned that it took the school 5 days to realise that FIFA13 was out and to block that.

It goes to show that the whole blocking and filtering game is one of a constant war of attrition. It’s too late for the kids to use Google translate now, not that I want to encourage such things (get yer dictionary out). However you can bet your booties that someone in school will have another way around it, expellable offence or not.

To finish off on a different note a school’s connectivity need is changing. These days pupils need to use video conferencing suites to access lessons given by specialist teachers on other sites, in some schools sixth formers get given iPads for use in lessons and at breaks etc etc. These all add up to the need for more bandwidth, just like it is at home and in the office. Gimme a bell. I can help;)

Categories
Business Cloud internet online safety piracy scams

Should we regulate the cloud?

Today I am at a CIO event in London discussing the topic “Too important to be regulated and too important to be left alone” (Forbes) – Should we regulate the cloud?

You could extend this question to encompass the whole internet. Really there is no difference between the internet and the cloud.

When you think about it, as the whole world drags its living and breathing self into the cloud, it is natural that we should expect laws that exist on terra firma to apply to the cloud. There is no reason why they should not. What is illegal on earth should also be illegal in the heavens. The notion of being robbed or assaulted is just as unattractive in cyberspace as it is in the high street.

It is reasonable therefore that regulations should apply.

Categories
End User online safety surveillance & privacy

Snooper’s Charter update #CCDB – Nick Clegg kills it off

PortcullisIt’s been a week of publicity around the Snooper’s Charter. On Tuesday I attended a meeting with Julian Huppert MP where we talked about what is known about the expected redraft of the Draft Communications Data Bill.

Home Secretary Theresa May is widely expected to include this as an item in the Queen’s Speech on May 8th. If it doesn’t make this Queen’s Speech then it is not likely to happen during this parliament because of the length of time (the outrageous haste of the Digital Economy Act aside) it takes to process the Bills.

There is clearly an appetite at the Home Office to introduce such a law. It was attempted by the last labour Government but withdrawn for a number of reasons, not least of which was the opposition of the Conservative Party. How the heavy mantle of responsibility changes people!

My own view up until now has been if they are going to pass a law anyway then lets minimise the damage. For example although no details have been made available on the contents of the Bill it is believed that the Home Office is desirous of an automated access to the various databases that will be accumulated if this Bill became law. If we keep this as a purely manual interface, where the ISP has to physically hand over data, then there is less likely of mass data loss due to hacking by a 3rd party.
However reading some of the stuff published this week has made me rethink my tactics. The Open Rights Group (and others) letter that appeared on the front page of the Times does ask us to consider what kind of society do we want to live in. Do we want a surveillance state?

The precedent being set would legitimise similar activities around the world in countries that are notionally less democratic than our own and whose purposes are on the face of it likely to be more sinister. I say “on the face of it” but we would have to be very careful of mission creep in the UK.

Content providers operating on a global scale should be very concerned. If UK law said they had to handover private data on their customers’ activities whenever required by the government then their defence for refusing to do so when these requests were made by totalitarian regimes would be removed.

The Home Office has been very secretive about the content of the revised draft of the Bill keeping all briefings very general. My belief is that this is because there will continue to be huge holes in their arguments and they won’t want too much detailed discussion that might derail its inclusion in the Queen’s speech.

It is natural for people to be suspicious when others are keeping secrets. For example it’s like the attitude of most people towards the Masons. In this instance the ORG letter attacks ISPs for supporting the Home Office by maintaining radio silence regarding the details of the Bill.

Although I don’t know for sure I expect most ISPs haven’t seen the detail either. Certainly I doubt that Zen, who have been openly vociferous with concerns about the Bill will have been involved. Of course the bigger the ISPs get the more they have to lose. Some of the bigger ones are known to take neutral stances in respect of proposed legislation because they wouldn’t want the negative PR in their customer base by being seen to cooperate with the government on contentious matters.

On the other hand they need to be seen to be taking a responsible line where law enforcement is concerned. ISPs are after all staffed by human beings. We all want to clamp down on paedophiles and evildoers and always cooperate with requests from law enforcement for help using the existing RIPA system.

The other aspect of this line of debate is also the issue of competition and subsidies. A Freedom of Information request made at the end of last year showed that at least £400m had already been spent by Government on this Bill. A big chunk of this is likely to have gone on equipment in ISP networks. Part of me says “great, the government can pay for Timico to upgrade our own network” but the opportunity cost for us would be huge – diversion of key engineering staff to government projects.
You do have to ask how much of that £400 spend is now contributing towards lower operating costs of larger ISPs and thus increasing their competitiveness.

We still don’t know the detail of the Bill although we don’t have long to wait. In the meantime we can only look for clues. BAE Systems’ Detica who “develop, integrate and manage information intelligence solutions” are known to have been involve in HO meetings re the Bill.

We now have to wait and see but on balance I think this is likely to be a Bill whose disadvantages far outweigh its benefits. Julian Huppert by the way is a good guy. He is of the few technology savvy in a Parliament in which we have a highly dangerous situation: MPs who don’t understand technology voting on technology oriented laws drafted by civil servants who also don’t understand technology.

More when I have it…

Update just a few minutes later:

Looks like this has been killed off – Nick Clegg has come out against it and it will not now appear in the Queen’s Speech. I must say this a good demonstration of common sense and leadership by Nick Clegg which can’t do him any harm in the eyes of the electorate.

Categories
End User mobile connectivity online safety

Unwanted text messages from dodgy outfits

Just had two text messages in this morning. One made me smile. It was from Premier Inn (yes I no longer suffer Travelodge) reminding me of my booking and booking reference number. I thought that was good. “Like”.

The other was from an extremely dodgy looking outfit saying “Government Legislation allows any unaffordable debts to be legally written off. Reply Y for a callback or click www.d-lg.co.uk and use our quick enquiry form”. The number was 07767169003.

Following the link takes you to a really dodgy looking site telling you nothing about who you are talking to. This really annoyed me – the opposite effect of the sms from the Premier Inn.

We the people really do need to get to grips with this.  In fact that statement about Government Legislation must surely be erring on the side of illegal. I think I will explore it and find out more.