I suppose it shouldn’t come as any surprise that a government goes back on its word once they get to power, but it nonetheless disappoints to discover that LibCons have resurrected Labour’s batshit insane Intercept Modernisation Programme.

Now called the Communications Capabilities Development Programme and containing a few superficial tweaks (namely dispensing with a centralised database), it is still the same impractical authoritarian mass surveillance nightmare that Labour tried to push through before they were rightfully ousted at the last election – hopefully never to return.

As with IMP, the CCCP CCDP plans to record details of phone calls, text messages, location, emails, IMs and social network activity.

As with IMP the content of messages isn’t to be recorded – just when, where, from and to whom. I suspect this concession was down to data processing limitations more than anything else, but as I’ve remarked on before this actually makes it a whole lot worse as it introduces the very easy to fall victim of guilt by association fallacy.

Consider the following situations:

1. I am so incensed by RabidManWithAHookForAHand’s views that I email him to say he’s an idiot. He replies and a flame war ensues.
2. I meet someone at a party, we get chatting and I add them as a friend on Facebook and we exchange a few IMs. Later they turn out to be a animal rights activist.

Without context, both these situations would likely flag me up as a person of interest.

Content or no, the deluge of irrelevant data this sort of mass surveillance would produce must surely make it harder to spot the anything that is important. The signal to noise ratio must be particularly poor.

Blanket surveillance such as this sacrifices much and gains little, lets the government go on “fishing expeditions” and will do very little to protect us from terrorists (if you accept the government’s assertion that the barbarians are at the gate, which personally I doubt very much).

Historically of course the biggest threat to life and liberty a population has faced has nearly always been posed by their own government.

Over on GitHub I have just open sourced a PHP web and web services framework which I’ve been making use of to build a lot of projects recently.

Initially, it was built for a single project but I’ve ended up using it for many other things, and I thought it might be useful to the Open Source community.

Features

• Pluggable
• Light weight
• Sophisticated events system
• Abstracted database layer
• MVC architecture
• Virtual pages
• Object/Metadata based data model

Its designed to have much of its functionality carried in plugins, many of which I will release a little bit later just as soon I’ve had the time to tidy them up a bit!

Anywho, its available under the MIT licence and hopefully it’ll be useful to you!

» Github Project Page (Core Plugins, Extra Plugins)

Lulzsec, a cracker establishment which popped up in May, has claimed to have accessed the complete records of the 2011 UK Census. According to the BBC, the main guy involved seems to have been arrested.

Whether or not any of this actually turns out to be true is not really the issue. The UK government’s appalling ineptitude at all things security related pretty much makes such a leak a matter of when, not if.

What sticks in my craw about this is that is that we all knew such data loss was going to happen, whether by malice or incompetence. It happened with DVLA records, it happened with child support records, it happened recently with medical records, the list goes on.

But despite the seeming inevitability of the data becoming public (and don’t forget, a breach only has to happen once) most of us are happy to hand over this information. Or, in the case of dealing with the government, compelled to hand it over by Law.

Is it not about time for us all to get over the idea that handing information about ourselves to a third party – either public or private – is in any way a good idea?

The next time you’re asked to fill out a form or complete a questionnaire take a moment to consider who will see it, what damage it could do should it fall into the wrong hands.

Above all, ask whether they even need the information in order to provide you with the service?

Most of the time they don’t.

Unless you have been living under a rock for the last few days, you will be aware that the whistle blowing website Wikileaks has recently published a massive collection of US government memos dating back to the 1960s.

Even the issuing of a D-Notice has failed to prevent the reporting of some of the contents of these memos here in the UK (welcome to the reality of the world in the 21st century guys), and I suspect the impact will be felt for years to come.

The leak was met with almost universal applause from the public, and almost universal condemnation from governments around the world. This startling disconnect and the reason’s why it marks a change in expectations that government has yet to fully grasp has probably been best explained in this article. News agencies in the most part (FOX not withstanding) have been treading a fine line; drooling over the scoop but at the same time giving a disparaging sniff of disapproval.

Suffice it to say, governments around the world have got used to the idea that surveillance goes only one way and that the public at large will happily accept that “Government Knows Best”.

Wikileaks is drawing a lot of attention. Once discounted as a bunch of trouble making nerds, it is now increasingly a thorn in the side of major governments – who are being forced to go through the full body scanner and are now having their unmentionables exposed for their citizens to pick over and pass judgement on.

Incoming chairman of the House homeland security committee Peter King recently described Wikileaks as a “Terrorist organisation” only reminiscent of how Joseph McCarthy once described the ACLU.

There is now a real danger that Wikileaks and its founders will get put on the various terrorist blacklists (or worse). This will essentially pull the rug out from under the organisation since it would mean severe penalties for anyone or any organisation who aided Wikileaks in any way – including activities such as processing payments or hosting their website.

The reason why Wikileaks will fail? Simple, its a single point of failure, and an increasingly prominent target.

The real tragedy is that the more successful it becomes and the more embarrassment it causes to those who seek power without accountability, the faster it will hasten its own demise. I predict that in a few months or years Wikileaks will be taken down in a blaze of ill thought out legislation that will cause untold damage to the rest of us.

The hole left behind is a vital one to fill, but it has to be filled by something distributed and open rather than one site run by one (albeit dedicated) set of individuals.

Wikileaks 2.0

In order to survive, the successor of Wikileaks must – I think – meet at least the following requirements (although this if off the top of my head, so its by no means a complete list):

• Be distributed. The platform will be a collection of interconnected nodes rather than a single site (bonus points if a node is only aware of its “neighbours” rather than the entire network.
• Be open. The specification of what a node should do and how it communicates should be an open and peer reviewed document. This will mean that multiple interoperable implementations can be built.
• Be self repairing. New nodes can be added and will announce. While every document in the system need not exist on every node, the system will ensure that there is never less than X copies in the system.

What we’re talking about here really is a somewhat customised form of CDN and the technology already exists to do all of this.

The Wikileaks of the future then would be one of many websites which sit with their toes in the same pool of data.

Discuss.

In the middle of the most drastic budget cuts since the great depression, with billions being slashed from education and welfare, the Interception Modernisation Programme is coming back to life like some horror movie monster.

Yes, it would seem that Labour’s Orwellian program to monitor everyone’s internet activity has been resurrected by the coalition government to the tune of 2 Billion pounds. This despite pre-election promises by the Liberal Democrats (who seem to have been entirely subsumed into their host party).

To say that this is disappointing is an understatement, and for what good it’ll do there is of course a petition. Given that this new government doesn’t seem to mind if its unpopular, I doubt a petition will do much good.

The coalition has made it abundantly clear where its priorities are.

As I remarked in a previous tweet, people these days seem surprised when you say you’re not on The Book. So, as I came back after seeing a friend and yet another person asked me to add them as a friend on Facebook, I thought I might reconsider my previous position.

So I signed up… typed in my name, email address etc… and what did I see?

I saw a list of “suggested friends”, which was essentially everyone I knew before I deleted my account, as well as a bunch of people I knew but hadn’t connected to.. the social graph in action I guess.

I would be interested to find out where this information was obtained if my account was truly deleted, from my former connections? But surely, I could be any Marcus Povey? True, emails are “unique”, but I’m fairly sure that at least half of the suggested connections never knew my email address (social graph again)… besides, that’s missing the point.

To be clear, at the very least Facebook is remembering my name/age or email address as unique identifiers, and who I am connected to. So while the delete account option may remove your pictures etc, it clearly doesn’t remove the connection data – which I have previously stated is actually quite a powerful and private bit of information.

Am I alone in being a little freaked out by this?

Clearly, even though they provide a way of deleting your account, much of the important connective information is retained. Your account still isn’t being deleted.

In other words; “You can check out any time you like, but you can never leave”.

Suffice it to say, I reconsidered my reconsideration. I deleted my account again (for what good it will do), my first instinct was correct.

I guess people are just going to have to email me.

Old Skool.

The other day I took the decision to delete my Facebook account.

There has been a lot about Facebook and privacy in the tech press over the past few weeks – making live chats public, the ABC bug, criminalising violations of their terms of service, etc.

Facebook has a clear habit of leaking data, and a general disdain for their user’s privacy. As we can see by the changes to their Terms of Service and default privacy settings over time this is a deliberate strategy, which makes perfect sense since Facebook’s entire business model depends on their users sharing everything.

There’s a problem here of course, because even if you delete your account or were never on Facebook to begin with, the chances are you still are on Facebook.

Crowd sourced surveillance

Facebook crowd sources its intelligence gathering by encouraging your friends to continually update it with fairly sizable amounts of information about you, even if you are not a member. The simplest example of this would be the invite system… Facebook user Alice uses the Facebook interface to invite Bob, who is outside of Facebook, to a party… innocuous at first glance, until you consider that Alice has just told Facebook (and by extension: advertisers, government agencies, application developers etc) that Alice knows Bob (expanding the social graph) and has informed them of Bobs email address.

Image tagging presents another interesting problem. Facial recognition has reached a stage where by a machine can tell whether a face belongs too the same person from picture to picture. This feature was included in the latest version of iPhoto for example, but even without facial recognition, a tagged photo provides confirmation that a group of people were together at a certain time – and with geotagging enabled – in a certain place.

Facial recogniton is on Facebook now (via a third party app – although I would imagine Facebook will be developing their own version), Google is also following similar lines of research.

Of course, the algorithm can’t know who you are…

… until someone helpfully tags you of course. At which point you can be identified in any image on Facebook and the wider internet.

Governments have access to this technology as well of course (biometric passports anyone?), and we have already seen moves to incorporate this sort of face tracking and recognition technology in the next generation of CCTV cameras allowing automated tracking of people throughout our cities.

Anyone considering wearing a mask or similar as an obvious countermeasure should take note that the wording of the “burka ban” law recently passed in Belgium… which does not specifically ban the burka, rather bans any clothing that conceals the wearers identity. French and German MEPs are pushing for similar laws throughout the EU.

… first they came for the hoodies, then they came for the Muslims…

Question of ownership

I could easily be accused of being paranoid, but all this is perfectly possible and is an extrapolation of current trends.  It also serves to underline two central problems; first, that information is collected and added about you regardless of you do, and second, that this data is not considered to be yours - leading to unintended outcomes should the people holding the data change how they use it.

So much data is collected about you through the usage of online systems. Facebook in particular has extended this intelligence gathering capability out into the wider internet with its seemingly innocuous “like” button, or by secretly installing applications (which have full access to your profile) when you visit Facebook enabled websites (decidedly less innocuous).

Each bit of information gathered is fairly harmless on its own, but when aggregated over time present an incredibly detailed picture of your life – online and offline.

This information is packaged and sold.

That this data doesn’t belong to the person its about – even if it is of a deeply personal nature – is, I think, a rather corrosive assumption. Unfortunately we see this assumption at work all over the place both in government and the private sector, and although I’ve focussed particularly on Facebook in this post, it is only one part of a much wider problem.

Question of control

Fundamentally if you don’t own your data, you can’t possibly control what is done with it. Privacy controls and the like are at best a comforting placebo.

For this reason, I am suspicious of “free” services as money must be being made somewhere, and if it is not a direct fee then where?

So how can you keep control?

This is actually a very hard problem, because the obvious solution – not using the services in the first place – increasingly handicaps you.

Facebook has made a push to become the social architecture of the web with their “like” button, which isn’t the end of the world. However, more and more sites are using Facebook, Twitter etc for logon. Linking sites around the internet together and forming a more complete picture of your online habits.

If I want to use Microsoft’s online word processor Docs.com, my only option is to sign in with Facebook. Google docs needs a google account etc..

As Twitter, Facebook and Google etc all compete to be “You” on the internet you will see this kind of thing happening more and more.

Can I live without these services? Possibly. But what if a client uses them to share a specification document, can I refuse to view it? I guess it depends on how understanding your client is.

Is privacy dead?

Privacy is important, and anyone who says that “if you have nothing to hide, you have nothing to fear” should be encouraged to read Anne Frank’s diary.

However, we now live in a world were both online and offline we are encouraged to give away more and more of our private information. What information we don’t give away is obtained by monitoring our actions or provided by others – “Marcus was so wasted at Dave’s party last week, look here’s a picture of him passed out on the floor! LOL”

So much of this is out of your control, and what data is generated is not yours, but at the moment you still have a little wiggle room – if only because all these systems are still rather fragmented.

However, I believe that privacy is going to be one of the main societal battle grounds of the 21st century, and the first salvos have already been fired.

Privacy may not be quite dead yet, but it is certainly missing in action.

Image from ICanHasCheezburger

So, it would seem that despite firm opposition by the Liberal democrats the utter abortion that is the Digital Economy bill has made it through the house of lords and has been passed back to the commons.

It is the government’s hope that MPs will not exercise their right to debate this bill further, and if the debate doesn’t happen the bill will be made law.

I can not express how bad this authoritarian and protectionist bill is or how much damage it will do to the UK economy.

It will increase the already disastrous brain drain, as well as losing any party which supports this bill the sizeable UK technical vote.

Please write to your MP now and ask that the bill is debated in full!

Image “closed” by Gill Holgate

Unless you have been living under a rock the last few days you will be aware of Google’s new social networking product – Google Buzz.

Unfortunately it would seem that some assumptions made by the designers and the automatic opt-in nature of the service has lead to some serious issues.

For me it underlines some of the problems with entrusting your personal data to the cloud. That is not to say of course that it is a user’s fault that their data gets shared in such a way – everything in the day to day usage of these tools gives the user a reasonable expectation of privacy.

The trouble is, that this expectation is largely an illusion. When using cloud services, you are entrusting them and you hope that they will exercise the same care when dealing with your data as you would – but unfortunately this is rarely the case.

Whether through carelessness or malicious action information has a tendency to leak. Assumptions made by the design team can be proved poor. So in short, never put anything on the internet that you wouldn’t be happy to see on a billboard.

Download audio file (97642-the-buzz-around-buzz.mp3)

So, I’ve been a little bit quiet over the whole Barcamp transparency thing in recent months for one reason or another – but not because nothing has been happening!

As the UK enters into an election year, and with legislation such as the infamous Digital Economy Bill being rushed through parliament, and all parties promising to clean up politics, 2010 looks to be an exciting year for transparency related issues.

I am therefore delighted to confirm that Barcamp Transparency will be happening again later this year, with more speakers, more interesting conversations and more beer afterwards!

Transparency isn’t just a hot topic in the UK of course, so we are currently actively putting together plans for holding similar events elsewhere in the world.  If you would be interested in helping out, please get in touch!

Finally, it has come to light from the conversations that we have been having that there is a need for an online community space to help organise these events and let people from around the world discuss and collaborate on transparency related issues.

Therefore, I am delighted to say that we are currently putting this together and that Ben Werdmuller (of Elgg fame) has agreed to become our Community Manager!

Get in touch and let us know what you want to see in the future!