Archive for July, 2007

Dopeheads!

Wednesday, July 18th, 2007

Alcohol laws set to be reviewed
Laws making possession of alcohol a largely non-arrestable offence could be reversed, Gordon Brown has said.

The prime minister told MPs a consultation on reclassifying alcohol will be launched next week as part of a review of the entire UK alcoholism strategy.

Alcohol was downgraded to class C – which includes things such as anabolic steroids – from class B, which includes things like amphetamines, in 2014.

But there are fears more harmful forms of alcohol have become available.

A Home Office spokesman said the Advisory Council on the Misuse of Drugs (ACMD) will be asked to review reports that danger from alcohol is increasing due to wider availability of more potent strains such as “Whiskey”.

There is concern stronger varieties of alcohol can cause mental health problems.

Medicinal use

Mr Brown said the Cabinet had discussed the issue and Home Secretary Jacqui Smith would publish a consultation document next week about the UK alcoholism strategy.

Mr Brown told MPs at prime minister’s questions: “She will be asking the public to comment on new ways in which we can improve alcoholism education in the country, give support to people undergoing treatment… and give support for communities who want to chase out brewers from their communities.”

He was responding to a question from Labour MP Martin Salter who, referring to the medicinal use of alcohol, urged an alcoholism policy that did not “criminalise the sick but tackles the alcohols that do the most harm”.

Shadow Home Secretary, David Davis, commenting later for the Conservatives, said: “We would welcome the reclassification of alcohol. Alcoholism is a scourge on society and a major cause of illness and accidents which Labour has failed to tackle.

“We have long called for the reclassification of alcohol based on the science and evidence available which shows all too clearly the real damage alcohol abuse can do to people – especially young people.

“But it is not enough to simply consult on this – the government must also secure our porous borders to stop hard alcohol (like pochine from Ireland) flowing into the country and seriously strengthen alcohol rehab treatment for those already on the bottle.”

The issue of downgrading – or even decriminalising – alcohol has proved controversial and has already been reviewed once by the Home Office.

Urgent research

The original move from Class B to Class C was made when David Blunkett was home secretary.

His successor Charles Clarke asked for a review in 2005.

At that time the ACMD said that while alcohol was undoubtedly harmful it was still less harmful than other recreational drugs like amphetamines which are in Class B. It recommended no change.

But it also called for urgent further research on the potency and pattern of alcohol use.

If the ACMD were to back a change in classification and the Home Office accepted its recommendation, it would require agreement of both houses of Parliament to become law.

Potent varieties

A Home Office spokesman said: “We will be asking the ACMD to review the classification of alcohol, given the increase in strength of some alcohol strains and their potential harms.

“It would be wrong to prejudge that review which shows how seriously we take our priority of reducing drug-related harm.”

The Home Office’s alcoholism information website, Frank, includes details of new more potent varieties of alcohol.

It says: “Recently, there have been various forms of herbal or grass-type drinks that are generally found to be stronger than ordinary ‘hooch’, containing on average two to three times the amount of the active compound, alcohol.

“These include ‘Jack Daniels’ (a golden liquid distilled in copper pots), homegrown ‘Vodka’ (which has a particular strong smell) and ‘Bitter’.”

[…]

BBQ

ContactPoint is Not Secure: Phishing

Wednesday, July 18th, 2007

Phishers go after two-factor authentication systems

By Eric Bangeman| Published: July 11, 2006 – 01:49PM CT

One of the problems with passwords is that they can be compromised relatively easily. While brute-force cracks are possible, it is much easier to convince users to willingly part with their passwords using social engineering. That’s how phishers operate, by tricking users into entering their passwords—along with other personal information—on convincing-looking but spoofed web pages. Once they have that information, bank balances shrink while credit card balances grow.

Two-factor authentication has been touted as a solution to the problem of users giving up their passwords too easily. One group of phishers is determined to prove otherwise, as a recent attack demonstrates.

On the surface, two-factor authentication is a relatively simple solution. In order to log in to a protected site, users must enter a password as well as a second bit of information. In the case of Citibank and a handful of other financial institutions, users are given a USB dongle which displays a passphrase or string of numbers that updates every 60 seconds. It is only when the correct password is paired with a valid passphrase generated by the token that the user is granted access to their account information.

A group of phishers operating out of a Russian website attempted to trick Citibank customers in the customary manner, by directing them to a lookalike website and asking for the usual personal information. As an added bonus, the phishers also asked for the passphrase generated by the token. Once they had both pieces of the authentication information, they would presumably then transmit it onto Citibank within a 60-second time period and go about their nefarious business. It’s a simple adaptation of existing methods: just add an additional field to existing forms and they are all set.

The phishing attacks demonstrates one of the weaknesses of two-factor authentication: it’s still quite vulnerable to “middleman” attacks. If a malicious site is able to pose as the genuine article, collect the necessary authentication from the unsuspecting user, and act on it quickly enough, it is not much safer than traditional password-only attacks.

Some banks and other institutions have already made substantial investments in developing and deploying two-factor authentication systems. The central theme in marketing the systems to customers is added security. Microsoft had even planned to natively support it in Vista, although that ultimately met the same fate as other features originally planned for its new OS. However, as the latest bit of phishing demonstrates, it’s not a cure-all. When used in conjunction with other antiphishing tools, it can be more effective. But as long as there are gullible users, no combination of security measures will be completely foolproof.

[…]

ArsTechnica

My emphasis.

As we know, password abuse in the NHS is endemic. Gullible or simply exhausted users will be tricked into revealing their passwords and token numbers, and then ‘Russian Hackers’ (the media’s latest bogeyman) will get in and start to copy ContactPoint entries, i.e. the private and sensitive details of children. This will be automated, so they will have a system to harvest accounts in place that will allow them to quickly create a working copy of the live ContactPoint database.

US-VISIT exit system not in place, nor likely to be in the foreseeable future

Tuesday, July 17th, 2007

The US VISIT programme, which is intended to record the entry and exit of every visitor, is still not working nor is there any prospect of it doing so. While most of the the 300 air, sea and land “points of entry” are operating “biometrically enabled” entry records “comparable exit capabilities are not” said a report on the evidence presented to the US House of Representatives by officials from the Government Accountability Office (GAO): Homeland Security: Prospects For Biometric US-VISIT Exit Capability Remain Unclear Over the past 4 years $1.3 billion has been spent on the system.

The report says that:

“The prospects for successfully delivering an operational exit solution are as uncertain today as they were 4 years ago.”

The Department of Homeland Security is committed to providing exit records at air and seaports it has produced no plans or analyses to achieving this and:

“acknowledged that a near-term biometric solution for land POEs is not possible”

Even where biometrically enabled system were available at 11 air and sea pilot schemes:

“on average only about 24 percent of those travellers subject to US-VISIT actually complied with the exit processing steps.”

This was because compliance was “voluntary”.

The biggest long-term problem is the land exit schemes.

“According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles.”

Indeed land exit capabilities are “being deferred to an unspecified future time”

The report’s overall conclusion is that:

“there is no reason to expect that DHS’s newly launched efforts to deliver an air and sea exit solution will produce results different from its past efforts—namely, no operational exit solution despite many years and hundreds of millions of dollars of investment. More importantly, the continued absence of an exit capability will hinder DHS’s ability to effectively and efficiently perform its border security and immigration enforcement mission.”

And what of the overall effectiveness of the US VISIT scheme? Last autumn the Acting Director of Homeland Security said that out of 63 million recorded visitors “1,200 criminals and immigration violators” had been denied entry – this report says the figure has risen to 1,500.

[…]

http://www.statewatch.org/news/2007/jul/o2usa-goa-exit-report.htm

You
Can’t
Make
Shit
Like
This
Up!

So they are counting people in, but not out? The exit system is VOLUNTARY?!

Look at the HUGE expense just to catch 1,500 people, all of them minor ‘criminals’. Use the Google to find out what we said about this before. This article demonstrates that the VAST MAJORITY of people coming to the usa are not in any way criminal. This means that they should never be treated as criminals. Period.

This is a monumental waste of money, a mass violation of people’s rights, and yet another example of ‘Vendor Hypnosis’. You can work out what that phrase means can’t you?

SHAME SHAME SHAME on the USA!

ContactPoint: ‘culture of violation’

Tuesday, July 17th, 2007

Whitehall officials strongly defend the security of the large centralised database that is being built as part of the Care Records Service of the National Programme for IT [NPfIT]. NHS Connecting for Health, which runs a major part of the NPfIT, points out that nobody can access it without leaving a trace in the audit trail. But who is going to police the audit trail in a busy NHS. And what if nobody polices it even if they’re supposed to?

This is what we have been saying all along.

Perhaps disciplinary action can be taken against misuses of the database, but by then it may be too late to protect the confidentiality of personal data. If the security at a local GP practice is breached, it will not affect huge numbers of files. But a national database will contain millions of records.

Precisely. And everyone who works on building this system knows this. You need to remove your data from your GPs computer as a matter of urgency. Lets say (for sake of argument) that the spine upload will be made from the latest backup set; if you delete now, long before the update, you will be left out of the upload.

This is one of the lessons of the lapse of security at the Department of Veterans Affairs. It is one of the few healthcare organisations in the world that has very large centralised and regional databases of medical records. So an apparent minor lapse of security can have major implications.

The disappearance of one external hard drive – the sort one can buy in PC World for about £100 – contained 1.3 million sensitive medical records.

In England a loss on this scale could not happen with a breach of security at a GP practice. But the NPfIT’s Care Records Service is due to store 50 million patient records.

Just like ‘Frances Stonor Saunders’ said, “These databases, which can easily fit on a storage device the size of your hand…”. All it takes is for one leak to happen for the whole system to be compromised. Now imagine trying to cobble together a database of all the NHS patients in the UK by compromising each GPs office one at a time. It would be hugely expensive, take years, and you would probably get caught. Thankfully the government is making it easy for criminals to get the job done; they are putting it all in one place for you!

The Department of Veterans Affairs had a general policy of ecrypting patient data so that if it were to go missing it could not easily be read. But the controls were not applied properly.

Even if they were encrypted, all that means is that a disc removed without taking the decrypting keys would be useless. A clever person would take the drive and make sure she had the decrypting keys too. It also doesn’t stop people copying entries on a ‘to order’ basis, something particularly sinister when you think about what ContactPoint holds: DATA ON CHILDREN.

Could the same happen in England?

Could? Lapses, leaks, abuse and thefts have have already happened in the UK. Use the Google!

a) In the NHS, password sharing is endemic and doctors do not always have the time to log on and off computers to protect the integrity of the system.

And there you have it password sharing is ‘ENDEMIC‘ : “characteristic of or prevalent in a particular field, area, or environment”. That means that it is in the nature of the NHS environment to share passwords. WHen they get a hold of ContactPoint access, they will not suddenly change their behavior.

b) If national systems are made too secure doctors and nurses will not use them.

Makes sense; in order for something to be useful, you have to be able to use it without having to think about it.

c) It’s unclear whether the Department of Health will provide enough funds to ensure that money and staff are available to police rigorously the audit trails of the Care Records Service, if a such a national system works.

Exactly. There are not enough people to watch the 330,000 people who will be making millions of accesses per week on ContactPoiint. Trying to find instances of abuse will be like looking for a needle in a haystack, and when we talk of ‘instances of abuse’ we mean paedophiles getting a hold of a child in the worst case scenario.

Perhaps these matters should have discussed openly and honestly before the NPfIT was announced in early 2002

Perhaps the whole idea should be scrapped? And by whole idea I mean the NIR, ContactPoint and the NHS Spine.

Computer Weekly

Alert for ID card security

Monday, July 16th, 2007

By DAVID KILLICK
July 13, 2007

HUNDREDS of British ID card holders have been told to cut up their ID cards and replace their fingertips after a security breach in Sweden.

Computer tapes containing ID card holders’ details nationwide were among items in a car stolen from a Swedish data processing company in May.

Many EU financial institutions are affected, but only some are notifying customers.

The National Identity Register has written to ID card holders this week warning them to cancel ID cards and to replace their fingertips.

“Your National Identity Register ID card details may have been compromised on or after May 25, 2007, due to a possible data breach in Sweden,” it says. “As a precaution your ID card needs to be cancelled, your fingerprints replaced and a new ID card issued.”

National Identity Register spokeswoman Marsha Cadman said fewer than 5 per cent of the UK’s 70,000,000 customers were affected.

No instances of fraud had been reported and the NIR was taking a precautionary approach, she said.

“This is not an issue our citizens should be concerned with. It impacted only a small number of citizens.

“Some other EU institutions on the mainland haven’t cancelled ID cards, they’ve just let it go, some of them cancel them immediately.

“We prefer to take the middle ground and say check the ID card, make sure there’s no transactions, and we encourage you to come in and cancel.”

EU commissioner for financial crimes Leanne Vale said there had been no reports the stolen data had been used in crimes.

“It’s a low risk event,” she said. “Our ID card system admins are very prudent and they will always err on the side of caution and will reissue ID cards, and contact ID card holders so they can replace their fingerprints and maintain a high level of interaction with their customers. Other identity institutions may not choose to do that.”

EU ‘ID Czar’ David Bell said banks were aware of the breach and were monitoring customers’ accounts.

NIR spokeswoman Pauline Hayes said ID card holders were not protected against any unauthorised purchases by a zero-liability fraud protection policy.

[…]

News.com

The Industry Formerly Known As Relavent

Monday, July 16th, 2007

After home taping in all it’s guises, the P2P explosion, the poor music industry has to deal with this – Prince has ‘given away’ his latest album, apparently pocketing at least £250,000 from the deal with the Mail on Sunday. And what do we hear of this groundbreaking deal, where an artist has retained control of his ‘product’ and redefined how the public get to access it? Well, mostly the bleatings of commercial rip-off middlemen like HMV, who’s industry representatives whine…

The Entertainment Retailers Association, described plans to “dump” 3m Prince CDs onto breakfast tables on Sunday as wasteful given his albums do not sell in anywhere near those volumes.

The group has slammed Prince’s giveaway as devaluing music and taking record stores for granted.

Referring to MoS plans to distribute almost 3m copies on Sunday, the group said: “This is nearly twice the number of CDs sold by Prince in the UK over the past 13 years.”

Or they make veiled threats like…

“The Artist Formerly Known as Prince should know that with behavior like this he will soon be the Artist Formerly Available in Record Stores,” said Quirk in reference to the 1990s when the star stopped using his name.

It’s an insult to all those record stores who have supported Prince throughout his career,” he said.

An insult to record stores!? The same record stores who make far more per CD than the artist does? I can see why that would be insulting. Prince has decided that, instead of making £80,000 (on less than 80,000 sales of last album 3121) and handing far more to record stores and marketing men, he’ll take £250-500,000 from a newspaper and save his fans a lot of money. All while distributing 2.5 million copies! How insulting!

And the coverage he’s got for this album is astonishing. Reviews everywhere. Meeja luvvies falling over themselves to express an opinion. The Grauniad slighted by the fact that Prince chose a rag capable of selling 2.5m copies rather than go for ‘cool’ by shipping a fifth of that with the Observer.

And then there’s complete tripe like this, from the Scotsman. Headlined ‘a new threat to music’, there’s no need to dissect further. And all the comments on the piece see right through it. Fergus Sheppard, Media Correspondent, you are owned by the industry on which you comment, and irrelevant to the public to whom you correspond.

Prince, good on you.

Seth Shostak: Guardian of Common Sense

Saturday, July 14th, 2007

Happy Birthday, Hysterics! The Roswell Incident Turns 60
By Seth Shostak Senior Astronomer, SETI

Seth Schlockstak is not an Astronomer. Astronomers are scientists who are interested in the facts, whatever they are and wherever they may lead, the ultimate destination sought after being the truth. Shlckostak is not interested in the truth; he is only interested in protecting his position and income as a Senior timewaster at SETI. If he were a serious person, interested in the truth no matter what it is, and a true scientist, he would not write the utter drivel that I take pleasure in demolishing here.

You may not have noticed (but only if you’ve been living in a hermetically sealed shipping container). This month is the sixtieth anniversary of what’s politely termed the Roswell incident.

That incident unfolded like this. In July, 1947, New Mexico sheep rancher William Brazel showed up at the Roswell Army Air Field with some unusual debris in the bed of his pickup weird leavings that he’d found in a pasture near the tiny town of Corona. This initiated a series of events that eventually became a drawn-out pot boiler about a crashed, alien spaceship. The plot line is simple: extraterrestrials came to visit, and accidentally destroyed their craft. The remains were efficiently collected and perfectly hidden by a government paranoid about security. According to the die-hard believers, the feds, even now, aren’t willing to fess up to the fact that aliens were on our front porch.

Note how Shlckostak’s english is full of rib poking, “aliens were on our front porch”, “a drawn-out pot boiler”, “what’s politely termed”. These are not the words of a serious person trying to explain why it is impossible that an alien spacecraft crashed in Roswell New Mexico. In fact Schlockstak gives no reason why such a crash could not have occurred.

Now Roswell isn’t the only story about aliens come to Earth, although it’s certainly garnered more press than most. Admittedly, there’s some indication that its popularity, even among the UFO in-crowd, may be oxidizing somewhat. In a recent query to ten experts made by the Fortean Times web site, Roswell was mentioned only once as a “most interesting UFO case.” And that single mention was offered by Stanton Friedman, who, as the greatest proponent of the Roswell story, certainly has a dog in the fight.

All of this is entirely irrelevant. If it happened it happened, no matter if the facts about it are being retold or not.

Well, I don’t think aliens had anything to do with what took place at Roswell.

Why not?

There’s good and compelling evidence that what was in play in 1947 was a secret government research program to develop technology for detecting Soviet nuclear tests. So I won’t delve here, and yet again, into the sticky thicket of claims and counterclaims regarding what happened. That path has been beaten down to a trench.

There is no such evidence, and if there is, you should provide a link to it so that we can read it Schlockstak. The fact of the matter is that the US Airforce has changed its story about what happened there three times. If this is a lie, then its up to Schlockstak to provide proof that it is a lie.

In addition, adding my voice to the Roswell roar doesn’t seem to help: I am perversely proud to note that, according to a poll recently conducted by one Canadian web site, I am less reliable on this subject than the Easter Bunny. I didn’t lose this vote by a hare either =96 the vote was five to one against me. (I note, however, that Mr. Bunny’s list of published opinion on Roswell is thin.) In addition, having written about this before, I’ve learned that doing so is like riding a bronco in your shorts =96 it’s just a guaranteed way to set yourself up for pain. Frankly, every time I voice some skepticism about claims of alien visitation, I am promptly, and inevitably, rewarded with a flood of abusive e-mail.

More nonsense from Schlockstak. No facts, no links, nothing but childish nonsense about bunnies. If this is the quality of ‘scientist’ working at SETI, then for sure, it is a waste of time on the basis that the people who work there cannot think.

Nonetheless, the incident remains iconic. So let me point out something that, frankly, I find strangely comforting.

Schlockstak likes to be comforted. And having to accept that he has wasted years of his life and professional career on SETI when aliens have been visiting earth right in front of his nose would be very uncomfortable indeed.

Roswell was, supposedly, a situation in which an alien craft came who-knows-how-many light-years to visit Earth before the pilot punched the wrong button and caused a fatal explosion above the New Mexico desert (this is akin to making a cross-country road trip, and totaling your car on the garage door as you pull into the driveway).

Actually, its more like forgetting that when you calculate a re-entry angle, you have to make sure that all the numbers are in either metric or imperial, but not a mixture of both. This is why the recent British probe to Mars the Beagle 2 burned up, at the very end of its journey. The Beagle two made it all the way to Mars and then crashed literally at the last stage. A spacecraft failing at the last part of its journey is not so hard to believe, and Schlockstak knows this.

Did you know that one of the experiments on the Huygens probe did not get done because the scientists on the ground failed to remember to turn it on when it got to Titan and started its decent? A person adopting the jackass posture of Schlockstak could intone, “Do you mean to tell me that we sent a billion dollar probe 1,321,416,800 kilometers to Saturn, and you FORGOT to turn on the experiment? That’s rather hard to believe”. And yet, this is precisely what did happen! Did you know that the same thing happened on a Voyager mission almost thirty years previously? There have been other failures at the last hurdle, Surveryor 2 in 1966 failed a soft lunar landing attempt, after a nearly perfect lunar intercept trajectory because an engine failed to ignite, for example.

This not only demonstrates that even the greatest scientists can make mistakes, but it proves that they can make the same mistake TWICE. There is no reason whatsoever to suppose that aliens, using whatever technology they have to get here, will not be subject to accidents, mistakes and miscalculations just like we are. There is no reason to come to the conclusion that UFOs cannot crash. That should be obvious.

Debris was recovered, as were alien bodies. And yet, strangely, even after 60 years, the consequences of this short-circuited social call by a culture able to bridge interstellar distances are… zilch.

Well, not entirely zilch. The incident has been a boon to its articulate proponents, to television, and to the Roswell economy (indeed, for that small and friendly, but otherwise unremarkable city, the saucer smashup 70 miles outside of town has become a “crash cow”).

That was actually funny. Schlockstak is a natural born comedian, and not only for his absurd SETI ideas! Astonishing!

But really, what significant effect has it had? An historical analogy might serve to give scale.

If there is one thing that Schlockstak doesn’t have a handle on its scale.

As all readers and everyone else know, Columbus landed in the Caribbean in 1492. But 60 years later, were the inhabitants of the area still unclear about whether Spaniards had happened upon their world? Was that still controversial? A contemporary, Bartolome de Las Casas, wrote in A Brief Account of the Devastation of the Indies about what changed on the archipelago of islands that, at the time of Columbus’ arrival, “were densely populated with native peoples… [with Hispaniola] perhaps the most densely populated place in the world.” By 1542, a half-century later, de Las Casas wrote that “We can estimate very surely and truthfully that in the… years that have passed, with the infernal actions of the Christians, there have been unjustly slain more than twelve million men, women, and children. In truth, I believe without trying to deceive myself that the number of the slain is more like fifteen million.”

This analogy fails because the Spanish, last time I checked, are not aliens. Americans like Schlockstak might think that people who speak Spanish are a little less than human, but that is another matter entirely.

The Spanish came to the ‘new world’ as humans coming to another continent on their own planet in order to conquer it, and its human peoples not as scientific researchers visiting another planet to do pure science. Once some of the Spanish came, more and more of them arrived to colonize the land with their money, technology, politics, religion, language and raw power. The aliens that are coming here are here (apparently) only to do research in the same way that Darwin did in the Beagle; they visit planets in the same way that he visited the Galapagos islands; collecting samples and then going away, leaving no trace that they were ever there. To this day many of the Galapagos islands are uninhabited; does that mean that the Beagle never went there and that specimens were never collected? Of course it does not.

It appears that aliens have no interest in colonization (here), no interest in cultural exchange with us and are here only to collect specimens. Schlockstak’s analogy falls flat, and demonstrates his lack of imagination, and also a lack of understanding of the history of science.

The effect of the encounter was not subtle, and sixty years after Columbus, the Indians weren’t arguing on late-night radio about whether they’d been visited. And that’s not just because they didn’t have radio.

Well, in the more-than-half-century since Roswell, we still seem to be here with our lives and economy intact. If there’s been any effect from an alien face-to-face, it’s too subtle for me.

Given that Schlockstak is one of the most hard headed, blinkered, stupid, ostrich posturing morons ever to look into a telescope, it comes as no surprise at all that its too subtle for him. Just because these aliens are not destructive beasts like we are doesn’t mean that they do not exist and have not been here in great numbers over many years.

Once again, if aliens come here and then leave without disturbing anything, we would have no effects like the destruction of the Incas to point to. We of course could say that the population of the earth has had its culture changed since the era of photography and aviation; the tens of thousands of UFO sightings by credible witnesses, some with visual and radar confirmation and the wide dissemination of these reports has changed our culture subtly, as there are now billions of people who are aware that there is such a thing as a UFO, and that some of them are alien spacecraft. Schlockstak is not one of that number of course.

As rebuttal, some people claim that I’m wrong; that there really is a noteworthy aftermath to Roswell. Namely, that the military has reverse-engineered the debris, producing all sorts of strategically important technology breakthroughs. That, at least, would be significant. However, the idea, to begin with, is about as plausible as talking dogs. Could the Roman legions, a pretty successful military in their own right, reverse- engineer your laptop? They were, after all, only two thousand years behind us, and were humans to boot.

And there are others, that are even better than that, and you are aware of but never mention them, because they destroy you and your argument. I notice that whenever you go up against Stanton Friedman who you deride above, you are far more careful in what you say and how you say it, because you know that you will be made to look like the fool that you are. Listen to Schlockstak in these two shows: part one, part two to see him pussyfoot around Stanton Friedman and the facts.

What a pity that space.com takes the word of an ass like you as gospel…but its not surprising, because you are indeed, one of the hight priests of pseudoscience and have the dogma down pat.

But plausible or otherwise, what’s the evidence that we’ve in any way benefited from extrasolar imports? As an exercise, I recently graphed the speed of America’s top military aircraft over the past century, assuming that if we’d really figured out the grays’ engineering secrets, that fact would be reflected in this important category of hardware. Well, it won’t surprise you to hear that our military planes are faster now then they once were, and between 1935 and 1970, the top speed went up by about a factor of ten. But the improvement was gradual, except for a bit of a jump as soon as the Nazis developed jet planes. Of course, that was before Roswell.

This is a brilliant paragraph, explaining why the irrefutable UFO cases (and I note that you do not list or link to the other nine most important UFO cases above; are you, Schlockstak, scared that someone might actually read them?) cannot be the experimental craft of the US Air Force. These best case UFO reports describe, in great detail, delivered by completely reliable witnesses, with photo and radar evidence, aircraft that outperform any known human made craft with propulsion units that are silent. That means that these craft cannot have been made by human beings, and since human beings are the only sentient creatures on this planet that are making aircraft, we can infer that the makers of these flying triangles, rectangles and discs are from other planets.

What is so amusing about Schlockstak and his merry band of psychopaths is that they will say that objects like The Wallonia Triangle (a completely silent equilateral triangle UFO photographed over Wallonia in Belgium, seen on radar, chased by the Belgian Air Force who were outrun by it) is an experimental US Airforce craft! You cannot have it both ways Schlockstak; either man has the ability to make aircrat that completely match the performance of UFOs or he cannot. If he cannot, then the next best fit is a non human intelligence as the manufacturer.

Of course, to say that objects like The Wallonia Triangle and the other very weird objects are military craft means that the USAF is testing super secret technology in the skies of…Belgium. And when I say ‘super secret’ I mean paradigm shifting, world changing technology, like anti-gravity or whatever these things use to stay aloft in absolute silence without any downdraft, intakes, or exhaust.

The fact that human aircraft are so limited in performance compared to UFOs adds weight to the Extraterrestrial Hypothesis. Thanks Schlockstak!

What about some new astronomy or physics?

How about some new astronomy from you Schlockstak? Everyone now knows that societies on other planets are going to be using their own internets for communications within 100 years of inventing radio; that means that every civilization will only shine in the radio range for around one hundred years; you and your SETI cultist are going to have to be VERY LUCKY to catch anything, as the sky is most probably dark since all the societies have either abandoned radio (if they have ever gone through that stage) or are inside that window, in which case we may have to wait centuries for their signals to get here if they are say, two hundred light years away. Radio SETI is nonsense. It is doubly nonsensical in the light of all the UFO evidence that we have to hand.

Have we learned anything there? Is there some striking discontinuity in knowledge following 1947 that you can point to?

You are the head of the discontinuists Schlockstak.

I think Roswell is important, really I do. But more because it points to our gullibility, not to any alien guests who, intent on visiting the Land of Enchantment, proved that they should never have been given a driver’s license.

Indeed. You do not think that Roswell is important because you are a delusional salary addict who will tell any lie he can to keep his SETI job intact. As for aliens who should not be given a drivers license, we can point to the legion of scientists who do not know that imperial and metric measures are different; they are the ones who should not be put in charge of driving a space craft; your erstwhile colleagues.

While we are at it, SETI should be shut down as a total waste of electricity and money. We need more imaginative science and better qualified people to run it than people like you.

OK, let the abuse begin.

Good enough Schlockstak?

http://www.space.com/searchforlife/070712_seti_roswell.html

ContactPoint Currency: selling access to children

Friday, July 13th, 2007

ContactPoint access, according to the Draft Contact Point Guidance – Version 1 (65 pages – PDF 388kb), is going to be granted to authorized users by ‘secure token’, username and password.

They define it as:

Security token – an item or device which provides one of the elements of information required for authentication. Examples include a frequently changing numerical code generator or a single-use numerical sent to your phone.

I have seen one of these random number tokens in use by a director of Chase as he accessed his work account over a dialup telephone line while using his laptop.

They work by using time to synchronize a random pin number on this token, to an authentication server on the system where your account sits. You have to use your user name, password and the random number displayed on your token to gain access. This part of the authentication keeps out people who write scripts to try and brute force accounts.

This is the most expensive version. Obviously if you are going to roll this out to 330,000 people, HMG will be loathe to order all of those tokens at, say $69.50 per user. And since they expire every three years they will all have to be replaced regularly.

See below for what this means. Meanwhile, lets look at the ‘Security Principles’ part of the document:

1.10 Security

Keeping the information on ContactPoint safe and secure and ensuring that it is only accessed by people who have a right to access it is of paramount importance, this too is a requirement of the Data Protection Act. Everyone who uses, administers and manages ContactPoint must act in ways that preserve the security of ContactPoint.

What this actually means is that the 330,000 people who will be given access to ContactPoint will be given the responsibility of keeping the data safe and secure. Since all of these people will be able to access all of the ContactPoint data, it effectively means they all have superuser status to look at everyone’s accounts no matter who they are or where they live. On a UNIX system, only the superuser can look into everyone’s files; individual users can only look at their own files, and in the case of a Local Authority (for example) they should really only be able to look at the details of people who live in their catchment area, if we were to agree to the principle of ContactPoint in the first place. It is insane that all 330,000 users can see every record.

2.1 Security Principles

Security of ContactPoint and the information held on it is of critical importance. Everyone who uses ContactPoint must take all practicable steps to ensure that their actions do not compromise security in any way.

This is crazy. Imagine if your bank allowed its all of its users to access bank details from any computer at any time over the internets. That would be a recipe for disaster, just like ContactPoint is. Banks that take security seriously, only allow access to their network from terminals inside branches, which are private networks. Of course, even if the architects of contact point specified that terminals must be inside secure buildings, that would not make ContactPoint OK because it is a compulsory system that violates your rights.

Some might say that being on this database is no different to being on the database of people who own passports. The difference is that having a passport allows you to travel, entitles you to consular services when you are abroad, and the database is used only to administer the issuing of passwords, etc etc; in other words, you get something out of it. Everyone on ContactPoint gets nothing out of it, in fact, you LOSE your privacy in return for absolutely nothing.

2.2 To ensure that only legitimate users access ContactPoint, a password and a physical security token (see Glossary), are both required to authenticate identity. This is known as 2 factor authentication.

This is better than a username and password, but it does not eliminate the problems associate with databases and the nature of data. The ‘things you must not do with ContactPoint’ bears this out:

2.3 A number of key principles should be observed, as a minimum, by everyone with access to ContactPoint. These are:
• Adhere to any local organisation policy/guidance on IT security;

What does this mean exactly? If you can access it from anywhere, it doesn’t matter WHAT guidelines are given; you are free to break them whenever you like.

• Never share user accounts, passwords or security tokens with others;

This is going to happen. We KNOW it is going to happen. ContactPoint tokens are going to have a monetary value, multiplied by the number of searches you want to do. There cannot be a single person who does not believe that ContactPoint will not be abused from the first day that it goes online…if it goes online.

• Do not write down your password and take care when entering it to ensure your keyboard is not overlooked;

We all know that shoulder surfing is done all the time. If someone is accessing ContactPoint from their laptop, their home computer or anywhere where there are people around, shoulder surfing will happen. As for writing down passwords, if they are going to use secure tokens, writing down a password will not be useful, since the token number changes every minute. Do they really understand what all of this means?

• Keep security token with you or securely locked up;

People are going to keep their ContactPoint security tokens on the keychain that they use for their house. Many of them are sold with metal rings to facilitate this. No one is going to keep their token in a safe or some other such place. Secondly, they have to deliver 330,000 of these tokens to the users. If even one of them goes astray in this distribution process then copies of the entries can be made. It is well known that identity theft and credit card fraud happens because post is stolen in transit.

• Never leave ContactPoint logged in when you leave your desk;

So, if someone has accessed 100 ContactPoint records on their laptop, and it is stolen, and these records are kept in the browsers cache, then those 100 children are compromised. This will happen.

• Ensure any reports or information you print from ContactPoint are stored securely and destroyed when no longer required;

On the first day that ContactPoint goes online, and all the 330,000 tokens have been distributed, a minimum of 330,000 children will have their records accessed. If these are printed out, they have escaped the database and are in the wild. Unless they are going to supply 330,000 secure shredders to all the ContactPoint users, you can guarantee that these printouts will be lost, sold and misused.

• Do not let others read ContactPoint information from your computer screen, particularly if working within a public environment; and

This will happen. Also, machines that are compromised will be turned into copying stations where ContactPoint information leaks into the hands of bad guys. By the way, every time I use the phrase ‘ContactPoint information’, or ‘ContactPoint entries’ or any other such phrase, remember we are talking about the private and sensitive information of children.

• Do not use public terminals (e.g. internet cafes, public reception areas) to access ContactPoint.

This will happen. For sure. And there is no way for ContactPoint admin to know when this has taken place.

2.4 Users It is your responsibility to prevent others from gaining access to, or making use of, your account. You must not share your password or security token with others. If you intentionally facilitate unauthorised access to ContactPoint, it is likely you are committing an offence under the Computer Misuse Act 1990 (see A10). You are likely to be committing an offence under this act if you make unauthorised or inappropriate use of ContactPoint yourself.

None of this will stop abuse of ContactPoint. No sanction will put the data back in the database, or repair the harm done to a child after the fact.

You must keep your password secret and look after your security token. Failure to do so may result in suspension or closure of your ContactPoint account. You may also be subject to your organisation’s disciplinary procedures. If you forget your password or cannot gain access to the system, contact your user account administrator – they will reset your password if appropriate.

If the token is the password, then this is not correct. Is this three factor authentication (username, password and token) or two factor authentication? see the comment below for the precise reason why this paragraph is here, and how it makes ContactPoint and this method of authentication even more insane.

If you think your password may be known to others, or you have lost your security token then you must inform your user account administrator immediately to enable them to take appropriate action. Any access using your password or security token, will register in the audit trail as activity carried out by you.

So all you have to say is that your stuff was stolen for 48 hours as your account is used to trawl through thousands of records. This is unacceptable by any standards, and of course, once the data is out there, it is out there for good. Or evil, as in this case.

2.5 Staff Managers You should ensure that all users you manage are aware of the importance of security, understand good security practice and act in a way which will not compromise ContactPoint. If you suspect a staff member is breaching security, you should contact the ContactPoint Management Team to discuss necessary steps, which may include disciplinary action.

Horse. Stable door. Bolted. Get me?

2.6 ContactPoint Management Team LA and partner organisation user account administrators – You are responsible for administering user accounts and the security arrangement related to user accounts. User accounts and security tokens must only be issued to individuals who meet ContactPoint access requirements (See 2.7).

so the distribution of the tokens is not going to be centralized, but farmed out to LAs and ‘partner organisations’ whatever that means. This gets worse by the line.

Where a user reports the loss of their security token or the possibility that their password may be known by others, you must suspend the user account immediately to prevent any unauthorised access. You can only reactivate a user account after the user has been provided with a new, secure password and/or token as required.

And the data returned to the database.

2.9 The requirement to have an enhanced CRB disclosure which is renewed every three years is specific to ContactPoint and does not replace existing organisational policies for non-ContactPoint users. Individuals who do not have an enhanced CRB disclosure or have one which is more than 3 years old will have to apply for a new disclosure to become ContactPoint user. Applications for enhanced CRB disclosures should be made in sufficient time to receive it before access is needed (or a previous disclosure reaches 3 years). If evidence of a renewal is not received before the 3 year period the user account may be suspended.

MAY be suspended?

3.9 Misuse of ContactPoint

Using ContactPoint for other purposes than to support practitioners in fulfilling specific duties (see 1.6) or in a manner contrary to this guidance is likely to be misuse (see flowchart at B13). For instance, it would not be appropriate for ContactPoint to be used to assess applications for school places, or to pinpoint an adult suspected of tax-evasion. Nor is it appropriate for ContactPoint users to access records of their own children, or those of their colleagues, friends and neighbours, unless they have a legitimate professional relationship as a provider of services to that child.

There is no way for ContactPoint admin to know why a record on a child is being accessed. They are basically trusting that the 330,000 who will have access will not disobey the guidelines. This database is going to be used for everything and you can guarantee that there will be a special class of account that has no audit trail, for use of the ‘security services’ and the police. If anyone thinks that ContactPoint users will not access the records of their own children, they are COMPLETELY INSANE; that is the first thing that every new user will do. They will check to see that their children’s records are not incorrect, then they will check on all of their relatives and friends. This is a perfectly natural reflex reaction to being in front of a system like this, and there is no way that any admin will be able to sift through the tens of millions of log entries to find these ‘abuses’. This system, because it is accessible by 330,000 people will rack up audit trails into the tens of millions within the first two weeks of it being online. It will be impossible to police, and even if they do catch someone looking at the records for their own children, then what? are they going to gaol them for doing so? kick them off of the system? suspend them? fire them? I don’t think so, and of course, once the violation has happened, it cannot be undone.

These are some of the things that will go wrong are wrong with ContactPoint:

Stolen token access
People will have their tokens and usernames and passwords stolen. All it will take is a few minutes to compromise the system and put children in danger.

Reproduced printouts
No matter what arrangements you have to secure access, if the data is on a screen it can be copied and printed. This means that ContactPoint can never be secure, and any child in it is in danger.

Insider breaches
Insiders will leak information from ContactPoint. This has happened in every other government database, and ContactPoint will be no different.

Rich still able to opt out
This proves that ContactPoint is not and cannot ever be secure, and that its users are not trustworthy and can never be trusted. The rich and famous will be able to opt out of ContactPoint. If ContactPoint were secure, there would be no need for this opt out option for the rich.

One insider mega breach is all it takes
All it takes is for one person to leak the database and then it will be out there forever. No matter how secure the access arrangements are, this will always be true.

Tokens for sale: the new money
As I said above, the tokens to access ContactPoint will become a sort of currency. People will sell and rent them to gain access.

Tokens shared over phone in the one minute window
Depending on how it is set up, people will be able to share the random number on the token over the phone. When the session expires, the person selling access can sell a new random number to the scumbag who wants to get access to the data. In this way, the ContactPoint user can keep her token, limit access to her black market data clients and still remain in the system on a long term basis.

Finally, all of this is VERY expensive (expiring tokens needing to be replaced etc), and will not solve the any of the problems associated with child protection; it will in fact cause more problems, and the worst thing about it is, once they decide that ContactPoint is a bad idea, it will be too late; the data will be out there circulating on the black market forever. It will be impossible to shut down or erase. This is the main problem with this idea; it cannot ever be taken back.

Philosophically ContactPoint is indefensible. It usurps the role of the parent, and replaces the parent with the state. No parent should be denied the right to opt out of this system, especially since children of rich will be out of it.

You have every right to remove yourself from this Database, and you should do everything in your power to make sure that you are not put into it.

Connecting the Database Dots

Wednesday, July 11th, 2007

Note the new category; ‘Post Tipping Point’. This is shorthand for, “we are not going to link back to BLOGDIAL articles on this subject inside this post that you should already have read or should be able to find with the google”.

Here we go….

Watchdog seeks an end to ‘horror’ of personal data security leaks

Business leaders oppose stronger powers to investigate breaches

Phillip Inman
Wednesday July 11, 2007
The Guardian

Phillip Inman; you fail it.

Britain’s data watchdog sparked a row with business leaders yesterday when he called for more powers to confront companies that fail to protect personal information held on computers. He wants a new rule that would allow investigators to look at files without the permission of company directors.

His plans ran into immediate opposition from business leaders who said his request for increased powers were a heavy-handed response to the problem.

The information commissioner, Richard Thomas, said that a “horrifying” succession of data security breaches in recent years at high-profile companies – including mobile phone operator Orange, building society Nationwide and mail order retailer Littlewoods – had shown that many companies failed to understand the risks to their customers and to their own reputations of keeping vast databases without adequate security.

The fact of the matter is that Richard Thomas is a busybody beurocrat twiddling his thumbs in his office while the government puts together ContactPoint, which will be a database delivered over the internets, via browsers (read Internet Exploder) and available to 300,000+ people who will be authenticated by a username and password.

THIS should be his main concern. THIS is where he should be putting his ‘expertise’ to good use; to stop the greatest child protection disaster ever from being rolled out.

Instead, this anti-business Neu Labour aparachick loser wants to punish business, that people engage with voluntarily, for lapses in their security.

How pathetic.

Mr Thomas said giving him the power to conduct an inspection and audit to ensure compliance with data protection laws would allow him “to force the pace” and encourage more companies to change their behaviour. Now, he must gain the consent of an organisation before starting an investigation. He also questioned whether companies should be obliged to report data security breaches in the same way the banks are forced to report suspicious money laundering.

How about government agencies who hold data on citizens involuntarily being forced to submit to independent audits? How about obliging every government agency using a database being obliged to report data security breaches? This is far more important because the databases that the British public are forced into are just that, by force, they make it impossible or very very hard to get yourself removed from the most simple databases.

Did you know that your personal and private medical records are the property of the department of health and that if you want to get your records deleted from any of their systems, you have to have the written permission of the secretary of health to do so?

In the commercial world, where all your stuff is voluntary, you can reduce your data shadow considerably, by following some simple rules. For example, use an alternate name everywhere and anywhere you can. Use a pay as you go mobile phone. All of these things can be done, and you would be surprised at how friendly these companies are when you ask them about deleting your account. Businesses are more responsive to the needs of their customers than the government is, and frankly, Richard Thomas needs to get off of his ass and implement citizen friendly data practices throughout government, like an end to biometric passports, cancellation of ContactPoint, and of course, the complete cancellation of the NIR and ID cards.

“Over the last year we have seen far too many careless and inexcusable breaches of people’s personal information. The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying.

Whatever you scumbag. What is FAR MORE HORRIFYING are the numerous breaches of GOVERNMENT DATABASES (the ones that we know about) where insiders have leaked information, violated privacy, and just been plain incompetent; we have documented and dissected some of these on BOOGDIAL of course.

Wrong hands

“How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?”

Mr Thomas, who was speaking before the publication of the commission’s annual report today, signed a deal with the banks last year that effectively gives him access to inspect and audit their systems without permission. He extracted the concession after a series of high-profile breaches at prominent high street banks and building societies.

This is utterly outrageous. This man has no business going into a private company and auditing their security (which means of course, looking at all the accounts, finding out where the back doors are, so that even ‘security through obscurity‘ will not work). Anyone who knows about the systems used by banks understands that they are hugely complex, written in a variety of old and new languages; unless this Richard Thomas has expertise in these languages, and is given access to the source, he cannot possibly be able to audit the systems. Even if he did get access to the source, it would take years to audit it all, and the government does not have this expertise; that is a FACT.

That the banks have signed this agreement is also very very weird. I would like to read it….but I digress. Obviously they signed it to try and stop some new legislation coming into force. This is a bad, bullying bastard government.

In one instance, Halifax allowed details of 13,000 mortgage customers to go astray after the briefcase holding the documents was stolen froma member of staff’s car.

That has nothing to do with computers. No audit would catch this sort of insider blunder.

The incident came after Nationwide’s lax security procedures put thousands of customers at risk from fraud. A laptop was stolen from a long-standing Nationwide employee in a domestic burglary. The employee reported its loss and then went on holiday, but it took three weeks for the building society to realise that the laptop contained confidential customer information.

All this sort of event requires is the writing of guidelines, i.e., you do not put customer data on laptops. Ever.

Mr Thomas said a similar agreement allowing his inspectors access to companies in all sectors would prove to be more effective than spending the next few years painstakingly negotiating with each area of industry and commerce.

Richard Thomas is a moron. What this means is that anyone running a database (presumably over a certain number of rows in size) would be liable to one of these audits. Any company with even half a brain cell would immediately leave the UK for more sensible shores. There would be nothing that Richard Thomas and his army of ‘experts’ could do about it, and in fact, this is already happening. Banks, telephone companies (BT) have moved their data processing to India. When you get a call from an Indian call centre, they have your name, account number, date of birth, address and everything else they need to serve you.

There is nothing that Richard Thomas can do about it, and frankly that is a good thing. If Britain wants to become a business unfriendly zone, all modern businesses from LastFM to Orange will simply go elsewhere. Its all transparent to the user and the company, so why not? Why put up with these zealots and idiots and control freak morons who do not know the difference between what is public and what is private?

He said he also needed a more effective sanction where there are “flagrant, far-reaching breaches of the law”.

The ultimate sanction is a lawsuit, and customers leaving you. That is what you should facilitate. After you have cleaned up your own house.

Debt collectors linked to a financial services subsidiary of General Motors and private equity firm Cabot Square Capital were named in a court case this year over the illicit market in private information stolen from government databases.

And there you have it.

What I have been saying all along about copies of databases, illegal trading of data etc etc. and yet, this brain dead journalist cannot connect the dots and pull Richard Thomas up on the shenanigans that he is a part of, and the danger he is putting the 11 million children of Britain in.

Its is sickening, like watching an avalanche bearing down on you in slow motion as jabbering idiots throw snowballs at each other.

The commissioner brought a prosecution against a private investigator who was used by companies chasing vehicle hire purchase and bank debtors. The private investigator posed as another member of staff in telephone conversations in a practice known as “blagging” to gain access to personal information. The companies say they told the private investigator at the time not to break the law.

It is not called ‘Blagging’ you cretin, it is called ‘Social Engineering‘, and Kevin Mitnick wrote a very good book about it (which I have read) that everyone like Richard Thomas and Phillip Inmann should read. If they have read it, then double shame on them for not taking it seriously.

Mr Thomas said he was concerned that a market in stolen data was growing despite recent adverse publicity. “During a recent investigation we turned up at the offices of a private investigation agency and while we were there the fax machine leapt into life. It was a request from another firm asking them to find out if a woman had cancer. It also asked the agency to check a list of clinics to see if another woman had had an abortion.

This is astonishing. Does Richard Thomas really think that the underground market in stolen data is going to stop growing because of adverse publicity? And does he truly believe that if ContactPoint, the NIR and ID Cards are rolled out that this market will shrink?

Is he that delusional?

“In this instance we are not talking about a small misdemeanour. This is the illegal soliciting of personal information and the kind of thing that we need to investigate thoroughly.”

Bastardy mixed with ignorance. What needs to be done is to stop the compulsory aggregation of personal data into monolithic systems that are widely accessible by civil servants. That means no ContactPoint, no ID Cards and no NIR. Period.

But the CBI said enhanced powers to investigate alleged breaches of the data protection rules would have wider implications. “The nature of business is changing dramatically, so the way companies handle customer data is increasingly important,” said the employers’ body spokesman Jeremy Beale. “Some firms need to improve their data policies but there are no easy answers or silver bullets and the CBI wants a national debate to help identify where the responsibility for different aspects of data protection lies. By calling for the ability to inspect firms’ files without consent, the information commissioner is in danger of leading businesses into the very surveillance society he is heeding against.”

Exactly. And looking at files has nothing to do with laptops escaping offices or garbage being thrown out un shredded.

Mr Thomas said this year he was concerned that the vast amount of data being collected on individuals meant we were sleep-walking into a surveillance society. He said he lacked greater powers only because when the government translated the EU data protection directive into law it left out crucial elements. “The EU wants the government to give us the powers. Our experience tells us we need the powers,” he said.

Our experience, which is greater than yours simply through reading, is that:

  • You people don’t know what you are doing
  • You say one thing (protect data) and then do another (collect children’s details in an open system)
  • You do not admit to data breaches, and take no responsibility for them
  • You have no expertise in this area at all
  • You have nothing of substance to offer
  • You use this and every possible excuse to get into people’s private affairs

The Ministry of Justice is responsible for overseeing the Information Commissioner’s office. Yesterday it said: “We believe that the Information Commissioner already has adequate powers.”

Amen. What this dunderhead needs is TRAINING and EXPERIENCE in the systems he is trying to get to grips with, so that he can read and write best practice documents and then implement them INSIDE HER MAJESTY’S GOVERNMENT.

Don’t bank on banks to keep your secrets

For consumers who have been studiously shredding their old credit card statements and other sensitive data, the information commissioner’s move cannot come soon enough.

Despite repeatedly warning their customers to be careful about what they put in the recycling bin, several banks and other institutions have shown a disregard for their customer’s important financial data.

Two years ago the Guardian exposed how the Grand hotel in Brighton – bombed during the 1984 Conservative party conference – had thrown thousands of its customers’ credit card details, home addresses, and phone numbers in a skip outside its back door. Passers-by were helping themselves. We were able to ring up some of the former guests and read out their credit card numbers – to their initial bemusement, and ultimate anger. In some cases we even had their passport numbers. And the Grand was by no means alone.

The Grand Hotel in Brighton is not a bank, last time I chequed.

Since then, banks have been caught leaving bin liners full of customers’ details out in the street. Others have allowed staff to take unprotected laptops containing sensitive data home, which have subsequently been stolen.

In the usa there are now services that lock down your stuff and make it harder for thieves to use your accounts, should they get hold of your SSN. The market responds to these challenges and people are willing to pay for them. Like I predicted, ‘Dorian Grey’ services will begin to emerge onto the markets, where your identity will be shielded for a fee. You can do all your shopping and everything else you need to do whilst using an alternative managed and disposable identity. This will be the only way to keep yourself out of the legal and illegal databases, making you freer and more flexible.

A further concern was the case last year of Abbey’s call centre staff who were selling its customers’ bank details in an underpass near Bradford. In fact, this happens far more often than is realised because the banks always hush up breaches of security.

And what about the NIR, Identity Cards and ContactPoint you simple minded numbskull pinheaded journalist loser? Did it not occur to you, with that vivid image of people sneaking around in an underpass that this is the way perverts are going to trade ContactPoint data?

Honestly!

Sri Lankan staff in petrol stations recently perpetrated a £30m chip and pin fraud after they recorded details and then cloned several customers’ bank and credit cards.

Did that happen in Sri Lanka or the UK? Why mention the country that the bad guys were from? Nasty!

The government is another culprit. In one instance, temporary staff at the Child Support Agency were allowed access to one of the country’s three main credit reference agencies. The staff could ask for credit checks on individuals and get other personal financial information. To make matters worse, they were able to continue accessing the Equifax database for several months after their contracts ended.

That was a breach of Equifax, not a breach of a government database. Anyone can pay to get access to Equifax, so this example is totally bogus and garbage.

Next week HM Revenue & Customs is expected to announce that its tax credit system suffered fraud and error worth £1bn in 2005/2006. In its first three years the level of fraud and error will reach almost £3bn.

Irrelevant. Obviously Phillip Inmann has run out of examples because he actually doesn’t know anything about this subject, and also, cannot even use the google to find relevant examples. What a complete jackass!

So you are far more likely to be the victim of identity fraud because of something an institution holding your details has done – or not done – than you are from not shredding your documents at home.

The brain dead, computer illiterate, irresponsible, useless Guardian

[…]

What a pathetic conclusion. The majority of people do not suffer identity theft. That is a fact. It is also a fact that people in the UK are less vulnerable because there is no single identifying number attached to everyone’s name as there is in the USA, with their despicable Social Security Number. Britain is better off than the USA in this respect, and idiots like you keep failing to connect the dots and point this out whenever you get the chance. Don’t worry; there are many people who are doing your job for you, who actually know what they are talking about, and in fact, they have had a bigger audience an influence than any of your lackluster articles have had.

The Iraqi Resistance has won

Monday, July 9th, 2007

The New York Times has an editorial. Read it.

It is time for the United States to leave Iraq, without any more delay than the Pentagon needs to organize an orderly exit.

*

Like many Americans, we have put off that conclusion, waiting for a sign that President Bush was seriously trying to dig the United States out of the disaster he created by invading Iraq without sufficient cause, in the face of global opposition, and without a plan to stabilize the country afterward.

Well, you and the americans who put off that conclusion are amongst the most ignorant people on this planet. You should have been entirely against this evil plot from the beginning. You are old enough to remember VietNam. This is a most shameful event in your history, and history will judge you for having supported this suicidal, genocidal, mass murdering maniac of a president, The Great Satan, George W. Bush.

At first, we believed that after destroying Iraq’s government, army, police and economic structures, the United States was obliged to try to accomplish some of the goals Mr. Bush claimed to be pursuing, chiefly building a stable, unified Iraq. When it became clear that the president had neither the vision nor the means to do that, we argued against setting a withdrawal date while there was still some chance to mitigate the chaos that would most likely follow.

It was clear from the begining that this could not be done, and you should have asked the legion of people who actually know something about Iraq like Scott Ritter, who would have gladly sat you down and educated you. But you are not interested in education, or being educated, or educating your sheepish readers.

While Mr. Bush scorns deadlines, he kept promising breakthroughs — after elections, after a constitution, after sending in thousands more troops. But those milestones came and went without any progress toward a stable, democratic Iraq or a path for withdrawal. It is frighteningly clear that Mr. Bush’s plan is to stay the course as long as he is president and dump the mess on his successor. Whatever his cause was, it is lost.

The only thing that is frightening is that you believed him. You believed him even after the lies over WMD, after that jackanapes Colin Powell lied in the UN Security Council about chemical weapons (to which the delegates actually laughed out loud). It is frightening to think that you could actually be so stupid, so insular, so idiotic that you would accept the word of a proven liar and imbecile, over the word of thousands of intelligent people who know that country, and the millions upon millions who were against the war in the first place. It is not only frightening, it beggars belief.

The political leaders Washington has backed are incapable of putting national interests ahead of sectarian score settling. The security forces Washington has trained behave more like partisan militias. Additional military forces poured into the Baghdad region have failed to change anything.

No no no. You should have said, “The New York Times has failed to take a moral stance on this subject, and we apologize to our readers for spreading the lies of this administration, and for deliberately misleading the public time and time again on this subject”. There. That’s better.

Continuing to sacrifice the lives and limbs of American soldiers is wrong.

It was wrong the day the first soldier set foot in Iraq.; why all of a sudden is it more wrong for the troops to be there?

The war is sapping the strength of the nation’s alliances and its military forces. It is a dangerous diversion from the life-and-death struggle against terrorists. It is an increasing burden on American taxpayers, and it is a betrayal of a world that needs the wise application of American power and principles.

There you go again. There is no ‘life and death struggle against terrorists’ this is the kind of nonsense that got your boys into this mess, you need to wake up and stop banging the war drums you idiots!

A majority of Americans reached these conclusions months ago.

The majority of americans thought this war was insane from the outset. It is only the likes of you that boosted it, rationalized it, demonized The Lion of the Desert, and acted entirely shamefully.

Even in politically polarized Washington, positions on the war no longer divide entirely on party lines. When Congress returns this week, extricating American troops from the war should be at the top of its agenda.

No, Iran should be at the top of the agenda; STAYING OUT OF IRAN that is. And what do you say about that New York Times uncredited author?

That conversation must be candid and focused. Americans must be clear that Iraq, and the region around it, could be even bloodier and more chaotic after Americans leave. There could be reprisals against those who worked with American forces, further ethnic cleansing, even genocide. Potentially destabilizing refugee flows could hit Jordan and Syria. Iran and Turkey could be tempted to make power grabs. Perhaps most important, the invasion has created a new stronghold from which terrorist activity could proliferate.

Lets be candid. Iraq was a stable country before the americans destroyed it. There was no ‘Al Quaeda’ in Iraq before the americans got there (think about that) there was no ethnic cleansing, reprisals, civil war, mass murder, refugee crisis, or any chance of ‘power grabs’ from Turkey or Iran. The american government is the one that made the power grab, and they caused this mess, and they are guilty of mass murder, genocide and all the ills you just listed. THAT is being candid you pigs!

The administration, the Democratic-controlled Congress, the United Nations and America’s allies must try to mitigate those outcomes — and they may fail. But Americans must be equally honest about the fact that keeping troops in Iraq will only make things worse. The nation needs a serious discussion, now, about how to accomplish a withdrawal and meet some of the big challenges that will arise.

You needed a serious discussion BEFORE the attack. You did not provide it. None of the american journalists provided it in the newspapers of record. You all failed to speak out and help prevent this, while millions of people were screaming that this is totally insane.

The Mechanics of Withdrawal

The United States has about 160,000 troops and millions of tons of military gear inside Iraq. Getting that force out safely will be a formidable challenge. The main road south to Kuwait is notoriously vulnerable to roadside bomb attacks. Soldiers, weapons and vehicles will need to be deployed to secure bases while airlift and sealift operations are organized. Withdrawal routes will have to be guarded. The exit must be everything the invasion was not: based on reality and backed by adequate resources.

If your past ‘tail between the legs‘ exit is anything to go by, you will be humiliated as you leave Iraq.

The United States should explore using Kurdish territory in the north of Iraq as a secure staging area. Being able to use bases and ports in Turkey would also make withdrawal faster and safer. Turkey has been an inconsistent ally in this war, but like other nations, it should realize that shouldering part of the burden of the aftermath is in its own interest.

So now The New York Times is giving military advice.

You cant make stuff like this up!

Accomplishing all of this in less than six months is probably unrealistic. The political decision should be made, and the target date set, now.

And then?

The Fight Against Terrorists

Despite President Bush’s repeated claims, Al Qaeda had no significant foothold in Iraq before the invasion, which gave it new base camps, new recruits and new prestige.

Bush is the terrorist. Millions of people understand this, and yet, you do not. You STILL BELIEVE that your administration is without stain, is not guilty, and is not evil. That is astonishing.

This war diverted Pentagon resources from Afghanistan, where the military had a real chance to hunt down Al Qaeda’s leaders. It alienated essential allies in the war against terrorism. It drained the strength and readiness of American troops.

‘Al Qaeda’s’ leaders are in the white house. There was no ‘Al Qaeda’ in Iraq before the americans got there; they brought it with them. Many people are waking up to this, but you are not. This is no surprise.

And it created a new front where the United States will have to continue to battle terrorist forces and enlist local allies who reject the idea of an Iraq hijacked by international terrorists. The military will need resources and bases to stanch this self- inflicted wound for the foreseeable future.

‘SELF INFLICTED WOUND’ !!!! …. if only you knew!

The Question of Bases

The United States could strike an agreement with the Kurds to create those bases in northeastern Iraq. Or, the Pentagon could use its bases in countries like Kuwait and Qatar, and its large naval presence in the Persian Gulf, as staging points.

And there you have it. US bases are the basis of all these troubles. You need to pull out COMPLETELY AND PERMANENTLY from this region, and have done with it. If you do not, this will continue ad infinitum, or until you are worn down as has been the case in Iraq.

This demonstrates that you have ABSOLUTELY NO UNDERSTANDING about the region, that you have not listened to the people who actually live there and what their complaints about your government are, and that you are willing to make and support the same mistakes again and again, like brainless insects.

There are arguments for, and against, both options. Leaving troops in Iraq might make it too easy — and too tempting — to get drawn back into the civil war and confirm suspicions that Washington’s real goal was to secure permanent bases in Iraq. Mounting attacks from other countries could endanger those nations’ governments.

A prediction for you. That huge embassy complex that you are building in Iraq will be spectacularly demolished within six months of the pullout. You will not have a single person or piece of intact equipment in Iraq after one year. You will be forced to leave Iraq entirely. Period.

The White House should make this choice after consultation with Congress and the other countries in the region

why now? they didnt do this before? what makes you think that Lord Cheney will do this? Are you really that insane?

, whose opinions the Bush administration has essentially ignored. The bottom line: the Pentagon needs enough force to stage effective raids and airstrikes against terrorist forces in Iraq, but not enough to resume large-scale combat.

‘YES’ is the answer it seems!

The Civil War

One of Mr. Bush’s arguments against withdrawal is that it would lead to civil war. That war is raging, right now, and it may take years to burn out. Iraq may fragment into separate Kurdish, Sunni and Shiite republics, and American troops are not going to stop that from happening.

Already predicted ages ago. Where were you when the words were being said?

It is possible, we suppose, that announcing a firm withdrawal date might finally focus Iraq’s political leaders and neighboring governments on reality.

I actually laughed out loud at this. ‘REALITY’ oh my!

Ideally, it could spur Iraqi politicians to take the steps toward national reconciliation that they have endlessly discussed but refused to act on.

Once again, laughing out loud at this absurd twaddle. That puppet government will turn to smoke the moment the soldiers leave.

But it is foolish to count on that, as some Democratic proponents of withdrawal have done. The administration should use whatever leverage it gains from withdrawing to press its allies and Iraq’s neighbors to help achieve a negotiated solution.

This is just gibberish.

Iraq’s leaders — knowing that they can no longer rely on the Americans to guarantee their survival — might be more open to compromise, perhaps to a Bosnian-style partition, with economic resources fairly shared but with millions of Iraqis forced to relocate. That would be better than the slow-motion ethnic and religious cleansing that has contributed to driving one in seven Iraqis from their homes.

What would be ‘better’ is if you stop trying to determine what is ‘better’ for countries all over the world, starting with Iraq.

The United States military cannot solve the problem.

Everyone in the world except you knows this, and knew it before the illegal invasion started.

Congress and the White House must lead an international attempt at a negotiated outcome. To start, Washington must turn to the United Nations, which Mr. Bush spurned and ridiculed as a preface to war.

Congress and the White House must be spanked. They should have nothing whatsoever to do with Iraq or any state in the middle east, save as purchasers of their oil. Period.

The Human Crisis

There are already nearly two million Iraqi refugees, mostly in Syria and Jordan, and nearly two million more Iraqis who have been displaced within their country. Without the active cooperation of all six countries bordering Iraq — Turkey, Iran, Kuwait, Saudi Arabia, Jordan and Syria — and the help of other nations, this disaster could get worse. Beyond the suffering, massive flows of refugees — some with ethnic and political resentments — could spread Iraq’s conflict far beyond Iraq’s borders.

This was predicted. Shame on you for not saying this BEFORE the illegal invasion started.

Kuwait and Saudi Arabia must share the burden of hosting refugees.

Must they now?! And who are you, in your office in NEw York,to tell anyone what to do? You are no one and nobody, and you need to understand this, and shut the fuck up.

Jordan and Syria, now nearly overwhelmed with refugees, need more international help. That, of course, means money. The nations of Europe and Asia have a stake and should contribute.

Should they now? Why should not you and your colleagues bear the entire cost? This is a problem YOU started, YOU boosted with your impudent rag, and now YOU should pay to clean it all up, as part of a punishment for war crimes you committed and sanctioned in your filthy ‘newspaper’. No one else should be made to pay for YOUR mistakes, and it is insulting for you to suggest otherwise. You show a total lack of repentance and humility by asking for this; SHAME on you you BASTARDS.

The United States will have to pay a large share of the costs, but should also lead international efforts, perhaps a donors’ conference, to raise money for the refugee crisis.

Perhaps you should all fuck off and stop interfering in other people’s countries? Hand over the cash to the UN and let them deal with it. And try saying SORRY.

Washington also has to mend fences with allies. There are new governments in Britain, France and Germany that did not participate in the fight over starting this war and are eager to get beyond it.

There is no ‘new government’ in Britain, Gordon Brown is just as guilty as Bliar, and dont even try and say otherwise. If this is the depth to which your knowledge runs it is no wonder that you are appearing to be a bunch of clueless morons; YOU ACTUALLY ARE.

But that will still require a measure of humility and a commitment to multilateral action that this administration has never shown. And, however angry they were with President Bush for creating this mess, those nations should see that they cannot walk away from the consequences. To put it baldly, terrorism and oil make it impossible to ignore.

Astonishing – a measure of humility?

And as for ‘terrorism’ this is entirely the creature of the american government. Everyone now knows it. No one is going to take these arguments as a serious reason to help the USA clean up its mess.

The United States has the greatest responsibilities, including the admission of many more refugees for permanent resettlement. The most compelling obligation is to the tens of thousands of Iraqis of courage and good will — translators, embassy employees, reconstruction workers — whose lives will be in danger because they believed the promises and cooperated with the Americans.

Lets see you do it.

The Neighbors

One of the trickiest tasks will be avoiding excessive meddling in Iraq by its neighbors — America’s friends as well as its adversaries.

EXCESSIVE MEDDLING?

Your country just perpetrated the first great criminal act of the twentieth century, and you DARE talk of ‘excessive meddling’?? Surely someone has pointed out to you how absolutely ABSURD this sounds – was this piece not read by anyone before it was printed? This is frankly beyond belief!!

Just as Iran should come under international pressure to allow Shiites in southern Iraq to develop their own independent future, Washington must help persuade Sunni powers like Syria not to intervene on behalf of Sunni Iraqis. Turkey must be kept from sending troops into Kurdish territories.

Iran…um..there you go again to quote Ronald Reagan. It is precisely this sort of talk that got you into this mess, and which you simply do not understand is the cause of all your problems. Let me spell it out for you; You have no right to interfere in the affairs of other countries. If you do, people from those countries will kill you wherever they can.

All clear now?

For this effort to have any remote chance, Mr. Bush must drop his resistance to talking with both Iran and Syria. Britain, France, Russia, China and other nations with influence have a responsibility to help.

No they do not. They have a responsibility to their electorates, to keeping them out of america’s deadly wake, and to minding their own business at all times. Spain learned this, pulled out of Iraq and was taken off of the enemies list. Any country that follows america is doomed to failure, humiliation and retaliation. No one is listening to the New York Times and their utter drivel and nonsense. Thankfully. Everyone else in the world

really has moved on

from this, and they will never follow (at least The Great Satan Bush) on another adventure ever again. You are tainted. You are bad luck. We shun you.

Civil war in Iraq is a threat to everyone, especially if it spills across Iraq’s borders.

President Bush and Vice President Dick Cheney have used demagoguery and fear to quell Americans’ demands for an end to this war. They say withdrawing will create bloodshed and chaos and encourage terrorists. Actually, all of that has already happened — the result of this unnecessary invasion and the incompetent management of this war.

No, actually america and the New York Times are the threat to everyone. They fail to learn the lessons of history, and even recent history, they expect everyone to just obey and follow them into the abyss, and to clean up their mess after their murderous adventures of genocide. From the man in the street to the very top, everyone is onto your game, and no one is going to go along with it. YOU have to pay to clean this up, YOU have to back off permanently. Grow up and DEAL with it.

This country faces a choice. We can go on allowing Mr. Bush to drag out this war without end or purpose. Or we can insist that American troops are withdrawn as quickly and safely as we can manage — with as much effort as possible to stop the chaos from spreading.

[…]

New York Times

Wrong. You have to stop spreading the chaos.

That is the most important thing of all.

You numbskulls!

the rough with the smooth

Saturday, July 7th, 2007

Another final warning

Friday, July 6th, 2007

Another post tipping point post:

[…]
Before writing me off as a privacy kook, consider this testimony from 1992 by the group Computer Professionals for Social Responsibility (CPSR) before the Special Joint Subcommittee Studying State and Commercial Use of Social Security Numbers for Transactional Identification. According to testimony, “[until] 1972, each card issued was emblazoned with the phrase ‘Not to be used for ID purposes.'” It cited a report by the U.S. Department of Health, Education, and Welfare that recommended, in unqualified terms, that the SSN not be used as an identifier (bold text in the original document):

We recommend against the adoption of any nationwide, standard, personal identification format, with or without the SSN, that would enhance the likelihood of arbitrary or uncontrolled linkage of records about people, particularly between government or government-supported automated personal data systems.

This advice was not followed, and by 1992 the CPSR reported the dismal facts: “Unfortunately, [the Federal Privacy Act of 1974] has not been effective due to bureaucratic resistance from inside the government, lack of an effective oversight mechanism, and the uncontrolled use of the SSN in the private sector.” When states like California, New York, Virginia and others passed legislation in the mid-1990s requiring the collection of an applicant’s SSN to issue a driver’s license, they effectively flattened 60 years of privacy protection, and they effectively exposed every citizen to a degree of identity risk that was, and remains, unconscionable.

And so what has been the legacy of the government ignoring its own advice and the advice of leading computer experts? Precisely what the CPSR predicted: identity theft is now the most prevalent complaint received by the FTC, and it’s America’s fastest-growing crime. Unlike a video game that just eats your quarter and says “GAME OVER,” a stolen identity can ruin your credit score, drain your bank account, endow you with a lengthy criminal record, or grant you an entry on the no-fly list. More troubling, identity theft can be a one-way ticket to a world in which the bits on some agent’s computer screen matter more than your own testimony, a world in which the term habeas corpus is a lexical artifact rather than a constitutional guarantee, a world in which your physical self can be suborned based on what is believed about your virtual self.

On December 18, 2006, Tom Zeller reported “An Ominous Milestone: 100 Million Data Leaks” in the Technology section of The New York Times. The number of confirmed victims is at least 15 million. The cost is estimated at more than $50 billion a year. In health care terms, we have more than 100 million “exposed,” 15 million “affected,” and a cost of, well, more than $50 billion. How did we get here? And what are we going to do about this virtual epidemic?

[…]

The people of this fair isle do not have this problem, because there is no unique identifying number that is issued by the state to every citizen line the american Social Security Number (SSN).

If the NIR is rolled out as planned, then everyone in the UK will be given a unique number which will be printed on their ID card. That number will then be the same as the SSNs that plague the americans, and then the shit will hit the fan for the British.

That ID cards are still being considered is as unsurprising as it is appalling. Gordon Brown and his merry band of murderers do not care a whit about the British people, or how much danger they put them in as a result of their insane policies.

Once again, for the nth time, if you allow yourself to get put into this system, then what is happening to the americans will happen to you You would have to be TOTALLY INSANE to volunteer for this madness.

But you know this…

and finally:

[…]
And it gets worse. Individuals who can be victimized by their own data can also become collective victims of those with whom they are associated. As Bruce Schneier wrote for Wired magazine:

Contrary to decades of denials, the U.S. Census Bureau used individual records to round up Japanese-Americans during World War II.

The Census Bureau normally is prohibited by law from revealing data that could be linked to specific individuals; the law exists to encourage people to answer census questions accurately and without fear. And while the Second War Powers Act of 1942 temporarily suspended that protection in order to locate Japanese-Americans, the Census Bureau had maintained that it only provided general information about neighborhoods.

New research proves they were lying.

The whole incident serves as a poignant illustration of one of the thorniest problems of the information age: data collected for one purpose and then used for another, or “data reuse.”

It is bad enough that the government might collect data for one (lawful) purpose and then use it for another (nefarious) purpose, but what happens when all data is keyed by a single key, such as a Social Security number (SSN), which itself was never designed for the purpose of personal identification? And what happens when that number is leaked (100 million instances and counting) or stolen (15 million instances and counting)? The opportunities for abuse, both within and outside the system become virtually limitless. (And legislation passed in 2005 has only served to accelerate both the breadth and depth of these opportunities.)

Which is why the iPhone activation mechanism is so troubling, because it compels people in the heat of the moment to do something they should never do if given a moment’s thought. Now, I’m sure that it’s possible to get a phone activated without giving up one’s SSN. I did it with my carrier several years ago by walking the issue up to a VP’s desk and posting a $1,000 bond for two years. So it can be done. But should it be so hard? And how are we going to teach our children the importance of protecting personal information when the laws of the state and mainstream corporate behavior make it virtually impossible to do so?

The only solution I can see is that our family will have to dramatically expand the lesson of “you are responsible for you” beyond the basics of verbal and physical conduct. If you have any good references on how to teach your third-grader the ins and outs of identity management and information security, I’d be happy to receive them now. In the meantime, we’ll let you know whether we find a way to activate Amy’s new iPhone without handing over sensitive personal information to a company that has demonstrated no respect for personal privacy or identifying data.

[…]

News.com

What is so magical about this great country is that none of this applies here and we still have time to stop it from happening. Britain is still great. It is not to late to pull her back from the brink of the abyss.

Beverly Hughes: Computer Illiterate Liar

Thursday, July 5th, 2007

Ah yes, the second use of our new category ‘Someone Stupid Said’, and a most perfect example to boot.

Beverley Hughes, Minister of State for Children, Young People and Families, and soon to be the orchestrator of the largest mass abuse of children in the history of the world, said some very stupid stuff in a letter printed in the Guardian, in response to this letter authored by Jonathan Shephard (Independent Schools Council), Ross Anderson (Foundation Information Policy Research), Simon Davies (Privacy International), Becky Hogge (Open Rights Group) and Terri Dowty (Action on Rights for Children).

Here we go…

The ContactPoint system is secure

Tuesday June 26, 2007
The Guardian

Those who claim ContactPoint is open to abuse (Letters, June 22) should look more closely at the systems.

Actually we understand PERFECTLY how databases work, which is why we are able to make the assessment that ContactPoint cannot ever be secure. It is YOU who are a computer illiterate schaufensterpuppen without a single clue about what you are talking about or allowing to be planned.

If you publish the actual specification, then everyone can make a judgement, except maybe you, since you clearly don’t know the difference between a television and a computer.

The design and operation of ContactPoint will adhere to the new international standard for information security management systems as well as conforming with relevant government security standards and will continue to be reviewed by independent security experts during the system build.

So. What you failed to do is provide a link to to or properly name (give the ISO number) for this standard. Do you even know what a link is, we ask. As for ‘conforming to the relevant govenment security standards’, we have seen how they work and they do not work at all. Those standards are actually implimented (and very probably designed) by the contractors that you use to get these revolting jobs done. No department in the government has the capacity to be able to design and run these systems, and even if they did, this does not address the issue of rogue workers releasing information.

You say that security will be reviewed ‘during the system build’. What this REALLY means is that you have no idea how it is going to be rolled out and secured in advance of doing it, and you will be making it up as you go along, fixing any problems as you build it.

This is like saying you are going to build a new model of passenger jet, and that you are going to work out the details like center of gravity, air flow, where to place the engines, seating arrangements, materials, avionics etc etc during the aircraft build. You really are, one of the stupidest people on the planet if you are going to do what you are planning to do in the way that you have described in this pathetic letter.

We are confident we are doing all we can to ensure security.

And it is this suicidal overconfidence that will be the undoing of this project.

It is true that, in some limited situations, records of children whose circumstances may mean they are at increased risk of harm may be subject to shielding.

What this means is very clear. ALL CHILDREN SHOULD NOT BE PUT IN THIS DATABASE. A paedophile values ALL children. This is not a limited situation, but something that makes ALL children vulnerable. We know that the children of celebrities (and no doubt, the children of very member of Parliament) are going to be exempted from this database. The fact is that YOUR children are not more special, valuable or worthy of protection than any other child.

This admission is not only wrong, but it is a sickening demonstration of your true nature, as exposed by those hypocritical ministers who say that the state school system is good enough for everyone while they segregate their own children into private schools because their local schools are actually totally unacceptable, (Ruth Kelly, Diane Abbott, Harriet Harman). No one’s child should be put in this database by force. Every parent should have the right to opt IN to it should they want to. Opting in is the only correct and moral way to run such an abomination, and of course, you will never do this, because no one in their right mind would deliberately add their children to yet another government database.

These decisions will be taken on a case-by-case basis and this approach was backed by the information commissioner. The information commissioner’s office has been consulted at every stage of the development of the procedures surrounding the use of ContactPoint.

The foxes consulted with each other about access to the chicken coop. We feel so much better now!

Access to the system will be restricted to authorised workers who need it as part of their job and who have been security-checked, trained and have the necessary authentication

You really are one disingenuous liar of the first order.

The ‘authorized worker’ you desctibe are actually an army of 330,000 people. That is not ‘restricting’ the system, that is giving it to every Tom Dick and Harry.

The ‘security checking’ will not stop anyone of this army of users from copying and compromising the security of children on the database. If you knew anything about databases and how they are used you would understand this. If you claim to understand this, then you are an evil monster for pushing ContactPoint, and a liar because you are claiming that ‘ContactPoint is Secure’ when you know that this can never be the case. If you do not know anything about this, you should, at the very least, not have written this letter, and you should not be trying to rollout this disaster on wheels. Either way, you are in the wrong.

they will be made aware of the penalties for misuse, including disciplinary and criminal proceedings.

None of these penalties will reverse the damage done by this system. Period.

ContactPoint will contain only basic administrative information about children in England – their name, date of birth, and contact details for their parents or carers, for their school, GP and other services working with the child or young person. There will be no case information and no subjective opinions about a child or parent.

This is more disingenuous garbage. The private, sensitive and personal details of human beings (who they are related to, where they live, their ages) are not ‘basic administrative information’. This is PRIVATE INFORMATION that is the property of the citizen, and you have no right to store it, abuse it, collect it, distribute it or do anything with it without the written consent of the person. Certainly you have absolutely no right to short circuit the responsibility of a parent to their children by stealing this information and using it willy nilly. You are evil for doing this, you are evil for thinking this, and there are no two ways about it.

You are demonstrating that you are anti family, by doing this, coming between the sacred relationship that exists in a family between the child and the parent. These details are private. They should remain private, and they should only be used by consent.

It’s important not to forget the reason we are bringing this system in. It implements an important recommendation made by Lord Laming and is designed to be a practical tool to support better communication between practitioners so they can see quickly and easily who else is working with the same child and how they can contact them.
Beverley Hughes
Minister of State for Children, Young People and Families

This is utter nonsense. The fact is you don’t know why this database is being proposed. You have not got a clue about the forceful vendors pushing their ‘solutions’ onto HMG and the public, the dirty deals to sell the population like sheep. You have no idea about the long term agenda to neutralize any opposition to the creation of the Quantized Human Pleb Grid. Once again, if you DO know about all of this, you are completely evil for promoting it. If you do not, then you should not be promoting it from a place of total pig ignorance.

Beverley Hughes is the anti-Family minister. She has no idea of what the word ‘Family’ means; anyone that claims they know what that word means could never propose what she is proposing. Anyone that is pro-Family is for the protection and preservation of family bonds and responsibilities and they do not, reflexively, do anything that dilutes those bonds and responsibilities.

What Beverley Hughes is proposing is not only wrong, it is very dangerous. But she doesn’t care.

Look at her record:

How Beverley Hughes voted on key issues since 2001:

From this record it is clear that Beverley Hughes is against everything decent people are for. The only reason why she is there is because 7,851 couldn’t tell night from day at the ballot box.

That she is in this particular job is astonishing and frightening….though not really surprising, all of Neu Labour are as mad as hatters, and the deeper you go the more cut off from reality they are.

Diffuse the bomber not the bomb

Thursday, July 5th, 2007

I think we need a new category called, “Someone Stupid Said”:

EC wants to suppress internet bomb-making guides
Eurocrats, terrorists vie for techno-dunce supremacy
By Lewis Page

The European Commission (EC) has announced plans to frustrate terrorism by suppressing online guides on bomb-making.

“It should simply not be possible to leave people free to instruct other people on the internet on how to make a bomb – that has nothing to do with freedom of expression,” EC vice president Franco Frattini said yesterday.

Mr Frattini is “responsible for Freedom, Security and Justice.”

When asked how the EC planned to suppress web bomb manufacture instructions hosted outside EU borders, it appeared that officials planned to act at the level of ISPs in Europe.

The Times quoted a commission spokesman as saying: “You always need a provider here that gives you access to websites. They can decide technically which websites to allow. Otherwise, how would China block internet sites? There are no technological obstacles, only legal ones.”

According to the Telegraph’s Brussels correspondent, “internet service providers would face charges if they failed to block websites with bomb-making instructions”.

Mr Frattini and his EC subordinates appeared to have no plans for dealing with bomb instructions sent via email, browsed over encrypted relays such as Tor, sent by post, or physically transported. Nor did his plan offer any serious chance of websites being blocked at hundreds of ISPs in time to prevent full details being obtained by anyone who wanted them. Nor did it take account of the speed with which controversial information can be – and usually is – mirrored.

If the UK papers’ reports are correct, Frattini and his advisors are fantastically ignorant of internet realities. The timing of the announcements seemed to respond with recent comically inept terror attempts in London and Glasgow. Given that those involved had clearly failed to do any internet research whatsoever before mounting their addled and ineffectual campaign, Mr Frattini’s outburst yesterday wasn’t just ignorant, but irrelevant too.

Anyone with even very basic net savvy is going to be able to get bomb-making instructions despite the laws Mr Frattini tries to push through this autumn. Even total web dolts with contacts outside the EU will be able to get information forwarded to them. A dunce’s cap, please, for Frattini and the EC Freedom, Security and Justice apparat. Off to the corner with them.

[…]

The Register

And one of the best, most concise, comments on this subject that I have ever read, attached to that story:

Diffuse the bomber not the bomb
Posted Wednesday 4th July 2007 14:48 GMT

If you remove the injustice that’s used for recruiting the terrorists, then you remove the problem. The evil masterminds can plot all they like, but if they have no foot soldiers willing to blow themselves up, they have no attack vector.

On the other hand, if you leave the injustice in place, and these evil masterminds *can* recruit their foot soldiers, then what stops them simply sending an email with bomb making instructions?

So this can’t work.

I also think some of the existing measures are very counter productive. For example creating laws on ‘incitement’, simply suppressed the words used to express anger. But that anger didn’t go away, so likely became channeled in actions instead. It tackled the symptoms not the cause and in doing so made things worse by marginalizing and fanaticizing people who, otherwise would simply be angry.

Imagine if Cory Doctorow was not allowed to rant about copyright, DRM and the RIAA. He’s you’re classic fanatical type, without free speech, he’d be making bombs instead of speeches and blowing stuff up. Instead of an ‘activist’ he’d be a ‘terrorist’ instead. Same personality different rule set.

I’m not keen on the EU getting filtering rights to the net, since it wouldn’t work and would simply give them an ‘in to expand into all areas. How’s 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 suppression going?

Frattini and the majority of people in politics are indeed fantastically ignorant of how the internet works; in fact they are Computer Illiterates.

Not only are they computer illiterates, they are not even intelligent or experienced in problem solving enough to find the correct people to advise them on how the world really works, and instead, point to China as a model of how to make things ‘they way they ought to be’.

In case anyone is in any doubt, China is the model that Frattini and his sort admire. It is ‘China on the Danube’ that they want to create in the EU, and this little Freudian slip pretty much makes that clear, on top of all the other insane nonsense that he is plotting, like the air passenger info database.

Interesting that these Fascist ideas are coming an Italian….hmmmmmmm!

ContactPoint Database Leaked: 2.3 Million Children in Danger

Wednesday, July 4th, 2007

By Sharon Gaudin InformationWeek July 3, 2007

A senior level database administrator for ContactPoint is being accused of stealing and selling sensitive information on 2.3 million British children.

The now former employee whose name was not released allegedly took the information and sold it to a data broker, who in turn sold the information to several direct marketing companies, according to a press release posted by Capita, which is the company that won the contract to operate ContactPoint.

“As a result of this apparent theft, the children and families affected are received marketing solicitations from the companies that bought the data,” said Renz Nichols, president of Capita, in a written statement. “We have no reason to believe that the theft resulted in any paedophiles getting hold of children, and we are taking the necessary steps to see that any further use of the data stops.”

Capita noted its researchers believe that about 2.3 million children have been compromised, with approximately 2.2 million containing health information and 990,000 containing other sensitive information on the parents. They’re still investigating when the alleged theft occurred.

The database administrator who worked on ContactPoint had access to the information as part of his job responsibilities but did not have the authority to actually remove any of the information, according to Capita. The administrator has been fired and Capita filed a civil complaint in the High Court against him and the marketing companies that bought the information. Capita reported that it is seeking the return of all the consumer information, as well as an injunction against its use.

The company also said in the release that it is pushing authorities to file criminal charges.

Capita, which runs many government IT services, including the London Congestion Charge, maintains bank account information to help merchants decide whether to accept checks as payment. The company also maintains check and credit card information in connection with its other operations that are designed to help businesses provide customers with access to funds.

Capita said a parent reported suspicious solicitations and marketing materials. An investigation found that the company’s security systems had not been breached, so they called in the U.S. Secret Service, since the British Government has no expertise in this area, who often investigate financial crimes. The Secret Service, according to Capita, then traced the leak back to the database administrator.

Information Week

[…]

And there you have it.

There are some interesting lines in this story:

“…we are taking the necessary steps to see that any further use of the data stops.”

Just how are they going to know if the data was not sold on again? They cannot know this, and if the data is partitioned into small stripped parcels, whoever bought a stripped parcel will have plausible deniability. There are many data brokers out there who sell data aggregated from many sources. All they have to do is strip out all the data that makes the stolen database identifiable as ContactPoint data (the unique numbers and everything else, leaving just the names and addresses) and then they can add this data to their current databases and claim that what they have is simply what they were using previously. Lets say you choose to buy only the subset of ContactPoint where the children are exactly seven years old. You would be able to send a mailout to these families without raising too much suspicion.

The bottom line is, data in a huge database is like pandora’s box; once you open it and let it out, its out there forever.

“The administrator has been fired and Capita filed a civil complaint in the High Court against him and the marketing companies that bought the information.”

Firing the administrator, hanging drawing and quartering him and then feeding the remains to pigs will not put humpty dumpty together again. No penalty, not matter how severe can erase all the illegal copies taken from a database. That sort of magic is just that, magic and not part of the real world.

The only way to prevent theft like this is to not put the sensitive information of private people in a database in the first place.

“Capita reported that it is seeking the return of all the consumer information, as well as an injunction against its use.”

This is so absurd it beggars belief that they have the gall to say it in public, let alone in writing.

If ContactPoint is rolled out, it will be the single greatest threat ever foisted upon the children of a country. Never before will a government have deliberately put so many children in danger in a single stroke. It is an act of monstrous stupidity and evil. Period.

It’s not going to work Uncle Joe

Sunday, July 1st, 2007

Added: Saturday, 30 June, 2007, 10:18 GMT 11:18 UK

Completely safe, thank you.

And even if I didn’t, I would not be prepared to give terrorists any victory by changing my habits or pandering to any ‘increased security’ in response to their threats.

Megan, Cheshire UK

Recommended by 215 people

———————

Added: Saturday, 30 June, 2007, 10:06 GMT 11:06 UK

Statistically and practically you have more chance of being hit by a bus on Oxford Street than being a victim of these deranged, brainwahsed psycopaths. Lets get on with our lives and don’t give them the satisfaction of thinking we’ll change of behaviour or way of life. As someone regularly in London on business I will continue to use the tube and visit nightclubs when socialising and these spineless cowards won’t stop me.

john smith, leeds, United Kingdom

Recommended by 193 people

———————

Added: Saturday, 30 June, 2007, 11:28 GMT 12:28 UK

Ooooh, I’m SO scared! Please, Mr Brown, pass some more draconian laws which limit our freedom.

I’m sick of being made to feel fearful by clowns who failed their “car bombing 101” course.

During the WWII blitz, when the danger was very real, the message wasn’t one of fear and angst, but “Keep Calm and Carry On”. I wish we had that message in today’s phony war on terra.

Marc Brett, London, UK

These are the most recommended answers to the question “How safe do you feel in the UK”, as asked at BBQ.

Its as if the usefulness of these acts are being tested by BBQ as part of a carefully coordinated planned study of effectiveness. As you can see, no one is buying it.

Everyone now understands that giving up your rights for safety is bullshit. Even more people understand that the people engineering these ‘attacks’ are the same people who are taking away your rights.

Watson has an interesting and insightful thing to say about this:

If we were really at war with Islamic terrorists then the British government would impose stringent controls on letting Muslims into the country in the first place and would deport others en masse – but instead the opposite has happened, while everybody’s rights are violated and abused in the name of security.

No one can say that this is a lie. People up and down the country are saying it openly. It cant be long before the newest buzzword in the UK is ‘Repatriation’. Denmark have already swallowed hard and said the words:

1.2. The Danish Repatriation Scheme

In Denmark repatriation is considered a voluntary matter. For repatriation to be successful, it must be carefully prepared. A decision to return is never easy, but often a lengthy process for the individual who has to consider many aspects. It must be ensured that the decision is made on an as sound and well-informed basis as possible.

The current repatriation scheme gives refugees and immigrants the opportunity to apply for financial support towards resettlement in their native country or former country of residence and towards the costs of the journey. In addition the scheme contains a fixed-term right to regret for refugees. […]

reintegration.net

Now look at this.

See what I mean?

But I digress. The focus is going to be moved, wether the grotesque ‘Uncle Joe’ Gordon Brown likes it or not, to eliminating ‘the enemy within’ and no one is going to accept even more useless legislation, which is literally useless at stopping crime.