Category: Privacy and security

Fintech at minus four

10th February 2017by Consult HyperionLeave a comment

Well, I’m just back from Oslo where it was a balmy -4 during the Oslo Fintech Fest. The nice people organising this little get-together of a almost a thousand close friends asked me along to give a short talk on the next ten years of Fintech and since some of Consult Hyperion’s favourite Nordic clients were going to be there, I thought I’d take them up on the offer (especially when I saw the great line-up they had for the day).

Another reason for wanting to go along to #OsloFintechFest is that Norway is one of my favourite countries, for several reasons:

They don’t use cash. The beggars here have QR codes that you can scan to donate money to them using your mobile wallet.
They are obsessed with trolls, and made one of my all-time favourite films, Troll Hunter.
They have a functioning bank-led identity infrastructure.

Yes, that’s right. It may sound a little far-fetched, but it’s true. Basically, everyone here uses a bank-provided identity and secure authentication service to do pretty much everything. In a population of 5.2 million, there are 3.5 million people with a BankID widget and a million people with a BankID app on their phones (here’s my fanboy piece about it back in 2006). What started off as secure way to log in to your bank account has morphed into a secure way to log in to everything.

In 2015 BankID was used 430 million times, a number that has increased year by year as more services are made available. It is a two-factor-solution, with a key fob-style token – or an optional mobile app – and a BankID password. Customers can use their BankID to lease a car, rent an apartment or enroll for college.
[From Norway adding mobile digital identity function to its BankID program – SecureIDNews]

Sounds pretty good to me. And now they’ve decided to extend the authentication beyond the browser and in-app which is where, as we all know, the action is. They are running a pilot program right now.

Encap’s ‘Smarter Authentication’ is a device-based, multi-factor platform that removes the need for key fobs by enabling authentication to take place inside an app. Encap takes advantage of the device’s authentication capability – Apple’s Touch ID for example – and lets that be used to verify the customer.
[From Norway adding mobile digital identity function to its BankID program – SecureIDNews]

Love in-app. Love local authentication. Love Apple TouchID. I’m green with envy. Why don’t the UK banks have something like this in place?

It was terrific event, with excellent networking and some great panel discussions. I gave a talk about the future of fintech and ended up by talking about Consult Hyperion’s “Live Five” for 2017 so that there were some specific areas of focus for the delegates. Go Norway. I do have one slight area of disagreement with my Norwegian cousins though.

The Norwegian Data Protection Authority – Datatilsynet believes people should be able to make purchases without having to leave electronic tracks behind them.
[From Norway to Be a Cashless Country – The Nordic Page – Economy]

I’m unconvinced. I think the disadvantages of unconditional anonymity greatly outweigh the benefits of managed pseudonymity. Hence the next step for BankID should be to deliver a functional bank-led multi-identity pseudonymity service (so that when you are asked for your identity, a menu of identities pops up on your phone for you to choose from: e.g. “David G.W. Birch“, Dave Birch”, “Lord Tantamount Horseposture” or “G. Jesus Saves”) and show the rest of us how it is done.

Don’t bogart that iPhone

11th August 2016by Consult HyperionLeave a comment

Over the years, I’ve often tried to persuade clients that the time will come when privacy will be part of the upfront consumer proposition rather than a back office hygiene factor.

privacy should be an integral part of the customer proposition that sways the choice of product or service

From The business of privacy | Consult Hyperion

This means that organisations should plan for investments in more sophisticated security infrastructure (you can’t have privacy without security) and that these should be on a roadmap that exploits this transition. I think we may be getting closer to this transition time, because I notice that Apple appear to taking quite a big step forward to improve the privacy of individuals in a networked, hyper-connected world by introducing “differential privacy” in its products.

Differential privacy provides a way to mathematically guarantee that statistics about a pool of data collected from many people can’t be used to reveal much about the contribution of any one individual. Apple has built it into the new version of its mobile operating system, iOS, for iPhones and iPads to be released this fall.

From Apple’s New Privacy Technology May Pressure Competitors to Better Protect Our Data

If you’re wondering what this means, and can’t understand the wikipedia article (I couldn’t), let me give you an example from some software that I wrote many, many years ago. I’ll use the example of recreational drug use, although this isn’t what the project I worked on was about (well, not during daylight hours, anyway).

Suppose for some reason — e.g., public health planning — the government wants to know how many people smoke dope. Imagine that there’s an app on your phone that asks you if you smoke dope. So it asks you “Do you smoke dope?”. The app sends your answer back to some survey database big data cloud thing. Now the big data cloud thing can tell other people (e.g., the government) that you smoke dope but that means that the police will know and also if hackers get into the survey database big data cloud thing they could blackmail you (or sell you dope).

But there is another privacy-enhancing way to do this.

The app asks you if you smoke dope. You answer. Then the app tosses a coin. If the coin comes down heads, then the app tells the big data cloud thing “yes”. If the coin comes down tails, then the app tells the big data cloud thing whatever your real answer was.

Let’s say 10 million people answer. In the big data cloud thing, there are seven million yes answers and three million no answers. Remember, because the coin toss is fair, then five million of the answers will be a yes anyway. So you know that five million of the yes answers were there because of the coin coming down heads, and you can ignore them because they are not the real answer. You can take away five million of the yes answers as down to random chance.

Now you are left with the remaining five million real answers. There are the two million yes answers and three million no answers that are not down to random chance. You can therefore deduce that 40% of the population smoke dope.

Now, if hackers or the police get into the database and discover a yes answer next to your phone number, they cannot tell whether it is a real yes or a yes because of the coin toss. And you don’t want to reveal that you smoke dope, you can say that’s because of the coin toss.

Thus, the statistics for the population are correct and you know that 40% of the population smoke dope but you cannot tell whether any individual person smokes dope.

Now the differential privacy used by Apple is more complex than this simple example, but you get the point, and good on them for taking practical privacy-enhancing action whether it is to advance the sum total of human privacy or to put pressure on Facebook and Google. Either way, making privacy part of the proposition that might sway the customer’s choice is a very good thing.

Identity and inclusion, an ongoing case study

24th June 2016by Consult Hyperion

America is a strange country to foreigner such as myself. And one thing that is particularly strange about it is the constant demand for identification in a society that lacks an identity infrastructure. The most obvious manifestation of this, as I’ve written before, is that when I am asked for identification (in order to get into a building in America, for example) I can present documents that the security guard cannot conceivably verify or validate (e.g., my UK driving licence) or documents that are not identity documents at all (e.g., my expired building pass for our office in New York) and gain entry. This is, as is often remarked, security theatre not security. It’s like a play about security where we all say our lines and play our parts but there’s no actual security involved at all. When it comes to identity, there’s definitely something odd about America.

Buying an assault rifle is easy. You need not show formal identification… Opening even the most basic bank account is far more arduous. The process begins with a rigorous ID check…

From It’s easier to buy an assault weapon than open a bank account. Really. – The Washington Post

Now, I don’t want to get into the madness of KYC/AML here as that’s not the point I want to make, although I will flag up the fact that America has something in the region of a hundred million unbanked people. The point I’m making here is that I don’t understand why we can’t implement a universal risk-based approach for “small” accounts in order to get people into the financial system (not necessarily through a bank account, of course). In Europe, we have a very interesting case study unfolding in front of us right now.

When Anas Albasha arrived in Germany after fleeing Syria in late 2014, one of the first things he tried to do was open a bank account. “In Germany you need a bank account for everything,” he says.

From Without German bank accounts, refugees are stuck in limbo – FT.com

Indeed. Rich Germans and people smugglers might well keep their cash in 500 euro notes, but poorer law-abiding Germans use debit cards and direct debits. If you don’t have an account, you have no access to the infrastructure of daily life. And, in my opinion, if you keep everyone out because one or two of them might be terrorists, then you don’t get to track, trace and monitor the terrorists anyway. Hence the German plan to give refugees a sort of provisional identity so that they can enter the financial system makes complete sense.

But it has been a struggle to persuade banks, which have to verify their customers’ identities, to open accounts for refugees. The heart of the problem is documentation. “Many refugees arrive in Germany without a passport or ID card; that’s just the way it is after the journeys they have been through,” says Katharina Stamm, an expert on migration law at the charity Diakonie.

From Without German bank accounts, refugees are stuck in limbo – FT.com

In September 2015, the Federal Financial Supervisory Authority (“BaFin”) relaxed the KYC requirements for refugees so that they could gain access to formal financial services.

With immediate effect and for a transition period, refugees will be able to open a basic account even if they cannot produce a document satisfying the passport and ID requirements in Germany.

From BaFin – News – BaFin makes opening bank accounts easier for refugees

Later last year, in October, the German government went further and passed a law requiring banks to offer these basic bank accounts to refugees. Unfortunately, and despite that law coming into effect in June of this year, “

Germany’s anti money laundering law still contains a clause that effectively requires a passport or ID card to open an account.

From Without German bank accounts, refugees are stuck in limbo – FT.com

Incidentally, we have the same problem here in the UK because the only ID document that refugees have is the Biometric Residence Permit (BRP) and many bank staff refuse to accept this as an ID document for opening an account. As the British Banking Association point out, “banks have to undertake thorough checks before opening accounts in order to comply with strict anti-money laundering rules”. Once again, as in Germany, it is AML rules trumping KYC rules. And I don’t want to point the finger as to the origin of the problematic AML rules, but the Centre for Financial Inclusion do note that it might be better for society to have people inside a system where they can be monitored and risk managed.

Lower [KYC] requirements also means that governments concerned with international security (particularly the U.S.) must determine how they will mitigate the risk of new financial services innovations.

From Financial Inclusion and Immigration in Europe – Disrupting Identity Norms | Center for Financial Inclusion blog

I’m writing about this because I’m in Ivory Coast for the International Finance Corporation (IFC) and MasterCard Foundation conference on “Partnership for Financial Inclusion”. I was here to keynote about risk management for digital financial services (and how “fintech” and “regtech” can help) but I’ll definitely be hoping to learn more about the relationship between identity and inclusion from the experts here.

I’ve already had a couple of pretty interesting discussions about the idea of building “bottom up” (i.e., attribute-driven) identity to help with inclusion and the relationship between such identities and those KYC/AML issues discussed above. I’m genuinely curious to know what you all think about this stuff – please get in touch – and how some of this thinking might connect with initiatives such as Identity 2020.

Facing the facts

17th June 2016by Consult HyperionLeave a comment

I always have a lovely time in Sydney, one of my favourite places in the whole world, and I had a particularly lovely time down there last month at the Biometrics Institute Asia-Pacific conference at their invitation.

I was asked there to talk about biometric authentication for digital identities, but most of the other talks were about biometric identification. These included a superb talk by Patrick Nemeth, Director of the Identity Operations Division, Office of Biometric Identity Management (OBIM) at the Department of Homeland Security (DHS), who was talking about the practicalities of their work and their plans for the future.

Patrick mentioned in passing that in future they will start storing DNA, not for identification but for the purpose of “familial matching”. So if somebody turns up at an airport with a child and claims to be a parent or sibling, the new technology means that it will only take around two hours to determine whether there is a familial match, which I thought was pretty cool. I could not, however, resist the mischief of pointing out that in the UK, around one in 25 children are not related to their presumed biological father. In the US it is approximately around one in 20 and according to some web reports that I found, in some parts of Florida it is supposedly a third!

You can just imagine the embarrassment of JFK can’t you? When you filled in that customs form?

“How many members in your family group?”

“Three.”

“Please guess again”…

Oh well. Interestingly, and more relevantly, Patrick said that OBIM would not be going any further with fingerprint technology would be exploring voice recognition for immigration services and face recognition at points of entry. This technology used to be absolutely hopeless, but I am sure that it has improved considerably.

A system installed a Keflavik airport in Iceland — not primarily aimed at terrorists but at drug dealers, missing children and so on — never matched a single wanted person

From Home biometric fun | Consult Hyperion

Actually, I know that it has, because one of our recent projects involved due diligence on a face recognition system installed in Latin America. Patrick went on to say that he expected the private sector rather than the government to make the next technological breakthrough in face recognition. I wondered if he was referring to recent Russian breakthroughs in automated stalking:

FindFace, an app launched by a Russian startup two months ago, lets its users identify strangers from pictures of their faces. It does so by matching the photos against profile pictures from VK—also known as VKontakte—a Russian social networking website similar to Facebook.

From How Russia’s New Facial Recognition App Could End Anonymity – The Atlantic

The genie is well and truly out of this bottle and I can only see two long-term outcomes. Either we become socially attuned to tracking at all times in all non-private spaces or we become socially attuned to hiding our faces using some form of burkha. In fact, burkhas might become the norm in public places because the biometrics guys are not just trying to do face recognition, there are also looking at body recognition (there was a very good presentation about this as well, by the way).

How life will change! It will be a quasi religious experience I suppose when you only take off the burkha and reveal your face when at home and in the company of family or close friends. It looks as if my plan to make my fortune by manufacturing Facebook-blue burkhas in a variety of sizes is looking better all the time.

Technology roadmapping

8th October 2015by Consult HyperionLeave a comment

In 2005 when we performed an update to our biometrics and identification technology roadmap for the UK police, body odour was a ‘technology’ that was looking interesting, but not mature enough. The idea was that if dogs can do it, why might it not be automated. And identical twins have a unique smell, apparently.

We identified policing applications of biometrics and identification technologies, one of which was automated identification of police officers. At that time, each Force had it’s own warrant cards (so there was no confidence in what they should look like) and there was no way of using them with machines to authenticate the cardholder as an ‘officer of the lieu’ and grant them access to building and machines.

We foresaw the benefits of a national police warrant smart card and were retained to specify the standard which is used today across the Forces.

More recently, the technology roadmapping I have been involved in has been for transport applications. As well as the usual technologies in this space (mobile apps with 2-D bar-code; contactless payment cards; NFC mobile devices emulating contactless cards) we have also been thinking about more interesting stuff. Such as USB contactless readers used at home for fulfilment of tickets or value direct to smart cards. Or mobile devices with Bluetooth Low Energy (BLE) interacting with beacons waking the app up to present the appropriate form of ticket for the time and place. And, or course, NFC devices with the Host Card Emulation (HCE) API allowing them to escape the tyranny of the Secure Element (SE) and Trusted Service Managers (TSMs).

You’ll not be surprised to hear that we are still tracking the technology of person identification via body odour. I look forward to being sniffed by a transit gate before being allowed onto the train platform in the near future.

Secure-enough transit mobile ticketing

6th October 2015by Consult Hyperion1 Comment

This year, I’ve been mostly working on ITSO ticketing in NFC mobiles devices with HCE and without secure elements. ITSO is the e-ticketing specification supported by the Department for Transport in the UK.

So far, high level design, risk analysis and proof of concept have been carried out by our team. Suitable controls are being developed. We are heading towards a trial this year on live schemes. More details to follow in next few weeks. But for now, see page 10 of the latest ITSO News.

Fraud – milking the system

6th December 2013by Consult HyperionLeave a comment

I almost fell off of my seat on the train when I read what I think may well be the official Tomorrow’s Transactions Burgundy Ribbon favourite newspaper story of the year. Yes, the head of a bank being a #crystalmethodist was good and #Higella’s revelations about Charlie and cash were good, but I think that it is very hard for anyone in the world of digital identity and digital money to top the story of the Romanians who claimed over half a million dollars in agricultural subsidies for their cows… in Farmville.

Continue reading “Fraud – milking the system”

Friends and relations

19th August 2011by Consult Hyperion1 Comment

While I was sitting through a presentation (a very good presentation, I might add) on social media strategy for one of our client’s financial services businesses, it struck me that they were slightly misjudging the more interactive and transactional nature of social media, doing great stuff but treating social media as another customer communication channel. I’m naturally more interested in social media for transactions: social commerce. I’ve given a couple of talks about this recently, pointing out the opportunities that social commerce opens up.

One prediction says social commerce will top $30 billion globally by 2015 with Facebook-generated sales one of the primary drivers.
[From Infographic: The history of F-commerce | SMI]

There are many different ways that financial services organisations can exploit this. A good example, to my mind, is the way in which Amex works with Foursquare.

Just after announcing that it passed 10 million users, location-based check-in service Foursquare has said it is partnering with American Express to give members even better deals when they check in at merchants’ stores across the country.
[From Foursquare partners with American Express for deal check-ins | VentureBeat]

This is a terrific proposition and it’s well implemented (through statement credits, so no coupons or vouchers or anything are needed). And, to follow this example, Amex also has a Facebook pages where its large number of fans can come to learn about products and services, share with the community of card holders and so on. Great stuff. And it isn’t only financial services organisations that are integrating themselves into social media to create new kinds of social commerce.

That is because the well-known mobile service provider is now allowing its customers to log on to Facebook to purchase phone credit.
[From O2 details new contactless payment technique]

Wow, that’s pretty interesting.

Pre-paid subscribers will now be able to access a secure app on the social networking website, where they will put in credit card details in order to purchase top ups.
[From O2 details new contactless payment technique]

Credit card details? Not Facebook credits? But you get the picture. Something like Facebook can be used to create a more intimate transactional environment without having to develop software, making it easy for consumers to “friend” and “like” and so forth. Personally, I don’t find this sort of thing particularly appealing because to me it’s the wrong kind of social relationship: I want something more granular.

Here’s what I mean. I don’t want to be friends with my bank — after all, I’m a typical consumer so I hate banks — but I do want to be friends with my bank account. Why can’t Barclays let me friend my current account so I can see its status updates like “Premium card fee £10.00”, “Direct Debit British Gas £37.85” and “Counter Credit £5.00” and so forth? I quite like the text messages that Barclays sends me but would prefer something more immediate and more detailed (I often call this “streaming commerce”) so that I can make decisions and respond.

Similarly, I don’t especially want to be friends with MBNA, but I do want to be friends with my MBNA American Express card. I’m using “friend” generically, of course, I don’t mean to imply that Facebook is the one and only way to implement a social media strategy.

Facebook usage in the UK fell nearly 4pc in July to its lowest level since 2009, sparking concerns that the social network has hit its peak and may be declining in popularity.
[From Facebook usage falls to three-year low – Telegraph]

I don’t use Facebook that much — it’s really for sharing with my brother and sister, other family members and a few old friends — and I’ve not got a crystal ball to see whether we’ll still be using it in a couple of years.

Many of the smartest people I know are leaving Facebook as well. I predict we’ll see many people leaving over the coming months and adopting Twitter.
[From The Facebook Exodus and the Future of Human Communication « Far Beyond The Stars | Cyborgs, second selves and cybernetic yogis]

My idea would work even better with Twitter though. Suppose Twitter made a small change to their system so that a user could opt to be in “secure” mode. A secure mode user can only be followed (or searched) by users in their “secure list” or whatever. Then, my MasterCard could be secure user “mc-53XX-XXXX-XXXX-XXXX” the only name in its secure list would be “@dgwbirch”. Now, when anyone else tries to follow or search mc-53XX-XXXX-XXXX-XXXX they see nothing.

I’d love to follow my John Lewis MasterCard on Twitter in the way instead of having to log in to find out what it’s been up to. Since I use Twitter all day and every day anyway, it would be a much better channel for payment products to develop a more intimate relationship with me. And think of the practical benefits: if I get a tweet from my debit card telling me it’s just been used to withdraw money from an ATM in Belarus, I can call Barclays right away to block it from further misbehaviour. This doesn’t seem terribly complex: all Barclays need to know is my twitter name and then it can use the Twitter API to post tweets and only allow me to follow them.

If I could follow my transactional instruments, I could also (in time) feed their tweets, status updates, notifications and so on into other software for mash-ups. I don’t know what kind of mash-ups – I’m not smart enough for that – but I’m sure there are people out there who could do great stuff with the data. So a plea to my account, card and service providers: I don’t want to be friends with you, because you are corporations and not mates, but I don’t want to be friends with my stuff: my money, my cards, my phone. How hard can it be?

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

What do they want us to do?

26th May 2011by Consult HyperionLeave a comment

What do the politicians, regulators, police and the rest of them want us (technologists) to do about the interweb tubes? It might be easier to work out what to do if we had a clear set of requirements from them. Then, when confronted with a problem such as, for example, identity theft, we could build systems to make things better. In that particular case, things are currently getting worse.

Mr Bowron told the MPs this week that although recovery rates were relatively low, the police detection rate was 80 per cent. However, the number of cases is rising sharply with nearly 2m people affected by identity fraud every year.
[From FT.com / UK / Politics & policy – MP calls cybercrime Moriarty v PC Plod]

So, again, to pick on this paricular case, what should be done?

Mr Head also clarified his position on the safety of internet banking, insisting that while traditional face-to-face banking was a better guarantee against fraud, he accepted that society had moved on. “If you take precautions, it’s safe,” he said.
[From FT.com / UK / Politics & policy – MP calls cybercrime Moriarty v PC Plod]

Yet I remember reading in The Daily Telegraph (just googled it: 20th November 2010) there was a story about an eBay fraud perpetrated by fraudsters who set up bank accounts using forged identity documents, so face-to-face FTF does not, as far as I can see, mean any improvement in security at all. In fact, I’m pretty sure that it is worse than nothing, because people are easier to fool than computers. I would argue that Mr. Head has things exactly wrong here, because we an integrated identity infrastructure should not discriminate between FTF and remote transactions.

I think this sort of thing is actually representative of a much bigger problem around the online world. Here’s another example. Bob Gourley. the former CTO of the U.S. Defense Intelligence Agency, poses a fundamental and important question about the future identity infrastructure.

We must have ways to protect anonymity of good people, but not allow anonymity of bad people. This is going to be much harder to do than it is to say. I believe a structure could be put in place, with massive engineering, where all people are given some means to stay anonymous, but when a certain key is applied, their cloak can be peeled back. Hmmm. Who wants to keep those keys
[From A CTO analysis: Hillary Clinton’s speech on Internet freedom | IT Leadership | TechRepublic.com]

So, just to recap, Hillary says that we need an infrastructure that stops crime but allows free assembly. I have no idea how to square that circle, except to say that prevention and detection of crime ought to be feasible even with anonymity, which is the most obvious and basic way to protect free speech, free assembly and whistleblowers: it means doing more police work, naturally, but it can be done. By comparison, “knee jerk” reactions, attempting to force the physical world’s limited and simplistic identity model into cyberspace, will certainly have unintended consequences.

Facebook’s real-name-only approach is non-negotiable – despite claims that it puts political activists at risk, one of its senior policy execs said this morning.
[From Facebook’s position on real names not negotiable for dissidents • The Register]

I’ve had a Facebook account for quite a while, and it’s not in my “real” name. My friends know that John Q. Doe is me, so we’re linked and can happily communicate, but no-one else does. Which suits me fine. If my real name is actually Dave bin Laden, Hammer of the Infidel, but I register as John Smith, how on Earth are Facebook supposed to know whether “John Smith” is a “real” name or not? Ludicrous, and just another example of how broken the whole identity realm actually is.

For Facebook to actually check the real names, and then to accept the liabilities that will inevitably result, would be expensive and pointless even if it could be achieved. A much better solution is for Facebook to help to the construction and adoption of a proper digital identity infrastructure (such as USTIC, for example) and then use it.

The implementation of NSTIC could force some companies, like Facebook, to change the way it does business.
[From Wave of the Future: Trusted Identities In Cyberspace]

That’s true, but it’s a good thing, and it’s good for Facebook as well as for other businesses and society as a whole. So, for example, I might use a persistent pseudonymous identity given to me by a mobile operator, say Vodafone UK. If I use that identity to obtain a Facebook identity, that’s fine by Facebook: they have a certificate from Vodafone UK to say that I’m a UK citizen or whatever. I use the Vodafone example advisedly, because it seems to me that mobile operators would be the natural providers of these kinds of credentials, having both the mechanism to interact FTF (shops) and remotely, as well as access to the SIM for key storage and authentication. Authentication is part of the story too.

But perhaps the US government’s four convenient “levels of assurance” (LOAs), which tie strong authentication to strong identity proofing, don’t apply to every use case under the sun. On the recent teleconference where I discussed these findings, we ended up looking at the example of World of Warcraft, which offers strong authentication but had to back off strong proofing.
[From Identity Assurance Means Never Having To Say “Who Are You, Again?” | Forrester Blogs]

Eve is, naturally, absolutely right to highlight this. There is no need for Facebook to know who I really am if I can prove that Vodafone know who I am (and, importantly, that I’m over 13, although they may not be for much longer given Mr. Zuckerberg’s recent comments on age limits).

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

identity, security

Tough choices

2nd April 2011by Consult HyperionLeave a comment

The relationship between identity and privacy is deep: privacy (in the sense of control over data associated with an identity) ought to be facilitated by the identity infrastructure. But that control cannot be absolute: society needs a balance in order to function, so the infrastructure ought to include a mechanism for making that balance explicit. It is very easy to set the balance in the wrong place even with the best of intentions. And once the balance is set in the wrong place, it may have most undesirable consequences.

An obsession with child protection in the UK and throughout the EU is encouraging a cavalier approach to law-making, which less democratic regimes are using to justify much broader repression on any speech seen as extreme or dangerous…. “The UK and EU are supporting measures that allow for websites to be censored on the basis of purely administrative processes, without need for judicial oversight.”
[From Net censors use UK’s kid-safety frenzy to justify clampdown • The Register]

So a politician in one country decides, say, that we should all be able to read out neighbour’s emails just in case our neighbour is a pervert or serial killer or terrorist and the next thing we know is that Iranian government supporters in the UK are reading their neighbours emails and passing on their details to a hit squad if the emails contain any anti-regime comments.

By requiring law enforcement backdoors, we open ourselves to surveillance by hackers and foreign intelligence agencies
[From slight paranoia: Web 2.0 FBI backdoors are bad for national security]

This is, of course, absolutely correct, and it was shown in relief today when I read that…

Some day soon, when pro-democracy campaigners have their cellphones confiscated by police, they’ll be able to hit the “panic button” — a special app that will both wipe out the phone’s address book and emit emergency alerts to other activists… one of the new technologies the U.S. State Department is promoting to equip pro-democracy activists in countries ranging from the Middle East to China with the tools to fight back against repressive governments.
[From U.S. develops panic button for democracy activists | Reuters]

Surely this also means that terrorists about to execute a dastardly plot in the US will be able to wipe their mobile phones and alert their co-conspirators when the FBI knock on the door and, to use the emotive example, that child pornographers will be able to wipe their phones and alert fellow abusers when the police come calling. Tough choices indeed. We want to protect individual freedom so we must create private space. And yet we still need some kind of “smash the glass” option, because criminals do use the interweb tubes and there are legitimate law enforcement and national security interests here. Perhaps, however, the way forward to move away from the idea of balance completely.

In my own area of study, the familiar trope of “balancing privacy and security” is a source of constant frustration to privacy advocates, because while there are clearly sometimes tradeoffs between the two, it often seems that the zero-sum rhetoric of “balancing” leads people to view them as always in conflict. This is, I suspect, the source of much of the psychological appeal of “security theater”: If we implicitly think of privacy and security as balanced on a scale, a loss of privacy is ipso facto a gain in security. It sounds silly when stated explicitly, but the power of frames is precisely that they shape our thinking without being stated explicitly.
[From The Trouble With “Balance” Metaphors]

This is a great point, and when I read it it immediately helped me to think more clearly. There is no evidence that taking away privacy improves security, so it’s purely a matter of security theatre.

Retaining telecommunications data is no help in fighting crime, according to a study of German police statistics, released Thursday. Indeed, it could even make matters worse… This is because users began to employ avoidance techniques, says AK Vorrat.
[From Retaining Data Does Not Help Fight Crime, Says Group – PCWorld]

This is precisely the trajectory that we will all be following. The twin pressures from Big Content and law enforcement mean that the monitoring, recording and analysis of internet traffic is inevitable. But it will also be largely pointless, as my own recent experiences have proven. When I was in China, I wanted to use Twitter but it was blocked. So I logged in to a VPN back in the UK and twittered away. When I wanted to listen to the football on Radio 5 while in Spain, the BBC told me that I couldn’t, so I logged back in to my VPN and cheered the Blues. When I want to watch “The Daily Show” from the UK or when I want to watch “The Killing” via iPlayer in the US, I just go via VPN.

I’m surprised more ISPs don’t offer this as value-added service themselves. I already pay £100 per month for my Virgin triple-play (50Mb/s broadband, digital TV and telephone, so another £5 per month for OpenVPN would suit me fine).