Tag Archives: Information Security

Investigatory Powers : I submit

I made a submission to the House of Commons ‘Science and Technology Committee’ tonight, about my opinion on the (Draft) Investigatory Powers Bill. Here it is:

I was Information Security Officer for the trading floor of a ‘Big Six’ energy company. I spent a year investigating best-practice and defining departmental information security policy. I aimed to learn from the mistakes of others, to avoid making them and hope it will be useful if I pass on what I discovered.

  1. Technology is not the issue
    The most common error is to treat organisational risk as ‘an IT issue’ and to spend as much money as can be found on whatever technical controls are presented, to mitigate each newly identified threat. The effect of such an approach is that rather than managing risk economically, one has an ever-increasing set of controls that have a negative, invasive effect on normal operation and morale, yet a determined attacker still only has to find one weak point to break through (it is usually a person, not technology.) This approach eventually collapses when the organisation realises it is spending more on security than remains of the culture it was trying to defend. I see evidence of such escalation in the measures in The Investigatory Powers Bill. Believing information security is a set of technology controls has repeatedly failed to deliver adequate value for money in private enterprise.
  2. Manage risk, not controls
    A far better approach is to identify the most valuable resources, identified threats and probable attack vectors, then to spend in a highly targeted way, defending what really matters. To me, that looks to be the communications around a very small number of known terrorist suspects and criminals. It does not include wasting resources on mass surveillance of all British citizens or all secure legal transactions with UK businesses; annoying them in the process and losing their support.
  3. The Bill is a weapon, not defence. It will be used against us
    In this instance, the security services’ real aim is to manage the UK’s physical security, not information risk. The changes proposed seek to make it easier for the security services and police forces to attack the information resources of terrorists and criminals. Sadly, we no longer live in a world where that is possible in isolation. We are all defended by the same technologies. Anything that undermines the information security of terrorists has exactly the same effect on all UK citizens. The Bill seeks to erode our traditional British values of individual freedom, fairness, the right to privacy, equal opportunity, and assumption of innocence under the law. It will also open us up to new methods of attack from our countries’ enemies. I hope that you will decide that this price is too high.

You can do the same but today is the deadline. The technical controls are very open to technical criticism too.

http://www.parliament.uk/business/committees/committees-a-z/commons-select/science-and-technology-committee/inquiries/parliament-2015/investigatory-powers-bill-technology-issues-inquiry-launch-15-16/

Afterwards, please tell your MP if you have any concerns. If you don’t, read it again, imagining your most feared extremist government having the same  potential to access to your private information.

 

Google Plus, Circles, your data

I just saw a tweet by :
“Tim Berners-Lee: we, not companies, should own the data about us”, pointing to this article.
http://www.theguardian.com/technology/2014/oct/08/sir-tim-berners-lee-speaks-out-on-data-ownership

Last night I found a draft of a post that was published on the dark side of the blogosphere, inside a company firewall, dated 2011. Sadly, I didn’t invent The Internet, so no-one heeded my warning 🙂 I hope TB-L has more luck.

I’ve spent so much time reverse-engineering business requirements from poorly implemented IT systems so they can be re-written properly, that I think it’s become an illness. I’ve spent my evening puzzling out how Google+ Circles work because to quote NCIS’ Gibbs, “my gut tells me” that something is wrong.

Google’s Circles are probably squares really. Imagine a matrix where each column represents one of the “People in your circles” and each row represents “one of your circles”. There might be a 1 for each person in the circle and a 0 for everyone who isn’t. In our mental model, the circles are a Venn diagram and can intersect or contain other circles but the matrix doesn’t need to know about that.

What do the Circles represent? Google (at this point) don’t care. They are our personal classifications of other people, in as many ways as we wish to invent. It might be by their interests, location, language, friendship group etc.

For outgoing messages Circles allow us to specify foreach message, which classification of people we think should receive it. We might do this to exclude people we don’t think will be interested or who we do not wish to see the message. A message can be imagined to break free from our personal Circle defences through toward everyone who has at least one match to the selected Circles (a logical OR of all the selected rows.) Mechanisms that mix up classification of information with security have always come back to bite me, so this is my first concern.

For incoming messages, Circles act as filters, removing information that we do not wish to see, according to our current Circle selection. Therefore, once a message has escaped from our own Circles, it also has to be accepted into the Circles of each target person before each of them will  see it. Here the problem is that some of my friends are in intersecting circles. If one of my friends is in my ‘computers’ circle but also writes about ‘football’ then I have to decide whether to exclude that person from the group or dread match-nights. There ought to be a simple solution to this: ask the friend to take me out of his/her ‘football’ circle and only send football messages to that circle, but I have no idea if there is such a circle because their Circles are private. Similarly I may not be in his computers ‘Circle’, so communication on a topic of mutual interest could be accidentally one-way.

‘Circle taxonomies’ need to be public, preferably shareable in some way. We are building a map of all human relationships and we can only see our piece of the jigsaw. Only Google can see the whole picture. They can’t fix these issues without breaking Goggle’s business model. We’ve been given what is good for Google not good for us. This is Version 0.1. Must try harder.

Later, I discovered that Google appeared to have lifted the concepts behind Circles from the ‘aspects’ (of your life) feature of the open-source social network Diaspora*, which had tried much harder to respect personal privacy, as a reaction to FaceBook’s abuse of private information.