Wednesday, November 29, 2017

Normality and one of the big questions of our age

The Open University's Professor Blaine Price gave his inaugural lecture, Am I Normal, at the OU's Berrill Theatre last night, Tuesday, 28 November.

Recommended watching and listening, it spanned the gamut from the core value of academic collegiality - Blaine repeatedly credited a whole series of named colleagues with the foundations of his successes - to mobile technologies, lifelogging, privacy, health care and what constitutes normality in the data that modern technology generates about us. His answer on the normality spectrum was our normal is unique to us.

Given the rampant, sloganeering, destructive, selfish managerialism wreaking havoc in the academy these days, I was cheered by his attention to the power of collaboration, goodwill, mutual support, respect, recognition and the vocation of working in the public interest.

Amongst the most interesting projects Blaine spoke about were the pioneering pilot studies of joint replacement patients and the monitoring and management of diabetics, through the use of wearable and mobile technologies.

The joint replacement case is a 35 patient study of pre and post operative care and monitoring of pain levels, in association with orthopaedic surgeon, Oliver Pearce, at Milton Keynes hospital.

It's just a pilot study at the moment but the question arises as to how and when to expand such a study to 3,500 or 35,000 or more patients, whilst maintaining respect for and protection of patient confidentiality.

It's a non trivial issue.

There have been a whole series of scandalous examples of mismanagement of patient data in the NHS in the current millennium. Hospital Episode Statistics (HES) processes over 125 million admitted patient, outpatient and accident and emergency records each year. The whole shebang - all patient records since about 1999 - was handed over to a large consultancy firm, PA Consulting, who loaded the data on Google servers outside the UK. The data came on 27 DVDs, took weeks to upload but was easier to play with on Google.  The Blair government's multi billion pound IT disaster, the National Programme for IT in the NHS (NPfIT), is littered with data management blunders.  Cambridge Professor, Ross Anderson, has described the Hospital Episode Statistics data warehouse (which in addition to PA Consulting has been sold to over 1000 economic agents) and the horrendous programme as residing in the 7th circle of hell, as far as lack of respect for medical confidentiality and privacy is concerned. More recently still, the Information Commissioner reprimanded those behind the Royal Free Hospital Trust - Google DeepMind trial which failed to comply with data protection law.

Which all leads us to one of the fundamental questions of our age: should we and if so how do we facilitate the ethical, controlled, secure collection, processing, analysis, sharing, storage, dissemination and use of big data  (such as healthcare data) and the lessons it may have to teach us, in the public interest whilst maintaining/preserving/protecting/enhancing one of the key foundation stones of our humanity and a balanced healthy society, personal and collective privacy?

I'm not sure there are any answers to this, certainly none of the easy variety, though, I again recommend the Nuffield Council on Bioethics report, The collection, linking and use of data in biomedical research and health care:ethical issues. Ross Anderson, who was one of the authors, sums it up neatly:
As the information we gave to our doctors in private to help them treat us is now collected and treated as an industrial raw material, there has been scandal after scandal. From failures of anonymisation through unethical sales to the catastrophe, things just seem to get worse. Where is it all going, and what must a medical data user do to behave ethically? We put forward four principles. First, respect persons; do not treat their confidential data like were coal or bauxite. Second, respect established human-rights and data-protection law, rather than trying to find ways round it. Third, consult people who’ll be affected or who have morally relevant interests. And fourth, tell them what you’ve done – including errors and security breaches.
It's one really helpful collection of principles to bare in mind when thinking about this stuff. But it is just a start and given the rapacious MEGACORP - pick your favorite from Big Tech to Big Pharma to Big Finance & Insurance etc - re-energised corporate feeding frenzy already in play but likely to descend with renewed vigor on the NHS post Brexit, we really should have, long since, been getting our principled legal, ethical, architectural, social, environmental and economic defenses in place.

In the public interest.

Wednesday, October 11, 2017

Open Letter: Withdraw The National Health Service (Charges to Overseas Visitors) (Amendment) Regulations 2017

While I'm on the subject of unnecessary, damaging and costly processes in public services, may I draw your attention to -

This open letter to Secretary of State for Health, Jeremy Hunt, which should be widely circulated. So I hope the more than 1,000 signatories do not mind me publishing it in full here.

It was coordinated by

Doctors of the World@DOTW_UK

Asylum Matters, @AsylumMatters

Freedom from Torture, @FreefromTorture 

National AIDS Trust, @NAT_AIDS_Trust

The Immigration Law Practitioners Association, @ILPAimmigration

Amongst others.


Sir David Nicholson, who was the chief executive of NHS England from 2011 to 2014, is among 1,000 signatories.

Monday, October 09, 2017

Forming opinion

Another circular today about a new process which involves the completion of a complex form to get basic things done. It reminded me something I wrote about 18 months ago but didn't publish here at the time.

The generic process I refer to is the type that when asking part of your organisation to do one of the jobs they exist to do, draws the response -
"We have a new process for dealing with communications with our department. In order to deal with your request we require you to complete the new process change form, so that xxx can pick up this change and so it’s clear what changes are needed."
You mean like the details I've just sent which you have copied to xxx in the email you responded with asking me to fill in your form... a form which, when you click on the supplied link, is not designed for the circumstances.

The thing about these processes is that they are completely inviolable and immune from critical scrutiny. Budgets must be managed. Accountability and transparency are sacrosanct. The new process is essential and nobody ever considers doing a cost benefit analysis of it.

We have hundreds of thousands, probably millions of these processes in education, the NHS, social services, the criminal justice system and all other public services.

The question that is never asked is how much specifically do the processes we choose to use to "manage" budgets cost? How much will it cost the organisation, in staff time and other resources, for a member of staff to fill out and submit another complex form, requesting some administrative silo engages in its routine activities? How much will it cost to have it processed, considered by the department, a decision made and returned to the form filler? Plus costs of subsequent clarifications or queries or rejections of requests etc.

When you split organisations up into departmental silos, demanding they all meet ludicrous simplistic targets with much reduced operational budgets, it leads to internecine warfare between organisational units. The first thing to be sacrificed is the 95% of activities that the department used to do that constituted services to the rest of the organisation.

Need to save 15% costs - cut 15% that involves doing something for someone else that does not count in our target metrics.

And anyone requiring any useful activity out of any of these silos, remotely resembling the services they previously provided, is obliged to fall in line with keeping their internal administration tidy and filling out their forms. There's nothing more modern and efficient than getting your 'customers' to do your administration, preferably via the internet. The real costs are offloaded by the silo, magically and invisibly distributed as economic externalities and the organisation sinks a bit more under the strain.

What are the opportunity costs of this?

Nobody asks.

Nobody considers that when you dissect a living organism into its constituent atoms, in a futile attempt to control the atoms, you kill the organism (and the organisation).

The public sector has made an art form out of choking on the gigantic invisible costs of our internal accountability bureaucracy.

 Yet quis custodiet ipsos custodes?


I'm considering designing a Permission to Request Ray Fill Your Form Out Form when dealing with all public services including the day job.

It will require lots of spurious hard to find data, on multiple incompatible systems, including data I hold exclusive access to. It will not be submittable unless all fields are completed in the appropriate number of acceptable characters, within a closed and secretly specified set. Every time an attempt is made to submit an invalidly completed form, all fields will be cleared and the bureaucrat wanting me to fill out a form will be informed, in classic patronising & disapproving management-speak that they have to start from scratch.

It will require the approval of at least 5 layers of senior management in their organisation, and at least two external referees prepared to certify the worthiness of the bureaucrat to ask me to complete a form. It will round off with a minimum of 10,000 words of small print relating to the principles of section 11 (p28-33) of General Interference with Organizations and Production of the Simple Sabotage Field Manual

Additionally, it will require the head of the applicant bureaucrat's department and the organisation's executive board to submit themselves to border control, criminal records and qualifications checks and processes, and have their names entered permanently on a 'requester that Ray fill out a form' offenders register.

Finally, it will commit the requisite bureaucrat and departmental and organisation chiefs to an irrevocable agreement that they resign their commission and never darken the organisation's door again. Also in the small print is the assurance that the request that I fill out their form will be rejected in all circumstances.

I'll soon be wandering the streets of Oxford, Quasimodo-like, chanting "The Forms! The Forms! Economic Externalities! Economic Externalities"

That Form Rings a Bell.

Thursday, July 20, 2017

CJEU AG opinion in Peter Nowak v Data Protection Commissioner

Students are going to like this one. Lily livered, liberal, commie, Brexit hating, elitist, expert, EU & CJEU & human rights loving, ivory towered, [insult of choice] academics, a constituency the scars of which yours truly can display two decades plus residency of, possibly not quite so much. Educational bureaucrats may well spurt their morning tea into their cornflakes on noticing tomorrow morning's headlines relating the news.

The Advocate General of the European Court of Justice has decided, in Case C‑434/16, Novak v Irish Data Protection Commissioner, that exam scripts are classifiable as personal data under the data protection directive 95/46/EC.

Mr Novak failed the Strategic Finance and Management Accounting examination of the Chartered Accountants of Ireland (CAI) on four occasions. In the end he decided to submit a subject access request for all personal data held by the CAI, with the intention of getting hold of his exam scripts. CAI refused to hand over the scripts, so he complained to the data protection commissioner. The commissioner declared the scripts to be outside the scope of what constituted personal data.

And so it was onward to the courts and eventually the Irish Supreme Court referred the matter to the Court of Justice, requesting a response to the following questions:
‘(1)      Is information recorded in/as answers given by a candidate during a professional examination capable of being personal data within the meaning of Data Protection Directive?
(2)      If the answer to Question 1 is that all or some of such information may be personal data within the meaning of the Directive, what factors are relevant in determining whether in any given case such script is personal data, and what weight should be given to such factors?’
In accordance with Article 2(a) of the data protection directive, ‘personal data’ means any information relating to an identified or identifiable individual. So it has a very wide scope.

In paragraphs 19 to 28 of her opinion, AG Kokott today clearly disagrees with the decision of the Irish Data Protection Commissioner not to support Mr Novak's perspective. The logic underpinning that opinion is clear from paragraph 24:
"24.      However, in every case, the aim of an examination — as opposed, for example, to a representative survey — is not to obtain information that is independent of an individual. Rather, it is intended to identify and record the performance of a particular individual, i.e. the examination candidate. Every examination aims to determine the strictly personal and individual performance of an examination candidate[emphasis added] There is a good reason why the unjustified use in examinations of work that is not one’s own is severely punished as attempted deception. 
25.      Consequently, an examination script incorporates information about the examination candidate and is in that sense a collection of personal data. [emphasis added]
26.      That this is the correct conclusion is also shown, moreover, in the fact that an examination candidate has a legitimate interest, based on the protection of his private life, in being able to object to the processing outside the examination procedure of the examination script ascribed to him. An examination candidate does not have to accept that his script can be disclosed to third parties or published without his permission.
27.      Contrary to the argument of the Irish Data Protection Commissioner, the personal data incorporated in an examination script is not confined to the examination result, the mark achieved or even points scored for certain parts of an examination. That marking merely summarises the examination performance, which is recorded in detail in the examination script itself.

28.      The classification of an examination script as incorporating personal data is not affected if, instead of bearing the examination candidate’s name, the script has an identification number or bar code. Under Article 2(a) of the Data Protection Directive, it is sufficient for the existence of personal information that the data subject may at least be indirectly identified. (6) Thus, at least where the examination candidate asks for the script from the organisation that held the examination, that organisation can identify him by means of the identification number."
AG Kokott is very clear that exam scripts are personal data. She also notes the importance of handwriting:
"29.      Mr Nowak, Poland and the Czech Republic also rightly argue that answers that are handwritten contain additional information about the examination candidate, namely about his handwriting. A script that is handwritten is thus, in practice, a handwriting sample that could at least potentially be used at a later date as evidence to determine whether another text was also written in the examination candidate’s writing. It may thus provide indications of the identity of the author of the script.
30.      The question whether such a handwriting sample is a suitable means of identifying the writer beyond doubt is of no importance for its classification as personal data. Many other items of personal data are equally incapable, in isolation, of allowing the identification of individuals beyond doubt. For that reason, neither is it necessary to determine whether the handwriting should be regarded as biometrical information."  
I'm a skeptic on handwriting analysis, so interested to see she refers to the potential practice of the use of handwriting analysis being the determinative factor here, rather than whether it has any legitimacy as a forensic tool.

Next up she tackles Ireland's concern that section 12(b), relating to the right to rectification of inaccurate data, will be used by unscrupulous students to demand incorrect answers to exams be declared correct. She beings by pointing out in paragraphs 32 to 34 that:
"32.      First, it must be remembered that the issue of right of access is only secondary in this case, where the main issue is in fact the interpretation of the concept of ‘personal data’... 
34.      Therefore, the classification of information as personal data cannot be dependent on whether there are specific provisions about access to this information which might apply in addition to the right of access or instead of it[emphasis added] Further, neither can problems connected with the right of rectification be decisive in determining whether there exists personal data. If those factors were regarded as determinative, certain personal data could be excluded from the entire protective system of the Data Protection Directive,[emphasis added] even though the rules applicable in their place do not ensure equivalent protection but fragmentary protection at best."
So, even if there were to be hypothetical problems with what someone might do with the personal data once they gain access to it, that cannot be used as an excuse to exclude access.

On the right to rectification of inaccurate data in this context again she is clear:
"35.      However, if one concentrates on the right of access and the issue of rectification, it must be recognised that in relation to an examination script this right clearly cannot be claimed in order, subsequent to obtaining that access, to demand rectification, pursuant to Article 12(b) of the Data Protection Directive, of the contents of the script, i.e. the solution written down by the examination candidate. [emphasis added] (9) As Poland has rightly emphasised, the accuracy and completeness of personal data pursuant to Article 6(1)(d) must be judged by reference to the purpose for which the data was collected and processed. The purpose of an examination script is to determine the knowledge and skills of the examination candidate at the time of the examination, which is revealed precisely by his examination performance and particularly by the errors in the examination. The existence of errors in the solution does not therefore mean that the personal data incorporated in the script is inaccurate.
36.      However, rectification would be conceivable if it were the case that the script inaccurately or incompletely recorded the examination performance of the data subject. For example, such a situation would arise if — as observed by Greece — the script of another examination candidate had been ascribed to the data subject, [emphasis added] which could be shown by means of, inter alia, the handwriting, or if parts of the script had been lost."
Next up comes the section of the decision - paragraphs 42 to 50 - that exams administrators, especially, are going gnash multitudes of molars on. The Irish Data Protection Commissioner, with the support of the Czech Republic, attempted to have Mr Novak's claim classed as abusive because he didn't follow the requisite procedures laid down for checking exam results. Instead he tried to bypass those procedures and get the information he wanted via data protection legislation.

Now anyone who has spent even a short time working in the education sector will tell you that it is a mortal sin, in the land of educational administrators, to attempt to circumvent their inviolable procedures. Forms must be filled in, boxes must be ticked and procedures must be followed. Even when those procedures are mutually exclusive and diametrically opposed. Exams procedures, in particular, are absolutely sacrosanct. In fairness to the exams zombies, this is often for good reasons - to protect the integrity of the institution, the exams and the interests of the students. But they are, nevertheless, sacrosanct, even if, over the generations, they evolve primarily to serve the interests of the examination bureaucracy.

AG Kokott does not see that Mr Novak was attempting, improperly or fraudulently, to take advantage of provisions of EU law, to gain access to scripts. After all, if he could otherwise have obtained access through exams procedures, why should he be considered to be engaged in abusive exploitation of data protection regulations, just to get access to the same information?
"45.      If examination scripts incorporate personal data, according to the pleadings of the Data Protection Commissioner and Ireland, a misuse of the aim of the Data Protection Directive would arise in so far as a right of access under data protection legislation would allow circumvention of the rules governing the examination procedure and objections to examination decisions.
46.      However, any alleged circumvention of the procedure for the examination and objections to the examination results via the right of access laid down by data protection legislation would have to be dealt with using the provisions of the Data Protection Directive. In that regard, Article 13 in particular comes to mind, which allows for exceptions to the right of access to be established to protect certain interests specified therein.
47.      To the extent that these grounds do not justify exceptions in certain situations, as may be the case in connection with examinations, it must be recognised that the legislature has given precedence to the data protection requirements which are anchored in fundamental rights over any other interests affected in a specific instance.
48.      However, it should be pointed out that the General Data Protection Regulation, which will apply in the future, resolves this tension. First, under Article 15(4) of the regulation, the right to obtain a copy of personal data is not to adversely affect the rights and freedoms of others. Second, Article 23 of the regulation sets out the grounds for a restriction of data protection guarantees in slightly broader terms than Article 13 of the Directive, since, in particular, protection of other important objectives of general public interest of the Union or of a Member State pursuant to Article 23(1)(e) of the regulation may justify restrictions.
49.      On the other hand, the mere existence of other national legislation that also deals with access to examination scripts is not sufficient to allow the assumption that the purpose of the Directive is being misused.
50.      However, even if one wished to assume misuse of purpose, it is still not apparent where the undue advantage lies if an examination candidate were to obtain access to his script via his right of access. In particular, no abuse can be identified in the fact that someone obtains information via the right of access which he could not otherwise have obtained. If there were already access to personal information, the introduction of a right of access under data protection law would not have been required. It is instead the task of the right to access under data protection legislation to make available to the person concerned — subject to the exceptions provided for in Article 13 of the Data Protection Directive — access to his own data, where otherwise no right of access exists."
The unuttered assumption, of course, is that Mr Novak would have had access to the information he was requesting under the requisite exams procedures or other national legislation. Even if there was a clash in relation to degree of access then, as paragraph 47 insists "data protection requirements which are anchored in fundamental rights over any other interests affected in a specific instance" take precedence. The AG is optimistic (para 48) that the GDPR will resolve any such tension in the future. I can't share that optimism until the scope and boundaries of articles 15(4) and 23 become more clearly defined in practice when such clashes do arise, in the wake of the GDPR implementation in May 2018.

That part of the analysis complete the AG declares in paragraph 51 that
"51.      In brief, it can be concluded that a handwritten examination script capable of being ascribed to an examination candidate constitutes personal data within the meaning of Article 2(a) of the Data Protection Directive."
She next tackles the question of examiner's corrections on an exam script in paragraphs 52 to 65. In particular she notes that it is a question for the Irish data protection commissioner whether the examiner's comments corrections are information about Mr Novak:
"53.      However, an answer to this question is not necessary for a decision in the main proceedings since it is not at issue whether any such corrections constitute information about Mr Nowak. Rather, the subject matter of the proceedings is whether the then Irish Data Protection Commissioner was entitled to dismiss the complaint submitted by Mr Nowak on the ground that his examination script was a priori not personal data. The extent to which corrections should also be regarded as data relating to the examination candidate would have to be ruled upon not by the Supreme Court but rather, should the action be successful, at first instance by the present Irish Data Protection Commissioner."
Having said it is a question for the DPC she, nevertheless, goes on to opine that examiner's corrections are information about an examination candidate, as well as the examiner's own personal data.
"61.      Nonetheless, the purpose of comments is the evaluation of the examination performance and thus they relate indirectly to the examination candidate. The organisation holding the examination is also able to identify the candidate without difficulty and link him with the corrections once it receives the marked script back from the examiner.
62. general, comments on an examination script are typically inseparable from the script itself ... because they would not have any informative value without it. However, the script itself incorporates, as previously stated, personal data of the examination candidate. The purpose of collecting and processing this data is precisely to permit the evaluation of the examination candidate’s performance as incorporated in the examiner’s corrections.
63.      Precisely because of that close link between the examination script and any corrections made on it, the latter also are personal data of the examination candidate pursuant to Article 2(a) of the Data Protection Directive.
65.      It should be mentioned for the sake of completeness that corrections made by the examiner are, at the same time, his personal data. His rights are an appropriate basis in principle for justifying restrictions to the right of access pursuant to Article 13(1)(g) of the Data Protection Directive if they outweigh the legitimate interests of the examination candidate. However, the definitive resolution to this potential conflict of interests is likely to be the destruction of the corrected script once it is no longer possible to carry out a subsequent check of the examination procedure because of the lapse of time."
AG Kokott then briefly addresses additional requirements on the application of the data protection directive and its facilitation of restrictions on the right to information.
"67.      However, no questions have been raised about these additional requirements and restriction options and therefore the Court need not address them. It would also appear that their consideration is not necessary in order for the Supreme Court to be able to rule on whether the then Irish Data Protection Commissioner was right to refuse further examination of the complaint made by Mr Nowak.
She finally concludes:
"70.      I therefore propose that the Court should rule as follows:
A handwritten examination script capable of being ascribed to an examination candidate, including any corrections made by examiners that it may contain, constitutes personal data within the meaning of Article 2(a) of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data."
So it would appear that the Irish Supreme Court will be obliged to rule that the then Irish Data Protection Commissioner was not entitled to dismiss the complaint submitted by Mr Nowak, on the ground that his examination script was a priori not personal data.

As it is the Advocate General's opinion only, it remains advisory and it will be interesting to see if the the Court of Justice comes to the same conclusions. The Court often takes a strong lead from the AG Educational institutions, exams administrators in particular, would do well to take note.

Tuesday, May 23, 2017

Thoughts on our response to terrorism

Earlier today I posted a collection of thoughts on Twitter in response to the tragic bombing attack in Manchester last night. My friend, Tony Hirst, pointed out I had neglected to link them through threading. They are, therefore, reproduced in order below. If we are angry, fearful, sad, vengeful or harboring all of these emotions and more, we should try to focus them on a renewed determination to value our shared humanity and open society based on fundamental rights and the rule of law.

Thursday, May 04, 2017

Hugenholtz on the proposed EU publisher's intellectual property right

Professor Bernt Hugenholtz's 15 minute contribution (starting 3:03:40 into the morning session) at European Copyright - Quo Vadis event at the European University Institute, pointing out the proposed new EU publishing right intended protect news organisations is a fake solution to a very real problem, is well worth viewing.

Prof Hugenholtz recommends his colleague Prof. dr. Mireille M.M. van Eechoud's extremely balanced 65 page report on the issue, A publisher’s intellectual property right: Implications for freedom of expression, authors and open content policies.

Prof van Eechoud has been running a project at IViR, the Institute for Information Law at Amsterdam University, taking a critical look at the proposed introduction of a new intellectual property right for publishers of press publications.

Prof Hugenholtz opens by highlighting the avalanche of negative academic responses to the proposal for the publishing right. It fails the test of being good or making existing regulation better on every count. But he does have some sympathy with the EU officials lumbered with drafting this proposal, most likely under orders from their previous boss, Commissioner Oettinger.

The underlying rationale of finding a way to protect or sustain the news publishing industry which is facing serious decline is a worthy one. That decline constitutes a severe social democratic and economic problem - just witness Trump and fake news amongst the consequences - that academics and others should be investing time and energy in. What truly effective and proportionate means could we come up with to enable sustainable, independent news organisations that challenge and speak truth to power?

Thursday, April 27, 2017

To the Open University Foxcombe Hall-ers who cared, thank you

Tomorrow, Friday, 28 April, 2017, just another day in the calendar for many, is when the Oxford regional centre of the Open University closes down, permanently.

That arrow near the red brick chimney is pointing at the window of my, now largely bare, office where I'm typing these words.

After 41 years - we moved in in 1976 - the biggest university in the UK is withdrawing from one of the geographic educational heartlands of the globe. The main mansion house on the site was built in the 1880s by the Rev Henry Woods, Bursar and subsequently President of Trinity College Oxford and his wife, Margaret, a highly distinguished literary scholar. The site was sold to Lord Berkeley in 1893 and was a theological college from 1934 to the mid 1970s. Couple of pictures of the inside of the hall from the 1900s -

Because of the OU's funding arrangements the purchase of the site needed high level approval in the department for education and the treasury at the time.

Since then this beautiful setting -

- has been filled with amazing, inspirational, dedicated, deeply caring & knowledgeable people, who transformed the lives of thousands of Open University students. Often at significant personal cost.

The secret of the OU’s success, for most of the past half century or so, has been the goodwill of the staff and the students. This institution has simply been about putting people in touch with people, people who care; and creating, enabling and nurturing the materials, support and conditions for learning, personal development and growth.

The people in Foxcombe Hall, on a daily basis, have engaged in nothing short of societal magic and it has been my real privilege to work with you, know you and call you friends, for the past 22 years. The Open University will be a desperately poorer place without you and this enchanting setting, now to be transformed to no more than a cash asset on a balance sheet.

The regional centre in Leeds is also closing tomorrow. East Grinstead, London, Birmingham and Newcastle have already closed. Bristol and Cambridge will follow shortly. Open University Magic flowed from all those places too.

Whatever you all do in the future - and I can only wish you all the very best of good fortune with it - and no matter how unwise you understand the decision to shut down our regional infrastructure was, no one can ever take away the difference you made, here at the OU.

Thank you for caring.

Note: All colour photos in this post © Peter Thompson, our resident photographer and IT specialist.

Now, somewhat appropriately perhaps, as I consider shutting down this computer and carrying the remainder of my belongings to the car, the heavens outside have opened in something of a deluge...

Tuesday, April 04, 2017

Investigatory Powers Act codes consultation

The Home Office consultation on the Investigatory Powers Act codes of practice is due to close this week at 11.45am on 6 April.

The codes run to 400+ pages of provisions with a number of changes from previous versions and don't exactly constitute the most accessible form of prose you're likely to come across this week (or month or year).

I was planning to contribute to the consultation but the consultation period has been very short (23 Feb to 6 April) and I haven't had the capacity or the time to do so.

At the prompting of the good folks at the Open Rights Group I have therefore written to the Home Office requesting an extension in the consultation period, as below.
I am writing to request an extension in the consultation period and some more detailed explanatory materials for the Investigatory Powers Act Codes of Practice on

·         Interception of communications: draft code of practice
·         National security notices: draft code of practice
·         Bulk acquisition of communications data: draft code of practice
·         Equipment interference: draft code of practice
·         Security and intelligence agencies’ retention and use of bulk personal datasets: draft code of practice

Having followed the passage of the Investigatory Powers Bill through Parliament and contributed to a succession of consultations on it, I continue to hold serious reservations about the powers contained in the Investigatory Powers Act passed last year. Provisions on how the expansive powers contained in the more than 300 pages of the Act are going to work in practice that should have been contained in the text of the Act, have been incorporated, in difficult to interpret language, into the 400 plus pages of the codes of practice.

I would like to make a contribution to this consultation but it will not be possible for me to do so before the closing date of 6 April.

I respectfully request that the consultation period be extended by at least three months and that the Home Office provide some further explanatory information about how it is intended that these codes of practice be interpreted.

Thank you.

Yours sincerely,

Ray Corrigan

Wednesday, March 01, 2017

Aircraft windscreens, 3 phase supplies and the power of algebra

Many moons ago I worked on development type testing of aircraft. It meant I got to break bits of airplanes for a living, by building specially tailored flight simulation rigs and testing the parts to destruction. Fun.

One of the components I did a lot of testing on were both military and commercial airliner windscreens and canopies. Before they are allowed anywhere near a flying machine, prototype designs are subject to bird strike, hailstone impact, pressure, lightning strike, thermal shock, chemical resistance and a significant range of other tests to ensure they can comfortably manage operational demands. Typically they will have an operating safety factor of x4. Which means even with the stronger of the two main structural laminates of a windscreen damaged to the point of being completely unable to take any load, the window could still withstand four times standard flight operating pressure.

These things are intentionally vastly over-designed for safety reasons and the testing continues on components passed for flight, to ensure stock rolling off the production line continues to be manufactured to designed and approved standards. Given the broken insecure infrastructure of the internet, the information systems industry has a lot to learn from their counterpart engineers in aerospace.

The average airline passenger would be surprised at both how crude and how complex aircraft windscreens are. They form critical parts of the structure of the plane for a start. Typically they will be laminated, non isotropic, structurally reinforced, electrically heated components, subject to a vast range of three dimensional thermal, structural and corrosive dynamic and shock stress conditions. And they provide an endless stream of challenging, interesting technical problems.

Typically a 3 phase delta connected gold or other metalic thin film is embedded in the window for de-icing purposes. Now being a bit of a techie and fan of maths I occasionally get asked what's the point of algebra, usually off the back of complaints about it being too difficult or useless. Well I do some maths modelling at the Open University summer school structures lab and students click with that because it's done in the context of understanding bridge structures.

The algebra below, though, also had practical application. We had an electrical failure on a windscreen and a critical need to know the actual resistance level of the individual phases of the gold film. Every engineer going through university gets taught the formula for calculating parallel resistances. Unfortunately, we needed to know the resistances of the internal phases of the gold film not the the ones we could read on the meter from the electrical contact points on the exterior of the windscreen. The result was some algebraic manipulation, outlined below, which doesn't appear in the average engineering course to produce the final equations we needed to understand what was going on inside the screen and how far we might push it.

It took a little bit of care and the odd non intuitive jump but it got us out of a hole with the faulty windscreen. I had forgotten the case but came across it again in clearing out my office to move out of Foxcombe Hall which the Open University are sadly closing and have sold to Peking University HSBC Business School.

With luck an engineer or two, stuck on a parallel problem to my compromised windscreen, might trip over this post and save time trying to work out the necessary equations (it took a while) and get to the practical numbers they need to fix their prevailing issue.

Update: The algebra above involved a lot of playing about with letters at the time. The key is getting to equation 10 which is obvious when you see it but the steps to get there, particularly 4,5 and 6 were not initially intuitive to me - I couldn't, at the outset, see where I was going. A friend of mine, Tony Nixon, has developed a terrific game for teaching algebra, using tiddlywinks counters. He teaches people to move the counters around without them realising the rules they are using are those of algebra. The approach is to give people the confidence to mess around with the counters - without the panic induced at the sight of an x or a y (often a result of poor teaching) - whilst knowing that as long as the student follows the rules, each step is legitimate. The trick is then to facilitate the visualisation of the key stages, thereby aiding the process of determining which moves the student is best advised to use to progress towards their solution. In the case of the three phase windscreen problem above, the latter stages probably look more complicated to a student, since they involve keeping track of more letters. Yet all the heavy conceptual lifting is done by the time we reach equations 10 and 11 i.e. the difficult stuff was in determining which moves to make to arrive at a point where the answer essentially falls out.