Wednesday, 10 February 2016

Horses Understand Human Emotions

A paper from the University of Sussex that shows that horses 'understand' human emotions [1] has been published - a layman's version can be found on the BBC. To some degree this is probably quite well known by horse people, even taking into account that humans tend to project their emotions and anthropomorphise their pets.

While you could take the cynical, sensationalist approach by a certain UK newspaper (if you read the comments to the article then this is a crisis in the equine world brought on my left-wing, migrant, EU bureaucrats seeks to steal UK jobs and entitlements), this actually is quite fascinating research.

For a start, looking at this piece of work then it confirms a number of facts about horses, namely that being a domesticated animal they have either evolved an ability, or, used an innate ability (due to their existence as herd animals) to understand humans; in much the same way as dogs.

In a more general sense it also confirms some aspects that we've suspected about how the brain works regarding how emotions are processed. Though more interestingly while it answers some questions it opens up a whole new set of questions about how the brain works.

When reading work such as this, the experiment might be very small and limited in nature, it does open huge questions about, in this case, emotion processing in the brain, the evolution of cross-species communication, whether emotions (or certain emotions) are fundamental in nature, aspects of the human-horse relationship since early domestication etc.


[1] Amy Victoria Smith, Leanne Proops, Kate Grounds, Jennifer Wathan, Karen McComb (2016)
Functionally relevant responses to human facial expressions of emotion in the domestic horse (Equus caballus). Biology Letters Published 10 February 2016.DOI: 10.1098/rsbl.2015.0907

Tuesday, 9 February 2016

A long time ago...

When computers were real, and I mean the ZX Spectrum, the BBC Model B, the VIC-20 and all manner of 8-bit machines that booting straight into a BASIC interpreter (with a nod of the hat to the Jupiter ACE of course!), there was a little publishing company called Usborne who produced the most amazing books on computing. Now many of those books from the 1980s have been released free via their website.

One book in particular will always stand out for me:

On pages 24 and 25 is a listing for a game called Space Mines - a very simple simulation game based on selling ore for food and mines. That particular game got typed in, played with, modified, reimplemented and I guess in no small way started my love of simulation games which more than likely led to me writing a language for implementing simulations ( BSc degree final year project ) and later trying to simulate the behaviour of systems from their formally specified models ( PhD thesis ).

So to Usborne, the writers, editors and everyone involved in those books, especially the person or persons who wrote "Space Mines" my deepest, heartfelt thanks!

Thursday, 4 February 2016

Millionaires in Finalnd

I love low-quality targeted advertising...its sort of like watching a bad Sci-Fi B-movie from the 1950s without the mental effort...take this for example

Well I'd certainly like to be rich, but to be honest there aren't too many millionaires here and certainly not many being made by watching some video - and no, I didn't click on the advert....maybe this is why I'm not a millionaire...or maybe I am, but I'm not telling you how*

Now it does get better:

Apart from the slightly suspicious encoding error, it should be an 'ö' and I guess the currency conversion is going to be a bit of pain, yes I too wonder how that housewife makes that sort of money...I wonder where she lives to be honest because at that rate I'm guessing she might be moving from Söderkulla to somewhere nice, such as the Cayman Islands.

A bit of a rough calculation for 1 year:

365 x $1420 - 5% currency exchange fees and 60% top rate of Finnish tax and your potential $550k becomes just under $200k, and most likely an entry in the yearly, public list of top tax payers. If she's not there then I think the above advert just gave a great tip-off to the Finnish Tax Authorities :-)

But it gets better!

Forget that $1420 per day, just use a crazy loophole and another "habit" (I wonder what?) and you could be making a fantastic $6679 PER DAY!!! That's nearly $2.5 million per year or a still respectable $1.4 million after tax, and maybe a visit from the tax authorities again.

Now the cynic in me might think that these are targeted adverts based on my IP address and are possibly not true, and that clicking on suck an advert is a great way to receive some nasty virus...which may or may not be similar to the nasty viruses one could get earning such money through some "habits" ....

Isn't the Internet wonderful...and to think we could have had a base on the Moon by now....

But, this isn't all, anyone interested in semantics will question that $ means...nowhere is it stated US in the best case $2.5 million dollars could mean 2.5 million Zimbabwean dollars, with a total worth of approx $6900 where $ = USD in this our housewife from earlier might be earning as much as 3 Euros per day ... phew!

Friday, 22 January 2016

Thinking about Grothendieck

On n-Category Cafe is a post by John Baez linking to a short article on the late, great mathematician (and human being by all accounts) Alexander Grothendieck written by Barry Mazur.

I want to quote from that paper because I think the statement here is fundamental to everything we do, particularly in engineering and mathematics, be it category theory, trying to model the information flows in a system to better understand privacy or even linking privacy engineering with the legal aspects (emphasis mine):

The mathematical talks I had with him—as I remember them now—were largely, perhaps only, about viewpoint, never about specifics (with the exception of a conversation about differential structures on conjugate complexifications of an algebraic variety over a number field). Grothendieck’s message was clear throughout: that everything important will follow easily, will flow, from the right vantage. It was principally ‘the right vantage,’ a way of seeing mathematics, that he sought, and perhaps only on a lesser level, its by-products. 

Wednesday, 20 January 2016

DSummit, Stockholm, May 2016

One for the CEOs, CIOs and CxOs of the world. This year DSummit is in Stockholm on 26th-27th May and has an impressive array of speakers and a strong focus on #privacy engineering!

"Disruptology is the art and science behind disruption. We study disruption and its impact on business and society. With a network of change makers, technology moguls and innovation evangelists we assist companies of all sizes with guidance, advisory and resources to become true disruptors. As an non profit academic institution and research foundation, Disruptology is a pioneer of new and disruptive business models, such as the F2W free-to-win model. With a vast network of industry professionals on call, we are able to inject new ways of thinking, working and playing into the DNA of companies throughout the world."

And further details of the event here:

Saturday, 9 January 2016


First post of the year and a little look back in time.  I used the formal methods tools BToolkit from BCore extensively during my PhD studies back in the late 90s. BToolkit at the time had very nice animation capabilities that I was utilising in order to formalise parts of the UML and OCL languages.

Later on I got to work with AtelierB and Rodin (B#) for hardware-software co-design and mapping UML into B and then Bluespec - and then into SystemVerilog for hardware synthesis.

While formal methods and hardware were extremely fun, I got called away to work on something called the "Semantic Device" and moved heavily into some weird stuff called "The Semantic Web" - that's another story of course...

Anyway, BToolkit's source code is available on github and it compiles without problem under Ubuntu 15.04.

Here's a screenshot of a little piece of formal methods history:

BToolkit running under Ubuntu 15 on VirtualBox

Saturday, 26 December 2015


At this time of year I'd like to make a serious public health announcement and make people aware of a strange, incurable, debilitating disease affecting the majority of people here in Finland at this time.

* * *

Kinkkumyrkytys (eng: hampoisoning)

A debilitating disease suffered around late December and sometimes early January by persons residing in Finland. Thought initially to be a genetic disease of the native Finnish population, it now appears to be some kind of virus that is transmitted to non-natives in that region.

The sufferer experiences symptoms of feeling too full, bloated and some nausea. It also causes the sufferer to lie or sit for extended periods of time; attempts to move or walk cause the above symptoms to become worse.

In a mechanism that is still unexplained the disease affects the vocal centres of the brain rendering the sufferer to emit grunts and be incapable of saying much more than simple sentences. Sufferers have been known to complain bitterly and say phrases such as "Ei ruokaa...", "Ei enää kinkkua taas...".

Curiously regardless of the nationality and language of the sufferer, these phrases are always in Finnish leading to speculation that this is some new class of neurological disorder. Because of the above utterances, it is believed that this is how the disease obtained its name.

In extreme cases the sufferer becomes a vegetable and can only blankly stare at contentless, bright, flashing pictures known as Finnish Christmas TV without comprehension for hours on end. In some serious cases people have been known to binge watch "Vain Elämä" - the prognosis in these cases is however extremely grave bordering on absolutely no hope at all.

Interestingly while sufferers have a complete aversion to roast ham at this time, other foods also cause the sufferers additional agony. These include: mätti (fish eggs), lipeäkala, joululimppu (Christmas bread), various kinds of "laatikko-" food including lanttu (swede), porkkana (carrot) and peruna (potato).

It has been suggested by some researchers that there may be a connection with excessive amounts of Christmas good consumed in Finland. However this research has been extensively denounced as being "pasta" - a Finnish term meaning "obviously not true you ignorant fool...pass me more ham and an extra helping of that lovely lanttulaatikko too!"

A secondary debate on whether lipeäkala is food or a chemical/biological weapon is tending towards the latter.

The symptoms of this disease continue for a number of days and the sufferer returns to full health quickly afterwards. However no immunity is gained and it is likely that the symptoms will reappear at the same time next year,

Some alternative therapists have suggested a treatment called "Tipaton tammikuu" involving consuming homoeopathic amounts of alcohol for a month. This rather dangerous and unethical therapy has been denounced as being "pasta".

Tuesday, 22 December 2015

100,000 page views

100,000 page views isn't huge...but for a blog that was meant to be a way of collecting links and thoughts and not really aimed at anyone in particular - though you might see a strong leaning to things such a privacy, astronomy, mathematics, computer science - I consider this to be quite a milestone.

And here it is, reached at 22:27 on 22 December 2015:

Nadolig Llawen
Hyvää Joulua
God Jul
Merry Christmas

Engineers for Privacy Professionals

As many discussions on this blog have pointed out, there is a mismatch between engineering and legal when it comes to privacy; one can even argue there's a mismatch between these two groups and privacy advocates too, but that's another story...

It is critical for anyone involved in privacy to understand that without the complete trust and involvement of the engineers who build the systems that are supposed to be compliant with whatever privacy policy exists, that compliance will be at best, fragile.

At the IAPP's DPIntensive meeting earlier this year I gave a presentation on the subject, here's the link to the slides.

The main learning is that unless engineering is an equal part in your privacy discussions then you're really just playing at compliance.

Privacy isn't just about privacy policies or long winded legal documents but about education, learning and understanding that everyone depends upon everyone else in order for your business to successfully (and legally!) function.

I wrote about how privacy should be taught earlier with the quote:

It often surprises me that many of the people advocating privacy don't actually understand the things that they're trying to keep private, specifically information. Indeed the terms data and information are used interchangeably and there is often little understanding of the actual nature and semantics of said, data and information.

This is also seen in how we train our staff in privacy aspects - with the dreaded "privacy awareness training":

One thing that came up was the need for training and that privacy awareness training hasn't had the effect hoped for. Given that awareness training is exactly that, is it no surprise that once the, usually, one hour presentation on how we should all care about privacy is made nothing happens?
Actually, everyone is acutely aware of privacy in the first place and privacy awareness training rapidly becomes an exercise in CYA - as security expert Bruce Schneier might have put it - and have no effect whatsoever on the overall quality of development, customer privacy and company culture.

I guess we're still pretty naive about privacy and unless we have a cultural change this naivety will come back to haunt us for a very, very long time with some awful business repercussions.

Monday, 21 December 2015

Books on suggestions

Need a good book on privacy? A Gift for Christmas, or even something for the New Year....follow this handy flowchart:

From Amazon (US, CA, UK, DE, etc etc...), Barnes and Noble and good booksellers near you...

Privacy Engineering
A dataflow and ontological approach

ISBN-13: 978-1497569713
ISBN-10: 1497569710
264 Pages, B/W on White Paper

Twitter Discussion on Privacy and Engineering

Related with the upcoming DSummit conference in Malmö in May I've been involved in a fascinating discussion on Twitter with some of the big privacy people there.

The main point being raised is the need for a proper dialog between engineers and lawyers. I think we've seen this before, but still it is not being properly addressed and until it is privacy will remain a compliance activity rooted in a tick-box mentality with dreadful repercussions.

One only needs to take a look at the potential penalties in the EU's GDPR ... a potential fine of 4% of global turnover for a privacy violation!

The crux of this is that if you want to construct systems with privacy as an aspect, it has to be a first class aspect of that system's design. That means privacy is under the collective responsibility of lawyers, engineers and management and not the sole preserve of any of these groups.

Belief in high-level privacy impact assessments and "compliance", and placing trust in a legalese privacy policy is woefully insufficient, not to mention from a business perspective one step short of insanity.

Unfortunately going beyond this is considered by some - and I've seen too many examples of this - to be difficult and unnecessary and that legal compliance - whatever that means - is enough...

As we move to a "BigData" future, the knowledge of basic data handling, quality and governance at both engineering and legal levels is critical - not just for privacy but for basic business reasons, including consumer trust and quality of product.

How to do this is not difficult, but it does require thinking and small, but extremely beneficial cultural change...
and here's a recommendation to get those principles into use:
You can start here:Privacy Engineering and A Privacy Engineer's Manifesto

Tuesday, 1 December 2015

More Data Breach Excuses

This particular case reported on the BBC has a nice excuse...
Adele tickets: Fans claim personal data has been breachedFans buying tickets for Adele's tour have told the BBC they were shown the address and credit card details of customers other than themselves.
But several fans said they saw other people's shopping baskets, including payment details, upon check out.
Ticketing company Songkick said due to the "extreme load" on the site some customers could see others' account details. It apologised for any "alarm".
"At no time was anyone able to access another person's password, nor their payment or credit card details (which are not retained by Songkick)," it said.

Friday, 20 November 2015

ABCDE....DevOps and Privacy, pt 2

Earlier I introduced the idea that DevOps, particularly in the area of privacy could take lessons from trauma medicine, particularly in taking on board ideas from ATLS.

This led to some further ideas about the relationships or analogies between disciplines - something we've already discussed before in the context of surgery, aviation and checklists.

As software engineering is being brought closer and closer to the metaphorical coal-face - we've moved away from requirements up-front to agile and now to "DevOps" where engineering and operations become the same thing we are starting to see the need to move to much more structured and disciplined teams of engineers. If this isn't happening then there are some serious cultural and management problems.

As this shift happens we have to develop techniques to deal with this - as already mentioned checklists and ATLS provide the necessary kind of structures.

By why ATLS in particular? Well, we can draw an analogy between DevOps and trauma medicine in that DevOps operates with extremely short time-scales and in an environment where fixes and patches need to be very quick and leave the system in a stable state where a longer-term patch can be made later.

DevOps is the ER of the software engineering world.

Thursday, 19 November 2015

Airmiles and Customer Service

I think we're all used to utterly rubbish customer service from airlines, especially if you have to fly in economy class. No food, no drink, Byzantine terms and conditions, cancellations and subsequent rebookings that cost money (!!!), cramped seating and paying for Wifi on board without refunds if it doesn't work. Oh and good luck if you want to speak to a human, either on the phone or at the airport

Some airlines still have a concept of customer service - SAS and Lufthansa as well as low cost challenger Norwegian at least treat passengers (sorry customers) with some degree of dignity.

I stopped flying Finnair years ago and switched my allegiance to Lufthansa and Norwegian, primary on price. When Norwegian want 600eur to fly a family to Gatwick from Helsinki while Finnair wanted over 2500eur (on a BA flight too!) with effectively the same ticketing terms and conditions. For long haul Lufthansa is my preferred airline - they serve wine and beer with the meal (all included in the price) and have the most professional and hard working cabin crew I've so far come across.

While none of the above are perfect - they could do a HUGE amount more to make the economy experience better - more on that another time.

But what really gets me is that if times are economically tough for airlines, how little they do to actually understand their customer. I mean I used to fly Finnair religiously - their customer service was excellent, food and drink on board, clean aircraft and you could change flights without being punished. Let's be honest here, Finnair were excellent, really, really excellent! I used to change whole itineraries to fly Finnair....

If you want customers then shouldn't you understand why customers aren't flying with you. Isn't this the whole point of customer loyalty programmes?

Below is my Finnair Plus statement - it's been that way for years and not once have I ever been asked why...

So privacy, security and other aspects aside, if you have a customer loyalty card of any sort and change your behaviour, eg: by stopping using that company's services and they never query why, then you were probably never getting any service anyway...

I used to have quite a tally of Finnair points, they all expired or were changed to some newer, more customer friendly scheme, for the benefits of the customer. I was never informed why or when, nor did anyone ever contact me about the change. For a customer loyalty programme you've got to admit that's pretty dire.

So, if you happen to work in the customer service dept of an airline and wish to discuss the above and how you can win me back as a customer, and a loyal one at that, let me know...

Tuesday, 3 November 2015

DevOps and the ABC(DE[FG]) of Privacy

Or maybe this should be called the ATLS of privacy perhaps?  ATLS, or Advanced Trauma Life Support is a training programme for dealing with medical trauma incidents and is typically used by first responders such as paramedics to an incident.

Now as we move to a DevOps oriented model - think of a highly integrated Agile with a "right now" delivery timescale - then the way we will have to react to compliance, privacy impact assessments, privacy engineering etc is going to be on the same kind of time-scale. Certainly if we are late or delayed with the PIA then the product is going to be shipped - with some interesting security and privacy consequences certainly!

So, I conjecture it makes sense that we bring our PIA/compliance activities not just to the engineering level but also to the speed of development and operations.

This means that the PIA is going to have to be extremely focused and very strictly run. Effectively we need the DevOps privacy version of the medical ABC.

The question then becomes what is the equivalent to the medical ABC?

As I've stated before, privacy can [must] learn a lot of things from medicine (and aviation) - such as checklists - in that they both work in very agile, unstructured and reactive environments. Privacy in a DevOps situation can not rely upon traditional compliance or work at the usual, relative glacial speed associated with such work.


Ian Oliver (2015). Privacy as a Safety Critical Concept. 1st International Workshop on Privacy Engineering. California. (Keynote Talk)

Ian Oliver (2014). Privacy Engineering: A Data Flow and Ontological Approach. CreateSpace. 978-1497569713 (see:  )