Sunday, 5 March 2017

Kerbal...

Kerbal Space Programme: What a fantastic way to:
  1. Indulge in running your own space programme
  2. Learning about orbital mechanics and vector calculus (yay!)
  3. Using countless hours in learning how points 1 and 2 above work
  4. Building space stations that make Mir look thought out :-)
 




Now you'll have to forgive me, I've been testing landers for an Eve mission all day and I've a launch window coming up...

Should the privacy profession adopt a code of ethics?

“What started to grow was the notion of a privacy officer or privacy manager as someone who could run a program that could pull together the technical and the legal piece, and I think everyone in the profession at the time thought that was a really good thing,” Kosa said. “But as the discipline grew, as the domain evolved, a lot more people got interested in it, but a lot of those people got interested not for the same reasons the people who grew the field were interested in it.”

In other words, it turned into a compliance-based exercise.

That shift didn’t sit well with her. What irked her was her sense that the field was losing its strong base of privacy advocates, replaced by professionals who were saying to companies, “I can knock out a privacy impact assessment for you for $50,000, no problem.”
 

Sunday, 1 January 2017

2017 in Tech...

Two posts in one day - that's a good start so far.

Here's User Friendly's take on 2017 in Technology ... this one is a bit deep :-)


Cardiff Airport

First post of the new year ... and this year I'll try to post more, but for a start, this from Wales On Line (sometimes Wales' answer to the Daily Mail - at least in terms of sensationalism)...

15 safest holiday destinations for 2017 and flight prices from Cardiff

All well and good, apart from the obvious sensationalism placing Belgium, Spain in almost the same category as Iraq and Syria...and on a personal note missing the World's safest country - Finland - from the mix.

What actually struck me about this article was the HUGE price disparity between flying from Cardiff than some other regional airports. This can be attributed to a number of things, mainly classic bad management over the years (this seems to have changed a little since the Welsh Government took over), but Cardiff has suffered from a management that has been quite content not to develop the airport.

This can be seen in the prices charged and the number of airlines coming to Cardiff, for example, flights to Iceland from the above article: Flights from Cardiff start from around £223, but can be picked up for less than £70 from London or Manchester. The price differential here covers travel from South Wales to London by practically anything other than a private limousine.

How about Poland? Great country and just a mere £142 from Cardiff, but only £20 from Newcastle or Birmingham. Malta? With a change of flight at £183 from Cardiff, or, less than £30 from those international heavyweights of airprots: Bournemouth, Glasgow and Nottingham...

Shopping around of course you might get better deals and Wales On Line probably isn't the best place to get your flight information in this respect. However the situation remains that Cardiff is expensive, especially with scheduled flights more or less limited to FlyBe and KLM and no cheap operators available: Norwegian HINT!!!

For Cardiff Airport to succeed a few things need to happen. Firstly the management of the airport need to get airlines and thus people to the airport - lower fees and even make a loss in certain areas but a profit overall. Control over airport taxes by the Welsh Government is critical and then finally a little more self promotion around the World, or at least Europe - maybe even China - I'm sure that even Wales could market itself from both a tourist and business perspective to the Chinese...

The situation gets even more surreal when you consider that the Cardiff region is supposed to be one of the fastest growing in the UK, yet Wales relies upon Heathrow and Bristol instead of a perfectly functional airport right next to its own capital city. Northern Ireland manages to support two airports - one of which  actually handles a reasonable amount of intercontinental flights, Scotland has five airports (Aberdeen, Inverness, Edinburgh, Glasgow and Prestwick) with Newcastle not too far from the border. Even some of the regional English airports such as Bournemouth and Exeter look better than Cardiff.

What Cardiff Airport needs is a management who have a vision and the confidence to attempt to make things better, get more business, get more tourists etc. In some ways Cardiff Airport still suffers from the problem that the Welsh Tourist Authority (or whatever they were called) had in that for them to do anything they had to ask the English Tourist Authority permission ... it still feels the same way.

In post-Brexit UK, the devolved countries of the UK, especially Wales, can not afford to sit back and hope for business. Cardiff Airport has a lot going for it with a major maintenance base for BA and another in St.Athan next door, GE Engines in Caerffili, a rail link (just about) and a runway that can handle 747s and A380s*, it just lacks any form of confidence.

*Not that you're going to see either regularly in passenger duty - unfortunately.


Thursday, 22 December 2016

Midsomer Murders

While binge watching Midsomer Murders on YLE Areena ... yes, I know....but there is a correlation between watching crap TV/Movies and intelligence - or at least I hope there is.... anyway, there seems to be a remarkably high rate of murder, which prompts some interesting shower thoughts....

  1. Firstly any detective posted to Midsomer is obviously at the peak of his career - you're never going to be bored and solving the crime is always going to be a challenge. Positions in the Midsomer police force must therefore be highly coveted.
  2. It is probably a good thing that Morse was never assigned to Midsomer...given the frequency that pubs play some role in the cases would imply that Morse would be succumb to severe alcohol poisoning after just a few cases.
  3. Jessica Fletcher could be one of the most prolific mass murderers ever...even surpassing Miss Marple...

Various people have calculated the murder rates for fictional TV towns and come up with the conclusion that...well...let's see:

  • The average rate in England and Wales (2010) is approximately 9-10 murders per million.
  • The rate in Midsomer is around 32 murders per million, approximately 3 times the UK average
  • In rate in Cabot Cove, home of Jessica Fletcher is 1490 murders per million (approx 130 times the UK average and 38 times the US average)

Here are the current rates worldwide for comparison, and summarised in murders per million

UK  9
USA 39
Honduras  846
Midsomer 32
Cabot Cove 1490



Tuesday, 13 December 2016

ePrivacy Directive

It seems that the proposal for the new ePrivacy Directive has been leaked - not quite sure I'd put it in the same league as the Panama Papers but good to see an early draft of the most important piece of potential privacy legislation since the GDPR

Here's the link to the PDF: http://www.politico.eu/wp-content/uploads/2016/12/POLITICO-e-privacy-directive-review-draft-december.pdf

It is highly unlikely that this will be retracted or hidden...something called the Streisand Effect.

As this concerns networks and OTT service providers this is potentially far more interesting that the GDPR in its scope. And, before someone goes off on a Daily Mail style anti-EU rant ( "EU bureaucrat demand that companies protect user data is evil" kind of thing ), this brings greater clarity and consistency to companies and EU citizens regarding how companies can use, profit from, market, sell etc, their data - good stuff!

Monday, 21 November 2016

Seminar: Software as a Medical Device

Seminar: Software as a Medical Device:
Safety and security. 
January 5, 9-11 am 

Seminar room: Merkuur 

Connected Health cluster presents a practical seminar to help health IT developers and startups plan and manage smoothly their products to comply with needed standards and rules.

9:00 What is a software as a medical device and what is required to get regulatory compliant products on the market - overview of medical device software safety, regulations in EU and US, standards and FDA guidance - Dr. Marion Lepmets, Co-Founder & CEO of SoftComply – 30 min presentation + 15 min Q&A

9:45 Privacy Engineering and Health Data: IT and IoT - Dr. Ian Oliver, Security Specialist at Bell Labs – 30 min presentation + 15 min Q&A

10:30 Discussion and 1-2-1 Q&A

Please register by January 3 the latest: services@tehnopol.ee 

Free for Science Park Tehnopol network and service clients and Connected Health cluster members. 30€ + vat for others.

Tuesday, 1 November 2016

CrIM'16 Quote

I'm at CrIM'16 at the moment listening to an excellent lecture on IoT security and privacy by Prof. Sokratis Katsikas of NTNU. He used this quote from Bruce Schneier:

If you think that technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

A small discussion resulted in this variation

If you think you think a 3euro bottle of water bought after airport security reduces the risk of terrorism then you don't understand security.

Think about it.

Tuesday, 4 October 2016

Brexit Levity

After a few "side-bar" stories, I finally got one on the Newsbiscuit front page!

Go here for the full story...



..Trouble is, given the state of Brexit, I'm not sure this is humour or irony anymore...next step: The Onion - a place for more reliable news.

Friday, 23 September 2016

Privacy Metrics

Along with a colleage - Dr. Yoan Miche - we presented a paper outlining ideas regarding using mutual information as a metric for establishing some form of  'legal compliance' for data sets. The work is far from complete and the mathematics is getting horrendous!

The paper entitled "On the Development of A Metric for Quality of Information Content over Anonymised Data-Sets" was presented at the excellent Quatic 2016 conference held in Lisbon, Sept 6-9, 2016.

We were also extremely fortunate in that a presented in our session didn't turn up and we were graciously given the full hour not just to present the paper but give a much fuller background and details of future work and the state of our current results.

Here are the slides:


Abstract:

We propose a framework for measuring the impact of data anonymisation and obfuscation in information theoretic and data mining terms. Privacy functions often hamper machine learning but obscuring the classification functions. We propose to
use Mutual Information over non-Euclidean spaces as a means of measuring the distortion induced by privacy function and following the same principle, we also propose to use Machine Learning techniques in order to quantify the impact of said obfuscation in terms of further data mining goals.

Citation:

Ian Oliver and Yoan Miche (2016) On the Development of A Metric for Quality of
Information Content over Anonymised Data-Sets
. Quatic 2016, Lisbon, Portugal, Sept 6-9, 2016.

Monday, 19 September 2016

Requirements Engineering and Privacy

A lot of travelling this month to conferences and speaking about privacy engineering (as usual). I just spent a week in Beijing at RE'16 (Requirements Engineering 2016) where I both presented a paper on privacy requirements and participated in a panel session on digitalisation and telecommunications - more on that later.

Anyway, here are the slides from the privacy paper:


And here is the abstract:

"Any reasonable implementation of privacy requirements can not be made through legal compliance alone. The belief that a software system can be developed without privacy being an integral concept, or that a privacy policy is sufficient as requirements or compliance check is at best dangerous for the users, customers and business involved. While requirements frameworks exist, the specialisation of these into the privacy domain have not been made in such a manner that they unify both the legal and engineering domains. In order to achieve this one must develop ontological structures to aid communication between these domains, provide a commonly acceptable semantics and a framework by which requirements expressed at different levels of abstractness can be linked together and support refinement. An effect of this is to almost completely remove the terms ‘personal data’ and ‘PII’ from common usage and force a deeper understanding of the data and information being processed. Once such a structure is in place - even if just partially or sparsely populated - provides a formal framework by which not only requirements can be obtained, their application (or not) be justified and a proper risk analysis made. This has further advantages in that privacy requirements and their potential implementations can be explored through the software development process and support ideas such as agile methods and ‘DevOps’ rather than being an ‘add-on’ exercise - a privacy impact assessment - poorly executed at inappropriate times."

Ian Oliver (2016) Experiences in the Development and Usage of a Privacy Requirements Framework. Requirements Engineering 2016 (RE'16), Beijing, China, September 12-17, 2016

Friday, 26 August 2016

Aliens, Direct Advertising and ClickBait

The Internet - a way of accessing nearly all of humankind's knowledge...anyway, while reading an article about people with Rh negative blood types are descendent from aliens (spoiler, they're not) and how HAARP is causing climate change (spoiler, it's not) and other "interesting" articles (who writes this stuff?) about Freemasons from Atlantis build the Pyramids (spoiler, they didn't...well technically they did in the sense that masons build the pyramids - stonework, masons ... but they probably didn't come in spacecraft from Atlantis) etc, I do enjoy taking time to look at the direct advertising.

Geolocation of IP address is simple, which means you get clickbait such as these:



First of all two millionaires in Sipoo Finland, I think we might have heard about these especially given their willingness to appear in direct advertising, I'm sure they'd have appeared in the local press too. As for the guy with the lime green car - good luck driving that on our roads - and Diety knows where she's going to part that helicopter.

I particularly like the medical breakthrough...good thing I like eggs, though it might be a bit irresponsible showing a runny egg - those things are more dangerous than Ebola on a dark night - isn't that right Mrs. Currie!

So here we are, late 2016, vast amounts of knowledge at our fingertips and this is what we get...I mean, it isn't as if anyone could actually go and check the claims in the above advertisements is it?


Saturday, 20 August 2016

A Philosophy of Riding

Been thinking about this for a while, but:

  • A good horse rider has only four problems: hands, legs, body and mind
  • A excellent horse rider tries to address the above
  • A bad rider believes they have less than four problems
  • A horse only has one problem: the rider