tag:blogger.com,1999:blog-77012143585996868212024-03-13T19:08:47.614+02:00Ian's BlogA collection of discussions, links, stories, news and whatever else I find interesting in the fields of computing, information, science, privacy, semantics, mathematics and so on...Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.comBlogger540125tag:blogger.com,1999:blog-7701214358599686821.post-39117092734404856782023-12-31T12:48:00.003+02:002023-12-31T12:48:53.063+02:00Post diwedd 2023Dim lot i siarad yma, yn posib yn y dyfodol....Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-2284079947170049742022-08-09T19:02:00.004+03:002022-08-09T19:02:53.748+03:00Pannas wedi'u rhostioBydda i'n dewud fy rysiad i rostio pannas. Eitha simpl ond blasus, sy y prif.
Tynnwch y croen o'r pannas a sleisio i hanner. Berwi sospan o ddwr ac adio halen i ddwr. Berwi y pannas am ddeng munud. Tynnwch y pannas o'r dwr and gadael am munud.
Dodwch y pannas ar drei bobi, taenellwch olwe olive a halen y mor dros y pannas a i mewn y ffrwn poeth, tua 200-220 gradd, am awr neu tan tipyn o frown.
Gallech defnyddio tatws, moron a llysiau eraill hefyd. Rhostia llysiau a garlleg a rhosmari ydy iawn hefyd.
Mwynheuwch!Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-43066870252852139472021-12-23T11:36:00.002+02:002021-12-23T11:36:17.668+02:002021 First postI really should write more here, and oftenIanhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-22613844916856523252020-01-01T11:56:00.001+02:002020-01-01T11:56:22.506+02:00First Post of 2020Well, no one can accuse me of not posting in 2020 now :-)
Blwyddyn Newydd Dda!Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com2tag:blogger.com,1999:blog-7701214358599686821.post-1516643200049255422019-12-31T16:59:00.002+02:002019-12-31T16:59:27.753+02:00First post of 2019I guess after been in a job where I *can* write, I've become a little lax in writing here...see you in 2020Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-4876226655104779092018-12-07T18:43:00.003+02:002018-12-07T18:43:58.880+02:00Syrup Sponge - in a microwaveBit lax on posting here.... :-) But at least one entry per year....
Syrup Sponge (aka Steamed Pudding)
Two options for cooking, 4 hours steaming in a water bath or 5 minutes in the Microwave (seriously!!)
Original from here https://www.bbc.com/food/recipes/syrupspongewithprope_4983
Ingredients
125g butter melted
100g sugar
2 eggs
150g plain flour
1 tea spoon baking powder (leivinjauhe)
1-2 tablespoons of milk
NB: you need syrup too, but DON'T add it to the mix yet (see later)
Optional Ingredients
#1 Lemon :Squeeze half a lemon + grated peel of 1 lemin
#2 Vanilla :A few drops of vanilla essence
#3 Do #1 and #2
#4 Add whatever you like - Lemon and Vanilla are good - experiment with how much
#5 Use lime as well as/instead of lemon - this might work - orange too probably
#6 Rum ... instead of the milk .... hell, why not?! Let me know.... rum essence will work too.
Method
Mix all of the above (not the syrup) together - should be "gloopy" not stiff or too liquid
Now take a microwave safe bowl big enough for all of the above to fit into to.
Coat it with butter and drizzle syrup down the slides - try to get everything covered.
Tip the sponge mixture into the bowl.
Syrup: Dark syrup is good - very thick and doesn't collect in the bottom of the bowl when you add the sponge mixture. Maple syrup is also good but a bit too runny.
Cover with cling film - not too tightly
Microwave full power for 5 minutes, maybe 6
Take out - WARNING IT WILL BE FREAKING HOT - and place a large plate over the top of the bowl (take the cling film off first!). Tip everything upside down. If you're lucky the sponge will drop out and if not use a knife. The top of the sponge (and sides too hopefully) will be saturated in syrup.
Serve
Best eaten hot, server with custard (vanilija kastike), cream, icecream.
When cold the pudding becomes firmer and soaks up the sauce like a sponge :-)
Vegans
Replace the eggs and milk and butter with suitable vegan alternatives, such as hemp oil, avocado, aqua faba, lettuce - oh I have no idea...all you need to ensure is that the proteins fold trapping the CO2 generated by the leivinjauhe during the cooking process.
Microwave
Yes, seriously, this is one thing that does work well in the microwave. During steaming the pudding is cooked slowly, in a microwave all of the water molecules are excited by the microwaves (yay physics!) simultaneously so you get the same effect and maybe better. That's the idea anyway.
Safety
THE BOWL AND CONTENTS WILL BE HOT WHEN YOU TAKE IT OUT OF THE MICROWAVE. USE OVEN GLOVES ON BOTH HANDS. THIS STUFF IS LIKE BOILING NAPALM - I HAVE THE SCARS.
Take all necessary safety precautions: aprons, rubber gloves, goggles, gasmask, helmet, safety harness, clogs, attack dog, gun, VPN connection and have the hospital on speed dial... no wait ... that's the chilli I ate last week.....
Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com2tag:blogger.com,1999:blog-7701214358599686821.post-52455263775694366102017-04-23T22:24:00.001+03:002017-04-23T22:24:21.796+03:00Measuring PrivacyFinally got to publish some results...more coming:<br />
<br />
<br />
<iframe src="//www.slideshare.net/slideshow/embed_code/key/CIhrjM20ieBVhy" width="425" height="355" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/ianoliver79/the-measurement-of-privacy" title="The Measurement of Privacy" target="_blank">The Measurement of Privacy</a> </strong> from <strong><a target="_blank" href="//www.slideshare.net/ianoliver79">Ian Oliver</a></strong> </div>Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-64519150077340277552017-03-05T19:32:00.002+02:002017-03-05T19:34:24.050+02:00Kerbal...Kerbal Space Programme: What a fantastic way to:<br />
<ol>
<li>Indulge in running your own space programme</li>
<li>Learning about orbital mechanics and vector calculus (yay!)</li>
<li>Using countless hours in learning how points 1 and 2 above work</li>
<li>Building space stations that make Mir look thought out :-)</li>
</ol>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-SgVW-t4o-xs/WLxLlnFV9HI/AAAAAAAAFns/3N8XbNdh4-AKMT8qQeoWijVk5uSwQ9NLACLcB/s1600/kerbalStation2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="209" src="https://4.bp.blogspot.com/-SgVW-t4o-xs/WLxLlnFV9HI/AAAAAAAAFns/3N8XbNdh4-AKMT8qQeoWijVk5uSwQ9NLACLcB/s320/kerbalStation2.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-ARb_PJQj1lM/WLxMEbXLXVI/AAAAAAAAFnw/zXUE_T2nXfcaWdrtWaFanMbK5MR-HRhKgCLcB/s1600/20170305193251_1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://4.bp.blogspot.com/-ARb_PJQj1lM/WLxMEbXLXVI/AAAAAAAAFnw/zXUE_T2nXfcaWdrtWaFanMbK5MR-HRhKgCLcB/s320/20170305193251_1.jpg" width="320" /></a></div>
<br />
<br />
<br />
Now you'll have to forgive me, I've been testing landers for an Eve mission all day and I've a launch window coming up...Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-22417322398002161952017-03-05T09:58:00.001+02:002017-03-05T09:58:38.942+02:00Should the privacy profession adopt a code of ethics?<div class="article-meta-text">
And excellent article by <span class="article-meta-author"><a class="article-author-link--bold" href="https://iapp.org/about/person/0011a00000DlD6cAAF">Angelique Carson</a></span> published in the IAPP's <span class="article-meta-date"><a class="article-author-link--bold" href="https://iapp.org/news/privacy-advisor">The Privacy Advisor</a> </span>on
<span class="article-meta-date">Feb 28, 2017.</span></div>
<div class="article-meta-text">
<br /></div>
<div class="article-meta-text">
<span class="article-meta-date">I really want to highlight a few points - in red and in bold:</span></div>
<div class="article-meta-text">
<br /></div>
<blockquote class="tr_bq">
“What started to grow was the notion of a privacy officer or privacy
manager as someone who could run a program <span style="color: #cc0000;"><b>that could pull together the
technical and the legal piece</b></span>, and I think everyone in the profession at
the time thought that was a really good thing,” Kosa said. “But as the
discipline grew, as the domain evolved, a lot more people got interested
in it, but a lot of those people got interested not for the same
reasons the people who grew the field were interested in it.”<br />
<br />
In other words,<u><b><span style="color: #cc0000;"> it turned into a compliance-based exercise.</span></b></u><br />
<br />
That shift didn’t sit well with her. What irked her was her sense
that the field was losing its strong base of privacy <b><span style="color: #cc0000;">advocates, replaced
by professionals who were saying to companies, “I can knock out a
privacy impact assessment for you for $50,000</span></b>, no problem.” </blockquote>
<div class="article-meta-text">
<br /></div>
<div class="article-meta-text">
<span class="article-meta-date">Personally I think she probably got a good deal for $50k ... </span></div>
<div class="article-meta-text">
<br /></div>
<div class="article-meta-text">
<span class="article-meta-date">Let me say this again: PRIVACY IS A COMPLIANCE ACTIVITY</span></div>
<div class="article-meta-text">
<br /></div>
<div class="article-meta-text">
<span class="article-meta-date">I also particularly like the learnings she's brought from medicine to the area...specifically she's promoting a the basis of the approach to safety-critical systems .... now, I wonder who promoted that idea before....? </span>
</div>
Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-58878083613260080622017-01-01T10:57:00.001+02:002017-01-01T10:57:07.903+02:002017 in Tech...Two posts in one day - that's a good start so far.<br />
<br />
Here's <a href="http://www.userfriendly.org/" target="_blank">User Friendly's</a> take on 2017 in Technology ... this one is a bit deep :-)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-eXMGdcxlSw8/WGjEQ0UCTUI/AAAAAAAAFPI/3dHAFW_WGlwGE7MT44ZL7vAw1WwwtGRUACLcB/s1600/uf.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="245" src="https://4.bp.blogspot.com/-eXMGdcxlSw8/WGjEQ0UCTUI/AAAAAAAAFPI/3dHAFW_WGlwGE7MT44ZL7vAw1WwwtGRUACLcB/s320/uf.png" width="320" /></a></div>
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-71217009200166761282017-01-01T10:53:00.001+02:002017-01-01T10:53:12.410+02:00Cardiff AirportFirst post of the new year ... and this year I'll try to post more, but for a start, this from Wales On Line (sometimes Wales' answer to the Daily Mail - at least in terms of sensationalism)...
<br />
<br />
<a href="http://www.walesonline.co.uk/news/wales-news/15-safest-holiday-destinations-2017-12378476">15 safest holiday destinations for 2017 and flight prices from Cardiff</a><br />
<br />
All well and good, apart from the obvious sensationalism placing Belgium, Spain in almost the same category as Iraq and Syria...and on a personal note missing the World's safest country - Finland - from the mix.<br />
<br />
What actually struck me about this article was the HUGE price disparity between flying from Cardiff than some other regional airports. This can be attributed to a number of things, mainly classic bad management over the years (this seems to have changed a little since the Welsh Government took over), but Cardiff has suffered from a management that has been quite content not to develop the airport.<br />
<br />
This can be seen in the prices charged and the number of airlines coming to Cardiff, for example, flights to Iceland from the above article: Flights from Cardiff <a href="https://www.skyscanner.net/transport/flights/cwl/reyk/cheap-flights-from-cardiff-to-reykjavik.html?adults=1&children=0&adultsv2=1&childrenv2&infants=0&cabinclass=economy&rtn=1&preferdirects=false&outboundaltsenabled=false&inboundaltsenabled=false&qp_prevProvider=ins_browse&qp_prevCurrency=GBP&qp_prevPrice=223&selectedoday=01&oym=1701&selectediday=01&iym=1701" rel="nofollow">start from around £223</a>, but can be picked up for less than £70 from London or Manchester. The price differential here covers travel from South Wales to London by practically anything other than a private limousine.<br />
<br />
How about Poland? Great country and just a mere £142 from Cardiff, but only £20 from Newcastle or Birmingham. Malta? With a change of flight at £183 from Cardiff, or, less than £30 from those international heavyweights of airprots: Bournemouth, Glasgow and Nottingham...<br />
<br />
Shopping around of course you might get better deals and Wales On Line probably isn't the best place to get your flight information in this respect. However the situation remains that Cardiff is expensive, especially with scheduled flights more or less limited to FlyBe and KLM and no cheap operators available: Norwegian HINT!!!<br />
<br />
For Cardiff Airport to succeed a few things need to happen. Firstly the management of the airport need to get airlines and thus people to the airport - lower fees and even make a loss in certain areas but a profit overall. Control over airport taxes by the Welsh Government is critical and then finally a little more self promotion around the World, or at least Europe - maybe even China - I'm sure that even Wales could market itself from both a tourist and business perspective to the Chinese...<br />
<br />
The situation gets even more surreal when you consider that the Cardiff region is supposed to be one of the fastest growing in the UK, yet Wales relies upon Heathrow and Bristol instead of a perfectly functional airport right next to its own capital city. Northern Ireland manages to support two airports - one of which actually handles a reasonable amount of intercontinental flights, Scotland has five airports (Aberdeen, Inverness, Edinburgh, Glasgow and Prestwick) with Newcastle not too far from the border. Even some of the regional English airports such as Bournemouth and Exeter look better than Cardiff.<br />
<br />
What Cardiff Airport needs is a management who have a vision and the confidence to attempt to make things better, get more business, get more tourists etc. In some ways Cardiff Airport still suffers from the problem that the Welsh Tourist Authority (or whatever they were called) had in that for them to do anything they had to ask the English Tourist Authority permission ... it still feels the same way.<br />
<br />
In post-Brexit UK, the devolved countries of the UK, especially Wales, can not afford to sit back and hope for business. Cardiff Airport has a lot going for it with a major maintenance base for BA and another in St.Athan next door, GE Engines in Caerffili, a rail link (just about) and a runway that can handle 747s and A380s*, it just lacks any form of confidence.<br />
<br />
<span style="font-size: x-small;">*Not that you're going to see either regularly in passenger duty - unfortunately.</span><br />
<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com2tag:blogger.com,1999:blog-7701214358599686821.post-80529547644738622042016-12-22T10:41:00.003+02:002016-12-22T10:41:45.128+02:00Midsomer MurdersWhile binge watching<a href="https://en.wikipedia.org/wiki/Midsomer_Murders" target="_blank"> Midsomer Murders</a> on YLE Areena ... yes, I know....but there is a correlation between watching crap TV/Movies and intelligence - or at least I hope there is.... anyway, there seems to be a remarkably high rate of murder, which prompts some interesting <a href="https://www.reddit.com/r/Showerthoughts/" target="_blank">shower thoughts</a>....<br />
<br />
<ol>
<li>Firstly any detective posted to Midsomer is obviously at the peak of his career - you're never going to be bored and solving the crime is always going to be a challenge. Positions in the Midsomer police force must therefore be highly coveted.</li>
<li>It is probably a good thing that <a href="https://en.wikipedia.org/wiki/Inspector_Morse" target="_blank">Morse </a>was never assigned to Midsomer...given the frequency that pubs play some role in the cases would imply that Morse would be succumb to severe alcohol poisoning after just a few cases.</li>
<li>Jessica Fletcher could be one of the most prolific mass murderers ever...even surpassing Miss Marple...</li>
</ol>
<br />
Various people have calculated the murder rates for fictional TV towns and come up with the conclusion that...well...let's see:<br />
<br />
<ul>
<li>The average rate in England and Wales (2010) is approximately 9-10 murders per million.</li>
<li>The rate in Midsomer is around 32 murders per million, approximately 3 times the UK average</li>
<li>In rate in <a href="https://en.wikipedia.org/wiki/Murder,_She_Wrote" target="_blank">Cabot Cove</a>, home of <a href="https://en.wikipedia.org/wiki/Jessica_Fletcher" target="_blank">Jessica Fletcher</a> is 1490 murders per million (approx 130 times the UK average and 38 times the US average)</li>
</ul>
<br />
Here are the <a href="https://en.wikipedia.org/wiki/List_of_countries_by_intentional_homicide_rate" target="_blank">current rates worldwide</a> for comparison, and summarised in murders per million<br />
<br />
UK 9<br />
USA 39<br />
Honduras 846<br />
Midsomer 32<br />
Cabot Cove 1490<br />
<br />
<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-30938994908250851372016-12-13T22:04:00.000+02:002016-12-13T22:04:26.311+02:00ePrivacy DirectiveIt seems that the proposal for the new ePrivacy Directive has been leaked - not quite sure I'd put it in the same league as the Panama Papers but good to see an early draft of the most important piece of potential privacy legislation since the GDPR<br />
<br />
Here's the link to the PDF: <a href="http://www.politico.eu/wp-content/uploads/2016/12/POLITICO-e-privacy-directive-review-draft-december.pdf">http://www.politico.eu/wp-content/uploads/2016/12/POLITICO-e-privacy-directive-review-draft-december.pdf</a><br />
<br />
It is highly unlikely that this will be retracted or hidden...something called the <a href="https://en.wikipedia.org/wiki/Streisand_effect" target="_blank">Streisand Effect</a>.<br />
<br />
As this concerns networks and OTT service providers this is potentially far more interesting that the GDPR in its scope. And, before someone goes off on a <a href="http://blogs.ec.europa.eu/ECintheUK/category/euromyths/" target="_blank">Daily Mail style anti-EU rant</a> ( "EU bureaucrat demand that companies protect user data is evil" kind of thing ), this brings greater clarity and consistency to companies and EU citizens regarding how companies can use, profit from, market, sell etc, their data - good stuff!<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-14400677236253449582016-11-21T22:01:00.000+02:002016-11-21T22:01:10.513+02:00Seminar: Software as a Medical Device<div style="text-align: center;">
<b><span style="font-size: large;">Seminar: Software as a Medical Device: </span></b></div>
<div style="text-align: center;">
<b><span style="font-size: large;">Safety and security. </span></b></div>
<div style="text-align: center;">
<b>January 5, 9-11 am </b></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<a href="https://goo.gl/maps/nteGfesDgKS2" target="_blank">Teaduspargi 6/1, Tallinm, Estonia</a></div>
<div style="text-align: center;">
Seminar room: Merkuur </div>
<br />
Connected Health cluster presents a practical seminar to help health IT developers and startups plan and manage smoothly their products to comply with needed standards and rules.<br />
<br />
<b>9:00 What is a software as a medical device and what is required to get regulatory compliant products on the market - overview of medical device software safety, regulations in EU and US, standards and FDA guidance</b> - Dr. Marion Lepmets, Co-Founder & CEO of SoftComply – 30 min presentation + 15 min Q&A<br />
<br />
<b>9:45</b> <b>Privacy Engineering and Health Data: IT and IoT</b> - Dr. Ian Oliver, Security Specialist at Bell Labs – 30 min presentation + 15 min Q&A<br />
<br />
10:30 Discussion and 1-2-1 Q&A<br />
<br />
Please register by January 3 the latest: <a href="mailto:services@tehnopol.ee" target="_blank">services@tehnopol.ee </a><br />
<br />
Free for Science Park Tehnopol network and service clients and Connected Health cluster members.
30€ + vat for others.Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1Teaduspargi, Tallinn, Viro59.397598899999991 24.65802759999996959.393557399999992 24.647942599999968 59.401640399999991 24.668112599999969tag:blogger.com,1999:blog-7701214358599686821.post-9755114673793568902016-11-15T11:03:00.000+02:002016-11-15T11:04:57.687+02:00Privacy Engineering for Today - DIMECC PresentationHere is my presentation from the DIMECC 9th Annual Seminary on Business innovation in Finland.
<iframe src="//www.slideshare.net/slideshow/embed_code/key/2SZzShygBKuUl3" width="340" height="290" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/ianoliver79/privacy-engineering-for-today" title="Privacy Engineering for Today" target="_blank">Privacy Engineering for Today</a> </strong> from <strong><a target="_blank" href="//www.slideshare.net/ianoliver79">Ian Oliver</a></strong> </div>Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-9448334346363426962016-11-02T13:12:00.002+02:002016-11-02T13:13:20.229+02:00CrIM'16 Keynote on Safety Critical Ideas in PrivacyHere are the slides and a longer presentation as a paper will be available soon:<br />
<br />
<br />
<iframe src="//www.slideshare.net/slideshow/embed_code/key/1CnsTIR64SwVHi" width="340" height="290" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/ianoliver79/using-safetycritical-concepts-in-privacy-engineering" title="Using Safety-Critical Concepts in Privacy Engineering" target="_blank">Using Safety-Critical Concepts in Privacy Engineering</a> </strong> from <strong><a target="_blank" href="//www.slideshare.net/ianoliver79">Ian Oliver</a></strong> </div>Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0Oulu, Suomi65.0120888 25.46507729999996264.1595883 22.883290299999963 65.8645893 28.04686429999996tag:blogger.com,1999:blog-7701214358599686821.post-75024023784911538972016-11-01T09:53:00.002+02:002016-11-01T09:54:08.431+02:00CrIM'16 QuoteI'm at <a href="https://www.ee.oulu.fi/research/ouspg/CrIM16">CrIM'16</a> at the moment listening to an excellent lecture on IoT security and privacy by <a href="https://www.ntnu.edu/employees/sokratis.katsikas">Prof. Sokratis Katsikas of NTNU</a>. He used this quote from Bruce Schneier:<br />
<blockquote class="tr_bq">
<br />
If you think that technology can solve your security problems, then you don't understand the
problems and you don't understand the technology.</blockquote>
<br />
A small discussion resulted in this variation<br />
<br />
<blockquote class="tr_bq">
If you think you think a 3euro bottle of water bought after airport security reduces the risk of terrorism then you don't understand security.</blockquote>
<br />
Think about it.Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-37586765363769330382016-10-04T19:35:00.001+03:002016-10-04T19:35:22.003+03:00Brexit LevityAfter a few "side-bar" stories, I finally got one on the <a href="http://www.newsbiscuit.com/">Newsbiscuit </a>front page!<br />
<br />
Go <a href="http://www.newsbiscuit.com/2016/10/03/may-headlines-comedylunatic-fringe/">here </a>for the full story...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.newsbiscuit.com/2016/10/03/may-headlines-comedylunatic-fringe/"><img border="0" height="320" src="https://4.bp.blogspot.com/--Tlb9VyQc0A/V_PaI9231cI/AAAAAAAAEa8/Us9hYqPUA-oBIpSFFCLSP9K4vZIa9GOWgCLcB/s320/newsbiscuitOct16.png" width="232" /></a></div>
<br />
<br />
..Trouble is, given the state of Brexit, I'm not sure this is humour or irony anymore...next step: <a href="http://www.theonion.com/">The Onion</a> - a place for more reliable news.Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-45492530844706988262016-09-23T11:39:00.000+03:002016-09-23T11:39:00.203+03:00Privacy MetricsAlong with a colleage - Dr. Yoan Miche - we presented a paper outlining ideas regarding using mutual information as a metric for establishing some form of 'legal compliance' for data sets. The work is far from complete and the mathematics is getting horrendous!<br />
<br />
The paper entitled<b> "On the Development of A Metric for Quality of
Information Content over Anonymised Data-Sets"</b> was presented at the excellent <a href="http://2016.quatic.org/">Quatic 2016</a> conference held in Lisbon, Sept 6-9, 2016.<br />
<br />
We were also extremely fortunate in that a presented in our session didn't turn up and we were graciously given the full hour not just to present the paper but give a much fuller background and details of future work and the state of our current results.<br />
<br />
Here are the slides:<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="290" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/cBQNd5jZsIP9qq" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="340"> </iframe> </div>
<div style="margin-bottom: 5px; text-align: center;">
<b> <a href="https://www.slideshare.net/ianoliver79/on-the-development-of-a-metric-for-quality-of-information-content-over-anonymised-data-sets" target="_blank" title="On The Development of A Metric for Quality of Information Content over Anonymised Data Sets">On The Development of A Metric for Quality of Information Content over Anonymised Data Sets</a> </b> from <b><a href="https://www.slideshare.net/ianoliver79" target="_blank">Ian Oliver</a></b> </div>
<br />
Abstract:<br />
<br />
<blockquote class="tr_bq">
<i>We propose a framework for measuring the impact of data anonymisation and obfuscation in information theoretic and data mining terms. Privacy functions often hamper machine learning but obscuring the classification functions. We propose to<br />use Mutual Information over non-Euclidean spaces as a means of measuring the distortion induced by privacy function and following the same principle, we also propose to use Machine Learning techniques in order to quantify the impact of said obfuscation in terms of further data mining goals.</i></blockquote>
<br />
Citation:<br />
<br />
Ian Oliver and Yoan Miche (2016) <i>On the Development of A Metric for Quality of<br />Information Content over Anonymised Data-Sets</i>. Quatic 2016, Lisbon, Portugal, Sept 6-9, 2016.Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0Lisbon, Portugal38.7222524 -9.139336599999978738.6231754 -9.3006980999999787 38.8213294 -8.9779750999999788tag:blogger.com,1999:blog-7701214358599686821.post-9455434776485372342016-09-19T11:32:00.000+03:002016-09-19T11:32:38.432+03:00Requirements Engineering and PrivacyA lot of travelling this month to conferences and speaking about privacy engineering (as usual). I just spent a week in Beijing at RE'16 (<a href="http://www.re16.org/">Requirements Engineering 2016</a>) where I both presented a paper on privacy requirements and participated in a panel session on digitalisation and telecommunications - more on that later.<br />
<br />
Anyway, here are the slides from the privacy paper:<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="290" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/qbFZWLRbVmtvst" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="340"> </iframe> </div>
<div style="margin-bottom: 5px; text-align: center;">
<b> <a href="https://www.slideshare.net/ianoliver79/experiences-in-the-development-and-usage-of-a-privacy-requirements-framework" target="_blank" title="Experiences in the Development and Usage of a Privacy Requirements Framework">Experiences in the Development and Usage of a Privacy Requirements Framework</a> </b> from <b><a href="https://www.slideshare.net/ianoliver79" target="_blank">Ian Oliver</a></b> </div>
<br />
And here is the abstract:<br />
<blockquote class="tr_bq">
<br />
<i>"Any reasonable implementation of privacy requirements can not be made through legal compliance alone. The belief that a software system can be developed without privacy being an integral concept, or that a privacy policy is sufficient as requirements or compliance check is at best dangerous for the users, customers and business involved. While requirements frameworks exist, the specialisation of these into the privacy domain have not been made in such a manner that they unify both the legal and engineering domains. In order to achieve this one must develop ontological structures to aid communication between these domains, provide a commonly acceptable semantics and a framework by which requirements expressed at different levels of abstractness can be linked together and support refinement. An effect of this is to almost completely remove the terms ‘personal data’ and ‘PII’ from common usage and force a deeper understanding of the data and information being processed. Once such a structure is in place - even if just partially or sparsely populated - provides a formal framework by which not only requirements can be obtained, their application (or not) be justified and a proper risk analysis made. This has further advantages in that privacy requirements and their potential implementations can be explored through the software development process and support ideas such as agile methods and ‘DevOps’ rather than being an ‘add-on’ exercise - a privacy impact assessment - poorly executed at inappropriate times."</i></blockquote>
<br />
Ian Oliver (2016) <i>Experiences in the Development and Usage of a Privacy Requirements Framework</i>. Requirements Engineering 2016 (RE'16), Beijing, China, September 12-17, 2016 Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0Beijing, China39.904211 116.4073949999999538.353058 113.82560799999995 41.455363999999996 118.98918199999996tag:blogger.com,1999:blog-7701214358599686821.post-49381165813341408262016-08-26T10:17:00.003+03:002016-08-26T10:18:39.887+03:00Aliens, Direct Advertising and ClickBaitThe Internet - a way of accessing nearly all of humankind's knowledge...anyway, while reading an article about people with <a href="http://www.ancient-code.com/humans-with-blood-type-rh-negative-belong-to-an-extraterrestrial-lineage-according-to-new-theory/">Rh negative blood types are descendent from aliens</a> (spoiler, <a href="https://en.wikipedia.org/wiki/Rh_blood_group_system">they're not</a>) and how <a href="http://www.ancient-code.com/haarp-will-open-doors-public-one-day/">HAARP is causing climate change</a> (spoiler, it's not) and other "interesting" articles (who writes this stuff?) about Freemasons from Atlantis build the Pyramids (spoiler, they didn't...well technically they did in the sense that masons build the pyramids - stonework, masons ... but they probably didn't come in spacecraft from Atlantis) etc, I do enjoy taking time to look at the direct advertising.<br />
<br />
<a href="https://en.wikipedia.org/wiki/Geolocation">Geolocation </a>of IP address is simple, which means you get <a href="https://en.wikipedia.org/wiki/Clickbait">clickbait </a>such as these:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-rv1Wjzoaz88/V7_r8u_EJTI/AAAAAAAADyk/PYzl-6WoFxc-ZFObDNbe3klN5wcXlUQDwCLcB/s1600/moreCrapAdvertisingClickBait2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" src="https://4.bp.blogspot.com/-rv1Wjzoaz88/V7_r8u_EJTI/AAAAAAAADyk/PYzl-6WoFxc-ZFObDNbe3klN5wcXlUQDwCLcB/s320/moreCrapAdvertisingClickBait2.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-S6Eu-Wu_udM/V7_r9bTjA2I/AAAAAAAADyo/EbNjHwv6HWsOk59P4AyE-jsFRRYpv9iBwCLcB/s1600/moreCrapAdvertisingClickBait.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://3.bp.blogspot.com/-S6Eu-Wu_udM/V7_r9bTjA2I/AAAAAAAADyo/EbNjHwv6HWsOk59P4AyE-jsFRRYpv9iBwCLcB/s320/moreCrapAdvertisingClickBait.png" width="134" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
First of all two millionaires in Sipoo Finland, I think we might have heard about these especially given their willingness to appear in direct advertising, I'm sure they'd have appeared in the local press too. As for the guy with the lime green car - good luck driving that on our roads - and Diety knows where she's going to part that helicopter.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I particularly like the medical breakthrough...good thing I like eggs, though it might be a bit irresponsible showing a runny egg - those things are more dangerous than <a href="https://en.wikipedia.org/wiki/Edwina_Currie">Ebola on a dark night - isn't that right Mrs. Currie!</a></div>
<br />
So here we are, late 2016, vast amounts of knowledge at our fingertips and this is what we get...I mean, it isn't as if anyone could actually go and check the claims in the above advertisements is it?<br />
<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-81788613043783693922016-08-20T14:29:00.002+03:002016-08-28T22:15:17.891+03:00A Philosophy of RidingBeen thinking about this for a while, but:<br />
<br />
<ul>
<li>A good horse rider has <i>only</i> four problems: hands, legs, body and mind</li>
<li>A excellent horse rider <i>tries </i>to address the above</li>
<li>A bad rider believes they have less than four problems</li>
<li>A horse only has one problem: the rider</li>
</ul>
<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-83769865749248636092016-08-05T22:09:00.003+03:002016-08-05T22:14:29.032+03:00Privacy Engineering Procedures and EbolaA seemingly unlikely combination: privacy engineering and ebola, though I guess there are similarities by which viruses spread with how personal data spreads around a company - another time and another study I think.<br />
<br />
OK, so what the zark do these things have in common - the answer is via a convoluted path and actually is more related to how we react to an incident: privacy or medical (and we're back to safety-critical systems again).<br />
<br />
Bit of background first: <a href="https://en.wikipedia.org/wiki/The_Hot_Zone">I've been reading about Marburg and Ebola recently</a> - both are fascinating (and <a href="https://enlightenme.com/ebola-virus-effects/">frightening</a>) themselves, but what is more interesting from a procedural point of view is how they were discovered, researched and ultimately how we as a species react to them.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://upload.wikimedia.org/wikipedia/commons/e/e6/Ebola_virus_virion.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="147" src="https://upload.wikimedia.org/wikipedia/commons/e/e6/Ebola_virus_virion.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Ebola (via Wikipedia and CDC)</td></tr>
</tbody></table>
Now the procedural stuff, the CDC have a response plan for Ebola entitled: <a href="http://www.cdc.gov/vhf/ebola/pdf/ed-algorithm-management-patients-possible-ebola.pdf">Identify, Isolate and Inform: Emergency Department Evaluation and Management for Patients Under Investigation for Ebola Virus Disease.</a><br />
<br />
Worth reading just to understand how the CDC explain how to plan your due diligence - something we're exceptionally bad at in privacy ... we just scream PIA and COMPLIANCE !<br />
<br />
The point here is that if privacy engineering is to emerge as a discipline we need to address our culture in how we react to incidents and even react in general. Learning from a discipline that already has to face critical incidents is a good start.<br />
<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0tag:blogger.com,1999:blog-7701214358599686821.post-63437965764660355882016-07-28T11:07:00.002+03:002016-07-28T11:07:59.298+03:00S-Group and Customer Data CollectionHave't written here for a while, but as luck would have it here's a privacy story from Finland.<br />
<br />
The supermarket chain S-Group are updating their customer loyalty scheme to make it more relevant for their customers, ie: direct advertising. The basic idea is that they'll make fine grained data collection from the various shops and services in the S-Group. Such data include the specific purchases as well as, of course, time stamps, locations, identity etc.<br />
<br />
While various consumer organisations are incensed by this obvious infringement of people's privacy, the danger is really elsewhere.<br />
<br />
For a start we have the classic massive data collection from which we can make all kinds of inferences - ostensibly the what, where, when and intriguingly why of consumer purchases. Down this road we see the also classic direct advertising mistakes - you bought milk last week so you'll buy milk this week ... seriously if a supermarket can't work this out without "BigData" then they have problems.<br />
<br />
There's also the issue that inferences can have other unforseen effects:<br />
<br />
<a href="http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#4a0f4b8e34c6"><b><span style="color: #073763;">How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did</span></b></a><br />
<span style="color: #073763;">Kashmir Hill, Forbes</span><br />
<span style="color: #073763;">Feb 16, 2012</span><br />
<blockquote class="tr_bq">
<i><span style="color: #073763;">"Every time you go shopping, you share intimate details about your consumption patterns with retailers. And many of those retailers are studying those details to figure out what you like, what you need, and which coupons are most likely to make you happy. Target, for example, has figured out how to data-mine its way into your womb, to figure out whether you have a baby on the way long before you need to start buying diapers."</span></i></blockquote>
<br />
That's really going to go down well with the Finnish regulators...<br />
<br />
The part that really worry me is where S-Market states that it will keep the data for future usages. As I wrote in <a href="http://www.privacyengineeringbook.net/">Privacy Engineering</a>, any time you see a future use of data this should start alarm bells ringing. It means that you have no clear use case, no clear set of users of that data and are in effect over-collecting data on a whim. Collecting and keeping data for future use is a very high risk activity.<br />
<br />
Nothing is mentioned in their literature about security, location of data etc - though I guess <a href="https://www.troyhunt.com/the-problem-with-website-security-is-us/">the standard "industry standard" answer (Tesco anyone?) </a>will be used. Hint: I worked on those industry standards...they set out some of the base, good practices only.<br />
<br />
I constructed a data flow model of as much as I understand about the system at the moment. It isn't much but over each of those flows is going your personal data. The dashed lines represent return data flows, the dashed circles represent "unknown" participants. Question: does this data get sold to 3rd parties?<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-mtigMMradhw/V5m9DCec-_I/AAAAAAAADjo/-JgE7KetJDsaW2GKZlAlfaChccUlptAfQCLcB/s1600/S-GroupPrivacyDFD.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="237" src="https://2.bp.blogspot.com/-mtigMMradhw/V5m9DCec-_I/AAAAAAAADjo/-JgE7KetJDsaW2GKZlAlfaChccUlptAfQCLcB/s400/S-GroupPrivacyDFD.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Inferred DFD</td></tr>
</tbody></table>
<br />
In defence of S-Group they have announced this to all customers of their bonus scheme - though the language is a little flowery in places (<i>did you know that their bonus scheme has won a prize?!</i>).<br />
Details can be found <a href="http://www.s-kanava.fi/parempiarki">here </a>and <a href="http://www.s-kanava.fi/rekisteriseloste">here</a>, and you can obtain your data that is held in their customer registry, though I assume not the inferences made from that data. You can see this data from your S-Kanava account; also in writing though only once per year without charge. You can opt-out whenever you want (though the opt-out is not retroactive as far as I can see) by calling +358 (0)10 76 5858 (calls cost 0.088eur/min - why not free if you were serious about privacy?)<br />
<br />
As this scheme is not in operation yet obviously I can't comment on what data I will be able to see and control. I might for myself let it run for a month and then see what data I can get out of the system. I assume I will get the time, location and itemised list of products from every transaction I make; hopefully also the mechanism how I paid the particular cashier (at least till number) and so on.<br />
<br />
Another final point is that all bonus money collected by customers is paid to an account in S-Pankki, but that's another story about compliance and interpreting the law.<br />
<br />Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com1tag:blogger.com,1999:blog-7701214358599686821.post-76299792525367616892016-06-23T13:44:00.002+03:002016-06-23T13:46:54.843+03:00So, the <a href="https://en.wikipedia.org/wiki/United_Kingdom_European_Union_membership_referendum,_2016">UK's referendum</a> on whether it should leave the EU or not is today.<br />
<br />
<ul>
<li>If more than 50% of the electorate who cast a vote for remaining then it is fairly obvious what happens next with a small caveat (see below).</li>
<li>If more then 50% of the electorate who case a vote for leaving then the theoretical process is that the UK has 2 years to negotiate its leaving of the EU - trade agreements, human rights, workers rights, environmental rights etc. Whatever is left over after the 2 years is "free game" and the UK would be a complete outsider with regards to its bargaining position.</li>
</ul>
<br />
<br />
Now the caveats:<br />
<br />
<br />
<ol>
<li>Under UK Referendum Law, referenda are not legally binding which means that the result could be annulled, ignored or reversed.</li>
<li> A majority of MPs in the UK Parliament could band together and cause the result to be annulled, reversed or ignored. This is actually likely as there would have to be a vote on the clauses in UK Law relating to EU membership. What happens if a majority of MPs vote to ignore/annul/reverse the referendum result?</li>
<li>Given the level of division in the UK's Conservative Party, if the result is to remain then what happens to those MPs in the Conservative Party who campaigned against the PM?</li>
<li>If the UK votes to leave, then the PM will more then likely be challenged by the remain faction of the Conservative Party: a) the PM will likely resign in this case, b) would a general election be called</li>
<li>If a general election is called: a) what happens if the country votes in a government that is pro-EU but the referendum delivers a leave result? b) vice versa of (a) or c) what happens if the UK gets a hung parliament with a mix of pro and anti-EU factions?</li>
</ol>
<br />
<br />
Given the caveats, this probably isn't the best environment for any UK-EU negotiations and would actually take up time from repealing the various UK Laws on EU membership and the 2 years negotiation time.<br />
<br />
Then just a final remark on the arguments of sovereignty and democracy.<br />
Apparently Britain has a 1000 years of history...apart from the 3000 years or so of Celtic/Briton history before that.<br />
<br />
If we stay in the EU we lose our "Britishness" - whatever that is? Personally I notice the Finns are just as Finnish, the French, Germans, etc similarly. Anyway the UK is made of four different countries each with their own identities anyway.<br />
<br />
Sovereignty of Parliament lies with Parliament anyway. At any point in time the UK Parliament could repeat the laws relating the EU membership; though no-one really knows what this means anyway.<br />
<br />
The EU Parliament is an elected body by the universal suffrage - you do know who your MEP is don't you?<br />
<br />
EU Laws/Directives/Recommendations must be ratified not only by the democratically elected EU Parliament, but also by each country's parliament after going through a process in which each country separately decides how to implement each law/directive/recommendation.<br />
<br />
This latter point is important: EACH COUNTRY INDEPENDENTLY DECIDES HOW TO IMPLEMENT EU LAWS/DIRECTIVES/RECOMMENDATIONS. This means that a country (Finland - looking at you here) can implement huge restrictions on things and then "blame" EU Law - whereas often it was just a directive stating some basic ideals.<br />
<br />
Finally immigration: which immigrants are we talking about?<br />
<br />
<ol>
<li>EU migrants - the EU upholds a basic right that any EU citizen can work and live in any EU country according to a basic set of minimal rights. Some countries impose additional restrictions but the basic right of free movement is EU Law.</li>
<li>Non-EU migrants - decided broadly by national parliaments and the EU.</li>
<li>Refugees - there are strict criteria set by the EU, UN and national parliaments on who can be a refugee. The EU has set out a basic set of rights and a mechanism by which countries in the EU "share" refugees. </li>
</ol>
<div>
Whatever happens today the result will be either a very bad mess for the Conservatives or an extremely bad mess for the whole UK. But therein lies the problem, that the vote is no longer about the EU but about the future of the UK Conservative and Unionist Party and the power brokerage of various players within this.</div>
<div>
<br /></div>
<div>
It is just extremely sad that there has been no intelligent discourse on the subject - primarily due to the lack of knowledge and education of not just how the EU works but how the UK's whole system of government works. I fear this is quite deliberate.</div>
<div>
<br /></div>
<div>
The whole debate has been riddled with fear and hate which unfortunately has also led to the <a href="https://en.wikipedia.org/wiki/Jo_Cox">death of an MP.</a> For all the debate about sovereignty and democracy, is this what it the whole EU debate is about?<br />
<br />
<span style="color: blue;">Finally I don't care whether you are pro or anti-EU, I would like some idea of what will happen in the case of either a remain or leave result. So far, there has been even less discussion of what happens next than there has been of what the EU and UK mean to each other.</span></div>
Ianhttp://www.blogger.com/profile/14524018393774726102noreply@blogger.com0