Starting with the end in mind: IT Management Heat vs Light

A very good place to startOne source of constant bemusement to me is the habit of intelligent people to pee in the industry market research bathwater, and then to pay handsomely to drink a hybrid mix of the result collected across their peers.

Perhaps betrayed by an early experience of one research company coming in to present to the management of the vendor I was working at, and finding in the rehearsal their conjecture that sales of specific machine sizes had badly dipped in the preceding quarter. Except they hadn’t; we’d had the biggest growth in sales of the highlighted machines in our history in that timeframe. When I mentioned my concern, the appropriate slides were corrected in short order, and no doubt the receiving audience impressed with the skill in their analysis that built a forecast starting with an amazingly accurate, perceptive (and otherwise publicly unreported) recent history.

I’ve been doubly nervous ever since – always relating back to the old “Deep Throat” hints given in “All the Presidents Men” – that of, in every case, “to follow the money”.

Earlier today, I was having some banter on one of the boards of “The Motley Fool” which referenced the ways certain institutions were imposing measures on staff – well away from a useful business use that positively supported better results for their customers. Well, except of providing sound bites to politicians. I can sense that in Education, in some elements of Health provision, and rather fundamentally in the Police service. I’ve even done a drains-up some time ago that reflected on the way UK Police are measured, and tried trace the rationale back to source – which was a senior politician imploring them to reduce crime; blog post here. The subtlety of this was rather lost; the only control placed in their hands was that of compiling the associated statistics, and to make their behaviours on the ground align supporting that data collection, rather than going back to core principles of why they were there, and what their customers wanted of them.

Jeff Bezos (CEO of Amazon) has the right idea; everything they do aligns with the ultimate end customer, and everything else works back from there. Competition is something to be conscious of, but only to the extent of understanding how you can serve your own customers better. Something that’s also the central model that W. Edwards Deming used to help transform Japanese Industry, and in being disciplined to methodically improve “the system” without unnecessary distractions. Distractions which are extremely apparent to anyone who’s been subjected to his “Red Beads” experiment. But the central task is always “To start with the end in mind”.

With that, I saw a post by Simon Wardley today where Gartner released the results of a survey on “Top 10 Challenges for I&O Leaders”, which I guess is some analogue of what used to be referred to as “CIOs”. Most of which felt to me like a herd mentality – and divorced from the sort of issues i’d have expected to be present. In fact a complete reenactment of this sort of dialogue Simon had mentioned before.

Simon then cited the first 5 things he thought they should be focussed on (around Corrective Action), leaving the remainder “Positive Action” points to be mapped based on that appeared upon that foundation. This in the assumption that those actions would likely be unique to each organisation performing the initial framing exercise.

Simon’s excellent blog post is: My list vs Gartner, shortly followed by On Capabilities. I think it’s a great read. My only regret is that, while I understand his model (I think!), i’ve not had to work on the final piece between his final strategic map (for any business i’m active in) and articulating a pithy & prioritised list of actions based on the diagram created. And I wish he’d get the bandwidth to turn his Wardley Maps into a Book.

Until then, I recommend his Bits & Pieces Blog; it’s a quality read that deserves good prominence on every IT Manager’s (and IT vendors!) RSS feed.

CloudKit – now that’s how to do a secure Database for users

Data Breach Hand Brick Wall Computer

One of the big controversies here relates to the appetite of the current UK government to release personal data with the most basic understanding of what constitutes personal identifiable information. The lessons are there in history, but I fear without knowing the context of the infamous AOL Data Leak, that we are destined to repeat it. With it goes personal information that we typically hold close to our chests, which may otherwise cause personal, social or (in the final analysis) financial prejudice.

When plans were first announced to release NHS records to third parties, and in the absence of what I thought were appropriate controls, I sought (with a heavy heart) to opt out of sharing my medical history with any third party – and instructed my GP accordingly. I’d gladly share everything with satisfactory controls in place (medical research is really important and should be encouraged), but I felt that insufficient care was being exercised. That said, we’re more than happy for my wife’s Genome to be stored in the USA by 23andMe – a company that demonstrably satisfied our privacy concerns.

It therefore came as quite a shock to find that a report, highlighting which third parties had already been granted access to health data with Government mandated approval, ran to a total 459 data releases to 160 organisations (last time I looked, that was 47 pages of PDF). See this and the associated PDFs on that page. Given the level of controls, I felt this was outrageous. Likewise the plans to release HMRC related personal financial data, again with soothing words from ministers in whom, given the NHS data implications, appear to have no empathy for the gross injustices likely to result from their actions.

The simple fact is that what constitutes individual identifiable information needs to be framed not only with what data fields are shared with a third party, but to know the resulting application of that data by the processing party. Not least if there is any suggestion that data is to be combined with other data sources, which could in turn triangulate back to make seemingly “anonymous” records traceable back to a specific individual.Which is precisely what happened in the AOL Data Leak example cited.

With that, and on a somewhat unrelated technical/programmer orientated journey, I set out to learn how Apple had architected it’s new CloudKit API announced this last week. This articulates the way in which applications running on your iPhone handset, iPad or Mac had a trusted way of accessing personal data stored (and synchronised between all of a users Apple devices) “in the Cloud”.

The central identifier that Apple associate with you, as a customer, is your Apple ID – typically an email address. In the Cloud, they give you access to two databases on their cloud infrastructure; one a public one, the other private. However, the second you try to create or access a table in either, the API accepts your iCloud identity and spits back a hash unique to your identity and the application on the iPhone asking to process that data. Different application, different hash. And everyone’s data is in there, so it’s immediately unable to permit any triangulation of disparate data that can trace back to uniquely identify a single user.

Apple take this one stage further, in that any application that asks for any personal identifiable data (like an email address, age, postcode, etc) from any table has to have access to that information specifically approved by the handset owners end user; no explicit permission (on a per application basis), no data.

The data maintained by Apple, besides holding personal information, health data (with HealthKit), details of home automation kit in your house (with HomeKit), and not least your credit card data stored to buy Music, Books and Apps, makes full use of this security model. And they’ve dogfooded it so that third party application providers use exactly the same model, and the same back end infrastructure. Which is also very, very inexpensive (data volumes go into Petabytes before you spend much money).

There are still some nuances I need to work. I’m used to SQL databases and to some NoSQL database structures (i’m MongoDB certified), but it’s not clear, based on looking at the way the database works, which engine is being used behind the scenes. It appears to be a key:value store with some garbage collection mechanics that look like a hybrid file system. It also has the capability to store “subscriptions”, so if specific criteria appear in the data store, specific messages can be dispatched to the users devices over the network automatically. Hence things like new diary appointments in a calendar can be synced across a users iPhone, iPad and Mac transparently, without the need for each to waste battery power polling the large database on the server waiting for events that are likely to arrive infrequently.

The final piece of the puzzle i’ve not worked out yet is, if you have a large database already (say of the calories, carbs, protein, fat and weights of thousands of foods in a nutrition database), how you’d get that loaded into an instance of the public database in Apple’s Cloud. Other that writing custom loading code of course!

That apart, really impressed how Apple have designed the datastore to ensure the security of users personal data, and to ensure an inability to triangulate data between information stored by different applications. And that if any personal identifiable data is requested by an application, that the user of the handset has to specifically authorise it’s disclosure for that application only. And without the app being able to sense if the data is actually present at all ahead of that release permission (so, for example, if a Health App wants to gain access to your blood sampling data, it doesn’t know if that data is even present or not before the permission is given – so the app can’t draw inferences on your probably having diabetes, which would be possible if it could deduce if it knew that you were recording glucose readings at all).

In summary, impressive design and a model that deserves our total respect. The more difficult job will be to get the same mindset in the folks looking to release our most personal data that we shared privately with our public sector servants. They owe us nothing less.

Am I the only one shaking my head at US Net Neutrality?

Internet Open Sign

I’ve always had the view that:

  1. ISPs receive a monthly payment for the speed of connection I have to the Internet
  2. Economics are such that I expect this to be effectively uncapped for almost all “normal” use, though the few edge cases of excessive use would be subject to a speed reduction to ration use of the resources for the good of the ISPs user base as a whole (to avoid a tragedy of the commons)
  3. That a proportion of my monthly costs would track investments needed to ensure peering equipment and the ISPs own infrastructure delivered service to me at the capacity needed to deliver (1) and (2) without any discrimination based on traffic nor its content.

Living in Europe, i’ve been listening to lots of commentary in the USA about both the proposed merger between Comcast and Time Warner Cable on one hand, and of the various ebbs and flows surrounding “Net Neutrality” and the FCC on the other. It’s probably really surprising to know that broadband speeds in the USA are at best mid-table on the world stage, and that Comcast and Time Warner have some of the worst customer satisfaction scores in their respective service areas. There is also the spectacle of seeing the widespread funding of politicians there by industry, and the presence of a far from independent chairman of the FCC (the regulator) whose term is likely to be back through the revolving door to the very industry he currently is charged to regulate and from whence he came.

I’ve read “Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age” by Susan Crawford, which logged what happened as the Bell Telephone Monopoly was deregulated, and the result the US consumer was left with. Mindful of this, there was an excellent blog post that amply demonstrates what happens when the FCC lets go of the steering wheel, and refuses to classify Internet provision being subject to the “common carrier” status. Dancing around this serves no true political purpose, other than to encourage the receipt of Economic rent in ample excess to the cost of service provision in areas of mandated exclusivity of provision.

It appears that the 5 of the major “last mile” ISPs in the USA (there are 6 of them – while unnamed, folks on various forums suspect that Verizon are the only ones not cited) are not investing in equipment at their peering points, leading to an inference that they are double dipping. ie: asking the source of traffic (like Netflix, YouTube, etc) to pay transit costs to their customers for the “last mile”. Equipment costs that are reckoned to be marginal (fractions of a cent to each customer served) to correct. There is one European ISP implicated, though comments i’ve seen around the USA suggest this is most likely to be to Germany.

The blog post is by Mark Taylor, an executive of Level 3 (who provide a lot of the long distance bandwidth in the USA). Entitled “Observations of an Internet Middleman”, it is well worth a read here.

I just thank god we’re in Europe, where we have politicians like Neelie Kroes who works relentlessly, and effectively, to look after the interests of her constituents above all else. With that, a commitment to Net Neutrality, dropping roaming charges for mobile telcos, no software patents and pushing investments consistent with the long term interests of the population in the EC.

We do have our own challenges in the UK. Some organisations still profit handsomely from scientific research we pay for. We fund efforts by organisations to deliver hammer blows to frustrated consumers rather than encouraging producers to make their content accessible in a timely and cost effective fashion. And we have one of the worst cases of misdirected campaigns, with no factual basis and playing on media-fanned fear, to promote government mandated censorship (fascinating parallels to US history in “The Men who open your mail” here – it’ll take around 7 minutes to read). Horrific parallels to this, and conveniently avoiding the fact that wholesale games of “wac-a-mole” have demonstrably never worked.

That all said, our problems will probably trend to disappear, be it with the passing of the current government and longer term trends in media readership (the Internet native young rarely read Newspapers – largely a preserve of the nett expiring old).

While we have our own problems, I still don’t envy the scale of task ahead of consumers in the USA to unpick their current challenges with Internet access. I sincerely hope the right result makes it in the end.

Data Sharing: who do you trust?

Loose Lips Might Ship Sinks Poster

Yesterday I posted my full approval for folks like Apple and Google to know a lot of data about me, specifically from the devices I usually carry around with me. This is in the full knowledge that the full extent of data sharing is open, transparent and that I get notified (at least by Google) if any application on my Android handset is seeking to solicit more data from me, or changing their data sharing policy in any way. With that, I have full confidence that I can opt out if I ever feel the level of intrusion exceeds my comfort levels with the data use; i’m generally very happy if it does improve the level of service delivered to me without downsides.

I’ve only really baulked at one such update, which was a request by LinkedIn to be able to mine the call records of who I contacted, and who I received calls from, on my mobile phone. I felt this was a violation of the use I put their application to, so elected to remove the application from my Nexus 5 instead.

After I posted my note, I had a reply on Facebook from Bruce Stidston, that read:

You’re right, IMHO, up to a point when you say “what’s not to like?”. For me, the bit that’s not to like is scope creep. The NHS, for example, accumulates data on each patient, and that’s (potentially) cool when it’s used to improve patient outcomes by sharing within the NHS. The problem is that as we move into maturity in IT and data collection technologies, we’re not even in infancy when it comes to concepts of privacy. So when some bright spark reckons it’s cool to dish out “aggregated and individually unidentifiable” data to Big Pharma to shore up NHS finances, I need to be right there on the ball to say yay or nay — and that’s in the best-case situation. The real-case situation is they’ll do it anyway and seek forgiveness afterwards. That’s what’s not to like.

I think of this generalised problem as “the tragedy of the techno-morons”. Smart people did amazing things to make impossible things happen — think just for a moment of the layers of wonderful intricacy that make GPS work, which all of us now depend on — and then some Tim Nice-But-Dim (like my MP) who have only just worked out how a bicycle works are entrusted with the powers to sign off huge snowballs of potentially invasive applications for those technologies. I never forget that the guys at BT who decided that deep-packet inspection of private IP datastreams was fine for advertising purposes, have yet to be hauled before the courts.

I think Bruce is 100% correct. It was with some horror that I saw some plans to share my NHS data with commercial organisations, data which was claimed in the headlines to be anonymised but which appeared to contain my date of birth and postcode. The missing cluestick is that a UK postcode routinely covers an average of circa 10 households, and i’m pretty sure i’m the only one in my postcode of my age and gender, and that’s even before my day and month of birth get served up. This is a textbook example of history about to repeat itself, given the people looking at this process are obviously unaware of what happened when AOL released ‘anonymised data’ a few years ago. You only have to Google “AOL data leak” and you’ll probably find top of the list is this Wikipedia article.

The sad fact is that anonymising the data set relies on ensuring an inability to triangulate data, between disparate data sources, to be able to trace records provided back to specific named individuals. The proposals drove a bus straight through this without apparent due care and attention. The side effect of this is then for a commercial entity to be able to positively discriminate against me for the purposes of insurance (which should be a random level tax across a policy holding population) or to undermine my human rights for privacy, freedom of expression or freedom of movement without unwanted side effects.

The meme of “Crisis in the NHS” is not an appropriate one in my view, in that the UK health service is well funded and very efficient compared to the health systems in virtually every major economy. It appears to be being subverted in support of introducing American-style structural changes, where the costs are around double ours per head of population, not universal and yet stuffed with inefficiencies we should have no wish to copy here. With that in mind, seeing the delay in the consultation about data sharing enacted, it came as rather a shock to see this list of data sharing activity that had already taken place without consultation:

Ministers have gone against the findings of their own information governance review and allowed patient-identifiable data from GP records to be used in the NHS outside of the ‘safe havens’ recommended by the Caldicott report for six months.

Health secretary Jeremy Hunt has approved plans for NHS England to waive common confidentiality laws for six months under a legal exemption called section 251, allowing patient identifiable data to be passed to commissioners and support units.

This is despite the safe havens for potentially identifiable patient data recommended by the Government’s own Caldicott2 report published earlier this year not being in operation.

The extent of this sharing is documented here. At the time I first looked at the document of already approved data releases, it ran to 40 pages of A4. It’s currently 459 releases over 48 pages (latest up-to-date here). I fear Bruces “Tim – Nice but Dim” goes by the name of Jeremy Hunt and the damage has been in full flow, despite previous assurances, for some time now. This is an appalling travesty and an apparent violation of the whole basis of UK Data Protection Acts. The Minister should be thoroughly ashamed and, if justice were to be served, should be up in front of the European Court for a fundamental violation of Section 8 of the European Convention of Human Rights (the right to privacy).

It’s also with an equal level of concern that Ministers of the UK Government are also suggested that tax records should be released in a publicly accessible form by HMRC.

I’m all for data to be shared for Medical Research purposes (as suggested by Larry Page), or in support of Government initiatives to undertake projects for the common good of the UK population. My wife Jane already has all her genome stored at 23andMe, as we have full confidence in their data sharing policy and our ability to reverse out if we feel at all uncomfortable in the future. In doing so here in the UK, the folks releasing data should be fully cognizant of the need to ensure the privacy of individuals that may otherwise be subjected to personal or commercial discrimination as a result of provision of data, either directly or from being complicit in allowing triangulation from other sources to the same end result.

Those who don’t learn from history are, as always, destined to repeat it. We should by now know better than that, and have politicians that know likewise.

Blockchain: the ultimate and positive chaotic disruption

Light Bulb Lit Up

The future is here. It’s just not evenly distributed yet“. Those were the words of Tim O’Reilly, owner of O’Reilly, producer of many of the definitive books on software systems and associated conferences. His company’s Radar blog is also noteworthy for it’s excellent peeks into the future of high technology related products and services. One subject seems to pass it by, and I can’t help think the implications are much more significant than people really comprehend yet; that of the technology that sits behind Bitcoin (Bitcoin itself is but a small part of it).

The mechanics of Bitcoin are described in the original Satoshi Nakamoto paper here. Alternatively, an earlier introductory blog post from me.

The main truly disruptive innovation with much wider utility is that of a Blockchain. A public record that is stored across many hundreds or thousands of machines, in hundreds of different legal jurisdictions, but together forming a definitive record of activity without any central control. A sort of ledger that lives in the worlds commons, and operable in a way that ensures a single digital object cannot be “double spent”; only transferred between entities.

Much of the economic activity in the world is currently served by institutions who possess “choke points” through which activity is carried and who charge (in some way) at the gate. If I want to send cash to someone, I typically pay commission or transaction charges to a number of institutions to do so. There are many areas that could be unleashed when transaction costs tend to zero and the record of some activity is stored in a publicly accessible entity without any central control:

  • Proof of Existence. One of the innovations of GIT (the Source Code Control System written by Linux author Linus Torvalds) is that every individual document/file is recorded in it’s database as a “hash”. When any piece of Digital material is passed through this piece of maths, the hash is a 8 byte “signature” that is effectively unique (the change of two random documents having the same hash is circa 1 in 83 million). So, you can immediately see, with very little comparison work, whether two documents are exactly the same or different. Manuel Araoz, a 25-year-old developer in Argentina, uses a blockchain to prove authoritatively that you had a specific document in your possession on a specific date, without having to publicly publish it’s content. The fact that electronic signatures can be part of the document being held (and hashed with the rest of its surrounding content) means that you have a distributed contract “system of record”.
  • Namecoin. The current Domain Name System (DNS) is effectively the web’s telephone directory that translates memorable names (like www.bbc.co.uk) into the Internet Protocol Address(es) at which that web site resides (in this instance, 173.194.115.96 and 10 others). However, the central repositories where this information is stored can be systemically blocked or willingly corrupted by owners of the various choke points, or the governments under whom they operate from a legal jurisdiction perspective. Namecoin is an attempt to mirror the DNS in a widely distributed blockchain, with domain names ending “.bit”, and hence operationally difficult to corrupt or censor. Although I have no useful application for it at this stage, I have already registered “ianwaring.bit” to reserve my presence there.
  • Music Distribution. Following a Kickstarter type model, would you like to buy shares in a specific musicians new song? That way, you’d see a return on your investment if it proved popular and you managed to help promote it widely to a bigger audience. Piracy in reverse! The Blockchain protocol does have the ability to run such Assurance Contracts (ie: this project is funded only if pledges of a specific value are achieved by a certain date, or annulled if the target is not met by then), so there are similar precedents for Venture Capital, or even what has to date been tax funded Government projects for the public good. I sometimes wonder how HS2 would do if the UK Government ran the whole thing as a Kickstarter project, and see if the beneficiaries were willing to put money where their political mouths are!
  • Voting. One of the ultimate choke points where MPs act as a proxy for the voters in a geographic area they represent for a multi-year term. The act of multi-year elections is probably an edge case; it’d be more radical if I could choose when I want my MP to act as my proxy and when I wish to register my share of the decision making process personally instead. I somewhat doubt that folks currently in Westminster would wish to put their constituents in control of their own interests, despite how refreshing and re-engaged we’d feel as a result.
  • Vendor Relationship Management. This is the ultimate result of Doc Searl’s work on VRM, where we ask commercial entities to bid for our business. Given the low or zero transaction cost, you could delegate a lot of the associated work to software agents if the product or service was a commodity. Like a Taxi or self-driving car, as given in this excellent 25 minute talk by Mike Hearn, an ex-Google employee (it is a great talk to listen to – not least the effect when some of the actors in transactions are machines themselves, complete with their own bank accounts and long term trade related decision making). Even Yelp, TripAdvisor or Social Media recommendations would be more plausible if subjected to the authoritative “someone I can trust” standards that the underlying technology can provide.

I’d thoroughly recommend this article on Business Insider, which does a great job of highlighting some of the possibilities.

There are many challenges ahead. Some regulatory (I hope Politicians and our Public Servants do act in our long term best interests, without being victim of the lobbying of interests rendered on the wrong side of , or distorted out of shape, by a drive for our mutual good). Some technology (things like Bitcoin will need improvements to bring down the current 10 minute delay to provide definitive authentication, and to handle an increase in Blockchain size to handle the transaction volumes currently seen by Mastercard and Visa networks). But the potential applications are dizzying both in number and of disruptive impact to everyone.

As Fred Wilson, notable VC, said recently: Let’s go back and revisit the big innovations on the commercial Internet over the past twenty years. TCP/IP, HTTP, The Browser, Search, Social, Mobile, Blockchains. Each one of those innovations drove an investment cycle. Our 2004 fund was built during social. Our 2008 fund was built during social and the emergence of mobile. Our 2012 fund was built during the mobile downturn. And our 2014 fund will be built during the blockchain cycle. I am looking forward to it.

Bitcoin (which I described in greater detail here) was only the start. The main challenge now is one of identity, and protecting it from interlopers. You have to keep your private key insanely private (even to the extent of keeping it off Internet connected machines), as that is your definitive personal identifier that someone else could use to masquerade as the real you everywhere online. At least until something can check your own physiology (it is really you), and your state of mind (you haven’t been sectioned, frail nor threatened), prior to any transaction being authenticated. Or is that what the Apple iWatch will be all about?

So, how do Policing Statistics work?

Metropolitan Police Sign

I know I posted a previous note on the curious measures being handed down to police forces to “reduce crime”. While the police may be able to influence it slightly, in the final analysis they only have direct control over one part of the value chain – that of producing the related statistics (I really don’t think they commit all the crimes on which they are measured!). The much longer post was this: http://www.ianwaring.com/2014/04/05/police-metrics-and-the-missing-comedy-of-the-red-beads/

I’ve just had one of my occasional visits back to “Plumpergeddon” – not recommended in work environments for reasons that will become apparent later – which documents the ebbs and flows of the legal process following a mugging and theft (of a MacBook and a wallet containing a debit card) in London in November 2011. It is, to put it mildly, a shocking story.

The victim of the crime – and owner of the MacBook – had installed a piece of software on his machine that – once he’d enabled a tick box on an associated web site – started to “phone home” at regular intervals. Taking pictures of the person using the computer, shots of what was on the screen at the same time, and both tagged with it’s exact geographic location. He ended up with over 6,000 pictures, including some which showed sale of goods on eBay that matched purchases made on his stolen credit cards.

I’m not sure exactly how the flow of incidents get rolled up into the crime statistics that the Met publish, but having done a quick trawl through the Plumpergeddon Blog, starting at the first post here and (warning: ever more NSFW as the story unfolds, given what the user started paying for and viewing!) moving up to the current status 29 pages later, the count looks like:

  • 1 count of mugging
  • 1 theft of a MacBook Pro Personal Computer, plus Wallet containing Company Debit Card
  • 2 counts of obtaining money (from a cashpoint with a stolen card) by deception
  • 9 counts of obtaining goods (using a stolen debit card, using a PIN) by deception
  • 2 counts of obtaining goods (using a stolen debit card, signing for them) by deception
  • 11 counts of demonstrably selling stolen goods

So, I make that 26 individual crime incidents.

The automated data collection started off within 4 weeks of the theft phoning home (it took one shot of the user, a screenshot and reported location and connection details every 10 minutes of active use). He ended up assembling circa 6,000 pieces of evidence (including screenshots of the person using his MacBook, and screenshots documenting the disposal of the goods purchased with the stolen card using three separate accounts on eBay). All preserved with details of the physical location of the MacBook and the details of the WiFi network it was connected to.

Many ebbs and flows along the way, but the long and short of it was that the case was formally dropped “for lack of evidence”. This was then followed by a brief piece of interest when some media activity started picking up, but it then sort of ebbed away again. In May 2013, news came back as The case file is back with the officer, and the case is closed pending further leads.”

Four weeks ago, the update said:

I Am No Longer the Victim. Apparently. I was told last night in a police station by a Detective Constable that because the £7,000 I was defrauded of was returned by my bank after 3-4 weeks, and the laptop was replaced by my insurance company after 4 months, I am no longer considered the victim for either of those crimes. I was told that my bank and insurance company are now the victims.

I assume this must mean that when a victim of an assault receives compensation, the attackers subsequently go free? Any UK based lawyers, police or other legal types care to shed some light on this obscure logic?

Cynical little me suspects i’m being told this because the police don’t want to pursue charges over those crimes, even though (as most readers will know and as I said in my previous post) I’ve done practically all the legwork for them.

I must admit to be completely appalled that a case like this. Given the amount of evidence submitted, it should have solved a string of fraudulent transactions and matching/associated Sale of Stolen Goods, that could have incremented the Metropolitan Police “crimes solved” counter like  jackpot machine. 26 crimes solved with all the evidence collecting leg work already done for them.

So, where does this case sit on the Metropolitan Police Statistics? Does it count as all 26 incidents “solved” because the insurance company have paid out and the debit card company have reversed the fraudulent transactions?And above all, is the Home Secretary really satisfied that she’s seeing an appropriate action under her “reducing crime” objective here??

The guy is still free and on the streets without any intervention since the day the crimes were committed. Free to become the sort of one-man crime wave that Bill Bratton managed to systematically get off the streets in New York during his first tenure as Police Chief there (I recall from his book The Turnaround that 70 individuals in custody completely changed the complexion of life in that City). Big effect when you can systematically follow up to root causes, as he did then.

However, back in London, I wonder how this string of events are mapped onto the crime statistics being widely published and cited. Any ideas?

Intellectual Property: the best lessons avoid public subsidies

Nixon Follow the Money

One thing I find particularly sad is one of the items my MP sent out on his latest weekly newsletter, in a section entitled “Intellectual Property”. It reads:

Mike Weatherley, Intellectual Property Adviser to the PM, has called on the Prime Minister to establish permanent funding for the newly-formed Police Intellectual Property Crime Unit (PIPCU), which tackles IP crime across the country and is based within the City of London Police. More here, Twitter: @mike_weatherley. In his letter Mike said, “I appreciate that funding for this new unit is not permanent. However, I would like to put on record my support for committing future funding to fighting IP crime and boosting the current level of financial support that is available for PIPCU. As I am sure that you are aware, the creative industries add over £70 billion to our economy each year and so it really is in our national interest to protect that revenue.”

It’s difficult to know where to begin to unpick this, but for me, the immediate red flag is the familiar use of common fallacies to support an argument. A full collection can be found here. The “It’s big so must be protected” doesn’t even start to hold water on further analysis, albeit he’s done everyone a slight favour by not dragging in allegations that to do otherwise is to support terrorism – a line i’ve heard in the past from a spokesman for the “Federation against Copyright Theft” (aka FACT). Effectively, i’d suggest the “creative industries” are choosing a business model built on scarcity, and then asking the general public to subsidise the associated cost of that choice. A civil offence morphed into a criminal one in the vain hope to play King Canute.

I wouldn’t knowing mind the source of that £70 Billion figure, and the geography over which that is spread. These sort of numbers are routinely banded around, but often found to be wanting when traced back to their original source.

A few years back, one commentator noted that you could get five years imprisonment for stealing a Michael Jackson track, while Conrad Murray got four years for killing him. A British guy queued for extradition to the USA for having a web site publishing links to torrent sites, and a Dutch National queued for extradition from Australia to the USA, both of whom have committed no crime in the legal jurisdiction in which they reside. Finishing that same week with SOPA and PIPA legislation shelved for the time being, with the MPAA explicitly reminding US politicians whose pocket they were supposed to be in.

The central allegation coming back is an old chestnut on piracy costing the Entertainment Industry money and/or jobs. Does that really hold up to any scrutiny? Is it not more related to the pace at which material is released into other territories and lining up the economics to put a quality product in the hands of customers willing to buy where there is demand? And to do so at a price point where there is little incentive to invest time and effort to subvert the process??

I think that’s a lesson that Apple helped solve in the early days of iTunes. It’s easy for consumers to do the right thing. Right now, if my wife sees that the latest series of Dallas is airing in the USA, where can she send money to see it now? Answer: nowhere. Would someone like to take her money please? No??

I recall some excellent work done by Claire Enders in the days of Napster. Claire at one point earlier in her career worked on strategy for EMI Music, was adept at turning 500+ pages of BMRB research tables into pithy summaries of Music/Internet/Telco market directions, and was outrageously unPC when numbers she uncovered contradicted public statements by senior media company execs. A joy to listen to. Claire now runs Enders Analysis, and is often on Sky and Bloomberg exercising her “take no prisoners” views. But I digress.

The thing she found was that the only people who suffered any loss from Napster and similar music sharing services were the top 10 artists at each of the 5 or so big record labels. Everyone else benefited, by way of exposure of their music to a wider audience, and related secondary businesses like concerts and merchandise. So, at face value, the RIAA strings were being operated on behalf of 50 or so economic entities in total, some of whom are well known for their adept tax avoidance and deployment of their wealth in offshore tax havens.

That got me thinking. Whose interests are being compromised by the recipients of the aggressive pursuits across the world? Who are these people who are besmirching the reputation of lawmakers in foreign lands by their heavy handed approach to playing King Canute on individuals who will have little impact on the cause they are PR’ing? Why are the amounts being sought so out of proportion to the actual monetary amounts involved??

Clue is to follow the money. In the USA (and which then spills over here), the folks funding the effort are giving major money to politicians. The funds are massive. Chief beneficiary of the politicians spend is the TV Networks. Aren’t the TV networks mainly owned by the few big, vertically integrated media companies? So the money appears to go full circle.

Lest we forget, even Copyright and Patents were put in place as servants of the Public Good. To do the right thing to prevent hoarding of good works that benefit society as a whole. Unfortunately, the public the laws were passed to serve are rarely represented in the reviews that affect their implementation – and their misuse by bodies with agendas that subvert the public good for which they were designed. I think our MPs would do us all greater favours by demanding – at bare minimum – proposals to be more explicit in the aspects or areas of Intellectual Property that they feel need criminal law protection by this Police Unit – and that any which are contingent on a poor choice of business model should be passed back instead to be funded by the party choosing the demonstrably defective business model alone.

Wouldn’t the resources be better spent improving the access, timeliness and expense of content across the world? I suspect (and research bears this out) that most consumers want to do the right thing, and piracy would be a meaningless economic niche. With that, a useful saving to be made in times of austerity, and police could spend their resources doing what the public who fund them to want them to do alone.

Having someone more forward-thinking in government circles – and to push back appropriately – would make the world a better place.