DNA Rention Limits – More of the Same

The Home Office is due to formally  state that their plan is to maintain the DNA data, of innocent people, for 6 years.

This is, of course, a lot longer than the zero time of many other countries and the UK less than a decade ago, but still a lot less than the previous policy of “forever”.

This statement now follows on from the previous statement in May 2009 by the government of the intention to retain the data fro 12 and 6 years, depending on the offense.

For those not acquainted with the reasons behind this change in the law this is due to the S and Marper V United Kingdom test cases in the ECHR, where they challenged, successfully the UK law on detaining, indefinitely the DNA samples of innocent.

 

 

How to Hack an Oyster Card

There are many reasons to want to know where somebody has been on the Tube

• Do you want to find out where your girlfriend/boyfriend has been on the tube?
• Are you concerned that your boss is traveling around London, looking to replace you?
• Are you just a regular stalker/paparazzi who wants to follow somebody around?
• Are you a private investigator who wants to know where your perp has gone on the tube?

Whatever the reason the following guide, of just five simple steps, will show you how to access the travel details of a person’s recent underground journeys:

1. Obtain the relevant Oyster Card
2. Take the card to the nearest London Underground Station
3. Walk up to a counter, hand the card over and state “Excuse me mate, but I am not sure my balance is right on this, I think I didn’t swipe out recently, can you check it for me“
4. The TFL staff will then print out a list of the last couple of weeks journeys and hand them to you
5. Leave the station with the card, the paper, nefarious mind set and a  maniacal laugh

Joking aside, this actually works.

Which is slightly concerning because people can so easily access other peoples travel details. While this may not bother many people, as they will simply say that there journey to work and home again, is their standard commuter route, and so of no interest. Others may think differently.

Firstly, private investigations firms do still use illicit methods to obtain data, the recent telephone bugging scandals involving journalists, is nothing new, its that is only just come to light. A few years ago, several well known companies were involved in a case that showed that information was obtain illegally, via data theft.

High networth individuals, especially if they are going through a divorce or possibly a major deal, can attract the attention of investigation firms. There have been occasions when these individuals have had the routes monitored, their phones and computers hacked into, and other such activity.

People who are involved in protests , for anything from animal rights activists to the anti-war lobby, are likely to be monitored and tracked where possible, and this is not all done via the state.  Large corporate who are likely to be disrupted, or targeted, by protests,  sometimes employ private firms to provide their own intelligence briefings, and these firms will go to great lengths to obtain this information for their client.

Interestingly the TFL (Transport For London) who operate the London Underground, have an exemption from the data protection act, which allows MI5 and the police to get near live data from the system, so track people moving around London.

Pigeon V Broadband

You may have often said it in jest “A pigeon could get it there quicker” and companies often use couriers, rather than broadband to move offices around.  But now a company has started doing just this using a carrier pigeon, to move data.

[allegedly]

Clearly this story is nothing to do with PR, and the fact that this story has  promoted the company, Unlimited Group, around the world is purely luck. At no point was a professional PR firm used to promote this story – honest.

Pigeon - Faster than the internet?

The fact that this story was reported a few days ago in New Zealand,  with a different spin on the story, is just coincidence.  The article that was published a few days ago stated that:

“A new project called Pigeon Race 2009 aims to highlight the inadequate data transfer speeds over fixed lines in South Africa.  The website http://pigeonrace2009.co.za/ states that “The Unlimited faces great challenges in getting data from its locations across KZN back to its central location for storage. These are large files, and it was postulated that a pigeon could do this faster than a normal landline could.”

The article goes on to state

“The Pigeon Race 2009 campaign follows a similar campaign a few years back where it was shown that it was cheaper and faster to fly to Hong Kong, download 100 GB of data and fly back to South Africa than download it here using Telkom’s ADSL service.

While the Hong Kong example holds some value, since it compares broadband speeds and cost, the Pigeon Race 2009 project is of more satirical value than it’s real ability to reveal poor broadband performances.“

It’s quite clear that there is a cut off point where the pigeon would win the race, and it’s just about setting the parameters correctly. If you really wanted to you could have a trained tortoise moving data between neighbours. Stick a 1.5 TB hard drive (full of data) to the back of the lumbering animal and it would clearly be faster than moving the data across the internet between the houses.

Fair play to the PR company involved, the story has done well, but shame on the BBC for just printing press releases.

The story doing the rounds in the UK press at the moment (Daily Mail, Metro, BBC, etc) is below.

“A company is to start using a carrier pigeon to transfer data between its offices – because bosses believe it will be quicker than broadband.

IT experts at a firm in South Africa said it takes up to six hours to transfer four gigabytes of encrypted data between two of its offices which lie 50 miles apart.

Today staff at the financial services company will save valuable time by instead having the information transported by a homing pigeon named Winston.

the service goes down then it can up to two days to get through.

‘We started looking at other ways to solve the problem and discovered that carrier pigeons could do the job a lot more quickly.’

If the first pigeon flight is a success bosses will employ Winston and some of his friends to make a weekly trip between the firm’s two offices.

The Unlimited Group is a South Africa-based company offering insurance and financial products to entrepreneurs.

Its head office is in Durban on the country’s south-eastern coastline, while its main call centre is 50 miles north in Howick, outside Pietermaritzburg.

Winston is owned by a keen pigeon fancier who lives a short distance from the call centre and has already flown several test runs without carrying information to ensure he is familiar with the route.

Kevin added: ‘For security reasons the information on the memory card attached to Winston has to be very thoroughly encrypted, as it contains personal details of people who call our centre.

‘With modern computer hacking, we’re confident well-encrypted data attached to a pigeon is as secure as information sent down a phone line anyway.

‘There are other problems, of course. Winston is vulnerable to the weather and predators such as hawks. Obviously he will have to take his chances, but we’re confident this system can work for us.’

Broadband internet in South Africa is not as widespread as in the UK.

Although recent advances in technology have seen it rolled out in most major cities, it remains costly to use and the service can be blighted by adverse weather conditions and power cuts.

Kevin added: ‘We’re not blaming anyone for the problems we’ve experienced with the internet, but we’re keen to try and find another solution.

‘For a firm like ours that transfers a lot of data regularly the costs of doing so can add up.

‘If Winston can do the job as efficiently then we’d be silly not to think about using him instead – especially as he’ll only cost us a little of bird seed to run.’

Carrier pigeons are specially bred for their ability to find their way home from wherever they are released.

The birds were believed to have been used for the first time in an organised manner in the twelfth century by the Mongol leader Genghis Khan.

Pigeons were later used extensively during World War I to send message between trenches on the Western Front.

The full article on Pigeon and USB is available here

Exam Results

The GCSE and A Level results are out and unsurprisingly there was, once again, an increase in the exam results. More people passed, more people got As. This is the 27^th year in a row of improvement for the grades.  What is going on?

The comments from the “students are better and smarter” camp include:

• Schools minister Iain Wright said: ‘Critics who belittle better results and infer that the only way to measure a successful education system is by young people failing A-levels are insulting the hard work of students and teachers and the great support that parents give their children during these difficult qualifications.
• Christine Blower, general secretary of the National Union of Teachers (NUT) said: “For all those critics who can’t bear the idea that the improvement in A-Level results is attributable to the hard work of young people and their teachers, they should have a look at the trend in improvement in the so called ‘hard’ subjects of mathematics and science”.

Comments on the BBC website include:

• “rather than being bitter, could you all let us celebrate for one day before the tirade of insults.”
• “People are missing the positives arising from so many students achieving the top grades at A-levels.”
• “Easier.. my foot!!! I know tonnes of people who didn’t do as well as they wanted today, me included.”
• “I have just received my A level results and I’m disgusted at the comments on [the BBC] site.Its quite rude to putting down the time and effort we have put into our work for 2 years.”

What is really going on?

Firstly, the plural of anecdotes is not data[1]. Just because a student does well, or not so well does not mean anything, from a statistics point of view. If a student feels they have worked hard and are deserving of an A, that does mean anything. The detractors, those in the “A Levels are Mickey Mouse” camp, are commenting not on a single question, or a single paper, but looking at the data as a whole.

The Facts and Figures

• A level results have increased for 27 years
• In 1982 the A level pass result was 68.2 %. In 2009 it is now 97.5%
• In 1982 the A grade result, for A levels was 8.9%. In 2009 it is now 26.7%
• A scientific study of 3,000 students aged 11 to 14 in 2009 showed no increase in mathematical ability.
• A study at Durham University, based on 250,000 results found that on average students grades have increased by 2 marks for A-Levels in the past 20 years. That’s an A for what was a C.
• A comparison of O Levels and GCSE papers has been conducted. The results were very clear. People getting ten A* in GCSE could not even finish an O Level maths paper.

In short the data shows that exam results have radically increases, but people are not getting smarter. Therefore there has to be grade inflation.

Commentary

Below are some comments from those who believe there is grade inflation, this is not data, but anecdotes.

• A poll, for think-tank Civitas, revealed that teachers believe the systems allow the same caliber of students to achieve higher grades.
• Seven in 10 University tutors believe standards either stayed the same or deteriorated in recent years.
• A director of A-levels from a school in the North West said: ‘The A-level is not aimed at the same people as it was 30 years ago; a larger cohort must have easier exams or too many would fail…You could train a monkey to do the questions today!’
• A teacher stated “At GCSE you get marks for trying to do the question and showing your working out even if you don’t get the right answer,” she said. “You can even get marks for writing ‘F*** off’. You get marks for expressing yourself, for creativity, rather than for precision. I think the O-levels are harder than” GCSEs”

Bad for Smart Students

27 years ago if you got an A you would be in the top 8.9% of the country, today you are in the top 26%. What this means is that if anybody is going to look at your results, as a form of assessing how smart you are then you are going to lumped be with a much wider, presumably less smart, group of people.  Here is a very simple example to illustrate this

1982 Example

In 1982  100 people in a school take A level maths, and the local company needs one student, with a very strong maths background, and therefore demands an A in A-Level maths. 9 students (rounded up) get an A in maths in the local school, so 9 get called in for interview and the employer can see which one suits the job best. Some will be better than others in maths, even within the top 9%, but that will be a relatively small difference.

2009 Example

The same scenario, but this time there are 27 people with A’s in Maths at A-Level (again the number has been rounded up). The company cannot interview 27 people, so there will be a cull of people based just on the CV. It could be based on sporting activities, hobbies, or any other arbitrary measure. It could be that the person going through the CV’s doesn’t like the font an applicant used, or their name, whatever it is its not going to be based on grades as its not possible to spot the top tier of people through grades anymore. As 27% of people now have an A, the spread of maths knowledge in this grouping will be pretty big, varying from very smart to, well, not so smart. This means that the truly smart people have no advantage over the not-so-smart.

Brain Gym

The UK education system has now become so poor, so terribly bad, that hundreds of schools are teaching something called “Brain Gym”, which has been wonderfully exposed by Ben Goldacre (if you don’t own his book already, buy it). In it he gives some examples of the Brain Gym “information”:

“Processed foods” [Brain Gym] announces: “do not contain water.” This has to be the most readily falsifiable statement I’ve seen all week. Any water in soup?

Or how about an exercise to pump more oxygen into your brain:

An exercise called “Brain Buttons”: “Make a ‘C’ shape with your thumb and forefinger and place on either side of the breast bone just below the collar bone. Gently rub for 20 or 30 seconds whilst placing your other hand over your navel. Change hands and repeat. This exercise stimulates the flow of oxygen carrying blood through the carotid arteries to the brain to awaken it and increase concentration and relaxation.” Why? “Brain buttons lie directly over and stimulate the carotid arteries.” Now, I’m waiting to be impressed by any kid who can stimulate his carotid arteries inside his ribcage,

Hundreds, probably thousands of teachers in the UK are teaching this junk, with permission of the state, to pupils. Just so there is no misunderstanding here – anybody who stands up in front of a classroom and says there is no water in processed foods is an idiot, and a dangerous one at that. Further more, anybody being taught by these people could quickly become an idiot unless they get access to some decent education. If this is not dumbing down education what is?

It is these children who are going to be taking A-Levels in science, believing that soup does not contain water.

Anyone who believes that an education system which allows for Brain Gym and ignores/fails to understand scientific studies that prove grade inflation, but can still produce good scientists, is quite delusional.

---

[1] This excellent phrase was stolen from Ben Goldacre’s book, “Bad Science”

Data Theft and the Legal System

Recently more news has come to light about data theft: More people are implicated, more data has been misused, and the fines seem to be poor. This all raises more questions than it answers.

A few days ago Mathew Single was sentenced for publishing the BNP membership details, which he took from the BNP. i.e. data theft. The ramifications of publishing the data were a series of vigilante acts against the members. Regardless of your views about the BNP they are a legal party, membership of the BNP  is legal, and they have even won an election. However, vigilante acts and data theft are not legal.

Despite this the fine for publishing the data, for breaking the law, was just £200. Even the judge complained about the level of the fine.

In addition to this more and more details of data theft  are gradually leaking out. There have been allegations of Prince William and Prince Harry’s phones being accessed. Also, the previous Head of the Professional Footballers’ Association, Gordon Taylor, had his phone hacked by the News of the World. The News of the World paid £700,000 in damages, following a court case, “but on condition that details of the case were not made public”. How can such a major media outlet go to court, lose, and still manage to keep the details of such an important case secret for so long. The key word in that sentence is probably “major”.

The ICO has recently stated that they have been let down by the press, politicians, and the court systems; in the failure to create strong enough laws, or the courts to enforce the laws they have effectively.

Recently Steve Whittamore, a former police officer, turned private detective turned crook has come back into the news. He worked for a company called JJ limited and during his time there uncovered 17,500 pieces of personal information, for over 400 journalists (from a variety of papers). The data he and his colleagues obtained varied from banking and telephone information to DVLA and PNC records.

In February 2004, Steve Whittamore, and three others were all convicted of the offences they were charged with and received …… a conditional discharge. A conditional discharge, for those not familiar with the legal system means nothing.

It means they went to court, go told they were bad people who had done a very bad thing, and then walked out, without so much as a peak at a prison. To criminals a conditional discharge is about as effective as sending a sex addict to a lap dancing bar. It just encourages them.

So, the laws are all a bit rubbish, the courts are useless, and the CPS could not organise a pissup in a brewery. But who is buying all of the this data (other than journalists).

So, Who buys Stolen Data?

[The article below has been re-published from July 2008 due to the current relevance]

A lot of the market for personal data theft is in the “gray/black” market.

Some companies specialize in the selling of personal information, anything from just the name and address (phone book/electoral role), upto bank details, phone records etc. The reported costs of this data vary from $100 to $500. These companies who sell the data to lawyers and businesses, may not “acquire” the information themselves, rather sub contract it out, keeping the “dirty end” of the business very much at arm’s length.  This means that the person who users the data, apparently legitimately, is removed by at least two steps from the actual “data theft”.

One such example involves Mischon de Reya, a famous UK law firm and Carratou an investigation agency were involved in the purchasing of stolen information.

In this case Mischon wanted find information about Mr Hughes, the former chairman of the now collapsed Allsports. Based on this Mischon instructed Carratou to track down Mr Hughes. Carratou then instructed Sharon and Stephen Anderson, who are independent contractors. Sharon and Stephen then sourced a variety of information about Mr Hughes, including details of his 11 of his bank accounts. They charged around £150 for each piece of financial data. They gained access to this information this through phone calls (impersonating Mr Hughes), false letters, etc, etc.

Once the Anderson’s had “stolen his identify” and got the relevant information, this information was then passed from the Andersons to Carratou then from Carratou to Mischon and then to Mischon’s client. The whole incident only came to light when Mr. Hughes took Carratou to court to find out how they had accessed his bank accounts.

It has since been revealed that Sharon and Stephen Anderson made around £140,000 a year doing this, which equates to nearly 4 pieces of financial information every work day. This means that they are supplying a lot of data to a lot of companies.

Articles in the Guardian and Computer Active and ICO

Other cases of people obtaining and selling data:

Man Convicted of selling personal data

ICO Publishes list of Media Buying Data

So, who buys the stolen data?

The Media (who are always reporting on the data theft), people in the investigation industy, (who are there to protect the public and businesses), and business (who are the victims of hackers and data theft)

Who suffers most? The public.