How not to introduce an IT system

Posted on by

This morning’s Observer column

When you walk into my GP’s surgery, the first thing you see is a screen on the receptionist’s counter. Displayed on it are the words (all in capitals) “TOUCH THE SCREEN TO ARRIVE FOR YOUR APPOINTMENT”. Being pedantic, the first time I saw it I pointed out to the receptionist that I had arrived for my appointment. She grimaced. I then asked if the medical implications of asking every patient to use the same touchscreen during, say, a flu epidemic had been considered. Another grimace. It was, she explained, “a new system”.

This system was provided by Epic Systems, a US corporation based in Wisconsin, which may explain why its software designers seem unfamiliar with the verb “to arrive”. It’s one of eight major vendors of healthcare information systems, all of which are based in the US, and it got its foot in the NHS door quite a long time ago. My doctor’s surgery has been using it for a while. At the beginning, the system’s user-interface was abysmal and dysfunctional. Now, several years on, it’s merely ugly. But at least it works…

Read on

LATER

One of my colleagues wrote, confirming my friend’s experience:

The only thing that marred our recent experience of Addenbrookes A&E (also with suspected broken foot/feet, there must be something in the water in Cambridge!), was the introduction of the new system:
there was a 20 minute wait to register once we had initially registered, because the details hadn’t come through, then the x-ray results had to be manually retrieved …and really very stressful for the staff who had to keep apologising and physically running between departments to get results.

Kim Jong Un is not a joke

Posted on by

I’m not entirely overwhelmed by Obama & Co going all righteous over Sony’s ill-fated comedy, The Interview. So this piece in The Atlantic came as a welcome antidote to the fabricated indignation emerging from the White House.

This film is not an act of courage. It is not a stand against totalitarianism, concentration camps, mass starvation, or state-sponsored terror. It is, based on what we know of the movie so far, simply a comedy, made by a group of talented actors, writers, and directors, and intended, like most comedies, to make money and earn laughs. The movie would perhaps have been better off with a fictitious dictator and regime; instead, it appears to serve up the latest in a long line of cheap and sometimes racism-tinged jokes, stretching from Team America: World Police to ongoing sketches on Saturday Night Live.

And…

Yes, North Korea has long been ruled by an eccentric dynasty of portly dictators with bad haircuts. Yes, the propaganda the regime regularly trumpets to shore up its cult of personality is largely ridiculous. And yes, we on the outside know better, and can take comfort in pointing fingers and chuckling at the regime’s foibles.

But it takes no valor and costs precious little to joke about these things safely oceans away from North Korea’s reach. When a North Korean inmate in a political prison camp or a closely monitored Pyongyang apparatchik pokes fun at Kim Jong Un and the system he represents — that is an act of audacity. It very literally can cost the person’s life, and those of his or her family members. To pretend that punchlines from afar, even in the face of hollow North Korean threats, are righteous acts is nonsense.

Right on.

Cowardice, Hollywood style

Posted on by

George Clooney nails it in an interview with Deadline.

DEADLINE: How could this have happened, that terrorists achieved their aim of cancelling a major studio film? We watched it unfold, but how many people realized that Sony legitimately was under attack?

GEORGE CLOONEY: A good portion of the press abdicated its real duty. They played the fiddle while Rome burned. There was a real story going on. With just a little bit of work, you could have found out that it wasn’t just probably North Korea; it was North Korea. The Guardians of Peace is a phrase that Nixon used when he visited China. When asked why he was helping South Korea, he said it was because we are the Guardians of Peace. Here, we’re talking about an actual country deciding what content we’re going to have. This affects not just movies, this affects every part of business that we have. That’s the truth. What happens if a newsroom decides to go with a story, and a country or an individual or corporation decides they don’t like it? Forget the hacking part of it. You have someone threaten to blow up buildings, and all of a sudden everybody has to bow down. Sony didn’t pull the movie because they were scared; they pulled the movie because all the theaters said they were not going to run it. And they said they were not going to run it because they talked to their lawyers and those lawyers said if somebody dies in one of these, then you’re going to be responsible.

This is interesting because it suggests a promising new line for real and would-be ‘terrorists’: simply issue vague threats about nameless horrors to be visited upon public venues in the US and corporate lawyers will do the rest.

So does the hacking of Sony signify a new era in cyberwarfare?

Posted on by

Some people think that it does

Most cyberattacks to date—by China, Russia, Iran, Syria, North Korea, Israel, the United States, and a dozen or so other nations, as well as scads of gangsters and simple mischief-makers—have been mounted in order to steal money, patents, credit card numbers, or national-security secrets. Whoever hacked Sony (probably a North Korean agency or contractor) did so to put pressure on free speech—in effect, to alter American popular culture and suppress constitutional rights.

Matt Devost, president and CEO of FusionX LLC, one of the leading computer-security firms dotting the Washington suburbs, told me in an email this morning, “This is the dawn of a new age. No longer do you have to worry just about the theft of money or intellectual property, but also about attacks that are designed to be as destructive as possible—and to influence your behavior.”

Bob Gourley, co-founder and partner of Cognito, another such firm, agrees. “I have tracked cyber threats since December 1998 and have never seen anything like this. It might have roots in the early Web-defacements for propaganda”—usually by anti-war or animal-rights groups—“but they were child’s play, done really for bragging rights. A new line has been crossed here.”

And the attack has had effects. Sony has canceled the film’s scheduled release due to terrorist threats against theaters (even though no evidence links the source of the threats to the source of the hacking). While a Seth Rogen comedy is an unlikely cause for a protest of principle, a case can be made that Sony’s submission to political pressure—especially pressure from a foreign source, especially if that source is Kim Jong-un—should be protested.

Well, it might be seen as an attack on American popular culture, I suppose.

Apparently some (off-the-record-natch) US sources think that Kim Jong Un and his chaps are responsible. In which case it’s an instance of cyberwarfare, not just an anti-corporate stunt.

And, as @dangillmor asks, “Are these the same US govt people who determined that Iraq had weapons of mass destruction?”

Kim Zetter has a good, sceptical piece in Wired.

What it all adds up to is that the big difference between “cyberwar” and the kinetic version is that it’s very hard to be sure who has just attacked you.

And, as usual, Dave Winer has an original take on it:

Back in 2000 when Napster was raging, I kept writing blog posts asking this basic question. Isn’t there some way the music industry can make billions of dollars off the new excitement in music?#

Turns out there was. Ask all the streaming music services that have been born since the huge war that the music industry had with the Internet. Was it necessary? Would they have done better if they had embraced the inevitable change instead of trying to hold it back? The answer is always, yes, it seems.#

Well, now it seems Sony is doing it again, on behalf of the movie industry. Going to war with the Internet. Only now in 2014, the Internet is no longer a novel plaything, it’s the underpinning of our civilization, and that includes the entertainment industry. But all they see is the evil side of the net. They don’t get the idea that all their customers are now on the net. Yeah there might be a few holdouts here and there, but not many. #

What if instead of going to war, they tried to work with the good that’s on the Internet? It has shown over and over it responds. People basically want a way to feel good about themselves. To do good. To make the world better. To not feel powerless. It’s perverted perhaps to think that Hollywood which is so averse to change, could try to use this goodwill to make money, but I think they could, if they appealed to our imaginations instead of fear.#

Hacking, by Royal Command?

Posted on by

The Intercept has just published an intriguing PowerPoint deck from the Snowden trove. It gives some details of the hacking of the Belgian mobile phone operator, Belgacom, (probably using Regin).

Slide 5 shows two distinguished visitors being given a briefing, presumably on this operation (otherwise why is the picture in this deck?)

Charlie_and_Camilla

Slide 9 makes it clear what this is all about:

OP_Socialist_slide9

So my question is this: Did Prince Charles know about the hacking of Belgacom?

Q: Who let this happen? A: We did.

Posted on by

This morning’s Observer column.

The relevant extract from the [FISA] court transcript reads:

Justice Arnold: “Well, if this order is enforced, and it’s secret, how can you be hurt? The people don’t know that – that they’re being monitored in some way. How can you be harmed by it? I mean, what’s… what’s your… what’s the damage to your consumer?”

Ponder that for a moment. It’s extraordinarily revealing because it captures the essence of the mindset of the people who now rule our democracies. It’s a variant on the “if you have nothing to hide then you have nothing to fear” mantra. And it begs the question: who gave these people the right to think and act like this?

The long answer goes back a long way – to Thomas Hobbes, John Locke and maybe Rousseau. The short answer is that we did. We elected these holders of high office – the home and foreign secretaries who ostensibly control MI5, MI6 and GCHQ, the MPs who cluelessly voted through laws such as Ripa (Regulation of Investigatory Powers Act), Drip (Data Retention and Investigatory Powers) and will do likewise for whatever loose statutes will be proposed after the next terrorist/paedophilia/cyber crime panic arrives…

Read on

GCHQ launches new code-making app

Posted on by

Well, well. This from the new, cuddly GCHQ.

Cryptoy is a fun, free, educational app about cryptography, designed by GCHQ for use by secondary school students and their teachers.

The app enables users to understand basic encryption techniques, learn about their history and then have a go at creating their own encoded messages. These can then be shared with friends via social media or more traditional means and the recipients can use the app to try to decipher the messages.

Cryptoy is mainly directed at Key Stage 4 students but can be used by anyone with an interest in learning about or teaching cryptography.

The app was designed by students on an industrial year placement at GCHQ. It was created as part of a project to demonstrate encryption techniques at the Cheltenham Science Festival, and has since been used at several other outreach events. The app was a hit, and GCHQ received interest from teachers who wanted to use it as a teaching aid. Therefore it was decided to make it publicly available.

GCHQ is committed to helping to increase the uptake of STEM (Science, Technology, Engineering and Maths) subjects at schools through its outreach programme and its work with industry and academia. It is also critical that the UK builds a knowledge base of cyber security skills. Learning about encryption and the associated academic disciplines are key parts of both of these.

Android only (for now anyway). Presumably not available to Belgians and officials of the European Commission.

A Thieves’ Thanksgiving

Posted on by

38_00392

This is a great time to be a crook. Not a small-time crook of course — for example, a cat-burglar or a pickpocket, or someone who fiddles his expenses: these knaves invariably get caught and spend time in the slammer. I’m talking about bankers, ‘defence’ contractors, executives of ‘security’ companies (the kind that charge the taxpayer for electronic tagging of people who are deceased or in prison, for example), and the like. They are not only doing just fine, but are apparently untouchable. As Charles Simic explains in a lovely NYRB blog post:

What makes a career in white-collar crime so attractive is that there are so few risks anymore. Everyone knows about Wall Street bankers having their losses from various scams they concocted over the years covered by taxpayers. But now, even when bankers lose billions for their bank by making bad or reckless deals, or have to pay regulatory penalties, as Jamie Dimon, the current chairman, president, and chief executive officer of JPMorgan Chase did earlier this year, they are more likely to get a 74 percent raise, as he did, than to lose their jobs. As for the federal agencies that are supposed to watch over them and the Justice Department that is supposed to haul these hucksters into court, if they so much as bestir themselves to confront the banks, they simply ask them to pay fines, thereby avoiding a judge or a jury and making sure that the details of their swindles can remain secret from the public.

As dishonest as Wall Street is, it doesn’t compare to the kind of thievery that went on in Iraq and Afghanistan. Once upon a time, war profiteers were looked at as the lowest of the low and condemned by presidents. “Worse than traitors in arms are the men who pretend loyalty to the flag, feast and fatten on the misfortunes of the Nation while patriotic blood is crimsoning the plains of the South and their countrymen mouldering in the dust,” warned Abraham Lincoln during the Civil War. “I don’t want to see a single war millionaire created in the United States as a result of this world disaster,” declared Franklin Roosevelt as the United States entered World War II.

Yet today, according to the Commission on Wartime Contracting, an independent, bipartisan legislative commission established to study wartime contracting, somewhere between $31 billion and $60 billion of US government money has been lost through contract waste and fraud in Iraq and Afghanistan. It is now common knowledge that contractors were paid millions of dollars for projects that were never built, that the Defense Department gave more than $400 billion to companies that had previously been sanctioned in cases involving fraud, and that the beneficiaries of such past largesse have not only gotten fabulously wealthy, but continue to be invited to pursue lucrative business opportunities in the new homeland security–industrial complex.