A few months ago I went into the local branch of my bank (Lloyds TSB) to do a non-routine transaction involving transferring a significant amount of cash. I’ve been a regular customer at the branch since 1985 and several of the staff know me by sight. All of my personal accounts and those of one of my companies are managed by the branch. But when it came to do the transaction, the cashier requested evidence of my ID. “Eh?” I replied. “What kind of ID?” Back came the reply: “A passport or driving licence will do”. Why did she need this, I inquired? “So that we know who you are.”

At this point I became rather, er, annoyed. This doesn’t happen often, but when it does it isn’t a pretty sight. So eventually the ‘manager’ was called and in due course the transaction was carried out without production of any further documents. Of course this branch ‘manager’ didn’t know me personally. It’s not his job to know people. That function is now delegated to my “personal customer relationship manager” — i.e. the chap who writes to me at irregular intervals to say that he’s just taken up this interesting new post and would like to get to know me better. Needless to say, I’ve never met any of the holders of this important post.

Given this background — which I’m sure is entirely unexceptional — you can see why I have been struck by Charlie Leadbeater’s lovely essay for Cornerhouse. Here’s a taster:

Often in the name of doing things for people traditional, hierarchical organisations end up doing things to people. Companies say they work for consumers but often treat them like targets to be aimed at, wallets to be emptied, desires to be excited and manipulated. The person who calls himself my ‘personal relationship manager’ at a leading high street bank does not know me from Adam but in the cause of trying to sell me some savings products I do not want pretends that we are lifelong friends. In the name of doing something for me, actually he wanted to do something to me: relieve me of some money. Many experiences of public services are often little different. Social services departments were created to help people in need. Yet those on the receiving end of services often complain they feel they are being done to, processed by a bureaucratic machine.

One of the most intriguing revelations of the last year was the news that Google could use aggregated search data to track — and perhaps predict — outbreaks of influenza. The graph shows results for the US. CDC data come from surveying a sample population of doctors, but the results take time to collate, whereas Google’s data are nearly instantaneous. So even if the search-derived data were only a day or two ahead of the official stats they could be useful to public health authorities in some circumstances.

Now the NYT is reporting that Google has extended the service to Mexico. One reading of the data is that the outbreak has peaked there. But that might simply be a reflection of the fact that an awful lot of Mexicans don’t have internet access.

Interesting video here.

I — and others — have written about this before: see, e.g. here, here and here.

… in 1945, the Soviet Union announced the fall of Berlin and the Allies announced the surrender of Nazi troops in Italy and parts of Austria.

A panel of experts deliberating under the auspices of the National Science Foundation has come up with a report which is highly critical of the US’s approach to the threat of cyberattack and has issued this list of recommendations:

1. The United States should establish a public national policy regarding cyberattack for all sectors of government, including but not necessarily limited to the Departments of Defense, State, Homeland Security, Treasury, and Commerce; the intelligence community; and law enforcement. The senior leadership of these organizations should be involved in formulating this national policy.
2. The U.S. government should conduct a broad, unclassified national debate and discussion about cyberattack policy, ensuring that all parties—particularly Congress, the professional military, and the intelligence agencies—are involved in discussions and are familiar with the issues.
3. The U.S. government should work to find common ground with other nations regarding cyberattack. Such common ground should include better mutual understanding regarding various national views of cyberattack, as well as measures to promote transparency and confidence building.
4. The U.S. government should have a clear, transparent, and inclusive decision- making structure in place to decide how, when, and why a cyberattack will be conducted.
5. The U.S. government should provide a periodic accounting of cyberattacks undertaken by the U.S. armed forces, federal law enforcement agencies, intelligence agencies, and any other agencies with authorities to conduct such attacks in sufficient detail to provide decision makers with a more comprehensive understanding of these activities. Such a periodic accounting should be made available both to senior decision makers in the executive branch and to the appropriate congressional leaders and committees.
6. U.S. policy makers should judge the policy, legal, and ethical significance of launching a cyberattack largely on the basis of both its likely direct effects and its indirect effects.
7. U.S. policy makers should apply the moral and ethical principles underlying the law of armed conflict to cyberattack even in situations that fall short of actual armed conflict.
8. The United States should maintain and acquire effective cyberattack capabilities. Advances in capabilities should be continually factored into policy development, and a comprehensive budget accounting for research, development, testing, and evaluation relevant to cyberattack should be available to appropriate decision makers in the executive and legislative branches.
9. The U.S. government should ensure that there are sufficient levels of personnel trained in all dimensions of cyberattack, and that the senior leaders of government have more than a nodding acquaintance with such issues.
10. The U.S. government should consider the establishment of a government-based institutional structure through which selected private sector entities can seek immediate relief if they are the victims of cyberattack.
11. The U.S. government should conduct high-level wargaming exercises to understand the dynamics and potential consequences of cyberconflict.
12. Foundations and government research funders should support academic and think- tank inquiry into cyberconflict, just as they have supported similar work on issues related to nuclear, biological, and chemical weapons.

According to the NYT report,

The United States has no clear military policy about how the nation might respond to a cyberattack on its communications, financial or power networks, a panel of scientists and policy advisers warned Wednesday, and the country needs to clarify both its offensive capabilities and how it would respond to such attacks.

The NYT report also suggests that the US doesn’t rule out the use of nukes in retaliation to a cyberattack, but then goes on to quote Pentagon officials as saying that this is nothing new. The US, it seems, never rules out anything. This is apparently to keep potential aggressors guessing.**

Text of the Executive Summary of the NSF report (pdf) from here.

** Footnote: this didn’t deter Osama bin Laden & Co, though.