Archive
Should we restore capital punishment in the UK?
I see that Guido has launched a petition and campaign for the restoration of capital punishment in the UK; specifically for the killers of children and police.
Now that the government has launched an e-petitions site, Guido will put all the resources at his command into a campaign for a vote on the restoration of capital punishment for child and cop killers.
Guido Submits “Restoration of Capital Punishment” Petition
This is such a difficult issue – and is probably the one area where I fundamentally disagree with his principles.
These are some of my difficulties:
- No-one has the right to kill – but that should include the State.
- Anyone who does kill must be punished – but that should include the State.
- What if we get it wrong, and we murder an innocent person?
- Why just children and police? Killing is killing, or is some killing worse than others?
- Where do you draw the line between murder and self-defence?
- If a demonstrator were to kill a policeman, should that demonstrator be executed? If a policeman were to strike and kill an innocent passer-by, should that policeman be executed?
Now let’s examine our collective emotions on this. Guido uses Baby P as an example. What revolts us the most: the fact that he was killed, or the fact that he was tortured first? I suspect the latter. Why should capital punishment be applied to murder but not to torture? I make this distinction solely to show that our emotions play a serious part in this debate when it is one that perhaps above all others should be governed by logic.
And what about China and Saudi Arabia? Most of us are horrified by capital punishment in foreign climes, yet most of us seem to want capital punishment here.
For me, however, the bottom line is not that I don’t think murderers deserve to lose their own life, but that the risks in getting it wrong are too great.
I am calling about the problems you are having with your computer
I just had one of those phone calls about the problems with my computer (they’ve been increasing recently).
I lied. “I don’t have a computer,” I told her.
“Yes, this is about the problems you are having with it.”
“I don’t have a computer,” I repeated.
“But you do have broadband.”
The tone in her voice had changed. She was guessing that I had a computer because she knew that I had broadband.
How did she know that? Is it common knowledge available to anyone? Is it obtained nefariously? Or do our ISPs sell their customer lists?
Facial recognition and digital certificates: true security for mobiles?
Two separate bits of news that caught my eye are Google’s purchase of PittPatt (a face recognition company as reported by the WSJ), and Entrust’s release of a digital certificate system for smartphones.
Google has acquired a seven-year-old company that develops facial-recognition technology for images and video, though the Web-search giant didn’t say what it plans to do with it.
Google Acquires Facial Recognition Technology Company
What will it do with it? Is it going to add it to Google+ in the same way Facebook introduced face recognition last year? Or will it be built into Android? (Could be both, of course, just like it could equally hive off into a new profit centre offering facial biometrics and recognition to law enforcement and border agencies…).
Bill Conner, President and CEO, Entrust
Moving on, Entrust yesterday announced and claimed that ‘Entrust IdentityGuard strengthens mobile security with device authentication, network access (VPN), SMIME and application security — all with self-service capabilities’.
You have to look at the detail here. This is a self-service digital certificate for smartphones: “Authorised employees, staff or contractors simply log in to the Entrust IdentityGuard Self Service Module to enroll their mobile device — compatible platforms include the Apple iPhone, Apple iPad, Android, BlackBerry, BlackBerry PlayBook and more — and are issued a digital certificate.”
The problem is that a digital certificate authenticates the identity of the device, not the person using it. I asked Bill Connor, President and CEO of Entrust, to elaborate on the security of the digital certificates themselves.
The Entrust IdentityGuard Self-Service Module offers end users a simple and consistent way to enrol for and install certificates and keys for network access and secure email on their mobile devices. The certificates and keys are stored within the devices’ native certificate stores and can therefore be leveraged by native device applications such as VPN clients and email clients. Private keys are thus protected according to the mechanisms employed by the mobile device OS.
Bill Connor
But what if the device is lost, stolen or cloned? Could it be used as an authenticated device by an unauthenticated user?
As the private keys are stored natively by the mobile device, they are protected against device cloning and theft according to the mechanisms employed by the mobile device vendor, including device PIN protection, password protection and hardware-derived keys for the certificate store. Certificates issued to mobile devices may be easily and immediately revoked by both administrators, through IdentityGuard WebAdmin, and users, via the IdentityGuard Self-Service Module, if/when users become aware of device theft or compromise.
Bill Connor
Notice those two key phrases: ‘according to the mechanisms employed by the mobile device OS’ and ‘according to the mechanisms employed by the mobile device vendor’.
So what we have here is an excellent product from Entrust that will authenticate the device and is perfect for business use; but is reliant on other systems for authenticating the user to the device. But the only way you can really authenticate the user is with biometrics – so we’re back to PittPatt.
It is coincidence rather than conspiracy that I learnt of these two developments on the same day – but what a co-incidence. Put the two together: facial recognition built into the operating system for user authentication and Entrust’s easy-to-use and established certificate system for device authentication and the result would be genuine security for mobile devices.
Two developments to watch, I think!
