President Barroso sends his condolences to President Obama

President Barroso has sent his condolences to President Obama:

In the name of the European Commission, as well as on my own behalf, allow me to extend to you and your people our heartfelt condolences.
Message of sympathy from President Barroso to Barack Obama…

Now, since Barroso has included neither me nor the people of the European Union in this message (just the European Commission, which is the executive body of the European Union), I should like to express my own sympathy and that of the people of Europe.

But the truth is, Barroso has no right to speak in my name. While the American people had the opportunity to choose or reject Obama as their President, I have never been given the opportunity to accept or reject membership of the European Union; and neither I nor the people of Europe have had the opportunity to vote for Barroso.

Think of that: the most powerful officeholder in the EU is not directly elected by the people of the EU. What does that say about European democracy?

Who runs the country? The people or Big Business?

Today, the period for registering herbal medicines within the European Union expires. Please don’t misunderstand this European Directive (adopted in 2004). It has nothing to do with keeping the people of Europe healthy; it is designed to keep the profits of the pharmaceutical companies fat.

Paola Testori Coggi, Director General of DG Health and Consumers explained:

The law on herbal medicine wants to make sure that the herbal medicine which the citizens buy are safe, that they give the beneficial effects which they claim for, and that they are legal.

She makes three points:

• safe: we have been using herbal medicines for thousands of years with fewer side effects, fewer problems, and fewer ‘thalidomides’ than modern drugs. I once asked a doctor who wanted to ‘vaccinate’ me if he would accept personal liability for any irreversible side-effects. He declined. So I declined the vaccination. Why is it one law for herbs and a different law for drugs when it comes to provable safety?

• beneficial effects: only the user can say whether there have been beneficial effects – it is a value judgement that should be made by the user, not something imposed by the Union. If it doesn’t do what it says on the can, we have the option of not buying it again. If only I had redress against the pharmaceutical companies every time their paracetamol, aspirin or codeine failed to relieve a headache; or for every person who ever suffered an ulcer caused by aspirin…

• legal: typical EU gobbledygook. Of course herbal medicines are legal – or at least they were until the EU passed this law to make them illegal.

This is happening in Europe – but the same thing is going on in every country or region with an established pharmaceutical industry. In America there is much current debate over whether the average citizen is or is not vitamin D deficient. The official line is that he/she is not. Many independent experts believe that the average American citizen has insufficient vitamin D. They believe a conspiracy is in progress: stop people addressing the D deficiency until such time as we have patented the solution. At that time ‘realise’ that there is a deficiency and force them to pay through the nose for our patented solution.

It is, in fact, big business that shapes our laws, not the will of the people. This EU law is for the benefit of Big Pharma just as online copyright laws are for the benefit of the entertainment industry. It is time to stop this control of government by business, and return it to the will of the people.

The Stars Virus: cyberwar is coming because it is necessary

Now I don’t know for certain since I am your bog-standard average monolingual Englishman, but am reliably told (by the Washington Post and Today) that this article on the Iranian website paydarymelli.ir describes a second virus (Stars) specifically targeting Iran (and probably targeting the Iranian nuclear programme).

The United States and Israel are the usual suspects, but it does come just a few weeks after the UK announced that the head of the new Defence Cyber Security Group (which will “also be responsible for developing, testing and validating cyber techniques as a complement to traditional military capabilities”) will be a senior military figure. So if the peace-loving, tree-hugging, morris-dancing Brits are gearing up for offensive cyber capabilities, you can guarantee the rest of the world is doing same.

But the problem is two-fold. Firstly, western governments have already cried wolf once too often and I no longer automatically believe anything I am told. Secondly, government corrupts, and absolute government corrupts absolutely – which means that the Iranian government is probably just a little bit more corrupt than ours. Probably.

So where is the truth? Is this an example of cyberwar in action? Is it the Iranian government making up stories to garner more sympathy from existing or potential sympathisers? Is it the first putative foray of the new Defence Cyber Security Group? Is it the CIA and/or Mossad in action? Is it more designed to increase western cyber security budgets than do serious damage to Iran? Or is it all of these and more.

Luis Corrons, technical director, PandaLabs

The western security industry is watching and waiting for more information. PandaLabs’ Technical Director Luis Corrons is somewhat circumspect:

Right now nobody in the security industry has been able to take a look at this piece of malware. As long as there has been a public confirmation of the attack, there are 2 different scenarios:

1. It is a real targeted attack, so only a very limited set of people has received the attack, and this explains why nobody in the security industry has seen it. This is something that happens – sadly – on a daily basis, so it is plausible this is the case.
2. It is not a real targeted attack, but some specific “VIP” has received the typical malware attack through a spam message, which could contain any kind of malicious code (such as Zeus, Spyeye, some kind of downloader) and there has been an overreaction.

Frank Coggrave, General Manager EMEA, Guidance Software

Frank Coggrave, General Manager EMEA, Guidance Software, is less circumspect:

The news that the Iranian government has uncovered an ‘espionage’ virus points to the growing trend of targeted attacks.  Whilst the Star virus, and its purpose are still being investigated, the reports from officials that it was intended to target government institutions highlights the effort taken to inflict damage on one particular institution, in one country.

Worryingly, it comes less than a year since the Stuxnet worm was uncovered and the ramifications of this were huge, far beyond the direct damage it inflicted. It highlighted that this new breed of targeted threats were a reality, which poses new challenges for governments and organisations in establishing adequate defences against an ‘unseen’ enemy.

But of one thing we should be certain: cyberwar is coming. It is coming because governments want it and need it and will use it to keep us quiet and acquiescent. And whenever there is war, there is collateral damage. When we take physical war over there, the collateral damage is to them, and all we have to do is witness and cry over the television images. But in a cyberwar, the battle will come to us; and we shall experience collateral damage ourselves. It will be to our data and our networks; and no-one will hear or care when our disk drive screams in cyberspace.

Free hard drive data recovery from DTI

A new and most welcome reality is gaining traction: vendors’ understanding that users do not buy product for their personal computers. Business vendors get their income from business computers, not from home computers.

So, if home users are never going to buy my software, and it costs me effectively nothing to let them have it (courtesy of the internet), why should I not give it away free for personal/home use? No reason at all. In fact it makes excellent PR, and good business sense since that home user might also be a senior executive between 9 and 5.

DTI Data Recovery is the latest company to see this sense. It is making three products available for free download:

• External Hard Drive Undelete
• Hard Drive Partition Repair
• Windows Hard Drive Recovery Verification

Since the world comprises those who have been through the panic and heartache of lost data and those who will soon experience that panic and heartache, these products could go a long way towards preserving our future sanity.

Download here

It’s not our fault for doing Guantanamo, it’s Wikileaks’ fault for telling you

One of the things I dislike most about governments is the way they twist reality to justify their own mistakes and/or actions (mistake = euphemism if you hadn’t noticed). The latest Wikileaks revelations are a perfect example. The BBC headlines the story as Wikileaks: Many at Guantanamo ‘not dangerous’; and that pretty well sums it up.

The Pentagon, however, responds with

“Both Administrations have made the protection of American citizens the top priority and we are concerned that the disclosure of these documents could be damaging to those efforts.”
Wikileaks: Many at Guantanamo ‘not dangerous’ 

Nothing like “We were wrong”; nothing like “We made a mistake”; nothing like “We’ll try to put it right and make sure it never happens again”. No, it’s not that government actions have radicalised an entire generation, increased the threat of terrorism, made US citizens (and by association UK and European citizens in general) more unsafe; but just that Wikileaks is making “the protection of American citizens” more difficult by telling the truth.

And what saddens me even more is that government obfuscation is accepted at face value by whole rafts of the electorate.

A charity (the IWF) hands over a legal responsibility (reporting hate crime) to a limited company (ACPO): 21st Century Britain

I’m treading on dangerous ground here, but I have to admit that I have always been a little concerned about one of our national treasures, the Internet Watch Foundation (IWF). The IWF’s primary purpose is to reduce online child pornography, which it legitimately describes as child sexual abuse images. And it has had, or at least claims to have had, considerable success. So why should I be worried?

The reason is this: child abuse is illegal. We already have an organisation designed to tackle illegality: it is called the police, backed by the courts, and responsible to the democratically elected government. My concern is that an independent organisation (an incorporated charity, limited by guarantee) should behave independently in a manner that combines functions of both the police and the courts, but without the responsibility to the electorate. It provides, in its own words, a

• Reporting mechanism for the public to report any inadvertent exposure to potentially criminal child sexual abuse content.
• ‘Notice and takedown’ system to swiftly remove child sexual abuse content at source in the UK.
• Targeted assessment and monitoring system to remove child sexual abuse content in newsgroups.
• Provision of a child sexual abuse URL list to internet service providers, mobile operators, search providers and filtering providers to help disrupt access to child sexual abuse content which is hosted outside the UK and not yet taken down.
• Working with domain name registries and registrars to deregister domain names dedicated to the distribution of child sexual abuse content.

I believe that the IWF behaves responsibly. But the potential for independent organisations to take a vigilante role on the internet is what worries me.

So, do I want the IWF abolished? No, I want the police to take responsibility for their responsibility so that the IWF is no longer necessary. And that is why I (almost) wholeheartedly welcome the new True Vision website “for reporting all hate crimes online [that] has been launched by the police.” Crime should be reported to the police and not to a charity. And I definitely welcome the IWF’s statement:

All reports of incitement to racial hatred content hosted in the UK previously reported to the Internet Watch Foundation (IWF) should now be reported directly to True Vision.

My only slight concern is that True Vision is not what I would call a police or Home Office website, it is “owned by the Association of Chief Police Officers [ACPO]”. ACPO “is a private limited company… funded by Home Office grants, profits from commercial activities and contributions from the 44 UK police authorities.” (Wikipedia) Frankly, I’m not sure I’m any happier that a private company funded by commercial profit should be allowed to behave as if it is the police funded by the taxpayer, than that a charity should have say in what sites should and should not be allowed to operate.

IWF
True Vision
ACPO

Oh, look, what a surprise! Pedophiles are being used to scare us into accepting the loss of liberty

Just to prove the point of my previous post suggesting that government “keeps us in constant fear of terrorists, pedophiles, drug runners, gun runners…” is a report in the NewAmerican. In an article discussing the alleged practice of the Michigan State Police to illegally extract personal data from mobile phones during ‘routine stops’, it mentions Senator Ron Wyden’s draft Geolocational Privacy and Surveillance Act. This act would require the police to obtain search warrants before using GPS geolocation data to track Americans.

Not surprisingly, the Obama Justice Department has argued in court that warrantless tracking should be permitted because Americans have no “reasonable expectation of privacy” in the cell phones they carry or the data stored therein or transmitted wirelessly thereby.

Law enforcement agents testified that requiring a search warrant before tracking criminals “will have a significant slowing effect on the processing of child exploitation leads.”
Michigan State Police Reportedly Extracting Personal Info From Cellphones

Oh, look, what a surprise! Pedophiles are being used to scare us into accepting the loss of liberty.

The Data Protection Act: the ICO demonstrates that the cost of compliance is greater than the cost of non-compliance

The Information Commissioner, Christopher Graham, is being decidedly unfair to the security industry. Consider this: fear sells. Government does it all the time. It keeps us in constant fear of terrorists, pedophiles, drug runners, gun runners, Katie Price, identity thieves and the Russian Mafia so that we will buy its lies about the need to curtail our liberty to keep us safe on the street. Security vendors do the same – they keep us in constant fear of cyber terrorists, online purveyors of child abuse, money mules, Katie Price, identity thieves and the Russian Mafia so that we will buy their products to keep ourselves safe online.

But we have to be afraid, or none of it works.

Enter the Information Commissioner. Last April he gained the power to enforce his responsibility for the Data Protection Act by levying fines of up to £500,000. What music to the ears of the security industry – something else for us to be afraid of! Another reason to buy security products; this time to help us comply with the Data Protection Act.

But what a let down Mr Graham has been!

Of the 2,565 data leaks reported to the watchdog in the past year, the ICO has only taken action in 36 cases and handed out only four fines, according to data revealed by ViaSat UK under the Freedom of Information Act.
ICO acts on only 1% of reported data breaches

I’m not sure of the maths here, but nevermind. The point is very clear – if you breach the Data Protection Act you are overwhelmingly likely to get away with it. So what does that do? It tells us that the cost of compliance is considerably greater than the cost of non-compliance. In other words, don’t bother about the Data Protection Act. And don’t bother buying any security products to help with compliance.

He’s so unfair!

AMTSO, the anti-malware testing standards organization, opens up

Last year I voiced two main concerns about AMTSO, the anti-malware testing standards organisation. One was collusion in the false marketing impression given by claims of 100% test success against malware in the Wild(list). I won’t repeat my concerns here (see instead the original articles AMTSO: a serious attempt to clean up anti-malware testing; or just a great big con? and Anti Malware Testing Standards Organization: a dissenting view). Sadly, there has never really been any acknowledgement that this is a valid concern; nevermind any action on it.

The second concern is that AMTSO is effectively a closed shop: it is largely by the industry for the industry; and for that reason alone it cannot be trusted. This caused no inconsiderable heat, with some members of AMTSO feeling that I was saying that they personally could not be trusted. Others, however, accepted that it was a valid issue.

Well, I am now delighted that AMTSO has made serious attempts to address the problem. Last October it announced a new low-cost subscription fee in an attempt to get more people involved:

While AMTSO recognizes that strict requirements for full membership are necessary to ensure it achieves its objectives, it also understands that the fees put it out of reach for many interested individuals that may have a valuable contribution to improving the objectivity, quality and relevance of testing methodologies. Hopefully, the new low cost subscription model will widen the reach of the organisation and enable more people to have a say in the future of anti-malware testing.
Philipp Wolf, of AMTSO member Avira

This new subscription currently stands at €25 per annum. I don’t know how many subscribers it has attracted – but I doubt that it is many. “They will also have the right to attend meetings, though not as voting members.” Why should I pay money to have no ultimate say in things?

Today, however, AMTSO has launched an open (and free!) “forum where anyone may post and join in testing-related discussions.” Users are still unable to vote on AMTSO issues, but that’s fair enough. Discussions, like justice, should be seen to be done. Provided that AMTSO moderators do not censor this discussion forum (other than the usual legal requirements), it will “provide a discussion point where anyone with a question or an opinion on the testing of anti-malware software can make their voice heard.”

For that, AMTSO deserves to be commended.

AMTSO
Discussion forum

Political Freudian slip

In my previous post I missed the Freudian slip in Neelie’s comments. She wrote:

For me, this was not the end of a process, but the beginning of a dialogue. And it’s a dialogue just for those present at the meeting…

Still, even that’s an improvement. The EC usually engages in monologues.

Youth engagement will make the Digital Agenda a reality