Financial Information

20 May 2016
A braclet that shocks you if you overspend

A bracelet that shocks you if you overspend

This story is typical of the difficulty people have in managing their finances well. The real problem is that banks and card companies have little interest in providing detailed analysis of financial information to their customers. As well as the divided nature of those institutions in that any one will only see a portion of the situation.

Firstly Banks, so my bank has all of my direct debits, and standing orders, and they know pretty well when and how much those are. They could project that forward and show me a projection of what my balance will be at the end of the month, next pay day or similar.

Card providers generally only show cleared transactions, sometimes there is a special display for pending transactions. This may be an important distinction for the Bank, but not to the consumer. As soon as I have made the transaction I want to see that in a statement.

What I want is at the point of making the decision, to have the information to make that decision. Can I afford to buy this thing this month or should I wait till next month. In the simplest case.

A more detailed analysis would be for the longer term. Like am I maintaining enough savings to cope with a not having a job for a couple of months, perhaps there are rumours of a takeover at my employment and I want to increase this target. Give me feedback on how many months before I can achieve that at my current spending / saving rate.

Personally I do this myself, and have done so for many years. I use GNUCash to record all my transactions. This allows simple reconciliation with statements. Then by ensuring that standing orders and direct debits are entered in a month before they are due I have a good projection of my future balance.


IP Bill Final Death Throws we hope.

14 March 2016

The IP Bill aka #SnoopersCharter is back from the committee stage with most of the sensible recommendations ignored, and some things even worse that it was before. Again I have Written to my MP lets hope it is again dead as the alternative is too horrible to imagine.

Dear Alock Shama

I have written to you several times about the Investigatory Powers Bill. [1,2] I have tried to explain the very real problems with this bill, but underneath all these problems, the massive impact that it would have on the high tech industry in the UK, under all of these problems is a fundamental issue of privacy.

I want you to think seriously about a state where citizens have no privacy. The privacy we have now in our own homes, our person and thoughts. As the internet becomes part of these spaces so these new powers to intercept, collect, filter, and examine come under the purview of the state.

The Home Secretary claims that we do not live in an interception state, because she only considers a communication intercepted when a person looks at it. This is not the view of the general public.

I watched much of the evidence presented to the Parliamentary Committee and read their report. The report highlighted many of this issues with the Bill and I was hopeful that we would get a sensible bill out of that process. But what we have after only a few weeks contains hardly any of the recommendations, but several changes to make the powers of the bill even worse.

When 200 Senior Lawyers tell you the bill is flawed, and probably illegal [3] I really think you should listen.

The only sensible course of action at this point is for you to vote against the Bill.

I urge you to declare that you will not support this bill.

Yours Sincerely

Stuart Ward

Ref:
[1] https://stuartward.wordpress.com/2015/11/21/investigatory-powers-bill/
[2] https://stuartward.wordpress.com/2015/11/26/the-ipbill-aka-snooperscharter-second-letter/
[3] http://www.theguardian.com/world/2016/mar/14/investigatory-powers-bill-not-fit-for-purpose-say-200-senior-lawyers


The #IPBill aka #Snooperscharter second letter

26 November 2015

Here is my second letter to My MP. This is the important one as they rarely see your first letter.

Dear Alok Sharma,

I thank you for your reply to my letter (ref: CRM12097), while your response tries to clarify some aspects of this bill you fail to address any of this issues that I raised.

I would like to explain just a few of the issues I, an others in the Cyber Security community, have with the Investigatory Powers Bill. Firstly the bulk collection of data.

Bulk collection of data records “meta data” is not equivalent to a phone bill. This implies that it only relates to a small part of a citizens life and interactions. In the case of the Internet we are living our lives where all our actions and thoughts travel on the Internet in some form. And this is rapidly expanding, from smart phones reporting location, activity, and biomedical information to our homes becoming automated and reporting machines that we live in. The “meta-data” of these interactions is vast and detailed view of our lives.

If you want a simple parallel it is equivalent to the information collected by the East German Stasi, collected and stored, and could be searched and analysed.

It is amoral in a free society to collect and store this level of information on citizens, whatever the justification.

Secondly the the storage and analysis of this data does not help the police, or GCHQ in performing their roles. If this is to protect us against terrorism it will not work. All of the recent terrorist attacks have been performed by persons known to the police. No cases of terrorism have been identified from bulk analysis of data. If this data truly was able to do this then we should demand extraordinary proof that this is the case, and subject this to public scrutiny. Where the NSA has been challenged to do this they have failed to provide a single case where access to bulk data was instrumental.

The simple argument here is that if the terrorists of all previous actions were known to the police but they were unable to spot this from the data they have, how does adding more data to the pile help.

This collection will be expensive and hamper the development of businesses in the UK. The Snowden revaluations mainly reflected on the operation of the NSA, and those revelations had, and are having a major impact on US businesses that sell technology solutions, especially internationally. This bill will have an even worse impact on UK businesses than the current revelations have already had.

The collection of useful data is easily bypassed by citizens. The entertainment industry has been trying to detect and prosecute people for copyright infringing activities for 10 years. This has taught much of the population how to use technologies like VPNs, and TOR. When these are used data collected under these Bulk collection schemes is useless.

The collection of this data is probably illegal under the European Convention on Human Rights. The recent ruling on the data retention directive, should alert you the the fact that the basic human rights are being infringed by the current collection schemes, and so this will probably be illegal under a similar challenge when it eventually comes. It would certainly not be legal under the American constitution.

Next I would like to discuss encryption. In your letter you say that you do not want to break encryption, The point in my letter was specifically about end-to-end encryption. This is where the service provider is unable to decrypt messages. The Bill states that service provider must comply with a warrant, and provide decrypted information. So what does this mean for services where the service provider is unable to do this? This implies that you will ban such services. If you think that this will help catch criminals, and not seriously harm UK businesses you don’t understand the issues.

End-to-end encryption uses the same technologies that secure connections to services providers. These are widely available technologies in open source products. These will be used whatever the law states.

I hope that this will help you understand how deeply flawed this bill is and and convince you not to support this. I have only covered a couple of issues with this bill, there are many more that I have not covered here.

Yours sincerely,

Stuart Ward


Reply from Alok Sharma on #IPbill #Snooperscharter

26 November 2015

Here is the reply from my MP to my previous post. My response follows

img_20151126_182228.jpg

img_20151126_182241.jpg


Investigatory Powers Bill

21 November 2015

One of the problems in our political system is that most of the members of parliament, and their advisor’s, pundits, and the politically active population have little knowledge or understanding of the technical infrastructure that runs our world. A combination of the lack of interest in politics by technical people, and the lack of education in scientific disciplines of our politicians.

We on the technical side, dare I call us geeks, now need to get involved in the political discussion. The second round of the crypto wars s upon us with the combination of people saying they don’t care about interception, and the week voice of those of us who do understand and care in speaking up, if we don’t speak up we will loose.

Can I urge all of you out there to write to your MP! It is not hard, but if we all do it, we can start to reclaim the internet for the good of the future.

Here is what I have sent, awaiting a reply.

Re: Investigatory Powers Bill
Dear Alock Sharma

I am very concerned about this new bill and the massive encroachment into the public right to privacy it enshrines. This has rightly earned the nickname “The Snoopers Charter”

If you want access to my data Get A Warrant!

The bill seems to retrospectively enshrine into law the massive, and probably illegal, interception of the internet by GCHQ. Prevent any disclosure of the extent of that interception and prevent anyone leaking information about that from using a public interest defence.

The only reason we know anything about these activities is because of whistle-blowers, who have endured political witch-hunts as a result of revealing these illegal activities.

The “Going Dark” argument, that the Police are unable to investigate crimes because of the improvements in security of the internet is a very spurious one. It implies that there has been total surveillance of the population in the past (and present) and this needs to continue.

If the police need access to end-to-end encrypted communication that can get a warrant and cease the device, view the decrypted messages.

The idea that a law can ban end-to-end encryption is as ridiculous as the claim from David Cameron to ban encryption, or mandate back-doors in all systems. The security profession has told you many times that inserting back doors safely into encryption software is imposable. (see Keys under dormats)

If you want access to my data Get A Warrant!

Banning end-to-end encryption will not stop the bad guys using it. How to do this, and the programs to do it are all publicly available and open source. All you will do is hamper UK law abiding citizens in using these, and kill the security software industry in this country.

There are also the sections allowing the Police, and GCHQ to break the Computer Misuse act, by hacking into any computer or device they wish. There is no justification for allowing this extreme power. The government should be working to improve our security not undermining it.

What we want from an investigatory powers bill is something like:

1. Full disclosure of all interception programs, and the number of cases involved
2. Disclosure after a reasonable amount of time that my data has been intercepted.
3. Independent oversight of All cases by someone like the RIPA Interception Commissioner
4. All cases to be authorised by an individual warrant authorised by a judicial person.

What we want is the law as it applies to everything else, should apply to the internet. Searching my data should be the same as searching my house, or searching my person. It is the same amount of intrusion, it should have the same controls.

I trust that you will NOT vote for this bill and will argue against it in the House.

Yours Sincerely

Stuart Ward


Cracking the Hacking Team

6 July 2015

The somewhat notorious Hacking Team seem to have been subject to an attack of using their own tools. This points to the use of poor passwords, and reusing password on multiple systems.

The other lesson here is to have tools looking for ex-filtration of data, at least to detect when something has gone wrong.

We should be able to learn something here…

http://www.net-security.org/secworld.php?id=18592

“Hacking Team appears to have committed two of the classic mistakes in security: Never use simple passwords and never reuse passwords. For a security company that’s this high profile, there’s no excuse for these sins. We don’t know yet how the attackers got into HT’s systems, but given the poor passwords that have been revealed in the documents, it could have been as simple as brute-forcing the passwords on a few system,” Martin McKeay, Akamai senior security advocate, commented for Help Net Security.

“The other major mistake made by HT was not noticing that 400Gb of data was leaving their systems. Extrusion detection for an organization that specializes in malware and monitoring should be one of the defenses they concentrate on, because it’s what other people would use to detect their tools. Expect your tools to be used against you is a basic warfare tenet.”

And I have now fallen into the trap of the miss use of the word “Hacking” in a negative context.


The upside-down quad-copter build

3 June 2015

Back in January we had the first rLab quad-copter build party. And here is my effort.

Original Quad-copter build

Original Quad-copter build

This has flown well, and I have slowly learnt how to fly these things. This learning process has involved quite a few crashes, with varying degrees of damage. I think I have replaced the arms about 8 times now, and recently the body frame was so broken that I needed a total rebuild the machine. I decided to try and rebuild it with the body hanging down and all the control stuff inside the body of the copter. Here is the result of my efforts.

Upside-down quad-copter

Upside-down quad-copter

This seems to be a an improvement. The flight is more stable and easier to control. Take-off and landing are easier as there is a bit more space under the props. The control unit is harder to get at but this has not proved much of a problem. Overall a great improvement.


Follow

Get every new post delivered to your Inbox.

Join 544 other followers