Virtual Worlds, Day 2

Virtual Worlds, Day 2

This is based on my notes taken on Day 2 of the EU’s citizen’s assembly on Virtual Worlds. These have been polished, but are not easy to draw conclusions or a story from, partly because I have tried not to leave anything out, and the participants were not looking to bring their stories and thoughts together. These notes do not tell a story and this article is quite long for me. I hope it has something interesting for you; it talks of the technology, a little bit of economics, social engagement and control and even a little about the changing nature of personality.

I am concerned at the framing of the assembly as “virtual worlds”  rather than future of the internet, and unlike the CoFoE, my syndicate group seemed quiet on the issues of surveillance although not on the issues of manipulation and fake news. On reading these notes, in which I have inserted my opinion you will see that I am equally concerned that we cannot really forecast the risks and benefits much beyond 12 months.  The concluding statement by one of the citizens, was a demand for fairness, an equality of arms.

The session started with an ice breaker, then looked at what good might come from virtual worlds, and then what bad might come from it.

For the ice breaker they were asked what they were proud of about their country, sadly, I can’t think of anything. It might have been beaches, but not these days and I have seen the beaches in much of western Europe. London’s cultural diversity is still fun but with the exit of many Europeans and the difficulty of importing food, the restaurant scene will decline. I like the Union flag!

The moderator’s tried to steer people towards risks and benefits today! The panel came up with the following,

  1. The datenkraken’s desire for eyeballs leads to manipulation; to which I add that this is the tool by which fake news gains traction.
  2. Some look forward to AI enhanced translation; how close are we with DeepL which I tried to get to translate the audio feeds from the conference, until I was shown the audio feed language selector. It captured it well, but the interface is not designed for real time use.
  3. One person (with whom I agree) observed that the bite sized delivery of social media trains a lack of attention, boredom and an inability to consume longer form content. I characterise this as preferring bullets to essays, and twitter to blogs.

We then considered chapter 3 of the info pack published by the Commission to help the assembly’s deliberations.

I have picked up on the conflict between the rights of people and the rights of corporations. The document lists the EU’s rights and principles, which I think, understates, the fundamental rights of information and privacy.

  1. Putting people and their rights at the centre of the digital transformation
  2. Supporting solidarity and inclusion
  3. Ensuring freedom of choice online
  4. Fostering participation in the digital public space
  5. Increasing safety, security, and empowerment of individuals
  6. Promoting the sustainability of the digital future

We then spent what I thought was too much time looking at the Reality – Virtuality continuum; I had not heard of this before. I am unsure how helpful this was, as it may have closed off lines of enquiry, but from this session, the following questions were asked,

  1. What is the climate change dimension of building the virtual worlds? It’s huge, we were worried about this while I was at Sun Microsystems (1997 -2009) calculating that data centres consumed as much as air transport. It’ll be interesting to see how this is answered. However, there is a cost-benefit trade to be calculated; for each virtual world space, transport costs to real world meetings will be reduced.
  2. One correspondent asked when will we do our exercise? I suspect that Peloton and its competitors have an answer for that.
  3. A question was asked on how regulators can either keep up or get ahead of the markets.
  4. The ability of the EU to exercise leadership in the science was questioned, although the questioner posed a market solution. Perhaps this is another dimension to the proposition that Europe can turn money into ideas, but not the other way round and part of the answer must be Horizon Europe and even NESSI. (Can I insert a plea that both parties accelerate the UK’s re-entry into Horizon as both sides would benefit from the UK’s universities rebooting their participation.)

After lunch, the panel members were asked via a picture to envisage the landscape in 20 years’ time. Predicting 2050, is hard, I wrote a 10 year review/forecast in 2015 [or on Medium] and I found it hard to make predictions; the commission seem less interested in hardware or system architectures, except for googles/headsets and would seem to be expecting a revolution in in software. Or are they? The syndicate group had great difficulty in imagining much more than “virtual light’s” glasses as an output device.  I feel that without the development of new metaphors, it will be hard to imagine new uses of virtual reality. And we should remember from the pandemic that we are learning the limits of video conferencing as people report zoom/teams fatigue.

One correspondent proposed that ubiquitous virtual worlds would herald the end of loneliness. Not sure how that will happen. another proposed that virtual worlds will always be different from reality, particularly for social relations.

Some argued that virtual worlds must have a practical application for citizens other than leisure, however, the Entertainment industry is one of the technology innovators for the internet, and it seems that Netflix takes 15% of the internet bandwidth, I repeat,  it’s hard to envisage a 20 year change without imagining a change in metaphors. I remember attempting to see, for about 60 seconds, if a game like Doom could act as the user interface to business applications but could never make it work. We know that some of the wargame games, such as Call of Duty are/were used for serious military training and VR can be used to train and help design certain processes such as a building evacuation/design and road design. I also spent some time trying to imagine a data centre management solution with a 3D virtual interface, possibly a model of the computer hall, with colour coding showing activity, heat, and the power draw but the abstract representation of a dashboard always seemed more informative. While working at Sun, I experimented with both 2nd Life and Sun’s Project Wonderland [or on Medium]; and in this article, I show two screen shots, with in one case, someone giving a powerpoint (or open office) presentation in a virtual world. (It emphasises my point that we need new metaphors, we don’t need a virtual world to share slide shows. I also attended an EU conference based on the then current funded IT projects in 2008. My notes are on my blog [or on Medium] and the section on the future of the internet, which would have been a better title for the citizen’s assembly, is of most relevance to this discussion, although the whole article gives some insight into what European innovators thought was coming.

In 2015, I tried to write a futurology article, which I never published because I felt that the changes over the previous 10 years had been of miniaturisation and performance with the most important software innovation being in-list based search. As I thought about the article and the next 10 years, I wondered whether internet speed had increased in the eight years since I wrote it. The answer would seem to be yes, BT are offering 80 megabits per second over copper, and 900 megabits per second over fibre today, but have we actually developed the collaboration vehicles. Have wikis become ubiquitous document sharing tools? Are we using tagging and graphs to identify experts (see this about expert finder tools [and on Medium]) and their bodies of work. I think the answers are maybe and no. In fact, finding experts remains hard as most seek to exaggerate themselves, and diminish their competitors. No-one in the room seemed to recognise the issue that how to find expertise and authority [and on Medium] are separate things.

Another thought I had, about the changing nature of the internet, was inspired a year or two ago as I walked past some Santander cycle stands. When originally conceived the stands were on the Internet and connected by cable. Today it’s the bikes that are connected to the platform using Wi-Fi; the network now consists of disconnected mobile things, which includes people with their phones. The internet of computers is long dead, it all depends on how long the Internet of people can sustain itself. My bike example, and the ubiquity of phones is turning the internet into one of things, but one funded by the device owners.

Others raised hopes of health applications. It’d be good to see what they might be thinking of. I was reminded that my thermometer can connect to my computer and thus the internet, but my oximeter couldn’t and we used whatsapp i.e. short free form text messages to share the results both with a human and a list server.

I wonder if, as I consider virtual worlds, whether I am too committed to 2nd Life/NWN metaphors to imagine anything different. It’s not as if I haven’t tried but I am of the view that much of what was proposed is merely using the information we have today, displayed using a different output device ie. Goggles. Another issue here is about information packaging, formatting and combining. I was reminded of my time working at DB where, a vast amount of time was spent, copying data from one system to another because the IT programmer time to do it automatically had never been made available and today when watching streaming content, looking for actors or writers on Wikipedia to get more facts about them or to see if I have recognised the actors correctly from other works.

One correspondent asked if you could virtually ski and what was the point? it would be cheap to point out that there’s very little snow in Europe this year and that virtual skiing maybe all you can get particularly if you use an augmented reality by making the ski’s internet attached; it would one hopes make falling over less painful.

One correspondent said they liked reading, which made me question whether the cost of reading has fallen or not. I remember when trying to get a copy of an out-of-date SharePoint manual that the cost was only pennies short of the current version price and wondering how that worked and that academic books can be extraordinary expensive despite the fact that the taxpayer has often paid for them twice before. Free public libraries are dying, or finding new purposes, provoked by people’s reticence to travel even short distances.

The issue of the digital divide, on cost and knowledge was raised. The latter reinforced in my view, by the amount of self administration skills needed to be on the internet.

One correspondent asked, if finding information is so easy will we stop thinking and creating? Some of course have never started. People will still be taking decisions and can choose to use the available information or ignore it, possibly because they are lazy, possibly because they are untrained.

There was little acknowledgement that the datenkraken and even retail stores create information from people’s spores and from combining them and comparing them.

Have the commission bitten off more so they can chew? Is virtual worlds a topic that is too late? It’s clear to me that we are all having difficulty in imagining new uses; we can return to training and possibly applications that need to understand the science of what they’re dealing with. Perhaps fashion design would be an appropriate application.

After lunch, the group sought to address fears.

The first contributor raised the obvious ones, the fear of AI & Robots, and the failure to implement a  just transition. They also argued it was necessary to oppose control and oppression. Another raised the issues of state (and private sector) surveillance and China’s Social Credit system [or on Medium] which also influences people’s romantic relationships. From my article, I quote,

… a series of regulatory decisions in the USA seem to be paving the way to something similar [to China’s social credit scoring], a powerful illustration that the argument that surveillance is OK if it’s private sector is horrendously false.

 It was also pointed out that it is easier to be abusive on the ‘net because of anonymity and the distancing that the ‘net puts on communication.

The rest of the afternoon was very disjoint.

  1. There was a fear that as we digitised our memories through photos in particular, they become vulnerable to loss; but they are not on our devices, not on our phones and without digital cameras, we wouldn’t have the photos.
  2. There was a call to keep real money. In my view that’s gone, is this a call for strong regulation of the savings industry?
  3. The group returned to the potential loss of intimacy, which reminded me of the time I was living apart from my wife, and we got to the point where we used the available technology to watch things together on the BBC and so spent time together. bUt the group wondered if we’ll lose the ability to communicate with people. In the real world we perceive and understand through all five senses, perhaps, that’s why we French kiss; but today we can’t touch, smell or taste in the virtual world and we need to remember that human communication is 98% non verbal! Maybe that’s why  we will need to jack in.
  4. Privacy and trust were re-visited with fears being expressed at the growing capability of AI while recognising that AI and Virtual Worlds are different things.
  5. They went down a rat-hole on learning facts, while there may a reduced need to learn facts, one will always need to be evaluate evidence and use methods of analysis. I wish I had learned my multiplication tables, although not enough to sit down and do it. People, if only, collectively, will need to stay ahead of the general intellect and we need to teach our children to do so to.
  6. There was a fear that the homogenous nature of the internet will pose a threat to minority cultures, as the internet adopts a homogenous approach to people. This is something the EU could help with both through regulation and investment.
  7. Finally a plea to democratise the expertise in making, creating and running the internet and/or future virtual worlds. I ask if this would this require changes to the copyright laws since software can be copyrights, and does it require the promotion of open source?

In the sessions there’s been an emphasis on safety over privacy.

Yesterday, I had wondered how many young people were in the panel; today in Group 6, there are a couple who in the smaller committee room, managed to say more. Some of it hopeful and some of it sceptical.

And a question of how to regulate, I think the institutions know but the private sector lobbying is very powerful; come back Neelie.

There was a demand for fairness, an equality of arms.

I have referred to the following article on my blog, these are dated between 2008 & 2017; I was nearly an expert once,

  1. How to find expertise and authority [and on Medium]
  2. Knowing me, knowing you, 2007 [or on Medium]
  3. More VNC lite 2008
  4. Beyond concalls  2008 [or on Medium]
  5. The future of the internet 2008 [or on Medium]
  6. A 10 year review/forecast 2015 [or on Medium]
  7. On China’s social credit system 2017 [or on Medium]

On Release Management

On Release Management

I wrote a piece on Release Management on my LinkedIn Blog. I talk about the minimum properties of a change control authorisation system, the minimum evidence required before agreement can be issued, the need for emergency change control process, the need for post implementation reviews, treating failures as incidents and applying problem management tools to them, and ensuring that there is an appropriate segregation of duties.  …

On Musk and Twitter

On Musk and Twitter

Elon Musk has taken over twitter; I wrote a short piece on LinkedIn on the deal, its funding, and the technology. Since then some, including the FT (£) have commented on its funding, not the least the bank loans and thus collateral required. The linkedin article has some interesting links commenting on the deal, or at least I think so.

I also like this theory, that it is/was all a big mistake which Musk’s ego cannot permit him to admit,

The first thing Musk did was fire senior managers but the second is to fire half the work force. Advertisers are having second thoughts, based on wild comments made by Musk, not helped by the fact that many of the job cuts are aimed at content moderation teams and that programmers being let go are those who released the least lines of code, as many have commented, this is unlikely to end well. Another threat to a platform like twitter is that of regulatory intervention; in the UK, the Online Harms Bill is going through Parliament and the EU will also legislate on fake information and cyberbullying. Since politicians are so often the targets of such bad behaviour, there’s little support for Musk’s free speech line. Furthermore, the way in which the ‘reduction in force’ is being conducted would seem to be in breach of both Californian and UK Law, and both Prospect and GMB have commented on the UK downsizings, and in Europe, I wonder if twitter has established a European Workers Council.

Many of twitters users are talking of leaving but as Maria Farrel comments, on Crooked Timber,

There are now tens of thousands of journalists, policymakers, academics and various other thought-leader types who viscerally get what it is to be trapped inside a monopolistic tech platform, and for it to be costly and painful to leave.

Maria Farrel

Richard Murphy and the ORG (and others) are asking questions about the private ownership of the digital world’s town square. The ORG and most others point at mastodon as an alternative, which is designed as impossible to capture.

What users need is pretty clear. They need greater control over what content they receive, how it is prioritised and how it is presented. The way this is done, in a digital world, is to create more “open” systems that allow third parties to repurpose, filter and represent content in ways that users want. This can and should include better ways to moderate content.

The Open Rights Group

The social networking system lock-in, is the audience and social graph. It’s not been possible, without coding skills to extract the social graph or even the message feed from twitter for a while and linkedin now require one to know the email address of your proposed new linkedin correspondent. i.e. I am looking at transferring my tweet followers to linkedin so that I have a means of contacting them if they decide to quit twitter. In terms of personal twitter hygiene I have been using tweet delete to remove old and unwanted tweets and likes. I have a mastodon account on, but don’t read it every day and neither the big news sites nor my preferred commentators are there.  (I may change my habits, the quality of my mastodon home feed is immeasurably better today, than it was last week.) I should add that my mastodon postings have been more dilatory and personal than those on twitter, and of course, many of my twitter posts are retweets, probably more than posts which may make twitter easier to leave. For those worrying about the complexity of federation, or the fediverse, don’t worry, these are for developers and service engineers.

One user response already in progress is to adopt alternative short messaging products, mastodon is the obvious choice; another response for content authors would be to return to blogging, and encourage people to use a feed reader such as feedly! At least then their readers can get the content as they choose. , and some excessively long threads don’t get read.

For my European readers, although if reading my blogs, they don’t need the help,

Ich frage mich, ob Twitter einen Europäischen Betriebsrat hat
Mi chiedo se Tweitter abbia un Consiglio europeo dei lavoratori
Je me demande si Twitter a un comité d'entreprise européen

What does ‘system update required’ say about Labour’s IT?

What does ‘system update required’ say about Labour’s IT?

As part of the ‘drains up’ undertaken after the 2019 General Election, a coalition calling itself Labour Together undertook a review of what went wrong and as part of that review commissioned an organisation called the "common knowledge co-op" to look at Labour’s IT and its management. They produced a report called “System update required”. (original | mirror ) What did it say? I think this is important, but like so many learning opportunities that challenge power and the bad behaviour of the powerful it seems to me to be dramatically under-valued.

When I first read it, I was outraged. I hoped to summarise it in a sensationalist fashion to see if I could interest someone who might pick it and make things better. What I have written is not that exciting and I suspect little will change because the Party doesn’t have the knowledge and experience and today is led by people who care more about their control and position within the Party than they do in winning an election and becoming a government. I mean they’d be happy to be in Government but it’s more important to them that they control the Party.

In summary, the report says, portfolio management was unacceptably poor and not accountable to the highest levels of management although they too didn’t have clue. There weren’t enough IT staff and the more numerous IT management layer wasn’t good enough. The report makes no mention of ‘requirements management’, nor of any benefits analysis tools to allow an understanding the effectiveness of the software applications provided. Labour’s voter ID/GOTV software is no longer the best. Local adoption of the IT tools is low, partly because of poor commitment to training, partly due to a high turnover of local activists and partly because the Labour machine didn’t care.

In the rest of the article, overleaf, these failings are explored in more detail. ...

Some thoughts on IS programme management

I wrote a note on information systems programme evaluation and management on my linkedin blog. It considers business value vs reliance and observes that this technique permits the management of software products to have different governance policies, that measuring competitive advantage is hard, that IT strategy must be aware of business strategy which will drive the build vs. buy decision together with other project management decisions. Importantly it decries the practice of buying and adapting a software package. These ideas were first taught to me by Dan Remenyi. …

More consequences of Labour’s cyberbreach

More consequences of Labour’s cyberbreach

The Labour Party can’t issue the ballots for their internal elections; they claim it’s a consequence of the cyber-breach last October.

The Party seems to have attempted to create a replacement membership database by updating its mail manager system and presumably adjusting the feeds although much of the functionality previously offered is no longer available and the feed from the financial system is now days or weeks out of date. We should note that the membership self administration tool is also now not available. The mail manager is obviously from observation slowly dying. It is known to be inaccurate; there are errors in terms of who it considers to be a member, their addresses, and their payment status.

The Party plans to replace this recovered system with an off the shelf package[1] from Microsoft. At the moment we are advised that it is unlikely that local party role holders will get access to this until next year.

Until then we have to use a known to be inaccurate database. From observing, presumably NEC authorised actions, it seems to be considered accurate enough to select councillor candidates and run trigger ballots. Procedure Secretaries have been told that they may not override the membership system even when variances are well known and provable. I question that this is legal in it breaches the duty to be accurate and not to automatically profile people.

What seems to be forgotten that is data protection rests on seven principles, Lawfulness, fairness and transparency · Purpose limitation · Data minimisation · Accuracy · Storage limitation · Integrity and confidentiality. Often too much or too little attention is paid to integrity and confidentiality and issues such as lawfulness, fairness, transparency and accuracy are forgotten.

They are running selections and triggers on data known to be inaccurate. This isn’t right.

This has taken 9 months to get here. While culpability for the breach may be questionable, not having a recovery plan and or not funding it is the fault of the Labour Party and thus its NEC. CEO’s have been fired for less.

Why was there no recovery plan? Did they do vendor due diligence on the member centre hosting provider, did they keep it up to date? Is there a risk register? Has the NEC or the risk committee approved the mitigations? In fact, what is the NEC doing about IT Risk? Is there a DPIA on reusing the mail system? Is there a DPIA on reusing the SAR Tool? Is there a DPIA on using the social media scanners they use? When will we get a data protection capability that protects members data from bad actors rather than from themselves?

Nine months failing to recover is shameful and unprofessional. NEC members should be asking why it has come to this and determine if they, through their inaction, are in fact culpable.

[1] This I consider to be wise, although they will need additional software modules to support Labour’s unique processes, such as donation monitoring. Although it seems they plan to customise the UI 🙁 …

A note on Data Protection Officers

A note on Data Protection Officers

Data Protection Officers roles were revised by GDPR and the member state implementations. Here is a reminder for those that need it.

Article 37 states that a processor or controller requires a DPO if it is a public authority, if it requires regular sys systematic monitoring of data subjects on a large scale or if it processes special data.

A DPO may work for multiple companies, but Article 38 requires the DPO to be adequately resourced and supported.

The DPO must be appointed on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks specified in the GDPR Article 39.

Article 38 states that the DPO must be involved in in all issues which relate to the protection of personal data, be properly resourced to perform their duties and to maintain their professional expertise, not receive instructions on the conduct of their duties, not be dismissed for doing their job, and report to the highest levels of management.

The tasks of the role are defined in Article 39, the job is to advise the highest levels of management on their obligations, to monitor compliance including the assignment of responsibilities,  training and operations’ audits, to assist and monitor the data privacy impact assessments, to cooperate and act as a contact point for the supervisory body, in the UK, the ICO.

I have used the EU text as the source of my summary and is reproduced overleaf/below ...

This post was originally posted at linkedin.

The 7 Principles

The  7 Principles

When evaluating Data Protection laws and enforcement appetite, one sometimes needs to refer to the 7 principles. These were agreed by the OECD in 1980 and I summarise them below.

  • Notice, Data subjects should be given notice when their data is being collected.
  • Purpose, Data should only be used for the purpose stated
  • Consent, Data should not be disclosed without the data subject’s consent
  • Security, Collected data should be kept secure from potential abuses
  • Disclosure, Data subjects should be informed as to who is collecting their data
  • Access, Data subjects should be allowed to access their data and make corrections to any inaccurate data.
  • Accountability, Data subjects should have a method available to them to hold data collectors accountable to the above principles.

Europe’s privacy laws are constructed by building legislative infrastructure based on treaties and then the creation of law. This diagram below shows the time line of European infrastructure (above the line) and law (below the line), it was made in a year or so ago and thus does not have the UK’s departure from the EU, nor the assignment of “Adequacy” by the Commission.

While much focus today is on the EU’s GDPR, the principles that underpin it, are more broadly accepted than that law, and in some areas, the GDPR maybe found wanting.

This blog post originally appeared on my LinkedIn blog. …

On Cyber-security

On Cyber-security

I posted a note on cyber security on my linkedin blog. I post some pointers on the standards and controls needed to defend against a cyberattack and implement “adequate technical and organisational” protection. It looks and links at the NIST cyber-security framework and lists some of the necesary controls to implement a reasonable defence and prove “adequate technical and organisational” controls. If you do what I suggest badly, you might get away with it, if you do it well, you might stop and or recover from attacks.  …