The UK Govt have issued a consultation on how or whether to implement a Central Bank Digital Currency. I have written up my thoughts on LinkedIn & Medium and have some further notes on my wiki. I look at the arguments in favour, cite some Swedish sources, who are four years ahead of the UK, and conclude, “This is ideologically dangerous, technically complex, and a solution in search of a problem.” …
Virtual Worlds, the EU citizen’s assembly, session two, day three.
Here is my write up on Day 3; the meeting kicked off in working groups and then returned to plenary. The plenary video is indexed on their web page. This article is made from mainly contemporaneous notes, but I had to revisit the video for the final two speakers. The plenary had guest speakers and allowed some of the working groups to present their ideas. My article here does my best to tell the story of what happened. Most groups seem to have some difficulty in imagining what will change, and there is much inertia and fear on what we'll lose and whether it'll get worse and crime will grow. I am disappointed at the failure to emphasis privacy except for Renate Nikolay, from the Commission and there were some belated calls for free speech, universal access and a need to regulate and suppress fake news. There is an interesting but inconclusive discussion on how to catch up with the USA and China, and a need for education and information. Possibly the most important contribution came from Rehana Schwinninger-Ladak, one of the knowledge committee, again from the Commission who classified the problems and solutions as about people, industry and infrastructure.
The full article is overleaf, please use the "Read More" button. ...
Virtual Worlds, the EU citizen’s assembly, session two, day two.
On the second day of the EU’s citizens assembly on Virtual Worlds, I observed Working Group 6 which reconvened to further develop proposals aimed at informing the regulation and development of a digital Europe. The working group was directed to focus on the Commission’s digital principles, numbers four and five, “Fostering participation in the digital public space” & “Increasing safety, security and empowerment of individuals”. I wonder if the Commission’s short list of broad principles, is a better way of getting something on the table, rather than the detailed multi-point manifestoes that I have tried to build with others.
While the moderator tried to give the meeting some structure much of the meeting was very disjointed with citizen panel members saying what they wanted, which is their role, but rarely adding to what others say by improving or disagreeing. I believe the moderating team have created a summary to forward to the final plenary, if so they have done a better job than me.
This blog article is based on notes taken at the time, and while I have polished them and turned them into sentences, they do not tell really tell a coherent story but I hope that the combination of the wisdom of crowds and my comments, insights and lessons will be interesting
My notes and comments are below/overleaf; use the Read More button to see the full article.
Virtual Worlds, Day 2
This is based on my notes taken on Day 2 of the EU’s citizen’s assembly on Virtual Worlds. These have been polished, but are not easy to draw conclusions or a story from, partly because I have tried not to leave anything out, and the participants were not looking to bring their stories and thoughts together. These notes do not tell a story and this article is quite long for me. I hope it has something interesting for you; it talks of the technology, a little bit of economics, social engagement and control and even a little about the changing nature of personality.
This is an excerpt, the full blog is beyond the "Read More" button. ...
On Release Management
I wrote a piece on Release Management on my LinkedIn Blog. I talk about the minimum properties of a change control authorisation system, the minimum evidence required before agreement can be issued, the need for emergency change control process, the need for post implementation reviews, treating failures as incidents and applying problem management tools to them, and ensuring that there is an appropriate segregation of duties. …
On Musk and Twitter
Elon Musk has taken over twitter; I wrote a short piece on LinkedIn on the deal, its funding, and the technology. Since then some, including the FT (£) have commented on its funding, not the least the bank loans and thus collateral required. The linkedin article and this has some interesting links commenting on the deal, or at least I think so. Also I quote some sources about the fear of the world's town square being owned. For more, use the "Read More" button ...
What does ‘system update required’ say about Labour’s IT?
As part of the ‘drains up’ undertaken after the 2019 General Election, a coalition calling itself Labour Together undertook a review of what went wrong and as part of that review commissioned an organisation called the "common knowledge co-op" to look at Labour’s IT and its management. They produced a report called “System update required”. (original | mirror ) What did it say? I think this is important, but like so many learning opportunities that challenge power and the bad behaviour of the powerful it seems to me to be dramatically under-valued.
When I first read it, I was outraged. I hoped to summarise it in a sensationalist fashion to see if I could interest someone who might pick it and make things better. What I have written is not that exciting and I suspect little will change because the Party doesn’t have the knowledge and experience and today is led by people who care more about their control and position within the Party than they do in winning an election and becoming a government. I mean they’d be happy to be in Government but it’s more important to them that they control the Party.
In summary, the report says, portfolio management was unacceptably poor and not accountable to the highest levels of management although they too didn’t have clue. There weren’t enough IT staff and the more numerous IT management layer wasn’t good enough. The report makes no mention of ‘requirements management’, nor of any benefits analysis tools to allow an understanding the effectiveness of the software applications provided. Labour’s voter ID/GOTV software is no longer the best. Local adoption of the IT tools is low, partly because of poor commitment to training, partly due to a high turnover of local activists and partly because the Labour machine didn’t care.
In the rest of the article, overleaf, these failings are explored in more detail. ...
Evaluating Risk
I found some old notes on classifying and evaluating risk and have put them on my LinkedIn blog. How does one work out the importance and value of a risk and how much to spend on mitigation. Some of this article repeats what was said in the previous article. …
Some thoughts on IS programme management
I wrote a note on information systems programme evaluation and management on my linkedin blog. It considers business value vs reliance and observes that this technique permits the management of software products to have different governance policies, that measuring competitive advantage is hard, that IT strategy must be aware of business strategy which will drive the build vs. buy decision together with other project management decisions. Importantly it decries the practice of buying and adapting a software package. These ideas were first taught to me by Dan Remenyi. …
More consequences of Labour’s cyberbreach
The Labour Party can’t issue the ballots for their internal elections; they claim it’s a consequence of the cyber-breach last October.
The Party seems to have attempted to create a replacement membership database by updating its mail manager system and presumably adjusting the feeds although much of the functionality previously offered is no longer available and the feed from the financial system is now days or weeks out of date. We should note that the membership self administration tool is also now not available. The mail manager is obviously from observation slowly dying. It is known to be inaccurate; there are errors in terms of who it considers to be a member, their addresses, and their payment status.
The Party plans to replace this recovered system with an off the shelf package[1] from Microsoft. At the moment we are advised that it is unlikely that local party role holders will get access to this until next year.
Until then we have to use a known to be inaccurate database. From observing, presumably NEC authorised actions, it seems to be considered accurate enough to select councillor candidates and run trigger ballots. Procedure Secretaries have been told that they may not override the membership system even when variances are well known and provable. I question that this is legal in it breaches the duty to be accurate and not to automatically profile people.
What seems to be forgotten that is data protection rests on seven principles, Lawfulness, fairness and transparency · Purpose limitation · Data minimisation · Accuracy · Storage limitation · Integrity and confidentiality. Often too much or too little attention is paid to integrity and confidentiality and issues such as lawfulness, fairness, transparency and accuracy are forgotten.
They are running selections and triggers on data known to be inaccurate. This isn’t right.
This has taken 9 months to get here. While culpability for the breach may be questionable, not having a recovery plan and or not funding it is the fault of the Labour Party and thus its NEC. CEO’s have been fired for less.
Why was there no recovery plan? Did they do vendor due diligence on the member centre hosting provider, did they keep it up to date? Is there a risk register? Has the NEC or the risk committee approved the mitigations? In fact, what is the NEC doing about IT Risk? Is there a DPIA on reusing the mail system? Is there a DPIA on reusing the SAR Tool? Is there a DPIA on using the social media scanners they use? When will we get a data protection capability that protects members data from bad actors rather than from themselves?
Nine months failing to recover is shameful and unprofessional. NEC members should be asking why it has come to this and determine if they, through their inaction, are in fact culpable.
[1] This I consider to be wise, although they will need additional software modules to support Labour’s unique processes, such as donation monitoring. Although it seems they plan to customise the UI 🙁 …