An email I sent to 38 degrees today in response to https://secure.38degrees.org.uk/page/contribute/PR

Why is all the pressure for electoral reform being put on Nick Clegg? After all, he represents (due to the wonders of FPTP) less than 10% of the MPs who could affect this, and it's Brown or Cameron that could allow reform to go ahead, not him.

I voted for the Lib Dems and for Clegg, and I want PR. I was at the demonstration on Saturday. I wrote to him as a Lib Dem member on Friday to urge him to act in the best interests of both the country and party by sticking to Lib Dem core policies including Electoral Reform. But I'm finding it very odd that many people who didn't support the Lib Dems in the election now think that Nick is now beholden to them to fix an electoral system that's left his party a minnow among the old whales, particularly when they seem to be offering him no support in doing so; in fact, they offer little more than masked threats.

I'll back the promotion of PR in the national press, and I'll hit the streets again to support it. But I won't help promote the idea that this is somehow entirely Clegg's responsibility and that neither Cameron nor Brown have a responsibility to us. Clegg's got enough on his plate without being set up as a scapegoat for the failure of Labour or the Conservatives to finally reform our discredited electoral system.

While you're reading this, if you own an iPhone, go download the app and keep it on your phone until it's needed. It's free, and it's tiny.

And it's potentially extremely useful.

We live in an age of rapid information flow, but sometimes it seems that some organisations, particularly in local or national government, haven't quite got that memo yet - as my recent travails with the Post Office showed. MySociety is an organisation that exists to counter those delays, and help information flow freely to and from both local and national government. They, as volunteers, do a stunning job.

One of their sites (and they now have many) is "Fix My Street" site, designed as a convenient way to report minor (or major) problems with our roads. I'm sure we've all seen potholes, missing signs, broken streetlamps, and would have been quite happy to report them and get them fixed if we had the faintest clue how. The Fix My Street website is a good start, but you still have to remember the problem and get round to locating and reporting it when you get home.

Or, if you've got their new iPhone App on your phone ready, you can do it in-situ, have the phone's location services place you precisely, and take a picture of the problem while you're at it.

Reporting the problem is a two-step process; you provide basic information (enough to record the problem) in the application, and then receive an email with a confirmation link which takes you to a page where you can complete the process, adding a category and further detail. (Personally I'm not hugely keen on the two-step data entry, and I've given my feedback so we'll see whether any changes arise). The email confirmation step is common to pretty much all of MySociety's sites, as to be useful they *must* be kept nuisance-free.

Your report is then mailed to the right department of the right council (and that's the really useful bit!) to allow action to be taken. You can then see any other local issues reported and give feedback as to whether your own has been fixed. It's effectively crowdsourced bug reporting for towns and cities. And it's an excellent, if minor use of communications technology and mobile platforms.

Like I said; download it, install it, and forget it. It's tiny (0.1MB) and it'll sit on your phone and wait until it can help fix your town.

It's fashionable to suspect, in liberal circles, and even more fashionable to knowingly dismiss (in a "that doesn't happen here" sense), that "trouble" at protests is caused more by the police than the protesters.

We live in a democracy, and so we like to believe that that's not the case. And if it were, the free media would soon expose it.

But over the last few years I've seen the evidence mount up disturbingly that it's often true, and the media don't generally seem to talk about it (although they're not entirely mute).

We've seen the rather inept Agent Provocateur trying to incite Plane Stupid to extreme acts. It seems apparent that there are many more less unsubtle agents at work.

I've heard reliable reports from friends at the recent Climate Camp at Heathrow that the police acted heavy-handedly, including deliberately blocking exits and access to emergency vehicles, carefully blocking the TV cameras.

We've heard police, in their own words, "preparing for violence" at peaceful protests.

Today, there are further reports of police aggression at Gay Rights protests (http://snurl.com/57slr). Without wishing to be stereotypical, that's not really a group you picture attacking cops.

Something's gone decidedly wrong.

However, we're now entering the time when everything can be documented and shared worldwide fairly instantly. Text messages have moved on to mobile blogging and twitter with their global audience; worldwide distribution of photos and video (particularly with topical- and geo-tagging) is now possible, and is becoming faster and easier to achieve on the move. The time will come soon when we can see both sides of every protest in real time.

And that's a concept every protester may need to keep in mind these days. Governments (including the UK government) are passing laws to restrict the right to peaceful protest; an essential right which needs to be preserved. We may be at the state where we have to prove our innocence at protests by documenting it on the fly - and prove it not merely to the courts and politicians, but to those members of the public in whose eyes it has been degraded by violent minorities and police aggression.

We don't want another Rodney King situation, but we want the police to know they're answerable.

"Honest men have nothing to fear from the law" is a widely used dictum much loved by protagonists of the surveillance society, and by much of the less imaginative part of Middle England.

It is also, unfortunately, naïve and inaccurate. Pratchett refers to is as being "under review from the Axioms Appeal Board" in Men At Arms. The problem has several aspects; firstly that the agents of the law, not to mention the full range of overly conservative small-minded snoops, have very specific ideas of "honest people" and "suspicious" or "wholesome" behaviour. It is therefore incumbent on us not only to be honest, but to be staid, mainstream and "above reproach". There's long been an attitude of "don't ask, don't tell" towards anything risqué, to the extent that many widely-shared behaviours are expected to be hidden for the sake of hypocritical propriety.

The classic case of this has always been with regards to sexuality, particularly homosexuality in the US military, with the attitude of "you can die for us, but don't expect us to accept you". The attitude is also present, with less mortal consequences, in public life in the UK. It is widely known or assumed that many politicians or members of the judiciary have a non-mainstream (and entirely legal) sexuality that they dare not display for fear of being deemed inadequately wholesome, or hounded from office.

In a similar vein; I work for a publisher that counts among its portfolio magazines and sites which feature "glamour" photography of various types. The mainstream, while trying to look tolerant and modern, will generally accept that "tasteful glamour" is entirely socially acceptable, so why do we keep getting emails from former models who now need the pictures removed in case "it harms their career or credibility". Simply, because many of the public more small-minded and lest honest than it wishes to admit.

But what if we are really wholesome, law-abiding, upstanding and utterly boring? Surely we have nothing to hide then?

Well, no. I'm not going to publicly share my passwords, bank details, pin and so on; that much is obvious. I'm also not likely to share how much I drink, what sort of adult entertainment I may prefer, or what I do in the privacy of my own home. But there's another class of "semi-public" information I need to keep pretty private too, and that's just a nuisance.

I'm referring to the sort of information that banks and similar organisations use to "verify your identity" for security purposes. Your date of birth, for example. Letting the world know your exact age can be a security risk. So can sharing where you live; some banks seem to think that my postcode is secure and sekrit data. My place of birth and mother's name are verboten, which is a right pain if I want to do any sort of genealogical research (which it so happens that I do). My first school, favourite colour, pet's name... it goes on and on. Even which electricity supplier I use could be used to compromise my accounts. This is all information my friends at least should be able to know, and it should be harmless in any hands.

But it's not, because banks are inept, and (in part due to this) the public don't understand security. So we're grossly limited in the information we can make public. This matters, not only because it's terrible security (it's all "semi-secret" in the same sort of "don't ask, don't tell" mentality of "private" lifestyles, but because it compromises methods we might use to keep in touch with, and locate, old and new friends.

In one particular ideal world, I would be able to let any of my friends who "need to know" where I live, my phone numbers, what I was doing, my parent's names, my niece's date of birth, where I was at any given time, and where I was planning to go clubbing or holidaying next. The technology and use for all of these exists in the forms of Twitter, Dopplr, Fire Eagle and MyHeritage, but the use I can make of them is grossly limited by a combination of the world's broken security models and broken attitudes. Even where "friend-locking" exists, it's rendered useless by the mass of account management I'd need to do for everyone who might want to know, and the fact my friends would all need accounts (and I'd have to know which these accounts were) on all relevant sites. And most data I wouldn't want to have to lock anyway.

What's required may be difficult. The amount of data we'd like to share to make our lives easier and better connect with our friends (and find new like minds) is too wide for entirely traditional notions of privacy. Now, this may sound weird; like many liberals and techs I'm a privacy advocate. But the point is that we need to have a greater choice in privacy; not only in what we can keep secret from prying eyes if we wish to, but also what we can make public without risk of censure or security compromise if we want to.

We need a new attitude to "semi-public" data. We need banks to stop treating it as secure, and we need the wider public and our current and potential employers, leaders and neighbours to adopt a more honest and less censorious and hypocritical attitude to our behaviour. It may not be easy; in fact it almost certainly won't be. But we live in the information age, and if we can't, as a society, learn how to properly manage and use information, we'll be grossly limiting ourselves.

I've commented a few times on just how bad customer authentication is in the UK's banks, but hadn't got around to blogging about it. Now that the UK government's managed to achieve one of the greatest confidential leaks of modern history, it might be worth doing so.

So, for those outside the UK, or who might, for other reasons, not have heard about this story:

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.

The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.

From http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm


Now, NI numbers (approximately equivalent to US Social Security numbers, although much less widely used or risky) are definitely sensitive data. Bank account numbers, while not an explicit risk by themselves, become a very useful target for identity theft when coupled with, for example, full names, dates of birth and addresses. The extra security information you tend to need are your Mother's maiden name and some sort of signature or PIN. Online and phone banking systems sometimes only ask you for two digits of passcode (sometimes from as few as four) to gain full access. And, to start a standing order, or direct debit, little more than the above data seems to be required.

There also seems to be an incredible superstition held by banks that your mother's maiden name and your date of birth (and sometimes place of birth) are mysterious and unknowable. One has to assume from this that banking security experts are lonely people whose friends never remember their birthdays, and to whom they never talk about themselves. In particular, none of them are amateur genealogists, as their insistence on making such family data dangerous to share is a downright nuisance to anyone wishing to trace their family tree.

These data are, frankly, not secure, and nor should they have to be. Part of the essence of a good password is that it is hard to guess. Another is that it can be changed when required. A third is that it has no external meaning. Personally fixed data like this are therefore about the worst things you can use as a password.

A signature's not much better, as the growth of chip-and-pin cards attest. They are (comparatively) easy to copy, and no-one ever really checks them anyway.

And these authenticators are only useful if they're fully checked anyway. Often enough banks staff and so on seem to assume that, if you ask for something belonging to someone, then you must be that person. Defence against social engineering is shoddy at best, and staff, if they follow procedures at all, just tend to go through the motions without understanding what they're doing or why they're doing it. There needs to be a wholesale revision of the methods of, and approach to, data security in this country.

But, as yet, the data that's escaped should not be enough to access bank accounts without either serious extra work, extremely braze social engineering, or guessing of passwords. As in, it's hard - not impossible.

Of course, since many people use their children's names or birthdates as passwords (remember War Games?), that may not be so difficult.

The highest risk at the moment seems to be that of extremely convincing phishing attacks. Currently my various banks authenticate emails by addressing them to my full real name, and including some part of my account number, or my postcode.

In fact I'd also expect an opportunist wave of unsophisticated "To protect your data after this leak" phishing - which doesn't even require the data to be in bad guys' hands.

But, do the bad guys have it? The police and government "reassure" us that "There is no evidence that this data has fallen into criminal hands". This is one of the most astounding pieces of weaselling that either party has ever acheived. One might also ask, since no-one knows where the data is (and recall that, even encrypted, it can be infinitely duplicated), what evidence there is that it has *not* fallen into criminal hands.

There's also considerable doubt about the security measures placed on the data - according to government sources it was "password protected but not encrypted" - which is complete nonsense, and therefore probably wrong. If the data is not encrypted, it should all be assumed to be in the wrong hands. If weak encryption was used, data criminals have large enough botnets of infected, hijacked machines to make short work of it. If strong encryption was used - and given the complete lack of other security considerations taken, this seems unlikely - then perhaps we are more justified in just crossing our fingers and hoping for the best.

And that's what most people seem to be doing anyway, taking the approach that "nothing bad will happen to them". This might be pure fatalism; it may be trust of government (and bank) weaselling, or it might just be a complete unawareness of what can be done - as noted above, most of this data cannot be changed. I suspect that, under these circumstances, I'd be strongly considering changing bank, or at least getting them to re-assign my account number - which would admittedly be a massive nuisance. We have to give our bank details to so many people that re-providing it would be as complex as changing address when moving house - more so in fact, as there would be no realistic possibility of assisted notification or redirection services without further compromising security.