ACCU (http://accu.org/) is "an organisation of programmers who care about professionalism in programming and are dedicated to raising the standard of programming". Bletchley Park (http://www.bletchleypark.org.uk/) was the wartime home of the British Code and Cipher school, where the Axis' Enigma military codes were broken.

The conference was organised by ACCU as a benefit for Bletchley Park, which, despite being one of the most importants sites both in the history of Computing and the Second World War, is continually starved for funds and struggles to remain open and intact.

Bletchley Park is well worth a visit even when there's not special event on, but this conference was exceptional. I've been to three conferences in the last few weeks (they call came at once this year), and they were fairly different from each other - FOWA (http://phase.org/blog/31336) was a big conference that mixed business and tech, Stack Overflow a slightly smaller one that was purely programming with tasters of various languages and systems, and this one was, for me, a bit of a wildcard. The focus was on security and cryptography, neither of which are particularly areas of expertise for me, although they're definitely interests. I'm also somewhat fascinated by the history of the Second World War, and of Bletchley Park and Enigma in particular.

So, I didn't particularly know what to expect, except that some big names would be speaking on topics that should be interesting; and that it would benefit Bletchley. Oh, and that it meant getting up early on a Saturday to get to Bletchley by 9:30.

When I got there, it was a distinctly chilly autumn morning, but bright sun meant that the park and Mansion looked stunning in the morning. The mansion, if you've never seen it, is a unique building; it's not even the same as itself, in that no two parts of it seem to share the same architectural style:



I managed to grab a quick coffee and danish before Tony Sale started his talk. Tony is, quite deservedly, something of a legend at Bletchley; not only did he help start the National Museum of Computing and Bletchley Park Trust, he's also an authority on Enigma and led the rebuilding of Colossus (the world's first electronic computer) from absurdly little evidence.

He's also, I discovered, an excellent presenter. His energy and passion while explaining 'How the Germans gave away their "unbreakable" codes' by human error was incredible, and not only is he an expert on the Enigma machines and Lorenz SZ encrypted teletype system, but he can also present that material in a way that's simultaneously easy to understand, technically complete and entertaining. His resounding cry of "DURRRRRR" when describing a particularly foolish operator error is something I'll remember fondly for a long time. The talk was obviously widely enjoyed and led to one of the most heartfelt rounds of applause I've heard at a technical presentation.

Video of Tony talking on some of these subjects, and a mass of information on Colossus, Enigma and the Lorenz system can be found on Tony's site at http://www.codesandciphers.org.uk/

After Q&A from Tony, and coffees, we were given a guided tour of National Museum of Computing, featuring the Lorenz intercept and decoding station, the replica Colossus 2, and some (marginally) more modern exhibits such as the Witch computer, early mainframes and desktops. It was great to see the Colossus actually running and explained by Tony. We also got an explanation of the replica Bombe - all elements visible on the standard public tours at Bletchley Park, but given today at a more involved and technical level for a much more technical audience.

Colossus:



The Bombe:




After that, lunch (a mass of buffet sandwiches, hardly Cordon Bleu but pretty edible) and then Phil Zimmerman.

Phil, of course, is the creator of Pretty Good Privacy, a project based on Public Key Cryptography that sought (as Phil put it) to give political groups such as the american peace movement, and similar groups worldwide, the privacy to operate without government surveillance and interference.

For his pains, and his attempts to export this cryptographic system (classified as a munition) worldwide, he spent years under federal investigation. While he still seems to feel he did the right thing, his new project takes a very different angle.

PGP, as Phil puts it, was "a reaction to government attitudes to cryptography that were born, in part, at Bletchley Park"; that is that cryptographic security and research had to be the preserve of governments and military, tightly controlled and under the utmost security.

Phil's new project is ZRTP, a secure but open-source telegraphy protocol which he classifies not as a political project to protect citizens from overzealous goverments, but as a necessary technological project to protect all of us - including governments and the military - from global organised crime. He cites the increasing risk of interception of voice communications as they move off relatively secure PSTN networks onto inherently public IP networks, populated by packet sniffers and zombie desktops, and thereby open to interception by crime syndicates which may use the information for blackmail, insider trading or aggression. This technology is used, for example, by police in the south-west of the USA working against Mexican drug smugglers, who would otherwise have the capability to intercept these communications.

As well as ensuring an encrypted channel for voice communications, the ZRTP protocol has an impressive range of measures to prevent interception by man-in-the-middle attacks, which I didn't quite understand well enough to explain here...

Phil also had a very long Q&A session and a lot of technical detail, which I won't cover in much depth, but I'll drop in a few quotes (which I hope are accurate if slighly paraphrased - none of this was recorded, sadly) which give the tone:

"You can make a case that ... the harm from governments losing the ability wiretap theis citizens ... is much less than the harm that would result from criminals wiretapping us".

"Our protocol ... will affect organised crime more than governments ... as criminals tend to be more interested in the content of messages (for blackmail, interception etc) whereas governments tend to have to rely on traffic analysis against criminals using codes and codephrases".

In a response to a question on how his product differed from Skype: "Skype... won't release source code, or even say how their security works. How can I trust that?"

"The UK and China - the two greatest observation infrastructures in the world... How do you guys put up with it?"

After a fairly involved - but fascinating - discussion of key exchange, entropy and crime with Phil, we changed tone again with a talk from Simon Singh, starting with Stairway from Heaven - played backwards.

The first time you hear this extract, even if you're told there's a voice in it, you won't hear much. Then, when you're told what the message is (Simon ran this through a karaoke-style word highlighter), it's so clear you can't believe it's the same recording.

However, all this proves is just how far the human mind will go to find patterns and messages where none exist.

Then, an example of the importance of code security, in Mary Queen of Scots' intercepted plot to overtrow Elizabeth the First, easily decrypted even back in the 16th century, which led to her execution.

Simon's main talk was about the Cypher Challenge which featured in his Code book, and how it was solved. This featured substitution cyphers and frequency analysis, book ciphers - and the importance of finding the right book, Enigma machines, and how to accidentally turn a triple-DES challenge into a single-DES one. The talk included a demo of Simon's very own original Enigma machine - which of course obeyed the universal law of demonstrations by refusing to encypher symetrically. However, Phil Zimmerman was almost entranced by it, a reaction I can thoroughly relate to!



Finally, back to the human ability to treat coincidence as revelation, courtesy of "The Bible Code", which claims that hundreds of prophecies are hidden within the Bible. However, the bible is a vast corpus of text, and once you give yourself loose enough rules, you can "find" messages all over it. However, you can also find remarkably similar messages in Moby Dick using those rules.

Simon's summary of a range of historical ciphers and code-breaking rounded the day off well, and was followed by a few words from Simon Greenish, Director of Bletchley Park. He recounted that, while Bletchley Park is one of the most important historical sites in the UK, at least in terms of technological and military history, it has existed on a shoestring. "It has often bumped along the bottom financially... and very nearly didn't make it on more than one occasion". Fortunately it's now in slightly less dire straits, but still needs more funds to do more than just survive - there are now vast amounts of repair and restoration to do, before fulfilling the plans that will make the site a truly outstanding museum.

Fortunately, the day raised around £7000 towards these efforts. It was an excellent day, and I'll be delighted to retun if, as planned, it's repeated next year.

I stood waiting for a bus last night. I knew it was a number 4; I knew it was suposed to arrive at 10:01pm, and that it should take about 14 minutes to get me to Waterloo, where I could catch a train home.

What I didn't know was when, or whether, it would actually turn up. There was no "countdown" display on the bus-shelter, so the information available was entirely based on paper, ink, and "should".

This struck me, in an age where the capabilties of our daily, hand-held technologies are developing at an ever-increasing rate, as frankly somewhat poor, even disappointing. Someone wasn't trying hard enough.

I own an iPhone. It's an incredibly polarising device; excessively loved by some, unnecessarily maligned by others. It does, however, have one point very much in its favour:

What it claims to do, it does. Well, and with excellent stability. In Apple parlance, It Just Works.

There are of course things it won't do. Copy and paste functionality is the classic example of what it lacks, much lambasted for the omission of such a simple, widely-supported feature. It's a bit of a riddle until you then ask yourself "but what is the standard, accepted way of supporting copy and paste on a multi-touch, gesture-driven device?" Of course there isn't one, and Apple's perfectionist attitude was that they'd rather not do it if they couldn't do it well. We'll see how well their implementation works in the mass market in a few months.

iPhones, after all, evolve. The device I bought on the launch day of the 1st gen phone was a very different machine when I sold it to get the 3G (mainly for the memory). The rule on "iPhone 1.0" was "This is a totally closed system; we give you maps, calendars, and the other standard PDA/smartphone basics, and if you want to do something clever, you go to the web". When I sold it of course it supported third-party apps, and had mapping capabilities vastly greater than when I bought it, among numerous bug-fixes & small enhancements. That process means that on those rare occasions when you do find a fault in the system, you don't feel you bought a dud device, just that you may have to wait for it to improve.

For copy and paste, of course, that wait was rather longer than we expected. But I digress.

The point I made above was that the iPhone does what it claims to do. I've been using smartphones and PDAs, generally from the Palm/Handspring stable for years. Their basic features all worked, but they were self-enclosed (trying to get them to talk to a PC or Mac was always hit-or-miss) and frankly clunky. Third party apps were of course supported, but generally pretty darn poor. Different versions of the Palm platform confused apps which frequently fell into disrepair, or just didn't work in the first place. Of course, the iPhone platform changes too, but with apps sold on a subscription model, they tend to evolve and be fixed in just the same way that the phone itself does.

My point, though, is not to write a paean to the iPhone; there's plenty of those around already. The focus is this: there now exists a stable, high-res, high-power, widely adopted portable platform with decent autonomy, and capabilities that until 5 years ago or less were science fiction, or at best divided into dedicated (and generally fairly dumb) gadgets.

The best example (and the best described, in terms of human impact) of these integrated Sci-Fi gadgets, by the way, are Kim Stanley Robinson's wrist computers from his Mars trilogy. The iPhone is, pretty much, that device. To use a phrase that's very popular these days, it is a "game-changer". And with the v3 OS coming out soon, it'll knock the game up to another level.

Fortunately, other companies are also trying to join the new game, but whether they're succeeding, or even outdoing the iPhone, is irrelevant to this post. The point is:

The platform exists, be it in one or many devices. What are we going to do with it?

And why did I start out waffling about busses and trains, and what does it have to do with the iPhone?

The latter question is the easier one to answer. On my iPhone, I can (simplifying only very slightly) click "Trains -> Next train home from where I'm standing" and it'll give me the answer, quickly and accurately. There's a few things it needs to know to do that:

1) Where I am.
2) What the nearest station to that location is.
3) How I define "home".
4) What trains are scheduled to run from 2) to 3), directly or indirectly.
5) Whether they're running to time

It uses quite a range of technologies to achieve this:

1) it solves by consulting the iPhone's "Core Location" service. This combines GPS location (gathered from a range of satellites thousands of miles away, of course) with ambient electronic clues in the form of WiFi hotspot idents, correlates them via consultation with a remote system, and returns the data to the app. Quite a trick in and of itself, but much more useful when it's an input to a system.

2) it solves by asking a remote database the question "Where's the nearest station to this location?" This requires network communications, a remote server infrastructure, and a geographically tagged list of every rail station in the UK. That's a fairly large database, although the proximity maths is reasonably basic trigonometry. In other words, it's consulting an expert third party.

3) Well, it asked me. If it was feeling really clever, it might have been able to look in my address book and find the entry marked "me" and work out a station from there, but frankly, people find that spooky. And interacting with the user, particularly when you give them a large amount of "usefulness" in return for minimal data, is still a pretty good idea.

4), like 2), is a remote database lookup, coupled with a routing algorithm that's probably quite complex.

5) again is a remote lookup, but with the crucial difference that's live data. It's not something I could find out in a paper timetable, rather it's a representation of the current state of the world, specifically of a really pretty complex railway system, that's updated every minute or so. That in itself is quite a trick of data transfer and management.

So, by use of massively complex national, international, and even orbital systems, I save a few minutes' time, or gain access to information that would have been unfeasibly complex to get by trying to follow the steps manually. Which it is depends on where I am, and how much I already know about the local area and services. Even if I know nothing, it can find me a route.

So, why the heck can't it find a bus?

Well, obviously busses don't run on rails or have to be scheduled through stations. But most of them do now report their locations to central systems, and there are databases and routing systems that can report on their intended locations and capabilities.

Basically, it can't find a bus because no-one's joined together all the systems that it needs to use to find a bus. The main step missing is a public interface to the "Countdown" data that's displayed on some bus stops, but it could also quite practically report on traffic and weather conditions along the route.

But there are a couple of other issues. There may be resistance to the public knowing exactly where all busses are at all times - people on those busses may feel uneasy, and I'm sure someone in Whitehall or TfL would consider it a terrorism risk. There are social aversions to this sort of sharing of data.

The company that's been most on the receiving end of those aversions recently is Google - both for their Latitude and Street View applications. The tabloid outcry (and you can classify most of the media in that category these days) has been somewhere between hilarious and utterly depressing. Classifying Latitude as "Google's spy in your pocket" has been one of the most impressive displays of hyperbolic, point-missing technophobia of modern times. Yes, it's technologically (if not actually) possible to create a system that will track people without their knowledge, but Latitude is categorically not that system; and if you claim "but Google are just saying that", you might as well believe that the spy's already in your phone, at the OS level. Latitude changes nothing at the technical level.

What it changes is the capacity for sharing that information - in scope, in precision, and in audience.

I know people all over the UK. All over the world, in fact, and they tend (and I) tend to travel. I can only guess how many times I've walked 2 streets away from a friend who lives in another country, and never met, and still not met them because I didn't know they were there. This might seem a slightly tenuous example of trying to force serendipity, but on occasion I've managed to do so, and enjoyed the results. Not by automated location sharing, but via Twitter and Facebook status - I, like millions of others worldwide, am manually pushing data out there to increase my friends' "ambient awareness" of me in the hope that it may lead to a meeting, or a laugh, or useful information. In extremis, it can lead to a new job, career, or lifesaving information.

I actually want quite a lot of people to know quite a lot about me.

Of course, there is also some information I don't want widely known, and possibly even some people I'd rather knew very little. Most people would generally prefer, for example, that their employers didn't know every pub and club they'd been into recently. And we've already heard too many cases where uptight employers have seen things on facebook that they've deemed dismissible offences, often such heinous crimes as "I wish they'd give me something more interesting to do", or "pissed again".

Of course in the latter case, the crime's not getting pissed. It's getting caught. After all, chances are the employer's doing exactly the same thing. It's hypocrisy, and it's not a technical problem, it's a social one. And it stinks. If we're going to make even comparatively innocuous data risky or guilty, we're going to have one hell of a problem with real ambient awareness, and geo-aware assistive tools.

Of course, it's not all just curtain-twitching; there are some real reasons why certain people don't want their location to be widely known - one friend of mine has a stalker who's life they'd rather not make easier. But, unfortunately, even without actively broadcasting ambience (that may be an oxymoron) no-one's location, or at least their dwelling, is an impenetrable secret. Ambience just makes it easier.

I don't claim to have a solution to that one, and we'll need one at some point, but, prudish attitudes aside, it's not a problem that needs to apply to most people. Frankly, the entity that most people mistrust with their location and ambience isn't other individuals, or their employers, but the government. And with good reason; their abilities to contain and manage data are on a par with an igloo's ability to contain a blast furnace. Even beyond that, there's too much evidence that they don't always act in our best interests - the number of people arrested or investigated under terrorist legislation for anything from peaceful protest to putting their bins out too soon attests to that.

If we could just fix the government, and people's attitudes, it'd all be so simple.

Well OK, that's obviously far from trivial; but it's worth recognising that:

1) Ambient awareness, and location-aware services, have the potential to be a massive benefit to us.
2) The problems with these systems tend to be more of attitude than of significant social or technical issues, and
3) That if we can't solve 2, we're massively limiting the use and usefulness of 1)
4) At the moment most of our apparent privacy and secrecy (and sometimes security) is a shared myth that it's doing us very few favours to perpetuate.

It's difficult to discuss these topics and maintain a fully consistent attitude with regards to personal privacy (although Emerson's comments that "A foolish consistency is the hobgoblin of little minds" may be applied; the world itself may not be consistent). We really have to ask what privacy we need, and why, and how we can maintain our freedoms and abilities if we shift that balance around for technical benefit.

That's *not* a topic I'm going to try to cover in depth right now, though.

I mentioned Street View above, too. Many people are, apparently, outraged that they've been caught in the act of walking in a street at an undisclosed date and time (although frankly, given the fuzzing, most people can only identify themselves, and that very rarely). Or they're energetically objecting to the fact that people can see their houses (from here). It's often widely forgotten that such ancient technologies as feet and eyes have had provided this capability for more than a few years. And there's probably more sensitive data in the phone book.

Again, though, there are edge cases where it matters more - if you're pissed and throwing up in the street you have little of my sympathy for your self-inflicted plight, but rather more for your colleagues' or employer's subsequent self-righteousness. If you're being treated by Paramedics, then I think it's fair that Google swap out that content when notified. But if you're upset about the deer being knocked over, please go watch Bambi and get a grip.

We might need to tidy the data up. But let's not just trash it on knee-jerk technophobia or future shock.

And you'd better get used to future shock too, because the future's accelerating. No, we don't have flying cars yet (thankfully), but we may still be at the first hints of the Accelerando.

At this point it's incumbent on me to mention Charlie Stross, not merely an excellent and humorous author, but quite possibly the UK's best futurologist. His Cthuloid spy stories and world-walking tales may not prove entirely predictive, but his near-future vision in Halting State is spot on (too much so sometimes, having seen two Halting State incidents in Eve Online recently). Equally, his canonical "Accelerando" is possibly the best tale of human reaction to future technological change, and even his far-future and whimsical Eschaton novels are excellent studies of humanity in technological extremis.

I don't want my flying car. I want my phone to tap my ear and put up a subtle glyph in my glasses if the Northern Line's packed up when I leave the office, or I'm looking at museums to visit online and the Overland's shut for maintenance. I want it to update my list of local eateries when that new Japanese place opens, and make me aware that Porcupine Tree are releasing a new album. I'd like to know that Jacques, who I worked with in Paris, just moved to Kensington. I want it to make my life subtly simpler, and help me connect with friends and old acquaintances.

Give or take the pretty poor state of eyeglass projectors at the moment, it's all entirely possible - and not merely possible in the Tomorrow's World, Martlesham Heath sense that "given enough boffins, we can make a proof of concept", but rather in the sense that 90% of it's already on the shelves and in people's pockets.

The future's very close. At some point, your phone may realise this.

"Honest men have nothing to fear from the law" is a widely used dictum much loved by protagonists of the surveillance society, and by much of the less imaginative part of Middle England.

It is also, unfortunately, naïve and inaccurate. Pratchett refers to is as being "under review from the Axioms Appeal Board" in Men At Arms. The problem has several aspects; firstly that the agents of the law, not to mention the full range of overly conservative small-minded snoops, have very specific ideas of "honest people" and "suspicious" or "wholesome" behaviour. It is therefore incumbent on us not only to be honest, but to be staid, mainstream and "above reproach". There's long been an attitude of "don't ask, don't tell" towards anything risqué, to the extent that many widely-shared behaviours are expected to be hidden for the sake of hypocritical propriety.

The classic case of this has always been with regards to sexuality, particularly homosexuality in the US military, with the attitude of "you can die for us, but don't expect us to accept you". The attitude is also present, with less mortal consequences, in public life in the UK. It is widely known or assumed that many politicians or members of the judiciary have a non-mainstream (and entirely legal) sexuality that they dare not display for fear of being deemed inadequately wholesome, or hounded from office.

In a similar vein; I work for a publisher that counts among its portfolio magazines and sites which feature "glamour" photography of various types. The mainstream, while trying to look tolerant and modern, will generally accept that "tasteful glamour" is entirely socially acceptable, so why do we keep getting emails from former models who now need the pictures removed in case "it harms their career or credibility". Simply, because many of the public more small-minded and lest honest than it wishes to admit.

But what if we are really wholesome, law-abiding, upstanding and utterly boring? Surely we have nothing to hide then?

Well, no. I'm not going to publicly share my passwords, bank details, pin and so on; that much is obvious. I'm also not likely to share how much I drink, what sort of adult entertainment I may prefer, or what I do in the privacy of my own home. But there's another class of "semi-public" information I need to keep pretty private too, and that's just a nuisance.

I'm referring to the sort of information that banks and similar organisations use to "verify your identity" for security purposes. Your date of birth, for example. Letting the world know your exact age can be a security risk. So can sharing where you live; some banks seem to think that my postcode is secure and sekrit data. My place of birth and mother's name are verboten, which is a right pain if I want to do any sort of genealogical research (which it so happens that I do). My first school, favourite colour, pet's name... it goes on and on. Even which electricity supplier I use could be used to compromise my accounts. This is all information my friends at least should be able to know, and it should be harmless in any hands.

But it's not, because banks are inept, and (in part due to this) the public don't understand security. So we're grossly limited in the information we can make public. This matters, not only because it's terrible security (it's all "semi-secret" in the same sort of "don't ask, don't tell" mentality of "private" lifestyles, but because it compromises methods we might use to keep in touch with, and locate, old and new friends.

In one particular ideal world, I would be able to let any of my friends who "need to know" where I live, my phone numbers, what I was doing, my parent's names, my niece's date of birth, where I was at any given time, and where I was planning to go clubbing or holidaying next. The technology and use for all of these exists in the forms of Twitter, Dopplr, Fire Eagle and MyHeritage, but the use I can make of them is grossly limited by a combination of the world's broken security models and broken attitudes. Even where "friend-locking" exists, it's rendered useless by the mass of account management I'd need to do for everyone who might want to know, and the fact my friends would all need accounts (and I'd have to know which these accounts were) on all relevant sites. And most data I wouldn't want to have to lock anyway.

What's required may be difficult. The amount of data we'd like to share to make our lives easier and better connect with our friends (and find new like minds) is too wide for entirely traditional notions of privacy. Now, this may sound weird; like many liberals and techs I'm a privacy advocate. But the point is that we need to have a greater choice in privacy; not only in what we can keep secret from prying eyes if we wish to, but also what we can make public without risk of censure or security compromise if we want to.

We need a new attitude to "semi-public" data. We need banks to stop treating it as secure, and we need the wider public and our current and potential employers, leaders and neighbours to adopt a more honest and less censorious and hypocritical attitude to our behaviour. It may not be easy; in fact it almost certainly won't be. But we live in the information age, and if we can't, as a society, learn how to properly manage and use information, we'll be grossly limiting ourselves.

I've commented a few times on just how bad customer authentication is in the UK's banks, but hadn't got around to blogging about it. Now that the UK government's managed to achieve one of the greatest confidential leaks of modern history, it might be worth doing so.

So, for those outside the UK, or who might, for other reasons, not have heard about this story:

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.

The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.

From http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm


Now, NI numbers (approximately equivalent to US Social Security numbers, although much less widely used or risky) are definitely sensitive data. Bank account numbers, while not an explicit risk by themselves, become a very useful target for identity theft when coupled with, for example, full names, dates of birth and addresses. The extra security information you tend to need are your Mother's maiden name and some sort of signature or PIN. Online and phone banking systems sometimes only ask you for two digits of passcode (sometimes from as few as four) to gain full access. And, to start a standing order, or direct debit, little more than the above data seems to be required.

There also seems to be an incredible superstition held by banks that your mother's maiden name and your date of birth (and sometimes place of birth) are mysterious and unknowable. One has to assume from this that banking security experts are lonely people whose friends never remember their birthdays, and to whom they never talk about themselves. In particular, none of them are amateur genealogists, as their insistence on making such family data dangerous to share is a downright nuisance to anyone wishing to trace their family tree.

These data are, frankly, not secure, and nor should they have to be. Part of the essence of a good password is that it is hard to guess. Another is that it can be changed when required. A third is that it has no external meaning. Personally fixed data like this are therefore about the worst things you can use as a password.

A signature's not much better, as the growth of chip-and-pin cards attest. They are (comparatively) easy to copy, and no-one ever really checks them anyway.

And these authenticators are only useful if they're fully checked anyway. Often enough banks staff and so on seem to assume that, if you ask for something belonging to someone, then you must be that person. Defence against social engineering is shoddy at best, and staff, if they follow procedures at all, just tend to go through the motions without understanding what they're doing or why they're doing it. There needs to be a wholesale revision of the methods of, and approach to, data security in this country.

But, as yet, the data that's escaped should not be enough to access bank accounts without either serious extra work, extremely braze social engineering, or guessing of passwords. As in, it's hard - not impossible.

Of course, since many people use their children's names or birthdates as passwords (remember War Games?), that may not be so difficult.

The highest risk at the moment seems to be that of extremely convincing phishing attacks. Currently my various banks authenticate emails by addressing them to my full real name, and including some part of my account number, or my postcode.

In fact I'd also expect an opportunist wave of unsophisticated "To protect your data after this leak" phishing - which doesn't even require the data to be in bad guys' hands.

But, do the bad guys have it? The police and government "reassure" us that "There is no evidence that this data has fallen into criminal hands". This is one of the most astounding pieces of weaselling that either party has ever acheived. One might also ask, since no-one knows where the data is (and recall that, even encrypted, it can be infinitely duplicated), what evidence there is that it has *not* fallen into criminal hands.

There's also considerable doubt about the security measures placed on the data - according to government sources it was "password protected but not encrypted" - which is complete nonsense, and therefore probably wrong. If the data is not encrypted, it should all be assumed to be in the wrong hands. If weak encryption was used, data criminals have large enough botnets of infected, hijacked machines to make short work of it. If strong encryption was used - and given the complete lack of other security considerations taken, this seems unlikely - then perhaps we are more justified in just crossing our fingers and hoping for the best.

And that's what most people seem to be doing anyway, taking the approach that "nothing bad will happen to them". This might be pure fatalism; it may be trust of government (and bank) weaselling, or it might just be a complete unawareness of what can be done - as noted above, most of this data cannot be changed. I suspect that, under these circumstances, I'd be strongly considering changing bank, or at least getting them to re-assign my account number - which would admittedly be a massive nuisance. We have to give our bank details to so many people that re-providing it would be as complex as changing address when moving house - more so in fact, as there would be no realistic possibility of assisted notification or redirection services without further compromising security.