Theory matters!

Theory matters!

I have just posted a blog on linkedin about business and IT strategy.  I say a bit more here! This was provoked because I was doing some research for a job application which involves IT strategy. I was considering the alignment of business strategy with that of the IT department and what I might say. I outlined three models, although they were all developed a while ago, I think they all have relevance today. The three models address business strategy, software portfolio management and architectural pattern selection. Business strategy should drive portfolio and project management choices. While business strategy will outline how to do what must be done, it also defines what will not be done.  Portfolio management determines the allocation of development funding, priority, maintenance funding, project risk appetite, people skills, project governance and software sourcing policy and as result of choices made, one can select the appropriate platform super architectures, of which you may need more than one. I conclude that theory matters. See more below/overleaf … …

More on Free broadband

More on Free broadband

One of the allegedly glaringly popular promises in the last Labour manifesto was the promise of free broadband. I wrote about it a couple of times and decided that though it was desirable, the failure to socialise it both within the movement and society as a whole allowed the promise to be undermined by questions of cost. I concluded the article above by asking “why not free water?”. One of the answers to that is that much government business, which it requires those most likely to not have the internet requires its use, on the one hand, recording business activity and on the other claiming benefits and maybe equally importantly writing to one’s MP or Council. The idea came from two sources, one of them the London CWU who issued a pamphlet, calling for broader public ownership of the telco and postal services on the grounds that private/market ownership was wasteful of wealth and resources, has delayed the adoption of superfast broadband, caused an investment famine and led to a pursuit of short term fashion & profit rather than investing in infrastructure for long term aggregate growth. The Executive Summary is reproduced below/overleaf. … …

Virtuality & the Labour Party

Virtuality & the Labour Party

Somewhere inside my head there’s an article on how businesses weren’t planning for a pandemic as a business continuity risk, most plans were about protecting infrastructure. My most recent linkedin article looks at the under-licensing and data leakage risks exposed by the spontaneous adoption of remote desk top technology but the country has had to adopt a much wider “work from home” practice than previously, stressing those parts of the economy that serve it, including home space and furniture supply. This all leaves unanswered how are democratic decisions being taken? Let’s look at the Labour Party; I wouldn’t want to be the Labour Party apparatchik that allowed 7.IV.H.8 (P41) 2019 to expire. It used to say,

The NEC shall invite CLPs to take part in pilots of staggered meetings, electronic attendance, online voting and other methods of maximising participation. The NEC may immediately give effect to these pilots and may incorporate any resultant rules into this rule book, subject to approval at Annual Conference 2019, when this sub-clause shall expire.

It wasn’t extended at Conference 19, and the rule now no-longer exists and virtual meetings are not permitted to take decisions. Someone’s going to be happy.

If deliberate, it’s another example of the bureaucracy just not giving a shit. …

Why Zoom?

I have posted a blog on Why Zoom? has become so popular in terms of getting consumer mind share.

I wonder if it’s based on Microsoft forgetting its history. I am sure the ultra low cost of using Zoom helps but Microsoft’s entry cost for Skype is the same and at the end, someone has to pay for the server room cycles.

Perhaps in the hypergrowth stage best of breed works but I suspect that an integrated offering will win out in the end.

 …

Where is BS20001 when you need it?

Where is BS20001 when you need it?

I have been looking at my CISSP notes on Business Continuity and they all state that getting your people into work is as important as ensuring the IT can survive the disaster. Also, people have been reducing the likelihood of a data centre loss and to be frank that’s not what’s happened. No question but that much planning has been found wanting as companies whose strategy in terms of meeting their public duty in the case of a disaster has been to allow competitors to step in. Both Waitrose and Laithwaite’s web sites have failed over the last seven days; these will probably be because of both staff nonavailability and insufficient capacity to cope with increased demand.

I also wrote a piece on my linkedin blog about the vulnerabilities that a sudden switch to mass working from home may cause, looking at vulnerability management, data leakage protection and obliquely vendor management. …

DaaS

It seems some people are trying to distinguish between the meanings of DaaS and VDI. Looks as if DaaS is a cloud offering and VDI is on-prem. This really isn’t helpful as so often the architecture is identical! …

Google, the GDPR and Brexit

Google, the GDPR and Brexit

Google are going to move their UK users data from Ireland to the USA. I wrote a little note on my linkedin blog. I headline it as

Google are moving UK data from Ireland to the US … what does this say about UK/EU/US dataflows and ompliance with the GDPR and the world’s data protection laws.

I also point out the need for robust legal redress to comply with the GDPR, which the UK and USA may not meet and that the UK will lose access to the US Privacy Shield arrangements. I note that the UK will lose its member state privileges and powers under the GDPR when the transition period ends and that RIPA 2016 and the immigration exception of the DPA 2018 may cause the Commission some problems with respect to “Adequacy”.

I note that model clauses and binding corporate rules will remain in place and I wonder if this is a business opportunity for a European based phone operating system author as people choose to withdraw from Android? Nokia? Canonical? …

Digital Democracy

Digital Democracy

One of the motions proposed but not debated at the CLPD AGM was called “Digital Democracy & the need for greater voter participation”. It’s quite long at over 550 words and I planned to speak against it, by saying something like,

This motion, despite its length, says only two things: that we’ve read Corbyn/Barbrook’s Digital Democracy Manifesto and that we approve of a digital identity card as part of a system of access to e-voting in public elections.

I have read the manifesto and believe it is flawed, most importantly in it postpones the consideration of what human rights looks like in an age of the ultimate surveillance machine until after the election of a Labour Government, when it proposes a consultation. It proposes a People’s Charter of Digital Liberties but makes no mention of the work other campaigners for digital liberty have done in defining new Human Rights needs in a connected world and old Rights that need defending. These campaigning bodies include Liberty, the Open Rights Group, the Electronic Frontier Foundation and Labour’s members on the European Parliament’s LIBE committee.

But we can’t talk about e-voting without talking about Estonia, the poster child of e-voting, and its failed audits, and its proof that e-voting does not increase turnout, and its alleged failure to meet European data protection standards.

We can’t talk about e-voting without talking about the Surveillance State and its private corporate arm. It’s bad enough that the datenkraken can use our phones to spy on us, but I suppose the fact that the US government has access via them to all they know perhaps should reassure us that there is no risk to making a short cut to British Intelligence of our internet usage records, they already have it.

We can’t talk about e-voting without talking about the digital divide.

We can’t talk about e-voting without looking at whether the ERS removed votes from the 2015 Labour Leadership elections, a fact if true showing the vulnerability of the “transparency of the result” to insider attack.

We can’t talk about e-voting without talking about Russia’s interference in the US, British elections and the Brexit referendum through their advanced hacking capability.

We can’t talk about e-voting without noting that Verify, the current Government identity portal has been criticised as a failure by the Public Accounts Committee and now looks likely to be privatised.

We can’t talk about e-voting without looking at the fundamental criticisms of such systems, that they are hard to build, and it may be impossible to resolve the conflict between having a transparent result and a secret ballot; this is before we address the issues of coercion,  impersonation and 2nd party verification i.e. how to implement polling/counting agents in a proprietary software system.

In the US, engineers and electoral administrators are developing the systems to make this easier, requiring physical receipts of the cast vote, which are then electronically counted with statistical control samples manually counted.

This motion is technically premature at best and otherwise dangerous populist nonsense.

Please remit or oppose.

ooOOOoo

Interestingly, DARPA have announced an e-voting proof of concept, I am pointed at it by Bruce Schneier. …