Remembering Payday

Wanting to remember to run the payroll for my company, I was amazed to discover that Google Calendar does not offer any way to create a recurring calendar entry for the last day of each month. As it turns out, this is one of the examples actually quoted in the iCalendar standard — RFC2445 (on page 43) — so it’s very surprising Google has not implemented a way to manage such entries.

Fortunately Google Calendar does actually support recurring entries for the last day of a month, so it’s possible to hand-craft an .ICS file that can then be imported into Google Calendar. Baptiste Gazul’s helpful blog post started me in the right direction and I was able to craft some entries for my needs with help from the RFC. I saved the quoted text below into a plain-text file with a .ICS suffix and then used Google Calendar’s Import Calendar function to add the entry.

To have a calendar entry for Payday on the last weekday of every month, try:

BEGIN:VCALENDAR
BEGIN:VEVENT
DTSTART:20150331
RRULE:FREQ=MONTHLY;BYDAY=MO,TU,WE,TH,FR;BYSETPOS=-1;WKST=MO
SUMMARY:Payday
DESCRIPTION:Last weekday of each month
END:VEVENT
END:VCALENDAR

Change DTSTART to specify the date of the first payday.

I actually have to run payroll on the Friday before the last weekday of the month; this seems to work:

BEGIN:VCALENDAR
BEGIN:VEVENT
DTSTART:20150417
RRULE:FREQ=MONTHLY;BYDAY=FR;BYSETPOS=-1;WKST=MO
SUMMARY:Run payroll
DESCRIPTION:Friday before last weekday of each month
END:VEVENT
END:VCALENDAR

Blocking The Fields

Dry stone walls in the Yorkshire Dales

There are people walking over the beautiful spring meadows. Most are just enjoying the beauty of it all, but some are going visiting to each other’s houses. Of those, you discover one or two of them doing things you and your supporters don’t like when they arrive, so you want to stop them.

You issue an instruction to block the fields. Your objective is just, so it must be possible, right? Your bureaucrats get to work on your demand.

They can’t block an open field, so they build a road and block that.

But people go round the roadblock, so they build a fence along the sides of the road too.

But people go round the fence, so they add a fence all around the field.

But people go round the field, so they mandate fences across the whole country. That bad thing you want to stop justifies all the expense and inconvenience, doesn’t it? Building the fences takes several years, but the whole country is now covered in obstacles of various kinds.

But there are now so many miles of fences that they are mostly out of sight of your staff. People just jump over them, so you tell the police start to arrest people who do. That bad thing is so bad you have to act tough, even though most of those people they are arresting are just trying to work round the inconvenience you have caused them for innocuous reasons.

But there aren’t enough police to patrol every fence, so you hire more and more.

But they still can’t arrest everyone, so they recruit informers.

You can’t rely on the informers, so you get them to spy on each other as well.

Turns out you can’t rely on spies, so you add security cameras as well.

You now need an army of spies, analysts and police to watch the security cameras, check on the spies and watch for people jumping fences. This is not about the bad thing you first objected to any more. It’s now about respecting the law for the sake of the law. So your people are arresting everyone regardless of their motives, checking on spies for telling lies, dealing with corruption among your informers, suppressing all the “SJW”s who whine about the loss of freedom and undermining your political opposition who are equally clueless about blocking fields but can see that what you are doing is hugely unpopular.

Congratulations! Your attempt to stop something your supporters disapprove of by mandating the impossible has created a police state. It doesn’t matter how bad the thing you were trying to stop is; people probably agree that it’s a bad thing.

By mandating the impossible, you caused collateral damage that outweighed any benefits, and by associating it with a thing no-one dares defend in public you were able to accidentally destroy society without opposition. And you didn’t notice because you never go for walks in the fields.

New Role At WiPro

I’ve news. Starting today, I will be working full time in a new role. I’m now a Director at the global consulting firm WiPro in their Open Source practice, advising both customers and implementation teams on open source issues concerning software selection, community engagement, license compliance and more. You’ll find me at a variety of conferences and events, and I’ll continue to write for InfoWorld and others.

I’ve always wondered why SIs and outsourcing consultants didn’t use more open source in their solutions. It keeps solutions more flexible for their clients, reduces the overall cost of ownership and ensures end-of-life migrations are easier. WiPro is taking the lead among high-scale consulting firms applying the insights and benefits of open source software to its customer engagements. I’m looking forward to helping WiPro’s customers worldwide gain these benefits and avoid having their software solutions unnecessarily intermediated by copyright owners.

Who Else Listens To Your TV?

Samsung’s Smart TV listens to everything you say all the time you have voice control enabled. No surprise there. But Samsung’s Terms warn that it’s likely to be sending all that audio to a service provider for analysis, rather than analysing it in your TV.

That’s got plenty of people worried, but Samsung aren’t concerned. They sent me their canned press response, which starts:

Samsung takes consumer privacy very seriously. In all of our Smart TVs, any data gathering or their use is carried out with utmost transparency and we provide meaningful options for consumers to freely choose or to opt out of a service. We employ industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use.

I’m sure that is all true. Samsung has a large investment in technical experts of all kinds. All the same, the key phrase there is “prevent unauthorized collection or use”. Why? Well, let’s carry on with their response.

Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only. Users can easily recognize if the voice recognition feature is activated because a microphone icon appears on the screen.

That’s not exactly what the Terms say; they note that “if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted”. So we’re not just talking about the sort of data Google Now or Siri sends to their service provider (the phrase after you have started the voice recognition). Samsung also sends the commands themselves, plus any conversation around them. From that description, it seems the whole stream of conversation is likely to be sent.

Samsung does not sell voice data to third parties. If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.

The fact the data is not sold is good. I would expect no less from Samsung in this circumstance. But there is a use case that is conspicuously excluded from both their statement and the Terms.

What about requests for interception? The data may be encrypted to prevent “unauthorised collection or use” but what about authorised use, when a legal authority in one of the countries involved in the transaction requests access to the raw audio? In the USA, the Third Party Doctrine would allow security and law enforcement services to request access without a warrant. Given the service provider appears to be a US company, even if the customer is in a country where interception locally would be illegal, the NSA (or any of a myriad other US organisations) could still collect on their behalf.

Tim Cushing thinks this is at least gated by the need for the device ID but I think that overlooks the strategy used by the US & UK security services. They separate bulk data collection and later data analysis, treating only the latter as surveillance in need of a warrant. I would not be at all surprised if Samsung’s service providers at some point get an order to tee all their audio inputs through the NSA, using an order of which Samsung may not even be aware. This would not be for immediate analysis, just for pooling and later use once a device ID is obtained by other means.

I asked Samsung to clarify their position on law enforcement use of their streaming audio data, and to clarify whether they had ever received requests for it. So far I’ve had no reply to my questions. I suspect that’s because they have not considered the issue. I think more people need to ask them and their service providers, and their competitors who offer the same services.

You say you have nothing to hide? When a joke you made over dinner is flagged by an algorithm and a clipping provided to a busy police analyst out of context leads to a visit by a SWAT team “just in case”, will you still think that? We need this privacy exposure nipped in the bud, given we have police with a SWAT first and don’t apologise later attitude. Some innocent comment caught by a TV is going to lead to a tragedy otherwise.

Legislating For Unicorns

When Julian Huppert MP (Lib-Dem) asked the Home Secretary Theresa May MP (Con) if banning encryption – as the Prime Minister had been interpreted as saying – is “genuinely what the Home Secretary wants to do?”, she evaded him with her answer.

I remain convinced her and the Cabinet’s position on encryption is based on a non-technical misinterpretation of detailed advice from within the Home Office. Her response, and other responses by her colleagues and by the US government, imply that the security officialdom of the US & UK believes it can resurrect “golden key” encryption where government agencies have a privileged back door into encryption schemes. That’s what’s encoded in her replies as “there should be no safe spaces for terrorists to communicate.” Think “Clipper chip“. As Ryan Paul comments,

More telling though is the insecurity the Conservative Party exhibits on the subject. Unwilling to discuss the matter in a balanced way, party mouthpiece Julian Smith MP descends to ad hominem against deputy Prime Minister Nick Clegg MP (LD), in the process also exhibiting the hypocrisy of the unconvinced apologist. Sadly Mrs May rewards rather than rejects his question.

In a sequence of questions and answers in the same debate – which cannot conceivably have been unplanned – Conservatives ask party-political questions of the Home Secretary, to which she responds with unashamed electioneering. When this tactic is used – accusing an opponent of a fault you exhibit yourself far more than they do – it is always an attempt to conceal your own lack of validity.

Clegg’s crime was to assert that freedom and security are not inherently incompatible:

“I want to keep us safe. It’s ludicrous this idea that people who care about our freedom don’t care about our safety.

“What I will not do, because it is not proven, is say that every single man, woman and child should have data about what they get up to online kept for a year.”

For Conservative MPs to call that “disgraceful” is extremely revealing, both of their lack of comprehension of the issues and the cynicism with which they intend to manipulate the misapprehensions of Middle England for electoral gain. I’ve met no-one who seriously asserts the security services should be unable to secure warranted access to specific communications of those suspected of a crime. That capability is obviously justifiable in a democracy.

But the Communications Data Bill and proposals for “golden keys” go much further than is reasonable and balanced. What defenders of freedom seek is not insecurity; we instead seek transparency, accountability and proportionality, all in a form open to any citizen to scrutinise and challenge.

When Mrs May (and Labour’s Jack Straw MP, and others) refuse that democratic oversight and accuse its proponents of partisanship and irresponsible disregard of security, their own ad hominems and party partisanship reinforce the case rather than diminish it. It’s time for an adult debate informed by technological realities, instead of this opportunism and electioneering.

How To Safeguard Surveillance Laws

This letter was published in the London Evening Standard on January 12th, 2015:

I watch with alarm as, in the wake of the barbaric murders in France, politicians seek increased surveillance powers for the security services.

Surveillance is not always wrong; far from it, our democracy has long allowed accountable public servants to temporarily intrude on individuals they believe to be a threat.

My alarm arises for two reasons:

  • The powers requested in recent attempts at new law are open-ended and ill-defined. They lack meaningful oversight, transparency or accountability. They appear designed to permit the security services free rein in making their own rules and retrospectively justifying their actions.
  • The breadth of data gathered – far beyond the pursuit of individuals – creates a risk of future abuse, by both (inevitable) bad actors and people responding to future moral panic. Today’s justifications – where offered – make no accommodation for these risks.

Voters should listen respectfully but critically to the security services’ requests. Our representatives must ensure that each abridgement of our liberties is ring-fenced:

  • justified objectively using public data,
  • governed with impartial oversight, and
  • guarded by a sunset clause for both the powers and all their data by-products.

If the defence of free speech fatally abrades other liberties we are all diminished.

Yours faithfully

Simon Phipps

Any Revolution Can Be Repurposed

In fact this memorial to one — involving three days of killing in Paris over free speech for the press and a death sentence for blasphemy — has been:

Liberty and Vigilance
The July Column in the Place de la Bastille in Paris – itself dedicated to the celebration of liberty after the French Revolution – was erected in memory of the fallen of the later July Revolution of 1830. It’s not too far from the offices of Charlie Hebdo.

The July Revolution comprised three days of fighting in Paris, primarily on free speech grounds against state censorship. Charles X, France’s last hereditary monarch, had imposed the death penalty for blasphemy against Christianity. He also suspended the liberty of the press and dissolved the newly elected Chamber of Deputies.

Today, the column is used as a platform for surveillance cameras. We must be on our guard against similar repurposing today.

Follow

Get every new post delivered to your Inbox.

Join 7,377 other followers

%d bloggers like this: