Select Committee on Home Affairs Minutes of Evidence


Examination of Witnesses (Questions 179 - 199)

TUESDAY 12 JUNE 2007

PROFESSOR ROSS ANDERSON, MR PETE BRAMHALL AND DR ANDY PHIPPEN

  Q179  Chairman: Good morning, gentlemen. Thank you very much indeed for coming to give evidence as part of our inquiry into the contention that we are drifting towards the surveillance state, whether that is a good or a bad thing and what we might do about it if it is, and we are grateful to you for coming. Our aim today, as you know, is to get at least some understanding of some of the technological issues involved in these developments and we are very grateful to you for your time. I understand that Caspar Bowden cannot come due to ill-health which is unfortunate, but I am sure that, between you and with the expertise you have got, you will be able to answer the questions that we might have directed to him. Perhaps I could ask each of you to introduce yourselves for the record and then we will make a start.

  Professor Anderson: I am Ross Anderson, Professor of security engineering at Cambridge and I also chair the Foundation for Information Policy Research.

  Dr Phippen: I am Andy Phippen. I lecture socio-technical studies at the University of Plymouth and am co-author of, amongst other things, the Trustguide Report.

  Mr Bramhall: I am Pete Bramhall and I lead a small team of researchers at Hewlett-Packard's corporate research labs in Bristol where we do research on privacy and identity management technologies.

  Q180  Mrs Cryer: May I ask the first question primarily to Professor Anderson and it is in terms of surveillance capability. What do you feel has been the most significant technological development of the past 10 years?

  Professor Anderson: Almost certainly search engines. It is perhaps slightly more than 10 years since we saw the first one, AltaVista, 11 years ago, but certainly Google has come along in the past six or seven years and their use has become very widespread. Previously, lots of information about people was kept on numerous, disparate databases, and a lot on paper in filing cabinets. Search engines mean that everything that is searchable is now findable if people have got the wit to look for it, and of course there are not merely the publicly available search engines, such as Google; there are search engines on intranets and there are search engines available to government and intelligence services which give access to information which is not generally available to the public. But overall the killer technology is search engines.

  Q181  Mrs Cryer: Do you both agree with that?

  Mr Bramhall: Yes, I would agree certainly with that and I would perhaps also add the fairly recent rise in social networking capabilities on the Internet, the rise of things like MySpace and YouTube where people can post information about themselves and yes, they are doing it willingly and for what seem to be very desirable purposes for them at the time, although they may actually have cause later in life to regret what they have made available of themselves and, coupled with search engine technology, there might actually be more out there than they would be happy with.

  Q182  Mrs Cryer: Dr Phippen, do you go along with that?

  Dr Phippen: Yes, I would certainly agree with that.

  Q183  Chairman: Can I follow that and ask what the main drivers are of these new technological developments? Search engines and Google are presumably driven by a commercial motive, but things like Facebook and social networking were sort of invented by people out there really, thinking of a way of doing things and making uses of them which probably the original designers had not thought of themselves, so what are the main drivers that are moving technology forward as quickly as it is?

  Professor Anderson: I think it is different in the private sector than the public sector. In the private sector, the main driver is the wish to charge different people different prices. This is of course as old as people have been trading; the carpet trader in Istanbul who makes a special price "just for you" is the price discrimination of antiquity. In general, price discrimination is economically efficient, but people tend to resent it because they feel that it is unfair. Now, what is happening is that technology is making price discrimination, firstly, more attractive to businesses because businesses become more like the software business over time and, secondly, easier. So this creates a circle—a vicious circle or a virtuous circle depending on your point of view—which drives the acquisition of ever more data and ever more capabilities as part of the process. And a second main driver of course is targeted communications. In the public sector, we have got all the motivations that we have all come to know and love or hate, as may be the case.

  Q184  Chairman: Could you say a little more about the public sector motivations though in the sense that there is probably a similar desire to get the right piece of information to somebody or the right service to somebody or the right information about somebody, so is it significantly different and is the public sector driving the technology or is in fact the private sector developing the technology which the public sector makes use of?

  Professor Anderson: I think it is the latter. The UK is rather odd in that over the last few years a majority of the business won by our big systems houses has been public sector business rather than private sector business, but they are almost never developing new technology, they are simply using technology which has been developed mostly elsewhere for private-sector purposes. It is also difficult for even a mild cynic to escape the supposition that there is some competitive empire-building going on in Whitehall of the "my database is bigger than your database" variety, and this appears to be more pronounced in Britain than in other countries.

  Q185  Chairman: Mr Bramhall, as you mentioned it, how significant are these social networking initiatives in driving change? I suppose it goes back certainly to text messaging originally, things where consumers have invented ways of using these systems that people had not previously thought of.

  Mr Bramhall: Yes, the technology behind them, I think, tends to come from private sector considerations. Entrepreneurs will think, "Ah yes, if I set up a capability of doing a MySpace or a YouTube, then they will come and use it and it will be commercially successful", but the other factor that drives that success, or otherwise, is essentially how great is the take-up by people. Are they actually as popular as the entrepreneurs who found them would like them to be? We can all look at the numbers of how quickly those sites are mushrooming and so on, but there is perhaps a little bit of evidence that indicates younger people are more happy and willing to participate in them and, therefore, perhaps one of the drivers is actually coming from the youthful recognition or the recognition by the young that technology is definitely not to be feared, it can do wonderful things, it can be liberating from an individual point of view, it can help form all sorts of personal relationships which again are very important when you are young, and perhaps those are the sorts of drivers of behaviour that lead to the success of these systems which have been enabled initially by private sector technology.

  Q186  Chairman: It is probably an impossible question, but, if we looked over the next 10 years, what are the technological developments that you think would have the most impact on data security and on the privacy of citizens?

  Professor Anderson: I do not think that privacy is fundamentally a technological issue, but fundamentally a policy issue. One of the things that we have learnt over the past six or seven years is that, when systems fail, they largely do so because incentives are misaligned and classically because some of the persons who guard a system are not the persons who bear the full economic costs of failure. One of the things that we are seeing more and more is that, as systems become more complex with more players, so the temptation on players to throw the risk over the fence and make it somebody else's problem becomes pervasive. So I can see this necessarily leading to an increase in regulation and public action of various kinds. As far as the technology is concerned, what we are going to see is probably a move to a world in which more and more objects are a little bit like computers. In 10 years' time, most things that you buy for more than about a tenner and which you do not eat or drink will have got some kind of CPU and communications in them and even things that you buy to eat or drink may have RFID tags on them.

  Q187  Chairman: At which point, the Committee then goes "What?", so CPU and what was the other thing?

  Professor Anderson: Some processing capability and some communications capability. Fifty or sixty years ago, there were a handful of computers and now we have several computers on our person, mobile phones, laptops, iPods, et cetera, and that will go up from a few to dozens. Your car might now have 30 computers in it and it might have 100 in it within 10 years' time and many of these computers will talk to each other. What that is going to mean is that more and more businesses will become a little bit like the software business and that means that the problems that we see in the software business, of which surveillance is only one, are going to become more pervasive. And this is going to affect, I think, the work of many committees, because many of the laws and regulations that we worked out during the 20th Century with, if you like, atomic property are going to have to be reworked with digital property to deal with all its side-effects.

  Q188  Chairman: Dr Phippen, any star-gazing?

  Dr Phippen: I must admit, I am certainly not as much of a technologist as the other two and, just looking from the citizen perspective which is very much where I focus, I think what you realise in the last couple of years is that the age of the naïve user is pretty much over now. We have spoken to people who had never used a computer before who told us, "You shouldn't buy things on the Internet because the hackers will steal your credit card details", so that is the level of awareness you are now dealing with. On top of that, going back to the previous question about whether citizens drive technology, there is a certain element of narcissism, I guess you would say, with blogging and MySpace and things like that where people like to share their information and certainly with younger people that is very prevalent at the moment. However, what you have not currently got, particularly with young people, is that, whilst they are very comfortable with the veneer of the technology, they are not aware of the threat and they are not aware of the long-term damage, such as when you are going for an interview in 10 years' time and someone pulls up you're MySpace page and says, "If you had said that you paid this political party, would you like to elaborate on that?" because what they do not realise is that this stuff stays for ever, especially with Google caches, and you have got various Internet archive sites that collect websites on a regular basis. I think the citizen perception will increase a great deal, but what I do not see increasing is the awareness of threats from it. Certainly we did quite a lot of work with around 100 school kids and they were very comfortable with technology and actually, since MySpace got bought by Rupert Murdoch, it seems to be a little less cool than it used to be and now things like Facebook and Bebo are the ones to go for, but they are very aware of that and they are very comfortable using MSN and various other messaging technologies and they are very comfortable using SMS technology, but, when you ask them about the threats and you ask them about the potential for stalking and the potential for viruses, they have very little in-depth information.

  Q189  Chairman: We will come back to some of those points. Mr Bramhall, just on the technology side, do you have anything to add to what Professor Anderson and Dr Phippen have said about new developments?

  Mr Bramhall: Not particularly. I think that in general the technological developments which will come about will still basically be in a context where the privacy issues remain the same and the principles for how one should address those privacy issues will also remain the same. The challenge would be, I think, when one is a system designer, remembering to take account of those principles and not just getting captivated and dazzled by the potential of what the technology could do.

  Q190  Mr Streeter: In relation to the last 10 years, have there been any surprises? Actually I sometimes have a bit of a theory that things do not change quite as rapidly as we think they do, but we can see it going from a long way down, so have there been any dramatic surprises where in the next 10 years we might look forward and say that we might have some more like that?

  Dr Phippen: I certainly think that SMS technology was not created for kids to bounce messages on to their mates; it was created for engineers to send short messages about mobile network updates. I think there is an awful lot of, if you like, accidental adoption that goes on where people do things in a way that perhaps the creator of the technology did not think.

  Q191  Mr Streeter: So a surprise in implementation, not necessarily in the technology or the invention itself?

  Dr Phippen: Yes, certainly from the perspective I come from, it is really the use and abuse of the technology in unpredictable ways that is the difficult thing to foresee.

  Q192  Chairman: It is almost inevitable that this sort of inquiry moves quite quickly into the threats, the risks and the dangers of the world that we are moving into and I suspect that this session will be no different when we go through the questions, so just before we do, can I just ask each of you to look at the other side of the equation. If we look 10 years ahead with the development of these technologies and the spread of these technologies in lots of different systems, how would you assess the benefits that are likely to arise from them, particularly for individuals, and would you think that those benefits are going to be more evident in the public sector or in the private sector?

  Professor Anderson: Well, 10 years ago the big issue was cryptography policy—the US Government's attempt to ensure that nobody communicated privately on the Internet without the NSA being able to tap the communications. That concern has gone away because encryption has not, as a matter of empirical practice, been widely deployed. Apart from that, 10 years ago people were generally very positive about the effects of the Internet. The evidence that we have now 10 years later? The most recent study of the correlation, for example, between crime and Internet adoption across the 50 US states, is interesting. It shows that, by and large, the Internet has a positive effect or a beneficial effect in that it reduces some crimes, crimes of sexual violence and crimes of prostitution, and this is assumed to be linked with the increasing availability of pornography to young males. The only crime that has gone up is what the FBI classes as `runaways', that is, children leaving home without their parents' consent before age 18. Some cases of runaways are clearly tragic, and others are clearly beneficial to the child, and we have no further figures on that. The things that we were worried about 10 years ago and the things that have happened 10 years after that were different, so we have to be cautious when we gaze into the future.

  Q193  Chairman: But would you say that there are more benefits to be gained from the spread of computers and communications?

  Professor Anderson: Absolutely, otherwise there would not be such an enormous effort and expenditure going into developing the technology. There are some downsides of course, but the gains are very much greater than the losses.

  Mr Bramhall: The benefits being the use at low cost, of the removal of physical barriers or of physical distances being a barrier for communication, collaboration and so on. Those are clearly the benefits and I see those continuing to evolve. The threat is sort of the other side of the coin simply that, because you are able to get out to the entire world from your house, so the entire world can get into you by the same mechanism.

  Q194  Chairman: We touched earlier on the sense that possibly the public sector tends to follow the developments in the private sector in this area. Do you see it over the next 10 years being primarily in the private sector and individuals' interaction with the private sector and with other individuals that the benefits will accrue or do you see significant benefits to the public sector?

  Mr Bramhall: I think there is the potential for significant benefits for the public sector because the same kinds of points that were made about ease of use and ease of access and so on are all essentially efficiency benefits and enabling benefits which are possible just as much in terms of public sector internal operations as well as public sector delivery of services to individuals, so those benefits are still equally applicable.

  Q195  Mr Winnick: Could I put this point to you, namely that virtually everyone, I would imagine, except Luddites, welcomes the new technology for all kinds of reasons, the computer, the Internet. Certainly my secretary finds that a correction, which otherwise on a typewriter would have taken so long, on a computer takes a matter of seconds. Is there any way in which you feel, gentlemen, that you can have this advance in technology, considerable advance in the last 10 or 15 years, and certainly when I came back here in 1979 the first item I bought was a typewriter, so can we have this advance in technology without the intrusion and growing intrusion into privacy? What about you, Professor Anderson, do you have great concerns about safeguards over privacy?

  Professor Anderson: Well, privacy intrusions generally stem from the abuse of authorised access by insiders or from failures to regulate such access properly, so privacy is largely a policy matter rather than a technology matter. That said, however, when you have got order of magnitude reductions in the costs of collecting data, or storing it and indexing it, of course more information is going to be kept, and over time we will move to some new equilibrium which is either going to have to involve more tolerance or more regulation or both. And I expect that the balance will be different on different sides of the Atlantic.

  Q196  Mr Winnick: Mr Bramhall?

  Mr Bramhall: I take a slightly different view as to the effect. Certainly the policy framework has to be got right and absolutely so regarding privacy and the management of it and so on, but I think there is also the potential certainly in the private sector for companies to differentiate themselves by exemplary privacy practices and to get, if you like, a good reputation as being able to manage the personal data of their customers, employees, whatever, in a reliable and privacy-friendly manner and to pay continual attention to this. I think it could become one of those differentiators between companies in the same way as, for example, product quality might be or price of products, so I think it could become a differentiator, particularly as far as the provision of digital services is concerned.

  Q197  Mr Winnick: There is a growing tendency for people to put a great deal of personal information on social networking sites which we all know about, although I do not myself do so, MySpace, Facebook. Is there not a danger that people are doing this without recognising the dangers involved in storing up such personal information and is there any way that we in Parliament or the media can warn people of the dangers involved? Just as a matter of interest, have any of you three put up such information?

  Dr Phippen: I do not have a MySpace account and I do not blog, I must admit, but I am planning on blogging about one specific topic I research on. I think there is a massive issue in particularly what the youth are currently doing with technology and the fact that they are nowhere near well enough aware of the damage that can come from that. We did an awful lot of work with awareness and education, who is responsible, and it always comes back when you talk to citizens that it is the Government and it is the manufacturers that should be responsible. For some reason, you always get the car analogies, "I wouldn't buy a car and drive it off and then crash it into a wall because they hadn't checked the brakes properly, so why aren't we checking that computers are secure before they sell them to us?" Now, obviously the trouble with that analogy is that, as soon as you connect your computer at home and stick it on line, all sorts of things that the vendor could not possibly have predicted when they sold it to you might happen. Just as an interesting aside, we do a regular experiment where we get a student to drive around Plymouth and detect available wireless networks and generally every year, up until two years ago, it was always 40% secure and 60% unsecure. Last year, we expanded it out to a few other cities in the South West and it was still 40% secure. This year, it was 75% secure. We then expanded it out, did rural towns, did some market towns and further afield, and it was coming in at around 75% secure. But then, when you start to look down the network descriptions, it is the fact that the vendors are now providing out of the box some level of security, and Professor Anderson will undoubtedly tell you far more than I can about the difference between WEP and WPA encryptions and the relative merits of them. What we are kind of seeing there is that manufacturers are trying to do more, but then there is a separate experiment where we had a student detect unsecure Bluetooth devices and send them an unsolicited message. Over 60% of the people that did that were perfectly happy to receive that on their device and load it up with no problem at all, so the kind of conclusion you are getting from that is that the buck has got to stop with the individual because manufacturers can do a lot, the Government can do a lot by education and I would certainly say that if you looked at School Curricula, et cetera, it is not doing enough at the moment. However, there has to be personal responsibility because ultimately it is a personal device. The bewildering thing we found was that people were very, very willing to accept that something is in their personal device, they did not know what it was, they just accepted it. Now, how could a manufacturer protect against that?

  Q198  Mr Winnick: I take it, Professor Anderson and Mr Bramhall, you do not put anything on these sites which I mentioned?

  Professor Anderson: I have a MySpace site, but I basically use it for one of my hobbies, old music. It is a free repository for out-of-copyright MP3 files and things like that. On the issue of security usability, this is one of the hottest topics in security research over the last three years because of the rise in phishing and other attacks that basically exploit user naivety. Up until now, many of the organisations which ought to know better have taken the view which in safety-critical systems we call `blame and train'. If somebody cannot use your system, you first blame them and you then make some half-hearted effort to train them. Now, that is known not to work in safety-critical systems. If an aircraft cockpit is unflyable, you redesign the cockpit, for goodness' sake! You do not try and make the pilot fly in some strange attitude, and we are going to need a similar change of attitude among banks, for example, whose websites are often particularly vulnerable. There are some interesting public policy issues here and one that we have been looking at recently is what is known as `gender HCI', the way in which men and women interact with human computer interfaces differently, and this is a subject which started only in the last year or so at Cambridge and Carnegie Mellon. We are beginning to realise that the way many bank websites are designed, for example, likely discriminates against women because they are designed by geeks for geeks. Banks will say things like, "visually parse the URL and look for the second-last thing before the last slash", and this is a boy-toy kind of approach to things. In such sectors, there are a number of suppliers—not just computer suppliers but also website operators—who really must do better. So this is an active area of research.

  Q199  Chairman: I did not want to say this because, as Dr Phippen says, we always seem to get car analogies and I was sitting here with a car analogy! Professor Anderson, as you were saying earlier, most of the breaches are about when people get inside the system rather than the technology, but it does sound like the argument that it is not cars that kill people, it is car drivers, but actually in practice we have done a lot to make cars people-proof over the years because you could not just blame the driver, you actually had to change the design.

  Professor Anderson: Well, these are complex socio-technical systems and the reason that we have got about the same number of fatal road traffic accidents now as in 1925, despite having a couple of dozen times more cars, is due to a whole lot of factors: that cars have seatbelts, they have crumple zones, we have speed limits and we enforce them, drunk-driving is no longer socially acceptable, et cetera, et cetera, et cetera. And do not discount the long evolutionary period whereby the Department for Transport looks at the road traffic accident hot-spots and, if two or three people have been killed at some particular interchange, they redesign it. There is a long period of growth, learning and adaptation which has gone behind this reduction in fatalities.


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2008
Prepared 8 June 2008