News

Apple patents tech to let cops switch off iPhone video, camera...

Police forces around the world have had the problem that when their officers get a bit carried away and start pepper spraying tied captives there is someone on hand filming the event on their mobile phones. While six police lay into prone grannies on the floor with long batons, the pictures can be on the net in seconds, meaning supervisors have to answer embarrassing questions. But they may not need to fear scrutiny much longer - Apple has patented a piece of technology which would allow government and police to block transmission of information, including video and photographs, whenever they like. All the coppers have to do is decide that a public gathering or venue is deemed "sensitive", and needs to be "protected from externalities" and Apple will switch off all its gear. The police can then get on with the very difficult task of kettling protesters without having to worry about a few beating anyone to death. Apple insists that the affected sites are mostly cinemas, theatres, concert grounds and similar locations, but it does admit that it could be used in "covert police or government operations which may require complete 'blackout' conditions". According to RT it could also be used to prevent whistleblowers like Edward Snowden from taking pictures and broadcasting them on the interent. Apple said that the wireless transmission of sensitive information to a remote source is one example of a threat to security. But it said that this sensitive information could be anything from classified government information to questions or answers to an examination administered in an academic setting. Apple patented the means to transmit an encoded signal to all wireless devices, commanding them to disable recording functions. The policies would be activated by GPS, and wi-fi or mobile base-stations, which would ring-fence ("geofence") around a building or a "sensitive area" to prevent phone cameras from taking pictures or recording video. Odd that the company made famous by its 1984 Big Brother video can't really see what it is doing. Perhaps its own secretive culture and an overzealous security treatment of its staff have fostered sympathy for Big Brother after all. [embedded content]  

TOR advises abandoning Windows

TOR has warned its users to stay away from Windows after it was revealed that US spooks were spreading malware on the anonymising network using a Firefox zero-day vulnerability The zero-day vulnerability allowed the FBI and other spooks to to use JavaScript code to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network. According to a security advisory posted by the TOR Project, the work around is switching away from Windows. This is because the malicious Javascript that exploited the zero-day vulnerability was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customised to view websites using TOR. Those using Linux and OS X were unaffected. While there is nothing to stop the spooks writing a version of the code which targets Linux and OS X, it is less likely to happen. The fake Javascript was likely planted on websites where the attacker was interested to see who visited.

The script collected the hostname and MAC address of a person's computer and sent it to a remote computer. The exploit is targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host. The TOR Project also advised users to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. "Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect," TOR wrote. "A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings." Mozilla has patched the hole in later versions of Firefox, but some people may still be using the older versions of the TOR Browser Bundle. 

Is the smart meter roll-out doomed?

A new select committee report has given the UK's smart meter roll-out a thumbs up. But is the project doomed to failure? Computer Weekly has spoken to experts who have raised concerns over the economic impact and benefits, the technical infrastructure and the IT project management behind the UK's smart meter programme. When engineering consultant Mott MacDonald calculated the cost of the smart meter programme, the firm stated the net present value of the programme would be £4.0bn in the red, according to Alex Henney, an economist and advisor for the electricity industry, who gave evidence to the Smart Meter Select Committee.  Yet the civil service has put the net present value at £4.9bn.  “The civil service went to town to tweak the numbers," said Henney. "It's a political freak to go from -£4bn to +£4.9bn in four years.

If that does not ring a bell, then you can believe pigs can fly.” More expensive than Continental counterparts He said the UK programme is twice as expensive as the Spanish and Italian smart meter programmes. “There are two obvious differences. Firstly, the Italians and Spanish rely on a powerline network [for data communications], which is simpler and cheaper than wireless technology.” Italy and Spain also use a central distributed network operator (DNO) to roll out the smart meters, which, he claims, is simpler than relying on electricity suppliers.  “We have devised the most complex roll-out in the world,” Henney said.

The UK approach, which relies on suppliers rolling out meters, will need an extra large database to collate information on who owns the meter, incurring costs and introducing errors and complexity. It's a political freak to go from -£4.0bn to +£4.9bn in 4 years.

If that does not ring a bell, then you can believe pigs can fly.” Alex Henney The UK's smart meter project will enable consumers to see how much energy they use.

Henney said the programme will require an energy usage display in each household that costs £25 each. That may not seem like much, but over the course of 43 million households, it represents over £1.1bn. Henney believes many people will throw these displays away and they are unlikely to have any impact on people's usage patterns.  "The average residential consumption is 4,000KwH compared with 16,000 KwH in Norway where home heating exclusively uses electricity," he said. "The average UK electricity consumption has not increased very much.

In the case of gas, consumption has gone down." The EU wants member states to provide 80% of all households in member states with smart meters.

A new Ernst & Young study for the German Federal Ministry of Information and Technology has not recommended smart meters in Germany. No major environmental boost From Henney's analysis, smart meters will not give the UK a major environmental boost as many homes now use efficient condenser boilers for heating and energy efficient lighting.

He believes the government's premise that people will manage their energy consumption is flawed. In other parts of the world the largest gains in energy reduction have not come from smart meter roll-outs, but from targeted measures that reduce peak consumption. "In California, the main demand side response is not coming from real-time smart meters, but from electricity suppliers directly controlling air conditioners," he added. Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, warns that the energy industry has no reason to lower energy usage.  "There is no prospect it will meet its energy saving goals as the meters will be controlled by the retailers whose interest is to maximise sales volumes," Anderson said. "The project was sold on the basis of a thoroughly dishonest impact assessment and it's pressing ahead, despite lack of agreement on many aspects of the specification.  "It's a classic IT disaster in the making." IT complexity Beyond the choice of wireless over powerline for smart meter connectivity and the potential ineffectiveness of people to manage their consumption, the software development and project management of the programme may not be robust enough. The costs associated with the IT behind the programme are likely to escalate and timescales will overrun, according to software engineer Martyn Thomas, a member of the IET Information Technology Policy Panel.  "It is a very large IT project, and the government's track record is not good," said Thomas. "The government usually overlooks the amount of business change." Risk is another factor he believes will contribute to the project's demise. "There isn’t a properly constructed risk register with provisions to sort out problems if they should arise," he said. Thomas, who previously worked on tax office IT, said: "One of the ways we managed projects in taxes was by identifying possible outcomes for the project and assigning risk to each." Thomas is a strong proponent of formal methods, which he said will decrease project cost.  "Most of the costs in an IT project are the efforts in finding errors. We’ve known for 40 years that testing only shows the presence of errors, not their absence," he said. According to Thomas, a formal methodology would reduce errors getting into the smart meter programme. Problems areas are identified early. "You save an awful lot of time." Less errors also means less risk of cyber attacks impacting smart meters and people's electricity and gas supplies. The chance of failure is high. In his evidence to the Select Committee Andrew Ward, operations director at Scottish Power highlighted a project oversight which occurred at the company's US division.  "As part of the deployment [the US operations] rolled out 200,000 meters and had to replace 5,000 because they could not update communications over the wire," said Ward.  In other words, the team had failed to identify the potential flaw of meters not being remotely accessible and had to replace 2.5% of them at considerable cost.

If this were to occur in the UK's roll-out, almost a million households would be affected. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com

German justice minister proposes ban for US firms that don’t abide...

Meanwhile, German spy agency (BND) is passing metadata on to the NSA.    

Latvia agrees to extradite man accused of helping Gozi malware creation

Suspect denies involvement: “I don’t know about the Gozi virus."    

Australians revolt over CAPTCHA

Australians do not give an XXXX for the use of CAPTCHA and are now in open revolt. According to IT News, a new campaign calling for the death of CAPTCHA has begun in Earnest, which we think is a small town near Cairns.   They say that the technology to combat spam bots is also blocking people with disabilities and the feature should be removed from websites. A CAPTCHA is a completely automated public Turing test to tell computers and humans apart. They are designed to prevent spammers from automatically sending unsolicited commercial messages to sites and users by requiring people to read unreadable text and numbers. The problem with CAPTCHA is that it hinders people with vision impairments to the point that they cannot use certain websites. Blind Citizens Australia, Able Australia, Media Access Australia and the Australian Deaf-Blind Council are calling on organisations to stop using CAPTCHA, setting up a petition with the Australian Communications Consumer Action Network. Apparently when CAPTCHA uses audio files along with the strings of letters, people with disabilities find these just as tough. Dyslexic, colour-blind and older users often find CAPTCHA hard to get through too. It is starting to look like the use of CAPTCHA may in fact contravene Australia's Disability Discrimination Act. A better way for everyone, critics suggest, would be the use of emails to activate and verify users, instead of CAPTCHA. The W3C web standards organisation has already commented that CAPTCHA has become less effective as an anti-spam measure, with character and image recognition software being able to defeat it.

Researchers find trojanized banking app that exploits critical Android bug

Google's smartphone app verification tool to the rescue.    

“Most” of Apple’s developer site services to be restored “this week”

The handful of services that remain offline should be back soon.    

Attackers wield Firefox exploit to uncloak anonymous Tor users

Publicly available exploit threatens all Tor users unless they take action now.    

Data-driven innovation

A strong focus on data management enables organisations to ensure data flows are efficient and transparent. It can also be used for predictive data analytics to improve the speed of decision-making. The recent explosive surge in big data means predictive analytics is gaining wider acceptance for operational use. James Fisher, vice-president of product marketing analytics at SAP, cites IDC figures of an advanced analytics market worth $3bn by 2016.

He claims many SAP customers use Hana, the company’s predictive analytics platform, to drive profit and cut costs by applying the software to analyse their data in ways never previously thought possible. Within the context of customer relationship management (CRM), however, predictive analytics is more at the experimental stage rather than a de facto modus operandi. That said, it is no surprise that companies whose business model is built on technology are in the vanguard when it comes to applying predictive analytics to CRM. A tactical game Gaming company Bigpoint, the creator of Battlestar Galactica, is using predictive analytics to monetise players and increase revenue by a projected 10% and 30% a year. Battlestar Galactica has nine million registered players and notches up 5,000 events per second. Bigpoint’s predictive model is allowing it to intelligently make real-time decisions about a player’s actions.

For example, if a player’s ship is destroyed, it acts as trigger for the predictive engine to analyse previous gaming behaviour.

If appropriate, a personalised context-related message offers the player a new ship – for a small fee, of course. Bigpoint is not there yet, but it is confident of growing annual revenues. Adept at tax collection Her Majesty’s Revenue & Customs (HMRC) has created a predictive analytics platform to improve debt collection and risk evaluation.

Its platform, called Adept, integrates analytics into debt management and is designed to customise debt collection interventions for millions of late tax payments each year. Adept is integrated with HMRC’s collection systems and uses predictive modelling to inform more sophisticated risk and behaviour-based collection strategies. It identifies different types of debtor groups and targets its communications to these groups based on their specific attributes. To date, it has been so successful that HMRC estimates it will collect an additional £3bn of debt by March 2015. The system uses “behavioural economics” predictive modelling to reveal whether SMS, landline, mobile phone or printed letter is the most effective channel for communication. It also assesses the message content, or trigger. By mentioning the public services funded by taxes in one letter to late payers, for example, the payment rate increased by 20%. HMRC is also learning from the financial servicesindustry and using predictive modelling to identify customer behaviour that provides early warning signs of default on arrangements. The question of data accuracy is an important one, however.

If the data is skewed with errors, the models are going to be inaccurate. To ensure that data is accurate, HMRC conducts a quality check as data is shipped from the debt collection system into Adept and converted into analytical form. The result is that HMRC has a flexible, easy-to-change approach to mass customisation, enabling it to assign the most appropriate sequence of collection actions to each debt.

Events from a customer promising to pay or missing a payment deadline are used to trigger automatic re-evaluation of past decisions.

The business actions cover the full range of debt collection interventions, including letters, phone calls, visits by field force agents, referral to a debt collection agency and, ultimately, court proceedings. The groundwork for Adept was laid several years ago, when debt management systems were integrated to create a single system which provided the flexibility to create workflows that generate letters, drive predictive diallers in contact centres, manage door-to-door collections and carry out legal proceedings. HMRC created an analytical prototype on a standalone system with a monthly data feed from the integrated debt management system. It also created a new support model and technical mechanisms for sharing ownership of different parts of Adept between IT and the business. Creating this system involved integrating four different Oracle databases and four different SAS tools into a seamless analytical environment.

The most complex phase delivered a 12.5TB analytical database processing millions of new records each day, generating event triggers for automated decision-making and updating analytical models based on billions of records. Through Adept, HMRC is transforming the way it uses data. In fact, more data sources are being added, so new connections can be made.

Its data-gathering powers means it is able to gather bulk data about businesses accepting credit and debit cards. By using a big data system called Connect, provided by Detica, HMRC says it is able to cross-match more than one billion pieces of data to detect risky taxpayers to investigate. Analysing data for retail rewards In the retail sector, a number of companies are moving forward with predictive analytics. One example is Tesco, which is building on its reputation for employing new technologies to enhance CRM.

Alys Woodward, research director at IDC, points to a scheme Tesco has initiated which offers customers, in real time, products related to existing purchases.

A loyalty card is inserted into a device that is fixed to a shopping trolley, through which tailored offers are made to the shopper as they place items in their trolley.

For example, a shopper may place a barbecue chicken in the trolley and then receive a 3-for-2 offer related to the item, such as charcoal for barbecues. By recognising who the customer is and the purchases they have made, Tesco is attempting to predict what they are going to do next and intervene with relevant offers. It is a simple premise – and one that, if successful, could attract customers and lead to greater profits. Clearly the prize is great, and to illustrate just how much some retailers are investing in this area Wal-Mart recently acquired predictive analytics firm Inkiru.

The US retail giant says it will now accelerate big data capabilities, such as website personalisation, fraud prevention and marketing. Richard Kellett, UK marketing director at SAS, is anticipating a far greater upsurge in predictive analytics. “Knowledge and awareness is increasing and there is a greater openness to seeing predictive analytics as an operational tool rather than just a strategic tool,” he says. “[In the UK] we are lagging behind other countries, but there are pockets of excellence.” He cites Waitrose as one example.

The company is applying predictive analytics in its supply chain to ensure it cuts down on waste and does not under-supply, so customers are not walking away to a rival. In short, it is mapping sales of individual stores and then factoring in components such as weather maps and forecasts to determine shipping quantities, locations and timings. Life-saving potential The financial services industry is using predictive analytics to refine its debt collection methods. Some companies are recognising that a certain type of customer responds negatively to payment reminders – if left alone they will make the payment, but if nudged they will dig their heels in and delay payment. By identifying these behavioural trends, companies are able to optimise their operations and improve customer relations.

At a wider level, predictive analytics is making inroads into many areas of life.

For example, a trucking company in the US is using the technology to predict fatigue levels in drivers, cutting serious accident rates by 80%. And while still at an experimental level, it is also being used in some natal clinics to monitor the vital signs of babies before physical symptoms of something untoward appear.

This is fairly cutting-edge use of predictive analytics, and while many organisations are nudging their way towards CRM benefits, it is certainly not yet being widely adopted, says Kellett. But as HMRC illustrates, if the effort is put in, it can bring potentially enormous benefits. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com This was first published in August 2013

FBI hacks Tor

FreedomWeb, an Irish company which provides hosting for "hidden services" over the Tor network, has been shut down after its owner, Eric Eoin Marques, was accused of helping spread child abuse images. Alarmingly, the FBI have managed to hack Tor.

According to the Tor Open Watch blog, users of Tor hidden services report that their copies of  the browser were infected with malicious javascript that de-anonymised them. The belief is that the FBI has hacked them. Tor Browser originally shipped with Javascript disabled but it was switched back on again recently to make the browser more useful. Although this would be a victory for the FBI against child p**nographers who use the Tor network, it means a serious security breach for international activists and internet users living in repressive states who use the services to practice free speech online. In its attempts to bring down child abuse images, the FBI might have exposed countless activists to arrest and torture. But we guess as far as the untouchables are concerned, they are foreigners and very far away. OpenWatch has been in the early stages of designing a new alternative to Freedom Hosting, called OnionCloud, to allow anonymous Heroku-like application hosting. 

Japanese toilet can be hacked

A high tech Japanese toilet can be hacked remotely according to the latest security advisory from TrustWave. The company has noticed that security is fast becoming a problem in high tech loos with lots of security problems coming up. In fact,...