The government expects 600,000 people to register on its identity assurance (IDA) online security programme by the end of this year. The project by the Cabinet Office will allow citizens to prove who they are online when accessing digital public services. It has been criticised for taking longer than expected – the original plans targeted Spring 2013 for the first operational services – but bringing 600,000 people on to the system will be a big step forward. IDA will be provided by five independent identity providers - Digidentity, Experian, Mydex, The Post Office, and Verizon – who have been contracted to develop the service. Citizens who want to use digital services will first register with one of the IDA providers, then use that identity to securely log in to the relevant government website. The IDA provider will electronically verify their identity, avoiding the need for government to build a central database of citizen details to authenticate them online. The first thousand users of IDA are being tested on HM Revenue & Customs’ (HMRC) new pay-as-you-earn tax service, and will eventually be rolled out to millions of taxpayers who use the online self-assessment website. DVLA digital services such as viewing driving records online are also expected to be among the early adopters of IDA. Eventually, most digital public services delivered by central government will use IDA so citizens can securely prove their identity online. The government has today issued a tender to purchase the next section of IDA registrations, ready for when the first 600,000 have been used up. An announcement on the government's Identity Assurance blog said: "Identity providers are paid each time a user registers with them. The initial contracts cover the first 600,000 registrations. "We’re expecting to use all of these this year, so we’re now starting the process of buying identity provider services for the next phase of the programme. We’re expecting these contracts to start in October 2014 and provide the services required throughout most of 2015." The new contracts are estimated to be worth £30m. In October last year, another key element of IDA started testing. The Hub system will set up the competing companies citizens can register with to access digital services. The concept is similar to web users using Facebook or Google accounts to sign into third-party services. Universal Credit, the government’s flagship welfare reform programme, was initially expected to be one of the first users of IDA, but, following security concerns during its early trials, the Department for Work and Pensions implemented its own security system instead. However, IDA will still play a part in the authentication process for Universal Credit users. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Users of Gmail on iOS 7 will now be automatically logged in to all of Google's other online services such as YouTube, Google+ and Hangouts by default. Previously, the various iOS apps by Google all had separate logins and privacy policies but, as noted by online journal Quartz, in March these were consolidated into a single policy across 60-plus iOS 7 apps including Picasa, Google Docs and Drive. iOS 7 accounts for around 85 per cent of the Apple device market. "What Google really wants is for everybody to be signed in to their Google accounts all the time," a Google source told Quartz. Significantly, rather than announcing the change publicly, Google couched the privacy rules revamp in terms of a customer service upgrade, hidden away on their Gmail blog. "Whether you're checking your email first thing in the morning or as you're waiting in line at the grocery store, you want to get your messages as quickly as possible. With today's update to the Gmail iOS App, it's easier to do just that," reads the blog. "The app now fully supports background app refresh, which means your Gmail messages will be pre-fetched and synced so they're right there when you open the app-no more annoying pauses while you wait for your inbox to refresh. This feature requires iOS 7, and you'll also need to turn on background app refresh and notifications (badge or any other type) for the Gmail app. "The Gmail app also now supports sign-in across Google iOS apps, including Maps, Drive, YouTube and Chrome. Sign in to one, and you'll be signed in to all (this also works for signing out). So you won't have to type in that 27-character password or retrieve your 2-step verification code every time you navigate to another Google app," the blog concludes. These changes mirror those that Google made to its apps on its Android mobile platform and on the web in March 2012, effectively forcing users to sign up for all of its services at once. But those changes were announced with a publicity campaign, whereas the iOS ones have been introduced by the back door. The reason, undoubtedly, is that the original changes attracted fines adding up to millions of euros from EU member states, which have accuse Google of breaching EU laws and ordered it to change. Google ignored the ruling, but will not have welcomed the bad publicity. Consolidated logins allows Google to track iOS 7 users' activity across its various apps, as it does with web and Android users, and also across devices and operating systems. Rather than relying on cookies to identify users they are now tracked by their use of Google services, meaning that Google can identify much more accurately the behaviour that led to a sale or click on one of its advertising clients' links, and charge them accordingly. Google's underhand approach to privacy issues was also in the news yesterday when the company finally settled a €1m fine imposed by the Italian privacy watchdog over complaints that its Street View cars were not clearly recognisable, in a case dating back to 2010. "Cars belonging to the giant of Mountain View [Google's HQ] roamed Italy's streets without being entirely recognisable as such, therefore not allowing the people present in those places to decide whether to be photographed or not," the Italian regulator said in a statement. With Google's consolidated annual revenues running at around $50bn, it can afford to brush off such paltry fines. The damage to its reputation from consistently ignoring or evading privacy rulings may be more damaging in the long term, however.
Turkish authorities have lifted a two-week ban on Twitter after the constitutional court ruled that the block breached citizens’ right to freedom of expression. Twitter had expected the ban to be lifted a week earlier after an administrative court in Ankara ruled against the block, but telecoms authorities were slow to respond. This time around, the ban had been lifted minutes after Turkey’s telecoms authority removed court orders blocking the site from its webpage, an official in the prime minister’s office told Reuters The ban was imposed in the run-up to local elections on 30 March after a Twitter user posted damaging allegations of corruption implicating those close to prime minister Recep Tayyip Erdoğan, who vowed to "wipe out Twitter". However, a similar ban on YouTube, imposed after an audio recording was uploaded anonymously of what sounds like Turkish officials discussing Syria, remains in force with legal challenges pending. Commentators said the overturn of the Twitter ban is significant because the constitutional court ruling has overruled the government and asserted its own interpretation of the right to freedom of speech. In practice, the ban and attempts by the Turkish telecoms authority to block access to Twitter were ineffective, with tech-savvy Twitter users finding several ways to carry on using the microblogging service. Despite the ban, Twitter usage increased and the elections appear to have been largely unaffected, with Erdoğan’s ruling AK Party claiming a “resounding” victory, reports the BBC. Erdogan has lashed out at social media, accusing "plotters" of leaking recordings to deliberately undermine him. Social media sites such as Twitter and Facebook were used heavily by protesters during anti-government demonstrations last year. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
HM Revenue & Customs (HMRC) is driving the use of open source technology with a Hadoop NoSQL big data engine to analyse corporate tax. Government austerity measures have driven HRMC costs down by 20% over the last four years. The organisation is committed to reduce costs by another 22% over the next four years. Addressing delegates at the Open Source Open Standards 2014 conference in London, Mark Dearnley chief digital officer of the HMRC, said open source software was a great way to change the dynamics of how software is developed. Analytics shines a light According to Dearnley, analytics offered among the biggest opportunities for the use of open source software at the HMRC. He said: "Analytics is the first area where open source software has led the thinking." Working with its system integrators, HMRC has developed a macro enterprise data hub, built on Hadoop. Dearnley said: “Open source software is more cost-effective. It drives the commoditisation of infrastructure and use of software and drives a different delivery model, which is massively more cost-effective.” Corporation tax compliance is another example of Hadoop at HMRC. In the UK, companies need to submit tax returns electronically in the iXBRL format specified by HMRC. Dearnley said it took two and a half months to develop a complete Hadoop stack and load in all the corporation data, allowing tax officers to start analysing company tax returns. He said the users were impressed by how fast IT delivered and the speed with which they could get value. While using Hadoop for analytics has proved the value of open source software at HMRC, he said his ambition was to create a level playing field for open source software: "At the moment the pendulum is a bit too far, the other way." Open source opportunity HMRC runs 5,000 servers but only 3% run Linux. A quarter of its systems are virtualised, mainly on VMware, and it runs 3% of its system in the cloud, he said – implying a substantial opportunity to deploy open source technologies in HMRC's infrastructure. Of the 500 enterprise applications at HMRC, Dearnley said 95% were based on proprietary platforms. He admitted the penetration of open source software at HMRC was low: "We have some way to go. Our future will be a combination of private and public cloud, commodity compute, some of our databases are rather large and don't run in virtualised environments, so we will optimise our database cloud." HMRC mainly used VMware for its virtual servers. But Dearnly said he was interested in whether it would viable to switch to OpenStack. He said: "We hope industry creates a level playing field so we can explore the options and feel comfortable using these technologies. You don't want us to play with your tax data." Dearnley said he was determined to switch off the HMRC mainframe, but admitted there would still be other bits of proprietary technology that the organisation will need to maintain into the future. HMRC is also beginning to move its digital platforms onto open source technologies. Dearnley said: "We are testing the way we develop software changes with open source, how we work with system integrators and the skills we will need." Completing the open source circle, Dearnley said HMRC's experience with Hadoop has enabled it to contribute code back to the open source community. "As we develop in Hadoop we can put it back in the code stream. Even CESG encourages me to do that and it is encouraging for the team." Dearnley said open source software would define the organisation's future. "It is as much about people as it is about technology – and the people have to believe in it." Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Western Union's chief information security officer, in an effort to transform the internal security at his company, packages security to be more consumable. LAS VEGAS—Western Union has been in business since 1851, moving messages and money across the United States and around the world. Over its long history, Western Union has faced its share of security threats, and the modern IT security threat landscape is one of them. Speaking at the Interop conference here, Mike Kalac, the chief information security officer (CISO) of Western Union, detailed how he helped transform the internal security at his company to deal with the modern era of information security threats. Kalac explained to the audience that in 2012, the information security group within Western Union was viewed as being an obstacle, rather than an enabler, for the business. For example, the IT security group at the time was blocking access to both Facebook and YouTube, on the fear that those sites were insecure and represented a security risk. When Kalac's group finally did open up and provide limited access to Facebook and YouTube, he admitted that the change wasn't communicated properly to the organization. So even after access was made available, the IT security group within Western Union was still despised. Fundamentally for Kalac, security success depends on effective communications. "When people don't understand why a security policy is in place, they go the path of least resistance," Kalac said. "So if the users don't understand why they should be using a VPN when they connect in from a Starbucks, they won't use the VPN. They will just use the open connection." The challenge that has emerged in recent years is the simple fact that consumer technology has in some respects become better than enterprise technology. A decade ago, according to Kalac, employees were able to get better Internet access and computers at work than at home. "Now you leave home, and you leave all the cool tech at home," Kalac said. "The office is also blocking you from visiting sites and [is] adding all kinds of widgets to monitor and log what you do." If IT security is to be successful, IT needs to understand what users really want to do. Within Western Union, there is an exception policy tool that allows employees to request access to online tools and services. The company's marketing group was increasingly asking for access to cloud file-sharing service Dropbox because the group needed an easy way to move files, Kalac said. To meet that need, Western Union signed up for a commercially supported cloud file-sharing service. As the CISO, Kalac said his job is really all about managing risk. "As CISO, I learned I had to accept some risk to get more security," he said. If he didn't accept the risk that comes with enabling employees to move their files with a Dropbox-type service, then Western Union employees would have taken the path of least resistance and the files would still move. "So I get a controlled risk that I can control and monitor, while the person on other side can do their job," Kalac said. WISE A core piece that Kalac is using to help transform the IT security group at Western Union over the last two years is the Western Union Information Security Enablement (WISE) program. Kalac realized that simply bombarding employees with security messages is not entirely effective. What is needed is to effectively package up messaging, which is what WISE is all about. "The mission of WISE is to provide protection for Western Union data and systems, to reduce costs and simplify your world through wise solutions that enable the business," he said. What's key about the WISE effort is that it is a programmatic approach that has the Western Union brand wrapped around it. The initiative involves the key stakeholders within the organization, and end-user impact of any change is always identified, according to Kalac. "We all love technology, but take a step back to get out of the techie mode and see what your organization is trying to do and what behaviors are going on," Kalac said. "Take some controlled risk and then engage people in a different way. People want to be engaged, and they want to know why." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
The standoff in Turkey comes to a close, for now, as governments increasingly attempt to filter out the Internet at their borders. Less than 24 hours after Turkey's high court ruled that the government's ban on Twitter violated the nation's constitution, the country's telecommunications regulator pledged to discontinue its latest technical attempts to block the social network by hijacking Domain Name System traffic, according to media reports. On April 3, Turkey's telecommunications regulator, the Telecommunications Board, or TIB, stated that Twitter access would resume "right after the necessary technical steps are taken," according to The Wall Street Journal. The ban, instituted March 21 at the behest of the nation's Prime Minister Recep Tayyip Erdogan, came following leaks of alleged conversations between Erdogan, administration officials and corporate backers that included discussions about hiding bank accounts and a potential war with neighboring Syria. A week later, YouTube was also banned after the posting of recordings of similar discussions, according to media reports. Twitter welcomed the news, even as YouTube continued to be blocked. "We are encouraged by the news from Turkey today and welcome our Turkish users back to Twitter," the company tweeted on April 3. On April 2, Turkey's Constitutional Court ruled that the two-week-old blocking of the Twitter social network violated Article 26 of the nation's constitution, according to Hurriyet Daily News, a regional news site. The ban had originally taken the form of filtering traffic to Twitter, but later was expanded to include the rerouting of Domain Name System (DNS) traffic to foil attempts to circumvent the block by using extra-national DNS servers. The country's telecommunications provider, for example, rerouted local traffic that tried to use Google's public DNS servers at 188.8.131.52, according to Internet monitoring firm Renesys. Traffic to a host of other public DNS servers was also rerouted, Doug Madory, senior analyst with Renesys, told eWEEK. While the immediate issue is on track to be resolved, the hijack of Internet traffic by the Turkish government—along with other nations' operations to filter the Internet—suggests that such information manipulation will become more commonplace in the future, he said. "I feel like, these days, there are no international events that do not have an Internet component," Madory said. "In the future, as a country suffers some instability, the Internet is always going to become a target." Turkish citizens could have evaded the filtering by using a virtual private network, or VPN, which encrypts traffic, making it unreadable by eavesdroppers or the government. In addition, using less well-known DNS services could have also dodged the government's rerouting of domain name services. China, with the Great Firewall, had taken a far more comprehensive approach, intercepting any questionable traffic and sending a response before the legitimate server can respond, Madory said. "I think they have a long way to go to be on par with the Chinese," he said. "I don't know that any country is in the same league as China, but the fact that they are mentioned in the same sentence as China is telling."
Constitutional showdown over hyperlinking ends.
For years, the popular reviews site has been accused of extortionary tactics.
Studios demand $1.4 million in damages and content filtering.
A 5-year-old legal odyssey heads to the California Supreme Court in Los Angeles today.
VIDEO: Cisco's Rebecca Jacoby explains what the role of CIO is and where the source of truth rests within the network. LAS VEGAS—Over the last seven years, Rebecca Jacoby has served as the CIO of networking giant Cisco. In an exclusive video interview with eWEEK, Jacoby detailed what the role of CIO is all about and how policy is a key part of success. Jacoby said that the role of the CIO is to help deliver improved productivity for the business and for IT year after year. A CIO always has to be on top of the risk landscape and be able to adapt to the changing security landscape. Jacoby also plays a key role in helping to develop and set the strategy for Cisco. Jacoby said that Cisco's internal IT is delivered as a service within Cisco. Currently 95 percent of Cisco's internal IT infrastructure is virtualized—all running on Cisco's unified fabric architecture. Jacoby is aiming to deliver a 5 to 10 percent year-over-year productivity improvement in the services that are part of running Cisco's business, every year. A key challenge in any IT infrastructure is actually about understanding what is going on and where the source of truth lies for information. Jacoby said that finding the source of truth isn't the real challenge. "It takes some work on the data- and rules-based models to make sure you're actually getting the results you want in the network," Jacoby said. "I think this is very important piece for the future of IT in terms of being able to understand how to apply policies in combination with each other to make sure you're actually producing the truth that you want." Jacoby has already been in her job as CIO for seven years and she's likely to stay in the role for the foreseeable future, as well. "I think we're at an inflection point in terms of how technology is changing business models and it's an exciting time to play a strategic role as CIO," Jacoby said. "I absolutely love the organizational aspects of leading IT." Watch the full video with Cisco CIO, Rebecca Jacoby below: Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.