That makes the Shakespeare review of public sector information (PSI) particularly important, since it represents an attempt to pull together all the different strands of open data in government and to draw up a coherent, over-arching strategy. Here's the review's excellent summary of why we need to do this:

The next phase of economic, scientific and social development has data as its core - the digital trace left by human activity that can be readily gathered, stored, combined and processed into usable material. This data, to optimise its value to society, must be open, shareable and, where practical, it should be free. The richest source of data is government, which accounts for the largest proportion of organised human activity (think health, education, transport, taxation, welfare, etc). Therefore Britain must focus intellectual attention and material resources on the task of fulfilling the potential of PSI. The benefits will be many including: transparency, accountability, improved efficiency, increased data quality, creation of social value, increased participation, increased economic value, improved communication, open innovation, and data linkage. Just imagine this applied to health, an area in which we are making significant advances. There is a significant amount of work ahead. For instance, at the moment health data comes through a variety of unconnected channels and into many different silos. It is hard
for researchers to gain access to its full value. Advances in technology not only now allow us to collect data at source in real time, but also enable more practical linkage and accessibility. Establishing ways to effectively link data should become a priority, with special attention being paid to how medical practitioners can both access data themselves, and also contribute the data they have collected.

Here are the review's main recommendations:

A. Recognise in all we do that PSI, and the raw data that creates it, was derived from citizens, by their own authority, was paid for by them, and is therefore owned by them. It is not owned by employees of the government. All questions of what to do with it should be dealt with by the principle of getting the greatest value back to citizens, with input not just from experts but also citizens and markets. This should be obvious, but the fact that it needs to be constantly reaffirmed is illustrated by the way that even today, access to academic research that has been paid for by the public is deliberately denied to the public, and to many researchers, by commercial publishers, aided by university lethargy, and government reluctance to apply penalties; thereby obstructing scientific progress.

It's great to see that the first statement about PSI is that belongs to the public, and that the basic principle is giving back value to citizens. It's also good to see the reference to open access, something that has been discussed here on Open Enterprise many times, and how the case for making the results of research paid for by the public freely available is inarguable.

B. Have a clear, visible, auditable plan for publishing data as quickly as possible, defined both by bottom-up market demand and by top-down strategic thinking, overcoming institutional and technical obstacles with a twin-track process which combines speed to market with improvement of quality: 1) a ’early even if imperfect' track that is very broad and very aggressively driven, and 2) a #8216;National Core Reference Data’ high-quality track which begins immediately but narrowly; and then moving things from Track 1 to Track 2 as quickly as we can do reliably and to a high standard. ‘Quickly’ should be set out by government through publicly committed target dates.

I really like that framing: core reference data that is so important that it must be released as high-quality material, but everything else on a "good enough" basis, just to get the stuff out there. That deals with the frequently-raised objection that data isn't in a "fit state" to be released: if it's really important, then it must be made in a fit state; if it's not, then release it anyway.

C. Drive the implementation of the plan through a single channel more clearly-defined thanthe current multiplicity of boards, committees and organisations that are distributed bothwithin and beyond departments and wider public sector bodies. It should be highly visible and accessible to influence from the data-community through open feedback mechanisms. 'Implementation' includes not only publishing but also processes to ensure that government transparently uses its own structured data to improve policy development and to measure progress.

Open feedback is crucial here: setting up a single channel will only work if it is responsive to people's needs, and that means listening to comments.

D. Invest in building capability for this new infrastructure. It is not enough to gather and publish data; it must be made useful. We lack data-scientists both within and outside of government, and not enough is being done in our education system at school and undergraduate level to foster statistical competence; we will feel these gaps more and more as the potential grows. Government is already committing resources to this; we should consider increasing this further, as the economic and social benefits quickly and demonstrably outstrip costs. Our research councils should seek to play a more strategic role, targeting investment on basic data-science and on inter-disciplinary academic/business projects and partnerships.

This is a really important idea: we need to start training a new generation of open data engineers (and maybe find a better word to describe them - any suggestions?) Data literacy will become an important skill for the future, and the sooner we start nurturing it, the better.

E. Ensure public trust in the confidentiality of individual case data without slowing the pace of maximising its economic and social value. Privacy is of the utmost importance, and so is citizen benefit. People must be able to feel confident about two things simultaneously: that the data they have supplied or that has been collected about them is made as useful as possible to themselves and the community; and that it will not be misused to their detriment. We lay out ways in which we think we can get as close as possible to this ideal.

This is, of course absolutely right, but there is a slight irony here. While the Shakespeare review correctly emphasises the importance of respecting the privacy of citizens when their data is being used, the European Parliament looks likely to sell us down the river as far as data protection is concerned, largely because of unprecedented lobbying from US companies.

The most contentious issue for PSI is, of course, the idea that data currently provided by the trading funds - Companies House, Land Registry, the Met Office and Ordnance Survey - should be made available free. The Shakespeare review is certainly in favour of doing so:

The overarching aim of the Trading Funds should be to deliver maximum economic value from public data assets they provide and support, by working to open up the markets their data serves. This means they should work towards opening up all raw data components, under the Open Government Licence (OGL) for use and re-use.

That licence is pretty liberal - basically a kind of Creative Commons attribution licence, with a few minor differences. But making the data from the trading funds freely available would mean forgoing income; the review quantifies how much:

Deloitte were able to estimate the cost on Exchequer revenue of continuing to collect anddisseminate Trading Funds’ PSI in its current form, without charging for it, is in the order of £395 million on an annual basis. As government would no longer need to purchase the PSI itself, the direct loss to the Exchequer on an annual basis is in the order of £143 million. This figure may be lower still if there are efficiency savings to be made if fewer dedicated sales and marketing resources are required by Trading Funds. It seems a straightforward decision to invest £143m to make Trading Fund data widely available is a relatively small price to pay to leverage wider economic benefits far exceeding this by orders of magnitude.

As that makes clear, at the moment the UK government is paying the trading funds a couple of hundred million pounds for information that effectively it generates itself, so the actual lost revenue would be far less than some claim. Indeed, the figure of £143 million is small when you compare it to the £15 billion cost of a replacement for Trident, say - something that one hopes will never be used. But the knock-on benefits of liberating the trading funds' data are likely to be huge, judging by how much economic activity has been generated in the US, where such data is freely available.

All-in-all, then, the Shakespeare review is a valuable contribution to the open data debate, even if I wished it had been more self-confident in pushing for the zero-cost release of everything - including all trading fund data. Certainly, it seems like the open data revolution proceeds apace, and that's good news for open source and openness in general.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Do these moves signal a change in approach from a primarily defensive strategy in securing systems to an ‘offense’ mentality? If so, will all 28 NATO members be able to abide by these rules? What mechanisms are there for cyber-warfare monitoring, handling complaints between states, or ensuring that heightened sentiments don’t end with a military situation?

We may well be at the precipice of war. Recently, the networks of banks and some broadcasters in South Korea were hit in what is suspected to be a cyberattack by North Korea. The attribution remains unclear and but the incident remains a major cause for global concern.

On the ground level, too, our global research of the information security profession found that cyber-terrorism, hacktivism, organised crime and state sponsored acts featured among the top security concerns of infosecurity professionals.

Attackers are using more sophisticated malware and advanced persistent threats (APTs), which are becoming increasingly difficult to detect with current security technologies. The most common attack methods include stuxnet-like malware, zero day vulnerabilities, stolen digital certificates.

All this begs the question; are we managing our critical infrastructure adequately, and should our focus remain on this aspect in order to contain cybercrime?  Few easy answers are emerging as our use of the Internet continues to develop faster than our ability to secure it.

While we commend NATO’s efforts in bringing out the rule book (a collaboration of 20 international legal experts), in reality, a greater international collaboration is needed. There needs to be more co-operation and participation from governments (preferably without political agendas), corporations and information and software security professionals to develop a comprehensive strategic response if we are to withstand the incessant onslaught of cyber-attacks. 

We must focus on developing new capacities at the country and global level in areas that range from workforce and skills development, legal frameworks, law enforcement, formal education and societal instincts.  In doing so, we will create a strong foundation upon which security can evolve and keep pace with technological developments.

As for the professionals in the trenches, the global infosecurity community already plays a major role in establishing a common understanding of the issues involved and facilitating a collective approach to overcoming the cyber security challenges. But we can be much more active in this effort.

We are interested in your views on what you see as the challenges in developing a global collaboration for security. Feel free to get in touch: isc2europe@isc2.org ; or discuss the issues with us on LinkedIn.

Guest author, W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, Executive Director of (ISC)²

Michael Gove, the original swivel eyed loon, abolished New Labour ICT only to find his department was populated made by techno-ignoramuses who think that adding up their expense claims is higher maths and spend hours wondering how those computers stay in clouds and anyway what happens on a clear day?

Into this ball-scratching vacuum stepped geek-teachers who simply think too much. They see problems and look for solutions … fools. Now, politicians and civil servants do this I know, but they are blessed with ignorance so it is much easier for them.

Teacher-geeks however know too much and will try to solve problems like ‘the role of pedagogy in implementing BYOD within an XP networks optimised for student-safeguarding and data security’. Don’t laugh I can find you long articles that pretty much follow this format.

Real life is so much simpler as UKIP knows. He is a summary of ICT in the classroom.

Computing is not taught in schools as a mainstream subject because it is too hard for most, so don’t agonise about introducing it.

PowerPoints should not be, but are taught in schools because they are infantile and easy, so you’ll always have these taught en masse.

Spreadsheets should be taught to all because they are so damn useful, so don’t worry about boring the blighters they’ll thank you one day..

After years of investment, promulgation of half-witted theories of teaching and learning it ends up that no other software needs to be generally taught: ‘other software’ is either too difficult to master outside a specialist subject ( eg CAD) or too trivial to bother with.

Of the above, Spreadsheets deserve a special mention as they were responsible for the PC revolution in business and came from a grass roots BYOD revolution. Visicalc (1979) followed by Lotus 1-2-3 and eventually (in the 90s) Excel; these were the first Killer Apps, disruptive technology, crypto-anarchy, what you will.

The magnificent spreadsheet: It’s a simple calculator, it’s a fancy calculator, it’s a database, it’s a sorter and filterer of data, it can be coloured in, it can search for information, it can do presentational pie charts ... it was so good even Microsoft caught on in the end.

It’s hard to see middle aged Excel as a revolutionary but spreadsheets were popularised by hard-nosed BYOD anarchists and it is these types that will power the next revolution.

In schools today we have a necrotic ICT system which is beyond redemption running mostly useless software, expensively. Outside schools we have stunning personal technology and free software that allows us to do useful things like reading ebooks, navigating by satellite, communicating in a dozen ways; you just cannot do justice to the explosion of creativity that came with the ‘app’

So my message to teachers and students is to rise up, bring your e-books and smartphones to college, ignore the ‘crusties and their school policy about this and that’, start using them in and out of class. They can’t confiscate them all and if they try then put on your Guido masks and resist.

Hopefully someone will accuse you of being irresponsible and argue for calm and make a few concessions ... take that as a green light for full-on anarchy ... use role models … pretend you are a member of the Tory party….

For example, in the field of economics, there is a well-known paper by Carmen Reinhart and Kenneth Rogoff entitled, "Growth in a Time of Debt." The main result is that "median growth rates for countries with public debt over 90 percent of GDP are roughly one percent lower than otherwise; average (mean) growth rates are several percent lower." Needless to say, this has been seized upon and widely cited by those in favour of austerity.

However, as a blog post on the Roosevelt Institute from a few weeks back explained:

In a new paper, "Does High Public Debt Consistently Stifle Economic Growth? A Critique of Reinhart and Rogoff," Thomas Herndon, Michael Ash, and Robert Pollin of the University of Massachusetts, Amherst successfully replicate the results. After trying to replicate the Reinhart-Rogoff results and failing, they reached out to Reinhart and Rogoff and they were willing to share their data spreadsheet. This allowed Herndon et al. to see how how Reinhart and Rogoff's data was constructed.

They find that three main issues stand out. First, Reinhart and Rogoff selectively exclude years of high debt and average growth. Second, they use a debatable method to weight the countries. Third, there also appears to be a coding error that excludes high-debt and average-growth countries. All three bias in favor of their result, and without them you don't get their controversial result.

In other words, once the underlying model and its data were available, its errors were soon discovered. That simply wasn't possible with just the results, which people essentially had to take on trust. Here, then, is a clear case where publishing the code - in this case an Excel spreadsheet - would have had a major impact on how things turned out.

Of course, that shouldn't really come as a surprise, since doing everything out in the open is precisely the scientific method: you have to give full details of your techniques and data so that others can check your working. Except that this rarely happens nowadays. That's not because scientists have suddenly turned evil, or that science itself is in decay, but for a tangential reason that much science uses computers at some point in the analysis of results. However, it's very rare for the underlying code to be released, even if the raw data is. That, of course, makes it practically impossible to check how the final results were obtained. As the relatively simple case of the Reinhart and Rogoff spreadsheet shows, that can hide really major errors that can have huge knock-on effects - in this case, affecting economic policy around the world.

That means we need to re-invent science for the digital age, making it a requirement that any newly-written code used in the preparation of results must be published with the raw data used. If we don't, we risk moving into a period of increasingly unverifiable science, hardly a pleasant prospect.

But there's one more domain where the need for open source may not be apparent, and that is government. By that I don't mean that government needs to use free software - although it obviously does, not just for cost reasons, but in order to maintain its independence from vendors - but that the code it writes or has written for it to function must always be released.

I hadn't really thought about this aspect until I came across an interesting comment on Twitter that mentioned how some UK legislation was being turned into government actions using software I'd not come across before, Oracle Policy Automation Solution for Public Sector:

Oracle Policy Automation is a powerful platform to transform complex legislation, regulations, and policy documentation into executable software. It makes it easy for public-sector agencies to service citizens fairly, efficiently, and consistently while maintaining full compliance with laws and regulations. It also allows agencies to give real-time interactive advice about how policies apply to a citizen's or business' specific circumstance, automate very complex government determinations, and to update systems very quickly when laws and policies change.

Oracle Policy Automation software enables public-sector agencies to effectively manage policies by transforming legislation and policy documents into executable and maintainable business rules using the familiar format of Microsoft Word and Excel document formats. Agencies are able to deploy the rules to different service-delivery or processing channels without modification. This means the same rules support Web self service, call center, back office, and financials. The product includes a pre-built Web service for SOA deployments and a pre-built Web questionnaire application.

In fact, in my innocence, I had never even come across the idea of taking legislation and turning into executable software. Although superficially that seems attractive - law is just a kind of code, so obviously we can just convert it into computer code, right? - in fact it raises some really important issues.

After all, we're talking about interpreting law, which is not always clear in its meaning, and turning it into actions through software. But how do we know that the software interpretation really corresponds to the legal intent? Indeed, how on earth can programmers - with all due respect - pretend to know what legislation actually "means"? There's only one group of people that can do that, and that's judges, whose job is to interpret legislation and define how it should operate in the real world.

So pretending that task can somehow be carried out by code - be it never so clever - is a recipe for disaster. And that recipe is a thousand times more poisonous when closed source code is used to do that, as it apparently is in the UK, because there is no possibility that anyone can check how the translation has been made.

This takes us back to the situation described above for the austerity paper that turned out to be fundamentally flawed once the inner workings were revealed, and to the growing problem with opaque science. If we really must try to cut corners by automating the process of turning legislation into executables, at the very least both the code produced and the application used to run that code must be open source. That would allow others expert in this field to examine both and check that no gross errors have been made. Even then, it is the courts that must have the final say, but at least operating in the open allows clarifications to be sought from them before egregious errors are made by the executables that purport to implement the law.

The last thing we would want is for people to suffer years of unnecessary misery caused by a coding error in an application that is then used blindly. Unfortunately, that seems to be precisely what has happened with the reckless imposition of austerity around the world, whose theoretical underpinning was little more that a screwed-up Excel spreadsheet....

Follow me @glynmoody on Twitter or identi.ca, and on Google+

You can read the disgusting details of how publishers have fought against the "proposed international instrument on limitations and exceptions for persons with print disabilities" for 30 years in an column I wrote here back in 2011.

Amazingly, things have got even worse since then, with most of the fault lying at the feet of the US and EU, which are more concerned about placating their publishing industries than helping the poor and disabled around the world. And just when you think it can't get any worse, it does:

In a May 14, 2013 letter signed by Markus Beyrer, a Brussels based corporate lobby group known as Business Europe has sent a letter to Commissioners Michel Barnier and Karel De Gucht opposing the WIPO treaty on copyright exceptions for persons who are blind or have other disabilities. .... Business Europe describes itself as "the main horizontal business organization at the EU level." It represents 41 national business organizations in 35 European countries, claiming to promote "growth and competitiveness in Europe." Below is a list of the 55 member companies on its Corporate Advisory and Support Group, which describes its main constituency.

What readers of this blog may find most of interest are the names of the companies from the computer industry that are supporting this move to deny the blind even the smallest solace. Here are the main ones:

Facebook

Oracle

These are companies that often like to present themselves as decent and caring organizations whose pursuit of profit is balanced by a deep respect for fundamental human values. But their support here for the Business Europe lobbying group and its attempt to make it even harder for the blind to gain belatedly basic human rights like being able to read books - something that most of us are able to take for granted - is simply unacceptable.

I therefore call on Facebook, IBM, Microsoft and Oracle to dissociate themselves from the Business Europe group and its attempt to keep blind people in their darkness. If those companies refuse, we will know that their claims to any kind of humanity are shams, and should treat them with the contempt that they deserve.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

To cut a long story short, one provision allows works to be declared orphans if, after a "diligent search", the owners cannot be found. Money would be paid by the user, and held by an independent body in case the owner turns up at some point. It's a bit cumbrous, but at least it might finally break the logjam that has built up around millions of works that cannot be used because still in copyright, but without any clear owners that might give permission for them to be licensed.

However, there is one particular group who are unhappy about these plans. Photographers fear that their works may be orphaned because crucial information that they contain - the metadata - is sometimes stripped out. They are worried that if their photos are available with little or no metadata, publishers will be able to claim that they couldn't find the creators, and so turn any of those images into orphans.

I've written elsewhere why that's not the case, but here I want to concentrate on the issue of metadata. Even though I think the photographers are wrong about the effects of the new Enterprise and Regulatory Reform Act, I do agree with them that metadata is important. And the reason for that is that it provides a way for attribution to be passed along with the photo. In fact, this is true more generally: all digital works could come with metadata that gives details of who created them, and under what licence they are released.

As I wrote in a previous article:

Currently, there is no easy way to embed that kind of metadata, nor to work with it. This makes the creation of tools that allow such metadata to be embedded in files an important task that needs tackling if the online reputational system is to be bolstered.

I produced that piece in support of an idea from Jonas Öberg, who wanted to create just such a system as part of a Shuttleworth Fellowship that he was applying for. Having gained that Fellowship, he is now moving on to implementing the idea, and has turned to Kickstarter to raise some funds to help him do that:

We believe that all creators deserve to get credit for the works they publish. Our goal is to make it easy and automatic to attribute a digital work, for instance when it is used in popular web and blog platforms such as Wordpress and Drupal. We want to do this by persistently associate attribution (and licensing) information with the digital work itself. This will ensure that, even when a work is shared, information of who created it remains.

Unfortunately, many existing web platforms strip information about the creator from images when you upload a work. The first step in our work is therefore to raise awareness of the need for this technology, and to show in practice how easy it would be to credit the creator if this technology was in place! We hope to influence web platform owners, as well as encourage developers and creators to join us in creating technology for the future.

At the time of writing, Öberg's project has received $1,330 of the $25,000 it is seeking. The Kickstarter page spells out how that will be spent, if achieved. Other than writing the piece referred to above, I have no connection with this project, but its aims seem laudable. Certainly, I think that attribution will prove to be key element of many new business models for both artists and companies.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Open Enterprise has been writing about those miracle for some years now, mostly in the field of open source, but increasingly concerning open data and related areas. But there's one rather different open project that has achieved miracles, and which today celebrates its 10th anniversary:

We made it. A decade of Groklaw as of today. Who'd a thunk it?

And it worked! That's the amazing part. It actually worked. So far, so good.

That's a really good summary from Groklaw's founder, pj, of what the site and its community does and why it does it so well.

The main attack from the proprietary world was of course SCO - unbelievably, at the time that SCO started flinging around its baseless accusations, some were predicting Linux was in trouble, possibly doomed. Today, I suspect that most people don't even remember who SCO were - while using Linux-based Android smartphones to search on the Linux-based Google servers dozens of times a day.

And so it has proved with successive attacks. Remember how open source was doomed because of Oracle's lawsuit against Google? Or all the other "fatal" attacks that would see free software consigned to the dustbin of litigation history?

One reason none of those doomsdays took place was the intense scrutiny brought to bear by the Groklaw community on the facts of all these cases. Indeed, one of the key achievements of Groklaw is showing just how the open source methodology could be applied to law - an idea that had been floated before, but never realised with such success. As pj writes:

Group dynamics are awesome. Whenever there is a new need, somehow the right people show up and fill it. Whether it was meticulously demolishing SCO's claims, one by one, or doing patent prior art searching, or explaining that software is mathematics and hence unpatentable subject matter, or noticing what the real game is in the patent smartphone wars, you came through with competence, donating your knowledge, research, and skills to the group effort. And you did it entirely as volunteers, as a free gift to the world.

Along the way, Groklaw also grew into a fantastic resource for everyone trying to understand and fight the attacks on openness and freedom that used intellectual monopolies as their weapons. That includes some important discussions of why software patents just don't make sense, and should be abolished.

Talking of which, it's interesting that pj in her 10th anniversary post refers to the following recent decision :

I've been almost speechless ever since the CLS Bank decision was published. Did you notice I just couldn't write anything much for a while? That's a Groklaw first. I see the progress so clearly in that decision, in the reactions too, and I ponder with real satisfaction the possibilities. I never thought the message would spread so quickly, so every time I'd have to edit another article about what software is, I'd be asking myself, how many more of these will I have to do? I thought I was condemned to years and years more of it before we'd get this far, to tell you the truth, if it would in fact ever be enough to matter.

The CLS Bank decision concerned software patents, and included the following remarkable statement:

At its most basic, a computer is just a calculator capable of performing mental steps faster than a human could. Unless the claims require a computer to perform operations that are not merely accelerated calculations, a computer does not itself confer patent eligibility.

As pj comments:

That's almost right. What they don't understand yet, but we'll keep explaining until they do, is that all computers are like that. None of them do anything but 1s and 0s, and it's all mathematics, mathematical manipulation of symbols, nothing more magical than that. Not that mathematics isn't magical. It is. But it's not patentable subject matter.

So it seems that we are finally getting there, even in the US. And one person who has played a key role in getting us to this point is pj herself, to whom we owe a huge debt of gratitude for starting Groklaw ten years ago, and for turning it into the indispensable project it is today. Many thanks for that, pj, and happy anniversary.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Standards bodies generally require members to commit to license on FRAND terms the patents that they have declared essential for a standard. This commitment is designed to ensure effective access to a standard for all market players and to prevent "hold-up" by a single SEP [standard-essential patent] holder. Indeed, access to those patents which are standard-essential is a precondition for any company to sell interoperable products in the market. Such access allows consumers to have a wider choice of interoperable products while ensuring that SEP holders are adequately remunerated for their intellectual property.

The Motorola Mobility SEPs in question relate to the European Telecommunications Standardisation Institute's (ETSI) GPRS standard, part of the GSM standard, which is a key industry standard for mobile and wireless communications. When this standard was adopted in Europe, Motorola Mobility gave a commitment that it would license the patents which it had declared essential to the standard on FRAND terms. Nevertheless, Motorola Mobility sought an injunction against Apple in Germany on the basis of a GPRS SEP and, after the injunction was granted, went on to enforce it, even when Apple had declared that it would be willing to be bound by a determination of the FRAND royalties by the German court.

The basic problem is that the "fair" and "reasonable" bit in FRAND are ill defined. Until now, companies and courts have more or less agreed on what those terms mean - which is why FRAND has seemed to work. But the dense patent thickets surrounding smartphones have changed all that: practically everybody is suing everybody else, and "fair" and "reasonable" got chucked out of the window along with many other sensible attitudes.

Now that the European Commission is involved, Motorola will doubtless start behaving again, but the fact that it took this high-level intervention to resolve what is essentially a trivial patent spat shows that the FRAND system is fundamentally unfit for purpose: this is not a viable way to proceed in the future. The only logical solution is to adopt RF licensing in these circumstances. That's right, because it allows free software to compete on a level playing field, and it's rational, since it avoid the kind of playground bickering exemplified by the present case.

Update: Here's a good post by LibreOffice's Charles-H. Schulz from a couple of weeks ago making the same point about FRAND in the law case involving Motorola and Microsoft in the US.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

open source solutions save money for customers by doing away with the fat margins for existing computer companies - and thus shrink the overall market. Opponents of open source like to paint this as “value destruction” that takes money “out of the economy” - as if free software went around burning down offices and warehouses.

What they fail to grasp is that the 90% savings do not just vanish like the smoke from those supposed conflagrations. That money is still in the economy, it's just spent on other items: free software allows people to use their hard-won money for things other than operating systems, office suites and applications. In developing countries, for example, it might mean more funds available for education or health.

Here' someone else that has twigged this:

The real impact of open data will likely not be in the economic wealth it generates, but rather in its destructive power. I think the real impact of open data is going to be in the value it destroys and so in the capital it frees up to do other things. Much like Red Hat is fraction of the size of Microsoft, Open Data is going to enable new players to disrupt established data players.

That's from David Eaves, an astute commentator on the world of open data, and open government. He goes on to talk about a very specific application of this principle regarding the proprietary software Socrata, and the open source CKAN. I naturally prefer the latter, and not just because it comes from the Open Knowledge Foundation, on whose advisory board I sit. Here's what Eaves points out about these systems:

Most people believe these are open data portal solutions. That is a mistake. These are data management companies that happen to have simply made “sharing (or “open”) a core design feature. You know who does data management? SAP. What Socrata and CKAN offer is a way to store, access, share and engage with data previously gathered and held by companies like SAP at a fraction of the cost. A SAP implementation is a 7 or 8 (or god forbid, 9) digit problem. And many city IT managers complain that doing anything with data stored in SAP takes time and it takes money. CKAN and Socrata may have only a fraction of the features, but they are dead simple to use, and make it dead simple to extract and share data. More importantly they make these costly 7 and 8 digital problems potentially become cheap 5 or 6 digit problems.

There it is again, that creative destruction. And that means two things. First, that more software dinosaurs are doomed to lose their power and importance quite rapidly, because their business model is based on selling extremely expensive solutions to problems that can now be solved very cheaply with open source. And secondly, that users are about to save huge amounts of money thanks to applications that manage open data, just as they can now do with open source. After all, as I pointed out three years ago, this money that SAP et al. will no longer receive does not vaporise: you get to spend it on something else.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

With governments and businesses increasing their uptake of newly-mature fingerprint, finger-vein, iris, voice, and face recognition technologies to provide a cost-effective answer to a range of identity authentication scenarios, biometrics are now being used in airports, on the high street, and on mobile devices. So how can we be sure that today’s biometric systems can be trusted? And what happens if that trust is misplaced?

Vulnerability to fraud attempts is increasing, as criminals and opportunists look to take advantage of new, large-scale biometric systems. “Biometric fraudsters” typically attempt two kinds of attacks:

• Impersonation: An imposter seeks to be incorrectly recognised as a different, legitimate user.


• Obfuscation: A user manipulates his or her biometric traits to avoid recognition.

Fraudsters are prepared to go to extreme lengths, including coercion of legitimate users, creating fake samples, using mutilated body parts and resorting to plastic surgery. They have also benefitted from the same technological advances as cyber-criminals and can access the technology needed to tamper with biometric documents, create biometric spoofs, and test their results-all from the comfort of their own homes.

We know fake fingerprints can be created, but are some of the newer biometric modalities immune to attacks? It seems not. Accenture reviewed state-of-the-art biometric modalities and discovered that they can all be spoofed. Fingerprint, face, and voice recognition systems appear to be the most commonly affected, primarily due to their wide deployment; however, iris, vein, and even DNA-based systems are also vulnerable.

So how can we create biometric systems which are resistant to biometric fraud? A typical approach is to opt for a multi-modal biometric system, which relies upon multiple biometric traits to confirm an identity; however, while this is an excellent first step, recent studies have shown that even these can be breached. Often, successfully spoofing the modality that is considered the most reliable (and has the highest weighting in the matching calculation) can fool a simple multi-modal system.

System vendors have incorporated analytical features, additional data and more sophisticated biometric fusion algorithms into more advanced products to reduce this risk. However, multi-modality alone is not a panacea to safeguarding identity and combatting biometric fraud.

Accenture proposes a pragmatic approach to combatting biometric fraud:-

1. Firstly, consider the system to be protected. Depending on the business purpose of the system, and its exposure to the outside world, it may require significant fraud detection capabilities. Anti-spoofing measures typically decrease user convenience, as they can generate false alerts, and should only be applied when high levels of security are required.
2. There is no “silver bullet” solution. While multi-modality is a helpful approach, it isn’t a sufficient countermeasure on its own. Fraudsters must be presented with a series of varied and unpredictable barriers

With these considerations in mind, it is important to choose countermeasures wisely. The individual defences that strengthen a biometric system’s resistance to attacks can be drawn from the following categories:-

• Functional decisions, such as the use of multi-modal biometrics, or the combination of biometrics with other authentication factors.
• Technical capabilities, such as biometric anti-spoofing and likeness-detection algorithms, advanced analytics capabilities, cancellable biometrics and template-protection algorithms.
• Operational decisions, such as measures to deter fraud attempts before they are conceived, the level of supervision to be applied to the system, the strategy to “stay ahead” of the threat, and the security upgrade plan.

When considering biometric fraud detection, many factors need to be taken into account, including the increased cost and complexity of the solution, dependency on specific hardware or software components, and the impact on user convenience. A cost/benefit analysis is an essential step, to prove that the anticipated costs of the proposed countermeasures outweigh the expected benefits of reduced biometric fraud.

All the stakeholders in a biometric solution— governments, public safety agencies, business owners, biometric system vendors, system integrators, and indeed, the end-users - ordinary citizens and customers—have a vested interest in the system being resistant to fraud. As biometric systems are increasingly adopted to help deliver fundamental services, fraud resilience becomes an urgent requirement. Effective biometric fraud detection requires a diverse set of capabilities, as well as a broad range of third-party vendor, academic, and standards-body relationships.

In short, organisations need to adopt a holistic approach; one that integrates robust biometric fraud detection along with more traditional IT security techniques and processes. In ‘our always on and always connected’ world each of us has a role to play to ensure that biometric technologies become a force for good in society, delivering change despite the efforts of a few would-be fraudsters.

Posted by Mark Crego, Managing Director, Accenture Border and Identity Services and Alastair Partington, Senior Manager, Accenture Border and Identity Services

How so? Because as the saying goes: ‘You cannot aim to go somewhere unless you know where you are starting from.’ And benchmarking tells you where you are - not where you would like to be.

What is it?
To begin with, what actually is benchmarking? Essentially it is the comparison of an organisation’s practices and performance against A) its peers and B) industry best practice standards. But good benchmarking doesn’t just look at IT in isolation. It also seeks to identify those innovations, processes and practices that can optimise the business by, say, improving customer services, streamlining processing cycles and spending smart.

Some see benchmarking as a tedious back office task that must be done periodically to reassure management that the IT department is not underperforming their peers and/or their own previous baseline KPIs. Sometimes it is undertaken with reluctance and other times a study is undertaken when there is a service delivery problem that can’t be resolved any other way.

Some CIOs have used benchmark consultancies in the past and found the results wanting: often because the report provides general data but offers no useful guidelines as to how to use the information to implement change or improvements. Others think benchmarking is something they would like to do at some point but have more pressing demands on their ever-shrinking budget.

A business investment
To the enlightened benchmarking is a critical business tool. This view is based on the understanding that technology underpins nearly every enterprise function and the better it works the healthier the company. The 2010 Global Bench¬marking Report surveyed 450 organisations in 44 countries and found that 68% of them used benchmarking and of those that were not, 60% planned to with the next 3 years. The main benefits cited were A) improving performance and processes B) understanding how other organisations operate and C) addressing major business strategy issues.

Strategy for continuous improvement
For organisations like this, benchmarking isn’t a rear-guard action for troubleshooting - it is a proactive measure with a three-fold aim: To establish a framework for continuous improvement; to maintain or achieve best-in-class status; and to identify better value-for-money. This last is not simply about cutting costs, but rather striking the optimum balance between cost and service quality.

All this assumes, of course, that the benchmark study is done by an independent (unbiased) consultancy that not only has access to accurate, up-to-date, extensive and meaningful peer and market data, but also knows how to translate this information into recommendations for real and achievable improvements. This holds true whether the study is done for private/public sector organisations or for a service provider, because at the end of the day they both face the same issues: the need to provide the best goods and services at a competitive price to win market share, improve margins and remain competitive.

How does it work?
The first step in benchmarking is to establish a baseline by looking at every aspect of the IT operation from staffing, infrastructure components and workflows to the performance quality and cost of the services provided (eg. the data centre, desktop support, etc.). This involves a structured approach to data collection starting with surveys and stakeholder interviews. But a survey is just the start. To be of any use, the data gathered from these surveys - which depend on the biases and accuracy of participating individuals - then needs to be validated within context. What do we mean by this? Well, as an example, a survey may reveal that inhouse clients feel they are paying too much for their IT department’s services. But feedback means little unless looked at in the context of other influencing factors.

The context of cost
Some studies focus only on cost- which is not surprising given the tradition of benchmarking for the sole purpose of finding savings. But this misses the bigger point. Taken out of context the issue of cost is misleading because it is rarely about ‘cost’ alone - rather it is about ‘value’, a quality that can only be measured in relation to other influences. In IT benchmarking, there are a range of parameters that should be taken into account - such as volume (of calls to the help desk, number of incidents resolved, etc.), staffing levels, the scope of a service and the quality of its delivery, the complexity of an operation (for example, how many legacy systems must be maintained), and the maturity of an organisation’s process methodology. For example, if a company has built in ISO standards they are likely to be more efficient and cost-effective than one less structured.

Getting the big picture
Industry sector is also contextual. There is sometimes a tendency to seek peer comparison within one’s own market exclusively. Yet while being at the top of the ‘league’ may be good for morale it isn’t as valuable as knowing where one stacks up in the ‘premiership’. A cross-industry comparison with organisations of a similar size, IT complexity, service profile etc., from different industries such as government, healthcare, manufacturing, fast moving consumer goods and financial services offers much more insight. By looking at how others in different industries do things, the additional scope can offer valuable new insights into new methodologies and best practices.

Virtual modelling
Having obtained all this enriched data, it can then be harnessed for a wide range of business analyses and projections. A fast, accurate and costs-effective way to do this is by using virtual modelling which applies ‘what if’ scenarios to measure various outcomes. For example you might ask:

• ‘If we were to cut X staff, what would be the maximum service quality we could expect and what would be the corresponding savings?
• ‘If we reduce our outsourcer SLAs to Y what staff would we then need to take up the slack and what, if any, savings would we achieve?’
• ‘If we were to merge our IT operations with another organisation or region, what would be the estimated savings?’

Provisioning
Having looked at the KPIs, the next step is to compare provisioning models. These might include in-house, outsourced or a hybrid of both; traditional vs cloud-based providers; new procurement models like SaaS and IaaS; shared (rationalised) services and others. A good consultancy can help to identify the cost and efficiency levels of in-house vs. outsource provisioning. And if they have up-to-date supplier price catalogues they can also compare the most attractive price/quality options for specific services on an apples-to-apples basis.

Of course, no organisation wants to be found wanting, and so may avoid the very idea of benchmarking. But this is a short-term view. In our experience there are essentially three ways to think about improvement: The first is that you must be in shortfall if discovered to be less than perfect. The second is ‘Why fix what ain’t broke?’ The third - and the one that gets the best results - is realising that everything everywhere should be in a continual state of improvement and the only way to keep growing is to keep changing.

Posted by Sarah Jennings, Account Partner at ImprovIT
ImprovIT is a UK-based independent business technology consultancy specialising in metrics-driven analysis (MDA) and peer benchmarking of IT cost, performance and quality.

Under the terms of the agreement, affiliates of the Investor Group will acquire all outstanding BMC common stock for $46.25 per share in cash, or approximately $6.9 billion.

This is one of the largest M&A operations in a long time. Significantly, it has been prepared for quite some time, which culminated in a restructuring a month ago, by which the five product groups operating under BMC Software became one. Instead of having several categories reporting their gains (or losses) we have now one happy family where the gain of one member balances the loss of another.

We have also a unique opportunity to have these former product lines working together for a better integration of BMC Software solutions with a corollary prospect of having more R&D investments in previously “weak” categories. Being free of the short term mandatory “good results to satisfy the street” will also participate in building a better BMC Software.

Although fourth quarter results were below the Street expectation by a hair (-$.06 per share and -.04% in Revenue), BMC Software bookings grew 14% from a year ago, with an encouraging result for ESM which was up 9% from a year ago.

Over the past ten years, BMC Software has made its mark on the IT Management Software (ITMS) market, and is today only second to CA Technologies. From what we can see, the privatization of BMC Software provides an opportunity to invest into the future of ITMS and to become a serious contender for first place in the years to come.

For BMC customers, this sounds like very good news. There is, of course, a flip side: we can expect that streamlining the operation will lead to weeding some dead wood products, which of course may be a problem for some of us. This is one area where the future BMC will have to tread carefully.

The future of BMC can take many paths, including persisting the company in its complete state (sans the aforementioned "dead wood" products), selling it wholesale to another technology company (unlikely, but possible), or breaking up the company and selling the parts. This latter scenario is plausible and is the prevailing speculation in the marketplace, however it is just that - speculation. The likeliest future path for BMC is to make no material changes to the business. The Investor Group will do some trimming, but they will not disrupt the company's growth trajectory. That would be foolish - and these investors are not fools.

In short, Forrester sees little risk to BMC customers over the next year. After that it is again purely speculation. Watch the new management's actions to determine future directions.

Ignore the rhetoric from BMC's competitors about BMC's future because the only people who know the future of BMC will be the new owners - and even they don't yet quite know.

Posted by Jean-Pierre Garbani

Big Data is basically about 3Vs: Volume, Velocity and Variety of data to gain veracity and value in fraud management. Volume and Velocity are nothing new: fraud management products have long been capable of analysing terabytes of data in billions of transactions - in real time.

What's really new for Fraud Management about Big Data is Variety: Using all types of new information to make better decisions with lower false positive rates. The new data sources that are increasingly used in Fraud Management are:

• Social network data. Has this user been writing about committing fraud on Facebook? After seeing how dumb some criminals can be, this data source is pretty important.
• Geolocation of mobile devices. The fraud management system should warn ahead of time if a user has been in the same location as the ATM when he/she used her ATM card to empty her bank account)
• Identity and Access Management systems logs. The fraud management system should warn ahead of time if the authentication system in front of my customer facing system see any evidence of the user logging in from a risky geography or from a new device before the user emptied their bank online by making unauthorised transfers to a mule account)
• Textual and unstructured data. The fraud management system should warn ahead of time if, for example, a medical provider or insurance adjustor is always using the same combination of terms of "suture removal" or "rear hit accident" in suspicious contexts or just in an excessively repeated way)
• Link analytics data. Using link and entity graphs beyond just Googling and link analytics risk score that can be injected into a holistic fraud score is something that can help identify fraud rings and collusion much faster.

Posted by Andras Cser

On April 22nd I read Glyn Moody's Computerworlds.UK blog Software Patents Storming Up the Agenda Again and several thoughts immediately struck me. For one, he was factually wrong on several fronts. Secondly, it reminded me of an article I just published in the US that discussed machine translation. That’s the main argument made by Mr. Moody that the European Inventor award should not be given to a group that invented a phrase-based machine translation using a statistical approach. I also was struck by his comment “The inclusion of a pure software patent (the machine translation patent) in the European Inventor Award shortlist is a real slap in the face of European companies and citizens, and looks like a calculated provocation from the EPO.”

So, where did I go wrong?

Mr. Moody’s factual mistake is that he believes that copyrights are a substitute for patents. Patents protect the invention while a copyright only protects the illegal copying of computer programs. A copyrighted program is not able to protect any invention (or “idea”, as Mr. Moody calls it) that might be embedded in that computer program. It’s just not a viable substitute for patent protection. That’s why there are many thousands of software patents filed in the US each year.

What Mr Goetz calls a bug, I call a feature. One of the key problems with software patents is that they give people a monopoly on a programming idea: that's as absurd as giving someone the monopoly on the idea of a mousetrap. What patents should do is stimulate the creation of better, different mousetraps. That's precisely what copyright does in the context of software: it protects the details of that nifty subroutine that you wrote to implement a general idea, but does not stop anyone else coming up with a different approach. If somebody is able to patent the underlying idea of the subroutine, that clearly locks out all the better implementations of it, which means that patents actually block innovation.

So let's move on to Mr Goetz's article that he mentions. Here's the key argument:

Imagine that the digital computer and the stored computer program (software) existed in the late 1800’s. If so, there is a high probability that the Wright Brothers would have used a computer program to control the three-axis control system in their 1903 Flying Machine patent application. If they did, we would call the patent they received in 1906 a software patent.

Further imagine that today’s anti-patent zealots who preach that all software consists of abstract ideas, mental processes or mathematics were thrown back in time to the late 1800’s. And finally imagine that they were successful in their stated goal to eliminate all software patents through an act of Congress. Had that really happened, the Wright Brothers would not have received a patent for what is recognized as one of the greatest inventions of the 20th century.

So the logic here seems to be that had there been software back then, the Wright brothers would not have received a patent on their software-implemented invention, and that the world would have been the poorer as a result. Well, let's just examine that example a little more closely.

Here's what Wikipedia writes about the Wright brothers' patent:

In 1906 the Wrights received a patent for their method of flight control which they fiercely defended for years afterward, suing foreign and domestic aviators and companies, especially another U.S. aviation pioneer, Glenn Curtiss, in an attempt to collect licensing fees. Their legal threats suppressed development of the U.S. aviation industry for several years.

One of the references for that article has more details:

The Wrights further restricted aviation progress in the United States by sticking doggedly to their basic design, despite the obvious advances being made in Europe. Improvements were made to the 1910 Model B, which had the elevator in the rear, wheels in place of skids, and did not require the tower-catapult for takeoff. The later Model C proved to be a man-killer; seven were purchased by the Army and five crashed, killing five men.

Thus it seems that the Wright brothers' obsession with their patent on "one of the greatest inventions of the 20th century" caused the US to fall behind Europe in aviation technology by failing to incorporate the advances being made on that continent, which largely ignored the patent. Indeed, the damage caused by the Wright Brothers' patent was so great that the US government was forced to intervene:

In 1917, the two major patent holders, the Wright Company and the Curtiss Company, had effectively blocked the building of new airplanes, which were desperately needed as the United States was entering World War I. The U.S. government, as a result of a recommendation of a committee formed by Franklin D. Roosevelt, then Assistant Secretary of the Navy, pressured the industry to form a cross-licensing organization (in other terms a Patent pool), the Manufacturer's Aircraft Association.

So it turns out that Mr Goetz's example is, in fact, the perfect demonstration of why patents are harmful. His hypothetical early 20th-century world where software existed, but software patents were forbidden, would have been spared the enormous problems caused by the Wright brothers' obsession with defending patents instead of coming up with better and safer products. The US government would not have needed to intervene to cut through the patent thicket, and maybe those unfortunate individuals would not have been killed by the Wright's outdated Model C "man-killer."

Some might say that without the patent, the aircraft industry would never have flourished, but a moment's thought shows why that's nonsense: the utility and value of machines that could fly is so high that people would have kept on developing them regardless of whether they could take out patents. That's because the real money is made by selling planes, not by licensing the technology that they use (think of Boeing and Airbus.) In the absence of patents, the main difference would have been a more rapid pace of development, as each company was forced to keep innovating to stay ahead of its competitors, spending money on research and development, not lawyers, as the Wright brothers did.

But let's move on, and look at two more of Mr Goetz's arguments in favour of software patents. The first concerns inventions that mix software and hardware:

In many industries inventions contain software programs as part of their disclosures. Take the Robotics/Medical Devices sector, where very sophisticated computer programs can control an artificial limb. How the artificial limbs are designed and constructed may be the invention. Or the invention may be how the computer program(s) interacts with the artificial limb. Or the invention may be a combination of both elements.

So those that want to eliminate software patents, by design or by ignorance, would eliminate all robotic/medical device inventions where the disclosure includes a computer program.

There are two parts to these inventions: the hardware and the software. The hardware could be patented if it contained some new, non-obvious innovation. The software would be protected by copyright automatically. Again, that's as it should be, since granting a patent monopoly on an entire class of software implementations simply ensures that better ways of realising the underlying idea are suppressed, as discussed above, which is not at all beneficial for society.

So far from "eliminating" all such robotic/medical device inventions, excluding software patents here would in fact stimulate more competition, faster innovation and better, cheaper products - just as Europe innovated faster in aviation without the deadening constraint imposed in the US by the Wright brothers a hundred years ago.

Mr Goetz's final category is the "pure software" invention. Here's what he writes:

Anti-Software patent zealots might argue that the definition of a “software patent” is when the disclosure of the invention only describes a computer program and a computer. And then their goal would be to have Congress change the Patent System to eliminate the issuance of “software only patents”. But that would be catastrophic for the Software Industry, where many of their inventions are software only. This industry is made up of thousands of companies and is recognized as one of the top three manufacturing industries in the world.With annual worldwide revenues well over $300 Billion this industry needs (and wants) just as much patent protection as other industries.

But patent protection is a very recent feature of the software industry which grew up and thrived without them. Indeed, early pioneers recognised that had software patents been widely granted, the software industry might never have taken off. Here's the view of one person you might have heard of:

In a memo to his senior executives, Bill Gates wrote, “If people had understood how patents would be granted when most of today’s ideas were invented, and had taken out patents, the industry would be at a complete standstill today.” Mr. Gates worried that “some large company will patent some obvious thing” and use the patent to “take as much of our profits as they want.”

Yes, in one of his more candid moments, Bill Gates admitted - in writing - that software patents would have destroyed his industry. And as a paper by James Bessen points out, this opposition to software patents was widespread in the industry in the 1990s:

In 1994, the Court of Appeals for the Federal Circuit decided in In re Alappat that an invention that had a novel software algorithm combined with a trivial physical step was eligible for patent protection. This ruling opened the way for a large scale increase in patenting of software. Alappat and his fellow inventors were granted patent 5,440,676, the patent at issue in the appeal, in 1995. That patent expired in 2008. In other words, we have now experienced a full generation of software patents.

The Alappat decision was controversial, not least because the software industry had been highly innovative without patent protection. In fact, there had long been industry opposition to patenting software. Since the 1960s, computer companies opposed patents on software, first, in their input to a report by a presidential commission in 1966 and then in amici briefs to the Supreme Court in Gottschalk v. Benson in 1972 (they later changed their views). Major software firms opposed software patents through the mid-1990s. Perhaps more surprising, software developers themselves have mostly been opposed to patents on software.

Those original fears about the harm that software patents would cause to the industry have turned out to be well founded. The book "Patent Failure" by Bessen and Meurer has calculated the aggregate annual patent profits and costs for the years 1996 to 1999, shortly after software patents became more common. The annual patent profits for US companies from software patents was $100 million; the annual litigation costs for software patents were $3,880 million. That means on average, the net effect of software patents was a loss of over $3.5 billion per year.

Moreover, things have got worse, not better, in recent years, thanks to the rise of NPEs - better known as patent trolls - that have exploited patent monopolies being given for general ideas rather than specific implementations, as discussed above, to sue very broadly:

Firms that license patents without producing goods—“ non-practicing entities” (NPEs)— have historically facilitated technology markets and increased the profits that small inventors earn from their inventions.

This paper makes several findings about this litigation. First, by observing what happens
to a defendant’s stock price around the filing of a patent lawsuit, we are able to assess the effect of the lawsuit on the firm’s wealth, after taking into account general market trends and random factors affecting the individual stock. We find that NPE lawsuits are associated with half a trillion dollars of lost wealth to defendants from 1990 through 2010. During the last four years the lost wealth has averaged over $80 billion per year. These defendants are mostly technology companies who invest heavily in R&D. To the extent that this litigation represents an unavoidable business cost to technology developers, it reduces the profits that these firms make on their technology investments. That is, these lawsuits substantially reduce their incentives to innovate.

Patent trolls reduce the incentives to innovate in one field above all:

the characteristics of this litigation are distinctive: it is focused on software and related technologies, it targets firms that have already developed technology, and most of these lawsuits involve multiple large companies as defendants.

Just as with the Wright Brothers, then, patents are not helping innovation, but hindering it severely, particularly in the field of software, where hundreds of billions of dollars of wealth has been destroyed by patents. The overall effect on research and development is devastating:

In the smartphone industry alone, according to a Stanford University analysis, as much as $20 billion was spent on patent litigation and patent purchases in the last two years — an amount equal to eight Mars rover missions. Last year, for the first time, spending by Apple and Google on patent lawsuits and unusually big-dollar patent purchases exceeded spending on research and development of new products, according to public filings.

The evidence is overwhelming: software patents were never needed to create the software industry we know today, and they are no longer needed now that unpatented open source is replacing proprietary software at every level. Software patents do not promote innovation, they stifle it. They do not reward inventors, but patent trolls. As an idea and in practice, the software patent - rather like the Wright brothers' lethally-dangerous Model C aeroplane - simply does not fly.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Thank you for your response to my previous reply. Regarding your first response I sincerely hope that most people did not simply give up. I will certainly commit to finding more efficient ways to canvas citizen's opinions but I am sure that you will recognise that this is not easy. I agree that keeping things simple is a very good rule of thumb to apply but this issue of civil enforcement of IP is not the easiest to simplify.

Finally, it is only if such cases go to the Court that the harm of the relevant infringement can be assessed in a fair and equitable manner and proportionate damages can be established. I would have thought that the 200 million citizens you refer to would be interested to know how judges decide in such cases and what, if any, damages are awarded. For example, do they only award damages for infringements that they assess to be of commercial scale ? If so, how do they evaluate commercial scale etc ? I hope that we will begin to find answers to those questions in our survey responses. However, given the time that you have personally dedicated to this consultation, I would be grateful for your views on these issues. We are very keen to engage with civil society and to be as objective as possible in our analysis and so any assistance that you could kindly provide in that respect would be welcome.

Here's my reply:

I'm delighted to hear that you are keen to engage with civil society, since I think that in the past this voice has been largely absent from conversations on this and many other areas. As you rightly say, it is not easy to canvas citizens' opinions, not least because the means to do so have been lacking.

Adopting this approach of iterated drafts placed online would, I believe, solve most of the problems I found in the current IPRED consultation, enabling you to receive more feedback from a wider spectrum of respondents, including the elusive public.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

This one from Germany, for example, where 170 PCs became infected with the Conficker worm. From the details of the story it seems that the Schwerin Ministry of Education are partly to blame for allowing their systems to become so badly infected, but what's really interesting is the solution it came up with: simply to throw all the computers away because the Ministry apparently estimated it would have cost as much to clean them as to replace them. This might not have been a sensible decision for a rational IT department to take but the fact that it could even be contemplated shows why open source solutions based around GNU/Linux are so much better.

For a start, of course, is the fact that there is practically no malware for the GNU/Linux desktop (Android is another matter, though....). That means it is highly unlikely that even the most incompetent IT department could have reduced open source PCs to the state of uselessness that seems to have been achieved in Germany.

But even if through some totally freak occurrence GNU/Linux systems had become infected, or just corrupted by power surges, say, there would be no question of throwing them away: you would simply re-install all the software. You can do that, because you don't need to consider any issues of licensing as you do with Windows. You don't need to worry what the contract says, or whether you have enough licences to re-install everything - you just do it.

And that underlines a hugely important aspect of free software: you never need to worry about the tiresome legal details of what can be copied, and how, or how you can use what program. I'd wager that had the Schwerin Ministry of Education been using free software as a matter of course, it would never have entered anyone's head to throw out perfectly usable PCs instead of simply reformatting them and re-installing the software.

This makes clear that the most dangerous Windows infection of all is not the kind that people routinely find on their PCs running that operating system, but the one they get when they choose to install Microsoft's products in the first place, and that causes them to make bizarre decisions like that of the Schwerin Ministry of Education.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Better still the users can divide themselves into rival camps from which brickbats can be chucked and within which the glow of belonging can be shared. This is essential of course; devotees, apologists, naysayers and evangelists are a marketer's dream, ‘Coke or Pespi’ for you sir?’

All this brings me back to the use of these devices in schools. Schools argue about which technology to adopt reprising long dead rivalries of the Microsoft past to which they cling. BYOD is knocking so hard on this door now that schools have to take increasingly hard lines on their unauthorised and uncontrolled use in class. Will the door burst open? Of course, it’s just a matter of time.

That day grew a little closer for me this week as I took my 18 year olds on a geology field trip. I had downloaded, photocopied and laminated the required geological map of our area when I thought, ‘hang on a mo’ what apps are there (free of course) for my Android?’

We are all used to Google Sky Maps, Google Terrain and OS maps on our PC’s. We are getting used to the fact that our phones think nought of integrating them with our phone’s GPS. But I was blown away with iGeology and iGeology3D.

The whole official geological map of the British Isles in incredible detail linked to my position... for free! It gets better the 3D version (Android only) allows you to point your camera to view the surroundings and the underlying strata appear as by magic to 10m accuracy. Touch the screen and it downloads the summary from the national database. Truly awesome.

So armed with our ‘phones’ off we went into the wilds of Surrey. We took photos and movies; used the compass app; jotted down the Lat/Long to the nearest second; pointed our 3D iGeology app; looked at the OS maps, identified samples from the Internet; looked up hill heights, pointed our phone torches down holes and texted each other to rendezvous back at the van!

We were unable to use the phones to collect and analyse water samples, to make measurements or to hammer rocks but surely they will soon be features.

BYOD was this week amazing, we hardly looked into our box of goodies containing a digital camera and video (so last century) or maps and compasses.

Others must have similar tales to tell and the knocking gets louder

That threat is coming to a head next Monday, when the European Commission votes on regulations that will determine how seeds can be produced and sold. The draft of the regulation [.pdf] is around a hundred pages of pretty dry rules, but the essence is as follows.

The new regulation will apply to every kind of plant, and will impose strict rules on those producing or offering seeds and plants commercially. They must register, every plant or seed they wish to sell must be certified, and these must be packaged according to strict rules that even specify what colour the attached labels must be.

The intent may be laudable: to ensure that plant material that is available in the EU is safe, and that problems can be tracked back to their source. But the bureaucratic burden and cost of compliance is likely to be well beyond most smaller seed producers. This will lead to genetic diversity being reduced, and control over seeds in Europe being concentrated in the hands of a few big companies, which will push their patented seeds over traditional open source ones, for obvious reasons.

You can find out much more about what the new regulations will mean for farmers and for ordinary gardeners, who will also find themselves affected, on the Open Seeds site. As that page explains, the vote on Monday by the European Commission is crucial, and I urge you to write to them at the following email addresses asking them to protect open source seeds:

Viviane.Reding@ec.europa.eu, joaquin.almunia@ec.europa.eu, Siim.Kallas@ec.europa.eu, Neelie.Kroes@ec.europa.eu, Antonio.Tajani@ec.europa.eu, Maros.sefcovic@ec.europa.eu, Olli.Rehn@ec.europa.eu, Janez.Potocnik@ec.europa.eu, Andris.Piebalgs@ec.europa.eu, Michel.Barnier@ec.europa.eu, Androulla.Vassiliou@ec.europa.eu, Algirdas.semeta@ec.europa.eu, karel.de-gucht@ec.europa.eu, Maire.Geoghegan-Quinn@ec.europa.eu, Janusz.Lewandowski@ec.europa.eu, Maria.Damanaki@ec.europa.eu, Kristalina.Georgieva@ec.europa.eu, Johannes.Hahn@ec.europa.eu, Connie.Hedegaard@ec.europa.eu, stefan.Fule@ec.europa.eu, Laszlo.Andor@ec.europa.eu, Cecilia.Malmstrom@ec.europa.eu, Dacian.Ciolos@ec.europa.eu, Tonio.Borg@ec.europa.eu

Here's what I've sent:

I am writing to you to urge you to object to the regulation of the licensing and sale of seeds, which I believe you will consider next week.

In summary, I ask you to reject the regulation in its current form, and to insist that it be modified to allow Europe ancient seed heritage to be preserved and enjoyed by future generations, and to ensure that European agriculture remains strong and independent.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Clegg finishes the article by suggesting a number of steps that could be taken in place of CDB. Increased data navigation training for police personnel and improving links with other international jurisdictions governing internet service providers are two of the ideas he mentions. That's all good, and I'd welcome positive actions that use existing laws to make things better. But whilst his rejection of CDB is clearly in the public interest, the counter proposals he brings up don’t really solve the long-term problem.

It’s not enough to just stop this bill. It's already a Zombie Bill, appearing from the grave time after time. The same sort of excessively invasive proposals arose unannounced in previous governments without appearing in their manifestos. There is clearly some underlying need deep in the Home Office that is making these proposals keep showing up in Parliament. 

I imagine each successive Secretary of State having a "Yes, Minister" moment where a shadowy civil servant explains that yes, the proposals seem invasive and yes, the parties in power expressed opposition to just those proposals when the previous government made them but blocking the proposals would be "a very brave decision, Minister".

Clegg presumably had that briefing and decided the Liberal Democrats' electoral position was desperate enough to risk that "brave decision". Bravo. But I don't think his actions will solve the problem for Britain long-term. Someone, somewhere (GCHQ? MI5?) knows there's a conflict between their desired operational actions and the law and needs it fixed as soon as possible. 

Consequently, the same proposals will simply claw their way out of the grave Clegg has dug for them one day and return in the night for our brains. To stop the Home Office bringing it back yet again, we need some new legislation which meets some of the needs addressed by CDB but in a way which doesn’t blindly trample the rights of the average internet citizen or company.

Open Rights Group‘s new digital surveillance report offers a much more thorough and workable outlook. It gathers papers from a range of expert views and ultimately makes ten recommendations for policy makers to take on board. A clear criticism by the Joint Select Committee was that the Home Office was not clear which parts of the proposed Bill were truly essential and which parts were over-reach or for the purpose of obfuscation. This new report offers a basis for joint discussions, which the Home Office now needs to embrace. 

If new legislation can be drafted built on the principles of this report, we can hopefully avoid altogether future iterations of the Snoopers’ Charter. But to do that, the Home Office needs to engage with informed, capable citizens. The Open Rights Group has spent the money and taken the initiative; the ball is now in the Home Office's court.

Follow Simon as @webmink on Twitter and Identi.Ca and also on Google+

Here's that same Gov.uk site's page on Disability Living Allowance:

How to claim

You can apply for Disability Living Allowance ():
online
by post - using the claim pack (the forms tell you where to send them)

OK, let's see what happens when we follow the link for online applications: we end up on this page, where we are told:

This service doesn’t work with some modern browsers and operating systems.

Oh, really? So which ones might they be?

Operating systems and browsers

You are likely to have problems if you use Internet Explorer 7, 8, 9 and 10, Windows Vista or a smartphone. Clearing temporary internet files may help but you may wish to claim in another way.
There is also a high risk that if you use browsers not listed below, including Chrome, Safari or Firefox, the service will not display all the questions you need to answer. This is likely to prevent you from successfully completing or submitting the form.

So not only does it not work with GNU/Linux - as usual - it doesn't even work with Macs or smartphones. Basically, it works only with laughably old versions of Microsoft Windows:

Microsoft Windows 98, Microsoft Windows ME, Microsoft Windows 2000, Microsoft Windows XP

Oh, and just to add insult to injury:

If you use Jaws or Supernova screen readers, we apologise for any problems you may experience.

In other words, if you are visually impaired, tough luck, matey.

This site is a disgrace. It would have been a disgrace ten years ago, but to be requiring people to use old versions of Windows in order to apply for Disability Living Allowance, Attendance Allowance and Overseas State Pension online, is just beyond a joke. Those responsible should hang their heads in shame and sort it out immediately.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Twenty years ago CERN published a statement that made the World Wide Web ("W3", or simply "the web") technology available on a royalty-free basis. By making the software required to run a web server freely available, along with a basic browser and a library of code, the web was allowed to flourish.

In fact, as his book "Weaving the Web" makes clear, Sir Tim Berners-Lee was hugely influenced by Richard Stallman and free software. Today, free software runs just about every aspect of the Internet, from DNS, through email to Web servers. But it's important to remember that as well as promoting free software, the Web represents a two-decade long demonstration of the unmatched power of RF to stimulate innovation and create wealth in a way that FRAND has never never achieved - and never will.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Political parties around the world are campaigning on cyber-issues. For professionals that have fought to make themselves heard over more than two decades, this is a welcome development. But does it represent progress?

Information Security is a discipline that has from the outset developed on an international level. Recognised principals and codes of practice have developed from the grassroots, driven by the need to share information and access others’ experience.

As the profession developed in a connected world, one was just as likely to plug into that valuable nugget of experience from someone around the world as around the corner. It’s a dynamic that remains essential to the health of the profession today, given the constantly changing nature of the technology and threat landscape.

However, as we enter the age of the national cyber-security strategies, we may find unanticipated barriers that could upset this dynamic. While we have always faced a complex legislative environment, now we have a series of global frameworks that lay new foundations for how legislation should be developed on a national or regional basis.

The incentives driving these frameworks differ greatly. The US, for example, is highly driven by national security, the EU by the development of an enabling digital agenda, and the UK is somewhere in between these two. This suggests the world of professional cyber-security is about to become much more complicated.

These strategies also put a spotlight on the need to develop skills within national economies. Unfortunately, this is fuelling a proliferation of initiatives to define new standards for skills that do not necessarily reflect the norms already recognised by the practising professionals. Beyond the obvious waste of public finances, companies and governments may well be put at risk by the confusion that ensues.

International organisations such as the International Standards Organisation (ISO), the EU, and individual countries have entered the race to influence the cyber-skills standards.  There is little evidence that these groups recognise each other’s work or are making any effort to ensure harmonisation. Worse many countries  the UK among them, see this as an opportunity to develop competitive advantage.

For the practitioner on the front line, working in an international environment that has always been his or her jurisdiction, these developments represent a potential nightmare. There is little evidence that the professional community is even being properly consulted.

I am not suggesting that governments should leave the issues alone. Far from it but if we are to see progress from their effort, we need to see a commitment to understanding what progress looks like, and where their investment can have significant impact. 

Governments need to understand what it means to listen. The profession too must play its part; make an effort to understand these developments and actively work to ensure they can be heard.

However, there is an important hardware feature of the Samsung Galaxy S4 to note here: finally a Near Field Communications (NFC) chip is embedded in the device (something that Apple left out of the iPhone 5), making it useful for mobile payments, building access control, and lots of other security uses.

Issuers, payment services providers and trusted services managers have long been dreaming of mobile phones with NFC chips: not having to send plastic credit cards with EMV chips (or magstripes in the US) but being able to personalize the credit card right on the phone reduces card management costs, improves end user satisfaction. There is nothing new here. But here's where NFC finally in a mainstream mobile phone can revolutionise fraud management:

1. GPS verification. So if you use it to make a card present transaction by touching your phone NFC credit card to a PayPass or other proximity based credit card reader, the payment authorization platform can immediately know where you are, correlate it with the riskiness of the location (country) and use your location to build a risk score.
2. More factors and better capabilities for payment authentication. Instead or in addition to asking for a PIN code for transaction authentication, the payment processor can contact your registered phone and - based on risk - can ask for a PIN code signature, or secondary authentication like facial recognition or biometric retina vein recognition to authorize a higher value transaction.
3. Linking the NFC chip to an eWallet. This will be easier than ever before. If the NFC chip is initialized to be a credit card, the eWallet application can check for the presence of it and maybe even use it in a card present transaction.

Posted by Andras Cser