Monday, 24 May 2010

Cancellor of the Exchequer Osborne drops poker mask with "Public Spectre" Freudian slip

Was it my imagination, or did George the Younger utter something of a Freudian slip in his reference to cutting £6.25bn in wasteful spending on ‘the Public Spectre’?

I think he did! It’s 02:43 into this, see what you think:

In the meantime, I’m just going to lay down a bit of search-engine bait to attract some really disappointed people:

A spectre is haunting Europe — the spectre of communism. All the powers of old Europe have entered into a holy alliance to exorcise this spectre: Pope and Tsar, Metternich and Guizot, French Radicals and German police-spies.

Now that's what I call key word repetition! Speaking of German spies, that’s another sacrificial lamb shish for me, Dr Papoulias. Sorry, Angela, did you want extra bile with that chilli sauce?

Friday, 21 May 2010

Bend it like Hamid Karzai

Oh for goodness sake. I started this thing just to, I don’t know, shoot my mouth off a bit probably, have a bit of a moan, bit of a laugh. Turns out that real life outflanks me at every turn.

So where Alexander the Great failed, Babur Becks sends in a curved one. Obviously. I mean how could it be otherwise?

Thursday, 20 May 2010

Surely this can only be good news?

Scientists in the US have succeeded in developing the first synthetic living cell.

The researchers constructed a bacterium's "genetic software" and transplanted it into a host cell.

The resulting microbe then looked and behaved like the species "dictated" by the synthetic DNA.

Hurrah! What could possibly go wrong?

Hat-tip to Mr Stangroom

Monday, 17 May 2010

The cordless gravity bungee-jump moonhole perpetual motion machine thing

In anticipation of the commercial age of space travel, when I was at school I came up with the idea of a cordless bungee-jump tourist attraction on the moon. The idea was that, once the early adopters had spent enough money to make holidays to the moon viable, some space-age subsidiary of Chessington World of Adventures or some such would drill a hole straight through the middle of the moon to provide the first complete-recoil, gravity-driven, cordless bungee jump.

The idea was that, in jumping down the hole – drilled in a straight line from a designated zenith point on the surface, right through the exact centre of the moon to the corresponding, polar-opposite nadir point – the subject would, subject to the usual rules of gravity, force and motion, bounce between the poles in a theoretically endless, reciprocal bungee jump, the elastic so beloved by antipodeans replaced by gravity. I anticipated helpful Redcoats handing out sandwiches at either end as the lunar jumper came flying out, only to be snapped back whence he or she came.

Even at the time of its conception, I was pretty sure the theory of a cordless gravity bungee-jump moonhole perpetual motion machine must be a load of nonsense. That intuition has not faded with the years. Unfortunately, such visions (there were many) would normally come to me as a tangent from the main body of discussion during physics lessons. Consequently, in the places of my brain where I should have had a sound grounding in the hard sciences with which to understand why the endless moon bungee is as much pony as it sounds, all I have is memories of gazing out the glazing, imagining Richard Branson in a spacesuit holding out a BLT.

So come on then, astrophysics community, why is the idea of the cordless gravity bungee-jump moonhole perpetual motion machine a load of nonsense? We all know it is, but why? And I don’t need some ass pointing out the marketing difficulties of persuading somebody to jump down a bottomless pit, or some side-show distraction about the logistics of designing an accurate drilling machine to be transported 238,857 miles and recalibrated in an environment one sixth of the gravity to that in which it was designed and built. In the words of my erstwhile mentor, D'uh!

I want the science of the cordless gravity bungee-jump moonhole perpetual motion machine, and I want it with corroborating citations from Wikipedia. If scientists cannot proffer an option, I shall have no option but to embrace religion, with its counter-intuitive, yet all-encompassing, devil-in-the-middle-of-the-moon-with-a-really-sharp-trident explanations.

Shall I start the bidding? Ahem, entropy. (For those who haven’t a clue what the hell I’m talking about, let’s just say you and I could form a club.)

Answers in the comments section please. The winner with the most convincing explanation wins a first-class seat on my very first commercial night flight to Venus. Hurrah!

Tuesday, 11 May 2010

The wisdom of Lamech no.2

Your computer uses a transformer? WOW!

May and Stephens data leak: update

Shortly after the post regarding May and Stephens’ data leak, I received an email from the consultancy’s managing director, Jacky May. Two weeks before, I had attempted to contact her with a number of questions pertinent to the data leak, to no avail. In contrast, the first whiff of adverse publicity brought a fairly swift response:

Dear Jason,

Having been out of the office, I learned only yesterday on reading your email that a member of our response team, David Vincent sent out an email communication without the cover of blind carbon copy. For this, I personally offer you my sincere apologies and on behalf of May & Stephens I cannot express to you how mortified and saddened the whole team feels that this error has occurred.

David Vincent with whom you have emailed regarding this matter realised subsequently his failure to use the bcc protection as would be the normal process. This was an honest mistake on his part for which David is genuinely sorry and distressed about. He fully appreciates that this has created a poor impression for the business. David is undertaking an internship with us as a graduate trainee and unfortunately on this occasion did not follow procedure. His personal attempt to offer you an apology by virtue of the email he composed demonstrates the innocence of his actions.

It is deeply regrettable to think that our reputation and our efforts to provide personal job search support to help people back into work can be potentially jeopardised through genuine human error. This naturally does not excuse us from our obligations under data protection and we have today implemented enhanced precautions to guarantee that this will never be able to reoccur.

We have been proud of maintaining the utmost integrity across our business practice and have an unblemished record for the past 18 years as we have always fulfilled best practice conduct.

This incident is therefore most disappointing.

In keeping with our promise to provide ongoing support we email on a quarterly basis to update and offer any additional individual assistance that may be required, as we know this has been a particularly effective aspect of our service, and which has been proved by the positive results we have achieved in getting people back into employment.

I can only reassure you that there was no ill intent or motive for commercial gain as the exercise was purely to offer you our continued support, which is still available to you.

I look forward to receiving your reply.

Kind Regards

Jacky May

Managing Director

Which gave me pause for thought for giving May and Stephens in general, and David Vincent in particular, such a rough time. Yes, the company committed one almighty data-protection howler; yes, of all companies, a recruitment consultancy - whose stock in trade is people’s confidential data – should know better; and yes, the gravity of the leak was exacerbated by the real potential for fraud. But, as I think most of the 700 or so addressees would agree, it certainly looked like an innocent mistake. And if, as Ms May claims, it was committed by an intern (whom I’d imagine has since been introduced to the error of his ways), it is all the more understandable.

However, less than 24 hours later, I received another email, this time from the Information Commissioner's Office, requesting further information regarding May and Stephens’ data leak.

As it says on its website, the Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. At a time when public and private sector organizations are spewing personal data left, right and centre, it is of some comfort that there exists an organization – which is slowly but surely acquiring greater powers with which to back up its remit – that is trying to persuade them not to.

But whatever the judgement of the ICO, it can only pursue its aims if these cases are reported, by disclosure either from the organizations responsible (unlikely, if not entirely unknown) or those to whom the data pertains.

So I’m in a bit of a fix as to whether to just accept the whole thing as a fait accompli and forget it, or to respond to the ICO’s request. Compounding my indecision is the fact that I am only one of several hundred people who were affected, so in a way it’s not just my decision to take. (Taken to its natural conclusion, in the age of mass digital connection, privacy issues over data leaks and cybercrime affect an extraordinary amount of people, including anyone reading this.)

So to resolve my indecision, I’ve set up a poll. I’d imagine many people are heartily sick of the whole voting thing by now, but I can at least predict with near-certainty that this ballot will be more decisive than the one last Thursday. I’ve set out what I see as the main points for and against, and would be enormously grateful if you would see fit to state your opinion below as to whether May and Stephens should be referred to the Information Comissioner’s Office.

If there are any angles you think I haven’t addressed and which merit attention, do use the comments section to voice them. While the vote is anonymous, multiple votes bearing the same IP address will be discarded. The deadline for casting votes is 5:00pm Wednesday 19 May 2010.

Should May and Stephens be referred to the ICO?

It was a one-off error, purportedly committed in innocence by an intern who has, in any case, probably learned a valuable lesson. There is no evidence to suggest it is part of a recurring pattern of behaviour. As one commenter pointed out on the original post, nor would it be possible to prove any subsequent attempted phishing scams transpired as a result.

An honest mistake it might have been, just as such cases nearly always are. The absence of malevolent intention, however, does not stop data leaks being used by others for malevolent purpose, and ignorance cannot be regarded as a defence. The very fact that an inexperienced intern was left with the data, without sufficiently rigorous training, to make such an error demonstrates the standing in which May and Stephens holds data security issues. If such organizations are not referred to the ICO, it cannot properly undertake its duties and those who fail to comply with the Data Protection Act will be able to carry on leaking personal confidential data, whether by mistake or not. The gravity of this aspect is made all the more serious by the company’s partnership with the Department for Work and Pensions.

Monday, 10 May 2010

A ransom note to the RHS: clean up your act or Wisley Garden gets it

As sure as policeman are getting younger, old people are getting ruder. And the proof – were it needed – is as abundant as the mobility vehicles at the Royal Horticultural Society’s flagship garden at Wisley.
Wisley Garden is an amazing place. Occupying a site much smaller than Kew, it packs in an astonishing amount of stuff.

There are the trial fields and shrubberies thick with camellias, magnolias and rhododendrons (rhododendra?) astounding in Spring bloom; waterways packed with carp, Alpine slopes over which waterfalls play in the sunlight, Japanese gravel gardens of bonsai, and much more.

But it also boasts an impressive collection of peremptory hubris in its admissions staff.

And if that sounds rude, they started it.

I'd got used to being condescended to by the superannuated cashiers on the gates during many visits beforehand. It was almost one of the highlights of the trip, for me.

Not so much for the missus. She'd mentioned her suspicion of a rather ugly motive behind the reaction of the septuagenarian admission monkeys, but I must admit I'd never taken this as seriously as perhaps I should. Until I took my in-laws as guests to visit the gardens.

This time, there was something of a mix-up over how many guests my wife and I were allowed to take in. Anywhere apart from Wisley, this would have been resolved in seconds.

By contrast, however – this being Wisley – the elderly lady behind the counter told us some of us should go away and come back another day.

As I was trying to straighten things out, our antediluvian gatekeeper broke off mid-sentence in exasperation, to lament to her colleague her Herculean efforts in dealing with these slack-jawed idiots.

We stood in silence as she vented her spleen.

RHS, this will not do.

Of course the sub-retirement group probably doesn’t comprise a large part of the sum of Wisley’s visitors and you might feel you can afford to treat it as you wish.

But consider the plight of the Telegraph: at present it can do little to change its format to attract a younger audience without alienating existing readers. But in ten or twenty years or so, those readers will be in a happier place - no longer reading the front-page news of the drop in home-made jam production - and the Telegraph will be left with no-one.

Is that the future the Royal Horticultural Society wishes for itself?

But just in case that isn’t enough to persuade you of the benefits of treating your visitors with good grace, let’s raise the game a little…

Even as I type this, a crack squad of hand-picked saboteurs - organised in small, autonomous cells - is poised to potter off down the A3 in RAC badge bedecked Rovers to Wisley. You will not know who they are – indeed they will not know (or can’t remember) who they are – could one of them be the person wearing sensible shoes and quilted clothing in the queue right now?

All you need know is that each is equipped with a thermos flask containing enough Fallopia japonica to strangle a cat. And each is prepared to release it on the promise of a nice cup of tea.

Yep, you read it right. Japanese knotweed, Britain’s horticultural answer to Australia’s Cane toad.

You want to play dirty? Methuselah can play dirty.

So here’s the deal. The RHS has a month to clean up its act. If, after that time, the cordial staff treatment one would expect of such an august institution is forthcoming, the saboteurs will be stood down, vaccuum flasks withdrawn and Japanese knotweed consigned to the flames.

If not, you have only yourselves to blame for the consequences.

Friday, 7 May 2010

The Simon Hughes rap

Things are going properly
Things are going carefull
I am not going to speculate
You'll just have to wait, man


Tuesday, 4 May 2010

Recruitment consultancy May and Stephens leaks client's confidential personal data

In December last year, like many others in my company and across the world, I was made redundant. It’s quite the thing these days, and the change in lifestyle brings with it a raft of advantages. One such is making new friends and influencing people at the Department for Work and Pensions (DWP).

The last time I signed on the rock’n’roll, the Department of Health and Social Security obliged one to queue for hours at one of its dark, satanic mills every fortnight. This was undertaken under the pernicious gaze of misanthropic civil servants who gave every impression of hankering for unemployment themselves, in preference to dirtying their hands with the hoi polloi.

These days, however, while the bi-weekly signing ritual remains, the offices are pleasantly bright and airy (although the guilty-pleasure letterbox-plop of the subsequent giro has disappeared), and several DWP employees will swoop on the lost-looking first-timer to enquire if they may be of assistance. The spongers and scroungers of yesteryear are now ‘customers’. Customers’ names are called, if not exactly with the deferential warmth of a maĆ®tre d' greeting a valued customer, then at least with the recognition of one belonging to a common species hailing another. My Customer Services Advisor, a courteous and friendly young lady, greeted me by name, shook my hand and explained how things work at the social these days.

In one of those weird reversals of terms one often stumbles across now the public sector models itself on the private sector, the unemployment game is, thanks to the recession, a massive growth sector. Just as a private company might spend to increase profit during a boom, so the DWP’s budget and remit has been expanded to meet the influx of ‘customers’. (A word of warning: it is to invite a headache to imagine the nightmarish balance sheet on which the decrease in costs to the state incurred by benefit payments can be expressed as a profit to justify this increased spending.)

One of the ways the DWP has diversified its operation is in partnering with private-sector employment consultants. The recession, my Customer Services Advisor told me, had emphatically changed the role of the DWP in ways for which it had not been designed. Before, she explained, when a newly redundant plumber (for example) walked through the door, the jobcentre would give said plumber whatever benefits were deemed necessary until an employer needing a plumber was found, whereupon the DWP would pack him a sandwich and an apple and wave a hanky from the doorway, brushing away a tear as he toddled off to his first day back at work (I paraphrase).

In these post-credit-crunch days it’s all different, said the Customer Services Advisor. People who have spent decades toiling away with job titles requiring a PhD in Applied Cleverness to understand have come a cropper in the recession, and this has presented a whole different ball game. Hence the very sensible decision by the DWP to outsource work dealing with white-collar recruitment to private-sector companies with more experience in the field.

High times

In a momentary lapse of judgement, the Customer Services Advisor asked if I was interested in such a referral. I jumped at the chance. As part of my redundancy package, my former employer had packed me off to an employment agency specialising in ‘career counselling’ - which I had thoroughly enjoyed - and I was eager to repeat the experience.

(The basic deal is this: you potter along, they ask you what your plans are, you tell them and they spend a few hours telling you, in a number of different and ever ego-expanding ways, how brilliant the rest of your life will turn out. There’s a bit more to it than that, but those are the salient points. Seriously, after the first time, I hit the pub feeling a million dollars. It is of course an illusory, fleeting experience, but people pay serious money to achieve that buzz of elation - usually through illicit means - so if the opportunity comes along for free and it’s legal, I say one should grasp it with both hands.)

As it turned out, (as is usually the case), I couldn’t achieve the same high as the first time. Nonetheless, I wouln’t poo-poo it by any means. The agency to which the DWP sent me, May and Stephens, were the epitome of professional courtesy, my consultant an extremely bright and creative person who knew a lot about my field, and I retired to the Fuller’s pub down the road for an ESB if not with the high of before, at least with a sense of quiet confidence and industry. I knew from before that it probably wouldn’t last long, but wallowed without reserve while it lasted.

Phishing scams

However, not long after my visit to the DWP and subsequent excursion to May and Stephens, I found myself the target of emails from shadowy characters who somehow knew I had recently been made unemployed, purporting to represent companies offering me employment on the strength of my CV - the fly in the ointment being that I hadn’t then had the time to send out my CV.

They were, by the standards of other phishing operations I’ve seen, a bit clumsy, but that’s not to understate the seriousness of this kind of cyberfraud. Exact figures are difficult to come by, (cybercrime is under-reported), but it is thought that in 2005, criminals netted £23.2m through phishing scams in the UK alone.

The inscrutable Gary Hall, for example, sent me word that EPS – presumably the courier company, although a quick look at Google also suggests the European Physical Society, Environmental Property Services or possibly (and much, much more enticingly!) the Experimental Psychology Society – had in mind for me a highly desirable, if slightly mysterious career:


Our company EPS is pleased to offer you a well-paid part-time job.

Location : United Kingdom

If you are interested, please reply to : with your short resume.

Best regards,

EPS Team

Mr Willie Jones, purporting to represent container logistics company Tarros, was more effusive, while getting to the point straight away:


We have found and reviewed your CV and decided to offer this job to you.

Supply Department Agent.

Job Responsibilities:

Receiving, checking quality of the packages, sorting packages according to zip code and/or town name, shipping out packages to our clients with your local postal service (working with shipping labels).

For candidates interested in reviewing our current opportunities, the following are the basic requirements:

- UK Citizens.

- Should not be below 21 years of age.

- Ability to receive day time mail and packages.

- Can dedicate at least 2-3 work hours/day.

- With a working e-mail address and a telephone access.

If you are interested, please reply to : with your short resume.

Sincerely yours,

Willie Jones.

Tarros Europe Group

A shame, then, that a quick Google search showed this also to be a scam.


So how could these people know that I had recently been made redundant, and where had they got my email address from? The two obvious suspects were the DWP and May and Stephens, given they were both directly involved with my recent change in employment circumstances, and both had just received personal data relating to this, including my email address.

At first, and without a scrap of evidence, I cast the gaze of suspicion towards the DWP. Given the string of public-sector data security breaches in recent years, it is perhaps natural – if unfair – to suspect first the people whose salaries depend not on competence and performance, but continued support from the public purse. However, a recent incident gave me leave to reconsider who might be playing fast and loose with my personal data, when I received a round-robin email from May and Stephens, displaying to each of about seven hundred or so recipients everyone else’s email address.

With the near-universality of phishing activity, (I don’t know one person with an email account who hasn’t received some sort of cybercrime bait), this is serious enough in itself. But there is a broader principle which is of greater concern: If such organisations - which, by dint of the nature of their business, hold large amounts of confidential, personal data - do not see the need to train staff adequately in the most basic of office IT applications, such as email, to protect this data, what reason can there be to presume they take any more rigorous and technical measures to observe the requirements of the Data Protection Act, such as shoring up security on their servers where wider-reaching and more sensitive confidential personal information is held? How is data transferred, and using what encryption methods?

Here is the ‘reply all’ I sent to May and Stephens, as well as the other addressees (whose details, incidentally, I have deleted from my system):

Dear Mr Vincent.

Thank you for your recent email, thanks to which I now have the email addresses of around seven hundred of your clients. To someone less principled, an extensive list of the confirmed personal email addresses of six or seven hundred white-collar workers, who have recently sought the services of an agency offering job search consultations, could offer all sorts of lucrative avenues.

Not least of which might be phishing scams purporting to originate from legitimate companies offering employment possibilities. Funnily enough, I myself have been on the receiving end of such phishing attempts, shortly after handing my personal data to May and Stephens.

However, just in case one of your clients does take exception (I have blind-copied all 700 or so of them in on this email, as well as several other agencies who might take an interest), in your place I would take pre-emptive action. This might, for example, include alerting your company lawyer (assuming you have one) that there has been a significant data breach.

You might also care to peruse the Data Protection Act 1998 at your leisure ( and consider whether, besides the legal issues, protecting clients' personal data might or might not constitute one of the most basic requirements of professionalism in a recruitment company - which necessarily holds much confidential personal data about its clients - such as May and Stephens.

I would be most interested to hear your thoughts on the matter. Indeed, if any of the other recipients of this email would care to comment, I have posted the whole story on a blog,, feel free to leave your thoughts in the comments section, I’m sure we’d all be most interested!

On a brighter note, isn't this delightful weather we've been enjoying recently?

I remain your obedient servant,

Right of reply

Long before sending that, I did approach the managing director of May and Stephens, Jackie May, by phone and by email, to allow her to give her side of the story. I asked her a number of specific questions:

1. How important does May and Stephens regard the protection of the confidential data it holds about clients and partners?

2. Has May and Stephens' attitude toward data protection evolved in recent years?

3. Did the public sector data protection scandals in 2008 and 2009 cause May and Stephens to revisit its data security policies?

4. Is data security an IT issue or an HR issue?

5. Does May and Stephens hold any data security training for staff?

All of which, I thought, were fairly pertinent to May and Stephens’ data breach and its implications.

Alas, no reply was forthcoming (I took care to hold back from posting this to give Ms. May a reasonable amount of time in which to reply). What did come, however - the very next day - was another email from the hapless Mr Vincent:


Thank you for all your replies.

Please accept our deepest apologies for the mistake made in the previous email. I can assure you that it won't happen again. Thank you for your cooperation.

Kind Regards

David Vincent

Now I’m guessing that the phrase ‘thank you for all your replies’ has a story of its own to tell (‘it won't happen again’), and I might not have been the only one with a grumble. I’d be delighted to see your opinions in the comments box, whether it be from fellow breachees, or from a representative of May and Stephens (come on Jackie!) who might like to share with us their thoughts on ‘the mistake’ or just from anyone with a view on data protection.

I would like to assure everyone that after I sent those emails, I completely deleted all traces of your digital data, including email addresses, from my system. If you are worried about having been made vulnerable to phishing attacks, there are a number of online resources:

Information Commissioner’s Office

Anti-Phishing Working Group

Microsoft Online Safety

Bank Safe Online

Phishing attack: how to avoid becoming a victim

National Consumer League’s Internet Fraud Watch

How Phishing Scams Work
What is phishing?

FAQ: Recognising phishing emails

There is also a wide range of commercial identity protection software products available.

On the plus side, however, every opinion poll this morning seems to suggest a hung parliament on Friday, meaning we’ve got months, possibly years more of this interminable election stuff banging on and on and on in the papers, on the internet, radio and telly. Hurrah!

data act, privacy and data protection, data protection 1998, data protection act 1998, data protection legislation, legislation act, data protection, protection data, data protection training, data controller, access to information, access to files, breach data security, data breaches, data breach protection, threats security, plan security, best practices security, phishing scam, email phishing scams, phishing email scams, report phishing scam, dwp, dwp uk, dwp jobs, dwp benefits, dwp benefit, dwp work, dwp contact, dwp website, May and Stephens, the recruitment agency, recruitment agency, recruitment agencies, staff recruitment agency, recruitment agencies uk