Andy Smith of the #CabinetOffice is a Epic Fucking #Security Hero – #socialmedia #cyberbullying #dailyfail

I’ll keep this brief:

Yesterday I attended the Parliament and Internet conference in Westminster.

In one of the sessions a lady asked a question about why she had her identity used by fraudsters when so little of her personal information was on the internet.

Video of the session is here – fast forward the slider to the 01:31:30 mark – however the audio drops out occasionally due to a camera fault. Alternative WAV audio is here, complete but a bit noisy.

Andy said some very sensible things which humourously contrasted with responses to a question raised earlier by Helen Goodman MP (WAV) hence the audience laughter.

Smith is getting mildly roasted in the media.

http://www.bbc.co.uk/news/uk-politics-20082493

http://www.dailymail.co.uk/news/article-2223442/Use-fake-names-Facebook-Twitter-says-head-government-internet-security.html

http://www.independent.co.uk/news/uk/politics/fake-ids-are-ok-says-cabinets-it-chief-8227385.html

http://news.techeye.net/security/top-civil-servant-calls-for-brits-to-fake-online-identity

http://www.computerworlduk.com/news/security/3407396/whitehall-security-chief-urges-users-give-websites-fake-details/

This is misrepresentative, insecure bullshit.

He was not saying that everyone should create fake IDs; he was making the perfectly reasonable suggestion that one is free to mess about with birthdates and other information online, the better to confound identity thieves.

I have said much the same – worse/moreso, even, by suggesting that folk randomise their personal information so that your mother’s maiden name was F3JlfIrOH8 and your favourite colour is uAfhaR.

Until businesses worldwide stop mistaking personal information for private information to establish identity, and/or stop losing the bloody stuff, the only wise approach to maintaining identity integrity is to either not provide the information at all and/or lie about it in some way.

I spoke to Helen Goodman MP at the break, and – in as many ways as I could muster without stressing her out – sought to establish whether she really believed that it should be illegal to “lie” when using the Internet – her argument by analogy being that one is not allowed to lie about whom one is on a driving license.

The impression I was left with was that she really does think lying is (or should be) illegal. Also I felt that she was laser-focused on the matter of saving children from cyberbullies and for some reason had concluded that the cause of the latter was “anonymity on the internet”; check out the WAV above..

I dunno about nowadays but I remember my bullies from school in a very up-close-and-personal manner.

So this is all bullshit – and then Ed Vaizey turns up and clearly is not going to say anything contentious without a brief, and the Daily Mail is reporting Simon Milner of Facebook as dressing Andy down, which I doubt happened as reported.

But let this put the record straight:

Last time I checked it is not illegal to lie about personal information except to certain arms of Government and in certain contractual situations.

I do not believe it is illegal – as Lord Erroll admits to doing – to habitually lie about your birthday. Many of my friends do similar, female more than male.

I certainly would recommend randomising the responses to your security questions, differently per website or provider, and then keeping those random responses in a safe place. This helps protect you from identity theft* and helps you spot collusion.

And anyone who thinks that this – or any other form of anonymity – is the driving force that enables cyberbullying, is someone who does not understand security. Nor human nature.

Well done, Andy, for getting it right.


* obligatory explanation of how identity theft really works

11 thoughts on “Andy Smith of the #CabinetOffice is a Epic Fucking #Security Hero – #socialmedia #cyberbullying #dailyfail

  1. alecm Post author

    Francis Davey comments in another place:

    Though I do wonder. Certainly lying about age to facebook might be a computer misuse act offence (eg if done by a child between ages 10 to 12 or by any child under 13 at the suggestion of their parents – in which case it would be the parent who would be committing the offence). This happens a lot and clearly Helen Goodman needs to start a campaign to lock lots of children and parents up to keep the streets safer for the rest of us. There’ll be some circumstances where there is a fraud act offence as well.

    Reply
  2. Simon

    Hmm, I don’t provide accurate answers to the security questions because they would not be secure. I think this is distinct from other information you might provide a company as part of a service for which things like DoB or Maiden name might be valid bits of information required.

    I also signed up with a large credit card companies services, whose security question system is obviously taken from a retail system as I’m fairly sure my employers a limited company didn’t have a third grade teacher.

    Many of the big providers do get these things and authenticate difficult bits with automated phone calls, or SMS, although it is less and less clear that is a separate channel now it all ends up on my phone.

    Reply
  3. alecm Post author

    Richard Stiennon comments in another place:

    I like the way an unusual number of my FB friends celebrate their birthdays on January 1. :-)

    Reply
  4. Kate Stout

    Just read the BBC article, and wondered what you thought of it. Good to know you were there. Another pleasure about using a substitute birthday is that you can celebrate many times a year.

    Reply
  5. Pingback: Privacy, anonymity and perverse consequences « Robin Wilton's Esoterica

  6. Dave Walker

    Hmm; let’s flip this whole “cyberbullying” thing on its head, for a moment. If bullying is as endemic as it was “when I were a lad” – and I honestly have no clue whether the widely-publicised school anti-bullying measures are effective – and I was my 10 year-old self again, I would welcome the opportunity to retaliate against someone (more usually, someones) attempting to remove my teeth with their fists, by attempting to remove their homework (or impair their means of doing their homework) with my computer.

    Also, while I’m not going to go into detail, I was briefly on the receiving end of some bullying in the workplace – the perpetrator quickly changed his attitude, once he came to appreciate precisely what might happen with his account (and the audit trail), if he persisted.

    Anyway, good on Mr Smith (if that’s his real name ;-) ); getting this kind of truth from power, is very refreshing. I hope he’s similarly enlightened and forthright, when not “out in public”.

    Reply
  7. Pingback: Paul Bernal: Internet Anonymity: A Very British Dilemma | UK Constitutional Law Group

  8. Pingback: Internet Anonymity: A Very British Dilemma – Paul Bernal « Inforrm's Blog

  9. Pingback: Regrettably @Mat Honan is Entirely Wrong about “Killing Passwords” /cc @Wired – dropsafe

Leave a Reply