Monday, 29 September 2008

UK Police National Legal Database: is it legal, what to do etc

Do you sometimes wonder if something is legal or not, or what to do in relation to an incident? I just found a very useful searchable Police National Legal Database (by area), for the UK only, when I was trying to find out info for a friend whose wing mirror got clipped by some b*^%&*# who tailgated my friend first, overtook in a single lane, but didn't stop, not even to see if his own car had been damaged. (The answer: report it to police in 24 hours if there was damage. It was only a scratch/chip so my friend isn't going to bother even though my friend took down his registration number and noted the time and place, as it's unlikely they'd prosecute anyway.)

I'm blogging about the PNLD because as well as generally useful information like:
- there's all sorts of interesting stuff on there which is relevant to the internet, databases and digital rights, even things which really aren't crime-related matters, which are mostly written very clearly and concisely - e.g. on:
And, err, to pass the time (or something), there's "Question of the Day" - like "Can I shoot the birds in my garden?" (I'm not joking!) There's also Can I move a bird's nest - that's the Wildlife & Countryside Act, wouldja believe - and interesting tidbits like Ages - when are you old enough (5 for a premium bond in the child's name, 10 to be held criminally responsible etc). A gold mine for fans of trivia and "interesting facts", really it is. Fun as well as useful! No RSS feed for "Question of the Day", alas - maybe they should introduce one.

You can also view queries by category (e.g. internet, data protection), and even ask a new question if yours hasn't been answered. I imagine all new answers will then be added to their database, judging by some of the ones I've seen which seem to overlap a little or are shall we say "interesting", like Who can play Father Christmas at a school or local fete! I've not tested how quickly it takes them to answer a question, but I plan to.

A niggle: they don't tell people that they can sue spammers, in their tips on stopping spam - and surely they should at least point out that it's a criminal offence in the UK to send spam?

Cynical me didn't think I'd say this of a UK official body's online service - but really, whoever did it and is answering questions on it: good job!

(Just to repeat - it's only on the position in the UK, not the USA etc.)

Saturday, 27 September 2008

Cyberbass helps singers learn choral parts more easily


If you sing in a choir, Cyberbass is a useful growing online "note bashing" resource for choral singers to study and learn their own part more easily.

It provides free MIDI files (playable automatically on most modern computers, but their FAQ includes troubleshooting tips for Windows) which will play out each individual section's part or line against a metronome click, in some cases with the accompaniment in the background. You really need to listen to it in stereo - the selected part will play out of the right speaker or right headphone, a bit more loudly than the other parts.

It has .MID files for soprano, alto, tenor and bass parts (including splits e.g. soprano 1 and soprano 2), for almost all of the most popular oratorio works in the modern choral repertoire - from the Faure Requiem, Bach's Magnificat, Handel's Messiah, Mendelssohn's Elijah, Mozart's Requiem, Orff's Carmina Burana and Verdi's Requiem, to (perhaps more usefully, as they're rather less commonly performed) Britten's War Requiem and Vaughan Williams' Dona Nobis Pacem. (No Allegri Miserere, though?).

Check out their list of major works, by composer, and the full music index (by composer, with a Christmas tree symbol for "good for Xmas"!). Not all of them are 100% complete and the site's a bit basic in design, but hey it's free.

It's the usual - click on a link to play it live, or rightclick to download to your computer. A lot of mobile phones and MP3 players can also play MIDI files. For some pieces you can even play back all parts at once and try to sing your line in context, by clicking "Tutti"; or change the playback speed (tempo) if you have Microsoft's Windows Media Player 11.

They make money from ads & affiliate links and selling learning CDs for the major works, or from donations. Cleverly they provide free concert listings on the site - but only for choirs that have learned their lines for the forthcoming gig using their service!

Very useful if you can't read music or don't sight read well - or just to help you learn your part by playing it over and over again in your earphones on the train.

If the use of technology for music interests you (or just singing generally), see also my other posts on music and on singing, including:

Friday, 26 September 2008

Oxford Paper Show digital pen: review / preview & tips - presentation tool

This is a review and user guide to the Oxford PaperShow Bluetooth digital pen with Bluetooth USB key for PC users, which launches in mid-October 2008 in the UK, January 2009 in the USA (and for Mac users from end 2009).

It's a potentially useful bit of kit, effectively providing a digital whiteboard substitute and slides annotation, which may be of interest to you if:

  • you give presentations, lectures or talks, to promote interest and interaction - whether you use a handwritten flipchart or whiteboard, or you prefer Powerpoint slides or use images, or
  • you like to create a drawing, sketch or chart with pen on real paper (in a choice of 6 colours and 3 nib thicknesses), rather than using a digital tablet, and save it to PDF or Powerpoint, or
  • you want to take handwritten notes for yourself (which could include diagrams you draw), on paper, and save it to PDF or PPT or email it - but note that it's used landscape, not portrait, and that this device is primarily designed for presentations not for note taking or handwriting recognition (I've heard of digital pens aimed at note taking like Apcom's Digiscribble, but I've not been invited to test any yet).

What does it do?

Basically, you plug the USB dongle into a PC, pair (link) the pen with the dongle over Bluetooth by keeping them near each other for a few seconds (about 20 seconds the very first time), then write or draw with the digital ballpoint pen on special interactive paper so that the results instantly show up, live in real time, on the computer monitor (or projection screen, if you use a digital projector with your PC) - including a fullscreen view.

Here's a video screencast showing the computer monitor as someone (not me!) draws using the pen - the drawing is in real time, but I've cut out some of the "pauses for thought" in between sketches. You can see the indicators at the top of the screen change as the artist changes colour, tool (e.g. eraser), or nib thickness.

And here's an official video by Paper Show also demo'ing this aspect:

The pen was developed by John Dickinson Stationer, now owned by Hamelin Digital and called Hamelin Paperbrands, who make those Black n' Red notebooks often seen in business meetings (I use those notebooks myself).

It's to be launched initially on PC only, but should be available for Mac users from around the end of 2009. There are no plans to port it to Linux currently.

You effectively get a digital whiteboard or flipchart on your PC (there's a fullscreen mode too) without having to buy interactive whiteboard or virtual whiteboard hardware. You can choose the background - white, light blue, blue or black, even customized (e.g. with your company's logo).

You can also show a Powerpoint or PDF slides presentation or images (photo or picture) on the monitor, and write notes / comments or draw on them onscreen as you talk, by writing or drawing on hard copies of the slides or image which you'd previously printed out onto special interactive paper (different paper than for a digital whiteboard). It won't work properly unless you write on the special slide printouts - I tried and got "You have written on the wrong page"!

Choose which option (whiteboard or slides) you want from the Quick start page:

And you can save a session in PaperShow (it saves onto the key), or export it to PDF or PPT, even email it immediately to the meeting attendees etc.

I like the fact that just by tapping on symbols pre-printed on the right hand side of the special paper, you can easily use different colours and pen thicknesses and switch between them, draw perfect straight lines, arrows, rectangles or ovals (including filled in rectangles or ovals), erase or "rub out" something previously drawn or written by scribbling over it, undo the last things you did (the "undo" function goes back several steps), add a new page to your whiteboard to make it a digital flipchart, navigate to the previous and next (or first and last) page, clear the whole page, even put it to sleep temporarily and wake it back up from standby.

It works well, subject to a few points (teething issues, presumably?) which I come to below - I sure hope they'll fix them with a future software upgrade.

Fun fact: PaperShow have produced quite a few funny promo videos (as well as their serious demo videos), some of which are already on YouTube - all based on how hard it can be to get people to attend meetings, showing different possible tongue in cheek ways of trying to entice or force people to go - the suggestion being of course that, if you use Paper Show, they'll gladly turn up to meetings without needing any other form of encouragement or compulsion!

Here's one of those videos (sex and chocolate being the lures here!):



Works wirelessly; the pen can be as far away as 6 m from the USB key, no line of sight necessary.

Once installed, started up, and paired and connected fully (see Cons below), it works very well; see Tips below for how to cope with disconnection blips.

Clever "controls" (pictures) on the special paper provide speed and flexibility - just tap to quickly change colour, nib thickness, draw shapes etc (see the videos above for demos). Being able to change colours between strokes is especially useful (and fun), and (as far as I know) unique for a digital pen that lets you draw on real paper - my artist friend loved it.

Ability to annotate presentation slides with notes or comments - and to let other people scribble on them too, all instantly visible on the monitor - is great, as is being able to export and email PDF or PPT copies of the whiteboard to other people immediately (e.g. the results of a brainstorming session).


It's not cheap at over £117 (though for business users, at whom this is primarily aimed, that's usually affordable); and you'll have ongoing costs as you have to buy refills of paper for both writing and printing, as well as refills of the pen (see below for pricing details).

I've found problems with installation and starting it up - so if you plan to use this, make sure you've read my Tips below and that you've installed and tested it out on the laptop you're going to use, and in the conference room concerned, well in advance; and start it up in advance of the presentation too, putting it on standby temporarily if necessary - it won't look too good if you insert the key, open the pen lid and then spend the next 5 or 10 minutes trying to get it to work instead of giving your presentation! It looks so easy and quick in the main promo video, plugging it into someone else's laptop seems to be enough - but in real life it doesn't consistently work like that, alas. Ideally use it on your own notebook computer that you've already installed it on. And still start it up in advance!

The instructions, both printed and from the Help menu, are inadequate in my view - see Tips and Suggestions, below. They really should explain how to use the pen and the printed "controls" more comprehensively; it would only take 1 or 2 pages to do that.

In the box

In an A4+ size cardboard box, you get in the starter kit: 1 digital pen, 1 USB key, 1 AAA battery, coloured plastic rings to slip round the pen to personalise it; 1 fold-out instruction sheet; 1 pack of A4+ paper for writing on (48 pgs); 1 pack of A4 paper for printing presentations or JPEG images on (30 pgs); 3 ballpoint pen refills.

There's no CD - the software is pre-loaded into the USB dongle.

Detailed specs are further down for anyone interested. The main point is that it's PC only, Vista or XP SP2.


Here are the specs from the downloadable brochure, I've added a couple of extra things PaperShow told me, which weren't in the brochure:

Bluetooth digital pen

Compatibility: PC only (x86 processor, Windows Vista or XP Service Pack 2)
Dimensions: 159.50 x 20.50 mm - quite big but manageable, see the pic below for an idea of the scale:

Connection: Bluetooth (wireless)
Working Distance: 6 metres max - OK for most conference rooms or seminar rooms; if you're in a huge hall it'll still work as long as the pen is no more than 6 m away from the computer into which the USB key has been inserted; it's Bluetooth so no line of sight is necessary and it should work even if there are objects between pen and key
Working Mode: Streaming
Software provided: PAPERSHOW™ application (PAPERSHOW™ USB key)
Power Supply: 1 AAA battery (supplied). PaperShow told me that "a full AAA battery should offer around 5 hours continuous use. The battery in the kit is a part-life battery so will do less than this."
Warranty: One year

Bluetooth USB key

Compatibility: PC only
Pen Connection: Bluetooth
Dimensions: 75 x 25.50 mm - like an average USB key, but slightly bigger
Memory: 256 MB (you can save other files onto the key too, as with other thumb drives / flash drives)
System Requirements: Windows XP™ from Service Pack 2; Windows Vista™; valid USB port
Software compatibility:
Import - PowerPoint™ (.ppt), image (.jpg, .png, .gif)
Export and email - PowerPoint™ (.ppt), Acrobat (.pdf)
Warranty: One year


A4+ and A3 to write on for digital flipchart / whiteboard: 90 grams Recycled Paper, 48 sheets per pack (only the A4+ paper is provided in the box, a 48-sheet pack).

A4 format for printing: to annotate an image or slideshow presentation it has to be printed in colour (inkjet or laser) on this special paper first, and you then write on the printout; 90 grams Recycled Paper, 200 sheets per box (there were only 30 sheets in the "starter pack" box).

Here's what the printing paper looks like, the writing paper's a bit smaller and doesn't have the video camera pic on the right or the calibration symbols on the left, but otherwise is the same:


Installation, pairing and starting it up

Not necessarily straightforward. It's supposed to open the software automatically after you insert the USB key, and walk you through with popup instructions - but it didn't on my XP Home computer. Whatever I did, it couldn't find the drivers.

The key got recognised on XP Pro and came up with the choice of opening the Paper Show software from the key (as it should), but after installing the software it made me reboot, and I also had some trouble pairing the key with the pen so I had to remove and reinsert the key (see below about "Safely remove hardware") a couple of times before it worked.

On Vista it installed without a hitch, for me anyway.

Sparing you the litany of things I tried, what finally worked for me on XP Home (and if necessary XP Pro) was:

  1. Go to the USB key in Windows Explorer / My Computer (if you can't see it in your file manager, you'll have to remove the key and reinsert it and wait till it's done its thing - normally after it goes on strike it pops up the "Safely remove hardware" bubble anyway, so you know you can remove it safely)
  2. The papershow.exe app is usually grayed out and if you try to open it from there you may just get an error message that the key needs to be reinserted and the key vanishes from My Computer and you have to start all over again, so don't even try it (and don't try boot.exe either!).
  3. Instead, open webupgrade.exe; click Install (make sure you have a live internet connection, and let it through your firewall) and let it try to connect to the Paper Show site and say there's no upgrade needed (or to do an upgrade); then click the PAPERSHOW button to launch the app.

  4. Note: sometimes it has a blip with the pairing and says you have to remove and reinsert the key. If it does that, the key will also vanish from Windows Explorer so don't panic. It'll reappear after reinsertion.
  5. Hunt for bootbw.exe (inside the .bootS subfolder I think), opening that may get it to work worse comes to worse but that was me being desperate, try it at your own risk!

The eagle eyed will have spotted that you'd better have a live Net connection, e.g. via wifi, on the computer you're planning to use, because you can't use the webupgrade route without it.

(NB. if it says you need to reinsert the key, it should pop up with the "Safe to remove hardware" bubble after a few seconds - if it doesn't, select Safely remove hardware yourself - wait for that bubble before you pull the key out or it may all go wrong.)

Once you've got the software open, you can open the pen lid to turn it on and place the pen nearby (ideally right next to the key) for it to pair with the USB key (which it should do automatically). Again, it should walk you through it, with various bubbles reporting on the pairing progress.

If after apparently successful pairing it still doesn't start the application automatically, go back to My Computer / Windows Explorer and do steps 1 to 3 above; 5 if desperate!


Hold the paper landscape so that the coloured "controls" are on the right, and write or draw on it that way. A portrait orientation doesn't work (well it will, but text will show up sideways!).

Note that the paper for writing and printing are different, not just in size. There are extra controls and (on the left) calibration "controls" on the printing paper.

Use of pen, colours, shapes etc

There's unfortunately no instructions on using the "controls" printed on the paper. There should have been.

Here's my own notes on what they do, from trial & error (click on the pic to enlarge). Note in particular how to do rectangles or squares - trying to draw 4 sides can cause a mess, just draw 2 continuously!:

Importing slides / images

To be able to annotate Powerpoint slides live, before your presentation you need to import the slides into the Paper Show software. You can also import photos or pictures - the brochure only mentions JPG images but it will also import pics in PNG or GIF format. Pity it doesn't seem to import PDF slides.

Don't do anything on the computer while PaperShow then does its thing - it'll run through all the slides live, full screen. When it's ready, print the imported slides out on the A4 Papershow slides printing paper.

Important: Set your laser or inkjet printer to print in colour. Even if your slides are only in black and white, Paper Show won't print them to the Papershow paper except in colour, because even black original is printed in dark blue.

Set it to print in landscape. You can print 4 or 9 slides to a page (as long as you can write on a printout that small) and e.g. if 4 to a page you can tap the lower left quadrant to move to and annotate the 2nd slide (obviously at reduced size), top right quadrant for the 3rd slide etc.

Make sure the paper orientation is correct so that you'll write on the correct part of the correct slide - I put the paper into the printer upside down in one attempt, it still worked though I had to mentally re-locate the slides on the printout!

If it's "out" so that writing on the paper "writes" on the wrong spot onscreen, then use the calibration function - see the instructions, you just have to tap a couple of spots on the left of the paper to fix it.

"Session" and troubleshooting

They don't explain a "session" (they should). Bottom left of the window, it'll say "Session open" or "Session closed". (I've outlined that in yellow in the QuickStart page screenshot above; see below for an example of "Session open".)

Seems to correspond to whether the pen lid is off and the pen ready to go into action (open), or not (closed). I don't think "closed" is the same as standby, as the session can be "Open" even when it's on standby (see the green dot?)

It can spontaneously close the session by itself, sometimes. I know not when or why. Probably it goes into a sulk if you don't use it continuously, e.g. if you have to talk for a while in relation to one slide without using the pen.

If the session is closed you can't do anything - e.g. writing on the paper isn't mirrored on the whiteboard. Hopefully the session should open itself when you use the pen, but sometimes it doesn't.

Fix: to re-open the session close the pen lid and reopen it and wait the usual X seconds. If it still says Session closed, try putting it into standby (tap the moon symbol) then taking it out of standby by tapping it again - this always worked for me.


Some are greyed out in certain views. The "black blank screen" view provides the most options so close the whiteboard if necessary.

Also, some menu items are not accessible unless the session is "open", see above.

Don't close the application till your session is over over!

If you're having a break but intend to use it again later in the same session, don't close the application down as that will "eject" the dongle and you'll have to remove and re-insert it and pair it all over again before you can carry on.

Just leave it open and switch applications if you need to. Or put it on standby by touching the moon symbol on the paper. (To take it out of standby, touch the same symbol again.)

Replacing the pen

I couldn't figure out how to refill the pen. Instructions from Papershow: "There is a small hole in the clip of the pen top. Put this over the ink refill tip to pull out the refill. Replace with a new refill and push into place."

Suggestions for improvement

Instructions / help

A small booklet-style manual would have been more manageable than the huge foldout sheet (it's huge because the guide, though brief, is repeated in several European languages).

Not enough information or instructions are given. The Help file just reproduces the leaflet (and there's no further support on the website either, that I can find at the date of writing).

More info is needed in particular on how to use the pen to change colours, stroke thickness etc; in particular how to put it in standby and, more importantly, take it out of standby! The paper manual should include a simple but comprehensive guide (e.g. the annotated pic I've shownabove). I had to experiment by touching the different pics to see what they did.

Although some of this in the demo video, and the makers might think it was obvious, they shouldn't assume knowledge - most users will expect to find this basic starting information in the manual or program Help.

You're supposed to be able to start up a WMV video (and perhaps even a sound file - WMA?) from the printed slides, but there were no instructions at all on how to do this; this info should have been in the guide or software Help (including how to attach or link to the video file you want to play, etc).

Similarly you should be able to personalise the whiteboard's background color and even stamp your company logo on each page, but it wasn't clear that those options aren't available from the whiteboard page.

I still have no idea what one symbol does. I thought it would be "Redo" but in fact like the Trash pic it just offers to clear the page.

A "quick start" guide needs to be very very basic and step by step. The instruction sheet missed one step - put the AAA battery into the pen! (and didn't explain how to open the battery compartment - press the button and then sort of prise the compartment open with your nails).

Given the target market is the business / commercial world, in order to sell well the PaperShow has to be absolutely dead simple and fast to install and use, and quickstart instructions have to be pre-printed (which they have been) and include every single step, mechanically and literally, however basic or obvious it may seem to the manufacturer, so that it's very easy for the user to follow the instructions (no matter how obvious) without having to think about anything except doing in order step 1, step 2 etc.

I know senior business people who still don't even know what a USB flash drive is, and they might think the battery goes into the key not the pen! Silly example perhaps, but I'm trying to make the point. I also know a senior City person who thought that a "broadband" connection was not the same as an "internet" connection, till I explained. I'm quite serious. Many geeks just don't realise how non-computer/technology literate lots of otherwise extremely successful and intelligent non-geeks are.

Online promotion / marketing

It's good that the fun Paper Show promo videos can easily be shared, but I think PaperShow should also provide embed code for their demo videos too, so that those wanting publish news or reviews of the product can easily show various features or aspects of it on their websites or blogs. (Yeah I know I included one above, but I'd figured out a fudge; the copy/paste code should be easily available.)

Also, it's a little annoying for someone who wants to embed a PaperShow promo video on their own webpage that on the site the embed and share code for the videos isn't available from the start, but is only given after you finish watching the entire video (so I tweaked the code in the version I've used above).

Other issues

I think they should have provided a carry box or pouch to keep the pen and dongle together, especially at this price.

The installation and startup issues need to be addressed so it works cleanly, quickly and reliably every time.

Whiteboard use - it's annoying to have to choose A4+ everytime before you can get a new whiteboard up. It would be helpful to be able to save A4+ as a remembered preference, with the option to choose A3 if necessary for a one off occasionally.

Bug? The onscreen pen colour can change suddenly - I've had it flip to the default blue when I chose a different control (like a rectangle, from writing mode). Tap the right color again to change back, obviously - but it can be disconcerting.

A problem with the Import function being available sometimes, and not at other times, needs to be fixed given that a major purpose is to enable presentation slides to be annotated.

Menus - it's confusing that some of the menu items are greyed out. For most of those (e.g background preferences, backup/restore), you can only access them from the blank start screen and not e.g. while you're using the whiteboard. This should be explained or the greyed out menus got rid of completely in the appropriate views. Better still make the whiteboard's background colour selectable from the whiteboard page.

Import - menu item is sometimes greyed out even when it shouldn't be. Closing & re-opening the software and if necessary pen seems to sort it.

Export - a niggle but you can only export to the key or to "My Documents" - not a subfolder within My Documents. It would also be good to have the option to export quietly, full stop - without its automatically opening the exported PDF file or whatever.

The misleading "Online support" menu item should read "Check for software update", because that's all it does!

The DENOS menu item is always grayed out for me. This seems to be related to Oxford's DENOS software for handwriting recognition and management of notes written by hand into their range of digital notebooks and diaries. If those features aren't provided, it should be removed as it's confusing.

PaperShow seems to want to do something to my Screensaver on installation.

I haven't let it (thanks to good ol' Spybot!) as I don't know what it is, but it shouldn't be necessary (it works fine without whatever it is) and it may annoy or inconvenience people if a Paper Show screensaver suddenly replaces their normal screensaver. They should get rid of this or give people a choice before taking over the screensaver (if that's what it does).

Wishlist for the future

The option of getting paper without the visible grid of squares would be good. (The invisible dots are there anyway.)

USB key - I wish it were smaller, it can be a tight squeeze (or indeed impossible to insert it) if something's already plugged into an adjacent USB port; also, ideally the lid should be designed so that it can fit over the back of the key when the key inserted (as with a pen lid) - too few USB drives are designed that way but it would be sensible, to prevent the lid from getting lost while off. Like this Bytestor one:

Hotkeys to access both menus would be ideal, for keyboard shortcuts folk like me.

Add ability to use it portrait; handwriting recognition; and enter "typed" text?


A potentially great tool for presentations, especially in business meetings, let down by occasional problems and inadequate instructions.

Follow my tips above (especially advance setup, and making the moon symbol your firm friend) and it should be fine. I'd use it if I regularly did business presentations - and my employer paid for it!

Price and stockists


RRP £99.99+VAT i.e. about £117.49.

Available from mid-October 2008 from Datamind, PaperIQ, Ryman and EuroOffice and from January 2009 from most UK office stationery suppliers such as Office Depot, Banner, Viking, Corporate Express, and Yorkshire Purchasing Organisation (schools supplier).

The prices for refills will be (including VAT):

  • A4 Printer Paper 200 sheets £17.50
    A4+ Flipchart Pad 48 Sheets £11.99
    A3 Flipchart Pad 48 Sheets £19.99
    Ink Refill pack of 9 £8.50.


Available from January 2009 in the USA.

RRP will be $199.00 for the Starter Kit pack.

For refills:

A4 Flipchart Note Pad $12.90
A3 Flipchart Note Pad $19.90
Interactive Letter size paper (200 sheets) $19.90

More info and acknowledgements

Surviving meetings / Paper Show website.

With thanks to Paper Show and Matt for lending me the starter box for review, and providing further information on the Papershow product. I've taken some screenshots from their site too for better illustrations for this review.

Thursday, 25 September 2008

Stupid Aid: misuse of "security", "data protection", "health & safety"

In a separate post I had a moan about security questions asked by banks and the like being too easy for bad guys to answer, and identification requirements not making much sense.

But, many of us have also experienced the opposite syndrome.

Unnecessary security questions

Most of us have had to deal with organisations whose security policies (or their implementation) result in unnecessary security measures, insisted upon by jobsworth staff in certain businesses, who seem to delight in forcing time-poor customers to recite their name rank & serial number (& even more) before they'll deign to answer any questions about the company's products, services or terms.

Yes, even when the question is clearly very general and could be answered (by someone who knows what they're doing, at least) without any access to a customer's account or personal details - e.g. what are their current interest rates?

Then the jobsworth acts like they're the injured party if you try to point out that it's unnecessary to go through all that before they can deign to answer your particular question. (They'll insist it's "data protection" or "standard procedures", usually.)

UPDATE: of course, how could I forget, a friend just reminded me - once you've managed to get through one raft of security questions before they'll condescend to put you through to the right department, you guessed it: the next department then makes you go through all the same questions, all over again. And so on for the next department. Why on earth can't they just have one security check per call or contact? It's the same with credit card enquiries where you have to enter your long credit card number, date of birth etc on the telephone keypad first before they'll even add you to the queue of calls waiting to be answered. And when you finally get to speak to a real human being, they make you give exactly the same details all over again (including your credit card number and birthday that you'd already input before). Stupid, and exasperating.

Data protection

A related problem is when jobsworth call centre employees refuse to give out information about a customer to any third party, not even the parent of a child, or the close relative of a sick elderly person, "because of data protection". A friend has to deal with matters on behalf of a seriously ill family member who isn't physically capable of it, and the hoops that some people try to make my friend jump through are unbelievable.

A silly but true recent incident, which got some media publicity and was cited by the UK Information Commissioner's Office as an example of misunderstanding data protection, was when Marks & Spencer's staff refused to talk to a mother about a missing belt on her 7 year old son's Superman outfit "because of data protection" - forcing her to get him to come to the phone to give his mum permission to talk on his behalf!

As the ICO pointed out (my emphasis): "Whilst it right for organisation to be careful before releasing personal information, this case demonstrates an absence of common sense. In the circumstances it was obvious that the seven year old child would not have ordered the Superman suit himself. Marks & Spencer were not being asked to release any personal information: they were simply being told that a belt was missing from the order."

The ICO also pointed out some other examples of data protection rules misuse when urging organisations (my emphasis) "not to hide behind the Data Protection Act unnecessarily when dealing with individuals" - what the ICO calls "data protection duck outs" like "parents not being allowed to take photos of their child at a nativity play; teachers unable to promote the successes of pupils in the local media and priests prevented from praying for an ill person by name during mass", insurance companies refusing to send out a claim form if requested by someone other than the policy holder, and exam boards refusing to give a child's exams results to the parent (or indeed the child herself - only to the teacher, who'd entered the child for the exam!)

The ICO "data protection duck-out" note is worth a read as it points out some other data protection myths - it seems to be an update of an earlier ICO note on data protection myths and realities, also worth a look as it gives some other examples not in the later note (though unfortunately it's undated).

Now usually the stupid data protection duckout is probably not as bad as security questions which are too easy for bad guys to find out the answers to, as most of the time it's more annoying, irritating and time-wasting for consumers than outright dangerous.

However, there have been cases where it has had dire real life consequences. In 2003, 2 pensioners, George and Gertrude Bates, who had funds but were forgetful, died after British Gas cut off their gas for non-payment - and didn't tell social services about the disconnection because they thought the Data Protection Act didn't allow it. The ICO myths and realities note also noted complaints that "a gas or electricity company will not tell them whether their elderly relative or neighbour is in arrears and in danger of being cut off" using data protection as the excuse.

Another example (see e.g. Out-Law article) which is also well known - in 2004, Humberside police blamed the Data Protection Act for their failure to record information about 9 prior allegations against Ian Huntley, school caretaker and convicted murderer of schoolgirls Holly Wells and Jessica Chapman, who may not have been given that job if that information had been known.

The ICO have at least since produced a "Data Protection Good Practice Note: Providing Personal Account Information to A Third Party" which gives some examples of good and bad practice in this context, as part of a drive to produce more practical and user friendly guidance etc, but in my view a lot of it is just down to using common sense.

"Data protection" has also been used as an excuse by some public bodies hide information about their position or actions from the public. The European Ombudsman has expressed concern that European data protection rules were "being diverted from their proper purpose of helping to ensure respect for the individual right to privacy.. Instead, they are being used to undermine the principle of openness in public activities."

While that letter was written in 2002, it still holds true today: "data protection" should not be used to prevent the public from finding out information to which they are entitled. (In that context, the relationship between data protection and freedom of information is not an easy one, and in the UK the tension between them was considered in July 2008 by the House of Lords in Common Services Agency (Appellants) v Scottish Information Commissioner (Respondent) (Scotland) [2008] UKHL 47. I've not read it yet but it seems that it isn't necessarily much clearer how the balance between the two can be struck.)

National security

Another type of unnecessary restriction "for national security" relates to "security" guards and the like preventing people from taking photos in perfectly public places, notably transport hubs - train stations, bus stations etc. Recently I witnessed London Transport staff stopping a tourist in Liverpool Street Station from taking a photo of their companion outside the Tube barriers! (And see this Guardian comment on the difficulties faced by a white female photographer openly trying to take publicity photos of a (non-white) man in central London.)

That's really stupid. The smart way for a real terrorist to take pictures of intended targets would be to use a small concealed camera, hidden "spy cameras" are easy and not expensive to buy, ,and so tiny these days that no one would notice. And I've no doubt a lot of terrorists are smart. If someone is openly snapping pics, why on earth assume they must have some evil purpose in mind? And how would fuzzy pics of a Tube barrier help a bad guy, honestly?

(Digressing further, I also think it's stupid that because of the UK Criminal Justice & Immigration Act 2008 section 63 you can now be a criminal for just possessing "extreme pornographic images" of things which, if you did them, would be perfectly legal to do, even if others might think they were grossly offensive, obscene or disgusting. How can merely having a photo of something be worse than actually doing it? Though I'm not advocating evening it up by criminalising "obscene" acts! On the contrary, I think what adults do in private with informed consent is their business. Possibly, even if it's potentially life-threatening - look at dangerous "manly sports", they're perfectly legal aren't they? Double standards still rule.)

Does technology or modern life make you stupid?

Now on to stupidity and technology / the complexities of modern life and living.

The ICO had thought it appropriate to mention the DP duckout at the start of "Stupid Aid Week" (1-5 September in 2008), whose slogan is "Make Stupidity History".

Stupid Aid Week was started in 2007 by public relations consultant Andy Green after he "asked [in a restaurant] for a slice of lemon in my water and was told I couldn't have one because it would involve using a knife and that would mean carrying out a risk assessment... Stupidity is not about low intelligence, it's about inflexible thinking without asking questions... Whether it's being told 'the computer says 'No', facing an unhelpful call centre hiding behind 'data protection', or just inflexible 'jobsworths'. I'm trying to get people to stand up for themselves more and not be fobbed off."

Other examples he's given: a car running into another car because "the sat nav didn't show the T-junction"; and not being able to make a doctor's appointment more than 2 weeks in advance because the computer only allowed scheduling for up to a fortnight. And top 6 excuses for stupid decisions or stupid thinking (including "it's health and safety"!)

As he puts it, is technology (to which I'd add complex "data protection" laws and the like) getting in the way of common sense?

While his "Flexible Thinking Forum" is billed as a "not for profit social enterprise enabling businesses and organizations improve their people’s creative thinking skills", it doesn't seem to involve more than 1 person; there's not been much mass takeup of his Stupid Aid campaign (e.g. as I write no one has suggested even one example of stupid thinking on his submission page yet) but it's certainly an excellent way for him to promote his consultancy practice and his new book Overcoming Stupidity in the World Around You: The Stupid Aid Survival Guide, which is described as aiming to provide "practical tools, tips, ideas and inspiration of what to do when you are faced with examples of bureaucracy gone mad, daft decisions, or inflexible ‘jobsworths’". (No, I haven't got a copy.)

It's very clever indeed of Andy Green to get free publicity not just from the ICO but also from the AA and from the Institution of Occupational Safety and Health for his Stupid Aid Tour 2008 and book launch, but then he's a PR expert! (Though what's less clever is that he hasn't directly linked from the book's page to where to buy the book, and the press release for the book launch is only available in full in DOC format.)

By the way, I like the AA stupidity examples like councils wasting employee time and money painting double yellow lines in spaces so small that only toy cars could park there. And the IOSH is sponsoring, for a second time, the World Conker Championships on 12 October 2008 at Ashton, near Oundle, Northants to make the point about "health & safety" stupidity.

But is it really technology that's making people "stupid"? I don't think technology as such can be blamed. While it does seem that lots of computer use (as opposed to reading) can affect brain, personality and identity, in this context personally I wonder if the seemingly increasing abrogation of responsibility and refusal to think beyond rigid literal rules are partly due to information overload - there's too much you need to know about these days, it's too difficult to understand most of it, so the path of least resistance is just to stick your head in the sand, stick to reciting the rulebook, and not have to think about anything.

If modern society is to achieve a sensible balance between security and freedom / convenience, a lot more people will need to start putting on their thinking hats and taking their common sense pills!

Security, data protection, proof of identity: daft questions, measures, implementation

You have to answer a raft of security questions when trying to manage your account at your bank, credit card company or other financial institution.

But, are they the right questions? And are they asked appropriately?

What about other "security measures" used or insisted upon by institutions - are they commensurate with the risks they're supposed to address, do they even make sense in some cases?

Insecure security policies

Security questions - too easy!

Tom Morris has written an excellent blog post on "How to fail at security". He looks at the security information his bank asks him to provide to verify his identity, i.e. prove that he is who he says he is - which is very much the same sort of security information that banks and financial institutions generally, and indeed other kinds of organisations or businesses, require: date of birth, first school etc

And he noted how easy it is for other people to find the information needed to answer most of the standard security questions (e.g. parent's first name) correctly so they can masquerade as you.

This point was brought home with a vengeance a few days ago when hackers got into the Yahoo! email account of Sarah Palin, Republican Vice President nominee and running mate of the US Republican Party's 2008 Presidential candidate John McCain. The incident was widely covered in the media.

The BBC reported that it seems the hackers managed to access her account by resetting her Yahoo! password (i.e. they used the "Forgot your ID or password" link), answering the security questions correctly because they had found out her date of birth, zip code and other personal information through Wikipedia and other online databases.

A recent BBC 3 documentary aimed at young people called "Mischief: Your Identity for Sale", which was made before the Palin email incident, also showed how much personal data people innocently and unthinkingly make available to the world (including bad guys) on Facebook and other social networking sites, which can then be obtained and used against them for nefarious purposes.

Even before all this, I've gotten into the habit of giving a different birthday date and zipcode / postcode to different sites that require the information when you try to sign up, and yes different mother's maiden name etc too. I figure it's none of their business, most of the time they don't need to know anything more than my login details and the fact that I'm over 13 (for US sites) or over 18 in most other places. And of course, this practice makes things more secure for me - though I have to ensure I remember or keep a secure note of what site has which info!

Even so, one of the banking sites I use just requires real name, postcode, birthday and mother's maiden name to login. (And a password, not even a PIN, which may not survive a dictionary attack for long.)

Now Tom had suggested that banks should use digital signatures and other, better, security measures.

I'm not sure how that would work when speaking on the telephone; plus, non-geeks seem to have a big knowledge gap where digital signatures are concerned, though they've been around for years.

I'd be the first to say I don't know enough about digital signatures yet. I'm only starting to use GPG, myself, and I think it's still too difficult and inconvenient for the vast majority of non-geeks to use. Possibly digital signatures are still to hard to use as they've not been implemented widely enough and their implementation is still not effective or user-friendly enough for the average consumer.

Indeed, more often than not just digitally signing a clear unencrypted email simply doesn't work, because of how email systems (like Outlook) handle the email; it claims the email's not been properly signed even when it has been. Which won't help persuade the average non-techie to trust its reliability, will it? Normally the whole email needs to be encrypted before a valid signature will definitely be considered valid.

Other security policies

Here are other examples of other security policies which are not exactly helpful or secure.

Password security. It's received wisdom that to create strong passwords that are less vulnerable to being guessed or discovered by bad guys, a combination of upper and lower case letters, numbers and symbols should ideally be used.

But what does a customer trying to sign up for "My T-Mobile" find?

That's right, they actually stop you from using special characters (e.g. a hyphen - ), i.e. they actually stop efforts to make your password more secure.

Who has access to your password? A financial organisation recently sent me some information in a document which they'd password-protected with the password they originally sent me for logging in to their site. Now that particular document would have had to be manually passworded, so that means someone there had to be able to look up my login password for their system in order to be able password protect that document!

While I'm pleased they thought about password protecting the document before emailing it to me, and I can only login to view my personal financial information (but not to carry out any transactions), I'm not sure that allowing staff such easy access to customers' login passwords (and information about their financial positions!) is really a good idea. (There's no way to let me change my password online either.)

Proofs of identity

As for the supposed "anti-money laundering" proofs of identification that some banks or credit companies force applicants to provide, why can't there be more consistency across the different financial institutions in terms of the range of acceptable documents, how recent they have to be, and whether they have to be originals?

F'rinstance, one credit card company insists on getting your original photocard driving licence or passport (old style licence has to be less than 12 months old, but hello, if it's old style it's not likely to be recent! And why must documents without a photo be more recent than ones with?). Are you really going to trust the post, or indeed the bank, not to lose such an important piece of ID?

Another organisation will accept a certified copy of your passport etc - but only if signed it's and stamped by a bank, solicitor, accountant, doctor or police officer. "Actually I'm not ill, doctor, just thought I'd drop in, now sign here please". "Hello ossifer, can you just stamp and sign here, thag u bery much". I think not!

And stamps can be easily forged, so why on earth insist on one? What's to prevent bad guys from looking up a doctor or finding a local solicitor etc, checking the name of the general practice or law firm they work for, then forging their signature and applying a rubber stamp that has the name of the practice or firm on it? How on earth would the financial institution known the signature is genuine, or that the stamp really is the official stamp of the practice or firm? Do they have a copy of all signatures and pictures of what official stamps look like for every GP, solicitor, accountant etc? Again, I think not.

Council rent books or tenancy agreements or benefits documents are fine for some, but the middle income person is shafted again if they don't rent from a council and aren't on benefits.

Some firms accept e.g. a letter from your insurance or pensions company, but some won't. It's nice (or something...) to know a certified copy of a shotgun licence or firearms certificate is good enough for others, though!

Council tax statements are usually only issued annually so you can only provide one that's dated within the last 3 months for 3 months of the year. If you're applying for a credit card or bank account during the other 9 months, you can't use your council tax bill.

As for bank or credit card statements, are you kidding? My bank transactions and purchases are none of their business. And I'm not going to put my original bank or building society passbook in the post to them either! I'm only prepared to send them a gas or electricity utility bill, so thank goodness for quarterly bills. ("Letter from county court" is funny though - what about a court letter demanding payment of your hugely overdue debts, would that do?!)

With security questions and the like, there's sometimes the opposite syndrome too of "too much (unnecessary) security", when employees of banks, call centers etc insist on full "security details" even when they're completely irrelevant to the question you're trying to ask them because you're not wanting personal information or account information, you just want general info about the company or its service. My rant about that is in a separate post!

Immobilise: recover lost / stolen mobiles, iPods etc, & check before buying second hand goods

Registering your stuff free, for easier recovery

You can register make, model, serial number and photos of some of your portable possessions online (laptops / notebook computers / UMPCs, PDAs, mobile phones etc) in order to help get them back if they're recovered after being stolen or lost.

I'd previously covered MendUK (now called Immobilise or the Immobilise National Property Register); it's recently been revamped so I thought this was worth a reminder. As they put it, "it's supported by all the UK Police forces, the Greater London Authority, Transport for London and The Mobile Phone Industry".

They also have a division in the USA, called appropriately Immobilize.

It's free to create an account and register your mobile property with Immobilise, but you can also buy their wares e.g. tracer tags and property markers for bikes, luggage etc.

Immobilise is accessible from a police database, the National Mobile Property Register, so that police officers can search for items by serial number and check who they're registered to - and trace the real owners to return them to. Of course, note that this also means that, as the site puts it, as a registered user of Immobilise you'd "make your property ownership details viewable to the police".

The Immobilise register is also checked by lost property offices like the Transport for London Lost Property Office (where incidentally you can enquire about stuff left in black cab taxis as well as the Tube, bus, DLR or train, tram etc).

Is it legit - or stolen?

Before you buy something secondhand from eBay or elsewhere, particularly electronic items like games, stereos, satnavs etc, it might also be a good idea also to check if what you intend to buy is legitimate.

Generally, while the law differs in different countries (so you should check the position in your own country), a buyer of stolen goods is not allowed to keep them even if the buyer was innocent and genuinely didn't know or have any reason to think that the things they bought were stolen.

So you could be out of pocket if stolen goods are traced to you - you've lost money that you paid the thief (who's probably long gone by the time the authorities come round), and you also have to give up what you thought you'd bought.

That's where Immobilise's sister site CheckMend comes in. It operates not just in the UK but also Europe, the USA and Malaysia. There's even a CheckMend blog.

However, it charges people a fee (or subscription) to check the history of items registered on their databases: currently £1.99, €2.50, or US or Malaysian $2.99.

I'd have thought people would be more willing to pay a fee to register their stuff, than to pay to check the serial number of something they've just paid for and then find that it's taken away from them because CheckMEND search results showed the item was on their register as stolen, and they reported the search to the police!

(See Checkmend's UK Conditions 21: "...We can be compelled to disclose this data to the Police or other authorised bodies for the purpose of investigating or preventing a crime. In order to protect those making CheckMEND checks and owners, when requesting a CheckMEND on the Website, via SMS or by email you agree to our supplying data to the police or other law enforcement authorities for the express purposes of the prevention and detection of crime, arrest and prosecution of offenders or for the recovery of stolen property.")

Tuesday, 23 September 2008

Banks and postal security (not!): "disguised mail"

I just received a new bank credit card in the post - in an envelope which had "Disguised mail" stamped on it (the serial / ID number in the photo of the envelope is obscured to prevent possible identification of recipient!)

Talk about silly "security measures". I thought the whole point of "disguised mail" was to conceal the fact that there was something valuable in the envelope, by making it look like an average boring letter. Shurely printing "Disguised mail" on the outside of the envelope shomehow defeats the object?

Might as well print on the envelope in big fluorescent letters: "Yoohoo, thieves & fraudsters, lookee here, unsigned bank card enclosed, come & get it!"

Luckily, my new credit card was intact. Or it seemed to be, anyway.

I'm starting a new label for posts: "stupid". And I'm stamping this post with that label, of course.

Virtual Worlds: Serious Applications - free talk

I notice the Imperial College Internet Centre (ICIC) are hosting a free session Serious Applications of Virtual Worlds - ICIC Tuesday Talk on Tuesday 30 September 2008 from 4-6 pm.

From the blurb: "Dave Taylor, Programme Lead for the Medical Media and Design Laboratory (MMDL), will deliver a talk entitled "Serious Applications of Virtual Worlds" including a live tour of the SciLands (Science and Technology Continent) and Imperial College's new Medical School in Second Life. Dave will also give details of a virtual worlds competition that is planned for later this year... Second Health is an immersive hospital environment that can be visited in Second Life."

There are 30 tickets left as I write, if anyone interested wants to sign up.

In July 2008 the Internet Centre hosted an excellent day of seminars on Wealth of Networks 2008: digital economies & next generation internet (of which I managed to produce some audio recordings), including a very interesting and thought-provoking session on digital economics and the monetization of Web 2.0 so this session looks like it'll be well worth attending.

Saturday, 20 September 2008

Google Search goes Pirate, aarrrr!

While I'm probably the only person who managed to resist the urge to go Aarrr on Twitter yesterday, 19 September, I see that Google at least have marked the occasion of International Talk Like A Pirate Day by making their search interface available in yet another language - yes, you guessed it, Pirate!

Pirate thus joins the illustrious ranks of Bork, bork, bork!, Elmer Fudd, Hacker, Klingon and Pig Latin as a fun "language" you can use for your Google search interface.

So g'wan, try it: search Google like a pirate!

(Via Google Blog, which also explains how to set your Google preferences to keep your Google Search interface in Pirate. If you really must.)

Wednesday, 17 September 2008

Attend Neil Gaiman discussion for free!

If you're a fan of writer Neil Gaiman (as I am, I rarely buy books but I have nearly all of his), you can get a free ticket to a discussion Piracy vs Obscurity - An audience with Neil Gaiman on Friday 24 Octoher 2008, 7-9 pm in London, just by joining the Open Rights Group between now and the event. It may particularly be of interest to writers and authors.

But you need to be quick - as I write there's only 7 free tickets left for new supporters (and 7 for existing ones who can attend for a fiver). It was open to the general public too, at £10 a head, but that's sold out now.

I'm a member of ORG, myself, and it's well worth it at only £5 a month for a year if you care about your civil liberties in the digital age and want to help try to ensure that:
  • state and business powers in relation to things digital (e.g. CCTV surveillance of all citizens' traffic movements, or monitoring all websites you visit just to show you "more relevant" ads), and
  • on the other side of the coin, digital restrictions on our rights as citizens and consumers,
will be sensible, balanced, proportionate and properly informed, taking into account how technology actually works in practice and its true possibilities and limitations - rather than being effectively dictated to politicians, some of whom barely know how to turn on their computers or program a video (granted, I struggled with some VCRs myself!), by those who have the most money and perhaps their own commercial or other interests to serve.

The details from the Eventbrite sign up page (via the Open Rights Group blog post mentioning the event):

Piracy vs Obscurity - An audience with Neil Gaiman

Friday, October 24, 2008 from 07:00 PM - 09:00 PM (GMT), London

Neil Gaiman, prolific creator of prose, poetry, film, journalism, comics, song lyrics, and drama, is known as one of the world's top ten living post-modern writers. He is also patron of the Open Rights Group (ORG). In this, the first public appearance of his Graveyard Book UK tour, he invites fans and ORG supporters to discuss piracy from the perspective of a creator, what it means to be one of the tribe of readers, and why most people discover their favourite authors for free.

Entry to this special event is free to new supporters of ORG who join between now and the event. Existing ORG supporters will be charged a discount rate of £5 and the general public will be asked for the full price of £10. Click here to join ORG.

Attendees will receive an A3 poster celebrating the publication of Neil's latest work, The Graveyard Book, and a chance to win a signed copy of the book.


19.00 - Doors open. We'll welcome you into the crypt with wine and nibbles.

19.30 - Neil's talk starts and will be followed by an extended Q&A

21.00 - The talk finishes and all attendees are invited for a drink to the private upstair rooms of an adjacent pub, The Three Kings.

Monday, 15 September 2008

The human voice: Pavarobotti, singing styles etc

I recently watched the documentary The Voice about the science of the human voice, how it works and why it's so hard to replicate it - whether it's an artificial voice through machine synthesis of speech / singing, or in mimicking other people's voices (the programme also featured famed impressionist Rory Bremner, whose imitation of Tony Blair actually improved after a comparative analysis of their speech). It's a repeat, but I'd missed it when it was first broadcast.

You can watch The Voice free via the BBC iPlayer (more info on BBC iPlayer) until 8:29pm Friday 19 September 2008.

It was presented by Prof David Howard who has a chair in music technology at the University of York (I'd heard him speak before on the voice and vocal care etc, though he never did reply to my email asking about his supposedly freely available WinSingad voice analysis free software).

I absolutely loved the Pavarobotti (produced by Dr Ingo Titze and team), which you can hear singing Nessun Dorma on YouTube:

And here's another link I found from Stuttgart University of the Pavarobotti, rather less interestingly, singing the word "Fly" several times!

It was also fascinating to hear voice coach Christella Antoni, who has such deep physiological / anatomical knowledge and fine control over her own vocal apparatus that she can sing to order in many disparate styles. On the programme she sang in the styles of Katie Melua, Barbra Streisand, Ella Fitzgerald and Ethel Merman! Impressive.

(She appears in fact to specialise in speech and language therapy for male to female (MTF) transgender / transsexual individuals in London - I wonder if she'd be willing to coach non-trans people in singing, especially belt? If I could just learn to belt properly, I'd - well, with one or two other things - die happy. She seems to be a proponent of the Estill school though, which as I've said before isn't necessarily supported by all good singing teachers.)