I have been away for a little while. I delivered my final paper on Friday after a 34 hour stretch, mainly because I have the unequaled ability to doubt my own work any given moment. This is weird, because when it comes to data and data systems, I can see through the fog of implied BS in ways most cannot fathom. In that same way, I am now seeing a weird transition by Microsoft that has the ability to endanger its own customer base, which might be a new low in their list of achievements. After a day of attempted rest whilst I faced 44 degrees (summer in Sydney), the Guardian treats me (at https://www.theguardian.com/technology/2017/feb/03/skills-shortage-harming-uks-ability-to-protect-itself-from-cyber-attacks). There is something either incomplete or not matching here. The article by ‘Rajeev Syal and agencies’ is actually quite good, it gives us “the role of the Cabinet Office, which is responsible for coordinating information protection across government, remains unclear“, which is in one way awesome because of the admitted issue, a little less so when you consider that his has been going on for over 6 years. You see, those people still got paid, and the admission of non-clarity for that amount of time should validate a few additional questions to those occupying postal code SW1A 2AS. So, when you are in front of that Downing Street fence, which separates the Prime Minister from the common riff raff, it will be the building on the right! One of the interesting quotes is: “The threat of cybercrime is ever-growing, yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. In this context it should concern us all that the government is struggling to ensure its security profession has the skills it needs.”
I would add to that is the fact that those nations tend to hold employees accountable for cyber losses, which might not be fair but it is apparently wildly effective. In the cyber industry a decent dose of paranoia tends to keep people cautious and on their toes, which does allow to explain the situation the Commonwealth at large finds itself in, not just the UK. One of the gems in the article was “The report said the Cabinet Office’s ability to make informed decisions about security is “undermined by inconsistent and chaotic processes for recording personal data breaches”“, that is just one factor. The fact that Microsoft has been uploading gigabytes of data (per person) from gaming consoles, without consent and whilst Microsoft is in denial blaming the ISP for this event, the question the press at large has not considered asking Microsoft. Why do you need 6 GB of data from a console playing a single player game? There is no way that this is about ‘enhancing‘ the experience.
This is about collecting data and in addition, there is no divulging on what exactly is being uploaded, the fact that it is done without consent is another matter and there is no record on the system. If one victim had not shown me the $60 additional fee he got for 2 weeks of unknown uploading, I would not have believed it. The fact is that this person had mobile broadband was a kink in the attempt to keep the uploads unnoticed is one that Microsoft had not considered and as such we need to consider that an Xbox User needs to realise he is facing an estimated $1400 a year in additional fees upload fees, how affordable is that console now?
So is this about money, about data or about privacy? The issue is that worldwide 15 million were sold by November 2015, whilst the US has roughly 8.5 million of them. So a sizeable chunk of the 6.5 million outstanding consoles are in the UK and whilst Microsoft is not revealing the sales numbers, likely as the humiliation against the PS4 sales is too great, we also need to wonder in light of the upcoming Scorpio (the Xbox One plus plus) edition, the light of so much uploads without consent is an issue, because in the first the people did not get a choice and the second is that there is no way to tell what was uploaded, how much privacy information. In that light, we need to look at not just what is done, but what actions need to be made against these large corporations and I am willing to bet the house that these ‘inconsistent and chaotic processes for recording personal data breaches‘ involve groups giving protection to Microsoft to some degree creating chaos. In addition, I wonder if GCHQ is aware on what Microsoft is pushing into its Azure cloud via Windows 10, what level of privacy breaches is Microsoft involved in?
That is part of all the issues because there is no issue with skill shortage, especially when cybercrimes cannot be properly monitored as everything is in a cloud environment, a US driven cloud environment I might add. Before those in Whitehall start to snicker on the premise of gaming, perhaps those are reminded that as we see in Newzoo (at https://newzoo.com/insights/articles/global-games-market-reaches-99-6-billion-2016-mobile-generating-37/), the gaming industry is a $100 billion plus field and the UK has shown its teeth in this field for the longest of times.
Yet the makers are now creating an unfair advantage (and without consent) on mineable data allowing US companies to take the highest road at the least cost. In all this they have the ability of selling spiked lemons, impeding the industry outside of the AAA American companies’ even further. That is all before we see the dangers of cloud intrusions and the damage organised crime can inflict. And any of those people claiming that this cannot happen, I would advise those people to take a look at the Sony track record of getting hacked. There are too many unknowns, but the fact that a lot of this is done without consent is perhaps the most damaging one and so far, it seems that skills shortage in the UK is not even the most debilitating one. When you consider this quote: “The government ignored its own advice by failing to carry out a business case for government security classifications system, which was meant to deliver £110- to £150m-a-year in benefits, MPs said“, a quote that is not in question perse, yet the fact that the games industry surpassed $100 billion, in this the UK could stand to corner up to $30 billion, I am decently certain that ‘£110- to £150m-a-year in benefits‘ won’t be getting close to covering it any day soon.
The losses and the growing loss of industries in several sectors are leaving the UK with a diminishing amount of options in an industry that will the first and almost the only one growing its production, manufacturing and development base. All items that would have the effect of spicing the coffers of her majesties treasury by a fair bit, that is of course not the bottom line, but it is the icing on the cake and those who had to live by ‘let them eat cake‘ have been doing so without any icing for nearly a decade. And that is all before Google has decided on the next step that could bring them an additional 6-13 billion (13 billion would be most advantageous forecasted model), a jump that will affect software and hardware evolutions in a few ways for the next decade as 5G gets a hold of these new devices and opens the field for even more devices and concept solution. A change few had seen coming and less of them thought the change was realistic, some hold that opinion even today, it’s a sad world, I know!
In that atmosphere the Cabinet office and MP’s are deliberating on Cyber needs and skills whilst their train is already 3 stops delayed and they have no idea what is awaiting two stops ahead, meaning they are already one train stop behind and that is just delay through inaction. So as we are looking at the last part given, where we see: “A National Cyber Security Centre spokesman said: “The government has been clear that the newly formed NCSC is the UK’s definitive authority on cyber security. In the four months since becoming operational, the NCSC has transformed how the UK deals with cyber security by offering incident management capabilities, fostering technical innovation to help prevent attacks and providing real-time cyber threat information to 3,000 organisations from over 20 different industries”“, yet in that, where is the turnaround? You see, as we see linked to all this: “New generation of ethical hackers aims to impress recruiters“, we see: “Defence experts have long warned of the growing menace of cyber-crime and now they have good reason to believe the threat is being given priority treatment“, yet we do not see: “Last year’s Cyber Security Challenge was fairly fanciful. It involved a bio-hazard attack and a threat against a minor royal. This year, the challenge is more grounded in reality. The contestants are asked to find evidence of large corporations gaining an increased advantage by uploading personal data without consent for advantageous data mining“, that no less a threat and it seems that government parties on a global scale are actively avoiding this. You see, we agree that organised crime and batches of exploiting hackers must be stopped, yet for the longest time, the party’s involved are ignoring the ‘legal‘ crimes and how it is shifting the balance of cyber power. slowly but certainly towards the 5 big players leaving the field barren for nearly all other innovative corporation hoping to grow into that field and as the field is limited to 5 players we will lose out on actual innovation and we are left with the iterative field we have had for slightly too long. By the way, this goes far beyond games, this field is now intersecting a very different field. Consider the paper ‘Big Data Framework for Analyzing Patents to Support Strategic R&D Planning‘, by Wonchul Seo, Namhyoung Kim and Sungchul Choi. In this paper they set in the abstract “In this paper, we propose a big data framework to process and analyse large-scale patent data. The proposed framework consists of four layers: an aggregator layer, a storage layer, an analysis layer, and an application layer. These layers are designed to collect patent data, store the collected data, analyse the data, and present the results. The primary objectives of the proposed framework are to provide a patent analysis service platform based on big data technologies, and to support strategic R&D planning for organizations“, now consider interfacing that with a database that has the goods on 270 million devices using Windows 10. Does it still sound so strange? The gaming industry might seem juvenile to the people in Whitehall, but even they cannot be stupid enough to ignore a $100 billion plus industry. So as Microsoft is uploading data and no one is asking questions, we have to wonder why the questions are not asked, more important, the fact that ‘without consent‘ is not addressed is even more worrying, especially with the cyber players in town and the fact that anyone actively ignoring a few billion in revenue tends to not have a career after that comes out.
So you tell me, is the water still too murky or are the players murky about the actions taken?
And when we see the marketing responses like ‘to give the players a better gaming experience‘ or ‘uploading is not with us, that responsibility lies with your ISP‘, you better be able to answer the question why the ISP is dumping all that data on the Azure cloud, because ISP’s tend to not do anything they aren’t paid for and they tend to not do anything without consent, as the retaliatory claims and penalties tend to be much too high. So when the alphabet soup gives us Avarice, Build-up & Covetousness. Is the alphabet soup about protecting against cyber-attacks or trying to minimise corporate losses?
They are both victims, but one does not include the other, I’ll leave it up to you to decide who remains a victim in the long run.
Lawrence van Rijn - Law Lord to be 