Do we have any privacy left?

December 19, 2006

Nearly eight years ago Sun’s Scott McNealy famously remarked “You already have no privacy. Get over it”.

Since then, in addition to the existing credit reference agencies like Experian that profile our buying habits, we have seen an increase in surveillance in the UK, the U.S. wiretapping telephone conversations, mobile phone tracking, sites like Plaxo, Jigsaw and Spoke that want to collect our contact lists, and the advent of Google which offers us convenience in exchange for access to our surfing habits and e-mail.

And now we have the debate about the Connecting for Health part of the NHS IT Programme, which proposes uploading of patient records in the UK to a central database, and covered today on Techdirt. The issues surrounding the programme, including confidentiality and reliability, are catalogued comprehensively on the NHS 23 site. One of the key points seems to be whether or not patients will be able to opt out of the database (see the Big Opt Out for a template letter if you do want to).

Going back to McNealy’s quote, he explained it In a later interview:

“The point I was making was someone already has your medical records. Someone has my dental records. Someone has my financial records. Someone knows just about everything about me.

Gang, do you want to refute my statement? Visa knows what you bought. You have no privacy. Get over it. That’s what I said.”

That may be true, but the data can be hard to reach, which is a useful safeguard. With centralised patient records, the NHS programme will no doubt benefit some patients but when a team of consultants from DET NORSKE VERITAS conducted a risk analysis on behalf of Connecting for Health, the consultants concluded that patient records would be safer stored locally.

I believe that we do still have an opportunity to exercise some control over what happens to our personal data, and retain some degree of privacy.

Links:


Privatising Santa Claus

December 14, 2006

From the Alex cartoon series running in the Telegraph:

Santa Claus’ operation is being privatised, and today the Elves are being outsourced.


Last week

December 11, 2006

At work and home we seem to be firmly into the pre-Christmas build up. At work, we are tying up loose ends on requirements gathering, and there is a seasonal increase of eating and drinking out.

The main stories I noticed last week were in politics:

Gordon Brown announced his pre-budget report, which seemed designed to counter the Tories’ pledge to increase green taxes while consolidating his position as outgoing Chancellor and future Prime Minister; however Gordon Brown is likely to have a difficult time as PM, assuming that he does achieve his goal.

Tony Blair was in America for the first time since harsh comments by a State Department advisor on the UK-US “special relationship”. During the press conference, the BBC’s Nick Robinson questioned President Bush on why he described the situation in Iraq as merely “unsettling” (video footage is available via the link).

And following on from developments into the investigation of Alexander Litvinenko’s poisoning, Newsnight reported that detectives were still trying to track down Transaero plane “EIDDK”, and asked any plane spotter viewers to e-mail the programme if they saw it. Spy Blog reports that the Government has issued an exemption against sections 13 and 14 of the Radioactive Substances Act 1993, which covers accumulation and disposal of radioactive material.


Combatting mobile phone theft

December 6, 2006

In the UK a mobile phone is stolen every 12 seconds (it was around one every 3 minutes a few years ago). If your phone is lost or stolen you can call your network operator and have them block the SIM card. However, the handset is still usable.

To block the handset you need your IMEI (International Mobile Equipment Identity). which you get by typing the following into your handset: *#06#

The National Mobile Phone Register is a free service that was set up in 2005 and is used by the police to track lost or stolen items. On a good day it looks like this:

immobilise-cached

However, it’s currently down, and has been since yesterday morning.

In the meantime, make a note of your IMEI somewhere.


Comparing Java, PHP and Ruby

December 1, 2006

I’m having another go at reading my feeds through Thunderbird, which allows me to mark posts so I can come back to them later (my previous reader doesn’t). And version 1.5 allows me to import OPML.

While scanning the feed list I came across a post yesterday on Professional PHP, which is 3 weeks old but very pertinent given the languages I’m developing with. The post, entitled “Why is PHP considered hard to maintain”, covers Tim Bray’s presentation given at the International PHP Conference in which Tim compares the relative merits of Java, PHP and Ruby. We aren’t just talking about the languages themselves, but also the frameworks (for example, JSF/Spring/Hibernate, Apache/mod_php, Ruby on Rails) that allow you to build web applications; of course, you have to be careful which criteria you choose to compare but I think Tim’s presentation succeeds.

I’ll cover the point about PHP maintainability below, but want to add my view on the relative merits of Java, PHP and Ruby as development environments …

I work in a large company designing and developing “enterprise” Java applications, based on Java EE. I’ve been using Java since 1997, initially with applets, then Swing thick client applications, and now thin-client enterprise applications. The objective of most projects is either adding new products, or cost reduction through improving existing business processes, and integration with existing systems usually plays a significant role. In an environment like this Java (EE) is ideal, as it has an excessive extensive set of libraries, is supported by the major tool vendors, and has a clear development and deployment model for separation of responsibilities.

One of the downsides of the Java platform (as opposed to Java the language) is the overhead of this predictability; the build-compile-test cycle, software configuration management, and the cost of tools.

For a while now, there has been a trend in Java EE to developing with a more lightweight application model based on frameworks such as Spring application framework, and Hibernate for database mapping. One of the rationales for Spring, as advocated by Rod Johnson, is that you can achieve the same effect as Java EE without constraining yourself to the full EJB-based Java EE programming model: EJB’s have been successful only as Stateless Session Beans, and you might as well therefore use Plain Old Java Objects (POJOs), which don’t have the overhead of requiring a full-blown Java EE application server.

Another aspect of Java is that it is a statically-typed language, with compile-time type checking. This usually results in more typing (or reliance on code completion tools) and constrains how you structure your code, with type-safe interfaces. Compile-time checking seems like a good idea as it validates that your code is consistent at the code-level, but it introduces the compilation step before you can test (which can be painful on a large code base) and it doesn’t guarantee that your code is going to behave how you want it to (more on this in a future post).

So I’ve been keeping an eye on developments in other programming environments (for web applications), namely PHP, Ruby and Python.

Python seems like an excellent general purpose language, and has the Django and Turbogears options for web applications. But so far it doesn’t seem to have gained the same traction as PHP or Ruby for web applications. However, for organisations with existing Java infrastructure the Jython implementation of the Python language in a Java VM gives you the advantage of coding in a dynamic language but with integration into the Java platform.

When I first looked at PHP I thought it was a bit of a mess; function names in camel case or with underscores, poor namespace support, and limited OO support. After a while I read George Schlossnagle’s excellent Advanced PHP Programming and this pointed me in the right direction.

Coming from a Java background, on my own PHP projects I use OO principles and so far it’s been going OK. Going back to the original post about PHP maintainability, I don’t find that PHP is difficult to maintain. If you follow an OO model, and adopt Test-Driven Development then I think maintainability should not be an issue. Of course, it is possible
to write unmaintainable code in PHP but I’ve also come across Java projects where the code base has become a maintenance headache through initial over-engineering and progressive undermining of the code design through staff turnover and scarce documentation.

Ruby, and in particular the Ruby on Rails framework, is cool at the moment. Championed by the people at 37 Signals, its principles of “convention over configuration”, making programming fun, and making it hard to program badly, seem to resonate with developers looking for a better way to develop. There is some debate, for example,
with the lack of support for compound primary keys, as to whether Rails is suitable for the enterprise. However, you can use Rails in conjunction with other technologies.

Tim’s presentation reflects my belief that no one framework has the edge on others in every case. For rapid development in green field projects I believe Ruby on Rails has the advantage, due to its enabling greater developer productivity. But I expect that Java EE (increasingly in the form of Spring+Hibernate) will be around for a long time in enterprise environments.