Facebook and Cambridge Analytica

I’ve been following the stories surrounding Cambridge Analytica and Facebook for some months now, and in recent days, following stories from The Observer, The New York Times and Channel 4, the story has really blown up.

However, I do think that the story, while completely valid, and asking some really critical questions, perhaps over emphasises some aspects at the expense of others. It’s true – I tend to see cock-up rather than conspiracy in most things. But here are some of my thoughts on the two key players in this instance.

On Cambridge Analytica

My underlying belief is that Cambridge Analytica is a company that claims it’s more powerful than it actually is, and uses the “digital voodoo” to win business in the murky world of political consulting.

If nothing else, tonight’s Channel 4 News exclusive shows that aside from stories about how powerfully the company is able to target voters using sophisticated social media targeting, more than anything they’re an ethically dubious political consulting group who will do just about anything to see that their paymasters win.

On Newsnight, their CEO Alexander Nix somewhat disingenuously claimed that he was being targeted by British media. That’s certainly not what came across in the Channel 4 video.

As they themselves will admit, it’s clear that Cambridge Analytica did indeed use Facebook targeting to try to micro-target individual voters during the last US presidential election, with advertising that pushed the right buttons with those voters. So if they thought that you might be swayed with promises about jobs, then that’s the hook that they would use to get you to vote Trump. But I also think it’s true that previous campaigns have done the same – notably Obama’s.

Of course we’ve not really had many elections in the time of social media to truly measure the impact, but while the data does allow a political party or its supporters to make potentially hundreds or even thousands of different pieces of copy that might tick the right boxes amongst voters, I think that it’s incredibly naive to believe that so many are willing to change their voting intentions on the basis of a few Facebook ads. It takes more than that.

That being said, this is clearly the narrative that Cambridge Analytica have painted for themselves. They worked for a campaign that wasn’t seen as likely to win the US election and yet it did. That means that they can go out and win lots more business all over the world with the suggestion that it was them “wot won it,” – as the Sun once claimed after the Conservatives won the 1992 UK General Election.

It’s a great gimmick. Nix has been able to go out and proclaim that his company has discovered the secret to winning elections. And campaigns of every hue have been queuing up at his doorstep.*

Beyond that, it does sound as though the company has been, if not bending the rules further than it should, taking and using data it really isn’t allowed to. After months of questionning, as the big stories came out over the weekend, Facebook finally pulled Cambridge Analytica’s access to use the platform and says that it will be conducting a forensic audit on how the data was being used. Meanwhile the UK’s Information Commissioner is seeking a warrant to look at the company’s servers and databases.

I wouldn’t in any way excuse the company. If the claims made by both whistleblowers and others are proved to be true, then the book needs throwing at the company.

But I still need a lot of convincing that the company is as powerful as it would like to portray itself. Instead, I see a company who has decided to lead on it being an expert at data science in the world of political consulting to give it an edge over its rivals. And given the scale of social media networks and the way that users and the networks themselves use this data, we are more willing to believe that they are more powerful than they truly are.

On Facebook

I think Facebook has some real problems that are largely of their own making. This boils down to a few key areas, all of which they really only have themselves to blame for.

Privacy Settings

Facebook’s privacy settings have always been a nightmare for users. With a network as complicated as the one it has built, relatively few really understand what they’re sharing and who it is with. The settings change relatively frequently meaning it’s hard even for the most assiduous privacy minded user to keep up with who has access to what. What stories you like; who your photos are shared with; who your friends can further share things with and so on. It’s truly complicated.

Some people manage to lock their accounts down quite a lot, but they’re the exception rather than the rule. Who can friend you? Who can share things with you? Who sees things that others have shared with you? Can you be found with your email or phone number and who can find you that way? Are you searchable via Google? When you like a company’s page, how much data is that company able to capture on you? What about when you enter a competition?

Lack of Control

Such is the breadth of the data that Facebook is able to capture, that one of the most troubling aspects of this story is the general lack of control the company seems to have. One part of this story concerns the use of a personality prediction “app” on Facebook called thisisyourdigitallife. The questionnaire was completed by 270,000 users but the data captured wasn’t just for those users, but for many of their friends as well. In total that gave data for over 50 million users. Facebook refers to these as “friends who had their privacy settings set to allow it.” But just how many of those people who didn’t complete the survey remember, truly realised that this kind of data could be captured? While it may only be how that data was subsequently used that broke Facebook’s terms and conditions, it’s worrying that someone is able to capture that level of data regardless of whether they’re using in accordance with those rules.

And I suspect that a very small minority of users realised just what kind of catnip they’re giving to companies like Cambridge Analytica when they complete “fun” surveys such as this. For most users they’re just communicating in a fun environment with their friends.


Facebook has built one of the most powerful digital platforms in the world; a platform that reaches billions and one which generates nearly all its revenue from advertising. That advertising is targeted using a massive database that it has generated based on user data that the company would say users have volunteered themselves. That in itself might be troubling considering that users largely don’t really consider how that data about themselves is used. But even worse is the idea that third parties can come in and use that data to target individuals without it even being revealed who is paying for those ads. We’ve seen that with ads paid for by Russian sources during the Clinton/Trump election campaign, and we’ve seen it in other campaigns. Channel 4 News highlighted last year’s Kenyan election for example.

It’s surely critical for any platform that runs advertising to be up front and honest about who is actually paying for that advertising.


Facebook captures enormous amounts of data and it’s not simply when you use the Facebook website. You might be sharing your location with Facebook via its mobile app. Third party websites incorporate what is known as the Facebook Pixel. As with other advertising networks including Google, it means that Facebook knows where else you are outside of its own network. All those helpful sites that let you log in with your Facebook account? That’s more data you’re sharing with Facebook on top of the thousands of fields of information it is already keeping about you.

This can all make it seem to users that Facebook is actually doing nefarious things like using the microphone on your phone to listen in to your conversations. It’s almost certainly not, but as I said in a piece last year, if the company is so uncannily accurate, then the perception trumps the reality.


This is serious story – scandal even. And as much as anything, I’d like to think that this is a wake up call that gives people a greater understanding about how their data is being captured used, and potentially misused.

But I suspect that Cambridge Analytica is really just another political consulting company who’s USP is that they target voters with social media. They hit the big time by working for the Trump campaign, and being allied with Steve Bannon. Yet as a result, their marketing claims have become so hyperbolic that it has led to a widespread disdain for what they do, and since this story has begun to unravel, they’ve been rowing back how impactful this aspect of what they do actually is.

Instead, based on evidence from Channel 4 News, the company is perhaps more about the grubby world of sending prostitutes to the homes of political opponents and capturing it on video, or giving the appearance of having developers pay backhanders for property deals. This is all as low rent as you like.

Facebook’s problem is that it has too much data to the point that nobody seems to be able to keep on top of things. They have so much that some users suspect them of actually listening in to them via their phones. But they truly do follow you around the internet. The danger for Facebook, beyond what are likely to be short term falls in their stock value, is that users do start to rebel and close down their accounts.

I’ve always had a problem trusting Facebook. I don’t think they’re evil as such. But they have played too fast and too loose, and have ended up in a powerful position. As a by-product – alongside Google – they have just about completely cornered the digital advertising market which brings with it its own problems for society in general.

I’m not going to underestimate the problems with “fake news” and the ability of propaganda to spread like wildfire on social media platforms. There are some serious questions to be asked about how these platforms can and should be regulated, particularly in regard to elections where we have seen continuing problems.

On the other hand, just because I can be micro-targeted using all this data, it doesn’t necessarily win elections.

People who work in advertising always love to tell you about how their methods work – explaining that they built the biggest brand in the sector using their methods. That’s the same in politics too. Saatchi & Saatchi were widely credited with helping Margaret Thatcher win the 1979 General Election with their famous “Labour Isn’t Working” outdoor poster. The poster did indeed sum up very nicely the prevailing political landscape. But did it actually win the election, or was the country moving away from Labour anyway? It was a sizeable win for Tories. I’m pretty sure that it wasn’t a poster “wot won it” that time, and I’m pretty sure that a company led by an old Etonian with some Facebook data wasn’t actually responsible for Trump (or Brexit) either.

Further Reading:

A really decent piece from the New Statesman that seems to accurately summarise the full Facebook data part of the story.

It’s been said in some more breathless quarters of the internet that this is the “data breach” that could have “caused Brexit”. Given it was a US-focused bit of harvesting, that would be the most astonishing piece of political advertising success in history – especially as among the big players in the political and broader online advertising world, Cambridge Analytica are not well regarded: some of the people who are best at this regard them as little more than “snake oil salesmen”.

A Verge piece that really gets into psychographics and microtargetting and what it can and cannot do.

Taken altogether, it seems like Facebook was taken in by a shady firm that misused data and lied about it. When Facebook found out, it did nothing. And making matters worse, we can’t even point at Cambridge Analytica’s deception as the reason Trump was elected: a closer look at its methods suggests they might not even work.

Cory Doctorow at Boing Boing says that he doesn’t think Cambridge Analytica is actually able to do what they say they can.

So, as I’ve written before, we should take Cambridge Analytica’s claims to Svengali-like mind-control with a boulder of salt, because until Sunday, they made these claims to drum up business (now they’re busily declaring that they are no more persuasive than any other ad agency, of course, because they’ve gotten in trouble for it).

Antonio García Martínez at Wired magazine on the noisy fallacies of psychographic targeting.

For the impatient, my fundamental thesis is this: Cambridge Analytica’s data theft and targeting efforts probably didn’t even work, but Facebook should be embarrassed anyhow.

* In a strange radio related twist, Cambridge Analytica’s offices at 55 New Oxford Street are in the same building as many of the UK radio industry’s offices including Radiocentre, RAJAR and Digital Radio UK! But it’s a largish office, and other companies share the building too.

Digitising My Life in 2018

Life is digital. We’ve known that for a long time. Digital offers lots of convenience, but it brings with it complications. In particular, safe storage.

In 2018 I need to try to fix three or four problems/issues I have coming up.

1. Cloud Storage

As longtime readers might know, I have a couple of Synology NAS drives at home, each with a RAID 0 arrangement with pairs of matched hard drives storing my data. In total they store just over 4TB of data, with a further 1TB of headroom between the two NAS drives.

While I have local copies of music and other documents, space is really taken up by photos (in RAW format) and videos. As more devices move from HD to 4K, those video file sizes aren’t going to be coming down much any time soon.

All of this NAS drive storage is backed up to Amazon Cloud – more of which later.

Beyond this storage, I have a further 4TB drive of older files sitting on a new standalone 4TB external HD. This data is not backed up in the cloud, but is duplicated on a series of older “passport” sized portable HDs.

Amazon introduced its unlimited cloud storage system last year, and I jumped at spending £59.99 for a year’s worth of unlimited storage. I could use an app on my NAS drive to upload files in the background and keep the two in sync. My older NAS drive didn’t really work with this method, but I managed to create a virtual link between the two NAS drives from the drive that did work, and I safely backed up all my files.

But the writing was on the wall for the Amazon deal almost from the start. In the US, where they’d had the initiative for a longer time, Amazon had cancelled it because some users were storing vast quantities of data. It would only be a matter of time before Amazon UK followed suit, and sure enough, I got an email announcing the end of the scheme towards the end of last year.

Because Amazon will continue to store photos free of charge, I would only require 3TB of data for video and other files. Amazon prices that at £237 a year.

But that excludes my other 4TB of data. Even if some of that is also photos, I’m probably looking at 5TB at £400 a year to be fully backed up with Amazon.

So my first job is to find a robust backup provider that can help, ideally coming in at well below £400.

One alternative is to buy an 8TB external hard drive, sync my drives to it (I would estimate that will take at least a week), and then store that drive at work, returning it home fortnightly or monthly to do intermediate syncs.

Another suggestion via Twitter was:

I do kind of like the idea of this. In reality, I’m probably not going to find a friend with unlimited data willing to put my Raspberry Pi/USB HD combo under their stairs or wherever, but it’s definitely an idea. Nextcloud in particular seems interesting application to enable this.

I will continue to explore paid for options and see what I come up with.

2. Scanning Photos

Yes – just about every photo I take these days is digital, and even those shot on film get scans at the time, so I have digital copies of them. But I still have a few thousand (I think) printed photos.

Included amongst this is a historical archive of old Virgin Radio pictures – mostly press photos – saved from the bin around the time that Virgin Radio was rebranded as Absolute Radio.

I’ve been meaning to scan this trove for years. But I’ve always been stuck since although I have a reasonable scanner, it’s only USB 2.0 and doing a decent scan of a photo takes quite some time. Even if you place half a dozen or more photos on the flatbed at the time, it’s a painful process. Invariably I choose to scan at high quality – probably higher than I’ll ever need.

The other option would be to scan negatives – as I usually still have them. But that involves dust removal and other slow to process issues.

One popular alternative is to pay a third party company to do the scanning for me. That involves boxing the photos off, sending them off, and getting a digital download or USB stick back with the results. It’d safely cost me several hundred pounds.

My 2018 solution is to not be quite as fussy about the quality of my scans. Anything really worthwhile I may spend more time with. But in the main, we’re talking about photos that have barely seen the light of day since I took them (I’ve never really had physical photo albums).

I own a Fujitsu Scan Snap iX500 which I bought to scan a large number of documents. It’s really good at this, and I also save things like cycling or walking routes from magazines, or other things that might be useful to hang on to.

Importantly, it has a sheet feeder that means you can scan things pretty quickly. For documents I make searchable PDFs using optical character recognition at the time of the scan.

But I’d not used it for photos because – well – I was concerned about quality issues. But it will scan to 600 dpi, and while that might not be enough to print billboard sized photos from, it should be fine for regular use.

I will report back and let you know the findings.

[Update: Well I did a bit of a test run through with 800 Virgin Radio photos that I, er, acquired when the station rebranded as Absolute Radio, and it was fairly painless. The quality is decent and it didn’t take an inordinate amount of time to do. This should be very achievable.]

3. Digitising Video

I also have something approaching 100 MiniDV video tapes with various footage on them. While I’ve already captured and digitsed all my oldest Hi8 video footage, this MiniDV footage needs capturing. I have a working camera to play the tapes back from, but the only way to capture is in real time. In reality that means a dedicated PC (fortunately I have such a beast), and regularly running tapes through the camera to capture the material.

There are no short cuts for this one that I can see.

4. Supplemental

I found a load of 3.5″ floppy discs the other day. I suspect that there’s little to nothing I really need to keep from them, but I’ll probably pick up a cheap USB drive and run through them anyway. I’ll keep a handful for posterity, but probably ditch the others – especially the numerous covermount discs!

The other job I have is to properly digitise the family’s Super 8 films. Many years ago, I pointed a digital video camera at a projection screen and captured them that way. I have that now converted to mp4. But it’s dreadful quality. Again, third parties can do this, but the costs are high. I’ve been quoted £600-£1000. So at some point, getting a machine like this Reflecta Super 8 scanner might be a good idea. It looks like it’ll create HD video from footage, although a bit of post-production will be required to correct the frame rate.

5. Summary

One thing I’m aware of is that all the scanning and capturing from 2 and 3 will create a bigger haul to store in 1. Such is the way of these things.

I should also note that I still have unripped CDs to capture, old cassettes I might digitise, and never mind my ongoing DVD/BluRay collection just about none of which is in a pure digital format.

I can see format conversion and digitisation being a theme for the rest of my life somehow…

Note: Just because I’ve digitised something, it doesn’t mean I’ll be throwing the originals out. They don’t take an enormous amount of space, and it would be foolish to do so.

Pixel 2 – Review

Note: I’m calling this a review, but frankly, it’s still early days, and there’ll be lots of things that come out in the wash further down the line. So think of these more as some initial thoughts. Not that any of this stuff prevents other sites posting reviews after less than a week’s worth of use.

I’ve now had this phone well over a month.

As my recent post about the pains of upgrading an Android phone made clear, I’ve recently bought a new phone. The Google Pixel 2.

When Google first started making* their own hardware, they concentrated on both providing a pure Android experience at an affordable price. I have previously owned a Nexus 5 and no fewer than three Nexus 7s. But the Nexus line has sadly long gone, and Google these days is about producing premium devices to show off what they can do.

So what about the Pixel 2?

Well let’s get the first issue out of the way. There is no headphone socket. That’s still a particularly user-hostile thing to do. I use my phone nearly all the time with a pair of headphones. And while I’ve used a variety of wireless headphones over time, they all need regular recharging and invariably you find yourself losing audio when you’re out and about. I actually tend to carry a spare pair of wired headphones just in case. In any event, I’m still enjoying the HTC Hi-Res Earphones that came with my previous HTC 10.

It’s true that the Pixel 2 ships with a headphone dongle, that has a nice snug fit to plug existing headphones into. But this only seems to come in white. I chose a black Pixel 2, and use black headphones. The dongle is white. Which means that after a few weeks sitting in coat, jacket and trouser pockets, it becomes more of a pale grey. I’ve already had to clean mine with an alcohol wipe a couple of times.

The dongle is also quite large. There’s a sizeable bump emerging from the USB-C socket that it plugs into, and it necessarily needs a solid female 3.5mm jack adapter. Combined, these mean that you have unruly lumps and bumps coming out of the phone which can get caught on things when you slide the device into your pocket. Some wired headphones come with 90 degree connectors to allow them to plug in flush to the phone. That’s going to make no difference here. Indeed those headphones are likely to make things worse creating an awkward L-shaped thing to place in your pocket.

The audio quality is excellent, although I don’t think it’s quite as good as my HTC 10 was. Google has dropped the price of these USB-C/Headphone jack dongles from £20 at launch to £9 now (matching Apple’s price for its equivalent Lightning/Headphone Jack dongle), and I’ve already bought a couple of spares because I know these will need them. One of these has already found its way into my cable-case.**

The Bluetooth functionality itself looks good, being Bluetooth 5.0+ LE, although I’ve not fully explored the Bluetooth range. My Beyerdynamic Byron BT headphones seem to work reasonably well, although they do sometimes connect slowly (as they also did with my HTC 10). On the other hand, my Sony MDR-1ABT headphones connect flawlessly, and because both phone and headphones support LDAC, they sound great.

I’ve also recently started using a pair of wireless Zolo Liberty+ Bluetooth headphones. They similarly connect flawlessly, and since both the phone and the headphones use BT 5.0, the connection is stronger than previous small Bluetooth headphones I’ve tried.

Interestingly, I am running into some issues with my Roberts ECO4BT DAB radio that acts as my kitchen radio at home. This is a nice sounding workhorse radio with Bluetooth connectivity, that I never had any problem with connecting to with my previous phone. I still haven’t bottomed out the issue in this instance, since re-pairing the phone will work once. I wonder if the phone is trying to pass audio in a codec that the radio won’t accept as it gets trapped in a reboot/reconnect sequence. I had no other Bluetooth issues, pairing the phone with various headphones and Garmin devices, a Google Home Mini and an Amazon Echo. It also works nicely with my long-in-the-tooth Sony Smartwatch 3.

I really bought this phone because it has the best camera on any smartphone, and I can completely believe that. With 12.2 MP rear camera (the front camera is mostly irrelevant to me), with an F1.8 lens, and capable of shooting 4K video at 30 fps, or slowing down motion to 240 fps (in 720p), this camera ticks many boxes. It uses a combination of optical and electronic image stabilisation, all of which leads to very good imagery coming out of the phone.

The default camera app seems straightforward, without much in the way of bells and whistles. There’s a portrait mode which does all sorts of algorithmic fakery to create bokeh (aka blurriness beyond the subject) that a wide open lens on a camera with a larger sensor would do naturally. The overall thinness of phones, alongside the size of the image sensors and, well, physics, mean that you have to cheat if you want to replicate the effects that larger cameras can create. But the F1.8 lens does mean that it works well in low light.

As important for me is the ability to shoot RAW photos. The default app doesn’t do that, but third party apps do allow it – Lightroom CC Mobile in my case.

There’s also an astonishing smartburst mode that shoots around 10 frames a second continuously. All those shots become available, but software will try to identify the best based on things like people smiling and having their eyes open. I think I only noticed a tiny delay in buffering when I reached 124 shots! And that was only fractional. Fantastic for catching fast moving action.

One small thing I noticed was that if you shoot a short burst of photos, then you can turn them into an animated GIF or video fairly easily. But if you shoot a long series of photos, the app decides that you can’t turn that into a longer GIF or video which is a bit annoying.

However, each regular photo you shoot also comes as a Motion Photo if desired, and you can turn that into a short video as well.

Let it snow…

A post shared by Adam Bowie (@adambowie) on

The camera also has a super slowmo mode allowing you to take high speed footage at either 120fps (1080p resolution) or 240fps (720p resolution).

(NB. The above example was shot in very poor lighting conditions, so does not show off the imagery to the best extent.)

The Augmented Reality (AR) Stickers are silly but, kind of fun too.

“These are not the commuters you’re looking for…”

The phone runs very smoothly with a healthy 4GB of RAM paired with a Qualcomm Snapdragon 835 processor. The OLED screen is beautiful, and the resolution means that someone with as many apps as I like to have, can get them into folders across a couple of screens, along with a few choice widgets (mainly weather related). With my HTC 10, the bigger font size meant a limited number of folders could be displayed at any given time, which I found frustrating, as it meant pages and pages of apps. But in fact, the default Android app drawer makes access pretty fast. And apps seem to install very fast indeed.

The full Android Assistant is built into the Pixel 2, and it can be launched in a number of ways. Voice is probably the easiest, or long holding on the home button – which isn’t actually a button. But you can also squeeze the phone in the lower part of it, and it’ll launch. Entertainingly, when I asked the assistant in the Google Store concession in Curry’s PC World on Warren Street (essentially Google’s flagship store in London), they struggled to get it to work. But it does seem to work fine. Whether it’s actually useful is a moot point. In any case, you can set the Google Assistant to launch from any screen including the lock screen. It can also be summoned by a double press of a standard wired headset’s multi-function button.

The fingerprint reader is excellent, and positioned on the back, is much better placed than phones that place them on the home button. It just makes one-handed unlocking very easy indeed. It must have taken me less than 10 seconds to register each finger that I wanted to register. It’s worth going into Settings > System > Languages, input & gestures to turn on Swipe fingerprint for notifications. It’s a quick way to get access to your notifications drawer, and I wouldn’t have found out about it had someone else not pointed it out. It makes it astonishingly handy for one handed use.

It’s also worth noting that double tapping the power button can be set to launch the camera. And if you have multiple camera apps, you can choose which launches.

When I first got the phone, one curious thing I came across was the way the phone seemed to handle WiFi networks that require some further signing in before you have full internet access. I think we’ve all had issues where we’ve taught our phones to use something like BT Openzone or The Cloud, with our phones latching onto the network, only to lose all connectivity until we sign in. It can be very annoying if the phone doesn’t seamlessly login in the background. The default behaviour on my Pixel 2 seems to be to continue to utilise 4G if the WiFi network isn’t offering internet connectivity. This is fine in theory, but can lead to problems when you’re signing into a some networks. My work WiFi network is especially secure, needing both a specific app and a security certificate to access. I found myself turning off mobile data to force the phone to behave properly when signing into such a system. Even opening up the Developer Settings where there’s a switch that should change this behaviour didn’t really work. However, during the course of owning the phone, Google has send out Android 8.1.0, and that seems to have sorted out some of the errant WiFi behaviour.

One thing I hadn’t clocked ahead of time, despite reading reviews, is that the screen is always on, in that it permanently displays that time and date, and depending on your settings, will briefly display notifications. I know other phones do this, but I’ve not had one before. I actually find this very useful. We are just talking about white lettering on a black background that looks otherwise as if the phone is turned off. And importantly, the display does not seem to impact on battery life.

Call quality is good, and it’s nice to discover that the phone alerts you to numbers that it believes are suspected of spam calls (“Were you in an accident…?” “Have you claimed your PPI…”). It’s unclear to me whether this is a Pixel 2 specific thing, or an Android O thing.

I bought the 128 GB model because, sadly, there is no Micro SD card slot on this – or any other Google phone. While I’m only really at about 50% full as I type this, once I’d installed all my apps, downloaded some music for offline listening, and got a full range of podcasts sitting on the device, I know that it’ll fill quickly. Podcasts are my “problem”, since as I’ve written before, I subscribe to more than I can listen to, and I don’t have them automatically delete.

So far, battery life has been exceptional, but since I’m only a few weeks in, that is fairly meaningless. The question will be how close to zero the phone is getting in terms of charge in 18 months’ time. Android O does seem to be quite aggressive in killing background apps that are eating power. And once you drop below the default 15% battery level, you can enable battery saving which places red bars at the top and bottom of the screen to alert you to your reduced power status.

The included 18W charger is very fast recharging the phone, although there’s no wireless charging (something that only seemed to be a “thing” when iPhones started offering it. Nobody seemed very interested when my old Sony Xperia had it).

There have been a few smaller issues along the way. The phone has, at times, randomly rebooted itself. This seems to be a known issue. But it has happened a handful of times that I’ve noticed. Google promised a fix. and at time of writing, I can’t say definitively whether the update to 8.1.0 has fixed it, but I’ve not noticed any more reboots.

And I did have an issue with audio via USB-C on one single occasion when my headphones just weren’t registered by the phone and the sound came out of the phone’s speaker instead. I had to reboot to quickly sort it out (fortunately, reboots are really fast).

I do question how strong USB-C sockets are in the longer term for those who listen to a lot of audio. Say what you like about the 3.5mm jack, but it was a solid and robust fit. Once inserted, the jack had little opportunity for movement, whereas the rectangular shape of USB-C sockets feels like it’ll be less stable in the longer term. Time will tell.

Android 8.0 seems to have added lots of little bits and pieces here and there. WiFi can be set to turn on automatically when you’re in a particular area. This is useful when you’ve turned off WiFi for some reason and forget to turn it back on. You can also turn on “Now Playing” which lets the phone silently identify music playing in the background at any time. It’s like Shazam without actually having to open the Shazam app. The song details come up on the lockscreen (Obviously, there are potentially privacy issues with having your microphone “live” pretty much all the time). Many of these features will be available to any phone if and when they get Android 8.0. That in itself is an issue with Android of course, with phone manufacturers and network operators being responsible for pushing out updates. My phone is unlocked and not tied to a contract to avoid these things.

Overall, I’m very satisfied with my purchase. The camera alone makes it worthwhile. The phone isn’t a giant compared to today’s monsters. But that means I can use it one handed, and it will fit in my pocket comfortably. It actually feels very slightly smaller than my previous HTC 10. However, there is no getting away from the fact that losing the headphone socket is a terrible thing.

* They don’t really make phones of course. They outsource them to third parties. In this instance, the Pixel 2 is made by HTC, while the Pixel 2 XL comes from LG. Google recently announced that they were effectively “buying” part of HTC’s smartphone team, so perhaps future devices will all be manufactured by HTC.

** I must write about this at some point.

Changing Android Phones

I’ve never been much of a fan of Apple’s iPhones. They’ve always seemed overpriced, and far too tied down. You can only do what Apple allows you to do with them. Furthermore, the ecosystem is incredibly limited. Everyone has to use one of a very small handful of models, none of which are especially cheap (even the “budget” iPhone SE). And of course, you’re using precisely the same hardware as everyone else. Choice of protective case is not the high point of individuality!

But one thing this has all allowed Apple to do is offer a seamless backup and upgrade programme. If you lose or damage an iPhone, it’s relatively trivial to restore the phone in its entirety once you have your hands on a replacement device. Similarly, when it comes to upgrading to a newer model, it’s a painless affair, assuming you’ve made use of the iCloud.

The same just is not true for Android. While I enjoy getting a new phone as much as anyone, I really don’t look forward to the hours of work it will take to move across. Certainly the simple act of signing in to the device is trivial, actually getting the phone back to something similar to what you had before is incredibly time-consuming and tedious.

I’ve just upgraded to a new phone, in large part because I unfortunately damaged my previous one. Not enough to stop it working, but enough to mean an expensive repair. I opted for a replacement.

Google has started providing a USB adaptor with its Pixel phones to aid the set-up. The idea is that you connect a cable between your old phone and new one, and lots of your settings, messages and music are transferred across.

But this is really only a very basic transfer, and there’s much more that you have to do.

Now I appreciate that I use my phone for lots of services, and have more than 150 apps in total running on it. But it’s just such a painful experience even once you’ve backed up what the cable allows.

Here are just a few of the problems:

  • Passwords – Apps just don’t remember them. You have to re-sign into nearly everything. Now Google does have a Smartlock service, and some apps work really well with it. Netflix and Uber worked seamlessly. But the vast majority of apps needed me to sign in again, in the worst instances, having to set up the various options as I’d had them before. Sure, that’s the app developer’s fault for not using Google’s service. Yet, it still feels needless.
  • Signing in repeatedly – Even more annoying are the multiple apps that share the same user identity, yet require you to sign in separately. For example, I have a number of apps that use Amazon’s login (e.g. Kindle, Amazon Prime Video, etc). I repeatedly have to sign into each app. Again, that’s probably the app developers’ fault, but from the user’s perspective, it’s needless.
  • Run every app – All of this means that to ensure everything is working, you have to run every single app.
  • Apps that don’t work – Again, not really Google’s fault, but apps that don’t run in Android Oreo, just don’t get installed. It means that apps drop off in the transfer. It would be useful to have a list of apps that have not been installed because they’re not yet compatible.
  • Layout not transferred – Since I have a large number of apps, I try my best to corral them into sensible folders. I spend ages doing this, and of course, when you set up your new phone, this is all completely lost. I understand that the layout of my new phone may be different and therefore screen real estate can’t be precisely replicated. But it’d still be nice to keep the groupings between phones. In the past, when I’ve had a phone repaired (and of course, reset afterwards), I’ve ended up taking screen shots of the way it was organised so that I can mirror my set-up later.
  • Widgets are lost – Ditto, none of the widgets I’ve placed previously are carried across. I have to rebuild them.
  • BlueTooth settings – While WiFi settings do tend to be carried across, you have to repair all your BlueTooth hardware. I realise that this is perhaps due to how the technology works, with unique codes attached to each device.
  • Re-download media – While I understand why I have to re-download all my podcasts, because Google doesn’t have a default podcast app, so developers all do their own thing, that’s not true of music. Google has its own Music app, and it allows you to download tracks for offline listening. None of this is remembered, so you have to go through and re-download all your music, rather than it automatically restore itself.

That’s just what I can remember off the top of my head, and isn’t necessarily comprehensive.

I would say that, conservatively, it took me 5-6 hours to get my new phone up and running to my satisfaction. And that doesn’t include one false start where I didn’t realise that if I didn’t do the transfer from the old phone during initial set-up, it would never work. A factory reset was required, and I started from scratch a second time.

Undoubtedly Google is getting better at this. Every major Android release sees some improvements. And of course the diversity of the Android ecosystem means that it’s harder for Android than for iOS to do this kind of thing. But many of us are locked in a phone replacement cycle of between 18 and 36 months, meaning we all have to do this on occasion, it’s vital that this process is made easier.

If People Think It – Does It Matter If It’s Actually True?

In this week’s excellent episode of the Reply All podcast, Alex Goldman and PG Vogt explore the question Is Facebook Spying On You?

In particular, a number of people are of the belief that the Facebook app is listening to what you’re saying and that’s the only way to explain why things you were talking about with your friends are suddenly appearing as ads in your Facebook timeline.

Now in fact there are lots of reasons why Facebook could know this information, and the episode digs into the issue of online ad tracking, which is remarkably sophisticated these days – and/or creepy. Facebook tracks your internet behaviours across many sites who use the Facebook Pixel. Essentially it’s tracking code that follows you around vast parts of the web. It’s this technology that also explains why that pair of shoes you were looking at during your lunch break then follows you elsewhere around the web.

Facebook records thousands of pieces of data about each user, and then further utilises location data from the app and location data of your friends’ apps. In turn this means that you might see products that your friends were looking at because it can infer that you might have mentioned them. (Interestingly, just after listening to this episode the Facebook app on my phone performed quite a sizeable update that required me to log in again. The first thing it asked for was permission to turn on location services. Denied!)

This remarkable technology, along with smart algorithms that will make inferences based on people’s behaviours means that as Facebook says, it isn’t actually using the microphone on your phone to listen to you.

But the tracking they manage seems to be practically magical to many people, so they infer that Facebook must be listening in!

So my question is this: Does it actually matter that Facebook isn’t using the microphone on your phone. If their tracking is so exceptional and accurate, that it becomes creepy, people will rationalise it as meaning they must be doing it.

And if people believe something to be true, it really doesn’t matter if it’s not actually the case.

Note: I write all this in the knowledge that I have microphones in my home that do stay live all the time, and report data back to Amazon and Google. The difference is that I trust those organisations more. It’s difficult to put my finger on why that is, but it feels that they’re more up front and honest about what they’re doing.

Bike Cameras for my Brompton

For some time now I’ve been thinking about putting a camera or cameras on my bike for my commute. While there was no single thing that tipped me over the edge, and I’ve been lucky to only have some rare incidents with other traffic, the ease with which you can fit cameras to bikes meant that I needed to bite the bullet. On camera footage definitely helps with prosecutions of bad behaviour – especially driving.

I wanted to do it cheaply and I already owned an inexpensive GoPro Hero camera. These retailed for less than £100 or so a couple of years ago (that’s cheap for a GoPro). These models aren’t available any more, but they shoot 1080 at 25 frames a second which is fine in this instance. I know that today, there are a wide range of cheaper action-cams available online and on the high street. I suspect that some of these may supercede a three-year-old base level GoPro, but the footage is of high enough quality for my needs, and I already had the camera.

I attached it to my saddle using an adapter that fits to the rails at the back of the saddle (although see below for a better value package). This mounts the camera upside down, and as long as you make the change in the settings, it records video in the correct ratio. Mounting it under the saddle hides, to some extent, the size of the camera.

For the front camera, I chose a GoPro Hero Session which is just under £150 and is the cheaper of the two Session cameras currently available (Note that GoPro will probably update their range soon with a rumoured Hero6 being launched at the top end). There’s a Hero5 model that costs another £100 and adds things like voice control and automatic upload to the cloud. The more expensive model is 4K, whereas the model I bought maxes out at 1440p (2.7K). GoPro says that stabilisation comes with the more expensive model, but there is definitely some stabilisation in this cheaper one – at least when you record in 1080p. You can see an example of that in the video of above at around 7:30, when I go over some cobbles. You can see my bag bouncing around on the cobbles while the camera’s view is relatively stable (the bag was a bit overstuffed, but is attached firmly to the bike). The image remains stable as I believe there’s some electronic stabilisation going on – probably throwing away some of the extra pixels from the wider 1440 image.

The cheaper Session is still waterproof without a housing to 10m, and has Bluetooth and WiFi connectivity, although I tend to leave these off to maximise battery life.

Other cameras I considered were the Cycliq Fly6[v] and Fly12. These are cameras specifically designed for bikes, and are built into LED lights. While the rear Fly6[v] was reasonably priced at a little under £100, and includes a very decent looking light, I already have plenty of rear lights. I currently use the Blaze Burner which I backed via Kickstarter. The problem with the front light is that it’s over £200, and is massive. Mounting it on a Brompton would not be easy as you want something that doesn’t stick out when you fold the bike. So it was a non-starter.

Contour cameras are popular with some cyclists and include functionality like over-writing older files that you don’t want to keep. But the camera quality isn’t that great, and there don’t seem to have been any updates in a while. The GoPro Session does have some reasonable low-light imagery for rides in the evening.

To mount the Session to my bike I bought a set of adapters which was good value on Amazon. I was specifically after a minimalist mount that would let me hang the Session below my Brompton’s handlebars. This set came with two options, and I used the smaller one, meaning that the camera doesn’t get in the way when the bike is folded. The camera casing is firmly afixed to both the bars and the GoPro which means removing it all requires a hex key. However the Session itself can easily be popped out via a quick release. The mount set also included another adapter for saddle rails.

Both cameras can be set to use single-button quickstarts – indeed the Session only has one proper button, with a second tiny one set out of the way. So a single press of a button on each camera both turns them on and starts a recording.

The sample video above gives you an idea of what the cameras are capable of, although I know that I could do a bit better with the Session’s output, especially with Protune which allows a “Native” output for finer colour correction in post processing. The regular Hero has no such options with the video quality.

Overall I’m pretty satisfied with my solution. A series of beeps let me know that I’ve switched the cameras on (and off), and I’ve left the LEDs on for confirmation that all is working. The set-up is fully waterproof – the cheaper Hero doesn’t actually come out of its case – and the battery life is sufficient for my needs. I’d say that it’s roughly 2 hours for each camera. Importantly, both cameras fit onto a Brompton very comfortably, and don’t shout “camera” too much.

No sooner had I written most of this entry than I was on my daily commute and the following incident happened. It all happened slowly, and I was unlikely to get hurt as I had plenty of time to brake, but the car driver simply didn’t look to see if there were any cyclists coming as he crossed the junction where I had right of way. Note that while the rear facing camera wouldn’t seem to be much help in this instance, it does allow me to clearly read the driver’s number plate.

Encryption – A Failure to Understand

Today in the Telegraph, Amber Rudd, the UK Home Secretary has written an opinion piece (subscription) trying once more to explain the Government’s views on encryption.

Broadly speaking, they’re very upset that it’s really hard to break into terrorist and ne’er do well’s encrypted messages over services such as WhatsApp. It would be much easier if such services didn’t employ strong end-to-end encryption.

While the message does seem to be slightly getting through that encryption actual has a lot of commercial uses, there does seem to be a real failure to understand that it’s actually really useful for everybody – including “real people.”

I’ve annotated some of the column:

Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online. But, like many powerful technologies, encrypted services are used and abused by a small minority of people.

Yes. This is all true.

The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.

That’s kind of the point about encryption. If my messages are sitting unencrypted on some kind of central server at WhatsApp or wherever, then they’re vulnerable. We’ve seen a non-stop series of hacks and data leaks of all kinds from everywhere. Unencrypted data is essentially a vulnerability waiting to happen.

To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption.


But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.

Undoubtedly this is a significant challenge. But either you allow end-to-end encryption or you don’t. And if you don’t, the consequences are vast.

I know some will argue that it’s impossible to have both – that if a system is end-to-end encrypted then it’s impossible ever to access the communication.

That’s right. It’s impossible – at least without access to the devices at either end where the messages are unencryted.

But you either have end-to-end encryption. Or you don’t. The choice is binary.

That might be true in theory.

Not just theory.


It’s mathematics.

In this kind of area, there aren’t shades of grey. It works or it doesn’t work.

But the reality is different.

No it’s not.

Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.

Where to begin?

This is a false dichotomy for starters. WhatsApp offers all the features alongside end-to-end encryption. A priori, you can have both.

And who are “Real people?” Are they business colleagues dealing in commercially sensitive data or intellectual property? Or friends and family sharing banking details? People sending naked selfies to each other? People having affairs or relationships they’d like to keep private? People seeking support for sensitive medical issues? Conservative MPs plotting in WhatsApp groups who will be the next PM?

“Real people” actually like a bit of privacy it would seem. There are countless good reasons for this. And encryption allows this.

So this is not about asking the companies to break encryption or create so called “back doors”.

OK – good. Because that would be horrifically dangerous.

Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly 
user-friendly and cheap way of staying in touch with friends and family?

Um. Quite a lot of people. Encryption makes our lives safer. WhatsApp has managed to be both incredibly user-friendly and provide end-to-end encryption.

Are you asking WhatsApp to remove that encryption then? Because it’s really not clear from any of this what you expect them and others to actually be doing.

Companies are constantly making trade-offs between security and “usability”, and it is here where our experts believe opportunities may lie.

Except in this instance there is no trade-off. It turns out that we can have both! So I’ll take both thanks.

So, there are options. But they rely on mature conversations between the tech companies and Government 
– and they must be confidential. The key point is that this is not about compromising wider security.

Er. Yes it is. You want encryption switched off. That compromises my own security, and that of millions of other users.

It is about working together so we can find a way for our intelligence services, in very specific circumstances, to get more information on what serious criminals and terrorists are doing online.

Let’s think this through. If Facebook switches off encryption in WhatsApp, then do you think it’s at all possible that terrorists et al might migrate somewhere else? And you do understand that encryption isn’t something you can stuff back in the bottle. It’s out in the wild. There are dozens, if not hundreds of messaging services. Many businesses can’t, or won’t, work without full encryption, so you can’t ban the tools. They’re used throughout the world.

I thought previously that it was technical naivety that has led a succession of Home Secretaries to spout nonsense about encryption. But I’m beginning to think that it’s almost purposeful.

The Telegraph piece does not make any sense. And it really doesn’t spell out what the Home Secretary would actually like these companies to do.

I suspect it’s to turn off encryption. But that would just leave the vast majority of users globally far less secure while any terrorist with a semblance of intelligence would move to another platform that does offer encryption.

We’re lucky enough to live in a democracy in the UK. Many people don’t. Encryption has proved vital to millions of people throughout the world. But it’s not just dangerous regimes, but personal data that people would just prefer not to share with anyone apart from their intended targets.

At this point, a failure to not understand this must be construed as willful.

BBC Store is closing; Streaming v Ownership

Back in 2015 I took a look at the then new BBC Store. It had opened in a blaze of publicity after a relatively long gestation period. Visitors could buy to own BBC catalogue programmes as well as some of the latest dramas and comedies. Since then, announcers have mentioned the ability to buy programmes from the BBC Store (and other outlets) regularly over the end credits of series.

In 2015 I wrote:

“And of course everything is full of DRM meaning that long term, I can’t be certain I’ll have continued access. From the help section:

We cannot guarantee that you will be able to stream or download content that’s in My Programmes forever. However, when our right to make content available is due to expire, we will do our upmost to inform you of this by email so that you have the opportunity to download and then continue to playback the content through the BBC Store Download Manager.

“If I had DRM free copies of course, I could make them part of my back-up regime, and should the BBC Store ever close down, I wouldn’t lose anything, or be reliant on technology that might have limited or no future support. This is the key issue with all DRM-d media, and it’s why for the most part I continue to purchase physical copies ahead of DRM-filled downloads. Even though there is encryption on DVDs and Blu-rays, they can be ripped, and I can maintain access once players become redundant (I confess, I’m not looking forward to days of ripping however).

This week we learnt that the BBC Store is closing down in November after around two years in operation. Those words about DRM have proven to be prescient.

The first series I bought from the BBC Store was Tender is the Night, a 1985 Dennis Potter dramatisation of the F Scott Fitzgerald novel. This has never been made available to buy on DVD. It may have been on VHS for a period, but the only streaming version of the novel is a 1962 film.

After November, I will lose all access to this TV series. The DRM locked version that I bought will no longer play.

Now it’s true that the BBC Store is giving me a full refund, or slightly more if I accept Amazon vouchers. But the problem is that there is no DVD for me to buy.

The chief reason given for the store closing is that ownership isn’t the preferred model for consumers. They prefer the all-you-can-eat offers from the likes of Netflix and Amazon Prime Video.

But while that works for popular fare, that leaves a vast proportion of the longer tail of TV and film out in the cold.

A site called NewOnNetflix reckons the UK version of the site has 4,228 films and TV series across all genres. That sounds like a vast figure. But actually it’s a drop in the ocean. Go to the page that lists films by year and you will quickly discover that prior to 1941 whole years are missing.

In 1939, for example, the following films were released:

Gone With the Wind
Mr Smith Goes to Washington
Goodbye, Mr Chips
The Wizard of Oz
Gunga Din
The Women

Classics all, yet none are on Netflix. Now I can certainly buy all of those on DVD, and Amazon Prime may have one or two, but the point is that both Amazon and Netflix are offering highly curated – and limited – catalogues. Films and TV series come and go from the platforms. Aside from programmes they funded themselves, they acquire the rights for limited periods of time. I can’t be certain with rental that I can absolutely watch Gone With the Wind on any given day.

Now of course I can go to somewhere like the iTunes Store, or the Google Play Store, but even there, the range is surprisingly limited. Google Play doesn’t have Goodbye, Mr Chips or The Women, for example. (I will in fairness note that Amazon doesn’t carry a region 2 DVD of The Women, but does make it available to stream or own digitally, while Goodbye, Mr Chips is available as an inexpensive DVD, as well as digitally to own or rent).

In the end, its market forces that determined that the BBC Store needed to close. If not enough people are using it, then the business model doesn’t work. But I do dispute the idea that a Netflix or Amazon subscription is a complete solution. So while bona fide hits like The Night Manager, Line of Duty or War and Peace are available on the various platforms, other series very definitely are not. At this point in time, physical media is still the providing the greatest depth of range – with a significant number of specialist labels ranging from Network DVD to Second Sight and beyond, offering a vastly greater depth of catalogue than streaming is currently offering.

Streaming may well be the future, but right now I wouldn’t be without my DVD/Blu-ray player!

Meanwhile all of this is another case to prove that DRM is fatally flawed in the longer term. While I may be getting a full refund, I’d have preferred to have kept the programme.

iTunes and Windows 10 Creators Update – A Possible Fix

This is really here as both to potentially help others, and for me to moan about the incompatibility of the current products of two of the biggest companies in computing.

I don’t really use iTunes any longer. I don’t have a personal iPhone, and my iPod Classic is now resting in retirement. These days my music collection (yes – I own, rather than rent) is stored on Google Play Music. They let you store up to 50,000 tracks. But I retain iTunes to rip the occasional CDs I buy (Yes – this is something I still do), and as a handy offline backup of all my music. My iTunes library sits on an external hard drive.

Now because of my low usage, I hadn’t recently opened iTunes. But a newly purchased copy of Burials In Several Earths by The Radiophonic Workshop meant that I needed to rip my new CDs. In this instance I usually fire up iTunes, and then grab the digital copy to upload to Google Play Music. Nice and simple.

But iTunes really wasn’t playing fair with me. It did load slowly the first time. But it then hung. I force shut the application and tried to relaunch it – without success. New Tasks were appearing in the Windows Task Manager but iTunes wasn’t working.

Eventually, after several reboots and failed attempts, I went for the uninstall option. For the record, despite iTunes installing with a single installer, you have to uninstall six separate applications. Then I reinstalled.

Still no luck.

I did notice that if I opened as an Administrator by right hand clicking, I could open iTunes. But that wouldn’t see my library which is stored on a network attached (NAS) drive. But I had succeeded in creating a new local library. Furthermore, I wasn’t now able to change library, because I couldn’t see a way to both launch as an Administrator, while holding Shift which is necessary if you want iTunes to open a different library. (Why, after so many years, you can’t choose to open a new library inside iTunes, I don’t know.)

By now I was Googling for solutions. But of course there are thousands of people who’ve had problems with iTunes over the years. I did find some suggestions to try an older version of iTunes. One person seemed to have had success with from January. But having uninstalled and reinstalled it didn’t work for me. Furthermore, it couldn’t even open a library from a more recent version of iTunes.

More Googling finally showed that it seems to be a problem with the recently released Windows 10 Creators’ Update. Now while this hasn’t been pushed out to most machines yet, I had recently downloaded it from Microsoft. This is, after all, the big Spring update. And they’ve already announced a second update for later in the year. It’s been through the beta channels and is theoretically ready for prime-time.

But that doesn’t seem to be true.

For me, the solution came from this page on Microsoft’s site.

You have to kill the Bluetooth Tray Application (BTTray.exe). I did this just by launching Task Manager (Ctrl – Alt – Delete > Task Manager), finding the application and closing it. I should point out that I use both a Bluetooth mouse and keyboard with my laptop. Closing this application didn’t stop them working. However if I permanently disabled the app, I’m not sure if this would help. In any case, I do like to be able to use Bluetooth.

Fortunately for me, I use the hated iTunes little enough to be able to cope with this small inconvenience. But clearly something isn’t right if the current versions of iTunes for Windows and the latest version of Windows 10 don’t work together.

I assume that it will be sorted in due course. But in the meantime, perhaps this will help someone or other.

A Few Thoughts on the Ransomware Attacks

I’ve found a certain amount of the coverage surrounding the WannaCrypt ransomware attack really quite annoying, and the responses in many cases quite pathetic. So here are a few thoughts of my own:

  • The NSA, and other governmental bodies, have an awful lot to answer for. Governments love to collect operating system ‘exploits’ to use themselves. They have teams of people either trying to find ways to crack commercially available operating systems, or they go onto the black market and buy them from hackers. These shortcomings aren’t reported to the software producers like Microsoft. But if I spot a vulnerability and say nothing about it (because I may attack my enemy with it later), then so might you also find it. And you may be more nefarious than me. In this instance, the leaky sieve that is the NSA, actually let this and other exploits be stolen from them earlier this year. It was as a direct result of this theft from the NSA, that this attack took place. Although Microsoft had patched this hole in March, we know hundreds of thousands – perhaps millions – of users don’t keep their systems up to date. Nonetheless, if the NSA had alerted Microsoft much to the vulnerability rather than sit on it for their own means, then more people would have avoided being infected. There is a real issue of responsibility here, as Microsoft itself points out very firmly in a blog published over the weekend.
  • It’s frankly criminal that important infrastructure is still running on a deprecated operating system like Windows XP. This is an OS that launched in 2001 and for which extended support ended in 2014. Microsoft gave seven whole years notice that support was ending. Yes, it’s understandable that in parts of the developing world, people are still using these elderly systems. But first world hospitals? It’s no excuse to say that some bespoke piece of software requires this now legacy OS. With that amount of notice, that equipment should have been upgraded if necessary.
  • The Government must take some responsibility for this. After Microsoft stopped support of XP, the Government Digital Service chose to pay £5.5m to Microsoft for extended support. But in May 2015 this was not extended despite thousands of Government computers still, somehow, running XP. This Guardian report from the time made clear that this was a massive security vulnerability. While some individual departments may have paid for extended coverage, many clearly did not. At that point they were massively vulnerable. In the absolute worst case, you’d have expected a rapid transition to newer OS’s within months. Instead, here we are, two years later.
  • In particular, the National Audit Office published a report in 2016 into the NHS’s sustainability. The report included these paragraphs:

    “In February 2016 the Department transferred £950 million of its £4.6 billion budget for capital projects, such as building works and IT, to revenue budgets to fund the day-to-day activities of NHS bodies. Of this, £331 million was exchanged for revenue support for 93 trusts, to fund healthcare services. The Department did not assess the long-term effects of transferring this funding to cover day-to-day spending. This means it does not know what risks trusts may face in future as a result of addressing immediate funding needs.

    “This was the second year that the Department has used money originally intended for capital projects to cover a shortfall in the revenue budget. In 2014-15, the Department transferred £640 million to help mitigate the trusts’ deficit. In the coming years, the Department plans to continue transferring capital funding into day-to-day spending under 2015 Spending Review agreements.”

    In other words, a shortage of NHS cash meant cancelling major IT projects amongst others, and instead using the money to maintain a day to day service. IT upgrades aren’t always just “nice to have’s.” They’re often essential as this attack has shown.

Yes – of course the evil hackers are the most responsible people here. And anyone tasked with maintaining IT systems should be ensuring that critical security software patches are applied as soon as they’re released.

But a combination of state-sponsored one-upmanship in cyber warfare, and a willingness to allow legacy IT to be used for critical services is frankly criminal.

When your actions are leading to hospitals being closed down, the repercussions could easily mean life or death. I trust that a lot of people are taking a long hard look at some of their decisions.