ntouk.com - Jerry Fishenden's blog . . .

I recently had the opportunity to visit Berkeley, California, to look at the "Silicon Valley" phenomena. How is it that Silicon Valley continually fosters innovative technology start-ups that often progress to become tomorrow's "next big thing"? And are there lessons from the Valley's model that we could adopt and learn from here in the UK? How should a country best foster a sense of innovation?

The answer, of course, is that there is no simple formula but a mix of factors that include technology, universities, access to venture capital (and knowledgeable, supportive venture capitalists), Government policy on research combined with education spending, taxes, and share options policy. Silicon Valley has developed a sustainable culture in which innovation thrives and built strong social capital from (human) networking. Our own "Silicon Fen" is an attempt of course to emulate that model here in the UK.

Silicon Valley also has a strong belief in "Let's try it - failure is not a sin". Failure (and learning from failure) is one of the most positive learning experiences and yet all too often it feels in the UK that our tendency towards being risk adverse runs the far larger risk of not allowing the opportunity for tomorrow's successful entrepreneurs to succeed by giving them the space they need early in their careers.

With this in mind, yesterday (May 6^th) we held an Innovation Day at our central London offices. Whilst I've been involved in these events in the past on a pan-European basis (in Brussels of course) this was our first in the UK. It brought together policymakers, researchers and partners to showcase the UK's innovation and to identify the steps needed to ensure the UK remains a worldwide innovation leader. The event was opened with a keynote from Baroness Morgan (Parliamentary Under Secretary of State for Intellectual Property and Quality at the Department for Innovation, Universities and Skills), who stood in for the Rt Hon John Denham MP (Secretary of State for DIUS) at the last moment.

As well as the plenary sessions, the event included a variety of demonstration pods (showcasing immersive new technologies such as Thinsight[PDF]) and a wide variety of round-tables.

I found myself Chairing the roundtable on "Innovations in Identity - Placing the citizen at the centre of online public services", with speaker contributions from a distinguished cast. The session was well attended and sparky, a true reflection of the passion the topic of identity arouses and the sheer intellectual horsepower we have in the UK across the spectrum of technology and policymaking.

As the discussion was held under the Chatham House Rule I can't reveal who said what to whom, but some key themes emerged including:

• Sir James Crosby, in his recent report on Identity Assurance for the Prime Minister, was right when he said "It's the consumers identity" (no-one else's) and that identity systems must recognise this fact
• any successful identity system (including a national identity system) needs to honour the concepts of transparency (ensuring people understand what information they are disclosing to whom and what will be done with that information); understand the difference between identity and credentials (and recognise that establishing our initial entitlement to a service is different from our daily use of that service, when minimal disclosure can operate as a key principle); and that data aggregation or consolidation is not a necessary pre-requisite for smart data sharing (indeed, data itself need not be shared so much as confirmation of entitlement eg 'this person is entitled to a free bus pass' need reveal nothing else about them)
• there has been a flip in trust on the Internet. Until around 2007 the most experienced users were using the Internet the most. But that model has reversed, with the most experienced Internet users now wary about ecommerce, including online banking, and wary of the problems of social networking sites with their inadvertent disclosure of personal information that could be used elsewhere for malicious purposes
• the technology is not the problem.Systems already exist that enable strong protection of personal information and privacy and which would strengthen citizens' ability to better protect their personal security. The issue is reaching a level of understanding of the art of the possible at the policymaking level so that the UK can deliver a truly innovative, positive improvement in identity that takes all of the best that a scheme could provide without any of the downside of models based on out-dated technology
• the Internet is inverting traditional models, with citizens/consumers controlling their own personal information and records. You can see this in systems such as Healthvault where users themselves choose to place their medical records under their own control and decide who can have access to them. The implications of this citizen-centric model do not yet seem to have been understood in the UK. What is happening is a transformation in governance models at a fundamental level.

This is just a taste of what was a very lively debate of course! And, in best British style, towards the end of the roundtable I was keen to turn this into something positive. What should government and the private sector do to impact issues of identity in a positive way? These were some of the thoughts that surfaced:

• listen to what people want to do and how they want to do it. And then design the system around those needs (don't impose a service-provider centric model on a world increasingly citizen/consumer centric)
• don't over-design and over-complicate. No-one "designed" the Internet. It started as a set of protocols and was shaped (and continues to be shaped) by users themselves. Learn from this model.
• listen carefully and early to key technologists to learn what technology makes possible. Don't build for the world that has already passed by.
• understand the difference between online/offline models, and the potential for verified but anonymous identity (ie. I can prove something about myself without revealing any personal data and without anyone being able to track where, when and why I used that proof)
• look at the citizen-centric models of personalised health models. And think about what implications they have for the role of the State and public sector IT architectures in general

The Innovation Day convinced me even more that the world is not flat. A handful of leading locations around the world have disproportionately contributed breakthrough innovation. And that has included the UK up until now. But we all need to work hard to continue to ensure that the UK remains a leader in the creative industries and innovation.

We are still in the formative stages of a digital era of services and production transformation so profound that it will present us with changes of a nature that we have not witnessed since the industrial revolution. And that requires all of us to work together to continue to ensure the UK remains a great place in which to live, learn, work and play.

Technorati tags: innovation creativity Web 2.0 technology policy identity creative technologies

I think "green IT" is beginning to show signs of maturity.

I expressed concerns before (here and here) that there seemed to be more milky froth than caffeine in the initial rush of IT organisations signing 'green' pledges and marketing superficial models (such as thin client) as the answer to the world's climate change problems. A set of simple stickers reminding people to turn off the lights when they leave a room would probably have been both lower cost and more successful than these technically-led approaches.

The reality has been a lack of any comprehensive evidential basis on which to base sound IT decisions around sustainable computing. The UK government is however making good progress - including, for example, the suggestion of the role of Chief Sustainability Officer with both seniority and clout. And of course the significant fact that the Cabinet Secretary has sustainability of the government estate as one of his four corporate priorities.

The 2007 statement from the CIO Council summed it up well when they wrote (inter alia):

"It is integrity and factual information that is missing at the moment. We want to dig deeper not just settle for 'carbon neutral'."

Sustainable procurement will be a challenge until we have the proper evidence base. It's even possible that some counter-intuitive models might work best: for example, it might be desirable to see an increase in the amount of carbon emissions attributed to IT (currently running at 2% to 4% depending on whose figures you use) if they have a significant impact on cutting carbon emissions elsewhere (most obviously air travel, car commuting and inefficiently utilised business premises). Evaluating bids that claim to be 'carbon neutral' will remain problematic until we have established a consensus on the evidence base and the way in which we can evaluate claims and counter-claims, particularly as IT is primarily an enabler of change (or should be) not just an admin overhead operating in a vacuum.

In the meantime, I'm pleased that there is a growing recognition that this is about the role of IT in the round, not merely a narrow perspective, for example, about the heat generated by modern processors. That's not to say that the inherent sustainability of IT itself does not need to improve as well: of course it does. And trends such as server consolidation, empowered by the move to 64 bit processors and virtualisation, provide good evidence of significant improvements (IDC indicate a 8:1 ratio of server consolidation for example, a dramatic reduction in the number of servers required).

Equally impressive too are new features in the operating system that enable the dynamic throttling of the physical hardware so it draws less power when under less load. And even the dynamic capability that when offices start to empty out each evening at around 18:00, the data centre can dynamically power down servers and consolidate applications onto a few remaining servers for those working late rather than leaving the entire estate humming pointlessly away burning power. Then everything can be reversed in the morning ready for when people start to trickle back in from around 07:00.

There remain (too) many moving parts in this puzzle. And we all need to play a part not only in ensuring that IT itself and its potential impact on the way we learn, live and work are understood as part of the sustainability agenda - but also that we systematically baseline some of the existing metrics in order to better understand how behavioural change (at the organisational, societal and individual level), as much as IT-enabled change, will beneficially impact our collective carbon footprint.

Technorati tags: innovation environment sustainability carbon emissions technology policy

So today ISO has confirmed that the Open XML file formats have become an ISO standard, after days of speculation and rumour. Open XML thus joins the ranks of HTML, PDF and ODF as official ISO document standards. This is an important day for those many governments, customers and partners (including key UK national interests, such as the British Library) who asked for these file formats to become an ISO standard.

I still find it peculiar that the standardisation of the Open XML file formats became such a vexed issue for some commercial interests, such as IBM and Google. After all, for years Governments and Open Source advocates had asked Microsoft to open up the Microsoft Office file formats.

And that is what has happened.

It's been disappointing to see some of the derogatory attacks on both individuals and organisations made by those who opposed the standardisation of Open XML. When it became clear to those opponents that national standards bodies such as the UK's BSI would focus exclusively on the technical issues and not the emotional politics and commercial pressures they sought to apply they too became targets to be denigrated.

Some of these opponents clearly can't accept the fact that Microsoft has once again listened to its users, turned on a sixpence, and moved on, further embracing interoperability principles of openness and choice. I suspect they never believed that Microsoft would pass over control of such important file formats: but we did. Just one of many real measures being taken to show that we are serious about interoperability.

I remain genuinely baffled as to why some parts of IBM and its supporters invested so much effort in trying to block the standardisation of these important file formats, to the extent that they clearly felt it worth alienating large numbers of their customers and partners who had asked Microsoft to relinquish control of these file formats in the first place. The attempt to use the earlier standardisation of ODF to manipulate markets (by seeking Government mandates that only ISO approved document formats could be used in the public sector) was a shallow, cheap abuse of what standards are there for.

One of the biggest myths (of many!) is that Open XML is only available through Microsoft Office. I blogged some time ago that in fact it was cross-platform and being widely adopted (including across Linux, the Mac OS, Palm OS, and Windows and with support from companies as diverse as Apple, Corel, Sun Microsystems and Novell) but never let the facts get in the way of a good flame mail. In terms of platforms and applications that are already using Open XML, here's an incomplete list.

• iWork 08
• iPhone
• Mac OS X Quick view, TextEdit
• Dataviz MacLinkPlus Deluxe version 16
• DOCX convertor for the Mac
• docx to html & docx to RTF Konverter
• Microsoft Office for Mac 2008
• Neo Office 2.1
• Sun Open XML import filter for spreadsheets
• Word Counter 2.2.1
• Gnumeric open source Spreadsheet
• Open Office Novell, Ubuntu
• Open XML translator for OpenOffice
• Palm OS Dataviz DocumentsToGo
• Docx2Doc Web Service
• DOCX convertor on Palm handheld devices
• OpenXML4J - Open XML framework for Java
• PHPExcel - Web Development (PHP)
• QuickOffice (Symbian)
• ThinkFree Office
• Adobe InDesign
• Adobe Buzzword
• Altsoft XML2PDF server 2007
• AltViewer documents preview
• Altova XML Spy
• Corel WordPerfect Office X3
• DataWatch Monach v9.0 DOCX to RTF
• Google search
• Panergy docXconverter
• Madcap Flare
• Microsoft Office 2000
• Microsoft Office XP
• Microsoft Office 2003
• Microsoft Office 2007
• Microsoft Office Mobile 6.1
• Mindjet's MindManager
• Nuance Omnipage 16
• ODF-Converter
• OOX-UOF Converter
• Open XML Translator
• PythonOffice (Python API to read & write Excel documents)
• Word 2007 Map Editor for Mindjet MindManager
• Xpertdoc Studio 2007 reporting solution
• IBM Lotus Quickr
• IBM Websphere Portal
• IBM DB2 Content Manager v8.4
• IBM DB2 9 pureXML
• Zamzar, Zoho Writer
• (... you get the idea ...)

I hope those who earlier championed ODF through the standards process, ignoring technical comments from standards bodies about areas that needed improvement, and then sought to persuade Governments to mandate its exclusive use will have serious cause for reflection. Could these really be the same people that for years have argued against a single, monopolistic file format? Why then did they seek to impose their own single file format on a world where multiple formats and standards have always and will always exist?

ODF is a worthy ISO standard, I've always made that quite clear: but so too is Open XML. Both have their place (as indeed do other formats such as PDF and China's UOF) and users will decide which they want to utilise - which is entirely as it should be.

The more mud, FUD and hatred that opponents of independent control and maintenance of the Open XML file formats threw at the process, the more they alienated national standards bodies who, from what I have seen, have stuck resolutely and calmly to going through their technical concerns and dedicating countless hours to resolving them to their satisfaction. That is surely what standards should be about? In fact, it can easily be argued that given the unprecedented scrutiny and revisions that Open XML was subjected to, it is probably one of the best specifications ever to emerge from the standards process and has been much improved by this serious, professional scrutiny.

Hopefully we can now all move on. And hopefully those who sought to use the standards process to impose their own commercial views on the world will abandon the attempt to abuse standardisation in this way ever again. It has been a spectacle unbecoming the industry. But at least today is a day when those who count - users, governments, partners and customers everywhere - can celebrate the fact that their voice has been heard and acted upon: and that these important file formats are now under the independent control of ISO.

Technorati tags: XML standards ISO Open XML ODF interoperability Microsoft technology policy

To Brussels, one of my favourite cities - although, as with most business trips, there is little time to enjoy its many delights.

I have been invited to speak over dinner to a group of politicians and business leaders. My topic: "Is your information safe online: what needs to be done to ensure we continue to trust the public and private sectors with our personal information?". I'll give a flavour of my opening below - but do inadequate justice to the intelligent and articulate debate that followed over dinner...

Whilst information technology has dramatically transformed how a large part of our world works, lives learns and plays, concerns about the collection and use of personal data threaten to erode public confidence. We continue to see a relentless, steady increase worldwide in crimes like identity theft and online phishing scams aimed at deceiving individuals into divulging their personal information. Worldwide we are also witnessing a decline in confidence that information will remain both secure and private.

We have of course in the UK seen some recent unfortunate headlines, the loss of 25m HMRC records amongst them, which have further eroded trust. And then there is the problem of naive teenagers and others posting personal information on social networking sites without any understanding of the potential risks this exposes them to. The BBC reports the results of a recent survey for the Information Commissioner's Office, with some worrying statistics - such as 70% of users feel powerless over how orgnisations keep an eye on data and that 53% no longer have confidence in the way banks, local authorities and government departments handle personal information.

Helping ensure privacy in today's digital world is critical to the full realisation of the social, societal and economic benefits of technology and the Internet.The Internet today of course would not be the diverse and useful medium it has become without advertising. Many Websites are able to offer their content and services online for free only because of the income they derive from advertising. Yet online advertising presents clear challenges and risks. The ability to target online ads depends on information that companies collect from or about Internet users, much of which is personal information.

To establish trust, ensure privacy and provide improved data protection consumers need to be in control of their information. In my discussions with government both in the UK and elsewhere, Iemphasise that this is not about technology alone: but about ensuring that people, process and technology are all working in co-ordination. No computer is 100% secure - indeed, no system is 100% secure - but the more we can ensure that the technology, the people that use it and the processes around use of the system are designed in the best possible ways, the more we can ensure that risks are minimised.

We believe that it is the responsibility of each individual organisation to nourish a culture that truly values and respects privacy. Some of the key underlying tenets I believe all organisations should subscribe to are the principles of:

• freedom from intrusion
• freedom from being watched
• control of personal information
• protection from harm

Three key concepts underpin our current approach: transparency, consent and security. These concepts embrace user control, search data anonymisation, data protection, legal compliance and industry best practices.

In terms of transparency, users can expect clear notice about our policies and practices so that they can make informed choices. We provide a clear statement of the information that our customers need in order to understand our practices from the very beginning including a statement that data may be used for the display of personalised content and advertising. Our Online Privacy Statement is readily accessible from every page of each major online service that we operate.

Our second core principle involves user control. This is critical. Currently, we are developing new technologies that will dramatically enhance such control for example, by allowing signed-in users to control personalisation using their search history. As we begin to offer advertising services to third party Websites, we will allow users to opt-out altogether from behavioural ad targeting by Microsoft.

We also aspire to offer security and data minimisation by design. For example, we use strong encryption technology to store search terms separately from account holders personal information. Our online advertising platform only uses data for advert targeting that does not personally and directly identify individual users.

Related to these core principles of transparency, control, and security is the important and much debated issue of data retention. We have taken a very strict approach to anonymising search terms by irreversibly removing all identifiers, such as IP address, cookies and other machine identifiers, from search terms. This renders that information truly anonymous. In terms of the impact on user privacy, complete and irreversible anonymity I believe is an important point here - more impactful than whether data is retained for 13, 18 or 24 months.

We also focus on technological advances that help organisations protect against Internet-age threats. These include:

• secure infrastructure: safeguards that help protect against malware and unauthorised access to personal information, and which help keep systems up-to-date
• identity and access control: systems that help protect personal information from unauthorised access or use
• data encryption: safeguards that help protect sensitive personal information by converting data into incomprehensible code that requires a key to decode
• document protection: protection features for personal information stored in documents throughout the entire life cycle of the document (because remember this is not just about databases, but information held in documents and emails too)
• auditing and reporting: monitoring to verify the integrity of systems and data in compliance with business policies

Over the last thirty years or so it has become clear that there are more sustainable ways of handling personal information than many of the processes in place today. These include principles such as data minimisation (holding the least amount of information required rather than collecting as much as possible on the basis that it might come in useful one day); ensuring that information is not all held in one place, but is dispersed (so that when information is leaked the damage is contained); and that information aggregation should happen only in a very controlled way.

So how are we doing? Well, there's always room for improvement of course but when a leading international privacy advocate gives us a B+ for our work on privacy and one of our leading competitors is given just an E, I feel we're headed in the right direction.

Managing and protecting sensitive personal information is not only the right thing to do for consumers and citizens, it's the right thing to do from a business perspective. This is how we establish trust in the users of technology and help build a trustworthy technology infrastructure. Some of the recent headlines about data breaches and data losses I hope will ultimately prove to be useful - since they have widened and deepened the debate about the value of our personal information.

I hope this in turn will lead to the establishment of industry wide principles that always remember it's our personal information, no-one else's, and that technology design needs to reflect that fact. As should the people and processes that organisations put into place around their systems.

Technorati tags: identity privacy security technology policy CardSpace InfoCards

Virtualisation has finally come of age: I rarely speak with anyone responsible for running IT shops these days who does not mention how they are using virtualisation to drive down operational costs and reduce inefficiencies in their IT infrastructure.

But one of the key questions that also usually comes up is the impact that virtualisation and the growth of grid computing will have on traditional software licensing models. After all:

... before virtualisation it was relatively easy to keep control of business IT expenditure through the assigned hardware costs and software applications licensed to execute upon them. Even at the individual level it was possible to keep track of licensing terms and conditions by counting the number of employees who had access to their office and other work applications. But if we struggled to keep track of licence agreements and their provisions in the past, does virtualisation help or hinder the task looking forwards? What tools and techniques are available to help us manage in this new age of computing?

At 14:00 on Thursday 10 April there's an oppportunity to learn more on this very topic. Grid Computing Now! is hosting a Webinar that tackles this issue. Taking part will be:

• David Gittins, Capgemini (who has been working with the public sector on this challenge)
• Neil Sanderson, Product Manager for Virtualisation at Microsoft
• Mark Cresswell of Scalable Solutions, a leader in the provision of tools for monitoring and reporting usage

You can register here.

Technorati tags: software licensing virtualisation grid computing technology policy

Throughout my time at school, I never got on with the classroom teaching method. Sitting there and copying down what a teacher wrote on a blackboard alienated me: so I would drift off in my own thoughts. So much so that one teacher nicknamed me 'The boy who stares out of the window'. Hmm, thanks: what an inspiring individual.

I never understood why the teacher could not just hand out their notes - and then we could spend the time in class discussing and debating the topic instead. What was the point of spending the whole day making us copy down notes en masse, like some glorified school for copy clerks?

Personally I learn by doing not by rote learning, which has always seemed a waste of time to me. And surely now, in the digital age and with resources like Encarta and Wikipedia at our fingertips, this is true for more and more people?

Yet all too often the focus in education has seemed to confuse having a good memory (typically for facts and figures) with intelligence. The digital age has broken that model once and for all. After all, a computer has a damn sight better memory for facts and figures than any human ever will. But what humans are good at is knowing how to understand and use that information - including our capacity for complex associative reasoning. Something computers still don't do very well.

What I witness happening now reinforces what I learned all those years ago - that real education is all about knowing how to find reliable information when you need it and of how to use information properly to argue an opinion or to challenge someone else's opinion. How much longer before we see the debate about whether computers should be allowed in the exam hall - in the same way we had the same pointless debate about calculators? Exams should not be checking how well we can emulate a computer by trotting out facts and figures on demand: they should be for testing our comprehension of a topic and how smartly we can find and use information in new and innovative ways.

What strikes me now is how much learning has changed over just the last 12 years since I undertook some formal research. Then, I spent my time identifying where various articles, periodicals and books were available and then visiting those libraries in person in order to retrieve and read them. Once there I would copy my notes by hand and then later edit them on a computer.

Today I conduct most of my research directly from a PC with Internet access. I can directly access many books and articles online - and those that I know I need frequent access to I can acquire easily either new or secondhand from the likes of Amazon.

The tools I use are also much improved.

I find most of what I'm interested in using Live Search. And Word's handling of large complex documents with automated embedded cross references, indexing and contents is without parallel for serious writers.

My browser is enhanced with Onfolio, which enables me to capture the full contents of Web pages that I find and to refer to them at leisure, even when I'm offline.

I also find OneNote the best way of structuring my research notes - and combined with its screen clipping utility one of the most frequent resources that I use.

I backup my research into the cloud using Skydrive and its free 5Gb of online storage and (as of yesterday) started using Office Live Workspace - which allows me to open and save documents directly from within Office into the cloud and to share and collaborate on them with others.

Of course, when I use online sources such as Wikipedia there's always the need to validate the quality of information presented. So I rarely take anything at face value - instead using what I find as an indicator and then going back to primary sources to validate the information. It's this type of skill we should be embedding in the education system. The debate about plagiarism and the use of online resources misses the point. You can't uninvent reality. We need to teach pupils how to use and cite online sources properly: how to validate the information they find and then how to use it properly, with full attribution.

But I also believe there's a more subtle and more fundamental shift happening. As Vannevar Bush wrote:

... instruments are at hand which, if properly developed, will give man access to and command over the inherited knowledge of the ages

New technologies are moving us away from the supremacy of text - as I argued in "Beyond Caxton - the post-literate world". Getting to grips with this fundamental transition, enabled by technology, is likely to prove one of the biggest challenges to our ideas about education and our education system.

Technorati tags: innovation creativity education technology Microsoft research policy transliteracy literature

To the QEII Conference Centre on Thursday, where I am introduced to Kazuo Furukawa (President and Chief Executive Officer of Hitachi), together with some of his senior management team. I have been invited to present and speak on a panel discussion on "Building tomorrows world: Information security and egovernment". A topic that looks set to run and run.

My fellow panellists are Phil Willis MP, Andrew Miller MP, John Suffolk (HMG CIO) and Mitsuo Yamaguchi (Vice President and Executive Officer, Hitachi). I arrive expecting to do a 10 minute Powerpoint presentation for my intro, only to discover we're meant to give an opening address instead, unaided by technology. So I quickly spin my content from one medium into another, not helped by a stinking cold and broken tooth!

My mantra on this important topic remains that information security is not solely about technology and we're not going to make any progress until people realise that. It's about technology and people and process, all designed in concert. Our paper, Information Privacy and Data Protection in the Public Sector remains a strong contribution to this important topic.

As I wrote in my recent blog entry of the same name (see http://ntouk.com/?view=plink&id=341), one of the elements that often seems missing is the critical role that identity assurance needs to play in any secure information system. In particular I am surprised that the interim report on "Data Handling Procedures in Government" does not mention identity - and also I believe should consider the sort of technology framework set out in our paper, and which I would have expected to see at the heart of the ongoing review of recent Government data incidents.

With most useful timing, The Economist (edition of Feb 16th-22nd 2008) has a special supplement on technology and government, including an article called "Identity Parade" which features Kim Cameron, our Chief Identity Architect.

Some of the key quotes I reference from that are:

• Mr Cameron suggests rethinking the whole issue ...
• ... the second principle, says Mr Cameron, should be to keep down the risk of a breach by using as little information as possible to achieve the task in hand. This approach, which he calls information minimalism, rules out keeping information just in case.
• Third, identity systems must be able to check who is asking for the information, not just hand it over.
• ... the final principle is a thorough understanding of the human factor

That last category is probably the hardest to design successfully into any system.

After we had all presented our opening remarks, there followed a series of intelligent and challenging questions from the floor. Several of these homed in on the theme of how the ideas of Transformational Government and the data-sharing agenda could be reconciled with the need to ensure higher information assurance and less risky models of data handling. We had a wide-ranging discussion of the ideas embedded in the 'laws of identity' - in particular data minimisation and the idea of claim affirmation rather than sharing information itself. That is, systems that would for example affirm someone is over the age of 18 rather than broadcasting their date of birth.

Other topics included the issue of how we ensure better online security - which, as I've argued before, is about a combination of end user training and awareness, strong technical protection and powerful and well-resourced legal enforcement. And all three of these need to be working seamlessly together.

There were also some pointed questions about the architecture of information systems - and the need for a better understanding of segmentation and distribution rather than aggregation. I seem to have gained a certain notoriety for pointing out what to me seems the blindingly obvious - the honeypot effect of unnecessarily centrally collated and aggregated personal information. We need much smarter and less monolithic data models - and ones that don't assume we all need to hold masses of personal data in the first place.

Many thanks to my hosts Hitachi, my fellow panellists and the audience for the two hours that whizzed by in a compelling and imaginative and lively discussion. Somehow I don't think it's the last we're going to hear of this topic...

Technorati tags: information security transformational government identity technology policy security privacy

Microsoft is already acknowledged by IT professionals as strong on interoperability - but there's always more to be done. Which is why I welcome the announcement we've made that we're committing more into this important area, specifically across the topics of:

1) Ensuring open connections

2) Data portability

3) Enhanced support for industry standards

4) Open engagement with the industry.

You can read more about these principles and how we'll implement them at http://www.microsoft.com/presspass/presskits/interoperability/default.mspx. This builds further on the existing momentum around the Open Specification Promise and the great work being done, for example, around identity and the world leading example set by Kim Cameron.

I believe these are the right moves to be making and hope they will be welcomed by policymakers, CIOs and CTOs alike, as well as the wider developer community, in the same way that opening up the Office file formats has been well received (in most quarters!).

Technorati tags: standards interoperability Microsoft technology policy