“Forecasts are always wrong,” said Robert Chote, chairman of the Office for Budget Responsibility, this week (having said similar things in the past). This is a brave line to take when your organisation produces the economic forecasts used by the government, but it is also true.
In anything that involves human behaviour, the best a forecaster can do is assess the situation in the recent past and at present, note the rates of change, then take a view on whether things will continue to change at those rates or if there are good reasons otherwise. It makes sense to say how confident you are in the prediction or provide a range of possibilities. Continue reading “Making emotional predictions”
The media focus on autonomous vehicles has been on whether they can take over from human drivers on public roads. It’s the thing that would touch most people and catches the imagination, but as I discovered writing about the subject for Computer Weekly, it’s going to take a lot of work.
However, autonomous vehicles are already being successfully used off-road, in places such as mines, distribution centres and fields. Volvo Group has put a driverless truck down a Swedish mine and put its chief technology officer in front of the truck, fortunately without messy results. Continue reading “Where autonomous vehicles are already motoring”
The real value of autonomous vehicles could lie in industrial applications. We take a test drive around Milton Keynes to find out
The writer after a short ride in a Renault Twizzy autonomous car, Milton Keynes, October 2016
Milton Keynes’ Station Square is hosting a very small fairground, with a tent, a few flags and just one ride: the Catapult Lutz Pathfinder autonomous vehicle. Like all the best fairground rides, the self-driving car – a tiny two-seater electric Renault Twizy, painted in white and purple, and emblazoned with the logos of organisations – plays with your mind rather than putting you in physical danger. The only crash is software-based, and happens before we start.
A quick reset later, the “driver”, who has driven just 700 metres of the 30-40km he has spent behind the wheel over the past few days, taps on an iPad and releases the handbrake. The wheel turns itself clockwise, steering us into one of Milton Keynes’ many pedestrian underpasses and along a shared pedestrian and cycleway.
Taking part in the first UK trial of self-driving vehicles in a public space starts as unnerving, but quickly becomes fun, not least in watching the surprised reactions of pedestrians. The short route avoids roads but has seen the project’s “Selenium” software coping with pedestrians, dogs, cyclists and pram-walkers. It does so by jamming on the brakes, producing the ride’s only moderately thrilling moments.
This is because one of the car’s two systems, the low-level computer, is designed to bring it safely to a halt unless the main vehicle computer has a convincing plan to move it. Paul Newman, BP professor of information engineering at Oxford University’s department of engineering science, describes the low-level computer as a “doubting Thomas”, one of a range of features that makes the software capable of driving autonomous vehicles reliably.
The software does not require signals from mobile networks, satellites or beacons, although it can connect to 3G networks for fleet management. Instead, it relies on the vehicle’s cameras and light detection and ranging (Lidar) sensors to drive, meaning it could work indoors or underground.
Newman, who has been working on the project since 2010 with Engineering and Physical Sciences Research Council funding, adds that this demonstration prioritises safety, and that the software is capable of much faster speeds. Today’s trial is satisfying nonetheless. “You’re tapping away on some code with some great colleagues, and then that text file gets turned into something that moves metal around a city waiting for a child to get out of the way. And the public come and poke at it and ask questions. That’s an engineer’s paradise, right?”
The Lutz Pathfinder has been funded by the government-supported Transport Systems Catapult and a company, Oxbotica, has been spun-off from Oxford University by Newman and others to market Selenium. He says that the hardware – both the car and its commodity computer equipment – is unimportant compared with the Linux-based software, which his team at Oxford aimed to make both highly stable yet open to innovation.
“You have to build an architecture that can be sympathetic to an invention that’s going to happen six months in the future, and it’s going to slot right in,” he says, as well as maintaining high standards of code hygiene, coding styles, inter-process communications, security including use of encryption and “a huge amount of effort” on testing.
Selenium has been designed to consider three basic questions: “Where am I, what’s around me and what should I do? Each of the application domains has each of those three questions coming up in different ratios,” he says. A fork-lift manufacturer may not have to worry too much about what’s around the vehicle, as it will normally operate within a warehouse, but it may have to cope with poorer lighting conditions and more enclosed spaces.
Newman believes entirely autonomous cars that don’t need steering wheels on public roads are “a long way away”, but that there are lots of intermediate applications. One is providing transport as a service, and Milton Keynes Council, which is hosting this trial, hopes to offer autonomous vehicle rides from the railway station and other transport hubs to city centre locations from the end of 2017.
“They are a last-mile solution,” says the council’s director of strategy, Geoff Snelson. “You can dial up one of these pods on an app, it will pick you up and take you where you want to go, drop you off, and then tootle off and pick someone else up. It starts to remove the need to bring lots of cars into the city centre.”
Milton Keynes suited to autonomous vehicles
The council wants Milton Keynes to be a test bed for autonomous vehicles. Its grid pattern of streets makes it easier to shut roads temporarily to things. “It’s a little bit more straightforward than trying to run things in the middle of Oxford,” says Snelson, who notes that much of the land is owned by the public sector which makes it easier to install sensors. Jaguar Land Rover, Ford and Tata also plan to test autonomous cars in the city.
Milton Keynes Council is also creating its own three-dimensional map of the city with a local company to help autonomous vehicles navigate, as well as to integrate them with public transport. “You need to allow for flexibility and different sorts of futures, the integration of multiple solutions and multiple providers,” says Snelson. “What you don’t want to do is have Google or Microsoft own your town, come in and own the digital map of the place and the technology, making you beholden to them. You need to be in control of this stuff.”
Self-driving vehicles could raise productivity in mines
Like Milton Keynes, the first commercial customers of autonomous vehicles are providing a supportive environment to help them work. In September 2016, Volvo carried out what it believes were the first tests of an autonomous truck in an underground mine, which included its chief technology officer Torbjörn Holmström standing in the way of a truck to see if it stopped (it did).
Boliden, the operator of the Kristineberg mine in northern Sweden, had installed a wireless communications infrastructure and implemented a site management system, planning vehicle movements and tracking staff. “That’s why we selected that mine to start with,” says Christian Grante, technical specialist for preventative safety and automation at Volvo Group.
The trucks use underground beacons as part of a floating vehicle concept where they are all tracked. Using the mine’s data, a truck can go faster in areas with no other vehicles or people, although four on-board Lidar detectors can apply the brakes if necessary.
Volvo Group says automation is particularly valuable to underground mining, as it can cut the high per-person safety costs of working underground and allow productivity to increase.
“The hauling system in the mine stops for shift changes and breaks,” says Grante. “If you run automated, you run 24/7 without the people in the mine. They are on the surface instead.” The trial at Kristineberg suggests the mine could double its productivity by moving all staff to the surface, automating both vehicles and the mining process itself.
Volvo Group also plans to offer autonomous vehicles to other closed-site operations, including open-pit mines and quarries, harbours and logistics hubs.
“You can change the rules and regulations overnight, and also adapt the infrastructure,” says Grante. Potential customers can prepare closed sites by introducing site management, and dispatch systems and supporting network infrastructure. “If you have a site that is digitised, where the information is digitised and you do the planning digitally, then you have the core parts,” he says.
But on public roads, while 80% or more of long-haul driving is relatively straightforward to automate, Grante adds that unforeseen situations are “almost impossible to automate”, meaning that such technology is likely to support rather than replace lorry drivers. It will improve safety by helping them to avoid mistakes or falling asleep on motorways, letting them focus on difficult but stimulating urban driving. This could allow regulatory changes so they can drive or supervise autonomous vehicles for longer continuous periods.
Agricultural applications could put more money in farmers’ pockets
Some autonomy is already a reality in agriculture. Many tractors and combines steer themselves, although operators control the speed and vehicles will not operate without someone in the driving seat. This allows operators to monitor agricultural operations, such as seeding, which can run through 20 tubes at the back of the vehicle. Blocked tubes mean less of the field will produce crops, and a second pass would damage what has already been sown.
Letting operators pay more attention to the tubes therefore boosts yields. “This is where the money can be made for the farmer,” says Michiel Jochims, Real Time Kinematic manager for Europe, the Middle East and Africa at CNH Industrial, the parent company of agricultural vehicle-makers New Holland and Case IH.
Many modern tractors and combines can also automatically operate implements by switching them on and off at field boundaries so they avoid wasting materials such as fertiliser, thereby reducing costs and environmental impact. Making operations easier for farmers also allows them to harvest crops in less time, minimising weather damage.
Agricultural vehicles have relied on satellite-based systems such as GPS, but this technology’s level of accuracy to within a few metres can involve significant waste. To improve this, CNH Industrial is installing fixed-location base stations across Europe. Its Real Time Kinematic positioning system involves the fixed stations comparing GPS readings to actual locations, allowing the company to generate error corrections every 10 seconds. These are sent via GSM networks to customers’ on-vehicle equipment, increasing accuracy to a couple of centimetres. In the UK, CNH is using more than 110 stations run by Ordnance Survey.
Jochims says that, at present, semi-autonomous agricultural vehicles focus on locational accuracy rather than safety, as they still have operators who can look out for animals or people in the way. But CNH is considering fully autonomous, cableless vehicles, currently at the conceptual stage, which would add sensors.
“The machine would drive itself 24/7,” he says, from a farmer’s yard via public roads to a field. It would operate implements, identify and avoid obstacles while working at the field, then return to base.
“As a farmer, you can control the machine at a distance, you can give it tasks, you can focus on other duties,” says Jochims. But while the technology to achieve this is available, there are issues around insurance, regulations and reliability. “It’s all about who’s going to take the hit if something goes wrong,” he adds.
Despite the focus on driverless vehicles on public roads, these concerns, along with the difficulties of driving in urban environments, mean that autonomous vehicles are likely to be adopted more quickly on closed sites. But operators willing to adapt such sites to work for autonomy could reap significant improvements in productivity and safety.
Norfolk County Council has won a national award for its libraries’ health education work, which involves tailoring each library’s work based on local public health data.
In September, the Chartered Institute of Library and Information Professionals awarded Norfolk its annual Libraries Change Lives award for the county’s Healthy Libraries project. This involves activities in the county’s 47 libraries including pedal-powered smoothie bikes, hula-hoop challenges and neighbourhood lunches. Continue reading “Norfolk uses data in libraries’ public health drive”
Balancing privacy and security requires highly developed information security policies and, of the UK intelligence agencies, GCHQ has taken the lead
In a perfect world there would be no need for security and intelligence agencies. But in an imperfect world, where such agencies are required, arguably the best way to balance security and privacy is to minimise their ability to abuse their powers without stopping them from doing their jobs.
Doing so requires agencies, regulators and politicians to create highly developed information security policies and practices. The UK has a relatively high tolerance of state surveillance, partly based on the agencies’ Second World War reputations, but also on the public’s assumption that they use their present-day powers properly. Maintaining this is in the interest of the agencies as well as the public, as support for legislation such as the Investigatory Powers Bill would be severely threatened by evidence of corruption or sloppy practice.
Of the three agencies, GCHQ has to take the lead on information security. It has the most staff – 5,564 at March 2015, compared with 4,047 at the security service MI5 and 2,479 at the secret intelligence service MI6. It probably spends the biggest part of the £2.6bn intelligence account, although the budgets for each agency are secret. It certainly has the greatest powers to gather information, being the only one of the three agencies that can wield all four kinds of ‘bulk power’, the controversial surveillance abilities that gather data on large numbers of mostly innocent people.
In his recent report on such powers, the independent reviewer of terrorism legislation David Anderson wrote: “Bulk powers, by definition, involve potential access by the state to the data of large numbers of people whom there is not the slightest reason to suspect of threatening national security or engaging in serious crime. Any abuse of those powers could thus have particularly wide-ranging effects on the innocent.”
Safest pair of hands
Also, the other agencies outsource some of their work in this area to GCHQ. MI6 relies on GCHQ’s bulk interception of communications to provide targeted information, while both MI5 and MI6 analysts use GCHQ’s system for bulk personal data on travel.
Fortunately, there is some evidence that GCHQ is the safest pair of hands among the agencies on information security. In his most recent annual report, the intelligence services commissioner Sir Mark Waller said that GCHQ had reported three errors during 2015, compared with 11 at MI6 and 67 at MI5. In its defence, Waller said that MI5 obtains significantly more warrants than the other agencies, “and their error rate is in fact low as a proportion of authorisations”.
Other external checks have called MI5’s information security into question, including its staff contravening rules for accessing communications data on 210 occasions over five years. David Anderson’s review said that GCHQ had reported no errors over bulk communications data during the same period, while on bulk personal datasets the investigatory powers tribunal has heard that between June 2014 and February 2016 there were six “instances of non-compliance” at MI5, with two members of staff disciplined, and five instances at MI6, with three staff disciplined. There were just two such incidents at GCHQ, neither involving individual non-compliance.
UK IT security role
GCHQ has another advantage: it is responsible for strengthening the information security of UK organisations through its CESG arm. It has started publishing advice such as on passwords, and is in the process of expanding its work through the establishment of a new National Cyber Security Centre.
Apart from this, it has previously been difficult for organisations to learn from GCHQ’s own information security experience. But documents from Privacy International’s investigatory powers tribunal case against the intelligence and security agencies, as well as David Anderson’s review, have included details on how GCHQ secures its own information.
Much of its work focuses on individual users. All employees go through a three-month vetting as part of recruitment, but the tribunal documents show this is just the start of the process. This people-centric approach is outlined in Boiling Frogs, a research paper released by GCHQ in May 2016. Writers Russ B, Mike M and Steve H argue against a model of security that prevents people doing their jobs – not least because it may lead to a growth in shadow IT workarounds – preferring one that offers permission and enables staff. “People-centric security is a strategic approach to information security that emphasises individual accountability and trust, and that de-emphasises restrictive, preventative security controls,” they wrote.
In a witness statement to the investigatory powers tribunal, the unnamed deputy director for mission policy at GCHQ revealed some of the ways in which the agency attempts to put this model into practice:
A business case for access: Unless they have an up-to-date qualifying skill – generally gained only by using the system in question – GCHQ staff have to prepare a business case to access its bulk telephony and internet data tool. This includes demonstrating a requirement for the data and confirming there are colleagues who will support the person in using the system. Applications have to be approved by a local manager and the system’s senior user community. If approved, the new user has to read a “defensive brief” for the system which covers the proportionality of the tool’s use and the policy requirements, along with advice and contacts for support. Only then can the user apply for an account.
Compulsory training: An account does not lead directly to access. New users have to undergo online training courses and tests, including a legal overview course and, for staff who have access to operational data, an advanced mission legalities course. Both must be re-taken every two years to retain access. The agency also runs an hour-long e-learning training course in using bulk personal datasets with an additional module for travel data, both of which have to be completed before access is granted to that system.
Multiple levels of access: For GCHQ’s bulk telephony and internet data tool there are three levels of access: level 1, 1+ and 2, with the last allowing access to communications content. Some bulk personal datasets are limited to a handful of people, at least initially: in June 2013, one financial dataset acquired from MI6 was accessible only by two people, while in April 2015 a dataset acquired for a time-limited trial was used only by about 10 analysts.
A written reason for access: Use of systems is tracked, but, along with MI5 and MI6, GCHQ also requires staff to confirm that they require access each time, selecting one of three legal justifications: national security, economic well-being or to support the prevention or detection of serious crime. GCHQ aims to stop this from being purely a menu choice exercise by requiring a free text justification for the search.
Use it or lose it: As well as requiring users to jump through hoops to get access, staff with access to the bulk telephony and internet data tool have to use it at least once every six weeks, “or it will expire and a new application will be needed”. In addition to person-centric security, GCHQ uses a range of auditing techniques, both internal and external. These include measures that hold data and datasets for limited periods, with the latter needing reauthorisation if they are to be kept.
Limited retention periods: GCHQ holds bulk communications data for a year, as does MI5, after which the information is deleted automatically. On bulk personal datasets, since 2010 an internal GCHQ panel has reviewed their use twice a year. The panel authorises retention for a limited period and owners must request extensions, with the usefulness of each dataset tracked through technical data sheets that analysts fill in stating sources while drafting reports. If the owner does not request retention or the panel does not grant this, the owner has to provide evidence that the dataset has been deleted.
External auditing: As well as internal reviews, since December 2010 the intelligence services commissioner has carried out twice-yearly checks on GCHQ’s use of bulk personal datasets, on the orders of then-prime minister David Cameron. Sir Mark Waller, in his October 2015 inspection, spotted incomplete paperwork for retaining one bulk personal dataset, where the original authorising document was unsigned. As a result, GCHQ’s mission policy department checked the paperwork for all such datasets.
Admit errors: The agency has raised its own errors with the commissioner, such as when a dataset containing the names and photos of several thousand alleged intelligence agency officers was released online, which GCHQ downloaded to check for its own staff. The file was then deleted, so the agency helped MI5, MI6 and an overseas Five-Eyes partner agency (from the US, Canada, Australia or New Zealand) check against their own employee lists. Permission had not been sought for external sharing, but Waller decided it was justifiable as it aimed to defend employees.
There is always more that GCHQ and the other agencies could do. In his report on bulk powers, David Anderson recommended that the government appoints a technical advisory panel, partly to help the agencies “reduce the privacy footprint of their activities”. But on the basis of the recently published documents, other organisations could benefit from considering GCHQ’s practices on information security.
