I spent last week in the UK, mostly in a hotel, doing some consultancy and meeting up with one or two old friends. In the course of it I ran across some facts that I found interesting. Here they are:

• The diagnosis, treatment and care for cancer patients accounts for 2% of the world’s economy. In the advanced economies the figure tends to be higher, accounting for about 30% of the health sector. You could talk in terms of there being a cancer industry – because there is.
• A high proportion of prisoners in the UK are illiterate. There’s a high correlation of illiteracy and criminality. Correlation of criminality and having had a single parent or having been raised in care is also high.

So now, let’s tie these two disparate facts together. Prevention is better than cure. Few people would dispute that. The prevention of cancer would significantly reduce the costs, because many cancers are less serious and hence less expensive if caught earlier. Prostate cancer is famously so. Reduce illiteracy and unwanted children and you’ll reduce the level of crime. In fact the most effective crime reducing legislation introduced in the past 40 years was the legalization of abortion (read Freakonomics by Steven D. Levitt and Stephen J. Dubner for details of this in the US). Such legislation, of course, never had that as a target—it was an unexpected side-effect.

Now you would think that, given the seriousness and cost of crime and cancer, there would be a high investment in prevention—but there isn’t. And that boils down to a general lack of knowledge, which leads in turn to a general lack of political support for investment in prevention. It’s surprising, for example, that the public is happy to pay for criminals to go to prison when the individual cost of keeping them there (in the advanced economies) is more than the cost of keeping someone in a 5 star hotel.

Now lets introduce a third strand to this: the investment in IT.

There is a great deal of investment in IT and a great deal of what I have seen recently is expensive investment in trying to cure problems (such as in email management, IT security investments, system management, etc.) Much of this is necessary at the time that the investment is made but might not have been necessary if the right investment had been made earlier. And when the IT user cannot be blamed, the IT vendor usually can—because the IT user depends on the vendor to behave strategically.

Enough said. We’re done here.

They got the wrong Guy—it was world-wide news almost instantly; one of those instances where the news makes the news. As you surely already know if you’re in the UK and may know if you are in an English-speaking area of the world, the BBC interviewed the wrong Guy. They interviewed Guy Goma rather than Guy Kewney in a short business news slot about the outcome of Apple v Apple case.

It was ‘accidental identity theft’ by Guy on Guy.

How did it happen? Who can say. As is sometimes the case, the incorrect explanation was the first explanation to hit the news wires. I went surfing, partly in a futile attempt to discover how the lie got out. As Mark Twain once said, “a lie can travel half way round the world while the truth is putting its shoes on”. In fact it took a few days for the truth to get its shoes on in this instance.

Here’s the wrong story:

“Guy Goma is a London cabbie (or possibly limo driver) waiting in the BBC reception with a sign or note indicating ‘Guy Kewney’ the IT expert who is to be interviewed. He is there to pick Guy up after the interview. Some BBC person grabs him and drags him into a studio where, much to his surprise, the cameras point at him and Karen Bowerman, a reasonably well known BBC interviewer, starts asking him questions about Apple v Apple. His replies are less than illuminating and the BBC quickly cuts to a “reporter at large” as Karen and the production team realize that something is not quite right.”

That spontaneous untruth is accompanied by the genuine fact that:

Guy Kewney sat in reception actually watching the live broadcast, realizing that somehow a black guy from the Congo with an endearing French accent, who probably never even knew that the Apple case had happened, was failing to say anything comprehensible about it.

The UK’s Mail on Sunday even printed an appeal for information as to who this Taxi driver was.

It was a few days before the true story (or one that actually made sense) emerged:

“Guy Goma was, in fact, a candidate for an IT job at the BBC. Hence when collected at reception for an interview (Guy being mistaken for Guy) never thought that anything untoward was happening until they put a mike on him. Even then he just assumed it was an odd BBC procedure until he was led into the studio… You can see this from the “deer-in-the-headlights” look on his face when asked a question about Apple v Apple.”

From then on it’s 15 minutes of fame for Guy Goma, who is suddenly in great demand and giving his opinions on everything from England’s chances in the World Cup to the price of eggs. By the Friday of the week he is appearing on the Jonathan Ross show to rapturous applause from the audience. The deer-in-the-headlights is now the darling in the spotlights—that is until someone discovers that he doesn’t actually have a work visa for the UK. He’s been in the country for 4 years on a tourist visa and shouldn’t be here and certainly shouldn’t be trying to get work.

I’m not sure how much Guy’s 15 minutes of fame are worth, but it may turn out that the appearance fees he’s been paid (and he must have been receiving some because he now has a PR agent) don’t compensate for his now-likely expulsion from the UK.

Anyway, how did the wrong story get out? Surfing didn’t lead me to an answer. My best theory is “the theory of the incomplete story”. A story emerges and some reporter somewhere tries to find out all the pertinent details. However some of the details cannot be found. What to do? If it’s real news, why not just invent the story. You contact the receptionist at the BBC and ask her how it happened. She says, “maybe he was a taxi driver” so you make him a taxi-driver and file the story. The story now syndicates without anyone checking a single fact. Suddenly, the untruth is out there.

You may or may not have picked up the news that Estonia came under cyber-attack in early May. Cyber attacks—usually consisting of multiple denial of service attacks—are pretty bloodless really. You don’t see buildings reduced to piles of rubble or dead bodies strewn across the street. There’s nothing to take photos of. There’s only economic damage; web sites that cannot be accessed and transactions that cannot take place.

That’s how it was when a Russian invasion force consisting entirely of digital signals marched across the border into Estonia in very large numbers and shut down the main Estonian bank. They also choked off a fair number of Estonian government web sites. The almost unanswerable question is whether it was the Russian government that launched the attack or whether it was Russian hackers. Estonia—it seems—provoked the attack when the Estonian government removed a statue (in Tallinn) that commemorates Soviet troops who were killed fighting the Nazis.

Estonian officials claim that some of the attacking computers had Kremlin IP addresses but—and I’m sure the Russians would suggest this—such computers could have been infected by viruses and used as bots by Russian hackers. That’s what you call plausible deniability. There are spontaneous cyber attacks provoked by events. For example, in the Salt Lake City Winter Olympics Games, Apolo Ohno won the gold medal in the 1,500-meter speed-skating race when South Korean Kim Dong-Sung was disqualified. A denial of service attack that hit several US based servers followed.

Nevertheless most governments have “cyber soldiers” ready to engage in cyber warfare and it’s quite likely that some of the incidents that are reported as hacker activity are government cyber soldiers out on exercise. Only Russia and China have an official branch of the armed forces devoted to cyberwarfare, but whenever any military activity or even military tension occurs cyber warfare breaks out. It happened first in the disintegration of Yugoslavia. It happened between India and Pakistan and more recently in the Middle East—where it is happening at a low level most of the time anyway, but the activity increases when the bullets fly.

The problem with cyberwarfare is that normal business activity suffers the collateral damage. There have been two attempts to completely take out the Internet—by mounting denial of service attacks on the 13 root servers that run the Internet DNS. One took place in 2002 and one took place in February of this year. These attacks weren’t successful but they may not have been intended to be. They could have been mounted by one government or another simply as target practice in order to assess the amount of power that would be needed to be successful. No-one seems to know who was responsible.

The world is in urgent need of technology that can properly block denial of service attacks. There are some intrusion prevention systems and DOS mitigation products from the likes of Cisco, Top Layer, RADirect and others that can help but the cost is high. In any event they do not address the fundamental problem—that the Domain Name System itself is vulnerable. The only DNS product I’m aware of that can actually deflect a DOS attack completely is the DNS server from Secure64. But it has only just been released and even if the take-up is high, it is unlikely that even a small portion of the millions of DNS servers already deployed will be replaced by this product.

It’s a sobering thought that the Internet, which was originally designed to survive a nuclear attack, has itself become a potential battleground. I came across a statistic in a Symantec security bulletin which made me think. Apparently 20 percent of the bots that are responsible for a variety of cybercrimes are located in China. Think about it. That’s the wrong percentage. It’s far too high. China may have the second largest market in the world for PCs, but it still amounts to less than 10 percent of worldwide shipments. PCs get to be bots by virus infection mostly—so how could it be that such infection is dramatically more common in China? It seems very unlikely.

An alternative explanation is that China’s cyber soldiers get involved in a much greater number of “military exercises” than those from any other country.

Late on May 1st, Kevin Rose, the founder and CEO of Digg.com, made the following blog posting:

“Today was an insane day. And as the founder of Digg, I just wanted to post my thoughts…

In building and shaping the site I’ve always tried to stay as hands on as possible. We’ve always given site moderation (digging/burying) power to the community. Occasionally we step in to remove stories that violate our terms of use (eg. linking to pornography, illegal downloads, racial hate sites, etc.). So today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code.

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.”

In case you’re not sure what this is about, there’s a www war going on over DRM. On one side is the AACS Licensing Authority, the organisation responsible for the AACS copy-protection system, used by both Blu-ray and HD DVD. A hexadecimal key had been posted on the web since the end of last year and it unlocks AACS. As a consequence, media assets have been stolen. Videos published on Blu Ray and HD DVD have been featuring on P2P services and unknown numbers of videos have been acquired illegally. For its part, the AACS has sent out ‘cease and desist’ notices to websites that publish the key, but all that has achieved is a backlash—one aspect of which was the takeover of Digg by links to sites that publish the key. There is now no point at all in AACS trying to suppress the publication of the key. That train left the station a long time ago.

Legally, the AACS has the right to suppress the hex code under the US Digital Millennium Copyright Act, which forbids the publication of information on how to hack DRM schemes—but go tell that to ISPs in Moldova and Kazakhstan. The AACS LA has now issued a patch that expires the key and the Blu-ray Disc Association has announced its acceleration of the introduction of a second-layer of DRM.

All of this suggests to me that DRM is doomed to fail in the long run. There is now a large group of people who see nothing wrong in undermining DRM schemes and will undoubtedly be happy to popularise any hack to any DRM scheme that anyone comes up with. New DRM schemes had better be very good or they’ll quickly become very dead.

So, Kevin Rose just bet the potential fortune locked up in his Digg shares against the AACS LA. Will the AACS LA pursue legal redress? and if they do, will it destroy both the AACS LA and Digg? It could. But if Digg goes down, then it will probably rise from its ashes like a Phoenix, just a few months later.

Microsoft became the worlds dominant software company in the early 1990s and from then on continued to operate at an unprecedented level of profitability—building up a massive cash pile on a quarterly basis. By the late 1990s Microsoft strongly focused on generating software technology for the coming media boom.

A good many Microsoft detractors believe that Microsoft is inherently unable to produce good software. They argue that “Windows has always been flaky and in recent years it’s become a security disaster, and the Office Apps are still lost in a desert of poor usability”. Arguably these things are true and Microsoft seems to have had a nightmare with Vista (which may not be over yet).

There is a counter-argument which I support, which says that Microsoft has invested strongly in really talented software engineers and has put together some awesomely good software. It could afford to—right? I support this argument because it’s true. In the area of Media, Microsoft has some extraordinarily good software—far better than the competition. I have a friend who is developing something for Windows XP/Vista who never ceases to be amazed at how well thought out .Net version 2 is (and how good version 3 is going to be). To this you can add the fact that the Microsoft server-side products in middleware and database are seriously good.

The irony then is that Apple with its awesome accent on usability has stolen the market right from under Microsoft’s nose. Microsoft comes to market later this year with its Zune music player, which is destined not to challenge the iPod. Meanwhile Microsoft’s Media Center PC is about to prove irrelevant, because Apple has decided to complete its media jigsaw with a simple TV plug-in device. The video will play from a Mac somewhere else in the house.

What we are witnessing here is the “big Mo” where Mo is for Momentum. Apple has an end-to-end capability; web store, Mac, iPods, iTV (code name for the new Apple TV plug-in) and retail outlets (including its own). Very simple, in a way. With all its excellent media software Microsoft is destined to flounder trying to find a point where it can gain a foothold against Apple. It reminds me of IBM desperately trying to gain a foothold with OS/2 in the wake of Windows. Microsoft thinks it can buy its way in, but money doesn’t help. It’s about channel strategy. Apple has one, Microsoft doesn’t.

Microsoft’s only effective way to compete now is through its XBox—but I don’t think it has the smarts to work out how. It has lost its edge.