John Lawlor

Imagine the scene: you are driving alone at night (video link) in an isolated area somewhere in Europe and you have a very bad crash, leaving you seriously injured and unable to communicate with anyone or to use your telephone to call the emergency services. Your chances of dying in such a situation would be quite high. Now, thanks to a new system to be implemented across Europe, help may be at hand in the form of eCall, an electronic service that will automatically call local rescue services by dialling 112 and providing information on the exact location of your vehicle, using its GPS coordinates.

Time saved = lives saved

It is shocking to learn that some 35,000 people died and 1.5 million were injured in about 1.5 million accidents on European roads in 2009. That’s almost 100 killed every day of the year and over 4,100 injured! Furthermore, the cost of this road carnage to the EU economy amounts to a staggering €160 billion per year. Any system, therefore, that can help to reduce these horrifying statistics, save lives and reduce injury has to be welcomed.

The eCall system is like a “black box” that activates when a vehicle airbag activates or when there is a sudden severe impact in the vehicle. It can also be activated manually so that, if a driver witnesses an accident, an emergency call can be made. Once activated, the system calls the local emergency service and creates both a voice and an automatic data link. The automatic data link sends the exact location of the accident (using GPS co-ordinates), the type of vehicle, direction of travel, and other relevant information for the rescue services. The voice link enables the occupant, if he or she is capable of doing so, to communicate directly with the emergency operator and provide further information about the accident.

According to the EU, the eCall system should enable emergency services to cut accident response times by 50% in rural areas and by 40% in urban areas. This improved response capability could save up to 2,500 lives a year and mitigate the severity of tens of thousands of accidents. It also has the potential to save some €20 billion annually if the system were fitted in all cars in the EU.

Despite the fact that the system is almost ready to roll, there are a number of barriers to be overcome before it can be successfully deployed across Europe. The first step is to fit all new cars with the eCall system. Next, telecoms operators must be able to identify calls from the eCall system and transmit the automatic data to the nearest emergency centre. Finally, emergency centres must be capable of receiving and processing the automatic data from the vehicle. Not all emergency centres can do this at present.

To overcome these barriers, the EU is taking steps to raise awareness of the eCall system and to fund pre-deployment projects. It is also considering implementing regulatory measures to require that the system is fitted in all new cars; that telecom operators can transmit emergency calls and data to emergence centres and that emergency centres are upgraded to handle eCall efficiently. The EU is also running a public consultation process until 19 September 2010 to collect the opinions of stakeholders and EU citizens on the issue. This is in the form of a short online survey that only takes minutes to complete (it only took me three minutes), so why not have your say?

20 EU member states and three non-EU states have formally supported the eCall system and signed a Memorandum of Understanding (MoU); four are getting ready to sign and Ireland has stated support for eCall’s mandatory introduction but has not yet signed the MoU. In addition, over 100 other organisations are also committed to eCall’s introduction. These include car manufacturers BMW, DAF, Daimler, Fiat, General Motors, MAN, Porsche, Peugeot-Citreon, Renault, Scania, Volkswagen and Volvo. Other signatories include insurance companies; electronics companies; local authorities, and telephone operators. No Irish organisations are represented among the signatories.

There is some information available on the Irish Department of Transport website outlining Ireland’s position. The Department notes that, in November 2009, a study for the European Commission (PDF 4.2 Mb) indicated that eCall has a greater potential to save lives and reduce serious injuries if deployed on a mandatory as opposed to a voluntary basis. In late 2009, the Department undertook a stakeholder consultation with specialist interests in Ireland including the Road Safety Authority.  The consultation resulted in a clear preference for a more proactive approach at EU level (MS Word) on eCall.  At the EU Transport Council in December 2009, the Minister outlined the results of the stakeholder consultation on eCall, namely that there was support for its mandatory introduction in all road vehicles.

What do you think about eCall? Would you like to see such a system implemented in Europe? Should Ireland sign the MoU and get our telecoms operators and other stakeholders involved? Are there potential privacy concerns with such an in-vehicle telematics system and related technologies? Are privacy concerns mitigated by the benefits of the system? Please leave a comment and let me know.

Further information on eCall is available through these links:

Fact Sheet (PDF); eCall Video (Windows Media); eCall Toolbox; eCall FAQ (PDF)

ICT research in Europe is set to get a major boost in 2011 with the announcement today by the European Commission of a call for proposals for research projects worth 1.2 billion euros.

The projects will include a number of Public Private Partnerships:

The future Internet
ICT for energy efficient buildings
ICT for the fully electric vehicle
ICT for factories of the future.

These four projects have a combined budget of 220 million euros. Details of other budget provisions are available here (PDF).

All documentation is available through the links above. The deadline for submission of proposals is 2 December 2010.

The research funding is part of Europe’s Digital Agenda (launched in May 2010) and is the first significant increase for EU ICT research in more than 10 years. The digital agenda has seven priority areas:

1. Creating a digital Single Market
2. Greater interoperability
3. Boosting Internet trust and security
4. Much faster Internet access
5. More investment in research and development
6. Enhancing digital literacy skills and inclusion and
7. Applying information and communications technologies to address challenges facing society like climate change and the ageing population.

Further details on the Digital Agenda and the seven priority action areas are available here.

The Commission expects that SMEs will benefit from the work programmes funded from the research funding, which will be welcome in the current economic climate.

There are many opportuities for funding available on the EU Information Society website, which is always worth keeping an eye on. Let’s hope the research under these calls is successful and leads to an improvement in the lives of European citizens. We still have a long way to go to catch up on our American and Asian competitors.

I am speaking at a Microsoft and PM Centrix event tomorrow on Trinity College’s experience of implementing Microsoft Project and Project Server in the Information Systems Department. The title of the event is “Microsoft Project: An Intuitive and Easier Way to Complete Projects” and takes place in the Westbury Hotel, Grafton Street, Dublin. Registration begins at 08.30 and admission is free. Click here for further details of the event.

The slides from the above presentation have now been uploaded to slideshare here:

The latest newsletter from Information Systems Services in Trinity College Dublin has just been published online. Read about the latest developments, including:

• Message from the Director
• Report from the Programme Management Office
• News from the Helpdesk
• College Network Enhancements
• New Email and Calendar Service for Staff
• Student Attendance System for School of Nursing and Midwifery
• Wireless Roaming Using eduroam
• New Counselling Service System
• Research Support System Update
• Training Courses in June.

If you would like further information on anything in the newsletter, please contact me or leave a comment here.

I went along this evening to a pretty full lecture theatre in Trinity College’s Science Gallery to listen to Venky Narayanamurti of the Harvard Kennedy School speaking on the subject of science, technology and society. He is a man clearly passionate about his topic and spoke with conviction, vigour, animation and not a little humour. Venky spoke about the great inventors – Edison, Watt, Einstein, Pasteur- and how invention and innovation come from applied science, research, experimentation, use cases and what he termed “grand challenges”. He spoke passionately about the need for an understanding of science among our leaders and hailed Obama’s commitment to the sciences in his inaugural speech:

“We will build the roads and bridges, the electric grids and digital lines that feed our commerce and bind us together. We will restore science to its rightful place, and wield technology’s wonders to raise health care’s quality and lower its cost. We will harness the sun and the winds and the soil to fuel our cars and run our factories. And we will transform our schools and colleges and universities to meet the demands of a new age. All this we can do. All this we will do.”

Vekny spoke about how innovation does not always have to come from inventing something new, but can also come from finding new and imaginative ways of using something that already exists. He cited the case of Ushahidi, an open source, ”crowdsourcing” system that uses simple mobile technology, such as phone, SMS, and web, combined with geolocation and mapping software on the Internet to track emergency and crisis information. Ushahidi is a fantastic example of how collaboration and innovation, coupled with existing technology, can come together to solve real world problems. It was used in Kenya to map incidents of violence and peace efforts throughout the country based on reports submitted via the web and mobile phone after the 2008 elections. It was used in India to monitor elections and it was used in Washington DC to deal with the aftermath of their snow this year. It is now being used to monitor the crisis in Haiti after the earthquake.

In question and answer following his speech, Venky’s answer to one question stuck with me. Asked about invention and about how and whether people should focus their efforts, Venky said, ” You can’t be everywhere, because then you are nowhere.” How true.

It was a wonderful evening in the Science Gallery and I look forward to attending more lectures there. The lecture was recorded, so I hope it will find its way to YouTube or iTunesU.

If you were at Venky’s lecture and would like to add your thoughts, please leave a comment and add to the record.  If you have used Ushahidi, or know about the application, I’d also love to hear from you. And, finally, if you have had experience of crowdsourcing, please share your thoughts and experience here.

This surely is a big question, some answers to which I look forward to hearing at Trinity College’s Science Gallery next Wednesday, 24 March 2010, at 18.00 UTC/GMT.

Professor Venkatesh Narayanamurti, Harvard Kennedy School Director of Science, Technology and Public Policy will speak on “The Role of Science and Technology in Meeting Societal Grand Challenges” in the Science Gallery’s Culture of Science lecture series. The lecture is presented in association with the TCD/UCD Innovation Aliance, which is a partnership between both Trinity College Dublin and University College Dublin that will work with the education sector, the State and its agencies and the business and venture capital communities to develop a world-class ecosystem for innovation that will drive enterprise development and the creation of sustainable high value jobs. Wow!

Entrance is free for members (SG members and on production of a valid TCD and UCD id card) and a mere €5 euros for other guests.

You can keep up with events at the Science Gallery on their website, follow them on Twitter @sciencegallery, or join their 740+ fans on Facebook.

Trinity College is also on Twitter @tcdublin and has many sites on Facebook.

If you’d like to connect with me, check out the contact details on the right.

Anyone involved in IT project management will probably have had the misfortune to have been involved in or to have known a project that failed. Careers can be destroyed; recriminations fly; blame is apportioned by everyone to everyone else; relationships break down; trust is damaged, and people who were friends become strangers.  That’s the human side, which is often ignored in the dynamics of projects.

On the project side, the causes of failure are fairly well known and include, in no particular order:

• Bad project management
• Poor budget management
• Bad requirements
• Inappropriate technology selection
• Lack of clarity on expected outcomes and benefits
• No testing or inadequate testing
• Bad or no quality management
• Bad or no risk management
• Poor scope management leading to scope creep
• Lack of change management
• Lack of top management commitment
• Failure to consult appropriate stakeholders
• Bad communications
• Poor team working
• Inadequate resources, both people and budget
• Resistance to change
• Diverging objectives
• Changes in the underlying business or wider environment
• Poor vendor performance
• and many more

Please don’t criticise me unduly me if I have omitted some causes, or elevated others incorrectly to the short list!!  (If you’d like to be more precise than me, I’m sure you can get the latest thinking on project failure from Gartner, IDC, OVUM, Forrester, Standish Group, Big 4, Government Audit (C&AG in Ireland) and many more, and I bet all of them will include some or all of what I have listed above. Study after study, and consulting assignment after consulting assignment, will regularly point to these causes of project failure.

So if organisations know the human reasons for failure; and they know the project reasons for failure, and they know the technical reasons for failure (and these are already well documented in the literature); and they continue to allow projects to fail, then my question is not, ‘Why do projects fail?’, it is this:

‘Why do organisations not learn from project failure?’

I will suggest my own answers to this question in a subsequent blog post; but, in the meantime, I would like to hear what you think.

What are your views on this question? What experiences have you had that might point to the inability of organisations to learn from project failure? Have you been involved in projects that you knew would fail, yet still carried on until the inevitable collapse? Why do organisations not understand or accept what is staring them plainly in the face?

Please leave a comment and let me know your views. I will share any useful nuggets I receive here, so please come back to check for updates.

I am preparing a talk for CIOs on the topic of ‘Social Media – Creating Collaborative Conversations’. I’d like to hear from people who have made the corporate leap into social media in their organisations or who have views or expertise to share on the subject. Questions you might consider include:

• What advice would you give to CIOs and their organisations in adopting social media?
• Can you point out good and bad examples of the use of social media?
• What, in your experience, has worked well and worked badly in the adoption by organisations of social media?
• What is the future for social media in the enterprise and what are the implications for CIOs and their organisations?
• What lessons have you learned from using social media in your organisation?
• What are the risks for organisations in adopting social media and making them available to employees?
• What are the specific challenges for business as workers engage in new conversational behaviours and have the ability to spread knowledge inside and outside the corporate firewall?
• How can CIOs work with other executives to ensure that the use of social media is well-managed?
• How can organisations create collaborative conversations that benefit the business?

If you have any views on these questions, or have additional information to add, I’d like to hear from you.

Please leave a comment or use the contact form to share your experience.

The Twittersphere was loaded tonight with Tweeters complaining about a major failure in Eircom’s DNS service. I have been having ongoing problems with Eirom, which is one of Ireland’s main ISPs, and have little satisfaction in getting my problems resolved. It is clear from tonight’s events that I am not alone. I had to rely on O2′s mobile broadband service for much of the evening.

Thanks to a number of Tweeters, I was referred to OpenDNS, which is a provider of free security and infrastructure services that make the Internet safer through integrated Web content filtering, anti-phishing and DNS. I had to sign up for a free account, which was very easy to do and took just a few minutes. Once this was done, I changed the DNS entries in my broadband router and I was up and running on the web again.

I am still looking forward to the day when I can dispense with Eircom’s “service” all together.

What has your experience with Eircom’s broadband service been? Leave a comment and let me know, though I expect I already know the answer.

I had not intended this blog to become a security-related publication, or one dealing exclusively with theft of laptops and storage media. But there is certainly a trend developing; let’s hope it does not last.

Following on from yesterday’s post, and from my post of 24 August 2008, we learn today from a report on RTE, Ireland’s national broadcaster, that a laptop computer containing  the records of some 75,000 customers of Bord Gais Eireann (BGE – the Irish Gas Board) was was one of four stolen on 5 June 2009, although news of the theft was only released today, 17 June 2009. The records relate to customers who signed up for the BGE “Big Switch” campaign, which encouraged them to move their account for electricity supply from the Electricity Supply Board (ESB) to BGE. Like previous incidents, data on this laptop was reported not to have been encrypted.

This time it’s personal, as I have been potentially affected by this latest security failing.

It appears to me that many (I suspect a very, very large number) organisations that process personal information simply do not take the issue of electronic data security and data privacy seriously enough. Throughout the world, we learn regularly of significant breaches of customer confidentiality. As  I wrote in my August 2008 post, many of these incidents occur through the failure to manage portable devices and removable media effectively. But there is also a lack of appropriate polices, procedures, practices, guidelines and controls. Indeed, in many organisations, there appears to be little or no attention paid to security at all, except for template procedures and documents.

The 2008 Annual Report of the Irish Data Protection Commissioner provides information on the top ten threats to individual privacy as identified by his staff. The unscientific list represents perceptions of Commission staff of the major threats to privacy at the close of the year 2008, based on the queries and issues they deal with on a day to day basis. The top ten threats are identified as follows:

1. Failure of organisations to have even the most basic protocols in place to minimise the loss of customer and employee data.
2. Continued lack of proper procedures in public and private sector bodies to limit access by their employees to personal data on a ‘need to know’ basis.
3. Failure to take due account of the legitimate privacy expectations of members of the public when moving towards greater efficiency of public services.
4. The tendency of new legislation to seek ever more personal data from the public and the sharing of that data between organisations without (in many cases) any real business case to justify such sharing.
5. Criminals using increasingly sophisticated methods to part individuals from their personal data for criminal and fraudulent use.
6. The extended use of the Personal Public Service Number (PPSN). This is the number given to each citizen by the Government to identify them when they interact with public bodies. More and more services seek to use this identifying number, often without any credible justification.
7. Publication and availability of excessive personal data on the internet (sometimes placed there by the individuals themselves on social networking sites etc).
8. Continued lack of awareness among data controllers of their data protection obligations.
9. Indifference on the part of data controllers to the consequences of their actions when they deliberately and persistently refuse to respect the data protection rights of their customers.
10. Continued lack of awareness on the part of members of the general public (who, as a result, give away their personal information too easily, don’t ask why personal information is needed or fail to ‘tick the box’ to say that we don’t want to be contacted).

BGE issued a short press release advising that it had promptly informed the Irish Police and the Data Protection Commissionerof the theft and that it will be contacting all affected customers. However, since there has been almost a two-week lag between the occurrence of the theft and the issue of the press release today, it is possible that customers’ financial or other personal information could have already been compromised. This is simly not good enough. It is no good doing things right (if you can call a two week delay in advising affected customers “right”) after an incident has occurred; appropriate steps must be taken to ensure that such incidents do not occur in the first place and that, if they do, the risk to information security is minimised or removed entirely. Time will tell whether the “risk assessment” referred to in the BGE statement led them to a correct decision not to advise customers sooner; I hope they got that right.

Organisations must take serious steps to improve security now. Some of the steps they take might include:

• Raising security awareness among all staff and providing appropriate training.
• Assigning responsibility for information security to the right people, not just to the IT department.
• Implementing appropriate and effective security policies, procedures and practices.
• Implementing adequate and effective information security controls and risk management systems.
• Carrying out regular audits of information security practices.
• Encrypting data on laptops, portable devices, tapes, removable storage and other vulnerable media.
• Implementing appropriate controls over removable media and devices.
• Introducing strict penalties for staff who breach security requirements including, for serious breaches, dismissal.
• Revisiting my post of August 2008 for further information on information security.
• Visiting the web site of the Irish Data Protection Commissioner, which is full of good information on information security.
• Reading the 2008 Annual Report of the Data Protection Commissioner, which is an excellent document and gives an overview of the activities of the Commissioner and provides information on prosecutions, investigations, summary data, etc.

Organisations and individuals must realise and accept that information security is not an issue for the IT department alone; it is a business issue and needs to be treated as such. Staff who use laptops, portable devices and removable media must understand that it is their responsibility, not the IT department’s, to keep data safe. And basic security, like locking these devices away or securing them appropriately, as well as encrypting them, must become the norm, not the exception.

Under Irish Data Protection Legislation, penalties for breaches of the law can be severe and encompass both civil and criminal proceedings, fines and forefeiture and destruction of equipment. Bodies corporate and individuals are subject to the provisions of the legislation. Fines of up to 250,000 euros can be imposed. Maybe it is time that fines of this magnitude were imposed. Without tough enforcement, I fear that breaches of the law and loss of personal data will continue to occur.

Kevin Kehoe, who I thank for commenting on my previous post, mentioned that organisations need to assess their appetite for risk. Perhaps it is time to dampen that appetite dramatically and, when it comes to handling the personal private information of customers, staff, prisoners, benefit applicants, etc, accept that no appetite for risk at all is the desired attitude to have.

If you have been affected by the BGE failing and feel strongly enough about the matter to complain, you can get all the information you need to make a complaint from the Data Protection Commissioner’s website.

What do you think? Are you concerned at how easily and how often personal private information is stolen, disclosed or otherwise compromised? Have you been personally affected by a breach of your privacy? Have you lost money or suffered other negative consequences? Have you been responsible for a breach of data security?

Leave a comment and let me know.