“We cover the tea bag material with nano-structured fibres, and instead of tea inside the tea bag, we incorporate activated carbon.

“The function of the activated carbon is to remove most of the dangerous chemicals that you would find in water.”

He says that the function of the fibres is to create a filter where harmful bacteria is physically filtered out and killed.

The BBC does not mention what quantity and speed of water can be filtered by a single bag. Those are the usual metrics but each bag is meant to be used only for a single serving just like tea.

The inventor, “past executive vice-president of global network of water professionals the International Water Association and a member of Coca-Cola’s global panel of water experts”, emphasizes the importance of decentralized solutions to help those most in need of water security.

A water security risk index of 165 nations, released by UK-based risk consultancy firm Maplecroft in June found that African and Asian nations had the most vulnerable water supplies, judged by factors such as availability of drinking water, demand per capita and dependence on rivers that flow through other countries. [Professor Eugene] Cloete adds that more than 90% of all cholera cases are reported in Africa, and 300-million people on the continent do not have access to safe drinking water.

“The ‘tea bag’ filter can show the way forward, as it represents decentralised, point-of-use technology. “It can assist in meeting the needs of people who live or travel in remote areas, or people whose regular water supply is not treated to potable standards. “As it is impossible to build purification infrastructure at every polluted stream, we have to take the solution to the people,” he notes.

They also ran tests using shock, bolt-cutters, tensile and salt-fog.

The most expensive of the four locks did not win a single test.

The state Senate on Wednesday voted 21-11 to pass SB880, which requires helmets for snowboarders and skiers under 18.

The helmet law would be the country’s most restrictive if Gov. Arnold Schwarzenegger signs the legislation. The fine, however, would top out at $25.

The bill would require resorts to post signs about the law on trail maps, websites and other locations throughout the property.

There already is a bicycle, skate and skateboard helmet law for minors in California and a wealth of information on bike helmet laws at the Bike Helmet Safety Institute.

Leadership hopeful Ed Balls said David Cameron should ask Theresa May to assure MPs that the allegations would be properly investigated. [...] “But look, we cannot have somebody being paid over £140,000 a year to run the government’s communications when there are questions about whether he misled Parliament or not, and whether or not he was systematically involved in illegally bugging the telephones of members of Parliament and wider citizens.”

Apparently it takes Balls to ask Cameron to ask Theresa to make a statement.

Sorry, couldn’t resist that line. Seriously, though, what does a salary have to do with anything? Balls appears to be trying to use it as a wedge to drive resentment against Cameron, or against Coulson, or both.

The issue I see first is whether or not Coulson was involved and second to what level. It would be nice to see a third part describing details of the incident. Tessa Jowell, for example, claimed 28 individual hacks on her phone. How were those counted as individual “hacks”? Many of the hacks seem to be just sloppy impersonations that left behind obvious indicators like messages being flagged as read before the mobile owner had read them — a PIN code was stolen once and then used repeatedly.

The New York Times suggested that Rupert Murdoch’s tabloid practice of privacy breaches and surveillance was widespread in the industry.

Scotland Yard collected evidence indicating that reporters at News of the World might have hacked the phone messages of hundreds of celebrities, government officials, soccer stars — anyone whose personal secrets could be tabloid fodder. Only now, more than four years later, are most of them beginning to find out. [...] Andy Coulson, the top editor at the time, had imposed a hypercompetitive ethos, even by tabloid standards. One former reporter called it a “do whatever it takes” mentality. The reporter was one of two people who said Coulson was present during discussions about phone hacking. Coulson ultimately resigned but denied any knowledge of hacking.

Coulson is being pinned with raising the stakes in the game. Maybe that is why his salary as home secretary is being tossed out in debate even though it does not really belong in any of the three parts I mentioned. It does seem to fit into a “do whatever it takes” competitive culture.

I say it will be hard to isolate fault in tabloids for digging in and bringing everything to the front page when the same style of sensationalism is used by leaders in British Parliament. Coulson’s salary is perhaps public information, which would clearly differentiate it from details of his private communications, but the context still illustrates what might motivate tabloid surveillance. The fights get dirty.

The politics and arguments between those trying diligently to preserve privacy and those working to expose information hopefully will evolve into another story; how industry and mobile owners can detect and report surveillance regardless of source. Will the UK government, in other words, move now towards support of privacy that counters private industry surveillance, given that those same skills and tools will probably interfere with their infamous government-led surveillance?

Across Africa, people often lay snare traps to catch bushmeat, killing or injuring chimps and other wildlife.

But a few chimps living in the rainforests of Guinea have learnt to recognise these snare traps laid by human hunters, researchers have found.

More astonishing, the chimps actively seek out and intentionally deactivate the traps, setting them off without being harmed.

The question we often are asked is whether this could be applied to email systems with automation. The answer is of course yes. Just as malware can be caught by looking for bad code, fraud can be caught by looking for a pattern of “bad” language.

I will present an update to our research at the International High Technology Crime Investigation Association Conference this month in Atlanta, Georgia.

SC Magazine reports today that Blare Sutton of Ernst and Young has found success with fraud investigations by manually applying our technique in the field.

Words that showed “subconscious” tendencies included problem, concern, revise, discount, correct, miss, Figure out, It’s OK, find it, complex. And when regulators such as the Australian Securities and Investments Commission were breathing down a company’s neck, Sutton’s team looked for incidences of their mentions in emails.

“It’s basic language,” he said. “There was nothing about the fraud [in the emails], it was subconscious language that led to an anomaly from which we could do a traditional investigation.”

Yes, just like a virus will masquerade as something else fraud language is not obvious, but calling it “subconscious” language is inaccurate. The story indicates Sutton is trying to statistically show correlation so the question now becomes whether we could predict fraud in advance or actually block fraud messages pro-actively. We are moving towards a warning system or prevention technique. Simply classifying language after the fact, which appears to be Sutton’s story, is interesting but not an ideal use case — his application comes across as “once we know there is fraud we can find indicators of it”.

Operatives of the city police directorate for fighting economic crimes have told journalists that the suspects created a computer virus that blocked all programs on the users’ computers and put a pornographic picture on the screen together with a demand to send an SMS to a certain number to receive a code that would supposedly unblock the computer. For the SMS the victims were billed about 300 roubles or $10. However, sending the SMS never led to any results and some users have sent it repeatedly.

I detect hyperbole. Let me count the ways I find this story hard to follow.

1. Even if users hit the SMS repeated times there still were over a million users affected. I searched the source lifenews.ru and found no mention of the malware incident. My Russian is not great but a million people with inoperable computers seems like it should be a headline story long before the police report catching the people responsible. The software in this case is not named but it probably is related to WinLock and LockScreen
2. Malware that tries to lock a system and demand payment is nothing new. Ransomware-A by name alone made it pretty clear in 2006 that you should not give in to demands for money. Are so many users in Russia really unaware of this class of malware and attack vector? Do they not realize they could use a free tool to get the unlock code or just figure out the unlock code themselves?
3. Russians are said to be familiar with or even seasoned by news of fraud and crime linked to blackmail. Why did they forgo all the other options and instead believe in a ransom note — give their money to someone without any guarantee of getting an unlock code in return?
4. The Telecom companies facilitated the crime. They must have detected something amiss when that many SMS messages flooded their system for so long and so much in revenue. Is there no fraud detection? No early-warning system in operation? Did they send a giant check to the gang as a prize, like a lottery winner, or did they just freeze the account and refuse payment? Perhaps I should ask this a different way. Do infrastructure operators in Russia have any incentive to detect and block this kind of obvious criminal activity or are they just taking a cut of the profits (apparently 50%) and walking away clean even after the criminals are caught?

The failure of the fraud detection system and the awareness of users is the real story I see in this report. Two or three days after the attack started it could have been shut down completely. Nothing glamorous or clever about it, and very easy to stop/prevent, which makes it so hard to believe it could have been as successful as claimed just as malware. I therefore think this amount of money must only be possible with the cooperation of those who could stop the attack.

An ITAR-TASS report gives a very different estimate of harm over a much longer period of time.

According to preliminary calculations, more than 3,000 Internet users fell victims of fraudsters in April alone, including in CIS countries. According to police data, the annual profit of law-breakers topped one billion roubles.

Perhaps something is being lost in translation with the first report. The same amount over a year is far more believable, but still begs the question of corruption and presence of simple controls.

We’re jealous of the folks who get to drive the Zerotracer. It’s a sporty two-seat enclosed motorcycle that weighs less than 1,400 lbs, can do 0-100 km/hr (62 mph) in less than 4.5 seconds and has a top speed of 150 mph.

The first thing that comes to mind, if I remember correctly, is that this looks to be a very close copy of a vehicle in the 1991 movie “Until the End of the World” by Wim Wenders. Rent the movie and see how the landing wheels work; to be fair the concept was developed by a pilot and Wenders seemed to just throw it as a credibility prop.

The movie also had some amusing concepts of Internet search engines and computer navigation in cars. The search engine, for example, had a big Russian bear mascot that would say “I’m searching, I’m searching” while it generated results.

My first work with GPS navigation was in 1994, about the same time I saw the movie. It seemed back then uncanny how accurate Wenders was in his vision. The Wired article suggests to me it might be time to see it again and see what else was predicted or may still come true.

Experian has adapted the PCI-DSS and renamed it Experian Independent Third Party Assessment (EI3PA). Trans Union and Equifax are expected to follow suit.

The EI3PA is an annual assessment of a reseller’s ability to protect the Experian-provided personal sensitive information. It also has quarterly scans for network vulnerabilities. Although similar to the PCI DSS, and QSAs will be doing the assessments, approval comes from Experian only, not from a card issuer or issuing bank.

The Mayor also announced that he would like to “make the 3 Foot Passing Rule a 3 Foot Passing Law” in California. He will be introducing the bill, going to Sacramento and working with the bicycling community to ensure that this becomes a reality. “We’ll keep at it until it becomes part of the California Vehicle Code.”

LA has to be one of the most bike unfriendly cities anywhere. When I lived there many years ago it was common for bike lanes to end abruptly at the intersection with eight lanes of freeway, and no way to get across. Apparently the very first LA Bicycle Summit was just held this year. Excellent to see them take (three?) steps to at least make bicycling safer.

Heidi Bazzano, one of the protesters at 38th and Portola this morning, said, “there are so many problems with ’smart’ meters. PG&E, the government, and any hacker worth his salt will know when you wake up, what appliances you use, when you go on vacation. The meters overcharge people, increase carbon emissions, expose us to EMF which is a confirmed carcinogen, and worst of all, we’re paying for them through hikes in our electric rates!”

“One of the protesters” is not exactly a qualified opinion. And their description of a hacker sounds a lot like the bogeyman or Santa Claus rather than a real threat. Watch out, he knows when you have been bad or good…this makes the protester sound uninformed. Confirmed carcinogen? Confirmed where?

Those who are electrically sensitive have reported that the intense bursts of radiation from ’smart’ meters are amongst the worst they have ever experienced. People throughout the state have been reporting headaches, nausea, dizziness, sleep disruption and other health impacts after smart meters are installed. PG&E has declined to remove the new meters even though they are causing adverse health impacts, leading some local residents to flee the state and stay with relatives. Some have even been forced into homelessness, living in their cars with the hope that their smart meter will be removed.

The health risks still all sound theoretical. Some might correlate smart meters to general health issues but where are the audits, studies or tests that prove causation? A placebo test or control group study would be interesting. I can understand an opposition to meters after billing mistakes are caught by auditors. This problem was documented and proven. I do not understand the vague health argument.

Indybay does not offer insights. They link instead to StopSmartMeters, which gives only more vague references, laced with heavy-handed sarcasm.

PG&ESE: “A SmartMeter device transmits relatively weak radio signals, resembling those of many other devices we use every day, like cell phones and baby monitors. A major radio station, by contrast, usually transmits with 50,000 times as much power.”

English Translation: “A DumbMeter device transmits relatively weak radio signals compared with your microwave oven (which we initially asked the FCC for permission to install but we realized that humans who are cooked like hot dogs have trouble authorizing a debit account). We’ll conveniently neglect to mention that cell phone and baby monitor wireless technologies have been implicated in brain tumors and other nasty lethal ailments, trusting that the public’s ignorance of wireless impacts will hold out long enough for us to finish installation.”

First, this is a counter-point to the entire argument. It says the SmartMeter company is motivated to do no harm because they need consumers to be healthy enough to pay bills. That could be the end of their protest right there.

Second, the style reads to me like a story from The Onion. I might think the site is a hoax except for links to real news stories about City Councils considering whether to block installation.

Are Councils and local government driven by fear more than any evidence of risk? An article in SFGate says this is very likely.

Of all the complaints filed with PG&E, 16 percent came from customers who did not yet have a smart meter, Burt said. In other words, they couldn’t be reacting to a mechanical problem with the meter.

Another bit of evidence suggests that fears rather than malfunctions drive at least some of the complaints. The Sacramento Municipal Utility District gets more customer complaints about its own smart meters following newspaper or television stories about PG&E’s meters. That includes stories about the meters’ accuracy as well as complaints that the wireless devices could pose a health risk – an idea that PG&E strenuously rejects.

“Whenever we see a spike in stories about PG&E’s smart meters, we see a spike in complaints,” said SMUD spokesman Chris Capra.

What happens when there is a spike in stories about stories about PG&E smart meters?

…we were confused by a claim that 33% of critical and high-risk bugs uncovered in our services in the first half of 2010 were left unpatched. We learned after investigating that the 33% figure referred to a single unpatched vulnerability out of a total of three — and importantly, the one item that was considered unpatched was only mistakenly considered a security vulnerability due to a terminology mix-up. As a result, the true unpatched rate for these high-risk bugs is 0 out of 2, or 0%.

IBM has an updated chart now. Although one can see how Google might take such a sensitive and defensive position when confronted with vulnerability data, their analysis comes across as shockingly one-sided.

They first highlight four “factors working against [vulnerability databases]“. All have a clear tone of “don’t trust those databases” but only one says the vendors have an important role — disclosure in consistent formats. The finger-pointing then goes a step further with two suggestions:

To make these databases more useful for the industry and less likely to spread misinformation, we feel there must be more frequent collaboration between vendors and compilers. As a first step, database compilers should reach out to vendors they plan to cover in order to devise a sustainable solution for both parties that will allow for a more consistent flow of information. Another big improvement would be increased transparency on the part of the compilers — for example, the inclusion of more hard data, the methodology behind the data gathering, and caveat language acknowledging the limitations of the presented data.

I think calling the report misinformation is a bit harsh. Their post only says databases are not to be trusted because the “compilers” do not reach out and are not transparent enough. That should be a two-way commentary. There is no need to place all blame on database researchers and none on vendors like Google. Google could publish more patch information and transparency with regard to its recorded vulnerabilities. They could lead by example, of course, and fix their their security communication and management issues, especially around consistency. That might be the third, but most important, step to make these databases more useful.

Although it would be cool to jump into this statistic, I do not see any analysis or data on the users that proves they were not faking their own profile.

Turnabout is fair play, no? How much of this information that BitDefender collected is real?

The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc. In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.

Ironic that they would assume it can be trusted. Or did they verify? The complete 400K report does not give any verification of the survey group, so maybe we can assume they also could have been duped while they were trying to dupe others. The closest thing I found was this note:

These outcomes were tested against the motivation of IT security industry users to become friends with the blonde girl, in order to ensure that they didn’t accept the friendship request just to have “study material” for their own research.

That means they asked the person they were trying to befriend for their motivation; 53% said “a lovely face” was their reason to accept the girl. Was this a game response or sincere? I don’t see it as validation.

The experiment revealed that the most vulnerable users appeared to be those that worked in the IT industry: after a half an hour conversation, 10% of them disclosed to “the blonde face” personal sensitive information such as: address, phone number, mother’s and father’s name, etc — information usually used in recovery passwords questions. In addition to that, after a 2 hour conversation, 73% revealed what appears to be confidential information from their work place, such as future strategies, plans, and unreleased technologies/software.

Two hour conversation with a fake profile. That’s impressive but I still would like to see validation results. I mean what percentage of those claiming to work in IT were proven/verified to actually work in IT. Did they divulge real or fake information? When a study begins with a premise that you can easily fool people online, it would seem logical to then proceed with caution and not believe everything a new contact might say.

Visa warned in 2008 that to avoid “appropriate risk controls, up to and including fines” you must provide them a PCI DSS Attestation of Compliance for all Level 1 merchants by the end of September 2010.

If you’re just a generic Joe Blow who wants to make sure your private pictures don’t get viewed by your collegues or kids, you’re golden. The fact that the there’s no way a software-only attack can get the pincode means that some hardware-experience is needed to start hacking the device, and that will deter casual onlookers enough to make the device completely safe for curious neighbours or collegues, even if they are smart enough to, for example, install a keylogger on your PC.

If you’re a business-person with actual info to hide, info that could financially benefit other parties… you can still use this, but make sure to pick a strong pincode. More than 11 digits should do, depending on how badly others want the data.

If you’re, say, the president of a nuclear country and want to use this to carry around the launch codes of your nukes, I wouldn’t recommend this device. While the thing is safe for a casual hacker like me, someone with money or the resources to de-cap chips can probably get to the data fairly easy: the PIC which contains the keys to the HD is not a secure device and when decapped under a microscope in a laboratory can probably be made to give up that key fairly easily.

Is that a qualified hint to the Pentagon or just an example?

In late 2008, CalRecycle auditors contacted investigators at the California Department of Toxic Substances Control after noticing discrepancies in the claims submitted by Tung Tai and the records kept by Golden State Records and Recycling, a company that collected and transferred materials to Tung Tai, Brown said in the release.

In July 2009, state agents searched the Tung Tai facility and discovered two separate sets of records, Brown said. Those records showed that Tung Tai had significantly inflated the pounds of recycled material it submitted for reimbursement to CalRecycle between January and September 2008, Brown’s office said.

Two separate sets of records? That is pretty bold.

As I pondered the perplexing problem of what to do with the back of the watch, I decided to study the mechanical watches I had lying around. They all seemed to have the same general design – a big turning with the strap lugs formed by punching out the material between them and from the sides of the watch. I had to approach it a bit differently, since I had an o-ring seal to get in the way of milling away material from the front. So I had the material milled from the rear. But I used the idea of turning the strap lugs, which is what gives it that watch-like look.

Although they figured out how to seal the case and make it attractive, battery life is still far below the paltry one-year that was planned. Hello, solar? What is that other wrist for anyway? Ironically it has a sensor built-in to save battery life by only displaying the time when viewed from a certain angle. Why not also generate energy from movement? This becomes a great example of how dependent a system is on energy, yet how little engineering is spent on solving the problem of input versus aesthetics.

Within the QualysGuard Consultant interface, you will still be able to run PCI specific scans using the PCI Option Profile. You will also still be able to run PCI pass/fail reports; however, these reports will now be flagged as non-certified reports and cannot be submitted to your clients’ acquiring banks to pass PCI Compliance.

Approved Scanning Vendors (ASV) using QualysGuard are not affected if they are already using the ASV Portal. The portal gives only a Pay Per Host license with unlimited external scans instead of the Pay Per Scan. Internal scans for requirement 11.2 have to be done with another tool or a different account.

Those who are not an ASV will no longer be able to own the scanning license and can not submit reports to the PCI council for certification on behalf of a client.

Qualys says the changes are related to the new PCI Council guidelines on ASV from last March. The following differences will be seen after their new product launch next week, on August 31.

# Attestations: Customers are required to confirm on a quarterly basis that reports adhere to PCI DSS requirements for scoping, false positive documentation, and scan completeness. ASVs must then review these submissions and provide their own attestation. QualysGuard PCI will provide simple workflows to assist scan customers in providing and tracking the status these attestations.
# Report Content Changes: The ASV Scan Report must use a new format that includes additional content, revised scoring terminology (High, Medium, and Low), and sections for attestations. QualysGuard PCI reports will incorporate all required changes.
# False Positives: Approved false positive requests must be resubmitted by the customer to the ASV for review on a quarterly basis. QualysGuard PCI workflows will provide scan customers an easy-to-use interface for viewing and resubmitting false positives.
# Scoring Changes: As a result of clarifications concerning CVSS scoring, certain QIDs have changed their compliance posture and will now cause components to fail PCI certification. The complete list of QIDs is detailed in the FAQ referenced below.

Scoring changes can be found in an appendix of their FAQ. A long list of exploits (QID in Qualys terms) will now have CVSS v2 scores of 4.0 or higher.

Their most recent notice does not mention this but instead focuses on who is an ASV and the services provided — a company can not compete directly with an ASV just by using the same software and running the same reports. The PCI Council charges a fee to become an ASV and be listed as an ASV. The change thus seems to have come from a combination of licensing issues and quality control.

Lynn’s proposals are provocative. But the strategy could be costly and perhaps cumbersome, and it involves threats that aren’t well understood by the public – even by many of the companies that could be targets of attacks.

Talking with Lynn, I was struck by the gap between the way defense experts see cyberspace – as a source of potentially crippling assault – and the public’s view of an internet that is a generally benign companion. Although Lynn speaks of cyberspace as a “domain” that can be protected, such as airspace, it may be closer to the oxygen we breathe.

Anyone who has been in a country ruled by a military junta knows the downsides. A perfect example of this was when I was walking down a quiet street one day and noticed a little building surrounded by plants next to a river. It was an interesting scene and I pulled out my camera to take a picture.

No more than a brief moment after my finger pressed on the shutter control three heavily armed men in camoflage emerged from the bushes yelling at me in a foreign language. I stepped back into the pedestrian traffic behind me but I very quickly noticed they were headed right for me, guns now in their hands at their waist. Fortunately the crowd surrounded me and a yelling match ensued with the civilians telling the three men to stay back.

The soldiers saw me as a threat perhaps in the same way that Lynn is going to train his staff and tell everyone about the threats facing America. I was using digital equipment so I showed the photo to the soldiers. I did not let go of my camera. They at first said they would have to confiscate my camera and worse but the crowd and I managed to convince them that there was no harm, no threat and no need to waste any more time arguing in the street, blocking everyone’s day. Resolution came when I deleted the photo so the soldiers could see they had made their influence felt. They walked away with guns back over their shoulders and the crowd dispersed.

My experience in this country was overshadowed by the fact that they had been through several military coups. Power was influenced heavily by the presence of domestic and foreign military, both of whom had used force to instate control over the political landscape.

This is just one of many examples you will find that show a disparity can easily form between perceptions of risk by civilians and the military. This is not to discount the value of a military presence but rather to say it needs to be something in perspective, especially given the recent record of US military threat analysis. I agree completely with the writer in the Daily Star when he says this.

In the debate about cyberstrategy, I hope officials will recognize the dangers of militarizing the global highway for commerce and communication.

All that being said, I also remember when I crossed the border from Mexico into the United States. It was a small town border on a dustry stretch of desert. I sauntered through a small gate with my camera out in front of me. A yellow school bus was parked along a line of yellow posts in the distance. I raised the camera and pressed the button…a second later I had a U.S. Border Patrol officer jump out of a box fifty feet ahead and yell that I was breaking a Federal law of 1920 that prohibits blah, blah, blah. 

I was familiar enough with US laws, unlike the example above, to know this was nonsense and I had done nothing wrong. Nonetheless, here was a man with a gun again telling me that my tourist photo was a clear and present threat to national security. I showed the photo but did not offer to delete it. He said delete it or he was going to seize the camera, which indicated to me this was a kind of process for him. Perhaps it was how he passed the time. I hope you can see where the story goes. This is not the mentality the US needs in an office meant to protect the country from harm. Real threats should be handled. False positives can do more harm than good. Where is the emphasis to prevent false positives?

A secure network is one that operates without interruption, just like a secure neighborhood is one that has no need for military roadblocks. It is possible that the US military will consider civilian values of efficiency and freedom when they work on their new domain of “potential warfare” but so far I have seen little evidence. Instead I see a lot of military speakers being given open forums to scare civilian crowds with threats (bad guys are at the door, don’t you want to hand over control to the military now?) and Lynn has fit the rule not the exception.

The Wired report on Operation Buckshot Yankee supports my earlier assertion that it is more hype about threat than reality. No clear harm, no clear link to a clear threat; just a vulnerability — apparently weak security controls in the US military.

But exactly how much (if any) information was compromised because of agent.btz remains unclear. And members of the military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government — despite ongoing talk that the Russians were behind it.

Although I remain wary, at the very least I have to thank Lynn and the State Department for giving me excellent and somewhat contradictory material to add to my Top Ten Breaches presentation this October at the RSA Conference in Europe. The analysis feels very similar to my history studies when I had to make sense of the UK Foreign Office, Colonial Office and War Office fighting for control of resources at the end of WWII.