German chat app slacking on hashing fined €20k

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

by Richard Chirgwin (The Register)

German chat platform Knuddels.de (“Cuddles”) has been fined €20,000 for storing user passwords in plain text (no hash at all? Come on, people, it’s 2018).

The data of Knuddels users was copied and published by malefactors in July. In September, someone emailed the company warning them that user data had been published at Pastebin (only 8,000 members affected) and Mega.nz (a much bigger breach). The company duly notified its users and the Baden-Württemberg data protection authority.

Interesting stuff: this German region’s equivalent of the ICO applied a fine to this app for failing to hash passwords, describing them as personal information that was inadequately protected following their theft. That’s interesting because it sets a German, and to a lesser extend a European, precedent that plaintext passwords can be considered personal information and therefore allowing the (significant) weight of the GDPR to be applied to their misuse.

How My Stupid Bloody Name Finally Paid For Itself

Since changing my surname 11½ years ago to the frankly-silly (albeit very “me”) Q, I’ve faced all kinds of problems, from computer systems that don’t accept my name to a mocking from the Passport Office to getting banned from Facebook. I soon learned to work-around systems that insisted that surnames were at least two characters in length. This is a problem which exists mostly because programmers don’t understand how names work in the real world (or titles, for that matter, as I’ve also discovered).

It’s always been a bit of an inconvenience to have to do these things, but it’s never been a terrible burden: even when I fly internationally – which is probably the hardest part of having my name – I’ve learned the tricks I need to minimise how often I’m selected for an excessive amount of unwanted “special treatment”.

Airport
I plan to make my first trip to the USA since my name change, next year. Place bets now on how that’ll go.

This year, though, for the very first time, my (stupid bloody) unusual name paid for itself. And not just in the trivial ways I’m used to, like being able to spot my badge instantly on the registration table at conferences I go to or being able to fill out paper forms way faster than normal people. I mean in a concrete, financially-measurable way. Wanna hear?

So: I’ve a routine of checking my credit report with the major credit reference agencies every few years. I’ve been doing so since long before doing so became free (thanks GDPR); long even before I changed my name: it just feels like good personal data housekeeping, and it’s interesting to see what shows up.

Message to Equifax asking them to correct the details on my Credit Report.
It started out with the electoral roll. How did it end up like this? It was only the electoral roll. It was only the electoral roll.

And so I noticed that my credit report with Equifax said that I wasn’t on the electoral roll. Which I clearly am. Given that my credit report’s pretty glowing, I wasn’t too worried, but I thought I’d drop them an email and ask them to get it fixed: after all, sometimes lenders take this kind of thing into account. I wasn’t in any hurry, but then, it seems: neither were they –

  • 2 February 2016 – I originally contacted them
  • 18 February 2016 – they emailed to say that they were looking into it and that it was taking a while
  • 22 February 2016 – they emailed to say that they were still looking into it
  • 13 July 2016 – they emailed to say that they were still looking into it (which was a bit of a surprise, because after so long I’d almost forgotten that I’d even asked)
  • 14 July 2016 – they marked the issue as “closed”… wait, what?
Equifax close my request
Given that all they’d done for six months was email me occasionally to say that it was taking a while, it was a little insulting to then be told they’d solved it.

I wasn’t in a hurry, and 2017 was a bit of a crazy year for me (for Equifax too, as it happens), so I ignored it for a bit, and then picked up the trail right after the GDPR came into force. After all, they were storing personal information about me which was demonstrably incorrect and, continued to store and process it even after they’d been told that it was incorrect (it’d have been a violation of principle 4 of the DPA 1998, too, but the GDPR‘s got bigger teeth: if you’re going to sick the law on somebody, it’s better that it has bark and bite).

My message instructing Equifax to fix their damn data about me.
Throwing the book tip-of-the-day: don’t threaten, just explain what you require and under what legal basis you’re able to do so. Let lawyers do the tough stuff.

My anticipation was that my message of 13 July 2018 would get them to sit up and fix the issue. I’d assumed that it was probably related to my unusual name and that bugs in their software were preventing them from joining-the-dots between my credit report and the Electoral Roll. I’d also assumed that this nudge would have them either fix their software… or failing that, manually fix my data: that can’t be too hard, can it?

Apparently it can:

Equifax suggest that I change my name ON THE ELECTORAL ROLL to match my credit report, rather than the other way around.
You want me to make it my problem, Equifax, and you want me to change my name on the Electoral Roll to match the incorrect name you use to refer to me in your systems?

Equifax’s suggested solution to the problem on my credit report? Change my name on the Electoral Roll to match the (incorrect) name they store in their systems (to work around a limitation that prevents them from entering single-character surnames)!

At this point, they turned my send-a-complaint-once-every-few-years project into a a full blown rage. It’s one thing if you need me to be understanding of the time it can take to fix the problems in your computer systems – I routinely develop software for large and bureaucratic organisations, I know the drill! – but telling me that your bugs are my problems and telling me that I should lie to the government to work around them definitely isn’t okay.

Actually, Equifax: no. No no no no no. No.
Dear Equifax: No. No no no. No. Also, no. Now try again. Love Dan.

At this point, I was still expecting them to just fix the problem: if not the underlying technical issue then instead just hack a correction into my report. But clearly they considered this, worked out what it’d cost them to do so, and decided that it was probably cheaper to negotiate with me to pay me to go away.

Which it was.

This week, I accepted a three-figure sum from Equifax as compensation for the inconvenience of the problem with my credit report (which now also has a note of correction, not that my alleged absence from the Electoral Roll has ever caused my otherwise-fine report any trouble in the past anyway). Curiously, they didn’t attach any strings to the deal, such as not courting publicity, so it’s perfectly okay for me to tell you about the experience. Maybe you know somebody who’s similarly afflicted: that their “unusual” name means that a credit reference company can’t accurately report on all of their data. If so, perhaps you’d like to suggest that they take a look at their credit report too… just saying.

Cash!
You can pay for me to go away, but it takes more for me to shut up. (A lesson my parents learned early on.)

Apparently Equifax think it’s cheaper to pay each individual they annoy than it is to fix their database problems. I’ll bet that, in the long run, that isn’t true. But in the meantime, if they want to fund my recent trip to Cornwall, that’s fine by me.

After Section 702 Reauthorization

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

After Section 702 Reauthorization - Schneier on Security (schneier.com)

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We’ve just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law. Section 702 was initially passed in 2008, as an…

When One Library Steals From Another

When I first started working at the Bodleian Libraries in 2011, their websites were looking… a little dated. I’d soon spend some time working with a vendor (whose premises mysteriously caught fire while I was there, freeing me up to spend my birthday in a bar) to develop a fresh, modern interface for our websites that, while not the be-all and end-all, was a huge leap forwards and has served us well for the last five years or so.

The Bodleian Libraries website as it appeared in 2011.
The colour scheme, the layout, the fact that it didn’t remotely work on mobiles… there was a lot wrong with the old design of the Bodleian Libraries’ websites.

Fast-forward a little: in about 2015 we noticed a few strange anomalies in our Google Analytics data. For some reason, web addresses were appearing that didn’t exist anywhere on our site! Most of these resulted from web visitors in Turkey, so we figured that some Turkish website had probably accidentally put our Google Analytics user ID number into their code rather than their own. We filtered out the erroneous data – there wasn’t much of it; the other website was clearly significantly less-popular than ours – and carried on. Sometimes we’d speculate about the identity of the other site, but mostly we didn’t even think about it.

Bodleian Library & Radcliffe Camera website
How a Bodleian Libraries’ website might appear today. Pay attention, now: there’ll be a spot-the-difference competition in a moment.

Earlier this year, there was a spike in the volume of the traffic we were having to filter-out, so I took the time to investigate more-thoroughly. I determined that the offending website belonged to the Library of Bilkent University, Turkey. I figured that some junior web developer there must have copy-pasted the Bodleian’s Google Analytics code and forgotten to change the user ID, so I went to the website to take a look… but I was in for an even bigger surprise.

Bilkent University Library website, as it appears today.
Hey, that looks… basically identical!

Whoah! The web design of a British university was completely ripped-off by a Turkish university! Mouth agape at the audacity, I clicked my way through several of their pages to try to understand what had happened. It seemed inconceivable that it could be a coincidence, but perhaps it was supposed to be more of an homage than a copy-paste job? Or perhaps they were ripped-off by an unscrupulous web designer? Or maybe it was somebody on the “inside”, like our vendor, acting unethically by re-selling the same custom design? I didn’t believe it could be any of those things, but I had to be sure. So I started digging…

Bodleian and Bilkent search boxes, side-by-side.
Our user research did indicate that putting the site and catalogue search tools like this was smart. Maybe they did the same research?

 

Bodleian and Bilkent menus side-by-side.
Menus are pretty common on many websites. They probably just had a similar idea.

 

Bodleian and Bilkent opening hours, side-by-side.
Tabs are a great way to show opening hours. Everybody knows that. And this is obviously just the a popular font.

 

Bodleian and Bilkent sliders, side-by-side.
Oh, you’ve got a slider too. With circles? And you’ve got an identical Javascript bug? Okay… now that’s a bit of a coincidence…

 

Bodleian and Bilkent content boxes, side-by-side.
Okay, I’m getting a mite suspicious now. Surely we didn’t independently come up with this particular bit of design?

 

Bodleian and Bilkent footers, side-by-side.
Well these are clearly different. Ours has a copyright notice, for example…

 

Copyright notice on Bilkent University Library's website.
Oh, you DO have a copyright notice. Hang on, wait: you’ve not only stolen our design but you’ve declared it to be open-source???

I was almost flattered as I played this spot-the-difference competition, until I saw the copyright notice: stealing our design was galling enough, but then relicensing it in such a way that they specifically encourage others to steal it too was another step entirely. Remember that we’re talking about an academic library, here: if anybody ought to have a handle on copyright law then it’s a library!

I took a dive into the source code to see if this really was, as it appeared to be, a copy-paste-and-change-the-name job (rather than “merely” a rip-off of the entire graphic design), and, sure enough…

HTML source code from Bilkent University Library.
In their HTML source code, you can see both the Bodleian’s Google Analytics code (which they failed to remove) but also their own. And a data- attribute related to a project I wrote and that means nothing to their site.

It looks like they’d just mirrored the site and done a search-and-replace for “Bodleian”, replacing it with “Bilkent”. Even the code’s spelling errors, comments, and indentation were intact. The CSS was especially telling (as well as being chock-full of redundant code relating to things that appear on our website but not on theirs)…

CSS code from Bilkent University.
The search-replace resulted in some icky grammar, like “the Bilkent” appearing in their code. And what’s this? That’s MY NAME in the middle of their source code!

So I reached out to them with a tweet:

Tweet: Hey @KutphaneBilkent (Bilkent University Library): couldn't help but notice your website looks suspiciously like those of @bodleianlibs...?
My first tweet to Bilkent University Library contained a “spot the difference” competition.

I didn’t get any response, although I did attract a handful of Turkish followers on Twitter. Later, they changed their Twitter handle and I thought I’d take advantage of the then-new capability for longer tweets to have another go at getting their attention:

Tweet: I see you've changed your Twitter handle, @librarybilkent! Your site still looks like you've #stolen the #webdesign from @bodleianlibs, though (and changed the license to a #CreativeCommons one, although the fact you forgot to change the #GoogleAnalytics ID is a giveaway...).
This time, I was a little less-sarcastic and a little more-aggressive. Turns out that’s all that was needed.

Clearly this was what it took to make the difference. I received an email from the personal email account of somebody claiming to be Taner Korkmaz, Systems Librarian with Bilkent’s Technical Services team. He wrote (emphasis mine):

Dear Mr. Dan Q,

My name is Taner Korkmaz and I am the systems librarian at Bilkent. I am writing on behalf of Bilkent University Library, regarding your share about Bilkent on your Twitter account.

Firstly, I would like to explain that there is no any relation between your tweet and our library Twitter handle change. The librarian who is Twitter admin at Bilkent did not notice your first tweet. Another librarian took this job and decided to change the twitter handle because of the Turkish letters, abbreviations, English name requirement etc. The first name was @KutphaneBilkent (kutuphane means library in Turkish) which is not clear and not easy to understand. Now, it is @LibraryBilkent.

About 4 years ago, we decided to change our library website, (and therefore) we reviewed the appearance and utility of the web pages.

We appreciated the simplicity and clarity of the user interface of University of Oxford Bodlien Library & Radcliffe Camera, as an academic pioneer in many fields. As a not profit institution, we took advantage of your template by using CSS and HTML, and added our own original content.

We thought it would not create a problem the idea of using CSS codes since on the web page there isn’t any license notice or any restriction related to the content of the template, and since the licenses on the web pages are mainly more about content rather than templates.

The Library has its own Google Analytics and Search Console accounts and the related integrations for the web site statistical data tracking. We would like to point out that there is a misunderstanding regarding this issue.

In 2017, we started to work on creating a new web page and we will renew our current web page very soon.

Thank you in advance for your attention to this matter and apologies for possible inconveniences.

Yours sincerely,

Or to put it another way: they decided that our copyright notice only applied to our content and not our design and took a copy of the latter.

Do you remember when I pointed out earlier that librarians should be expected to know their way around copyright law? Sigh.

They’ve now started removing evidence of their copy-pasting such as the duplicate Google Analytics code fragment and the references to LibraryData, but you can still find the unmodified code via archive.org, if you like.

That probably ends my part in this little adventure, but I’ve passed everything on to the University of Oxford’s legal team in case any of them have anything to say about it. And now I’ve got a new story to tell where web developers get together over a pint: the story of the time that I made a website for a university… and a different university stole it!

Data-hucksters beware: online privacy is returning

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.

First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws…

TIL that the first ever speeding fine was given to Walter Arnold of Kent, UK, in January 1896. His speed: 8mph in a 2mph zone. He was caught by a policeman on a bicycle.

This link was originally posted to /r/todayilearned. See more things from Dan's Reddit account.

Walter Arnold of East Peckham, Kent, had the dubious honour of being the first person in Great Britain to be successfully charged with speeding on 28 January 1896. Travelling at approximately 8mph/12.87kph, he had exceeded the 2mph/3.22kph speed limit for towns. Fined one shilling and costs, Arnold had been caught by a policeman who had given chase on a bicycle.

Buying a House, Part 3

This blog post is the third in a series about buying our first house. If you haven’t already, you might like to read the first part. In the second post in the series, we’d put an offer on a house which had been accepted… but of course that’s still early days in the story of buying a house…

We hooked up with Truemans, a local solicitor, after discovering that getting our conveyancing services from a local solicitor is only marginally more-expensive than going with one of the online/phone/post based national ones, and you get the advantage of being able to drop in and harass them if things aren’t going as fast as you’d like. Truemans were helpful from day one, giving us a convenient checklist of all of the steps in the process of buying a house. I’m sure we could have got all the same information online, but by the time I was thinking about offers and acceptance and moving and mortgages and repayments and deposits and everything else, it was genuinely worth a little extra money just to have somebody say “next, this needs to happen,” in a reassuring voice.

A 22-page form; each page is double-sided for added insanity.
This gargantuan beast is our mortgage application form. All of those pages are double-sided, by the way.

Meanwhile, we got on with filling out our mortgage application form. Our choice of lenders – which Stefan, who I’d mentioned in the last post, had filtered for us – was limited slightly by the fact that we wanted a mortgage for three people, not for one or two; but it wasn’t limited by as much as you might have thought. In practice, it was only the more-exotic mortgage types (e.g. Option ARMs, some varieties of interest-only mortgage) that we were restricted from, and these weren’t particularly appealing to us anyway. One downside of there being three of us, though, was that while our chosen lender had computerised their application process, the computerised version wasn’t able to handle more than two applicants, so we instead had to fill out a mammoth 22-page paper form in order to apply. At least it weeds out people who aren’t serious, I suppose.

A front door with a hole, boarded up with plywood.
The front door of our intended new home had recently sustained some… damage. That didn’t bode well.

I revisited the house to check out a few things from the outside: in particular, I was interested in the front door, which had apparently been broken during a… misunderstanding… by the current owners, who are in the middle of what seems like a complicated divorce. The estate agent had promised that it would be repaired before the sale, but when I went to visit I found that this hadn’t happened yet. Of course, now we had lawyers on our side, so it was a quick job to ask them to send a letter to the seller’s solicitor, setting the repair of the door as a condition upon which the sale was dependent.

A page from our Environmental Search, indicating some of the past uses of the land around the house we hope to buy.
The results of our Environmental Search were perhaps the most-interesting. But I’ll understand if you don’t think it’s as interesting as I do.

Our solicitors had also gotten started with the requisite local searches. One of the first things a conveyancing solicitor will do for you is do a little research to ensure that the property really is owned by the people who are selling it, that there’s no compulsory purchase order so that a motorway can be built through the middle of it, that it’s actually connected to mains water and sewers, that planning permission was correctly obtained for any work that’s been done on it, and that kind of thing. One of the first of these searches to produce results was the environmental search.

A map of the area around our new house, as it was about a century ago.
A map of the area around our new house, as it was about a century ago, unearthed by our convenient tame librarian.

One of the things that was revealed be the environmental search was that the area was at a significantly higher-than-average risk of subsidence, had the construction not been done in a particular way – using subsidence-proof bricks, or something, I guess? I theorised that this might be related to the infill activities that (the environmental search also reported) had gone on over the last hundred and fifty years. The house is near a major waterway, in an area that was probably once lower-lying and wetter, but many of the small ponds in the area were filled in in the early part of the 20th century (and then, of course, the area was developed as the suburbs of central Oxfordshire expanded, in the 1980s). Conveniently, we have a librarian on our house-buying team, and he was able to pull up a stack of old OS maps showing the area, and we were able to find our way around this now almost-unidentifiable landscape.

A map showing a field, hedgerows, water course and - highlighted in blue - a pond. The second highlighting in blue (bottom left) is a letter 'O', not a pond. I got carried away highlighting things, okay?
A map showing a field, hedgerows, water course and – highlighted in blue – a pond. The second highlighting in blue (bottom left) is a letter ‘O’, not a pond. I got carried away highlighting things, okay?

Sure enough, there were ponds there, once, but that’s as far as our research took us. Better, we thought, to just pass on the environmental search report to a qualified buildings surveyor, and have them tell us whether or not it was made out of subsidence-proof bricks or shifting-ready beams or whatever the hell it is that you do when you’re building a house to make it not go wonky. Seriously, I haven’t a clue, but I know that there are experts who do.

Three-panel diagram, showing a low-lying lake being pumped to allow house construction, but in the third panel - OH NOES! - the houses have gone lop-sided because without the water in it, the ground becomes unstable.
In this highly-realistic diagram, which wouldn’t look out of place in a geography textbook, houses go wonky because they’re built on ground that became more-compressible after it was drained. This is what I want to avoid.

Given that the house we’re looking at is relatively new, I don’t anticipate there being any problems (modern building regulations are a lot more stringent than their historical counterparts), but when you’re signing away six-figures, you learn to pay attention to these kinds of things.

Hopefully, the fourth blog post in this series will be about exchanging contracts and getting ready to move in to our new home: fingers crossed!

Jury Duty, Part 4

This is the last in a series of four blog posts about my experience of being called for jury duty in 2013.

And just like that, it was over. The courts service kept me “on the hook” for a day or two, but after that: when I called the answerphone from which I receive my instructions, I was told that I’d been cleared. My jury service was over.

Scene from 12 Angry Men. Henry Fonda explains his vote of "not guilty".
12 Angry Men is an awesome film. The behaviour of some of the characters would certainly be illegal in a contemporary UK case, so we certainly can’t consider them to be role models for a real jury, but it’s a great film nevertheless.

I filled in my expenses form. £5.71 for lunch (where do they get these numbers?) each day. 8.9 pence per mile cycled to and from the courthouse. Given that they give a mileage bonus to car shares, I wonder if they’d have given me a top-up if I’d have shared a tandem with another juror?

I heard the outcome of the trial second-hand, a few days later, on a local radio station. It somehow reminded me that the real world was connected to my time on a jury: something I’d sort-of forgotten at the time. Being pulled out from your daily routine and put onto jury duty feels sometimes surreal, and – like the blind spot in your eye that fills-in what you see with the colours around it – it’s hard to remember now that just last week I wasn’t just following my normal pattern. So when I heard about the result of a trial in which my ‘alter ego’ – Dan the juror! – took part, it was strangely jarring. For a moment, I said to myself: “Oh yeah; that happened.”

My jury service was a really interesting experience. I’d have appreciated less sitting around and being shuffled from place to place, and more-certainty about when I would and wouldn’t be needed, but that’s only a small issue. I got to see the wheels of justice turning from within the machine, and to take part in an important process of our society. And that’s great.

Jury Duty, Part 3

This is the third in a series of four blog posts about my experience of being called for jury duty in 2013.

My second day of jury duty was more-successful than the first, in that I was actually assigned to a case, rather than spending the better part of the day sitting around in a waiting room. I knew that this was likely (though not certain, on account of the nature of the randomisation process used, among other things: more on that later) because I’d called the “jury line” the previous night. I suspect this is common, but the other potential jurors and I were given a phone number to call “after around 3:45pm to 4pm” each day, letting us know whether we’d be needed for the following day.

Juror information sheet, providing details of court sitting times and the juror message system.
After calling a national-rate number, I got to listen to an answerphone reading out a series of juror numbers needed for the following day, listening out for mine.

The jury assembly area now only contained the people who’d been brought in, like me, for the upcoming case: a total of 15 of us. I was surprised at quite how many of the other potential jurors showed such negativity about being here: certainly, it’s inconvenient and the sitting-around is more than a little dull if (unlike me) you haven’t brought something to work on or to read, but is it so hard to see the good parts of serving on a jury, too? Personally, I was already glad of the opportunity: okay, the timing wasn’t great… with work commitments keeping me busy, as well as buying a house (more on that later!), working on my course, (finally) getting somewhere with my dad’s estate, and the tail end of a busy release cycle of Three Rings, I already had quite enough going on! But I’ve always been interested in the process of serving on a jury, and besides: I feel that it’s an important civic duty that one really ought to throw oneself at.

An emptier jury assembly area
Few people in the Jury Assembly Area.

If it were a job that you had to volunteer for, rather than being selected at random (and thankfully it isn’t! – can you imagine how awful our justice system would be if it were!), I’d have probably volunteered for it, at some point. Just not, perhaps, now. Ah well.

The jury officer advised us of the expected duration of the trial (up to two days), and made a note of each of our swearing-in choices: each juror could opt to swear an oath on the Bible, Koran, Japji Sahib, Gita, or to make an affirmation (incredibly the Wikipedia page on Jurors’ oaths lacked an entry for the United Kingdom until I added it, just now). In case they were they were empanelled onto a jury, the officer wanted to have the appropriate holy book and/or oath card ready to-hand: courtrooms, it turns out, are reasonably well-stocked with religious literature!

A court clerk shufles a deck of 15 slips of paper.
I get the impression that the earlier rounds of jury selection – from the electoral roll summons through to the assignment of jurors to cases – is randomised by computer, but the final selection of 12 is done by hand.

Once assembled, we were filed down to the courtroom, where a further randomisation process took place: a clerk for the court shuffled a deck of cards, and drew 12 at random, one at a time. From each, she read a name – having been referred to it so often lately, I had almost expected to continue to be referred to by my juror number, and had made sure that I knew it by heart – and each person thus chosen made their way to a seat in the jury benches. I was chosen sixth – I was on a jury! The people not chosen were sent back up to the assembly area, so that they could be called down to replace any of us (if our service was successfully challenged – for example, if it turned out that we personally knew the defendant), but were presumably dismissed after it became clear that this was not going to happen.

Then, each of our names were read out again, before each of us were sworn in. This, we were told, was the last chance for any challenge to be raised against us. About half of the jurors opted to affirm (including me: none of those scriptures have any special significance for me; and furthermore I’d like to think that I shouldn’t need to swear that I’m going to do the right thing to begin with); the other half had chosen to swear on the New Testament.

A poster in the Jury Assembly Area: "Who's who in the Crown Court?"
Our courtroom was quite a bit larger than the one depicted on this poster, which I found in the jury assembly room.

The trial itself went… pretty much like you’ve probably seen it in television dramas: the more-realistic ones, anyway. The prosecution explained the charges and presented evidence and witnesses, which were then cross-examined by the defence (and, ocassionally, re-examined by the prosecution). The defence produced their own evidence and witnesses – including the defendant, vice-versa. The judge interrupted from time to time to question witnesses himself, or to clarify points of law with the counsel or to explain proceedings to the jury.

The trial spilled well into a second day, and I was personally amazed to see quite how much attention to detail was required of the legal advocates. Even evidence that at first seemed completely one-sided could be turned around: for example, some CCTV footage shown by the prosecution was examined by the defence (with the help of a witness) and demonstrated to potentially show something quite different from what first appeared to be the case. The adage that “the camera never lies” has never felt farther from the truth, to me, as the moment that I realised that what I was seeing in a courtroom could be interpreted in two distinctly different ways.

A courtroom scene, from the video Your Role As A Juror
This courtroom looks a lot like the one I served in, with the jury to the left of the judge and a similar layout to the position of the prosecution and defence teams, public gallery, and dock.

Eventually, we were dismissed to begin our deliberations, under instruction to return a unanimous verdict. I asked if any of the other jurors had done this before, and – when one said that she had – I suggested that she might like to be our chairwoman and forewoman (interestingly, the two don’t have to be the same person – you can have one person chair the deliberations, and another one completely return the verdict to the courtroom – but I imagine that it’s more-common that they are). She responded that no, she wouldn’t, and instead nominated me: I asked if anybody objected, and, when nobody did, accepted the role.

I can’t talk about the trial itself, as you know, but I can say that it took my jury a significant amount of time to come to our decision. A significant part of our trial was hinged upon the subjective interpretation of a key phrase in law. Without giving away the nature of the case, I can find an example elsewhere in law: often, you’ll find legislation that compares illegal acts to what “a reasonable person” would do – you know the kind of things I mean – and its easy to imagine how a carefully-presented case might leave the verdict dependent on the jury’s interpretation of what “reasonable” means. Well: our case didn’t involve the word “reasonable”, but there are plenty of other such words in law that are equally open-to-interpretation, and we had one of these to contend with.

Government guidance: "Even when the trial’s over you mustn’t discuss the case, even with family members."
Like I said, they’re serious about not talking about the specifics of the trial. This screenshot comes from the gov.uk guidance on jury service.

We spent several hours discussing the case, which is an incredibly exhausting experience, but eventually we came to a unanimous decision, and everybody seemed happy with our conclusion. As we left the court later, one of the other jurors told me that if she “was ever on trial, and she hadn’t done it, she’d want us as her jury”. I considered explaining that really, it doesn’t work like that, but I understood the sentiment: we’d all worked hard to come to an agreement of the truth buried in all of the evidence, and I was pleased to have worked alongside them all.

I stood in the courtroom to deliver our verdict, taking care not to make eye contact with the defendant in the dock nor with the group in the corner of the public gallery (whom I suspected to have been the alleged victim and their family). We waited around for the administration that followed, and then were excused.

The whole thing was a tiring but valuable experience. I can’t say it’s over yet; I’m still technically on-call to serve on a second jury, if I’m needed (but I’ve returned to work in the meantime, until I hear otherwise). But if nothing else of interest comes from my jury service, I feel like it’s been worthwhile: I’ve done my but to help ensure that a just and correct decision was made in a case that will have had great personal importance to several individuals and their families. I could have done with a little bit less of sitting around in waiting rooms, but I’ve still been less-unimpressed by the efficiency of the justice system than I was lead to believe that I would be by friends who’ve done jury duty before.

Jury Duty, Part 2

This is the second in a series of four blog posts about my experience of being called for jury duty in 2013. If you haven’t already, you might like to read the first.

I started my jury service this week, trotting along to the Oxford Crown Court on Tuesday morning, after the long weekend. As I’ve previously described, I can’t tell you anything about any case that I was assigned to (for similar reasons, I’ve got fewer photos than I might have liked), but I can tell you about my experience of being a juror.

Oxford Crown and County Court, on St. Aldates, Oxford.
The courthouse on the only sunny morning of the week. I parked my bike at the Probation Office opposite, on the first day, but got told off for using their racks and later had to park my bike elsewhere.

Getting into the courthouse is a little like getting through airport security: there’s a metal detector, and you have to turn over your bags to be searched. In my case, this took longer than most, becuase I’d brought with me a laptop computer, tablet computer, Kindle, textbooks, coursework, and paperwork relating to our efforts to buy a house (more on that, later), in addition to the usual keys, wallet, mobile phone, change, cycle helmet, gloves, etc. The metal detector seemed to be set to a rather under-enthusiastic sensitivity, though: it didn’t pick up on my metal belt buckle. Beyond this, I checked-in with reception, presenting my juror papers and driver’s license in order to prove my identity, before being ushered into a lift up to the jury assembly area.

Pictographs for: "if you want (to) look at (a) court room before you go (to ) your court hearing ask (a) member of staff please".
In order to improve universal comprehension, an entire board of signs in the crown court simultaneously use simplified English alongside pictographic representations of the words.

The jury assembly area is a comfortable but unexciting lounge, with chairs, tables, a handful of magazines, books, and jigsaws, a television (at a low volume), vending machines, lockers, and nearby toilets. Well-prepared for a wait, I started setting myself up a remote office, tethering myself an Internet connection and monopolising a bank of electrical sockets. After a while, a jury officer appeared and took a register, amid mutters from some of the other potential jurors that it was “like being at school”.

Jurors in a jury room, at Oxford Crown Court.
Jurors in a jury assembly area. They’re not as tightly-packed as they look: there’s space around the corner for more of them – they’re crammed into this area so that they can see the screen to watch an imminent screening of an instructional DVD.

There was some confusion about whether some of the potential jurors were supposed to be here at all (or had finished their service in the previous week), and about whether some others who were supposed to be present had arrived at all (and were perhaps hiding in the toilet or had disappeared down the corridor to the hot drinks dispenser), and the official had to excuse herself for a while to sort everything out. This gave us another extended period of sitting around doing nothing, which I quickly came to discover is an integral part of the experience of being a juror. Eventually, though, she returned and played for us a (slightly patronising) DVD, explaining our duties as jurors, before describing to us the process of selection and panelling, claiming expenses, and so on, and answering questions from the potential jurors present.

Still frame from "Your role as a juror".
Click through to watch “Your role as a juror”, the Ministry of Justice’s explanatory video on the role of a juror (the content is identical to the DVD we were shown).

A random selection done somewhere behind the scenes had apparently resulted in my being assigned to a case that afternoon, which I hung around for. But for some reason, that case never happened – it just got cancelled, and I got sent home. Later – in accordance with my instructions pack – I phoned a special answerphone line I’d been given and listened, in a numbers station-like way, for my juror number to be called for the following day. It came up, with an instruction that I’d been selected for a case starting the following morning. There was still every chance that I might not actually be selected for the jury, owing to the complicated multi-step randomisation process (as well as the usual factors that I could be disqualified by knowing somebody involved with the case, or the case not being heard that day at all), but this was still an exciting step forwards after spending most of a day sat in a waiting room for nothing to happen.

But that can wait for the next blog post in the series.

Jury Duty, Part 1

This is the first in a series of four blog posts about my experience of being called for jury duty in 2013.

Last month I was working from home one day, when I heard the postman drop off an unusually-loud stack of mail through our letterbox. Anticipating that one of them might have been a Graze box – and feeling the need for a little bit of a snack to keep my brain going – I wandered downstairs to take a look. There, among some other letters, I found a windowed envelope containing a pink letter: a Jury Summons.

My Jury Summons, showing my juror number and instructions on what a Jury Summons means. Parts are censored to protect my address and details that could make it possible for somebody to impersonate me as a juror.
For some reason, the Jury Central Summoning Bureau print their letters onto pink paper. It makes them stand out, I suppose.

Responses from people I’ve told about it have been mixed: some have been positive (“that sounds really interesting”); some have been negative (“isn’t there any way you can get out of it?”); others still have been curious (“you must tell us all about it!”). Personally, I’m pretty keen: it seems to me that jury duty’s an important civic duty, and I’m genuinely interested in the process. If it were a role that one volunteered for – and clearly it shouldn’t be, for reasons that ought to be obvious – then I’d volunteer for and give it a go, at least once: however, I wouldn’t necessarily volunteer for it now, when my work and life is so busy already!

Oxford Combined Courts: the Crown Court on the left, and the County Court on the right.
Looks like I’m going to get familiar with Oxford Crown Court. First question: where’s the nearest place to safely park my bike?

I’ve spoken to people who’ve done jury service before, and a reasonable number of them said that they found the experience boring. From the sounds of things, there’re liable to be extended periods of sitting around, waiting to be (possibly) assigned to a trial. On the up-side, though, it seems likely that I’ll be allowed to use a portable computer in the waiting area – though obviously not in the courtroom or jury areas – so I might at least be able to get a little work done and simultaneously stave off boredom during any period that I’m not assigned to a case.

A wider view of the Oxford Court buildings.
See: no cycle parking anywhere! They’re not completely cycle-hostile, though: they have offered to pay me 9.6p per mile for biking in each day.

It’s the people who’ve expressed an interest in the process for whom I’ve decided to blog about my experience. Of course, I won’t be able to share anything at all about any case I’m assigned to or about the other jurors who served on them, but I can certainly share my experience of being a juror. Perhaps if you’re called to a jury at some point, it’ll give you some idea what to expect.

A Broken Oath

As part of the ongoing challenges that came about as part of the problems with my dad’s Will, I was required the other week to find myself a local solicitor so that they could witness me affirm a statement (or swear an oath, for those of you who are that-way inclined). Sounds easy, right?

A close-up of my dad's Will, showing where it was clearly re-stapled.
One of the more-significant issues with my dad’s Will was that it was re-stapled sometime after it was signed. This was probably legitimate, but it quickly makes it look like it’s a forgery.

Well: it turns out that the solicitor I chose did it wrong. How is it even possible to incorrectly witness an affirmation? I wouldn’t have thought it so. But apparently they did. So now I have to hunt down the same solicitor and try again. It has to be the same one “because they did it partially right”, or else I have to start the current part of the process all over again. But moreover, I’ll be visiting the same solicitor because I want my damn money back!

I’ll spare you the nitty-gritty. Suffice to say that this is a surprising annoyance in an already all-too-drawn-out process. It’s enough to make you swear. Curse words, I mean: not an oath.

4 Things You Should Do When Writing A Will (Which My Dad Didn’t)

Since my dad’s funeral earlier this year, I’ve been acting as executor to his estate. What this means in real terms is lots of paperwork, lots of forms, and lots of dealing with lawyers. I’ve learned a lot about intestacy law, probate, inheritance tax, and more, but what I thought I’d share with you today are some things I’ve learned about Wills.

[spb_message color=”alert-warning” width=”1/1″ el_position=”first last”]Note: This blog post discusses the duties of an executor in a way that some people might find disrespectful to the deceased. No disrespect is intended; this is just the way that I write. If you’re offended: screw you.[/spb_message]

Here are 4 things you should do when writing a Will (which my dad didn’t):

1. Keep it up-to-date

What you should do: So long as you’re happy with the broader clauses in your will, there’s no need to change it frequently. But if there’s information that’s clearly missing or really out-of-date, it ought to be fixed.

What my dad did: My dad’s Will was ten and a half years old at the time of his death. In the intervening time, at least five important things had happened that he’d failed to account for:

  1. He’d bought himself a flat. Unlike his other real estate, he’d not made specific mention of the flat in his Will, so it fell into his “everything else goes to…” clause. We can only assume that this is what he intended – it seems likely – but specific clarification would have been preferable!
  2. I changed my name. This was a whole five years before he died, but his Will still refers to me by my birth name (which wouldn’t necessarily have been a problem except for the issue listed below under “State your relationships”).
  3. I moved house. Seven times. The address for me (under my old name, remember) on my dad’s Will is one that I lived in for less than six months, and over a decade ago. That’s a challenging thing to prove, when it’s needed! Any of the addresses I lived at in the intervening 10+ years would have been an improvement.
  4. The ownership model of a company in which he was the founder and a large shareholder changed: whereas previously it was a regular limited-by-shares company, it had become in those ten years an employee-owned company, whose articles require that shares are held only by employees. This posed an inheritance conundrum for the beneficiaries of these shares, for a while, who did not want to sell – and could not legitimately keep – them. Like everything else, we resolved it in the end, but it’s the kind of thing that could have been a lot easier.
  5. His two daughters – my sisters – became adults. If there’s somebody in your Will who’s under 18, you really ought to re-check that your Will is still accurate when they turn 18. The legacies in my dad’s Will about my sisters and I are identical, but had he died, for example, after the shares-change above but before my youngest sister became an adult, things could have gotten very complicated.

2. State your relationships

What you should do: When you use somebody’s name for the first time, especially if it’s a family member, state their relationship to you. For example, you might write “To my daughter, Jane Doe, of 1 Somewhere Street, Somewhereville, SM3 4RE…”. This makes your intentions crystal clear and provides a safety net in finding and validating the identity of your executors, trustees, and beneficiaries.

What my dad did: In my dad’s Will, he doesn’t once refer to the relationship that any person has to him. This might not be a problem in itself – it’s only a safety net, after all – if it weren’t for the fact that I changed my name and moved house. This means that I, named as an executor and a beneficiary of my dad’s Will, am not referred to in it either my by name, nor by my address, nor by my relationship. It might as well be somebody else!

A (censored) fragment from my father's Will, showing where he used my old name, old address, and did not state my relationship to him.
My workload has been increased significantly by the fact that I’ve had to prove my identity every time I contact somebody in my capacity as executor. Here’s why.

To work around this, I’ve had to work to prove that I was known by my old name, that I did live at that address at the time that the Will was written, and that he did mean me when he wrote it. And I’ve had to do that every single time I contacted anybody who was responsible for any of my dad’s assets. That’s a job that gets old pretty quickly.

3. Number every page, and initial or sign each

What you should do: If your Will runs onto multiple pages, and especially if you’ll be printing it onto multiple sheets of paper (rather than, for example, duplexing a two-page Will onto two sides of the same sheet of paper), you should probably put page numbers on. And you should sign, or at least initial, the bottom of each page. This helps to reduce the risk that somebody can tamper with the Will by adding or removing pages.

What my dad did: My dad’s will is only dated and signed at the end, and the pages are completely un-numbered. It clearly hasn’t been tampered with (members of the family have seen it before; a duplicate copy was filed elsewhere; and we’ve even found the original document it was printed from), but if somebody had wanted to, it would have been a lot easier than it might have been if he had followed this guideline. It would have also made it a lot easier when he made an even bigger mistake, below (see “Never restaple it”).

4. Never restaple it

What you should do: Fasten the pages of your Will together with a single staple. If the staple bends or isn’t in the right place, destroy the entire Will and re-print: it’s only a few sheets of extra paper, the planet will cope. A Will with additional staple marks looks like a forgery, because it’s possible that pages were changed (especially if you didn’t number and/or sign every page) after the fact.

A close-up of my dad's Will, showing where it was clearly re-stapled.
In this picture of my dad’s Will, you can see clearly the marks left from a previous stapling, alongside the actual staple. Sigh.

What my dad did: His biggest mistake in his Will (after failing to identify me in an easily-recognisable manner) was to – as far as we can see – print it, staple it, remove the staple, and re-staple it. It was the very first thing I noticed when I saw it, and it was among the first things out lawyers noticed too. In order to ensure that they can satisfy the Probate Registry, our lawyers then had to chase down the witnesses to the signing of the Will and get statements from them that they believed that it hadn’t been tampered with. Who’d have thought that two little holes could cause so much work?

More?

I could have made this list longer. I originally started with a list of nine things that my dad had done when he wrote his Will that are now making my job a lot harder than it might have been, but I cut it down to these four, because they’re the four that have caused the most unnecessary work for me.

Unless your estate is really complicated, you don’t need a solicitor to write a Will: you just need to do a little reading and use a little common sense. I’m a big fan of people doing their own legal paperwork (hence my service to help people change their names for free), but if you’re going to write your own Will, you might like to do half an hour’s background reading, first. This stuff is important.

When I first looked at the task of acting as my father’s executor, after his death, I thought “I can have this all wrapped up in eight months.” That was six months ago, and there’s probably another six months or more in it, yet. I heard from a friend that they call it “The Executor’s Year”, and now I can see why. We’re getting there, but it’s taking a long time.

Even when all the crying’s done and the bereaved are getting on with their lives, the executor’s always got more to do. So please, for the sake of your executor: check today that your Will doesn’t make any of these four mistakes! They’ll thank you, even though you won’t live to hear it.

Update 01-Sep-2012: corrected a typo.

 

The Coroner’s Inquest

[spb_message color=”alert-warning” width=”1/1″ el_position=”first last”]Warning: this post contains details of the nature of the accident that killed my father, including a summary of the post-mortem report and photographs which, while not graphic, may be evocative.[/spb_message]

Last week, I attended a coroner’s inquest, which (finally) took place following my father’s sudden death earlier this year. It’s been five months since he fell to his death in the Lake District, while he was training for a sponsored trek to the North Pole this spring. Despite the completion of the post-mortem only a week or so after his death and the police investigation not running on too much longer after that, it took a long time before the coroner was ready to set a date for an inquest hearing and finally put the matter to rest.

Legal gavel and books and stuff.
A selection of “lawyer things” notably absent from our minimally formal inquest hearing. Photo courtest s_falcow (Flickr).

I made my way up to Kendal – presumably chosen for its proximity to the coroner who serves the hospital where my father was airlifted after his fall – in a rental car, picking up my sisters and my mother in Preston on the way. We were joined at the County Hall by my dad’s friend John (who was with him on the day of the accident), Kate (a partner of my dad’s), and – after his complicated train journey finally got him there – Stephen (one of my dad’s brothers).

Mostly, the inquest went as I’d anticipated it might. The post-mortem report was read out – the final verdict was that death was primarily caused by a compression fracture in the upper spine and a fracture of the base of the skull, which is a reassuringly quick and painless way to go, as far as falling injuries are concerned. John’s statement was summarised, and he was asked a series of clarifying questions in order to ensure that my dad was properly equipped and experienced, in good health etc. on the day of his accident.

The route up Blea Water.
The last walk my dad ever made: the yellow line shows where he and John walked. The magenta line shows the path of my dad’s fall.

This was clearly a painful but sadly-necessary ordeal for John, who’d already been through so much. In answer to the questions, he talked about how he and my dad had rambled together for years, about how they came to be where they were on that day, and about the conditions and the equipment they’d taken. And, in the minutes leading up to my dad’s death, how he’d been coincidentally taking photographs – including the one below. He’d been in the process of putting his camera away when my dad slipped, so he didn’t see exactly what happened, but he looked up as my dad shouted out to him, “John!”, before he slid over the cliff edge.

Later, we heard from the police constable who was despatched to the scene. The constable had originally been en route to the scene of a minor road crash when he was diverted to my dad’s accident. He related how the two helicopter teams (the Air Ambulance hadn’t been able to touch down, but paramedics had been able to leap out at low altitude, so an RAF Search & Rescue helicopter was eventually used to transport the body to the hospital) had worked on the scene, and about his investigation – which had included seizing John’s digital camera and interviewing him and the other ramblers who’d been at the scene.

My dad, climbing, moments before his accident.
This photo of my dad, approaching a snow bank as he scrambles up the hillside, was taken only moments before he slipped and fell.

That’s all very sad, but all pretty-much “as expected”. But then things took a turn for the unexpected when Kate introduced herself as a surprise witness. Making an affirmation and taking the stand, she related how she felt that my father’s walking boots were not in adequate state, and how she’d told him about this on several previous occasions (she’s now said this on her website, too).

I’m not sure what this was supposed to add to the hearing. I suppose that, were it not for the mitigating factors of everything else, it might have ultimately contributed towards a possible verdict of “death by misadventure” rather than “accidental death”: the subtle difference here would have affected any life insurance that he might have had (he didn’t), by giving a reason to reject a claim (“he wasn’t properly-equipped”). John’s statement, as well as subsequent examination of my dad’s boots by my sister Sarah, contradicted Kate’s claim, so… what the hell was that all about?

A Search & Rescue helicopter hovers above my dad and the paramedics with him.
A further photo by John, showing one of the two helicopters that were involved in the operation, hovering above the spot where my dad is attended by paramedics. A selective blur filter has been added.

We all handle grief in different ways, and its my hypothesis that this was part of hers. Being able to stand in front of a court and describe herself as “Peter’s partner” (as if she were the only or even the most-significant one), and framing his death as something for which she feels a responsiblity (in an “if only he’d listened to me about his boots!” way)… these aren’t malicious acts. She wasn’t trying to get an incorrect verdict nor trying to waste the courts’ time. This is just another strange way of dealing with grief (and damn, I’ve seen enough of those, this year).

But I’d be lying if it didn’t cause quite a bit of concern and confusion among my family when she first stood up and said that she had a statement to make.

Anyway: regardless of that confusing little diversion, it’s good that we’ve finally been able to get the coroners’ inquest to take place. At long last – five months after my dad’s death – we can get a proper death certificate I (as an executor of his will) can start mopping up some of the more-complicated parts of his estate.