Robotic process automation (RPA) without the robots

No Robot Zone

By the Orbis Robotics Team

Robotics is one thing, but this doesn’t mean that the only considerations are the robots themselves, not by a long shot.  We were at that stage in our RPA journey where we were less about the robots (although they are always in our thoughts as we design and plan building them) but we also needed to take into account the people in the Lab, the stakeholders and the system that we were going to use.

We spoke about procuring the Lab and the team self-teaching via YouTube and Google in our previous blog, but there’s only so much the team can learn within our short timescales without bringing the expertise of our IT team on-board… so that’s exactly what we did.

With more people in the mix, this was always going to become a more complex dynamic and there were times when risk taking became necessary otherwise things wouldn’t move forward – not exactly the kind of thing IT like to hear, or be part of with their love of governance.  So how do you tackle this conflict?  We got everyone into a scrum.  Not the rugby version I might add, although it was tempting, but the type that allows us to bring everything to the table with all team members involved.

The scrum did iron out our issues (after a few uncomfortable conversations) and we moved on to the system.  Let’s not forget that being part of a Council partnership, Orbis have very little money to be spending on what we need to be a reliable system that meets all our requirements.  It was time to go on the charm offensive…  Not that I want to say we are good when it comes to blagging, as we do pride ourselves on being honest and open, but we managed to negotiate a free trial of a system, for a few more months than first agreed, whilst we tested it and before we made a decision about which system we were going to procure.

We got the disc to get us started but we also needed to make sure we were communicating with all of our stakeholders and talking to the likes of Information Governance and Legal to ensure everything was above board. A blocker of some sort now could be detrimental as we were getting ever closer to our first overarching robot. We spoke about our robot familypreviously but these were the ones that had a specific task to perform.  We had moved on to the type of robot that performed a process from start to finish, not a task within the process.

So what have we learnt in this part of our journey?  (Non-rugby) scrums are a good way to get decisions made. There are a LOT of people that have something to say about a project so you must engage with them early and regularly. Oh and that when it comes to spending money, it’s always good to negotiate.

More about our RPA journey next month

Robotic process automation (RPA) without the robots

Friday roundup: A week in tech

New Social Media

Life on modern, tech-bejewelled planet Earth – a slice:

Something happens. A bad thing; on this occasion, some human beings are horribly trapped underground, and await rescue before time runs out and they are killed.

Media arrives, bedding amidst the authorities and the rescue teams. Like bacteria around a wound, they illegally fly drones over the scene of the unfolding tragedy and tune into the emergency services’ communications channels hoping for prime cuts of horror to thatch into their salacious, sensationalist drivel – because if these people are going to die, somebody may as well make a few quid out of it, right?

Enter stage left: one of the world’s richest and most enigmatic tech luminaries – with a tiny little submarine. Then Elon Musk, for it is he, actually turns up at the scene in person, for some reason.

The internet froths in a sea of reaction: Musk is a disgrace; Musk is a hero. Elsewhere, millions share dire memes, like they do when anything happens anywhere because that is what we do now. Opinion flows like thick effluence from an ocean-bound sewage outlet pipe.

Journalists build whole stories around tweets which are about people saying things about things that other people have said about the catastrophe. Reaction. Counter-reaction. Tweet, tweet, tweet. As is the modern way. (In fact, the once reasonably respectable Independent, now reduced to a web-only husk, has a top 100 stories site that is almost entirely fuelled by tweets, the more pointless, witless and unmoored the better.)

But it’s all over! Everyone’s been saved. The digital nexuses emit a collective sigh of relief and joy. The reporters go home. Musk retreats to his lair. Hurrah for us, and all the concern and love we so thoughtfully publically exhibited!

And now it’s a new day on Earth: the divide between rich and poor continues to swell; public services crumble a little more; the bodies of the war-mangled pile up in the globe’s long-running strife spots; poverty, preventable illness, despair and prejudice power onwards and upwards.

But who cares? With keyboards, electric telephones, mini-subs, reactions and memes at the ready, we eagerly await the next super-focused micro disaster to help pass the many frivolous hours between this life and the next.

***

Facebook is to be vaguely punished for its part in the Cambridge Analytica (CA) democracy-walloping fiasco.

The Information Commissioner’s Office (ICO) has promised to hit the unspeakably rich firm with a £500,000 fine, after it failed to ensure that CA had deleted users’ data.

Though it’s not a great deal of money as far as Facebook is concerned, the ICO is confident that the penalty will damage the social media network’s reputation, which, it hopes, will prove far more costly.

And maybe there’s something in that. Facebook pumped out a good news ‘we’re lovely, so love us’ TV advert during England’s World Cup semi-final with Croatia on Wednesday evening, which must have been quite expensive considering the occasion. ‘Facebook has changed,’ according to the chime of the slightly nauseating advert’s timbre.

Anyway, the BBC has a very good and detailed report all about it here which I highly recommend.

***

And now news of the other great unravelling, possibly democracy-threatening and constantly controversial shambles of a social media network, Twitter.

Apparently, the firm has deleted a very impressive 70 million accounts since May, in a gigantic purge of the fake and suspicious.

Interestingly, the enormous account massacre was revealed by the Washington Post but hasn’t exactly been officially confirmed by Twitter. No doubt this is because though executing lots of bots and trolls is on one hand very good news, it’s very bad news if it rather illustrates to advertisers and investors that a great deal of your audience are either psychotic bigots or non-existent.

And, indeed, it looks like I’m right about something for once. Twitter’s shares have fallen 8.5% in the wake of the Post’s story, in anticipation of advertisers being turned off by the firm’s plummeting user count. (Here’s the evidence, at the bottom of the story, written by proper journalists, so you can have some faith in it.)

Friday roundup: A week in tech

Outsourcing: The Socitm view

Cybersecurity

This year’s annual Socitm President’s Conference in Glasgow hosted a breakout discussion on the findings of a forthcoming Socitm Policy Briefing research report on the future of IT outsourcing.

It was attended by a number of invited Socitm members, to review the draft findings of the research and to test these with the wider views of leading practitioners in council ICT departments.

Socitm has been advising its members to be cautious of naive outsourcing of ICT since the days of ‘compulsory competitive tendering’ (CCT) in the 1980s and early 1990s. At that time, such advice often flew in the face of central government policy that seemed to favour wholesale outsourcing of ICT in the public sector, as was the case across Whitehall.

Today, the picture is very different. Socitm policy advocates ‘smart sourcing’ as critical for successful ICT delivery – more aligned with common sense than past Whitehall policies. This is particularly important today, with cloud models offering more flexibility in scale and cost than traditional ICT outsourcing.

Not only are Whitehall departments pulling back from outsourcing: the trend is extending across the private sector as well. Whilst vindicated in its views, Socitm is also clear that ICT insourcing is not the answer (though some careful and selected ICT insourcing can be valuable).

These were views endorsed at the conference breakout session led by Socitm associate Jos Creese. Five key learning points emerged:

  1. Political dogma can get in the way of good ICT business choices, especially when these emanate from central government to local government. ICT choices should be decided based on risk, value, technology opportunity and other factors at a local level.
  2. It’s not a question of outsourcing or insourcing, but careful choice of delivery partners for ICT, as has always been needed. Some of the ICT skills that may best be retained in-house are: business analysis, project management, cyber security, digital architecture design, ICT strategy, and ICT operational delivery oversight, including contract management
  3. Bringing ICT services back in house is typically a complex change programme in its own right. Building ICT capacity from scratch takes time. Where ICT services have been outsourced for any duration, internal ICT skills may have been eroded significantly.
  4. Traditional ICT outsourcing models, including the contracts and the way services are designed and delivered, are based on a pre-cloud world, which is often no longer fit for purpose. The main suppliers know this and are gradually trying to change their service model, but this will take time. Councils that are locked into inflexible ICT outsourcing contracts need to consider their exit strategy and seek help if necessary.
  5. The balance of choices between ICT ‘insource’ and ‘outsource’ is not clear cut. Factors to consider include: the scale of the organisation, appetite for risk, culture, skills and the ICT starting point.
Outsourcing: The Socitm view

Friday roundup: A week in tech

facebook:twitter

Social media firms are actively trying to make their products as addictive as possible, a man who has helped to make social media as addictive as possible has said.

Speaking to the BBC’s Panorama show, Aza Raskin claimed that it’s as if companies are ‘taking behavioural cocaine and just sprinkling it all over your interface and that’s the thing that keeps you like coming back and back and back’.

Mr Rashkin, a tech engineer, designed infinite scroll, a common feature of social media interfaces that allows spellbound, stupefied users to trawl endlessly through a sea of empty gibberish while day and night pass silently around them.

The repentant engineer added that ‘behind every screen on your phone, there are generally like literally a thousand engineers that have worked on this thing to try to make it maximally addicting’.

Lots of other Road to Damascus Silicon Valley types also contribute to the Panorama special, expressing remorse for their past work at the likes of Facebook, where they were compelled to contribute to the farce called 21st century culture.

Anyway, a big, properly written and genuinely informative report can be read here.

Do you use social media? Would you like to comment on these issues? We’d love to hear from you. Please write to: Socitm, 8a Basset Court, Grange Park, Northampton, NN4 5EZ.

***

Everybody’s favourite internet oddity Kim Dotcom has lost the latest round of his long running battle to avoid extradition to the US.

Currently holed-up in his New Zealand lair, the creator of file-sharing behemoth Megaupload is wanted in America for copyright infringement and fraud.

But New Zealand’s Court of Appeal has ruled that Mr Dotcom and three of his cohorts can be extradited to the Land of the Free – where, if found guilty, the four may have to practice freedom in prison.

Last week, or last month, or at some point, Mr Dotcom announced plans to destroy Twitter and create his own new, shiny, special social media network that will take over the world – a grand scheme that extradition will surely interfere with.

And it’s not over: ‘We will seek review with the NZ Supreme court,’ Mr Dotcom’s lawyer TWEETED via the HATED Twitter network.

***

Aggrieved types who seek some form of relief by indulging in the mania of ‘revenge porn’ are about to feel the force of a souped-up legal system.

The Sentencing Council for England and Wales has instructed courts to hand down the harshest punishments for the repellent and pathetic activity – currently a maximum of two years in jail.

Judge Rosa Dean, of the Sentencing Council, said: ‘Our guidelines recognise and reflect the very intimate, personal and intrusive nature of these offences, which can have devastating, often long-term, impacts on victims and their families.’

There were 465 prosecutions for ‘revenge porn’ over 2016/17 in England and Wales, so it is hoped that the new guidelines, which come into effect on 1 October, may curtail things a bit – but, you know, if you’re vile, stupid AND angry it’s probably unlikely that the threat of silly old prison will deter you from your macabre mission.

***

Former fireplace salesman turned defence secretary Gavin Williamson was apparently interrupted by his iPhone during some debate or other in the House of Commons.

Problem-solver and future human ruler Siri burbled into life while the minister updated MPs on the battle against ISIS.

The much-loved and widely admired Speaker of the House, John Bercow, commented that it was a ‘very rum business’ – though I’m not sure if that was a reference to Mr Williamson’s past activities in his fireplace showroom or to the phone mishap.

Apparently, the Siri incident was not evidence of a wider security risk, as the minister doesn’t take the troublesome phone into important meetings. No, of course he doesn’t.

Hilariously, Mr Williamson said that it’s ‘very rare that you’re heckled by your own mobile phone’.

You can watch it here, if you can be bothered.

Friday roundup: A week in tech

Perfect Ed Sheeran scam shows financial scale of online fraud

Cybercrime den

By Ian Dyson, Commissioner, City of London Police

For the last 10 years, City of London Police has been the national lead police force for fraud. Fraud was seen 10 years ago as a growing threat that was beyond the capacity and capabilities of individual police forces. Roughly 70% of the frauds that are reported to us today are cyber-enabled.

There is a hierarchy of people involved in cybercrime. Right at the top, there are certain countries that are trying to hack into all sorts of systems. At the bottom, you’ve got 16-year-olds sitting in their bedrooms, pizza takeaway boxes around them, trying to hack into systems because it’s a test.

Research by the National Crime Agency shows that the majority of young people who get into this do so through gaming, where they start to look at ‘how can I get around the system’ for levels or layers. They aren’t interested in crime but in the technical challenge of defeating that system, and that is exploited by criminals. Some of these young folk are doing work in cyberspace and they have no concept that they are working for criminality.

In the middle, you’ve got criminality. Make absolutely no mistake about it, the majority of people trying to hack into your systems, the majority of the people trying to defraud the public or your organisation, are doing it for one thing only: money.

Organised crime and criminal gangs used to have their specialisms: drugs, firearms, counterfeit currency. Now this is not the case: they are into anything where they can make money. The internet allows people to make money at a scale they could not have dreamed of elsewhere. Why would anyone rob a bank these days?

One of the big frauds we’re experiencing at the moment is ticketing fraud. The days when you used to queue outside HMV on a rain-swept day to buy your concert tickets to see your favourite band are long-gone. Now you have to wait online with your finger hovering over the button; they say ‘now they’re for sale’ and in a couple of minutes they’re gone.

There are legitimate companies that do secondary ticket sales, but there are lots of criminals out there. Even a legitimate company will dispatch your tickets two weeks before the date. It’s perfect for the fraudster, because you have to wait before you realise you haven’t got your tickets. The fraudster is long-gone, having moved their website, phone and email address.

City of London Police paid for some advertising on Facebook for some Ed Sheeran tickets that were so cheap that anyone with any amount of common sense would have said there’s something wrong with this. We got interest and talked people through the process, asking them to pay by banker’s draft rather than credit card, which is a no-no online because you’ve got no protection. We took them through to where they would enter their details then told them ‘this is a City of London Police website, you’ve been scammed and here are some tips to avoid it in future’.

Had we decided to take the money from the people who were prepared to give it, in the eight hours that advert was up we would have taken £75,000. That’s why the criminals are into it.

This is based on Ian Dyson’s talk at the Socitm London and South 2018 conference in London on 15 June 2018

Perfect Ed Sheeran scam shows financial scale of online fraud

How Plymouth handled a breach of 1,700 residents’ passwords

cyber security

By John Finch, information governance manager, Plymouth City Council

We had a cyber-breach a couple of years ago that we learnt some deep and serious lessons from: 29 Plymouth.gov.uk email addresses were found in a password file dump on VirusTotal, a website owned by Google where people upload virus signatures. The service desk took the call and the first thing they did was change all the staff passwords, just in case they had been used for network access.

The email addresses were all from the same department and all involved with a website called Summer Mix, which was externally hosted – a programme we run in Plymouth every summer with free activities like dance classes and horse-riding.

To sign up, people went to the website and provided email addresses, passwords, which courses and other sensitive information. As soon as we became aware of a link, alarm bells started ringing.

We phoned up the supplier and said turn off the website immediately. This was January, so we were a bit puzzled as to why the site was running, given the programme finished in August. We then said, can you give us a copy of the database behind it, all the log files you’ve got, do you do any analysis of the traffic and can you check your code to see if there are any vulnerabilities? We also contacted VirusTotal and got the whole password dump – and discovered that the file had originally been placed on the website Pastebin before it had been copied to VirusTotal.

Additionally, we notified the ICO (Information Commissioner’s Office) and the NCSC (National Cyber Security Centre) immediately.

The supplier came back and said they couldn’t find anything wrong. But we compared the VirusTotal dump file and the supplier’s database, and were able to identify that it wasn’t just 29 addresses: it was 1,700 people’s details that had been compromised. I was horrified by the log file: in the month up to the attack, there were thousands and on some days hundreds of thousands of visits to the site. Most of the IP addresses weren’t from the Plymouth area or from the UK. It was quite obviously an SQL injection attack. These sorts of things should have been stopped by the website itself.

We’ve got good contacts with the South West Cyber Crime Team. They sent a guy down within two days who took away all the relevant data and started analysing it themselves. The information included medical needs for children, as instructors need to know if they have asthma or other conditions that need treating, as well as dietary requirements.

We set up a communications plan, because this was a major breach, which took three weeks liaising with the police on what we needed to tell people. We had to send out 1,100 letters rather than 1,700, as some people registered two or more children.

In the letters, we said ‘All that was taken was your email address and password, as you might have used it in PayPal and Amazon and the criminals can monetise this’. We gave advice that it’s good practice not to use the same password on every website, so we suggest you change them and here’s some advice on secure passwords.

We had two dedicated staff in our contact centre expecting phone calls the day after the letter went out. We had a really low response, taking 12 phone calls; we took that as positive. A member of staff who was affected said, ‘everything I needed to know was in the letter’. The ICO came back quickly and did not take any further action. The cybercrime team were unable to bring any charges due to the different locations the attacks originated from.

The lessons that you can take away from this:

  • Know which data is being collected on external websites and when they are in use
  • Insist on full penetration tests on all external websites
  • Insist on monitoring of activity
  • Pastebin can be searched for your domain to see if email addresses have been compromised
  • Ensure you have a detailed incident response plan

This is based on John Finch’s talk at the Socitm London and South 2018 conference in London on 15 June 2018. Plymouth City Council now hosts the Summer Mix webpages on its own website and uses a PDF booking form that applicants print off or collect then deliver to a participating youth centre – see https://www.plymouth.gov.uk/youngpeople/summermix2018.

VirusTotal: https://www.virustotal.com

Pastebin: https://pastebin.com/

How Plymouth handled a breach of 1,700 residents’ passwords

Friday roundup: A week in tech

microphone

Have you heard the one about HM Revenue and Customs (HMRC) and the millions of recorded voices? No? Well, it’s not a joke and here’s the story…

HMRC, the UK’s most taxing public body, has stored the happy tones of 5.1 million cheerful ‘customers’ as part of its Voice ID scheme – a password system that allows callers to identify themselves with their voice (obviously).

However, the mouthy scheme has spooked freedom-loving types, with Big Brother Watch claiming that the government department is instigating ‘biometric ID cards by the back door,’ which sounds like the title of a Brian Eno album.

Big Brother Watch’s director, and current leader of the best name of the year competition, Silkie Carlo, reckons that HMRC’s voice IDs ‘could allow ordinary citizens to be identified by government agencies across other areas of their private lives’.

She has implored the department to destroy the five million voices it’s already harvested ‘in this shady scheme’.

Responding, a HMRC spokesman mumbled that the system is ‘very popular with customers’.

Hmm, a function of HMRC that is ‘very popular with customers’ eh? Right.

***

Everybody’s favourite ‘fit and proper’ taxi-hailing firm has been granted a short-term licence to ply its trade in London. Well done, Uber.

Back in September last year, Transport for London (TfL) rejected the company’s application for a new licence to carry on operating in the capital, citing concerns around, among other things, background checks on drivers and the reporting of criminal acts.

Anyway, now things are looking better for the firm as Westminster Magistrates’ Court has awarded it a 15-month probationary licence, which is surely ample time to iron out any concerns the authorities may have?

But it wasn’t all good news in court: not only must Uber pay TfL’s £425,000 legal costs, Helen Chapman, TfL’s licensing, regulation and charging director told everybody that the firm’s behaviour around the reporting of crimes was ‘very disturbing’.

Responding to the ruling, and not really sure if it was a victory or not, London mayor Sadiq Khan, said: ‘After years of operating poorly in London, Uber has now accepted that TfL’s action in refusing to renew their licence was totally justified. Today our stance has been vindicated by the court.’

In case you’ve forgotten, Uber once took a year to report a hack that compromised the details of 57 million customers, choosing instead to pay the hackers’ ransom in secret. Thought I’d add that for a bit of fun. Happy Ubering!

***

A new digital squabble has opened up in the people vs machines arena, this time between doctors and chatbots.

According to software outfit Babylon, its NHS GP at Hand app is as good at identifying medical issues as real human GPs, which real human GPs have found a bitter pill to swallow.

In fact, the Royal College of General Practitioners (RCGP) has gone as far to say that ‘no app or algorithm will be able to do what a GP does’. What, never?

Appearing to break ranks in the human world, NHS England’s chairman, Sir Malcolm Grant, seems to think Babylon’s virtual doctor system has legs. He said: ‘It is difficult to imagine the historical model of a general practitioner, which is after all the foundation stone of the NHS and medicine, not evolving. We are at a tipping point of how we provide care.’

Babylon says its software scored 81% in a RCGP medical-ailment-diagnosis exam that humans score an average of 72% in.

However, the RCGP has said that it didn’t provide the questions, so Babylon’s claims can’t be verified.

Interesting stuff, and along with self-driving vehicles, robots and all the other burgeoning AI the big question has become a little more pressing: What are humans for?

Have a lovely weekend!

Friday roundup: A week in tech