UK man did NOT invent the iPod.

September 10, 2008

From Slashdot, I came across this article, stating:

Apple has admitted that a British man played a part in developing the iconic and extremely profitable iPod, although he has so far received no money for his invention.

Let’s be quite clear: this is an absurd claim.  Why? Well, from the same article:

In 1979 Kane Kramer from Hertfordshire filed a patent for a digital music player that stored just three and a half minutes of music to a solid state chip – limiting media options to just one short song.

And what is the iPod?  Well, until recently, the iPod was a hard-drive based product.  And it could contain a little more than three and half minutes of music.  And this guys patent expired. 20 years ago. Furthermore, the iPod was successful, not because it was some unique new technology, but because it had a working – useful – interface.

Nonetheless, a company was set up by Kramer to bring the IXI to a commercial release, but it slipped into the public domain in 1988 when the firm failed to raise the £60,000 needed to renew international patents.

Okay, so the patent failed to be renewed (not unsurprisingly; who’s going to pay good money to carry around one song in an age when portable cassette players were inexpensive), but the article carries on to state:
Because of this patent lapse, Kramer has received no money from the sale of any of the 163 million iPods Apple has so far sold.
And neither did he receive money from any other MP3 player manufacturer.  Shouldn’t that minor fact have clued this clueless journalist into something: Apple are not the only company manufacturing digital audio products – either hard-drive or solid-state based.  But the fact that this claim is patently (ahem) absurd, nothing stopped it from making it into Wikipedia (correct as of 09/09/08):
In order to defeat a lawsuit from patent holding company, Apple finally admitted in September 2008 that the true inventor of the device was not in fact employed by the company; it was Kane Kramer who patented the idea of a “plastic music box” in 1979, which he called the IX.
The reference for the above quote, incidentally, is CNet, which makes this extraordinary claim:
The iPod was, apparently, invented not by some genius at Apple (not even a British one) but by a British furniture salesman who left high school at 15 and still has not been paid a dime for his brilliance.

And who does CNet reference in order to justify this claim?  The Daily Mail. Chosing the “big bad American company screws over hard working Brit” angle:

A staggering 163million iPods have been sold since the device was launched by Apple in 2001.

But Mr Kramer, in contrast, last year had to close his struggling furniture design business and move with his wife Lorraine and children, Jodi, nine, Luis, 14, and Lauren, 16, into rented accommodation.

And the proof they provide that Apple should pay this guy for expired patents that don’t bear any resemblence to the iPod?  Well, have a look at the sketch yourself.  This really is Flat Earth News: aka. Making stuff up.

Kramer did not invent the iPod.  Kramer is not entitled to a penny of the sales of the iPod, the Zune, the Walkman MP3, or any other digital audio device.  And the news people – once again – are making stuff up.


On Clarkson, BACS and data security

January 7, 2008

I don’t very much like Jeremy Clarkson, so it was with much fun and finger pointing I read this. In short, Clarkson, believing himself to be a data-security expert, put his bank account details, and clues to his address, into a newspaper column in the Sun to “prove” that the recent loss of data by the HMRC was nothing to worry about. Clarkson, not actually being a data-security expert, was then suprised to find that he had then become an unwitting £500/month donor to Diabetes UK.

To my warped sense of humour, this is very funny. A lot of people (highly scientific source: this discussion at the Register) thought it great that at least Clarkson had admitted he was wrong, and that made it all okay. Well, no it didn’t.

First things first, Clarkson eroneously told a great deal of people that having huge swathes of sensitive data go missing was okay. He attempted to demonstrate his expertise by posting only two peices of information from amongst all the information that was lost: he did not post his national insurance number, his date of birth (although this is easy to find out – 11th April 1960), or any of the other information that was, or might have been, on the missing disks. He erroneously gave the impression that because he posted a limited sub-set of the information available, it was safe for all the information to be freely available. And he was wrong in his reasons why he was wrong.

Look at what happened: shortly after posting his bank details in his newspaper column, someone used that information to set up a Direct Debit between Clarkson’s bank account and the charity Diabetes UK – most likely using the on-line Direct Debit application provided by the charity. When he discovered this happened, he reports that:

“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.

The second part of this is true: once your data is out of the bag, it stays out. The first part isn’t — or, more accurately, if the first part is true, whoever he spoke to him is incompetent. It is certainly true that the bank most certainly can’t find out who did it, but it has nothing whatsoever to do with the Data Protection Act and I have to wonder why this suggestion was made. The bank can’t tell him who did it for the simple reason that they don’t know, and – more precisely – they can’t know. The banks simply don’t hold that information.

In order to see why, it’s worth considering how a direct debit is setup. In the UK, a DD allows an approved (“sponsored”) originator to collect money automatically from an account. Originally, this involved getting a piece of paper from the originator, filling in all your details, signing it and sending it back to the bank. In those ancient times the bank held the mandate and could point to your signature if you ever disputed a collection. Later, you instead sent the mandate to the originator and they could point to your signature if you ever disputed a collection. But paper is a pain in the bum to deal with, and mandates are costly to archive; so recently (well, not that recently, but it’s only recently that it’s become popular) BACS (now BACS/Voca) introduced a system called Paperless Direct Debit. As its name suggests, with a paperless direct-debit there is no paper mandate and there’s no signature. All that happens is the originator sends your bank an computer record effectively saying “this person has set up a direct debit” (the automated management of DD’s is done with a system given the acronym “AUDDIS” – AUtomated Direct Debit Instruction Service). The whilly person who set up the direct debit on Clarkson’s account knew something that Clarkson didn’t: to set up a direct debit on an account on-line, you only need to know that persons: name, sort code and bank account number. The identity of the person making the direct debit request isn’t known, because it both isn’t needed, and because it is assumed that the person making the request is the person who holds the account.

The point here is that the person who set the direct debit up didn’t have to be particularly clever or cunning, he simply had to know something that Clarkson didn’t. Clarkson apparently either didn’t know about paperless direct debit or he couldn’t connect the dots, but felt qualified to comment on whether the data that went missing was worth worrying about or not.

What’s bizarre about this is that Clarkson shouldn’t be reporting that he’s losing any money. The paperless Direct Debit system is highly insecure (read: it’s set up to prefer ease-of-use to security), so it is set up in such a way that it has the ultimate money-back guarantee: if a mandate is set up on your account that was not authorised by you, your money will be immedeatly refunded, and the mandate cancelled, no questions asked. For that matter, if a mandate is set up on your account that was authorised by you, but you’d prefer to pretend that it wasn’t, you will get your money back, no questions asked. (This is what the “Direct Debit Guarantee” stuff at the bottom of paper mandates is all about, and why you are supposed to keep it.)

Clarkson got let off lightly. I don’t know what makes him think that a motoring colomnist is qualified to write about data security, but he was wrong. If he gets punished for it to the tune of £500, then he was both wrong in his first article and either (once again) woefully misinformed, or stupid, in the second. The fact is, however, that a single direct debit being set up in his name as a result of him publishing two pieces of sensitive – but not secret – information, is not the type of fraud people are concerned about; and the concerns raised around the handling of data in at the HMRC is not simply because Jeremy Clarkson may be the target of aprank which should not leave him out of pocket. That he seems to think that it is makes me wonder what kind of reactionary nonsense he’ll write when the next major data breach occurs. Thankfully I don’t read the Sun, so I’ll probably never know.