Frank Leonhardt's Blog

It is safe to allow your kids to use Fronter?

Fronter is Pearson’s commercial LMS; basically Moodle, but you pay lots of money for it. It quite possibly does more, but I’m not in a position to pay for a copy to find out. However, this isn’t a review of Fronter. In fact it applies to the concept of an LMS rather than Fronter, as an instance of an LMS.

An LMS (or LCMS) is a CMS that has been developed, or optimised for learning (hence the acronym). It’s currently being pushed in to primary schools for use by children as young as six, and it’s security is far from certain.

An LMS is also known as Virtual Learning Environments (VLE) in marketing-speak. Ask any academic computer scientist and they’ll tell you Moodle is the one to go for these days. WebCT in the past; but the open source nature and sheer power of Moodle makes it king of the castle – and it’s free. So why does half the world use Blackboard (they purchased WebCT in 2005)? My best guess is that most schools don’t have the technical ability to support anything in-house, and by outsourcing you get a commercial product, sold with smiles and soothing words. It’s just not realistic to expect many primary or secondary education institutions to have the knowledge to manage its own IT – the 20% of the world using Moodle are the clued-up tertiary sector. And the folks able to use Moodle are the same folks that are likely to understand the security implications. Primary schools are unlikely to have security skills in-house, and it’d be surprising to find that level of knowledge in a secondary (high) school either, so in order to use an LMS it has to be outsourced and made simpler.

Enter Pearson with Fronter. Pearson is a large media conglomerate with an education division, best known for brands such as Prentice Hall, Longman, Addison-Wesley. Ah, THAT Pearson. So you can see they’ve got a good ‘in’ to schools, and they appear to be pushing Fronter hard in to the primary sector. It’s being used for children as young as six, and this raises significant questions when it comes to security. Would you let your child use Facebook? Of course not; so why is Fronter, with its social media features any better?

Leaving aside whether it’s appropriate to introduce very young children to any form of social networking, a close look at the security aspects of any LMS is vital. Latterly I’ve been looking at Fronter, and this is used for examples in this article, but the comments apply to any LMS – they can all be configured in a dangerous way.

Fronter is obviously keen to allay concerns, and has just hired Logica (completed March 2010) to get it through ISO 27001. Fronter will doubtless wave this badge around saying “Okay – we’re now safe and secure to international standards”. This will be true, to at extent, but ISO-27001 is so vague it can mean anything. Like ISO-9000, it basically means it can be audited within the parameters set, and potential stakeholders can review the documentation and see if it meets their requirements. Even when these parameters are available, I doubt I’d be allowed to review it (Fronter – are you listening?)

Don’t get me wrong here. I’m not knocking ISO-27001 any more than I’d knock ISO-9000. At least not per se. It’s a framework, and as such, can be used to promote good or to conceal evil. Neither do I question Fronter’s commitment to keep intruders out of its system, if for no other reason than because any breach would have a disastrous effect on its business. I’m as confident as I can be that they’re taking the matter very seriously indeed, as do any other serious LMS developers.

But the developers can’t make an LMS safe. It’s infrastructure might be secure, but its users are always going to be the weak link. Schools really don’t know about who has access to their LMS, or don’t care because it’s too difficult a problem to find out.

When your child reads something posted by another Fronter user, who actually wrote it? Much is made of ensuring that everyone in contact with children has a CRB check, but a Fronter account for a child is given out to its parents with no checks made on them whatsoever.

Have you ever wondered what the likelihood of a randomly selected parent failing a CRB check might be? Well I reckon it’s about 1 in 5; in other words not much better than 50:50 that one adult in the house has a criminal record of some sort. (Figures aren’t compiled; I have extrapolated this from an answer in Hansard 25 Apr 2008 : Column 2328W). Worrying? So How many are likely to be on the “Sex Offenders Register”? Currently the English notification system lists 48,000 adults. It’s widely realised that most don’t appear on this because they haven’t been caught, and dodgy teenagers don’t figure in the stats at all, but certainly exist. Projecting this to working age parents (or guardians) you end up with an average of about three sex offenders being parents at a school of 1000 pupils. In other words, you can say pretty safely that there are probably registered sex offenders able to control accounts on most Infant and Junior schools using an LMS.

This leaves schools with a bit of a dilemma. If parents realised that they children were using a social media site shared by CRB failures and sex offenders they’d insist the plug was pulled. But at the very least, schools need to ask for informed consent from the parents before exposing their children to this risk – or turn off the ability to communicate in the LMS software (the safe option) and simply use it for staff to pupil communication. What schools often claim is that their staff monitor all content and messages. This will be done with the best of intentions, but will it be kept up long-term and how effective will it be on a large volume of traffic? If you’ve ever moderated a forum, you’ll understand the difficulty. However, teachers are smart people and usually have a sixth sense about where to watch for trouble.

Monitoring is undoubtedly good thing compared to a free-for-all, but does fail to address the fact that multiple channels are often used for nefarious purposes. A message posted on the LMS might seem innocuous in itself, but could easily be key part of an external conversation. Anyone who thinks children don’t routinely use code words adults won’t understand simply doesn’t know children.

So far I have considered login details falling in to the lap of undesirable elements via children in the household. But supposing an unconnected local paedophile wished to target a LMS directly. Is this possible? Of course, and here’s a scenario to make the point.

A fair number of schools now use outsourced emailing systems such as ParentMail, inTouch and CallParents to contact parents, and may simply use the mechanism to distribute attached files rather than proper text messages in the email body. Parents tend to trust emails from these services as they believe they know the sender (i.e. the their child’s school), and are conditioned into opening file attachments. It’s trivially easy to forge a ParentMail email, sending any file attachment the attacker pleases. Stealing login-in credentials in such circumstances would be almost child’s play, but if a key logger was too much trouble then a phishing email should work just as well. Assuming some effort is being made to target a child, an email to the parents saying “Please click here to log in to Fronter”, using context information from the school’s web site and parent details from Facebook is trivially easy. I haven’t heard of this happening, but I can’t believe it hasn’t.

Assuming the LMS developer has any sense of responsibility or desire to stay in business, it’s pretty clear that the security measures against infiltration of a LMS such as Fronter depend on policy rather than technology. If children are allowed to exchange messages with each other the only thing that will stop an infiltrator will be the vigilance of the monitoring staff. Supervision whilst using the system, whilst at home and at school, is just common sense. But there are still technical issues to address.

Some LMS require certain insecure features to be enabled on web browsers, such as Java. For security reasons, many people have risky technologies disabled. You certainly wouldn’t allow them in a secure commercial environment, so why take the risk at home? And worse, how much more of a risk is it if you allow a naïve child to use client-side code? Yet this is exactly what schools using an LMS are asking parents to do – drop the security on their home computers to allow access to attractive interactive features. There’s probably little risk that the LMS will contain compromised code unless pupils are allowed to develop their own content, but it’s not impossible especially using a targeted attack.

An LMS is an attractive vehicle for delivering malware for various reasons. In junior schools particularly, the inexperience of the pupils could allow things to be activated that adults would normally be suspicious of. Also, there’s a temptation for the institution to consider the LMS part of the Intranet and give it trusted status on local endpoints, meaning anything injected in to the LMS is likely to run with trusted privileges even when the Internet is locked down. This isn’t logical – if the endpoint is vulnerable to Internet-based web pages and LMS users can upload content, it’s not actually any more secure.

Many LMS allow file uploads for assignment submission, which provides a route to compromise the PCs used by the academic staff. Given that criminals will have access to some pupil’s login details by virtue of the fact they’re also parents, uploading a trojan to a staff computer is a real threat. For example, Fronter reassures users on its web site that uploads are scanned using Clam-AV. Commendable, but they are inadvertently giving the criminals the intelligence needed to bypass this specific scanner.

Another issue with file uploads concerns endpoint security software. If the endpoint has been secured, file transfers from the browser or elsewhere will be disabled. In order to use the LMS, this often has to be globally enabled. For example, using Ranger to block file upload/download dialogues with Fronter appears impossible because it uses the generic object selector. Ranger detects the window title and either blocks it or lets it through for every web site. Discrimination isn’t possible.

Whilst I’ve used Fronter in many of these examples because it is to hand, I am talking about general issues of security when allowing young children to use an LMS. The developers of such systems take good care to make sure the platform is inherently secure, but dangers remain from at least two sources. Firstly, there may be only a thin veneer of control over who has access to the system if pupils have access outside of school. Secondly, in order to run an LMS it is often necessary to disable endpoint security measures in such a way that it becomes venerable to threats from wider sources.

1-February-1010-April-10

Kay Gilderdale prosecution was right

This is a very sad case. Kay Gilderdale’s 31-year-old daughter Lynn was seriously ill and wanted to end her own life. Her mother supported this decision and provided the means (morphine). When this was apparently not working, she herself injected air with the intention of killing her. Lynn actually died of the morphine overdose, but her mother’s intention was to kill her with the air.

I wasn’t there, and couldn’t begin to judge the rights and wrongs of whether a mother should be helping her daughter to die but I’m sure she had good reasons. These were clearly exceptional circumstances, before and after the jury decided to acquit her.

However, the judge, Mr Justice Bean, questioned the decision to prosecute her for attempted murder in the first place and now the newspapers and politicians are jumping on the band wagon.

I think we need a reality check here.

When someone deliberately kills someone else, or tries to, that’s murder. It’s not for newspapers or politicians to decide. When a murder is committed we have a long-established system where a jury (not judge) decides what should be done about it. On the face of it, the jury has come to a sensible decision; the system works and we shouldn’t be messing with it. All murders should be prosecuted and only a jury should decide if there’s any mitigating justification – not politicians, newspapers or journalists.

Yes, it’s been tough on Mrs Gilderdale and I have every sympathy for her. Perhaps the trial could have been hurried up, to reduce her ordeal. But this doesn’t mean we should be messing with trial-by-jury when someone’s been killed as only a jury should be deciding where to draw the line.

18-January-1018-January-10

Bugs in IE? Which browser should I use?

Internet Exploder has been hit by the cyber-criminals again. Yawn. Actually, this time it’s serious. It affects all versions of Internet Explorer since six, and it’s going to take Microsoft a while to fix it, and I suspect they won’t for earlier releases (anything less than version eight).

Continuing to use Internet Explorer in the mean time is risky, so using an alternative would be a good idea. But which one?

There are strong opinions as to which browser to use, more often related to the companies that produce them than to their technical merits. In the circumstances I thought a quick guide was in order.

Internet Explorer

Produced by Micro$oft and therefore beyond the pale. Actually, it’s pretty good although slow and cumbersome. It trails behind the others in innovative features. A lot of kid web designers specify that their sites are “optimised” for Internet Exploder, which is a reason to avoid such web sites – or use Internet Explorer. As it comes pre-installed with Windows, it’s the most common web browser out there and is therefore the one attacked most often by criminals. However, I’ve seen no evidence that it’s inherently less secure.

It’s Windows-only, and the current version requires XP SP2 or newer.

Download Internet Explorer if you must

Firefox

This one comes from the Mozilla foundation and is championed by the anti-Microsoft brigade. They claim that Internet Explorer is full of bugs, insecure and bad. Firefox is all of the above, but “good”. More bugs and security problems turn up in Firefox than IE, and it has very regular updates to fix them.

Firefox, like Internet Explorer is big and slow – and some of the versions will cause your PC to grind to a halt. The current release (3.5.7) seems okay, but the writers tend to break it too frequently for my liking.

However, Firefox is on the leading-edge of browser design and pushes forward with useful new features before Microsoft has thought of them. It’s also very good from a security perspective in dealing with encryption and suchlike, and is probably the professional browser of choice for this reason.

Firefox is also cross-platform – available for UNIX, Linux, Windows, Macintosh and so on.

Download Firefox

Google Chrome

This is a wonderful, small, efficient browser from Google. It follows the web standards very well, which means web pages produced to work around problems with Internet Explorer will not look the same on Chrome.

It has one big weakness: it will remember web site passwords, but not in a secure way. Therefore don’t use Chrome for logging in to anything secure. I do hope they’ll fix this soon, but it’s taken a long time.

Download Chrome

Opera

If you like Norway, you’ll love Opera. It’s available from Windows, Mac, Linux, Nintendo Wii and various handheld devices. Its users seem to like it, although it doesn’t have a significant desktop market share except on the Macintosh. I haven’t tried the latest version as I’m happy with Firefox and Chrome, but it’s worth a look if you’re not.

Download Opera

Safari

This is written by Apple and only runs on a Macintosh (or iPhone &c). I would mention the fact it’s proven pretty insecure, but that would upset Mac aficionados, who don’t take such criticisms seriously anyway.

Summary

They’re all insecure. Take your pick. Just avoid IE for a month or so, and be careful if you have to use an earlier version as they might not get around to fixing it.

14-January-1026-July-12

Why is Sage Line 50 so slow?

NB. If you want to know how to make Sage run faster click here for later posts, and read the comments below (there are a lot!).

As regular readers will know, I don’t think much of Sage accounting software, especially Sage Line 50. It’s fatally flawed because it stores its data in disk files, shared across a network using a file server. I suspect these.DTA files are pretty much unchanged since Graham Wylie’s original effort running under CP/M on an Amstrad PCW. There is continual talk that the newer versions will use a proper database, indeed in 2006 they announced a deal to work with mySQL. But the world has been been waiting for the upgrade ever since. It’s always coming in “next year’s” release but “next year” never comes.The latest (as of December 2009) is that they’re ‘testing’ a database version with some customers and it might come out in version seventeen.

In fact it’s in Sage’s interests to keep Line 50 running slower than a slug in treacle. Line 50 is the cheap end of the range – if it ran at a decent speed over a network, multi-user, people wouldn’t buy the expensive Line 200 (aka MMS). The snag is that Line 50 is sold to small companies that do need more than one or two concurrent users and do have a significant number of transactions a day.

So why is Line 50 so slow? The problem with Sage’s strategy of storing data in shared files is that when you have multiple users the files are opened/locked/read/written by multiple users across a network at the same time. It stands to reason. On a non-trivial set of books this will involve a good number of files, some of them very large. Networks are comparatively slow compared to local disks, and certainly not reliable, so you’re bound to end up with locked file conflicts and would be lucky if data wasn’t corrupted from time to time. As the file gets bigger and the number of users grows, the problem gets worse exponentially. The standard Sage solution seems to be to tell people their hardware in inadequate whenever timeouts occur. In a gross abuse of their consultancy position, some independent Sage vendors have been known to sell hapless lusers new high-powered servers, which does make the problem appear to go away. Until, of course, the file gets a bit bigger. Anyone who knows anything about networking will realise this straight away that this is a hopeless situation, but not those selling Sage – at least in public.

One Sage Solution Provider, realising that this system was always going to time-out in such circumstances, persuaded the MD of the company using it to generate all reports by sitting at the server console. To keep up the pretence this was a multi-user system, he even persuaded them to install it on a Windows Terminal Server machine so more than one person could use it by means of a remote session.

If that weren’t bad enough, apparently it didn’t even work when sitting at the console, and they’ve advised the customers to get a faster router. I’m not kidding – this really did happen.

The fact is that Sage Line 50 does not run well over a network due to a fundamental design flaw. It’s fine if it’s basically single-user on one machine, and I have clients using it this way. If you want to run multiple users, especially if your books are non-trivial, you need Sage 200/MMS – or a different accounting package altogether.

12-January-1018-October-21

Dangerous killer still behind wheel

Yesterday Tracy Johnson walked free from a court after driving into two cyclists at a roundabout and killing one of them; mother-of-three Sharon Corless.

Newspaper reports make much of the fact she was driving a particularly expensive Chelsea Tractor and had just come off a mobile phone. You get the picture – totally irresponsible on all levels. However, her defence claimed that she might have fainted, and the prosecution couldn’t prove she hadn’t – although their medical examination had been unable to recreate the conditions.

David Porter described the events for the prosecution:

“For reasons that defy any reasonable explanation, the defendant’s vehicle began to accelerate towards the roundabout. The vehicle began to drift from the carriageway and then collided with the verge and drove along the vergeway(sic) with the near side wheels on the verge.

“It travelled along the vergeway for approximately 50 metres. Having collided with the verge the vehicle then collided with Mrs Corless who was dragged underneath the wheels of the Range Rover. She suffered fatal injuries and died later in hospital.

“Moments later there was a second collision with Peter Corless, who was thrown clear of the vehicle but nevertheless sustained serious injuries.

“The vehicle then carried on to the roundabout where it collided with a further vehicle – a Peugeot which was being driven by a young lady with her daughter.

“Fortunately they suffered no injuries. The vehicle then collided and came to a stop with a lamp post on the roundabout itself.

“Witnesses behind the vehicle said at no stage did they see brake lights come one; rather it appeared to accelerate.

“The defendant emerged from the vehicle in a shocked and dazed condition saying something along the lines of ‘what’s happened.’ Moments later she was asking for her mobile telephone, which she later said was to call her partner.”

Now, from what I’ve been able to read about the court case, it is certainly possible she fainted. However the family whose mother was killed have thus been denied a proper trial to prove this, and anyone wealthy enough to employ a good lawyer can just keep driving for a bit after killing someone and then claim they’d fainted in the knowledge that it won’t even go to court.

Either she’s lying, or she isn’t, and we won’t ever get to find out. However, one thing is telling – she was not banned for driving. This woman claims she’s prone to randomly losing conscious, and by all accounts, is still behind a wheel. Holders of a driving license have a duty to report various medical conditions to the DVLA, including anything that causes loss of consciousness, so that their license can be revoked.

Chelsea Tractor of type used (stock photo)

So anyone in Mrs Johnson’s home town of Warrington spotting her behind the wheel would do well to call the police – she’s driving with a medical condition that makes her unsafe. She said so herself in court.

It may be that Mrs Johnson has surrendered her driving license; this wouldn’t make everything aright but would stop her looking guilty. I’d be pleased to hear from anyone who knows this to be the case.

12-January-1019-July-13

Snow cycling

Today I finally had a go at snow cycling, as there’s a thaw on its way. It had to be done, and I set off across the snow-covered fields behind my garden.

Now I know why snow cycling isn’t popular as an extreme sport. It’s boring. If you peddle hard enough you can get a bit of wheel spin, but you have to try. Normal knobbly mountain bike tyres gave me a surprising amount of traction, even on sheet ice. Once moving you’re as stable as anything – no sliding sideways at all. I wasn’t expecting that. Deviating from a straight line when on sheet ice probably wasn’t going to be easy, but I though I’d leave the laws of physics unchallenged.

However, cycling in snow is too much like hard work; like trying to cycle through dry sand. I had thought the wheels would squash the snow flat with no trouble at all in much the same way as a heavy boot punches through the powder, but it really slows you down. It’s probably twice as fast as walking if you can cope with the looks you get that say “What’s that idiot doing riding a bike in these conditions?”. Luckily this doesn’t bother me.

The highest speed attained was 8mph, down hill with the wind behind me. I dare say I could have got more speed on a hard surface, but I was cycling through several inches of snow.

Apparently you can get special studded tyres and even snow chains for riding mountain bikes above the snow line – at least in the USA. I don’t see studs being much use on snow, but they’re bound to make difference on sheet ice.

So, while there’s still some snow around, get out there. I can’t guarantee you won’t hurt yourself but it’ll be a lot more stable than you might think.

4-December-0925-April-14

BBC reports hacking scam – brace yourselves for more chain emails

You saw it here first –

I’ve just spotted this tucked away on the BBC News website:

Suspect hacker calling residents

“A warning has been issued about a suspected computer hacker who has been calling residents on the Isle of Man.

Identifying himself only as “Mark”, he does not state a surname or a company, but says he is phoning regarding a complaint of slow internet connection.

He then asks the computer user to give him remote access by typing in logmein123.com.

The instructions should not be followed and people should contact their service provider, police have said.”

Yeah, right!

(a) this smells like a typical hoax, recognisable to anyone who knows anything about computer security; and
(b) it’s going to turn up on an email chain letter sooner or later.

The BBC has great difficulty reporting on anything to do with technology, as they’re all seem to be media studies graduates. But surely journalist are supposed to check their facts anyway?

1-December-0912-April-16

Gary McKinnon who has Asperger’s syndrome

The Home Secretary (Alan Johnson) has just answered an emergency question in the commons as to why he’s declined to block the extradition of Gary McKinnon to the USA for ‘hacking’ (whatever that means). He said that the medical evidence didn’t amount to enough, he’d admitted he was guilty, and besides, he hasn’t got any discretionary powers in the matter.

In some ways, I agree with him. McKinnon may very well have done what he’s been accused of; and as far as Asperger’s Syndrome goes – do me a favour!

He was diagnosed with this condition last year by Prof. Simon Baron-Cohen from Cambridge University. It’s a psychological illness, right? Well actually there are many who’d doubt that. He certainly seems to be the authority on the subject, based on the number of papers published and TV appearances – acceptable to academia and pop culture. He’s the country’s foremost expert on the condition. But is it an illness?

A few years back Prof. Baron-Cohen devised the A.Q. test, a series of 50 self-assessment questions for those wondering if they have the condition. Apparently the general population scores 28%. I score 76%. Do I have a mental illness? I don’t think so; in fact it’s often said that half the scientists in the world would score highly on the assessment too. Us nerds might be different, but so are gay people. Try telling them they’re ill! If you want to know more, just Google the subject.

Gary McKinnon is also, apparently, upset and depressed. Who wouldn’t be in his circumstances?

It might be worth reminding ourselves what he’s actually done (according to Alan Johnson):

He accessed US government computers looking for UFO evidence while smoking dope (as one does), and in the processes has damaged their operation. According to the Americans (and Mr Johnson) he knocked out all the military computers in Washington for 24-hours.

Apparently this was done by using perl to look for blank passwords, a technique a find entirely credible. That’s right – McKinnon is a script kiddie. He claims he was caught when using Windows Remote Desktop while the real user was still on the machine, which also fits.

Now for this he deserves to be prosecuted, the same as the morons who were prosecuted for criminal damage while attempting to thieve hereabouts. The difference is that Harrow magistrates decided just to give them a good ticking off after they’d made up some sob story about turning their life around. McKinnon’s treatment is on the other extreme.

Unfortunately for him, there’s an obvious political element. The American military has lost (more) credibility and they want someone, preferably foreign, to divert attention. They can’t catch Bin Laden, so he’ll have to do. Anyone in the data security game knows that any serious cyber-criminals will be able to cover their tracks, so IF serious deliberate damage was done and IF they traced it back to this script kiddie then the one thing you can be pretty sure of is that he wasn’t behind it. Either that, or all the computers in Washington were in such a fragile state that they’d fall over if you sneezed.

In spite of the Home Secretary’s assurances about the extradition arrangements between here and the USA being reciprocal, many will suspect that this case results from the special Labour-Bush relationship – the one where Bush asked and Blair gave.

If Alan Johnson is right, and he really does have no discretion to stop this charade, the real question David Burrowes (McKinnon’s MP) should have followed his answer with was “Why not?”

29-November-0920-April-23

George Osborne – be very afraid

This Tuesday George Osborne gave speech at Imperial College London explaining how the Conservatives are going to spearhead the green revolution with a recycling reward scheme. It’s complete madness, although Telegraph columnists seem to like it – or more likely aren’t clued up enough to see the problem.

Apparently he’ll cut carbon emissions by 10% within a year. Great! But how? He doesn’t say, but I’m sure we’ll all be interested to learn in good time. However, the incredible recycling plans that followed don’t exactly encourage me to believe he’s got any good ideas.

“Carrots work better than sticks. Instead of punishing people, as Labour do with bin taxes, the Conservatives want to encourage families by paying them to recycle.

This isn’t an idle promise – we’re actually making it happen on the ground in Conservative areas. Now we want to make it happen everywhere.”

Apparently they’re going to reward recycling households with vouchers to spend at, wait for it, Tesco and Marks and Spencer! One of the best ways I can think of to cut down non-recyclable domestic refuse is to close down M+S, who were easily the worst offenders when it came to stupid packaging (see blogs passim).

But it gets worse. Apparently they’re going to make this work with some new miraculous technology. Dustcarts will be fitted with a gizmo that scans the contents of the recycling bin, works out the address the items came from and allocates “recycling points” to your account in a special database. Methinks he’s been watching too much Star Trek. Why don’t politicians ever bother talking to engineers before opening their mouths and spouting such fantastic nonsense?

Incidentally, if you’re not an engineer, fair enough – but take it from me that this will never work as described.

However, whether it works or not, they’re spectacularly missing the point. Recycling isn’t the answer. They should be looking at ways for reducing waste in the first place, and there’s precious little evidence of that. In fact this encourages even more waste by rewarding people to manage to fill their recycling bin with £130. It’s potty! Anyone taking the incentive seriously might, for example, switch to disposable plates and cutlery just to ensure their bin is always topped up.

So who’s responsible for this nonsense? Well apparently the Conservatives now have Tesco, BT and B+Q (part of Kingfisher) on board as advisers on environmental issues. Need I say more?

Meanwhile Labour Health Secretary Andy Burnham launched a report saying we should cut down on livestock rearing and meat consumption to save greenhouse gasses and improve people’s health. Now Labour has the skids under them they’re talking sense, although I doubt they’d be so candid if they thought they’d actually ever have to sell the idea to the farming industry or those hooked on eating cheap meat.

26-November-0919-February-16

Overdraft charges ruling

“The People’s” wonderful new Supreme Court has ruled that the Office of Fair Trading can’t investigate the rip-off fees charged by banks for unauthorised overdrafts. “Quite right”, chorus the smug idiots, “we’ve always got enough money in our accounts!”

The British Bankers Association is, of course, delighted. It had been putting out the propaganda that customers would be charged for simply having bank accounts if they lost, because otherwise they wouldn’t be able to make a profit. Hello?!? That’s not how banks operate and they should be ashamed of themselves. And the smug rich people should be ashamed too – if their argument is correct then their free banking is being subsidised by the poor. (Incidentally, in case no one’s told you before, banks make a profit by paying savers a lower interest than borrowers, lending out considerably more than is deposited I might add, and pocketing the difference).

It’s a practical necessity to have a bank account if you live in this country, and banks are clearly exploiting this fact. Would the (old) Law Lords not have done something about this obvious problem?

And as for the numerous spokespersons for the banking industry trotting out statistics that this issue doesn’t affect most customers anyway, they must be joking! As well as the financially challenged, this affects everyone who’s paid in a cheque that’s bounced, everyone who’s suffered a bank error and everyone who’s employer has messed up the payroll run (often a problem with the bank themselves). It’s really easy to end up overdrawn on a current account, through no fault of your own, even if you have plenty of spare cash with the bank in a deposit account. This two-account approach is necessitated by the customer-unfriendly ‘financial product’ culture the banks themselves operate.

The people who are going to suffer from this are the normal hard-working types who operate through a current account and save a little for a rainy day. One simple mistake made by someone else and they’re stuck with a load of ridiculous charges. If you’ve got a lot of money in your deposit account, a quick call threatening to move your cash elsewhere gets rapid results. If you’re not in this happy position I wouldn’t rate your bargaining power.

The banks should be thoroughly ashamed of themselves, but I expect they’re too busy pocketing their taxpayer-underwritten bonuses to even notice.

It’s no surprise that New Labour is letting them get away with it, but there’s a deafening silence coming from the other parties too. Scared to upset the bankers?