Skip to main content
Parrot AR Drone In Flight

The Challenge In The Rising Use Of Drones

Over the past few weeks a number of the technology blogs and news sources I read regularly (particularly Harvey Nash Technology on Twitter) have been raising questions about the predicted rise in the use of ‘drones’ in the UK over the next 20 years, and inviting thoughts.

As both a technologist and a helicopter pilot, I’m in a good position to comment on that. However it’s not a topic which can be done justice in 140 characters on Twitter. I tried, failed, and so I thought I’d expand on it:


It’s not regulation.

I wasn’t quite accurate in my reply to Harvey Nash. It isn’t the regulatory framework which needs change; it’s the enforcement and awareness of it. The UK Civil Aviation Authority, who issue my pilot’s licence, are very clear on the rules for Unmanned Aircraft under 20kg in weight. Unless CAA permission has been granted, the pilot cannot:

  • Fly over or within 150m (492 ft) of a congested area
  • Fly over or within 150m (492 ft) of an organised open-air assembly of more than 1,000 persons
  • Fly within 50m (164 ft) of any vessel, vehicle or structure which is not under the control of the person in charge of the aircraft
  • Fly within 50m (164 ft) of any person.

These rules are, by CAA and Air Navigation Order standards, relatively simple and clear cut – if you don’t believe me, try and easily interpret Rule 5 (Low Flying) on Page 329 of CAP393.

The purpose of the rules is really quite clear – to keep small drones away from the risk of hitting people unless special permission has been granted by the CAA.  The reason is that 20kg falling from several hundred (or even tens) of feet will hurt. A lot.

Most commercially available drones don’t have the required redundancy to deal with a failure, don’t have the same certification as aircraft, and don’t even have guaranteed communications with the controller.. so the risk of something untoward happening is high and must be mitigated.

It should be noted we’re given much more flexibility to operate Unmanned Aerial Systems (UAS) ‘drones’ in the UK (and most of Europe as EASA takes over) than in other parts of the world. In the USA, for example, there is a complete ban on UAS for commercial purposes!

Awareness -vs- Consumerisation.

So, if the rules are pretty clear, why are we seeing headlines like this:

Drones flown in London and Liverpool despite CAA laws

UK’s first drone conviction will bankrupt me, says Cumbrian …

The answer, and the challenge, is awareness. The consumer can go and buy one of these drones relatively cheaply – under £300, and they’re cool. What gadget nerd wouldn’t want one? For a lot of us they are the work of the science fiction of our youths.

But they come with no warnings about about the legality of operating them. This advert for a Parrot AR Drone on contains only these safety warnings:


Amazon AR Drone Warnings.
The Only Warnings on Amazon AR Drone Advert

Where’s the big, bold, bright warning about legality of operating it?

We know that ignorance is no defence to breaking the law, but as unmanned aerial systems become more consumerised, and available, the manufacturers and retailers should surely draw to the attention of their customers that they run the risk of hurting people, and thus prosecution if they’re not careful about how they use their new toy!


I’m certainly no CAA-apologist (even they, under their new leadership, admit they need to improve in many areas). But they simply aren’t resourced to police these rules to any great extent. By virtue of cost and licensing they have managed to police and enforce manned flight rules to date.

They are under-resourced to police and enforce these rules across the whole of the UK, and unless somebody reports incidents they most likely won’t be detected and dangerous situations could become commonplace.

The UK Government requires that the CAA’s costs are met entirely from its charges on those whom it regulates. Unlike many other countries, there is no direct Government funding of the CAA’s work.

So, should the UAS / Drone manufacturers start to contribute to policing and regulating the safety of the devices they make money from selling? That seems fair to me, as someone who pays CAA fees!

Historically The CAA have brought few prosecutions, in line with the internationally established ‘Just Culture‘ which encourages reporting (so we can all learn) and seeks to only punish wilfully negligent acts. How will they manage this when unlicenced consumers are involved?

It’s my view that they need to educate, then prosecute, and then highlight prosecutions to raise awareness.

The Future.

I love aviation. I love technology & gadgets. I embrace consumerism. However, to harness the huge possibilities of drones / UAVs we need to find a way to make them work safely in society – before a single incident occurs which results in an outright ban.  

We could look to making them a licence-able aircraft, but those in aviation will attest that this will be costly, cumbersome and probably kill the industry and its undoubted benefits and enjoyment. We know that licenced commercial UAV operators exist, and use much more expensive, complicated, and safe aircraft – let them undertake the commercial work over populated areas.

But for domestic and hobby drone-flyers: the manufacturers need to step up to the mark with awareness. Very few people set out to deliberately break the law (and where they do the likelihood of being caught, and subsequent penalty should be a huge deterrent)… but they need to be aware of the rules.

Should we mandate the inclusion of warning notices in the boxes and on the packaging?

I think so… what do you think?

HM Revenue & Customs Logo

HMRC Anonymous Data? Be Careful…

This weekend we awoke to hear of plans by Her Majesty’s Revenue & Customs (the UK tax authority, akin to the IRS in the USA, but with more power) to start selling anonymised tax data where doing so “would generate clear public benefits, and where there are robust safeguards in place.”

Although there is no formal announcement on the HMRC news section, you can see some of the press coverage on The BBCThe Guardian or The Telegraph.

You’ll see that one of the Government’s own MPs has described the plan as “borderline insane,” a tactic no doubt employed to garner some headlines and ensure that his opposition is well known; especially given the likely public reaction and HMRCs not-all-to-great record on data protection. But is it that insane?

Setting aside the plans to sell the data, and the slightly more nuanced debate that the sale of public data brings (and of course the OpenData / movement) I’d like to concentrate on the anonymisation of the data which HMRC might be proposing to use, and just how flawed that can be in the age of Big Data and Cloud Computing.

It is likely the proponents of the HMRC plan will assure the general public that their data won’t be identifiable and the principle of tax-payer confidentiality will be upheld… Well, it turns out that’s really hard to do!


Anonymous MaleRe-identification is the process of taking a dataset which is believed to have been anonymised of any personally identifiable information and by means of processing or data-matching re-establishing the personally identifiable information (PII) with some level of confidence.

In practice this generally means combining other publicly available information with the ‘anonymised’ information in a data-matching / ‘jigsawing’ exercise.  Historically this was hard, processor intensive work which could take days or weeks and thus was usually cost or time prohibitive – even with just one data set to combine.

However, the advances in ‘Big Data’ over recent years, combined with the scalable power of cloud computing, mean that multiple data sets could be combined in a matter of moments – making the re-identification of data not only possible but also practicable.

An often-quoted example of this process is when Netflix first released some anonymised usage data as part of the Netflix Prize was combined with IMDB reviews (and thus IMDB user names). It was possible to identify the user who had watched the Netflix movie, then link that to their IMDB review based on the time – a seemingly innocuous data point in the Netflix set. By then reversing this process it was possible to take the IMDB reviews and user names and come up with a complete listing of films watched by each user. More information on that here.

This was with two data sources – IMDB and Netflix Anonymised Data. Imagine if the researchers here had then added in social media data, perhaps by looking for similar user names, or perhaps looking for posts containing the films name around the correct time – something not that complicated to do with Big Data and Cloud tech. It would have been comparatively easy to go from anonymised film usage data to a picture, name and social media details of the person watching it, along with their recent film history.

Just think of the consequences if the same happened with your tax data!

What Do We Do?

Of course, we all want open data, don’t we? But if we get scared by the possibilities like those above, we’d never release any data. A similar recent debate in the UK formed around government plans to allow research based on NHS medical records – Fundamentally few people would disagree with using existing medical knowledge to try and improve care for the future, but medicine is complicated and you need a lot of data about an individual person to do that reliably. So, anonymised data would help, and surely we all want better health for our future generations (and maybe even us!).

Obviously we have to be careful HOW we anonymise data. The devil is in the detail. As data professionals we can take obvious steps to anonymise data effectively against the threats we know about at the time we anonymise it. We also look to anonymise data down to the lowest level needed to provide meaningful data for research & development, social good etc – perhaps by aggregating data into groups (for example postcode area SW1A rather than SW1A 2, or even SW1A 2AA – Downing Street).

The problem comes, as with most information security, that there will always be someone with more knowledge, more skills or a stronger, often nefarious, desire to break the defences put in place to protect that information. This is the “motivated intruder” attack. It is our job to protect against this as best we can when we anonymise data – it’s a higher standard than “can a reasonable person link data.”

Motivated Intruder Test

So, when anonymising our tax data, HMRC must think of the motivated intruder. In fact, The Information Comissioner’s Office details this exceptionally well in the Code Of Conduct for Anonymisation. HMRC will have to think about some, all, and hopefully more than the following:

  • What other information is out there?
  • What other information could be “jigsawed” with the tax information?
  • What information they release:
    • Can they aggregate without losing utility of the data?
    • What data points are in it which may help to identify a person?
    • What could the data be used for?
  • How difficult (and therefore likely) is it to use this data?

Some of these will be very hard to answer, or even unknown to HMRC. They are the realm of specialists who devote their whole professional life to this sort of question. It’s just like any other form of Information Security – you don’t know what you don’t yet… so best ask someone who does nothing else.  Actually, ask two people – or better still 20.

When we launch a new website, or service, or even maintain an existing one, the prudent amongst us employ the services of at least one (sometimes many) security consultancies to “penetration test” them. They use all the techniques they know how to try and break in / break the service. Anonymised data should be no different – HMRC must test their data sets with as many 3rd parties as possible and they should make those results public to instill confidence.

The publification of anonymised tax records could be very useful for so many aspects of life, some commercial, some social – but the potential harm of doing it incorrectly is huge and the risk of doing so is high. HMRC would be wise to tread very carefully and walk very slowly into this one.

An Aviator Passes.

It’s with a very heavy heart that I read reports this afternoon that one of the Red Arrows has crashed, and the pilot hasn’t survived.  The Red Arrows are a true credit to The Royal Air Force and are nothing short of absolutely awesome to watch — it’s impossible to describe just how skilled these aviators are.

I’m a happy chap if I can keep my airspeed and height within the standards expected of a newly qualified commercial pilot (which I am not, but no harm in aiming high) — these guys and girls fly fast jets at almost 4x my speed, often only inches apart.  It’s a real treat to watch.

I have had the privilege to see this years Red Arrows (part of the team changes every year) twice.  Only earlier this week they overflew my home town and my son had to ring me straight away to say he’d seen them again; and wanted to know why they had no smoke on – I was 150 miles away; but this gives you an idea of how inspirational they are; my 3 year old adores them.  I haven’t the heart to tell him one has crashed.

My thoughts are with the pilots family, friends and his colleagues; it’s always awful when a fellow pilot passes, especially when flying.  Rest In Peace.

Flying West

Capt. Michael J. Larkin 

I hope there’s a place, way up in the sky,
Where pilots can go, when they have to die-
A place where a guy can go and buy a cold beer
For a friend and comrade, whose memory is dear;
A place where no doctor or lawyer can tread,
Nor management type would ere be caught dead;
Just a quaint little place, kinda dark and full of smoke,
Where they like to sing loud, and love a good joke;
The kind of place where a lady could go
And feel safe and protected, by the men she would know.

There must be a place where old pilots go,
When their paining is finished, and their airspeed gets low,
Where the whiskey is old, and the women are young,
And the songs about flying and dying are sung,
Where you’d see all the fellows who’d flown west before.
And they’d call out your name, as you came through the door;
Who would buy you a drink if your thirst should be bad,
And relate to the others, “He was quite a good lad!”

And then through the mist, you’d spot an old guy
You had not seen for years, though he taught you how to fly.
He’d nod his old head, and grin ear to ear,
And say, “Welcome, my son, I’m pleased that you’re here.
“For this is the place where true flyers come,
“When the journey is over, and the war has been won
“They’ve come here to at last to be safe and alone
From the government clerk and the management clone,
“Politicians and lawyers, the Feds and the noise
Where the hours are happy, and these good ol’boys
“Can relax with a cool one, and a well-deserved rest;
“This is Heaven, my son — you’ve passed your last test!”

2012 Olympics… the end of Aviation?

The proposed airspace restrictions which will come into force for the 2012 Olympic games in London have been announced…  but I am not quite sure who dreamt them up!

When London won the 2012 Olympic games it was widely celebrated as being good for business and the economy as a result of all the extra people and spending it would bring it.  It seems that if you are in the business of aviation and you’re in the South East of England, it won’t be good for your business!

Restricted or Prohibited.

Olympic Airspace Restrictions
Olympic Airspace Restrictions

As you can see from the graphic the plan is to establish two temporary control zones.  The central one will be prohibited for all flight apart from IFR traffic for London Heathrow and London City (and RAF Northolt & Biggin Hill).  This include the heli-lanes across London, and London Battersea heliport.

There will then be a much larger Restricted zone which more or less covers all of south eastern England.  Flight by powered aircraft will be permitted in the restricted zone, so long as:

  • A flight plan is filed using AFPEx between 2 and 24 hours prior to flight.
  • An acceptance / approval number is granted in receipt of the above.
  • 2 way RT is established with controlling authority and acceptance number is quoted.
  • Aircraft is squawking the unique assigned transponder code.
  • RT with ATC at all times.

These restrictions will be in full force for 2 months (13 July to 12 Sept 2012).


Clearly the authorities (in this case The CAA, NATS, MoD, and HM Governments security services) have an obligation to deliver a safe games; and these restrictions are obviously designed to reduce the threat of terrorist attacks using aviation.  But I just don’t see how they can work….

Inside the Restricted zone are a number of general aviation airports, from where a light aircraft can take off and be over the Olympic games sites in under 10 minutes.  All of the measures above will only assist in identifying that an unauthorised flight is taking place.  But can the military really get a fighter jet “on task” that quickly, and if they can – what are they going to do about a light aircraft only a few hundred feet above a packed venue?   Whatever they do there is certain to be a lot of “collateral” damage.

Destructive Effect.

It’s probably fair to assume though that the security services have some form of plan for this eventuality and clearly they aren’t going to share that with the masses.  However, it’s the destructive effect of such a massive restriction zone which concerns me.

Obviously all current commercial traffic into and out of London Battersea will be done for; and there are a further 14 airfields within the zones who have to date not been consulted at all.  There is a suggestion that exemptions may be granted on a case by case basis, but unless these exemptions are pretty generous then general aviation is pretty much ruled out during the Olympics.

So, if you’re a helicopter charter operator who though the Olympics would bring plenty of work in…. you might want to think again.  Or at the very least email with your concerns!

Wonga. Wronga?

Today I had the television on in the background while I did some chores around the house and an advert for Wonga caught my eye.  Wonga is a loan company who specialise in relatively low value, very short term loans.  It wasn’t the product which caught my eye – but the eye-watering APR of their products: typically 2689%.  Yep, 2689%.  Wow!

I tweeted about how this was nearly 100x more than my (fairly high APR) credit card.  It turns out that Wonga have a rep on Twitter – WongaWoman.  She replied and explained that their loans are v short term, so I thought I would do a bit of research.

They have a page on their website which is dedicated to explaining why their APR looks so ridiculously high. It goes in to detail about how APR is an annual indication, and that they feel it is unfair to use an annual indication as a comparison, when essentially the products (theirs & a standard loan) aren’t the same.  I sort of agree, but they are obliged to state their APR because of the law, and it does show that if you borrowed this money over a year it would be incredibly expensive.

Credit where it’s due.

To their credit they are very upfront about how much it costs to borrow their money (they give a total repayment figure before you take out loan), and they seem a robust responsible lending policy which sees the amount available to you rise as you use the service.  They are also filling in a gap in the banking sector where the big retail banks don’t operator.  In addition they make a donation to a poverty fighting organisation (Kiva) for every loan they process.  They have one numerous industry awards too by the looks of it; and given their response it’s not like they are trying to hide.

Extortion or Bad APR?

In the wake of the credit crisis many questions were asked about the lending practices of the banks, and more about “payday” loan companies and similar.  There was even moves by several members of parliament to put an absolute maximum APR into law, they cited sample APRs which were not dissimilar to the rate which Wonga charges; and they called it extortion.

Is it really Extortion, or is APR just not a good comparator for these type of loans which do have a different feature set and audience to traditional bank loans?  If we did have a law to stop extortionists and it were to be based on APR how could we still allow legitimate and upfront businesses like Wonga to operate?  Or should we allow lending with such high APRs…

Sample Tax Disc

Tax Discs – Not Worth The Paper They’re Printed On

A couple of things have got me thinking about this antiquated piece of paper lately.

For those reading from abroad I should first explain that a “tax disc” is a round piece of paper which is displayed on every vehicle in the UK, to show that the Vehicle Excise Duty (road tax) has been paid for that vehicle, and when it expires.  In cars it is displayed in the bottom passenger side of the window, and on bikes it is affixed to the vehicle somewhere.

Not needed…

This post was prompted by the fact that when I was recently stopped by the local police they totally failed to notice that I wasn’t displaying one.  Obviously, I have paid my tax – however the tax disc holder fell off my motorcycle within 10 miles of owning it (it was badly affixed).  The dealer is supposed to have replaced it, and that is my defence to the crime of “failing to display a VED disc.”

Now, the two traffic police officers could have failed to check for it because it’s almost technically impossible for my bike to not be taxed owing to the fact it is less than 1 year old and you have to tax a motorbike for 1 year when you register it.  (There is the technical possibility I have sent it back for a refund I suppose!).

More likely though, they knew my bike was correctly taxed (and insured / registered etc) before they even stopped me because the ANPR camera in their car had read my registration plate and checked it on the Police National Computer.  So they didn’t need to look for it.  Making it pointless.


Why can’t we do away with this unsightly piece of paper in my window and the expense of printing them (they have some anti-counterfeiting features), distributing them and replacing them every year.  I renew my car tax online, and will do the same with my bike – the government database is updated immediately.  Even if I chose to tax my car at a Post Office the government database is updated overnight – then I am given a disc and a receipt.  Would a receipt not be enough?

We could even opt in to have the reminder sent by email – perhaps with a paper reminder if you failed to re-tax by the due date (just in case).

Oh, and if you do let the one you have expire and don’t tell the DVLA you have taken the vehicle off the public highway then they will use their electronic records to send you an automated £80 fine, in addition to the duty remaining payable.  They’ll even take you to court if you continually fail to pay.

So, if we can buy one electronically, the police check them electronically, and DVLA enforce the actual duty electronically,  why do we need them?  You can even check yourself online – if you know the registration and make of a vehicle you can check on the DirectGov website as to the status of that cars tax.   I just can’t see a reason for keeping them?

The Exceptions.

VED Exempt
VED Exempt

The other thing which got me thinking about it was the exceptions to the regime.  You very rarely see them, but vehicles being operated by Her Majesty’s Revenue & Custom’s are exempt VED, and display a special disc.  I saw one of these in Leamington about a month ago on a vehicle being used by the UK Borders Agency (they had a sticker in window asking not to be clamped too!!).  These would be very very easy to fraudulently copy if you were so inclined – but of course there’s no point, because the database would still show your car as untaxed.  Police would stop you, and DVLA would still fine you.

Then there is the farce of police vehicles, ambulances, fire engines and historic vehicles – none of which are subject to VED, but all of which has a piece of paper renewed every year in the front window.  Quite literally a total waste of money.

There you are then, if the new government wants a quick easy saving then how about not printed and distributing 34 million pieces of paper each year!?

To WWW or not to do WWW?

Preferring the robot over the human…

Having to type www before most websites you visit isn’t very friendly is it?  While I am well aware of the signficance of the WWW in DNS / network topology terms, it dates back to the days when the internet was largely used by nerds & geeks (takes one to know one!) – the demographic of the average internet user today really couldn’t be much different.

That, coupled with the fact that most websites start with www, just means it’s needless complication to my mind.  Most big companies realise this, and also find it snappier to advertise just their domain.  They will sort it out for you, try it – type, or, or into your browser…. you get the www. version, don’t you?

The www. has been dropped, just like the http:// has been too.

Government Fail

Unless, that is, you’re trying to get at some of the biggest UK government websites.  Take for example Her Majesty’s Revenue & Customs – possibly the one agency every citizen has no choice to use. fails to resolve. works fine though.  Same with the Air Accident Investigation Branch, Parliament, Prison Service and counltess others.

I should say, that some do work – and importantly the gateway to government websites, does work.

Why would they do this?

Well, it could just be they forget to configure it – either in the DNS for the domain, or the webserver itself.  I’d say that’s lazy or sloppy – every domain I register and host is configured to allow both URLS to be used.

The more likely reason, I think, is duplicate content.  Search engines, especially Google, penalise duplicate content at different addresses – and this will hurt where your site is positioned in the search results.

Canonical Domains.

How can it be duplicate if it is the same content on the same site?  Well, simple – it’s at two different addresses; and so is indexed twice.  It’s duplicate.    For example, these two URLs are different, but the content the same:

The way this should be handled is with URL re-writing or a 301 redirect.  That is the webserver should make sure only 1 version ever appears on the web by changing it and redirecting the user (and thus also Google).  If you go to the second address above, you will find you actually end up at the first one! The DVLA is using a redirect to ensure only one version is available.

This is really simple to set up on both Apache and IIS webservers; and it means your users have a much nicer experience, and who is more important, the bots or the user?….maybe it should be a standard for government departments!

Interesting Links for July 8th.

These are my interesting links for July 8th: