2020-04-23

Be reasonable

Update: New rules 13th May change the examples that are reasonable.

This is a blog about a little bit off the way laws are drafted. I am not an expert on legal drafting, and not a lawyer - however, laws are meant to be understood - as a member of the public I should be able to work out if something I am about to do is legal or not, even if that means I need a bit of help to understand the way laws are written. I'd be delighted in any feedback from those that are experts.

I'm picking, topically, on section 6 of The Health Protection (Coronavirus, Restrictions) (England) Regulations 2020 as amended. In particular, it basically says, in 6(1) that you need a reasonable excuse to leave home.

So that gives us a test - is my excuse a reasonable excuse or not. If that is all it said, it would be somewhat open to interpretation, and my view could be very different to yours. This is an issue where one party is a policeman and disagrees on what is and is not reasonable.

Of course, I would hope, being public health legislation, not public order, that any excuse that does not pose a public health risk should be considered reasonable. It is shame there is not paragraph clarifying the basis of a reasonableness test. Surely taking your household for a drive to a secluded spot for a picnic should be reasonable, clearly, as not a health risk as you do not interact with anyone. Even more reasonable if you ensure well serviced car, enough fuel, and driving carefully. Sadly this is not so simple, and we know the police are quite clear on that not being reasonable, so we need clues. We need to know how to apply this reasonableness test.

6(2) of the regulations helps, it defines reasonable as including... and a list of things. The use of the word "including" here is very important as it means it is a non-exhaustive list. It means some thing may be reasonable but not on the list. Sadly it gives no real idea how to tell if things not listed are or are not reasonable. So, for example, I would consider feeding a horse reasonable, but that probably comes under 6(2)(h) as a legal obligation under animal welfare laws.

This is where a computer programmer and a lawyer would diverge somewhat. To a computer programmer the rules in 6(2) are simple tests - if you pass any then you are reasonable. If not then there is an implicit final "generally reasonable" test, but the wording of the tests in 6(2) would not have any bearing on that "generally reasonable" test.

However, the wording does matter. The items in 6(2) are not simply positive things. They do not say "this is reasonable" and "that is reasonable", no, they say "this is reasonable except in this case", and "that is reasonable, if another thing applies".

This is quite clever in a way as it uses examples to couch the boundaries of the test, to say what goes in and what goes out - where the line is drawn.

So, for example, 6(2)(ga) to visit a burial ground or garden of remembrance, to pay respects to a member of the person’s household, a family member or friend; says visiting a burial ground is reasonable, but only in some cases. It has caveats, and they matter. It is was just that visiting a burial ground was reasonable the clause would not go on to say member of the person’s household, a family member or friend at all, so this means that visiting someone you don't know is not in fact reasonable.

So even though 6(2) is a non exhaustive list, using "includes", every restriction or caveat in the clauses in 6(2) effectively define the edge - line beyond which something is not reasonable, for those things that are listed.

Looking at 6(2)(b) to take exercise either alone or with other members of their household; the caveat is either alone or with other members of their household matters, and so exercise with someone else is not reasonable. As I say, as a computer programmer it would be different - exercise with someone else would simply fail 6(2)(b) but a "generally reasonable" test would not consider why it failed 6(2)(b), or that 6(2) has a test relating to exercise in it with caveats. However in English, those caveats start to matter as we list "exercise" and they say where the line is drawn. Exercise itself is not something not listed, and so possibly also included, because 6(2)(b) does cover exercise.

Looking at 6(2)(f) to travel for the purposes of work or to provide voluntary or charitable services, where it is not reasonably possible for that person to work, or to provide those services, from the place where they are living; seems to clearly relate to doing work (or volunteering, etc) but it has a caveat of not being possible to do it from where you are living. Again, the clause covers working, so you would not consider it reasonable to go out to work when you can do it at home - even if that is not a public health issue.

Of course, the use of "includes" does allow for something completely different to be reasonable and not be in the list. Ideally something that is obvious to all that it is clearly reasonable. But anything that is in the list with deliberate constraints clearly defines the boundary and implied directly what is beyond that boundary and hence not reasonable.

Sadly, 6(2)(f) also has the caveat "to travel", which directly implies that outside of that caveat, working away from home at all is not a reasonable excuse.

Sadly, on that last point, as 6(1) now needs an excuse to simply be outside, it suggests doing work that is not travelling for work, outside your home, is no longer reasonable.

Oddly even 6(2)(k) in the case of a minister of religion or worship leader, to go to their place of worship; is a problem as such a minster can go to their place of worship, but then no longer has a reasonable excuse to be there, or even to travel back home!

Some clauses just muddy the water, like 6(2)(l) to move house where reasonably necessary; effectively defining reasonable excuse as a thing that you need to do because is reasonably necessary! That is not helpful...

P.S. Stay home!

2020-04-22

Going to work?

Update: Fixed on 13th May

Drafting legislation is obviously a complex issue, and needs a lot of work.

As we have seen, the regulations for COVID-19 are badly drafted, with many things people consider "loopholes". The original legislation was, after all, done in a rush.

Thankfully the civil servants have has several weeks now to carefully draft some amendments to fix some of the issues, so these should be really good now, obviously.

Some issues:-
  • Previously you could leave home for one reason but then did not have to have a reason for being "outside". I.e. you could leave for exercise and then decide to go and have a picnic. As long as not a gathering of more than 2 people not from the same household in a public place, that was legal, even if the police said it was not and fined people.
  • Previously if you have a party at your home with lots of friends, it was clearly a gathering, but not in a public place, so you (at home) were not breaking the law. Any of your friends that left where they live with reasonable excuse and then decided to come to your party would also not be breaking the law. Even so, police would break up parties and fine people.
  • Previously if you left home for exercise, went to the park, you could sit on the bench for a while, even have lunch. What mattered is why you left home.
The changes at 11am today address some of these, and are listed here.

They fixed interesting things like in paragraph (1)(b), for “over the age of 18” substitute “aged 18 or over”; and in sub-paragraph (i)(iii), for “Department of Work” substitute “Department for Work”.

But one of the changes is this :-

(4) In regulation 6—
(a)in paragraph (1), after “leave” insert “or be outside of”;


This means that it now reads :-

6.—(1) During the emergency period, no person may leave or be outside of the place where they are living without reasonable excuse.
This covers a lot of previous loopholes. Now you no longer just need an excuse to leave where you live, but to be outside (yes, your garden is still counted as inside your home for this). So the picnic is not longer valid, and neither is the house party (not because a gathering, but because the people there have no reasonable excuse for being outside their own home). Sadly it may also mean the rest during a long walk is a problem. I am actually a tad surprised that "returning home" is not in itself a reasonable excuse.

However, what concerns me is that they did not update the actual list of reasonable excuses having now changed the context.

Notably the reasonable excuse: (f) to travel for the purposes of work or to provide voluntary or charitable services, where it is not reasonably possible for that person to work, or to provide those services, from the place where they are living;

Now, previously, it was OK to leave home to "travel for the purposes of work" (if you could not do that work at home), and, having left home with reasonable excuse, you could, well, do the work!

Yes, the list is not exhaustive, but given how the police seem happy to fine people when they were covered by the list it is tricky doing anything not on the explicit list. Arguably the specificity of the use of the word "travelling" for work in the list highlights anything other than travelling as not being "reasonable". A simple fix would be to remove the "to travel" part, so "for purposes of work" (where you can't do it from home) would be covered, including any travelling.

But the excuses don't list actually "doing work", or "being at your office", or anything that is not actually "travelling". And this reasonable excuse has to cover not just leaving your home, but being outside your home.

So now it seems they have plugged the loophole allowing a picnic, but made supermarket workers illegal sat at their tills. Indeed, if you are an MP sat in parliament right now, which of the reasonable excuses do you have for not being at home?

Really? This is the competence level of our current parliament?

2020-04-19

BGP

Border Gateway Protocol is a thing that happens very much behind the scenes in the Internet and not something anyone outside the industry should have to know anything about. So this post is going to try and really dumb down some of the technical issues.

Firstly I'll try and explain what BGP is, and a couple of the challenges that have come up over the years. Some were an urgent issue that made us all realise a risk that was not known before. The others are more of a gradual change in best practice that needs doing, in my view.

Extra dumbed down

  • For the Internet to work - there has to be a "road map" so that your Internet provider can direct traffic.
  • Roads change, and so there is a way to update this road map with new instructions (that's BGP).
  • There can be errors in these instructions, and bad people can give wrong instructions.
  • This is all something that is being worked on. It is complicated.
Thanks to Simon Crowe #FBPE@UHDDreamer for some inspiration on the above.

What is BGP

First off, BGP is the way internet providers manage routing of internet packets. It involves, normally, an ISP communicating with another ISP over some link to say what they can route for them.

It is not fundamentally complicated, and I recall one occasion talking to someone working for a major peering point about us plugging in to them. We (AAISP) use FireBrick routers, and I had personally written the ethernet drivers, IP, TCP, and BGP protocols from scratch for our equipment. We plugged it in and it worked as expected. The idea that we were not using CISCO, or Juniper, or some other common vendor, was a shock at first, but bear in mind that not only are these all well defined and published standard protocols, they are designed to allow a degree of tolerance to errors.

Our code worked as designed and to the standard, and in some ways was way faster than some vendors. I was pretty proud of the design.

For anyone to be able to take part in BGP you need to agree with another ISP, over something called "peering" which is ISP to ISP, or "transit" which is where an ISP gets "the Internet" from some larger company. In both cases, and especially the latter, there are filters on what you can "announce" to the world via BGP

As a system, this should work. I cannot "announce" someone else's routes to transit - they won't let me. I cannot "pretend" to be some part of Facebook's network, for example, and hijack their traffic. If everyone that allows and connection to the BGP network had such filters all would be well, and mostly it is.

This issue is that some parts of the world are not as robust, and so rogue routes can be announced. It can be (and often is) a mistake, or it can be malicious. Hijacking someone's routes can be a way to break security (getting new certificates for https), or just causing disruption to their network and traffic. It is a concern for the industry as a whole.

Just to explain, unlike your broadband router which has only one route to the internet, your ISP has many peers and transit and routes to send data. That is why BGP is needed in the first place.

Path overload issue

One incident that happened was where someone made a simple typo on a configuration (more details here). A setting which they thought was a number to quote was in fact how many times to quote it. This created a message in the routing which was unexpectedly long and caused some special edge case in the code for longer data.

The problem was a bug in some makes of router which meant that it could not cope, and broke routing. It created invalid data that was sent on.

Now, I hate to say this, but my memory is sketchy on this, but the solution was to not forward invalid data. We realised this and ensured FireBricks would not do so (a config setting with a default not to, called "ignore-bad-optional-partial") even though the specification said we should. We had new code within days to ensure FireBricks could not be part of the problem - even before the RFC (standard) on this was created.

Some times the industry has to act quickly as even though the cause of the issue was a mistake, it could be exploited as an attack.

TCP RST issue

Another issue that became apparent was the way the BGP links between ISPs are set up. They use a normal TCP connection. Now TCP works on IP and IP has a "TTL" or "hop count" which stops IP packets going to far. A convention in BGP (not part of the spec for BGP or TCP) was to set up TCP session to "peer" links with a one hop TTL. This means the TCP connection cannot got more than one hop to the directly connected router. This makes sense as the peer is directly connected on a link one hop away.

The problem that came up was that someone could inject a TCP packet called a RST, with a faked source address, sent on the Internet, which when it arrives closes the TCP connection for the BGP session itself. This drops all routing, and causes disruption. Repeatedly done it can take down a link, or set of links, completely and cause a lot of problems.

The first fix was a way to digitally sign the TCP packets. We, at FireBrick created this feature to allow it to work for BGP, and a few of AAISPs peers required signed BGP sessions. This works using a password at a low level and so ignoring the rouge RST packet.

It turns out there is a way simpler way to fix the issues called "TTL security". Instead of using a hop count of 1, use a hop count of (maximum) 255, but make sure the peer checks it is 255. The reason this works is a packet from anywhere else on the Internet will see this hop count go below 255 as it drops at each "hop" on the way.

Again, FireBrick implemented TTL security, not just setting the required hop count, but checking it based on number of hops allowed/expected (usually no intermediate hops).

Using RPKI

There are still issues with BGP, even with all of these steps.

The main one is that someone can "inject" a route in to the system that is not genuine. They can do so alongside the genuine route, or inject a more specific route. This hijacks all of the traffic.

As I said before, where transit providers check their customer routes, this cannot happen. But some countries are a bit more lax.

The "fix" is double edged - it involves a way to certify that a route is correct, specifically that it is to the right "autonomous system". But the downside is that puts someone in control of certifying the route is correct. Who has that power?

This was a controversial issue in that, for example, the whole of Europe is controlled by RIPE. So if a Dutch court demand RIPE remove a route, they would have to. This puts huge power in the Dutch courts. The same applies in the US and every other registry where a local court could command a change. To be clear, actual routing is handled by the ISPs, but the issue comes when they all work on one authority as to what is valid. I am not sure that has now been fixed in RPKI, but happy to be corrected on this point.

The other issues is that certification can lead to mistakes, causing routes not to work based on some technicality.

Not everyone is checking these certificates, and even then the system will not be bullet proof if the origin AS is spoofed (I think). So any errors will cause partial failures. These are massively difficult to diagnose. What does an ISP do when just some of the Internet cannot see some of its network? In most cases the networks not routing will have no contract or direct relationship with the ISP in question. That is hard to diagnose and fix.

In the long term, this is generally good. Even with the risk of a court attack, the industry can work around if needed. That is a last resort, and measures to avoid rogue routes are a good idea.

If the major transit providers start filtering routes checking RPKI then that alone will solve the problem of rouge routes - but if they all filtering what they receive anyway from customers, that would avoid the issue without RPKI. So is it worth it?

But as I say, this is all behind the scenes policy and technical issues for ISPs and transit providers. It will be sorted by ISPs and industry as a whole around the world. We are all working to improve the security and reliability of the Internet.

Who should do what and when?

[new section after original post] I have been learning more on the whole RPKI thing. Overall it is a good idea as it blocks some types of attack. It is not perfect, it does not block all types of attack, and is, itself, prone to new types of attack via courts and also new mistakes, but it helps. It helps a lot with some types of mistakes, which have been a cause of issues as you can see above. It is best practice, which is important. So that is why we (AAISP) are doing it.

There seem to be three steps that make this work.
  1. Everyone should be signing their routes - i.e. ensuring they have signed route details saying which routes via which AS, so they can be checked by the Internet as a whole. AAISP have signed routes for some time and are currently working on ensuring some hosted routes for customers are also signed. This is the first step, else RPKI could not work at all - you cannot check routes if you have nothing against which to check them.
  2. The big players, the transit providers, need to filter based on RPKI. This, with step 1, basically stops all route injection attacks in their tracks, and problem solved.
  3. Smaller edge ISPs should also filter routes. This is mainly to catch the peering sessions and pick up mistakes. If transit are filtering, this is a mopping up exercise - an attack or mistake could impact a small group of peering ISPs maybe, not the Internet as a whole. Such ISPs probably already filter peering to some extent anyway, but RPKI is a good start for making this better and more automated.
So if you felt things in the industry were not moving fast enough, you could make a site and allow tweets saying people have "unsafe" Internet. But if you did that, should you say that the edge ISP has unsafe internet or maybe work out which transit they are using and say that transit provider is unsafe?  Maybe if the edge ISP is not signing routes, highlight that. But really, who should you "shame". The edge ISPs filtering is a good idea, but the last steps involved for completeness - the signing and the transit filters, they are what matter here. Personally, don't try shaming people, talk to them!

But to be clear, AAISP were doing 1, we are now nagging transit re 2, and we are working on 3. The last stage is complex as it means development and testing in our core routers - not something you do during a pandemic.

It is interesting that, even with recent publicity, we have one customer concerned that we will be deploying RPKI filtering - feeling it will break things and even accusing us of breach of contract. This kind of shows it is not a simple matter to deploy quickly.

There is also an excellent post by Andrew Aston on the issue of shaming ISPs: here.

2020-04-17

Losing all respect

I am just astounded by the way the UK police are behaving right now.

TL;DR: Massive over reaction and police state style action way above what the law provides and with no regard for public health, for weeks now. Then massive under action on a public gathering with no regard for public health last night. They seem to have no clue. How can any of us have any respect for them?

Update: it is worth saying that I don't assume this is all police, but with the power the police have over us we need to hold them to the highest standards. It is clear that a lot of the police do not understand the rules, or the simplest concern of this being public health legislation, as I have heard numerous reports from friends who have been stopped and questioned unnecessarily when doing nothing wrong, each occasion creating risk of spreading the virus.

In the last few days we have had :-

Police surrounding a journalist after telling some women she cannot sit down for a moment whilst exercising, and telling him that he is killing people, even they are "in his face" with no PPE. They really are trying to be the plague spreaders here, aren't they?


Also, we have new guidelines by NPCC and College of police on why you can leave your home - but the rules have not changed. The only difference is these guidelines are perhaps easier to read and are more widely publicised (here) - apparently several police twitter accounts saying they are unenforceable even though the rules HAVE NOT CHANGED! We can only assume they are cross that the rules are not what they would like them to be and only just realised, weeks after they came in to force. (it is a separate debate as to whether the rules are adequate or not, and not one for the police to decide).

And then you have this, a public gathering on Westminster bridge yesterday and the police don't appear to be dispersing the gathering or enforcing the rules but actually participating!


Ever crazier, the police themselves posted about this gathering as if it was a good thing!!!

I have sent a freedom of information requests (here and here), and we'll see what they say.

Update: as of 11am on 22nd April the law changed to cover "being outside" not just "leaving". Here.

2020-04-15

Monzo Business Account

Finally, Monzo have launched a business account.

I have taken the step of moving the incoming payments account for customers paying us (AAISP) to Monzo. This means we have updated the account details people see on invoices and statements and on the web site, and we are working on a "redirect" for the old Barclays account.

This is not a decision I have taken lightly. We rely on people paying us money, but thankfully a lot of that is via Direct Debit (for which we use Lloyds). But quite a lot of money comes in via bank transfers to us. I appreciate people prefer this than Direct Debit in many cases as I know a lot of companies are nowhere near as pedantic in following the Direct Debit rules as we are.

Up until now, payments arrive at Barclays and we can download a statement. At various points in the past I have managed to screen scrape that on Barclays, but that is not ideal and for a couple of years it has meant I log in every day, even when on a cruise ship in the Pacific! Either way, all we get is a CSV file up to the end of the previous day.

We can then load that in to the accounts to record who has paid us, and how much.

Fraud

It is always a concern advising customers of new bank details as this is the way a lot of frauds work. So we are asking customers to check our web site to confirm details, as well as digitally signed invoices and statements. https://www.aa.net.uk/legal/bacs-payments/

Also, of course, now it is all real time, customers can easily sent say £1 deposit and see on their on-line account at A&A that it has arrived. This is very sensible, and thanks to the customers doing this to be sure.

Real time

Changing to Monzo for incoming payments is a huge difference. We have a simple means to have web hooks which means Monzo send us a secure post of the details of the transaction as it happens.

And I mean real time here - before the sender has seen on their mobile or web banking app even that the payment has gone, we know we have the money! It is impressive.

This is also very robust, retrying if we don't answer, and we can reload all transactions if we need. They have a unique reference on each transaction too, unlike Barclays where no unique reference meant it was tricky if someone paid the same amount twice on the same day.

Barclays even have a limit on how many transactions are in the statement, which meant that at one point it was impossible to download the previous days transactions. When that happened we set up two accounts for people paying us to keep the daily total below the limit. Crazy. Direct Debit solved that, but it shows how behind the times banks are. As far as I know, that limit (I think 300, off the top of my head) still applies.

Moving to Monzo makes a big difference for our accounts staff as it mean they can see people have paid in real time. This avoids delay sending equipment and any delay enabling, or re-enabling, a service that has been suspended.

Payer details

We also get proper payer details, notably sender sort code and account number. This means that when people forget to put the right reference on the payment we can often find the account based on their bank details. Remember that when you used a cheque in the past you gave your bank details on the cheque.

This helps with privacy as well, as our accounts staff can be looking at the customer account and not a general "company bank account". Only if the payment does not match anyone do we put it in a suspense account to be allocated.

In those rare cases of a random, unexplained, payment to us, we used to be a tad stuck. We have had money from someone listed as "CURRENT ACCOUNT" before now, and nobody complaining they had paid and we had not seen it. What do you do? Well, now, we can, simply, send back to the sort code and account from which it came, if all else fails. That said, we also get more of the payer name as Fast Payments have longer fields that are not truncated to 18 characters used by BACS (and what Barclays gave us).

Opportunities

The process also allows some opportunities, which we are working on. Some of our services are, sadly, prone to fraudulent orders. We manage these quite well both automatically and with manual checks by our accounts staff, but this means, for example, you cannot order 07 VoIP numbers from us outside some restricted office hours, and there are some services we don't sell on-line yet.

Live incoming payments would allow many of these services to be activated immediately if we get a small deposit by bank fast payment, and also allow us to confirm the details for subsequent Direct Debit.

Obviously we can make this optional - allowing customers that would rather talk to our accounts staff and delay activating a service, to do so. But it would allow people to order services any time, day or night, and have them immediately activated if they are prepared to send a small deposit by on-line banking.

I'm not sure when we will have that in place, but Monzo make it possible.

2020-04-13

NHS ID not good enough to prove "Essential travel"

Worrying times indeed - that police have reportedly stopped NHS staff (here) and would not accept their NHS ID card as good enough evidence for "essential travel".

There are people saying that it should be good enough to show "essential travel", and others saying that it is crazy the police don't think NHS staff are doing "essential work" or are "key workers". I agree that it is wrong, but these comments show people don't understand the rules at all (and clearly, neither do the police). There is no need to prove you are on "essential travel" as there is no law against "travel". Similarly there is no law saying only "essential work" can be done, or only "key workers" can work.

But first, again, please stay at home if you can - be sensible.

So let's look at the logic here a bit. There are a couple of key rules - one on public gatherings (not relevant) and one on leaving the place where you live.

Update: The college of police have released more guidance (here).

Update: as of 11am on 22nd April the law changed to cover "being outside" not just "leaving". Here.

No "stop and account" power.

The first problem is that the police (see this report) have no "stop and account" power anyway.

"The helpful National Police Chief’s Council and College of Policing Guidance makes clear that there is no power to “stop and account”. Therefore, the police should not be intercepting people who they do not suspect to be causing health risks by their behaviour in violation of Regulation 6 or 7."

They also say road checks on every vehicle are disproportionate.

So why were they stopping someone anyway? Note the "causing health risks" part - this is public health law, not public order law, so they don't just have to suspect you left where you live without reasonable excuse, they have to think you are causing a public health risk by doing so. It is hard to see how anyone in a car driving on a road is "causing a health risk" at all. Yes, they could be doing something stupid, and there are laws on public gatherings, but just driving in a card, especially if alone, clear is not in itself a public health risk.

Plague spreaders?

Obviously, the police should also not, themselves, be causing a health risk - yet stopping and questioning people does just that as they become "plague spreaders" as they are in contact with so many people, and are doing it deliberately! Stopping NHS staff is even worse as they too are high risk not just of having the virus (spreading to police) but also of spreading it to those vulnerable (in hospital).

Where are you going?

We don't know what was actually asked when they stopped this NHS worker. I would not be surprised if they asked where someone is going - accounts from friends who have been stopped suggest this is the case. I have heard reports of someone stopped when going to tend to their horse and having to make an hour long round trip back home to get proof that they have a horse and where it is stabled, and so on. This is crazy!

Actually the only relevant question to ask is "For what reason did you leave where you live?"

But even that is a bit of a useless question. Nothing you are doing now has to relate to why you left where you live. Whilst you don't even have to say why, you can say any of the reasons listed (here) and there is really no way a police officer, or anyone else, can really prove beyond reasonable doubt whether that was or was not your "reason" when you actually left where you live. It is hard to even justify simply suspecting someone of leaving for some other reason as they can leave for one reason and be doing something else now - so current actions do not have to relate to the "reason". Yes, the law is a tad daft if so unenforceable - but most people try follow the law which makes it a useful law even so.

Where do you work?

One presumes the NHS staff member said they were going to work, i.e. they left where they live as they need to travel for work for the NHS. So what is the next question, perhaps "where do you work?".

Actually the only relevant question to ask is "Could you do that work at home?"

But even that is a bit of a useless question. If you say "no", the police officer cannot prove beyond reasonable doubt that is not the case, can he/she? Even if your work is done solely on a computer that does not mean you have a computer, or your computer is or can be set up to allow that work. Even if set up to work from home, if your Internet link breaks or computer breaks or any other reason, you may not be currently able to do that work from home.

Thankfully, with a lot of work from our ops team, my work has set up so that all but one person is working from home, and doing a great job, but that is not the case for many companies, and almost impossible to prove that someone can work from home.

Essential work?

Some people have suggested it is crazy that the police did not consider NHS work essential, but again, there is no question of what the work is - everyone is allowed to work, and allowed to leave where they live if they need to travel for work if they cannot do it from home.

A gardener, or florist, or bricklayer, can all work and can leave where they live to travel for work if they cannot do that work at home. What ID would police expect to see for such workers to somehow justify their "essential travel"?

Essential travel?

Even the news article talks of proving it was essential travel, and that NHS ID was not good enough to prove that. But again travel is not limited to "essential travel". It is not even limited to "travel for work" - just that one of the reasonable excuses for leaving home is that you need to travel for work. There are many other reasons to leave home that could involve travelling including to go some where to exercise, or to go shopping. But these are not actually the only reasons allowed for "travel" as travel itself is not in any way restricted or banned! Essential travel is not a "thing".

Proving innocence!

There is a big issue, in my view, with people somehow expected to prove their innocence, and even be able to do that on the spot or face a fine - or be turned back, or escorted home.

Why does it matter?

  • Police should enforce just the law, and not "policy" - the fact that government guidelines go beyond the law and that police are trying to enforce "guidelines" and not just the law is bad - it is the very concept of a "police state", but importantly it undermines trust and respect in the police. We should trust and respect the police, especially at a time like this. But in return they need to actually follow the rules and the law.
  • Stopping NHS workers getting to work is just plain stupid, not legal, and very much not in the interests of public health.
  • Police can be spreading the virus far more than the people they are stopping and talking to. That undermines the whole public health objectives and means more people will die.

That said, obviously, it is sensible to only leave home if you have to, and only to travel where you have to, and wash your hands. But the police have no place demanding people justify their travel at all - it is all about the reason for leaving where you live, not where you are going or even why you are going somewhere, nor how far you are going.

But once again, please stay home and only go out if you really need - and wash you hands!

2020-04-07

"Light" lockdown

There is an xkcd for everything...

And arguing on The Internet is one of them.

The main arguments I have found myself compelled to comment on are those over the "lockdown".

Quite rightly many people are sensibly say "Just stay at home!". I agree, where you can, do that!

A big confusion is that the lockdown is not a "hard" or "total" lockdown. It specifically closes certain shops and businesses that interact with the public, and it tells people to stay at home except for certain reasons, and not to gather except for certain reasons.

It has several levels to it. One is the "government guidance", the announcement by the PM at the start and the advice on government web site, and ultimately there is the letter of the law.

Most of this is sensible, but even that advice is not shutting down businesses (in spite of some shaky starts with duff messages for a while).

So first off stay at home and keep safe!

But there is a lot of confusion and even dangerous backlash on this. People can work if they cannot work from home. That is not just the letter of the law, but also what was in the PM's speech. We are not shutting down "work" in the UK at this point. Most businesses can stay working but obviously should take some precautions to keep employees safe.

[Posted from perspective of English law only]

Essential workers

The whole idea of "essential workers" are not a "thing" apart from being able to send their kids to school. There is no lock down that only essential workers go to work - anyone can, and should, go to work if you cannot work at home and can safely work at work.

Again, this is not just pedantic "letter of the law" stuff, but the actual government advice and PM's speech on this.

Essential travel

"Essential travel" is not a thing - you can travel for work if you cannot work at home. There are limits on why you leave your home (e.g. for work, or exercise) but not on how you travel, how far you travel, or what else you do (e.g. buying Easter Eggs).

Mostly moving the virus to other places is probably bad, but that only matters if you are in contact with people at those other places. Driving somewhere to walk alone in the woods is not a health risk. There is some concern that driving could mean more accidents and more load on NHS, but as a counter point most accidents happen in the home, so not as clear cut. Be careful if you are travelling!

Essential shopping

Whilst there are rules on leaving home for basic necessities, there are no rules on what else you buy. Again, be sensible, and don't leave home unless you have to. Try to be just one person leaving home not a group. Keep away from others. Follow the rules for supermarkets and so on. But once you leave home you are allowed to buy Easter Eggs or anything else even if not "basic necessities".

This makes sense to do this when getting those basic necessities, as many would otherwise be tempted to get such things as a separate trip anyway.

Is the "light" lockdown right?

That is a tricky question, and we won't know until it is over, but it is what the government of the UK have decided to do. We can all do more - we can all stay home even if legally allowed to leave. We can all do better than the law says and even better than the advice says, and please do. Do what you can to stay safe and keep others safe please.

If the lock down is not enough, the law can, and should, be changed.

Remember the lock down is not intended to be 100%. That would just put us back to square one when lifted. The main aim of the lockdown it to keep cases and spread within the capacity of the NHS until we have a vaccine.

Remember that a light lockdown, as we have, allowing work to continue stands some small chance of not totally wrecking the economy. Why do we care about the economy? Well that is a matter of saving lives too - if the economy breaks down totally people will not have jobs and will not be able to feed their family even. A total lockdown would break the economy and break a lot of people's mental health as well. It is a compromise, sadly.

Small businesses

I noted someone criticising an ice cream van. I was surprised one is operating, but as far as I know that is quite legal. And, if he is ensuring people queue with spacing, and uses hand sanitiser, and so on, it is not a health risk. He is no different to any other food delivery in that respect.

But remember, for a lot of small businesses, even with government help (where available) the very best they can hope for is huge debt that will take years to repay. Some people are out there, working, selling ice cream, just to have the money they need to feed their families. I really hope they are taking all precautions to stop spread of the virus, but they are allowed and legal in the current "light" lockdown, at least for now.

Don't have a go at people doing work!

I see this all the time on social media, comments about people doing work, or travelling and people saying "that is not essential" when there is no requirement that it is only essential work or essential travel.

Someone was (apparently) actually arrested for sitting on a park bench, alone, away from others. The police officers arresting her potentially spread the virus to/from her by their actions and would not have if they left her alone. If she was not in a group and left home to exercise she did not break any law.

Police over stepping the rules!

This is a big issue for me, and I think the country. It is not just petty pedantry - we need police to enforce only the law. This is because police rely on co-operation of the public, and for that they need trust and respect of the public.

If police make up the law as they go, arrest people that are not breaking the law (no matter how irresponsible that person is), and scare people, they will lose that trust and respect.

So it is crucial that the police are seen to be reasonable and to act in accordance only with the law.

If, and when, rules are made more severe they will have an increasingly complicated job if the public cannot trust them.

So many stories of police action are showing they have no clue - not even following the guidance they have been given, and over stepping what the law grants them.

If you feel someone is doing wrong!

In a lot of cases, if you see someone out and about and you think they should not be, then think...
  • They may be working
  • They may have left their home for valid reasons
  • They may be acting completely legally
  • Going near them to talk to them about it is probably counter productive
  • Going near them to talk to them about it may be putting you and them at risk
  • Why are you out and seeing them out anyway?
So just get home, and stop being an arse.

FB9000

I know techies follow this, so I thought it was worth posting and explaining... The FB9000 is the latest FireBrick. It is the "ISP...