Where is the Cabinet Office Identity Programme going?

| No Comments | No TrackBacks
| More
Over the past few weeks I have received a flow of e-mails regarding the status of the Cabinet Office IDAP programme.  

Is it making steady progress towards creating a market framework for inter-operable identity systems?

Or is it muddying the waters by trying to coerce users into new and unproven systems for their dealings with government while the rest of the world moves on?

The alterantive "proven" systems range from the Government Gateway (using by millions, including all small firms for their tax affairs) through the third party services provided by the members of the DCTE, (the European trade association for Digital Trust services) to the identity and access management systems used by industry (from airports through banks to on-line retailers) to identity and give layered access to visitors, customers, employees and contractors.

I find it difficult to understand whether the Government data Service is undertaking genuine voluntary customer trials or whether groups of users are being given Hobson's choice - e.g. use the new system or stop farming in an attempt to get a bandwagion rolling.

I therefore asked Mark King of Broadsail one of the independent consultants who has been tracking UK and EU debate on electronic signatures on behalf of his clients, to comment. Before you read on you might, however, care to begin by viewing the video of his presentation to a BCS-EEMA event last January.

His "observations". Including on how and why UK ID policy has got to where it is today, are below:

"The government programme for identification of people for online public services has been very focussed on be being seen to respect privacy, which covers more than data protection, notably in respect of user control. One of the drivers was a reaction to the previous government's ID card scheme, which also included a national population register, and that has also been cancelled rather than downgraded to fill missing but unfashionable considerations such as people's jury service status.

Instead of adopting a recognised, existing, privacy-friendly model such as that used in Canada, possibly as a result of the empty coffers, the decision was taken to re-use existing credentials, despite the problem that those suitable for consumers weren't built for giving out benefits.

Re-use of employee credentials was also investigated, but Government agencies are reluctant to allow staff ID to be used for purposes other than which they were designed, and with no commercial case for other employers to participate, this was amended. There was no enthusiasm for increasing risk by opening up if there was no benefit for the organization.

After a DWP initiative was announced in the EU official journal (OJEU) and then pulled, a call went out for a framework contract for 'Identity Providers', with the expectation that banks, supermarkets and other familiar organisations would participate. It was initially a DWP lead, but was novated to Cabinet Office when it became clear how gentle the Universal credit roll out was going to be. Far from being a gravy train, it required participants to invest, but also accept very strict terms as to what else could be done with the data. The only responses were from those not on the envisaged list. They must have been prepared to take the considerable risk of investing, unaware of the extent, or had some separate political motivation. As in Ireland, the Post Office was an obvious contender, and it qualified as being technically private, although some people remained confused about being redirected to the Post Office when they were trying to go online and not use the post.

The group of eight in the framework were a disparate mixture, with at most two of them being household names, although they might have used different branding. Only five went through to a delivery contract, and public testing started on 21 October 2014 with just one.

An unpaid group of privacy experts were brought together to agree the principles for the programme. Had this been done before going out to contract it any principles would have carried more weight than putting them out for public consultation three months after the system was due to become operational.

More-over, public endorsement of the principles by a cabinet minister precluded (and still precludes) civil servants from debating the issues in public.

The group's remit was also extended beyond privacy to general user concerns (but, it seems, not non-users); it is not clear if sufficient additional experts were called in, nor who has time to provide unbiased pro bono advice for such an extended period.

The user was not allowed to be able to chose to be consistently associated with a permanent identifier such as a National Insurance or NHS number, but rather a matching data set including 'current address' and date of birth - use of both of which are deprecated by online security advice. Nor is the user allowed ...

Should Broadband advertising be 'legal, decent, honest and truthful'? If so ...

| 1 Comment | No TrackBacks
| More

Further to my recent blog on the way in which the Advertising Standards Authority has been accused of approving serious "misrepresentation" of the broadband offerings from dominant suppliers and thus helping prolong the current distortion of the market, I have received a number of responses as to what their approach should now be.

I particularly liked that from Dave Cullen, now with ITS , which has been providing high speed networks using hybrid (fibre and wireless) technologies for urban centres , business parks and rural communities for nearly 20 years.  The recent rapid growth of ITS (taking over smaller operators as well as winning ever more and bigger contracts) is indicative of the way the UK communications infrastructure market has changed over the past 18 months and now offers the prospect of genuine competition and growth.

Dave believes that, regardless of whether there is a good case for challenging BT's claim of "19 million fibred homes" as "mis-representation", the providers of alternative networks should ask the ASA to follow the logic of its own judgement.

Given that the ASA position appears to be that the issue is around customer's service expectations and performance, it should be pointed out that Fibre to the Cabinet cannot  deliver  the claimed 'up to' levels of performance more than about 700 metres from the cabinet - and that distance is as the copper meanders, not as the crow flies.

Therefore, as a minimum, BT should be obliged to clearly state the "risks" associated with their product within EVERY ad, in much the same way as mortgage and loan companies have to warn that "Interest rates can go up as well as down; your home is at risk if your do not keep up repayments... etc"

BT should similarly be required to say: "our fibre optic service relies on copper for your final connection; it cannot guarantee superfast speed or quality to premises using copper cables longer than 700m from your connected cabinet..."

The same would, of course, apply to those whose "fibre" services also depend on reselling the BT Openreach fibre to the cabinet services. It would give BT an incentive to repromote its own fibre to the premises service, instead of hiding it away lest too many customers ask for it and thus overload its creaking backhaul infrastructure. It would, of course, also give its resellers (incuidng Sky and Talk Talk) an added incentive to offer "crapfree" (i.e. no copper, rust, alluminium or other pollutant) broadband using rival local fibre and wireless to the premises providers.  

Why IT Projects Fail - forty years on and what is new?

| No Comments | No TrackBacks
| More
One of latest downloads from the Computer Weekly website is entitled "The psychology of IT projects: why they fail"  It is almost 40 years to the day since Computer weekly published the last in a series of ten articles on "Computer Assisted Bankrupcy" based on my London Business School project: "Business Appreciation: a study of the business training needs of DP staff and the current calamitous consequences of its absence".

When it comes to the reasons that IT systems fails, the pace of change has been about the same as the development of my literary style - including my love of alliterative headlines. 

The more interesting question is - why do we never learn? In the public sector it is because good practice is punished hardest when it matters most , hence the reasons the lessons of how to acheive success are commonly ignored . At least the private sctor has more interesting reasons - but they too remain boringly similar. I leave you to read the download.

Advertising Standards Authority wrecks attempts to promote "genuine" fibre broadband

| 2 Comments | No TrackBacks
| More
I have just been told of the Advertising Standards Authority ruling that copper to the home from a fibre connected cabinet can be called "fibre". Meanwhile, it would appear that those offering "true" fibre connections cannot drop the "up to" in front of the speeds they offer.

Even more interesting is the revelation in the small print of the supporting material that as recently as last year BT still hoped to offer genuine fibre to the premises to 25% of the UK. That ambition appears to have have fallen by the wayside with the squeeze on its investment programme resulting from invasion of the content market and consequent price wars - with headlines offering "fibre" for £2.50 a month (rising to X after a given period), provided you take it over a copper line for which you pay £12.50 a month (rising to Y after a given period).

It is clear that those offering future proof fibre to the router/femto connectivity need a new headline slogan over which they can police copyright - so as to ensure that it is not misused by those with market dominance and advertising budgets large enough to sway the judgement of a self-regulator. I have a bottle of House of Lords whisky for the best suggestion.

Ideas to date include: "full fibre", "home fibre" and "crap (copper, rust, aluminium and other pollutants) free fibre".

I would also welcome a good definition of "crapband". The current working definiton is: a service which delivers a speed that is, at best, less than 25% of the advertised "up to".               
P.S. Copyright is reserved on the terms "full fibre", "home fibre", "crapfree fibre" and "crapband" (unless some-one else can demonstrate they have already used them). Free license will be given to those offering fibre to the home router and/or local mast or femto.

City of London to use market forces to bulldoze broadband blockages while Vodafone parks tanks on BT's lawn

| No Comments | No TrackBacks
| More

The Corporation of the City of London has just voted to publicise and build on their surveys of local broadband supply and demand  with a two stage project. The first stage is to identify the range of solutions that are available and to map demand for fibre broadband, building by building, in the Square Mile. The stated aim in the press releases is to use "this information to 'nudge' fibre suppliers into providing connections that SMEs can afford".

The second stage is to address growing complaints over mobile and wifi cover with a major  upgrade to wireless voice and data services, using City Corporation street furniture and buildings for extra masts and connections.

Mark Boleat, Policy Chairman of the City of London Corporation that looks after the Square Mile business district, said: 'The 13,500 SMEs in the Square Mile employ many people, are vital energisers of the business environment and need the right tools to deliver productivity both in the City and the adjoining areas that are fostering growth. This project will help close the digital divide by putting  superfast broadband within reach of far more of our vital SMEs, and help residents and visitors, too.'

The City of London Corporation, the elected body which runs the global business hub around St Paul's, has been pushing hard to improve connectivity for SMEs who can't afford the £500 a month needed for a big-league business connection, and for its 8,000 residents. Both the building-by-building fibre survey of the Square Mile and a tender for a wireless service will begin in January 2015.

The Square Mile is behind others, including its traditional rival the City of Westminster, when it  comes to using its street furniture and building to help pull through upgrades to mobile and wifi cover. However, it looks to be in the lead when it comes to organising a building by building survey with the aim of helping alternative network providers create a genuinely competitive business broadband market.

The Corporation may not be alone in this for long. The Countryside Alliance plans to work with the Actual Experience BBfix project  to identify not only the services actually received in rural areas but also some of the reasons for poor performance. When I first heard of their plans I thought, "why do we need another mapping exercise?".

I then drilled down into the detail of the maps currently available and what they measure and reflected on discussion at the launch of the Broadband Stakeholder Group report on "Out of Home Usage"  and took a look at how the different "maps" illustrate the supposed broadband and mobile cover across the constituency of Rochester and Strood, a BT near monopoly  serving a UKIP stronghold (rather like Clacton in fact). The picture they give is remarkably rosy compared to the reality found by politicians and party workers as they canvas the area.

The twin approaches of building by building surveys and measurements of actual experience, not just nominal speeds, could help blow apart cosy debate over what we do, or do not need, and help enable market forces to compensate for regulatory failure. Then came the press cover for the announcements from Vodafone, now that it has sorted out the national backhaul network that it acquired from Cable and Wireless.

I suspect the reality is rather different.The headlines are about Vodafone doing deals with BT and others for local access and content, leading to head-to-head competition between BT, Virgin, Sky and Talk in the quad play market. According to investment analysts like those at Redburn, BT's capital spend is falling, not rising and it has neither the funding nor the incentive to invest in both infrastructure and content. Meanwhile Virgin is extending its local reach and Sky and Talk Talk are exploring connectivity deals with alternative network providers.

The Vodafone announcements might be better seen as a very public warning to BT to stop planning to re-enter the mobile market via wifi and instead to include them within upgraded Openreach services as a shared utility for all to use. Meanwhile Vodafone is well positioned to not only reduce what it pays to BT for backhaul but offer services to BT's competitors, local alternative network providers and business users. It will be interesting to see it offers next spring to those in the Cities of London and Westminster as well as to those whose local fibre plans are constrained by the availability of affordable backhaul (see page 4 of the BSG "Out of home experience" report. Will it also seek to take a lead in providing seamless local, national and pan-european roaming to business customers, whether or not it is compelled to do so by regulators?  Is this part of its positioning for the world of smart cars, buildings, cities and infrastructures ?

The UK broadband market, including the future of digital infrastructure investment, just became much more interesting. 

On the eve of the meeting of the Internet Engineering Task Force last March, the Conservative Techology Forum held a meeting  at which there was general agreement  that the time had come for more openness about the  governance procedures of GCHQ in order to help rebuild confidence  after Edward Snowden's revelations.  There was also discussion as to whether those procedures were more or less opaque than those of the on-line service providers, who collect and store the fine detail of our on-line footprints. 

When the IETF had a session with MPs of all parties on the following evening, we heard of the "breaking of the Social Contract that underpinned the Internet". I then blogged on the issues raised during the reception afterwards when leading figures from the IETF and ISOC were candid about the challenges they faced in structuring honest and constructive debate between engineers as opposed to allowing lawyers to dictate the future.  

Since March we have many more attacks on the governance processes of UK and US law enfircement and surveillance services, with no recognition that they are very different.  US based companies (and their lobbyists) would like the UK to copy the court-driven processes with which they have to live back home -  where locally elected judges can authorise, for example, the collection of data to enable investigations into the tax affairs of their political opponents. 

The differences  between the governance processes of GCHQ and Fort Meade can cause tension,  but on balance, the result has almost certainly helped resist the trend toward unaccountable autocracy in both nations - at least on the part of government, if not on the part of the shrinking cartel which now controls the access of most of us to the Internet .

Until publication of Sir Ian Lobban's  valedictory speech we had, however, almost nothing on public record about how GCHQ's interprets UK  governance, including the determination of its staff to resist the pressures of politicians  to gather dirt on their opponents (as in France or the US) let alone their opposition to the routine mass surveillance of which it is accused and of which so many of its attackers  are themselves guilty.

Remember that when an Internet Service Provider says its monitoring operations are to "improve customer service", you are NOT the customers they mean. They mean those who pay them for analyses of the data they have collected about YOU. Even much of the free ad-blocking software is funded by those who pay for loopholes, alias whitelists  .

If information is the new oil, has the time come to break up the Rockefeller Empire?

If so, we should also remember than within a decade the Standard Oil of New Jersey was bigger than the parent had ever been.

Hence my comments on the importance of also looking at the business models of the Googlettes when looking at those attacked by Robert Hannigan for aiding and abetting terrorists and  criminals .

The collective response of the ISPs  was predictable - albeit not necessarily wrong.

At this point, however, we need to look at the evidence available on the balance of public opinion and think long and hard about what that evidence really means - assuming we are serious about democratic values and holding dominant commercial players, as well as government, to account.  

When I blogged on IT at this years' party conferences, I pointed out the IPSOS Mori data showing that the public trusted law enforcement  and central government with rather more than they trusted their Telco or Internet service provider.
This morning the daily YouGov poll was on attitudes to Internet regulation.  When I voted the tally was running at :

  • Much more regulation of the Internet 18%,
  • A bit more regulation 32%,
  • Currently about right 29%,
  • A bit less 7%,
  • Much less 5%,
  • Don't know 8%.
Digging deeper indicates that consumers  are more concerned about fraud, abuse and bullying than about cyber-terrorism. The claim that mobile roaming to reduce the number of not-spots should not go ahead because it makes surveillance harder  is therefore likely to get short shrift, were it even true.  I am awaiting details from my moles but suspect the reality is that the mobile operators want any excuse to avoid national roaming and have yet to come up with an alternative solution to the not-spot problem, other than infrastructure sharing. 

Meanwhile the urban mobile traffic of much more interest to the surveillance services is increasingly being off-loaded onto wifi-hotspots. I therefore commend the Matt cartoon in the Daily Telegraph on November 6th: One country yokel to another saying "I wanted to become a jihadist but round here  the internet's too slow and there's no mobile phone cover"

The time has indeed come for a fresh look at responsibilities of those who take £billions in untaxed profits out of the UK while claiming they are unable to protect their customers from abuse. As part of that review we should, however, also look at the reliance of state surveillance systems on outdated communications architectures that stand in the way of allowing the UK's digital infrastructure to evolve in line with customer needs into a world of ubiquitous, seamless, mobile, connectivity.

That almost certainly means tapping, instead, into the systems used by ISPs and their advertising (and other) "customers", to follow the every move of those whose communications they are monitoring, including via the GPS locations of the devices they use.

Such an approach raises many questions and the answers need to be based on genuine public consultation not hurried discussions with vested interests.  In the meantime  I urge all those concerned about  addressing the not-spot problems, urban as well as rural, to respond to the DCMS consultation on mobile roaming.

The announcement of  Environment and Rural Affairs Select Committee  enquiry into "Rural broadband and digital only services"  should be just in time to spur government into joined up action before the start of the 2015 Election Purdah.The terms of reference  put debate over rural broadband into the context of the demands of the Rural Payments Agency that access to its services be digital by default . The absurdity of these demands (and lack of practical attention to the means of delivering "assisted digital" to those without adequate on-line access) has just been compounded by the decision to force farmers to also use the new Government Verify Service instead of the Government Gateway accounts they use for tax purposes. The consequences of this decision were all too predictable. It should also be remembered that the pilots are the stalking horse for the Cabinet Office attempt to force millions of small firms and all those who make individual tax claims, to similarly move from the Government Gateway, instead of simply offering them the new service as an alternative.

It is as though those taking the decisions concerned are closet UKIP supporters determined to "take-out" not only the current Government's rural MPs but also the digital by default enthusiasts of the opposition. Or is it merely a short term ploy to help meet DEFRA's targeted spending cuts - by making it impossible for farmers to claim anything in the period to March 31st 2015.  

Either way, it signifies political disaster for the Government - even before we begin to consider the implications for all those, other than farmers, who live in rural areas who are losing their buses, post offices, market town bank branches - for whom this is clearly the thin end of a very big wedge threatening to exclude them from public services  ... and drive them into the arms of UKIP.

I therefore urge all those with friends and relatives living in rural not-spots (who will not be aware of the Select Committee enquiry because they are unable to browse the web in the first place)  to let them know of opportunity to make their views known before November 19th and to offer to email submissions for them if they cannot get on-line to do so themselves.

I also suggest that All Party Rural Services Group, SPARSE, ACRE, the Countryside Alliance and Country Land and Business offer to collate the views of their members and supporters and that the Federation of Small Businesses offers to collate the views of their 100,000 or so rural members.

P.S. I would also like to take this opportunity to promote a modest suggestion  to make it easier for those in rural areas to deal with all those offering to help them via the growing plethora of fragmented grant and loan schemes: The Gov.UK Unified Grant Applications Form (GAF1) . The "business case" is obvious. The only credible argument against is the job preservation of those who want to be seen to be doing something, even if only wasting the time of everyone else, but do not actually have much, if any, money to give out.


The churn of information security staff is even more dangerous than the shortfalls in quality and quantity

| No Comments | No TrackBacks
| More
You might like to scroll down and read the last paragraph of this blog entry first.   "The Consultant" was first published in 1978 during the run up to a previous "IT Skills Crisis". It was based on a cautionary industry case study. Think what has changed since. Be afraid. Be very afraid.

Last year a Frost and Sullivan survey indicated that chief information security officers around the world were more concerned about staff shortages than hacktivism or cyber-terrorism, with over half having under-staffed departments and demand for skills growing at 10% per annum. 
We have had regular IT Skills crises over the past 50 years but the overall shortage has rarely been more than 15% (1987-9 "crisis", "cured" by the 1991 recession: page 17 of 1996 IT Skills Trends report). The 2014 RSA Conference was told that the current shortfall for Information Security staff is 25% and recent US legislation cited a vacancy rate in the Department of Homeland Security alone of 22%. Hence the sharp rise in US spend on cyber security skills programmes. 

As yet, the equivalent UK programmes are significantly more modest but competition for experienced staff, the salaries on offer for those with the skills in most demand and staff turnover have all accelerated sharply since I forecast trouble earlier this year

I therefore spent much of Quarter 2 helping e-Skills trying to get employers in the Financial Services sector to look at the skills frameworks for information security apprentices (both pre- and post- graduate) and continuous professional development and identify any changes needed to help meet their needs.

I blogged on my interim report in June  and you will find a summary below, headlining areas where those I contacted could find little or no relevant training on offer.  I am about to go back the employers to find out who they would trust to train their staff, with a view to inviting the named providers to co-operate on needs analyses and short course modules for launch in Quarter One of 2015.

First, however, I should comment on why the rising turnover rate is even more dangerous than the shortages.  Annual turnover among supposedly permanent staff has rarely been more than 20% (1987 - 90 and again during the run-up to Y2K) and the 2013 ISC2 Information Security Workforce study  found a churn of barely 11% p.a. among its professional members. However, a more recent Ponemon study found a churn rate of 25% among technical information security staff, rising to over 30% among managers and 40% among CISO and Security Directors.

There appears to be a growing gulf between those who focus on giving skills in current demand to loyal, long stay staff, while training their own "apprentices" (of all ages), and those who say this is too difficult and would rather bid against each other for plausible individuals who claim to already have the skills and experience being sought.  

This gulf also exposes the real danger. A lot is aid about the need for soft skills. Unfortunately, the most eloquent can include the "front men" for organised crime. In the last century (how long ago that sounds) I used to warn that the organised crime families of South London (where I grew up) were encouraging the brightest of the next generation to go on computer science courses and specialise in information security: not just to learn for themselves but to befriend the high fliers and identify their preferences (sex, gambling, drugs etc.) with a view to future "co-operation".

I was therefore appalled when looking at current information security skills frameworks to see how little attention there is to processes for selecting and vetting recruits (even topics as basic as "how to check a CV" appear missing) and for monitoring personal behaviour (where is there anything about processes for colleagues to report concerns over suspicious behaviour?). 

The relevant paragraph in my report to e-Skills read as follows: " Financial services organisations are concerned with the motivation and not just competence of staff and several sectors and professional bodies have mandatory requirements (e.g. the Chartered Institute of Securities and Investment programmes to develop and assess attitudes towards good practice). The FLSP has specifications covering the recruitment, selection and retention of colleagues. There is a good case for co-operation with the CPNI  and the Chartered Institute of Personnel Development (CIPD)  on shared modules, including processes for CV checking and behaviour monitoring (including over social media)."  I was therefore delighted to learn last week that the CIPD was not only happy to lead on work in this area but has already assigned staff to do so.

The context and full list of areas that need to be better addressed was included in the summary of my report:

Key Constraints and opportunities

•    The UK Financial Services Industry is internationally focussed not UK-Centric.
•    The drivers are a mix of fraud prevention, resilience, customer confidence and compliance.
•    A focus on cyber and information security results in contact being delegated to those with operational rather than budget responsibility.
•    Roles which do not require understanding of the business are increasingly "co-sourced", to joint operations serving a peer group and/or to trusted partners providing securities services. Those roles which are not outsourced commonly require skills mixes which cut across professional boundaries.
•    It is therefore easier to get support for adding security components to employers' existing training and continuous professional development and update programmes but the degree of "outsourcing" and "co-sourcing" means that the in-house skills to organise such additions are often lacking.
•    It appears (needs to be confirmed) that it is more effective to promote action on the part of those with budget and strategy responsibility via sector-based peer groups.

The Skills Gaps identified to date

•    There was favourable comment on the e-Skills "Learning Outcomes Draft"  as a check list to aid the assessment of recruits

•    The Generic Gaps, common to all sectors, found to date were:

o    Mobile: including identity, authorisation, data access, transactions and privacy
o    Big Data: both for detection and for protection
o    Cloud: including secure access and regulatory and liability issues
o    Website Security, including and the handling of abuse and impersonation
o    App Security, including the application of security by design disciplines
o    Collaboration across cultural and professional boundaries  
o    Process Control: alias SCADA, Internet of Things, Ubiquitous computing

•    The Sector Specific Gaps, albeit often with common underlying disciplines and technologies, were:
o    Putting risks into business context and justifying spend
o    Intelligence led Security: direction, collection, analysis, reporting
o    Access Control: who has access to what, under what circumstances
o    End User Skills and Processes: including for access control and authorisation
o    Vetting and personal behaviour
o    Identity Management: including individuals, organisations and devices
o    Authorisation Processes: including PCI-DSS, HMG, major suppliers/customers
o    Governance/compliance: inc. AML, KYC, SARS, Data Retention and Protection
o    Support for Small Firms, generic and those in the supply chains of large firms
o    Incident Response: damage limitation, notification, consequent liability, public relations etc.
o    Reporting: what to report to who and how, what response to expect.
o    Investigation: forensics, evidence collection/preservation, co-operation with law enforcement
o    Asset Recovery: local (not just in the UK) and cross border

Action Plan

Organise follow up activities to identify priorities, those willing to comment on their needs in sufficient detail to enable suppliers to address them, plus those willing to work together to achieve common objectives in identifying, recruiting and harnessing talents.


Please contact me if you already provide relevant training, are looking for it or would like to help organise and deliver relevant modules. I also remind you that a sector skills council needs to act as a clearing house for those looking at all levels (from end-user and SME, through pre- and post- graduate apprenticeship to continuous professional development) and all channels (from on-line moucs to personalised  face-to-face).   

There are serious business  opportunities in this space which are better addressed  by using the sector skills partnership and exploiting the evolution of e-Skills into the Tech Partnership In that context I also recommended reading the report on which current BIS cyber security strategy appears to be based . I do not agree with the emphasis on commerical opportunities with regard to the SME marketplace (unless the arguments elsewhere about the need for segmentation are taken to also apply to the SME marketplace) but it is, otherwise, more thoughtful and thought-provoking than most such studies.

My big concern is, however, that those who seek to recruit cyber-security specialists on the open market, as oppose to retraining existing long-stay employees, lay themselves open to recruiting skilled insiders who will unlock their defences without them ever knowing  who was responsible.

Younger generations will not have had the opportunity to read or watch "The Consultant"  written by John McNeill, one of the founders of Logica. It was supposedly based on a case study he used when advising clients on the risks of hiring information security consultants whose provenance they did not know.

Plus ca change ...

When IT fails to meet politics: why the non-discussions at the 2014 party conferences were so dangerous.

| No Comments | No TrackBacks
| More
 Antony Walker's summary of the differences between the Labour, Conservatives and LibDem conferences  on the TechUK website Is excellent but should  be read alongside a rather less polite commentary in the Register on the similarities between them. There are overlaps between the indivduals involved in the "Number One in Digital" exercise, (which he aptly describes as a "Beta version" of a policy study) and those who have volunteered to help the Conservative Technology  Forum Digital Infrastructure working group (the second of the CTF policy studies to get under way).  Both groups mix digital enthusiasts and political activists with "determined optimists" (scarred from trying to deliver improvements in practice), although the balance is different. 

The bigger differences are, however, within the parties.

They reflect tensions between the different interest groups trying to influence politicians of all parties. They particularly reflect a growing gulf between the lobbyists of currently dominant suppliers and the electorate - the users whose needs their clients claim to meet, while not listening to their concerns or, worse, patronising them. "You can tell some-one from IT, but will they listen."  

Most of the world is now on-line . It has lost its naive faith in the good will, let alone competence, of its current suppliers. Antony Walker may well be correct in thinking the Labour Party gives a higher priority to those who lack the skills to use conventional PC-based technologies but activists in all parties appear equally concerned about those who cannot get a connection or signal that is fit for purpose for transactions over mobiles. I was genuinely delighted with his perception of the embrace of a "Schumpeterian model of discontinuity"  within Conservative thinking (by original discipline I am an economic historian). But this can also be found within the other parties. Schumpeter, like Marx, believed in the death of capitalism and UKIP supporters would argue  that the Westminster village has sold out and only they believe in "capitalism not corporatism"

The similarities between the mainstream parties should facilitate co-operation in identifying who is lobbying for what and why. But we need to remember that the stakes may be even higher than the untaxed $billions currently haemorrhaging from the UK into offshore tax havens or supposedly being lost to piracy. We need to address the issues that divide the industry and set the "digital by default" and "big data" enthusiasts against the bulk of the electorate, (if research by IPSOS Mori is to be believed). We also need to address the  practical issues of delivery that set both Local Authorities and the "Silos of State" (and their respective Shadow  Ministers) against the Cabinet Office (and the Shadow Cabinet Office team).

For the second year running IPSOS  MORI and the Royal Statistical Society organised event at all three parties using data analysing public trust in various groups. This year the analyses distinguished between trust in organisation as a whole and trust in their ability and/or willingness to look after our personal data.  The "trust deficit" for internet service providers was greater than that for government and significantly greater than that for law enforcement. The shows clearly now much the public dislike and distrust the advertising funded business models of Google, Facebook and  Twitter but feel they have no choice.  That is a very dangerous position for even dominant players to be in. It helps explain why George Osborne singled out the tax avoidance behaviour of the technology companies 

Antony Walker mentions the LibDem enthusiasm for a Digital Bill of Rights. This appears to be shared across the rank and files of all parties (although the IPSOS Mori data  is not split by political allegiance). David Willetts led a very informal Conservative Technology Forum  discussion that was supposedly to be about Cybersecurity but homed in on the need to reconcile the privacy, surveillance, confidence and choice agendas in ways that would help position the UK as a globally trusted location of choice.

One of the more unpleasant messages for the ISP and Internet communities is that UK voters appear to trust GCHQ rather more than they do Google and to trust the Metropolitan Police (for all its problems) rather more than they do Microsoft. It also appears that they would prefer to support effective action against on-line predators than protect an increasingly illusory anonymity and support information sharing across government while being higly suspicious about sharing between industry players or between government and industry.
Were UKIP to offer user choice, in line with such priorities as part of a technology manifesto reflecting  views common to  ream which won them the European elections in May. the response of the other parties might well cause industry lobbyists  to pay rather more attention to the need for realistic responses to Sir Tim Berners-Lee's call for a Magna  Carter  for the web. He put that call into commercial and political context   in his address to the Lord Mayor, Aldermen and Common Council of the Corporation of London when he accepted  his honorary freedom  It was the first event I have attended as a Court Liveryman of the Worshipful Company of Information Technologists and it was good to see how well his challenging comments went down. His text does not appear to be available on-line (an odd piece of censorship given that, as part of the ceremony,  it was formally entered into the official roll of the City in front of several hundred  witnesses) but he built on the past role of London, working with its peers, from the days of the Hanseatic League onwards, in imposing international agreed standards of behaviour on the governments  of the day.
Another thread of discussion during the reception in the crypt undeer the Old Library after his speech, was the state of play with campaign being run to improve the quality and speed of broadband connections available to small firms in the City  That leads me back to a topic that was almost taboo at the party conferences: Broadband. When  I asked the audience at the informal launch of the CTF Digital Infrastructure study  if they were content with their broadband less than half a dozen hands went up. When I asked if the were fed up with their service, about 30 hands went up. The other half of the audience was disenfranchised, having a glass in one hand and a plate of sandwiches in the other. There is a strong groundswell of political discontent, particularly among those trying to put their SMEs on-line or to grow high tech businesses. 

There was similar frustration among those pressured to use "digital by default" public services over lines that freeze or go down when they try to download documents from government websites or complete transactions on-line.   It may be no accident that UKIP, which is said by many to be more effective than the mainstream parties in its use of social media, appears to be gaining strength in areas with poor broadband.  The digital infrastructure issues do, however go well beyond "mere"  broadband and my own views on the scale of change under way are now on record .

All three party conferences featured events on skills and training, particularly apprenticeships and the cost of education. The issue of employers who import skilled staff rather than train their own is another area where there was a disconnect between IT industry lobbyists and the party faithful.  Conservative and Labour MPs may express support in private for a "smart immigration" policy but few would dare do so in public - unless and until the concepts are fleshed out, particularly the means of deterring and reducing abuse, as with the group of "skilled programmers" with impeccable paper qualifications, who lost contact with their courier and were discovered to be almost illiterate, with little English and no computer knowledge.     

The pressures are mounting for an exercise which  addresses the reasons why we have yet another round of domestic skills shortages and (or rather mismatches) and finds constructive ways forward for a world in which career paths and R&D teams are increasingly global and UK universities depend  on fees from overseas students. Unless the mainstream parties find realistic policies which address both skills and immigration we risk pressure to add further layers  of  irrational, ineffective and counter-productive controls, which deter those whose skills and enterprise we want while allowing in those we do not.  Hence the reason the CTF 21st Century Skills working group is tasked to try to address the meaning of "smart immigration" as well as the means of breaking out of ground hog day.

Once again, however, this is an exercise that is much better addressed on an all-party basis and, as requested at the first meeting of the Digital Policy Alliance skills group, I have summarised the material I have on file in a submission to the current House of Lords enquiry  There are some obvious ways forward that could command consensus support across all political parties but these are incompatible with the current staffing models of several major  technology employers.  Hence the need either to persuade those employers to help pilot the business models of the future or to help their, as yet, embryonic future competitors put them out of business.

Perhaps that is where there is a real difference between the parties - "persuade" and "help" rather than "plan" or "regulate" . But, in practice, even that difference is more imaginary than real. Meanwhile UKIP would  argue that the big difference is that they wish to see such issues debated in public rather than behind doors in Westminster.

They will have that wish, because, for good or ill, the 2015 election campaign is now under way. Remember that those who do not speak out get stitched up. Join the party of your choice and be active including via their policy forums. 

P.S. I have just been browsing the most recent Yougov. Apparently over 80% think taxing Google properly would be a good idea but only 20% think HMG will succeed. Half support more Internet regulation and nearly 70% support more surveillance to help prevent terrorism. Interestingly while 60% feel that social media have had a positive effect on society, only 14% feel it has been very positive. I was surprised to discover just how well my own prejudices (alias well informed opinions) gell with the majority of Yougov respondents. I had thought I was more of a maverick but found myself in the minority on only a handfull of issues - some of which surprised me - such as the strong support for windmills.   

There is no shortage of cybersecurity talent - only of employers willing to retrain their existing staff or recruit trainees

| No Comments | No TrackBacks
| More
I have said this before and I will say it again, when I blog on the next stage of the work with which I have agreed to help e-Skills, but the objective of this blog is to draw your attention to some of  the FREE training available to upgrade the basic security skills of all staff, whether in large firms or SMEs.

BIS recently e-mailed its contact lists to draw to attention the launch of 3 new free cyber security online training courses, funded by the National Cyber Security Programme. These courses are aimed at all levels, from young people through to existing employees and, according to BIS, represent an excellent opportunity to develop skills in the IA arena.


Introduction to Cyber Security MOOC

The new Introduction to Cyber Security Massive Open Online Course (MOOC) will begin its first run on 13 October.  The free online course has been developed by the Open University in conjunction with BIS, GCHQ and the Cabinet Office.  It will cover subjects such as network security, the threat landscape, cryptography, malware and how to manage security risks.  The course is open to everyone - from young people considering study or a career in cyber security, to existing employees wanting to improve their knowledge and skills, or members of the public interested in staying safe online.
8 modules will be delivered over an 8 week period, with each module expected to take around 2 to 3 hours of study.  The course will be run 4 times a year for 3 years, and has the potential to reach 200,000 students in this time.
Thousands have already registered for the first run of the course, but the beauty of a MOOC is that there is no limit on the number of students taking the course.  This means that there is still time to sign up.  Click here to register or ask for more information
Cyber Security Training for Lawyers and Accountants

On 6 October BIS launched a free online training course to help members of the legal and accountancy professions protect themselves and their clients from cyber- attacks.  This will help UK businesses protect themselves from information breaches and other threats that could potentially cost them millions of pounds.
The course will increase awareness of common cyber risks and threats they may experience in the workplace and how to prevent and deal with them. It provides advice on how to safeguard digital information, raise awareness of cyber issues amongst clients and gives examples of how to deal with issues such as information breaches in the workplace. It has been developed by BIS in partnership with the Law Society; the Institute for Chartered Accountants in England and Wales (ICAEW) and Solicitor's Regulatory Authority and can be accessed online via the Law Society website.  The course takes around an hour to complete.
Responsible for Information Training for SMEs

Also launched on 6 October by the National Archives was a short e-learning course which provides guidance to small companies on how they can better protect their data and get to grips with the risks associated with information security. This builds on the successful public sector "Responsible for Information" training which has been delivered to more than 200,000 civil servants.  The course can be accessed online and takes around an hour to complete.


DCMS Select Committee call for inputs on the performance of Ofcom

| No Comments | No TrackBacks
| More
I apologise for not having had time to blog over the last week or so. First came the rush to get inputs to the Digital Communications Infrastructure Strategy consultation by October 1st. Then came preparations for the launch (at the party conference) of the Conservative Technology Forum studies on the creation of 21st Century Digital and Skills Infrastructures. I reproduce the text of the flier for the CTF study below and will blog on the Skills study next week. I also plan to blog on the growing political divide evident at the party conference between the "IT establishment" (Big Data, Big Systems, Big Business, Big Government) and the majority of voters (who apparently trust their ISP or Telco with their data little more than they would a journalist and even trust Government more than they do on-line retailers like Amazon).

But have just been reminded of the Department of Culture Media and Sport Select Committee call for inputs on the performance of Ofcom . The Committee meets with Ofcom once a year to review its performance. This is your opportunity to suggest the questions they should be asking. The deadline for written submissions is 13th October. You should also note that deadline for inputs to Ofcoms next Annual Plan is 15th October. As always their document inviting inputs leaves our any mention of the needs of business users (large or small). The consequences of the omission of this from their statutory priorties are now all too apparent and need action as a matter of urgency - bypassing Ofcom if that is what is necessary.   

I have already been copied with half a dozen submissions to the DCIS consultation for use in the CTF policy study and understand that INCA plans to put those submitted by their members and partners in website and DPA may do likewise, also cross linking to INCA. Several of those that I have seen are very critical of Ofcom's track record as a competiton regulator, particularly with regard to services for business and charges for access to BT's infrastructure. Now is the opportunities for Ofcom's critics to suggest questions for the Select Committee to ask. 

Text of the flier for the CTF Digital Infrastucture study:

How do we create and maintain Digital Infrastructures for the 21st Century?


In his first speech as DCMS Secretary of State (July 2010), Jeremy Hunt quoted Eric Schmidt, CEO of Google that "it is now vital that businesses and government build their strategies around the Internet". The Internet and the communications infrastructures over which it runs are changing at an accelerating pace. Society is increasingly dependent on seamless on-line services that are always available. We can no longer afford to base policy on simply extending the life of half a dozen increasingly fragile, 20th century, semi-incompatible, pre-internet, fixed and mobile telecoms networks. We need to look at how to facilitate and expedite the transition to a seamless mesh of fully inter-operable services that collectively provide the necessary post-internet resilience.


Policies based on protecting returns on past investment and extrapolating the business models of current communication and internet service providers risk locking the UK into a dead end. We need to encourage investment in "future proof" services, including to locations and communities not currently well served. That requires government, to act as pro-active and intelligent customer, mandating open inter-operability standards, including IPV6 (the next generation of the Internet) for its own procurements. It also requires encouraging and assisting local authorities to pool spend on their own service delivery needs and economic development responsibilities, using the Social Value Act, with local businesses and property owners, in order to help pull through investment, via both current national operators and the new community network builders, in world class local access.


The study focuses on the actions necessary if we are to use market forces to deliver world class, socially and commercially inclusive, inter-operable, UK digital infrastructures. The topics include:


1)     Basing a Universal Service Commitment on "guaranteed" access to services that are "fit for purpose", with purpose including the effective use of "Digital by Default" services.


2)     Ensuring candid, accurate and meaningful information on prices, capacity and performance, particularly with regard to services to business.


3)     Improving guidance for local government and other public sector organisations on good practice in planning and procurement


4)     Mandating and supporting open Inter-operability.


5)     Providing the political and regulatory certainty needed by infrastructure investors while  responding to problems, particularly abuse by dominant players or local monopolists.


6)     Improving the skills of government as an intelligent pro-active customer and robust anti-trust regulator.


7)     Ensuring confidence that infrastructures are indeed sufficiently secure and resilient for those whose lives and businesses will depend on them.


The intention is to involve industry experts in round tables with relevant professional bodies and trade associations. The material will be digested for political use and tested with prospective parliamentary candidates for constituencies where broadband is a known hot topic. The results will be forwarded to ministers and to local councillors to help them drive local initiatives as well as to the 2015 policy team.


How do you participate?


Visit the website http://www.conservative-technology.org/  Click on membership, download the form and join. Join the discussion group on Linked In. Please also send  an e-mail with note of your interests and expertise, including relevant professional and/or political experience, to the CTF Vice Chairman, Policy Studies:  philip.virgo@btconnect.com

Readers will note that the questions are different to those answered in the recent "Number One in Digital" study published by the Labour Party. That is partly because we expect to address subjects like the tension between "Digital by Default" and socially inclusive public service delivery separately and partly because we want to focus on how to achieve results at affodable costs but also because there is little point in asking the same questions of the same audiences (several of the lead participants have already helped the Labour party study). Where there is agreement across the political divide we aim to flag this early on, probably via the all-party Digital Policy Alliance, so that actions can be brought forward to before the election purdah.    

How many times a day, week, month or year would you be dead if your Internet connection was your life support system. I have been aware of only two hiccups on my BT Infinity Service since it went live a couple of years ago (one was fixed with a simple router reboot, I blogged a couple of days ago on the second). But my e-mail, search engine and browser services regularly stop for long enough for me to be dead if my life depended on them. It is usually because their fights with my security software have reached stalemate and I have to reboot the system in order the clear the blockage. Meanwhile one of those with whom I work, who lives in a rural area, has just apologised for a late response after a ten hour outage last night

 The round table that I chaired last Friday to help drum up responses to the DCIS consultation on communications infrastructure strategy went even better than I had hoped. We had participants from BCS, C&G, CLA, FCS, FISP, FSB, INCA, ISOC-UK, INTUG, the LEP Network, NEN, PSNGB and TechUK as well as a number of major suppliers and users representing themselves. There was agreement on the need for three or four messages to explain to politicians why they need to provide the political and regulatory certainty that will enable investors to bring investment decisions forward to before the election purdah next year. The meeting report is available on the DPA website http://dpalliance.org.uk/wp-content/uploads/2014/09/20140912_DPA-Comm-Infra-Meeting-Report.pdf and several of the agreed follow up groups have already started work. PLease do not feel excluded. If you wish to participate and are not active in one of the groups listed above please visit the mebmership page of their website and e-mail for details of how to participate via the DPA.

 I was on best behaviour on the 12th and the meeting report reflects the collective views of the meeting, not my own. That said, the only significant area of difference is that I believe we need to spell out the consequences of regarding communications as a critical utility on which 21st century life depends. I should, however, be honest. The importance of this only dawned on me as I read the some of the sub-group e-mail trails after the meeting. These put flesh on the implications of some of the headline discussions as the volunteers discussed how to handle, for exmaple, the multl-headed hydra that is open inter-operability. .

The current lack of clarity helps explain why current debate can polarise between those who claim our communications infrastructure is creaking at the seams and those who lament that their networks are under-utilised. Applications which require 100% availability, such as personal life support or business critical supply chain systems, have low data volumes. Meanwhile volume demand from teenagers and their parents can fluctuate wildly and degrade response times even over nominally high speed lines.Then ther are all the other factors that affect delivered response times and throughput.

We expect other utilities to plan ahead to provide capacity (and a margin) for peak load, e.g. the coldest day of the year or the commercial break in the middle of Coronation Street.

We placidly accept the "World Wide Wait" when communications networks run out of capacity. 

The Internet  is built on "best efforts" with no guarantees. But those who want a world that is "digital by default" fail to appreciate the consequences. I was given an example recently of a small firm whose terrestrial and  4G connections (fine for the rest of the week) regularly become unusable on Saturday mornings, their weekly peak. Farmers often face a similar situation, unable to go-online to do DEFRA or other paperwork, let alone browse auction sites for current prices, in the evening when their children, or their neighbours' children, are doing homework and/or socialising.

 But who will pay for the extra capacity - and how?  

 Until the recent above inflation jolt in line rentals, the revenues of both fixed and mobile operators were falling despite sharply rising traffic volumes, because competitive pressures have forced them to drop volume related charges at the same time as entering a discounting price war. Meanwhile new technology gives the new entrants the potential to build and operate networks at well below the cost structures of the incumbents, even before the latter cross subsidise the purchase of sporting rights to try to their increase their share of the "discretionary spend" available to hard pressed parents and their children.

There are many investors willing to fund local fibre to the home or business premises, using a variety of business models, but many of their invesmtent models depend on landlords and property owners paying up front for installation and/or tenants committing to a period of service long enough to cover the cost of connection.

Those seeking to tap such funds face a number of obstacles:

 1)     Regulatory disapproval of discounts for term contracts or favourable rates for up-front investors.

2)     The availability of affordable backhaul - one provider of local fibre to the premises networks is said to have turned down over 70% of proposals because this is not available locally

3)     Confusion and delay regarding local planning and infrastructure sharing, adding 25% and upwards (sometimes even quadrupling) to cost and weeks, months or years to timescales.

4)     Political and regulatory uncertainty, deterring major investors.

One of the conclusion of the meeting on the 12th was that the last of these was the most significant.

Hence the importance of agreeing three or four key messages to concentrate the minds of politicians so that incumbents can get better terms for raising funds to upgrade and extend their networks at the same time as new entrants address local markets that are uneconomic for national players.

You get what you pay for when it comes to service. Why I would not risk switching from BT even though it costs more.

| 2 Comments | No TrackBacks
| More
This afternoon my BT Infinity line went down. Luckily I was able to browse the net over an old netbook using Vodafone and find a phone number (after the BT website I Googled told me my number was invalid and would not let me use online reporting: I suspect I was looking at a consumer website for a business line - but it did not tell me).

Once I rang the phone number I was, however, impressed.

A nice Scots girl answered almost immedately and asked for the phone number and details.

She had my account details up, again almost immediately and talked me through a series of tests using software already downloaded into my desktop as part of the Infinity package, giving me a quick commentary on what she was asking me to do and why.

She concluded that there was a problem and put me on hold for five minutes while she ran a fuller set of diagnostics and consulted her supervisor.

Almost immediately the line came back up,

She explained that running the diagnostics might well have alerted the exchange to the problem and/or that I was affected by a problem on which they were already working.

She also said that the fault would be reported anyway for attention tomorrow morning, but it might well be that response would simply be that the fault had been found and corrected.

The whole process took barely thirty minutes, from start of phne call, compared to the fifteen minutes to get through and hour to blag a engineering visit of my last problem (which admittedly took the engineer over four hours of work on line, cabinet and exchange). That was, however, a great improvement on seven to ten days to get an engineering visit booked, when I had two services (one BT, one not), during the collapse of customer service that followed local loop unbundling, Luckily my dual sourcing worked. Both lines passed through the same physical exchange building but never went down at the same time.

I may gripe about the need to have proper competition with regard to the construction of new network capacity and the lack of network inter-operability when it comes to operations and maintenance. But I remain a BT shareholder and my own multi-sourcing will include a BT service contract for the foreseeable future - and I am content with extra that I pay for that service. BT may be part of the problem with regard to the current faltering communications competition scene but I have no doubt that it is also part of the long term solution.

If I did not have BT Infinity would I think differently? Quite possibly. Would I like to dual source with a separate gigabit fibre to the premises link if BT did not offer me such an upgrade? Quite possibly. Do I feel sorry for those without such a choice - most definitely.      

Among the more interesting questions in the recent House of Lords call for inputs to their enquiry on Digital Skills were:

How are we teaching students in a way that inspires and prepares them for careers in the future workforce in occupations that may not yet exist, rather than the current one? How can this be improved?


How are schools preparing to deliver the new computing curriculum in an innovative way?


How can the education system develop creativity and social skills more effectively?

My answers are now available on-line accessible from the webpage of the new Digital Policy Alliance skills group along with the report of the meeting that minuted me to do a personal submission based on my material covering discussions over the past fifty years on how to respond to technology related skills shortages.

Yesterday, at a meeting of the CyberSecurity Challenge "Talent" group it was pointed out to me that responses to the current Department for Education consultation on Reformed GCSE and A Level Subject Content, particularly that on GCSE Computer Science may be even more important than thsoe to the Lords Enquiry. The wording of the Departments consultation appears to imply that subjects like, for example, network security, will be taught and examined as abstract subjects - without any opportunity to acquire, let alone requirement to demonstrate, practical skills. The is particularly significant given that "what is not inspected by Ofsted and examined in GCSEs and A Levels is likely to disappear from schools, under pressures from parents to perform in leagues tables".

I suggested that network security be taught and examined by attacking and defending the control systems for teams of robots, controlled by raspberry pi (or equivalent) and communicating by radio. This is in line with the philosophy behind the proposal for the original Micros in Schools programme (I chaired the relevant meeting before the 1979 election) and was delovered with the BBC Micro (remarkably well engineered for teaching image handling and process control not just information processing).

I was told that such an approach is not on, because sink schools cannot afford the necessary equipment.  

I therefore urge all readers concerned to see the overdue reforms delivered in such a way as to deliver the results intended to read the consultation and make their views known. 

The logic behind my suggestion that Ofsted be required to monitor the performance of a new "Micros in school" programme includes the changes that will require to the way Ofsted operates, particularly with regard to science and technology. We need to bring back "practicals" to "inspire" those who are not turned on by theory, until they can see it brought to life..

Would the UK be a happier or more sinister if the police routinely wore body cameras?

| No Comments | No TrackBacks
| More
The Home Secretary's suggestion that to save time the police should routinely wear body cameras sparked a rush of publicity, much of it from those opposed to the concept for a variety of reasons, including because it might lead to a fully digitalised criminal justice system  

In my entry for the Leo Anniversary competition in 2001 for papers on "The World and Business Computing in 2051, I summarised expected developments in this area (including the technologies to ensure that the record was indeed unalterable) as follows: "The police electronic notebook, an unalterable record of what the officer or surveillance system saw and heard, will transform the legal process. Lawyers will then create a new world of obfuscation about what it meant." The technology is supposedly in widespread use in the US and reports to date appear to indicate that it leads serious savings in time and paperwork, better behaviour (by both police and culprits) and more guilty pleas in return for quick trials although the first serious trial in the UK to test whether changes in behaviour against a similar control group who do not use cameras, only started in May. The US claims might also need to be treated sceptically since according to comments in the Wall Street Journal, they think we are ahead and forces like Fergusson had apparently bought the equipment but not deployed it.

Before blogging on the issues I therefore decided to ask the following question of those on the FIPR circulation list: "What are the issues surrounding the use of recordings from police body cameras instead of memories prompted by notebooks written up after the events. This would appear to be a welcome development allowing major savings in police and court time and a reduction in miscarriages of justice. What, if anything, am I missing? What other issues arise?"   

As expected I received some very thoughtful replies and I will take the liberty of reproducing the chain without comment or attribution - although I will be delighted to add attribution is requested.

The first comment was: 

"The police and the CPS will have to review the recordings - possibly rather a lot of them in some circumstances. They will all have to be reviewed for disclosure and then disclosed to the defence. The court will need to see them and the defence may challenge any editing to remove unnecessary footage. It's not clear to me that time will be saved. Some of the recordings may be open to ambiguous interpretations - which could actually lead to the CPS declining to prosecute in circumstances where a crime really has been committed and a notebook record would have secured a conviction. The recordings are likely to contain people other than the defendant - all captured without their informed consent. Where will these recordings end up? Maybe on some reality TV channel. I'm sure there are other issues."

Then came:

"One problem will be a loss of the power of discretion. If an officer (and thus their always-on camera) sees something that could be treated as an offence they may feel obliged to arrest and prosecute where without the camera they might choose to handle it in a different way.

For those interacting with officers there could be other effects. You are no longer just talking to a policeman: the camera represents an unknown number of other people with other agendas who can use your words against you later.

We have to assume that in the near future it will be standard practice for all police camera footage to be analysed by computers and stored effectively forever, so everyone within sight/sound of a police officer would be well advised to hide and be silent 'just in case'...

Are conversations with police officers protected by legal privilege? I suspect not. Suppose you see a fight in the street, run off to find an officer, and gasp out a garbled account: will your confused first impressions be held to be slander against the people involved? (or does
the recording make it libel?)

That contribution led to the comment: 

"That suggests such recordings should only be used "without prejudice"

To which the reply was:

"I don't really know what that would mean in this case.

I would have thought that the recordings should be usable in evidence, particularly if the recording devices and procedures are carefully designed. It may be necessary for the officer to appear in court to support and validate the recording.

As with all surveillance technologies, the technology itself is neutral but the data can be used for good or ill. I have no problem with police body-worn cameras provided there are strong rules around the use of the recordings. I would want the technology to support the officer in their duty and to provide accountability if they misuse their position, but I would not want it to become a big-brother-style intrusion that affects their behaviour in other ways.

Here are a few ideas. What I am aiming for here is the equivalent of a perfectly-honest policeman with a perfect photographic memory and good drawing ability, and I don't think anyone could really object to that!

1)    Video and sound recording to run at all times while the officer is on duty. We don't want any 'conveniently lost' recordingsso maybe the devices should just run constantly.

2)    Recordings to be stored securely for a defined period of time, then to be deleted unless required as evidence for a specific case.

3)    Recordings may *only* be accessed in defined circumstances:

* By the officer in person, in order to make reports, support a case, or defend themselves or others.

* By an officer investigating a specific complaint or incident that the recording officer was involved in. The system should constrain this access by time and/or location of recording.

Other constraints may be needed here to avoid creeping surveillance.

* Where a recording shows a person who is charged with an offence, that person's legal representatives should be given the relevant part of the recording plus enough before-and-after data for them to be certain that they have the full story.

4)    There shall not be any routine trawling or analysis of recordings.

5)    Recording devices to be tamper-resistant, to record GPS time and location data at 1-minute intervals, to encrypt all data such that it can only be recovered using keys held elsewhere, and to sign all data so that the identity of the device can be reliably determined.

6)    Officers to ensure that the recording includes their own face, voice, and shoulder number at least at the start and end of the shift.

7)    Recording format to be designed so that parts of the recording can be extracted for use as evidence without losing the security and authenticity features mentioned above.

Other things could be added, such as recording the IDs of other such recorders nearby.

The final comment was

"We should remember that the purpose of these devices is twofold: to protect the public from the brutal or dishonest officer, and to protect the officer from malicious allegations.  There is therefore a significant benefit of having the device working.

XXXX's points are good, but the first is not yet viable with the battery power readily available, so it may be better to state that the onus of ensuring the recorder is running at the appropriate time is on the officer, and any investigation into her/his conduct when the device is not running will lead to the investigator drawing the appropriate inference. However there will then (either in this case, or the always on scenario suggested by XXXX) be the problem that officers will hold back if they suspect that their device has failed for any reason.  This may lead to some unfortunate consequences and needs to be thought through carefully.

Most of the above points already appear to have been addressed in the US, where their claims and ambitions are more ambitious . My personal conclusion is that the more modest objective of linking the policeman's notebook to annotated video logs is most definitely "an idea whose time has come", whether the motive is to save police and court time or to improve justice. The knowledge that the activities are being recorded might even help reduce (or at least displace) crime. The issue of ensuring the digital record is any more trustworthy than a policeman's notebook is, however, non trivial. And what about private video logs.

I should perhaps add that for my 2001 paper I assumed the use of secure analogue worms (write once, read many) after the world had lost faith in anything digital.  

Reconciling the Cabinet Office Digital by Default strategy with DCMS Digital Infrastructure Strategy

| No Comments | No TrackBacks
| More
The responses to my attempt to drum up inputs to the DCMS Digital Infrastructure Strategy Consultation are beginning to come in and it looks as though the short order round table to begin the process of identifying who is willing to work with whom on what will be over -subscribed and more of the exercise will have to be done on-line, using services like that on which I blogged earlier this week. The inputs to date range from calls for better control over BT's pricing policies to action to prevent growing social exclusion - by firmly linking the implementation of the Infrastructure strategy to that of the Cabinet Office Digital by Default agenda, to ensure universal access to on-line services that are "fit for purpose". The means would include extending the mandatory PSN and G-Cloud use of international inter-operability standards to include IPV6 to ensure future compatibility with the rest of the world. 

There is a predictable split on whether the strategy should be based on centralised planning or on nabling market forces and local initiatitive to produce solutions that evolve over time. That split is not just between "left" and "right". I suspect neither side is "right" or "wrong" and that we will need a traditional English (Scotland and Wales have their own policies) compromise to get the best from both approaches. We have a good model with Government "strategy" toward the railways in the 19th Century, after Prince Albert failed in his attempts to get the railway network centrally planned. The Government used procurement, particularly Admiralty and Post Office "mail contracts", to support and expedite the lines it wanted for strategic reasons. And every line that wished to use compulsory purchase for parts of its route had to have a Private Act of Parliament - thus funding the start of the Westminster lobbying industry.

Unfortunately many of the players of today are still using nominal speeds and/or other technobabble as a proxy for "fit for purpose" when setting their targets. I have had to use follow up e-mails to tease out what was really being called for. Thus DEFRA believes that a 2mbs sevice is adequate to do Rural Payments Agency submissions on-line. But they appear to mean a genuine 2mbs", actually delivered, not "best efforts to deliver up to 2mbs, fluctuating according to contention etc." Over 20% of farmers do not yet receive even the latter. It is unclear when they will do so under current plans. Hence the the new agriculture minister's announcement (when talking of the new on-line services) of help for those who will need to use, as yet unspecified, Assisted Digital routines. Hence also the reason for the Country Land and Business call for a 2mbs "Universal Service Obligation", as opposed to a "Commitment". A guarantee that two 2mbs will be delivered is a much stiffer target than a commitment to provide an "up to 2mbs" service. Stephen Timms was well aware of this when he used the former, when giving an unscripted response to a call for the latter, at the 2009 Parliament and the Internet Conference. Officials have been backtracking on this, under pressure from network operators, ever since.  

That leads to the question of the quality and cost of service needed to reconcile the government agendas of social inclusion and digital by default. I will begin with quality of service and the vexed question of whether faster line speeds give faster services.

Ofcom has just issued some rather patronising guidance on how to speed up your broadband It left out the two main causes of slow response over supposed high speed lines:

  • advertising bloatware: including tracking software which fights with common security software for control, causing the system to slowdown or even hang and
  • traffic management: alias bandwidth rationing, particularly at inter-connection bottlenecks.

I recently mentioned how bloatware can negate the benefit of moving from 7 to 70 megs, linking to my previous call for action by the members of the "Reform Government Surveillance Group" to address this problem if they are serious about the interests of their customers. Resolving this problem is the responsibility of those who wish their customers to access their services on-line - beating up the Internet community and boycotting those who insert intrusive tracking services, as necessary. Government and regulators do, however, have a role in ensuring that consumers have genuine choice. We need to review the role of Ofcom and others in this space, perhaps viewing Browsers, Search Engines and Security Software as part of the communications infrastructure. This shades, of course, into 2015 and the case for an electronic Magna Carta which applies to the Barons (e.g. dominant ICT and ISP players) as well as the King (State).   

Last week I was told that one of those taking a domestic gigabit service from Hyperoptic was receiving little more than 300 megs (as measured by his speed tests) and no better response than from a 100 meg link. The main cause was thought to be traffic management, beginning with where the Hyperoptic fibre linked to the BT network. Incumbents and dominant players like to like tell us that bandwidth rationing is not a problem in the UK and that the net neutrality debate is peculiar to the United States. They are lying. The UK Internet still has more bottlenecks than a brewery. Traffic rationing  is a very real and growing issue in many parts of the UK and requires public debate. It should be raised by those responding to this consultation. I hope that some of the members of ISOC will help lift the lid on the cess pit of hidden deals.

But speed and response times are not the main factor when it comes to reconciling "digital by default" strategies with the on-line world as seen by those most dependent on our public sector health and welfare systems. The key questions include:

Are the on-line services of government usable by the target audience?

How is that usability measured?

Section 1.224 in the 2012  Budget papers on  "Reforms to support growth" read as follows:

"The Government is setting an ambition to make the UK the technology hub of Europe. To support technological innovation and help the digital, creative and other high technology industries the government will ... [after a list of other actions]  .... transform the quality of digital public services by committing that from 2014 new online services will only go live if the responsible minister can demonstrate that they can themselves use the service successfully".

No wonder Ian Duncan Smith is refusing to allow the new DWP systems to go ahead until they have been shown to meet the needs of the target audience. Or has this commitment been quietly dropped as part of the drive for Digital by Default?

Is that why Treasury has exercised its right to be forgotten and the link to the Budget papers from my blog (at the time) no longer works?

A BCS survey of an audience expected to have above average understanding of accessibilty issues indicates that the number requiring "Assisted Digital" support is likely to be very much higher that assumed by the "Digital by Default" enthusiasts. This is partly because of the low level of awareness and understanding among those developing systems and partly because of the lack of motivation among those commissioning them. Hence the need for those wishing to see a faster transition to listen to "OneVoice for Accessible ICT Coalition". I hope that the Coalition will make a robust submission to the DCMS consultation.  

Finally there is price.

BT's recent price hike for the mandatory telephone service that goes with any broadband contract has been called a "Football tax" . That and the growing divergence between "headline" wholesale and retail prices accompanied by the plethora of special offers for those who change supplier might be taken as evidence of a profound failure of regulatory policy which needs to be looked at by the DCMS Select Committee when it next meets with Ofcom.

I will stop there and go back to collating more of the inputs that have just come in.       

Launch of on-line consultation on inputs to the Digital Infrastructure Strategy

| No Comments | No TrackBacks
| More
While working through the invitation for the round table I am helping organise on 12th September to help drum up inputs to the consultation on the Digital Infrastructure Strategy I was contacted by Lindsey Annison regarding an exercise to put up an on-line service to enable those unable to get to meetings and not active in those professional bodies, trade associations and interest groups which are planning submissions to make their members' views known. The on-line consultation service is organised by TecQT and uses DigressIT. I am delighted to say that this is now live .

I look forward to seeing how this service is promoted and used in practice. I have observed many exercises to organise on-line consultations using a variety of tools, beginning with that organised by the Select Committee scrutinising the legislation to create Ofcom. That  committee received approximately 500 on-line responses, which was about the maximum they could handle with the resources they had available.   

P,S, I have been disappointed, but not surprised, to discover that some of the best known names in the on-line world have not spotted the importance of the DCIS consultation to the future of their UK operations.

I think this is because the jargon, including "DCIS Consultation" and "Digital Infrastructure", conceals the range of topics that need to be addressed: from social exclusion (inner cities and rural communities), through net neutrality (alias traffic and bandwidth rationing at network and interconnection bottlenecks) and planning (including to turn potential infra-structure clashes into shared security) to business models that ensure those who benefit reward those who pay.

UK employers need a level playing field when it comes to skills

| 1 Comment | No TrackBacks
| More
At the first meeting of the new Digital Policy Alliance skills group it was agreed that, rather than try  to agree a  collective submission to the House of Lords Digital Skills Committee we should encourage all member to make their own and that I should make a personal submission using the material I have on file, including from previous EURIM (now DPA) exercises. I have now done so, using material from the interdepartmental working group of the Department of Education and the Science and the Ministry of Technology (set up in 1965) onwards. In 1967 they recommended the establishment of a "National Computing Centre" to address the expected shortage of systems analysts by 1970. In the mid 1980s the then Director of the NCC enveigled me into spending five fascinating, but ultimately futile, years finding solutions to to the problems of the day. I think we found them. But they were unacceptable to officials and ignored.
Over the past couple of weeks it has been interesting to note how much and how little we have progress since then.

I had always known that our tax regime put UK employers and contractors at a disadvantage against their overseas competitors but until I checked some of the current HMRC small print I had not realised how serious that could be. One example is the apparent exemption from national insurance for up to a year for those employed by contractors back home in Brazil, India, Russia or the Ukraine. More generally accommodation and travel expense allowances subject to income tax for uK employees are often similarly exempt. Then there is the comparative tax position of spend on training and career development, whether funded by the employer or by indviduals seeking to reskill themselves.     

The summary of my submission is as follows:

1.             There have been regular enquiries into shortages of what we now call "digital skills" for almost 50 years. The underlying cyclical pattern was identified in the 1980s. Recession accelerates the decline in demand for old skills and delays investment in training for the new skills that are taking their place. Recovery sees a "crisis" and another round of studies. No amount of effort in "trying to predict the unpredictable" in order to better target vocational education, will bring about significant change unless we better reward employers who recruit trainees and retrain existing staff more than those who compete for staff trained by their customers or competitors, import supposedly skilled staff or export jobs.


2.             It is currently more economic for many UK employers to compete for skilled staff or import from overseas, rather than train their own. This problem will not be addressed until we level the playing field between those who recruit trainees and retrain existing staff and those who import supposedly skilled "contractors". Some of the latter can be paid tax free allowances for travel and accommodation and exempted from national insurance up to year. This can enable employers to save 50% (sometimes even more) compared to UK staff or contractors with equivalent take-home (after tax and expenses) earnings.


3.             We need to copy our overseas competitors in exempting employees following professionally and technically accredited training programmes from income and payroll (c.f. National Insurance) taxes and allowing individuals acquiring new skills, not essential to their current jobs, to offset the cost against current and future earnings. We also need the same tax and expenses regime for imported staff and contractors as for their UK counterparts. The changes needed also include addressing how IR35  penalises those seeking to keep abreast of changing demand for skills.


4.             When seeking to predict skills needs, we need to distinguish between core disciplines (which change slowly, if at all, over time) and technology, product and service technology related skills where demand can change before the curriculum, let alone content, is agreed.


5.             We also need to find better ways of relating publicly funded and accredited qualifications and courses to current and emerging skills needs and employers' recruitment and training plans, without overloading those who do seek to plan ahead with "consultations" asking questions they cannot answer. The solution entails pooling budgets for demand assessment and forecasting via, for example, consortia of Sector Skills Councils and LEPs, to enable the use of industry strength market research


6.             Few employers can forecast their needs more than a year ahead in the detail needed to plan conventional courses and qualifications. Those able to do so commonly wish to mix and match modules for just-in-time delivery (to meet immediate skills needs) with those for longer term career development across academic and professional disciplines. This presents challenges to colleges, universities and funding agencies. Those willing and able to respond can derive significant earnings from the delivery of short course modules (both residential and on-line) within the global apprenticeship and continuous professional development programmes of major engineering and financial services employers. They are alleged, however, to be actively discouraged by funding councils from doing so.  

I thought of posting the full submission but it is 11 pages and my blogs are usually far too long anyway. 

How consultation overload has led to communications policy paralysis

| No Comments | No TrackBacks
| More
In view of the many hidden agendas behind UK communications policy, I had expected Jim Prideaux  to comment (from a security and surveillance perspective) in reply to my recent post  speculating why the current DCMS/Treasury consultation is as it is - with an imploding list of those to whom the original notice was sent and almost zero press cover.

 Instead I received the following by pigeon post   from one of his former colleagues: "Disaffected of Dollis Hill" , who is concerned for his BT pension. I have changed nothing, not even the typos.


Here are some thoughts that some companies might like to make but cannot. They may shock. So long as people keep buying the things they are supplying why do they need to care?  The truth is that the current process is broken.  There is a possible solution, but no need to provide it because someone probably already did in a consultation response that was ignored.  There are ways to reenergise things - but the aim of this paper is NOT to set them out at this stage.

Some Key Issues

These are just some private thoughts - the main issues that come to mind.

Consultation Fatigue

One of the key drawbacks of the "proto-pseudo-wet-string-Internet" the UK has today is that the Government and Regulators are bombarding companies with consultations - or so it feels from the company "front line."  The consequences of just one inadvertent comment can be catastrophic for individual and/or company, and companies form the East may be less willing to participate at all - or if they do to have a PR driven response which if of far less value than a considered response direct from the staff at the coal face.

Let's look at just one recent example from Ofcom - a principal culprit.  The consultation which closed on 29th August comprised 185 pages - and that was just the main body document!  One thing is certain - companies do not have unlimited time or resources to devote to consultations, so the losers in this may well be the companies - but also those who deterred responses by simply making their consultation too damned long in the first place!  Now the Internet makes it even easier to do this, as only limited hard company runs of consultations are often produced...

 Plus ca Change - so why bother?

Another reason for scepticism on the company side can be the view that this is just an exercise, another "fishing trip," and nothing will change - what value do regulations, or resolutions, arriving late, really provide anyway?  If in doubt "have a judicial review..." seems to be the prevailing mindset if there are real problems.  This is unfair - but we are dealing with perceptions, and these guide behaviours... We will comply with the law, so we are Ok anyway and need not bother too much.

The core regulatory problems in the sector are well known already, but has adequate meaningful progress been made on the scale necessary to keep the UK at the forefront of the Internet revolution?  Whilst this depends on who you might ask, the evidence is pretty conclusive.  We still don't have a superfast broadband infrastructure whilst many of our Global economic competitors do. Worse still there is absolutely no prospect whatsoever of another GSM... 5G will be driven by Asia.  That may not be bad either, but it doesn't matter either way because that's just how it's going to be. Roll with it or ignore it and die.

Below is a list of just a few issues:

1 The Infrastructure to enable people to properly exploit the Internet STILL simply isn't there. Who has been held accountable for this national scandal? Wayleave charges- which should be scrapped if the policy was as stated to accelerate roll out of infrastructure, have actually been extended! Mistrust results.

2 We still have a focus on PSTN interconnect, and the future focus has all been about the fact that where BT does fibre up local loops, the focus has been on how to force them to share it - delaying roll out.  It's just plan sad... BT is NOT to be blamed for its conduct - it has a duty to shareholders too, that's its "electorate."

3 Spectrum pricing has not delivered massive sums to HM Treasury - and never will again. What is has done is fragment the European market and prevented another GSM from emerging here - with massive detrimental consequences arguably greater than all the monies ever received (or promised) in auctions.  It has also arguably lead to the dislocation of the standards process.

Inaction Safer than Action?

Being seen as a radical "butters no parsnips" - and regulators and governments change anyway so what is the point of anything other than a shallow engagement some may feel? Better to avoid even the risk of consultation and confrontation until forced to act.  There is a fundamental asymmetry between companies in the market.  A few are huge, the majority supplying them cannot risk upsetting them nor easily afford the regulatory staff they would often like to employ (and who could really make a big difference to policy)

Two examples

1 Child protection

There was one company who actively sought not to get engaged throughout the whole process in UK

2 Dispute Resolution

One dispute over spectrum has now been running 12 years. The original complainant companies are mostly long dead now -as even is one of the judges who heard the case.  A speedier access to justice is needed

What Should Companies do?

Better in light of the above just to do a few forecast studies into the future and present these as the company position. They can always be disowned if they turn out to be wrong, and can conversely be used to demonstrate interest in the topic in general even if a particular consultation is not responded to. Safety first!

The Inconvenient truth is that Regulators and Government cannot promote Competition and Investment as fast or as well as the market and companies.  Those who must respond fastest to change are the companies.  If they do not they die.  The driver simply isn't there the other way about. 

Government and regulators can make a difference at the margin - but not much more unless they act on a coordinated global basis.  They may have to soon to address trust issues on the Internet... If hackers succeed in securing even more revenues from Internet fraud then they already do (and this activity is allegedly already more profitable than the Global cocaine trade) - then the use of the Internet to do business will wither away - along with the jobs and taxes that could have been generated.


1 This comes under the company heading of "only important if it hits the bottom line" - it does matter but is often under-resourced and SME's are not able to afford the energy and cost of a long term engagement programme

2 There are too many consultations and too little discipline exercised by those producing the biggest ones.  Impenetrability is not a benefit unless you want fewer responses

3 There is a shortage of those able to respond with quality answers

4 There is plenty of risk for companies in getting too involved - better to lie low when possible?

5 What's the point - "they" never listen (or act effectively) anyway

Toughest of all... is that we can never really know if this is what is really in the minds of company respondents to consultations, we can only guess. Seeking to try to get to the bottom of the problem by using common-sense however would be infinitely preferable to yet another "forward look" consultation... Something has to change for if we continue to do what we've always done, we'll get the results we've always got...  perhaps we should consult on what we need to do?  Alternatively we could risk using common-sense before we start consulting on consultations!  Without strong leadership, the right expert team at Government level and a top down desire to fix things with staff empowered to do just that we can bury all hope of change along with the UK's aspirations to be a future player in the Internet economy.  Maybe we could start by deciding if we even need ex ante regulation at all anymore?  Now that would be an interesting consultation!

By the way - YES - companies do need to engage in the process and absolutely should - despite all this.  One day we may get to the promised land!"

I am not one of the many engaged in debate over communications policy who is worried about their BT pension. I am, however, delighted that my BT shares have finally recovered to the price I paid at privatisation (£1.30 = £3.83), having crashed from £10.60 after the consequences of local loop unbundling became apparent. Also perpetual consultation leading to policy paralysis is not confined to Ofcom and communications.  I have just written (in a draft submission to the House of Lords Digital Skills Enquiry (deadline 5th September) about how similar behaviour underlies the reason why we have failed to address the underlying causes of our cyclical "digital" (we used to say data processing, computing or IT) skills crises. An ever smaller, and less representative, audience responds to detailed and duplicated consultations that fail to address the points of leverage.

Hence the reason I am seeking to help open up this consultation to a wider audience and am delighted that the Digital Policy Alliance has agreed to provide an umbrella for a short-notice, all-party round table on the issues 

Is Digititis still a greater threat to the on-line world than cyberattack?

| No Comments | No TrackBacks
| More
For all the spend on cybersecurity, it appears that cockup (as with the recent Time Warner down time) still causes more chaos over the Internet that does criminal conspiracy (as with the recent attacks on JP Morgan and others). Meanwhile advertising (and tracking) bloatware can negate the benefits of moving from 7 megs to 70 megs on - especially when it spends it time "negotiating" with your security software - without giving you any say over what is blocked and what is not.   

I am currently helping the Digital Policy Alliance with the invitation lists for an event on 12th September to help "round out" responses to the latest round of consultations on Communications Infrastructure Policy. But one starts involving users, whether business or consumer, it quickly becomes apparent that nominal line speed is just one of the factors that need to be addressed if the objective is services that are fit for purpose. One of the shockers I learned earleir this week was the difference between the time it took to install global connectivity to a third world construction site (whether or not it there are landlines in the area) with providing local connectivity to a similar site between two UK city centres. I am hoping that the UK company which provides the relevant technologies will provide me with a note on the reason why and what should be done if we are serious about reforming the way our sclerotic regulatory and planning systems get in the way of overhauling the UK's economic infrastructure after over a decade of neglect.       

It is also apparent that any consideration of future infrastructure policy has to consider the security of that infrastructure - from cockup and digititis. not just cyberattack.  

Find recent content on the main index or look in the archives to find all content.


Recent Comments

Lorne Mitche on Did Westminster and Kensi... : Philip, A great analysis. In thinking, it is oft...


-- Advertisement --