How relevant is the Investigatory Powers BIll to preventing a Bataclan style massacre in London

| 1 Comment | No TrackBacks
| More
The attacks in Paris yesterday give a terrible topicality to debate over the Investigatory Powers Bill and the issues I raised yesterday. I have already received interesting feedback on some of the questions that need to be clarified for the legislation to achieve its supposed objectives but the news from Paris raises a core question of priority:

Is it more important to retain more data for longer or to give the security services and law enforcement more rapid access to analyses of the data that is already available?

Amazon, BT, CGI, Experian, Fujitsu, Google, HP, IBM, Microsoft, Paypal, Vodafone and others routinely analyse massive volumes of traffic in real time to run their own businesses or on behalf of customers, including to detect potential crime (particularly fraud and impersonation) as it is attempted.  At the time of the London Riots the mobile operators offered real time feeds (including of decrypted traffic) to the police in far less time than it would have taken to organise requests under RIPA. The police were unable to handle the volume of information on offer. They lacked both the people and the technology. Even were we not facing a massive shortage of the relevant skills, (subject for another blog), they are unlikely to ever get the necessary budgets to have such facilities on hot standby.

The time has come to take the recommendations in the EURIM-IPPR study on partnership policing rather more seriously - albeit updated for the decade that has passed since.

That study used the story of the FBI US response to the Love Bug to make the case for the large scale programmes of cyber reservists, specialist constables and community support officers and other forms of volunteer support, that we still have not got.

With 48 hours the FBI claimed to have 400 agents working on the Love Bug. In fact there were approximately 40 FBI employees supporting nearly 400 information security staff employed by EDS, IBM and others, working on the issues from company workstations. The latter were now wearing their "hats" as military reservists or part-time law enforcement officers, having been "mobilised" into their wartime/emergency command and control positions: The zig-zag career path of Rear Admiral Grace Hopper helps illustrate the US approach. [I had similar ambitions as cold war reservist working in the computer industry but was persuaded to drop them by my future wife after the sinking of HMS Fittleton. [ICL would not let me take two weeks off immediately before year end and I knew the radio operator who drowned in my place alongside the CRS who taught me morse].

But today we also need processes to call on the cloud computing resources of industry to analyse the data already available, in time to "make an operational difference".
The core objective of the Investigatory Powers Bill should not be to just retain more data for longer in case it might be useful. it should be to enable industry and academic experts, operating under "appropriate governance" to use Corporate, Commercial and University computing facilities to do that for which law enforcement (and even GCHQ) will never have sufficient budget - to identify threats in time to respond effectively, not just investigate afterwards.  

That raises questions of governance, probity and impartiality that are far trickier than the meaning of "judicial oversight" or "communications data". At this point I ask whether we are serious about finding "answers" or merely playing expensive "displacement activity" games.

I will stop there because I do not know the answer. I know what I think it should be - but my brain begins to hurt when I try to think through the consequences.  

Should the top priority for reform of UK Investigatory Powers be to protect citizens or the state - and what is the difference?

| No Comments | No TrackBacks
| More
I spent a lot of time helping organise scrutiny of the original bill to regulate investigatory powers. Despite our efforts the result was deeply flawed. The resultant processes were bureaucratic and sclerotic with regard to those in security services and law enforcement who most voters probably believe need such powers. They were slapdash and ineffective with regard to the junior staff in local authorities and other agencies who most of us trust even less than Apple or Google (who require access to all our traffic to help "improve" their services) and about as much as those nice people from Microsoft (or our Bank or ISP) who ring up offering to help fix our computer (or move our money to a new bank account because the current one has it has compromised in the scare of the day).

This time the draft legislation has been published in good time to allow the scrutiny to get it right. But it will only be improved if readers use all opportunities in the course of pre-legislative scrutiny to raise what should be covered, not just discuss the technical detail that will be covered by the Science and Technology Select Committee enquiry - although their call for evidence by November 27th gives an excellent opportunity to raise wider issues that the Bill Scrutiny Committee (two of whose members are on the S&T Committee).

I suggest those who have merely read the headlines begin by reading the excellent summary produced by Tech UK , then the transcript of the discussion at the first S&T oral hearing and then dip into the Bill itself. and the supporting "Fact Sheets".

The good news is the strong judicial oversight (albeit perhaps not by the Master of the Rolls as I called for earlier this year). The bad news is the lack of thought as to how to enlist industry co-operation, perhaps without warrant but with the informed consent of the actual or potential victims, to help identify predators collecting information in order to harass, exploit, plunder or impersonate us. This entails filtering the morass of metadata generated by, for example, the app tracking bloatware that now clogs fixed and mobile internet connections and is the main reason we need a universal service obligation of 10 Mbps rather than 2 Mbps. Merely storing metadata and other traffic, in case it might be useful, is not good enough.

We need to use the opportunity to move towards true partnership policing and I plan to make time to blog on this in the context of the London Mayoral elections and the need to make London the safest place to go on-line - rather than the world's largest concentration of victims.  

The recent Parliament and the Internet conference included an excellent discussion on surveillance legislation chaired by Gordon Corera that neatly juxtaposed the arguments. I asked whether my conclusion should be to give permission the Metropolitan Police to access my data without need for a warrant, but not to GCHQ, less it be passed to the Americans (under Mutual Assistance). The response got the first, and almost only, laugh of the day. But later we had a chilling demonstration (using Wireshark) by Geoff White of the volume of transmissions generated inside about 30 minutes by a smart phone, supposedly at rest.I have occasionally measured (using Ghostery) the number of uninvited apps which track my every internet access (and more) on the system I am using to keyboard this blog - and been staggered by what I find. I had not appreciated that these were but the tip of an iceberg.]

The capital cost of installing the capacity to store such traffic for a year, let alone the operational cost of keeping it secure, might well dwarf the budgets in mind for the implementation of the legislation. But how can it be separated from the traffic that might actually be of value?

Also we could not forget that the UK Post Office monopoly originated from the surveillance ambitions of the state. Charles II's head of security, his younger brother, blocked the original London-wide penny post because he could not steam open the letters (to uncover illicit love affairs, discontent with the King's life style or terrorist plots). We need to ensure that similar concerns are not used to help recreate the BT monopoly (see the comments to my last blog).

We really do need to move the debate from an adversarial confrontation over who pays for the mass retention and analysis of data of questionable value - to how to organise the governance of partnerships that enable action to be taken, perhaps even in "real time" to protect victims, block fraud, recover the proceeds of crime and thus make the Internet a safer place for all. 

Do respond to the Science and Technology Select Committee's call for evidence .                  

If barely half the UK FTTC lines meet the UK, let alone EU, definition for Superfast, how can BDUK be on track?

| 13 Comments | No TrackBacks
| More
I recently became embroiled in a dispute as to whether UK Broadband performance should be measured by "speed" supposedly "available" or by that actually experienced by customers. This led me to look at the Think Broadband Figures for October 2015 and compare these with the publicly announced targets and performance measures, e.g. 90% superfast by the end of 2015 or early 2016, as per the latest briefing from the House of Commons Library .

If the median speed of existing "fibre to the cabinet" is only 26 Mbps and if FTTC is the main delivery channel for "superfast" - how can BT/BDUK be on track for 90% availability of either 24 or 30 Mbps by the end of the year?  The only way of achieving this would be for the roll-out plans of Virgin and players like City Fibre, Gigaclear, ITS and Hyperoptic to be very much more more ambitious and advanced than has been said publicly. Or is BT is in a position to upgrade the speeds deliverable over existing FTTC before its GFast field trials are complete? Or am I missing something profound? 

The October figures also help explain why BT wanted the UK to define "Superfast" as "over 24 Mbps", not "over 30 Mbps": The median speed for BT's own FTTC services is below 30. The figures also help explain why Sky, in particular, is so concerned over the quality of services it gets from Openreach. The lines it takes from Openreach have a median speed of barely 22 Mbps. There may be many explanations, but the difference in average speed between the lines supplied by Openreach to BT retail and those supplied to its competitors deserves explanation.

I was also struck by the comment that tiny B4RN would have topped the performance table, with a median speed of almost double anyone else, but was too small to count. Councillor Ian Thompson, a very happy B4RN customer, has done me a thoughtful comment piece (see below) on why the approach would not work for everyone and why such operations should be seen as complementary to those of BT, rather than as competitors.

"After eagerly anticipating the arrival of Superfast service for about two years, we found a house a mile away, just months before the BT fibre cabinet went live in my village. The new house had a broadband speed of 2.3Mbs which was a pleasant surprise considering we only had 2Mbs in the village. However, my new neighbours were only getting 0.4Mbs and were tearing their hair out, so we called BT about Superfast. They had no plan to provide it to as we are just 12 houses on the end of a two mile long cable. It did not make commercial sense even if every house wanted Superfast.

We then heard that a community broadband project (B4RN) was active only two miles away over the hill and its business plan included our hamlet. To cut a long story short, four months later, all 12 houses were connected to the world's fastest domestic broadband service (fibre to the home with 1Gbs download & 1Gbs upload). Some very happy teenagers, home workers and two businesses whose communications had been revolutionised. It also brought the neighbours closer together because they had shared the experience of achieving something momentous through their own efforts.

The project has now become something of an obsession as communities around us ask for help. We still find ourselves at the bottom of trenches or drilling holes through their walls to help them share the benefit.

Is it right for everyone? - in my opinion, No. I have been asked by people in the village when I will take the fibres to them even though they have Superfast. I have declined, because it is much harder to install fibres in a built up area with tarmac between properties (This is probably why BT only offers fibre to the cabinet and not to the home). Community broadband works best in rural areas where it can cross fields and find its way into hamlets through back gardens.

I have worried about BT reacting to B4RN as an upstart competitor that takes away most of their business in the areas where it operates. However if BT thinks about the problem of economically meeting government broadband availability targets, they should be grateful for rural communities which help themselves. If the hardest 5% installs their own broadband then BT can focus on the easier 95% and do so profitably. I have even heard that BT is waking up to the idea of collaborating with community projects but suspect it is just PR - I hope I am wrong!"

I too hope he is wrong - because it makes good commercial sense for BT to support such exercises rather than compete.

There are, however, issues with backhaul if other local networks are also capable of running at over 100 Mbps on average. Faced with problems in getting backhaul from BT, B4RN was able to get use the Zayo service from Glasgow to Manchester to connect direct to the Manchester Telehouse and thence to LINX - bypassing the chokepoints that throttle back the speeds otherwise achievable. How many others could do likewise? Hence my concern about the need to not only open up underused public sector fibre networks and re-light those private sector networks that were switched off in order to avoid business rates, but to stimulate and reward  investment in filling the gaps and bypassing the bottlenecks.  

I do hope the Chancellor will address some of these issues later this month and help unleash the increase in UK productivity that will follow.   

Prime Minister announces consultation next year on a 10 mbps Broadband USO. What should be the questions?

| No Comments | No TrackBacks
| More
I was delighted to hear that the Government will consult on how to achieve a Universal Service Obligation of at least 10 mbps. I remember the furious back-tracking when Stephen Timms attempted to commit the last Labour Government to a commitment of at least 2 mbps.

Before Stephen became a minister I was one of the rapporteurs on the PITCOM visits to look at telecoms policy in the US (during the run up to the legislation to create the regulatory regime that enabled the burgeoning of the commercial Internet) and Scandinavia and Germany (from the planning of Stokab to the forward strategies of Nokia and Seimens). Stephen knew exactly what he was asking then. I remember the pleasure of hosts at meeting a politician who understood the meaning of the answers he was being given. He knew exactly what he was saying when he publicly announced a commitment (at a Parliament and the Internet event) for "at least" 2 mbps. Unfortunately such commitments are not binding.

We need to ensure that broadband users, urban as well as as rural, business as well as consumers, give the ministers more support than they did to Stephen Timms as they seek to challenge the "establishment view" that was so excellently summarised by Richard Hooper in his keynote at the start of the Next Gen Conference on Guy Fawkes day.

To unfairly and simplistically paraphrase his introduction of the current state of debate and the discussion that followed:

"The establishment believes telecoms is an natural monopoly except for the urban areas where there is already competition. They also believe that the only way of building and running a network to serve the entire country and deliver a universal service obligation is that inherited from BT    

The anti-establishment community believes BT is the font of all evil and we should have full and free competition at all levels, but with BT shackled by regulators and/or broken up."
Both sides are, of course, wrong. 

BT is a large part of any "solution" and, while telecoms is an essential utility, it is not a natural monopoly. There is a kaleidoscope of network technologies and architectures available. Many are more cost-effective for large parts of the country and/or communities of users  than those currently deployed by BT. This is particularly true when it comes to meeting the needs of the socially and geographically excluded: whether isolated at the end of country lanes or at the top of inner city tower blocks.

As I have blogged before, an internet age requires an internet approach - i.e. a focus on addressing and inter-operability standards so that the full range of past, current and future networks can inter-communicate and collectively form a resilient and evolving mesh.

BT's networks will be a core part of that mesh but the mesh should be capable of functioning if they go off air, just as the internet was intended to continue to function if any one network, however big, went off air. The business cases for the competitors to BT are often surprisingly good (payback inside 3 - 5 years, not 20), provided they are not constrained by "an establishment regulatory regime" to follow BT's business model or fit within its legacy architecture

That raises the question of  what a universal service obligation means, how it will be achieved and how the performance should monitored. Last week I tried to pull together some of my own thoughts on the subject  It is not an easy topic. As will be obvious from my other past blogs, I believe the Government is quite right to go for a service that reliably delivers at least 10 mbps  (not just "up to" 10 mbps, averaged over 24 hours) by 2020. I also believe it is a good idea to allow time to get the questions right before going out to consult on how to achieve that objective. 

I also hope, however, to see a lot more in the Autumn statement about how the government  plans to allow market forces to meet the demand for world class broadband across all those parts of the UK where customers are willing to pay a globally competitive price.   

Meanwhile I ask readers to lobby the Government via all channels, particularly their constituency MPs, welcoming the announcement and suggesting the questions to be asked.    
It is still unclear whether Talk Talk is suffering for refusing to pay blackmail and then being painfully honest about the consequences, or whether it is at serious fault for not taking security as seriously as BT - the UK's largest civilian employer and trainer of information and network security staff. What is certain is that, whatever the impact on its finances, Talk Talk's  ambitions have taken a massive hit . I was, however, struck by some of the more informed comments about what appears to have happened (not an attack on the main systems but on the files used to authenticate those using its customer-facing website) and the advice to those being supposedly contacted by Talk Talk with a request to change their bank details. In effect this can be summarised as: "stop your elderly relatives from using a landline and switch them to VOIP or mobiles so that the more sophisticated scams, including those which use a fake dial tone, no longer have any effect."

This adds a whole new dimension to debate on a Universal Service Obligation. The proportion of the population which has a landline, other than because it is mandatory for broadband services delivered over Openreach, is falling. It is propped up only by Ofcom requirements to be able to rack emergency calls. If it the landline is now to be viewed as a risk, not an asset ....         

The Group CEO of BT told delegates at the Broadband World Forum that "We stand ready to deliver minimum broadband speeds of 5 - 10 Mbps to everyone in the UK". He questioned whether the current levels of cover would have been achieved had Openreach been made independent when it was created. My own view is that, but for Local Loop Unbundling, BT would have been able to provide 5 - 10 mbps across the UK a decade ago. But is that adequate as a Universal Service Obligation today, let alone by 2020?

But what is meant by a minimum speed of 5 - 10 mbps anyway?

And where does Gfast fit into the panoply of technologies that might be used to deliver fixed and/or mobile broadband that is fit for purpose.

Gfast is a clever technology and is likely to make a lot of money for Alcatel Lucent and Huawei (who are, between them, providing 75% of the equipment for the BT trials). It does, however, require taking fibre ever closer to the premises. Its long term use, beyond, say 2025, is probably to serve small clusters of houses of on the outside wall of blocks of offices or flats that are too small to merit fibre networks of their own, The cost of deploying it as an interim extension of fibre to the cabinet, other than in urban areas, should not be under-estimated.

Depending on the nature of the Universal Service Obligation there are many other technologies, including satellite and terrestrial radio, that could serve all households and almost all above ground parts (what about the London Underground!) of the United Kingdom.

The bigger questions are:
•    what should the USO look like?
•    who should pay and how?

I would argue that the USO should be based on the quality of service necessary to reliably and securely access and use those public sector services which are intended to be "digital by default". Performance should then be assessed using tools akin to those provided by Actual Experience (BBFIX) (used earlier this year by Ofcom for some of their analyses of quality of services and recently presented to members of the new All-Party Broadband group).

While it is said only about 40% of delivered quality of service relates to the headline speed of the "circuit", as opposed to bottlenecks or problems at either end, it does appear that almost all complaints to ISP help desks relate to those which fail to reliably deliver 8 - 10mbps during periods of peak demand: evening, daily, monthly or seasonal. That is also the figure estimated (by various sources) to be needed to reliably use the more complex on-line public services of today. It also happens to be the throughput to which many supposed "superfast" services (i.e. 24 - 30 mbps headline speed) drop when under pressure.

The Universal Service Obligation should therefore be to provide "superfast" services that do not fall below  8 - 10 mbps, whatever the workload or weather. In this context it should be borne in mind that, whether or not they suffer from contention, both fixed and satellite wireless services can degrade in heavy rain and snow, even without lightning strikes on aerials and masts. The actual performance delivered should, in any case, be independently measured and enforcement action taken as necessary.

In order to ensure resilience the obligation should be dual (at least) sourced to suppliers whose networks do not depend on each other - although they should be allowed, perhaps even encouraged) to involve partners in the delivery, provided these do not share single points of vulnerability.

The Talk Talk incident raises, however, the issue of security. Our current telephone system allows numbers to be spoofed as easily as internet addresses and is vulnerable to many shocks, from theft of the copper, to flood, power failure and "inadequately planned excavation" as well as to relatively surveillance. BT is in the process of creating one of the UK's greatest security assets and should be allowed to get an unregulated return for serving its communications partners, in co-opetition with the teams being built by PWC, KPMG, Deloittes, Airbus and BAe (who are helping Talk Talk find out what happened) or those run globally by players like IBM for its banking customers.

But that is a Universal Service Obligation for today.

By 2020 we are likely to have hundreds of thousands whose lives depend on the reliable functioning of systems remotely monitoring  chronic medical conditions while they live semi-independently at home instead of miserably and expensively blocking hospital beds. Meanwhile central and local government rally will expect most of us to go on line for our dealings with them, because otherwise they will have gone broke. Then we have all those smart buildings and the wet dreams for the Internet of Things that depend on the secure and resilient communications infrastructure that we have not got.        

From Ashley Maddison to Talk Talk: the time has come to take "Partnership Policing" for the on-line world seriously

| No Comments | No TrackBacks
| More
It is now a decade since publication of the six papers produced in the course of the two year EURIM-IPPR into "Partnership Policing for the Information Society study". Ministers welcomed the fifty or so recommendations: from awareness and skills to programmes of specialist constables and volunteers. Implementation was announced several times but vanished into the black hole of inter-departmental politics - even before reaching those of law enforcement itself. 

The came the 2010 Election and I remember hoping that James Brokenshire would be given a remit to bring the threads together - after he presided over the launch of Fighting Fraud Together at the Mansion House. But within months it became clear that responsibility was about to be fragmented even further, with the Home Office responsibilities being shared with the Ministry of Justice while over 90% of the government's £600 million of additional security spend went towards surveillance and cyberwarfare capabilities.

A couple of weeks ago I spoke (*) to one of the Institute of Directors' largest branches on the need for a pro-active approach, including for those under serious threat to put at least 10% of their security budgets into active co-operation with law enforcement to "take out" the predators using a mix of civil and criminal law to cross jurisdictional boundaries as necessary.

That recommendation is not new - it was to have been the basis of one of the Fighting Fraud Together portfolio of projects but I have heard nothing since, beyond an academic study. It has, however, been given a new urgency with the revelation that cyber risk is now being routinely deleted from Directors Liability, Theft and Business Disruption insurance and third party liabilities are no longer insurable at affordable cost. It also complements the approach to "asset recovery" that is being embedded in the latest generation of cyber risk policies. 

I recently drafted a short note on the need to rationalise the current muddle with a troika approach to cyber, built on close co-operation between the cyber tribes of digital (now being brought together under DCMS), warfare (cuts across MoD, FCO/GCHQ and Home Office - for anti-terrorism) and crime (yet to be brought together under who?). It is quite easy to name the three ministers who should be tasked with implementation, reporting to Cabinet. But I doubt they would thank me for handing them such poisoned chalices. Hence the need for an industry lead - as opposed to industry calling for Government to take a lead. 

Time is no longer on our side - if it ever was.  
(*) I plan to tidy the IoD script for a blog entry when I get a chance.

Securing access to world class broadband for your business, your customers and your community

| 1 Comment | No TrackBacks
| More
One of the messages from the party conferences and from the last week's parliamentary debate is that Broadband is the fourth utility, without which modern life grind would grind to a halt and local businesses cease to be competitive. We can see that BT cannot afford the investment needed as the same time as building a TV business and buying EE, without state aid. But BT's competitors need a level playing field, with political and regulatory stability, if they are to encourage fund managers to invest in future proof, fibre communications in the UK - as opposed to overseas.

At the Conservative Party Conference I was invited to draft an article for Conservative Councillors, to see just how many are interested in working with potential suppliers, as well as their constituency MPs to secure a choice of "world class" services before they are next held to account by their voters. Hopefully this will rapidly lead to a set of inter-locking all-party exercises to build on existing work looking at how to:

1)    get full value from existing BDUK contracts, decide whether to go out to competitive tender for the next phase of investment and, if so, who to ask to make serious bids.
2)    agree common access and wayleave arrangements and planning guidance - to reduce the time, cost and disruption of local infrastructure build and thus attract a better choice of suppliers.
3)    improve information on local supply and demand to enable local consumers and business to make better choices, suppliers to decide where to invest and taxpayer support to be focused where most needed.

With separate groups sharing experience between those facing similar problems: remote rural communities, inner city social housing, business parks, leafy suburbs etc.   

I have emphasised local supply and demand because it is becoming increasingly apparent that the oft-quoted figures form national sources are seriously misleading with regard to both what is actually delivered to current customers (or available to new ones) and what they are willing to pay for, including quality and reliability of service, not just headline speed.
But the pressure is on politicians to deliver world class services - and what do we mean by "world class"?

And what will "world class" mean by 2020 when the MPs participating in last weeks debate stand for re-election?

Virgin has just doubled its speeds in the UK and will be offering up to 200mbps but Chattanooga, where 170,000 properties already have gigabit connections, has just wound its offering up to 10 gigs for $299 dollar a month  Meanwhile BT cannot supply more than a total of 600 gigs to a planned new technology park intended to compete with overseas clusters which are already served by multiple terabit pipes.

Does "world class" mean "average": including third world countries?

If so the "superfast" services being delivered to most of the UK currently qualify - they are "average" in the sense of mediocre. By 2020 they will be well below average. The definition of "superfast" is vague. It is supposed to mean a minimum download speed of either 24 (BDUK speak) or 30 mps (EU speak). But the delivered quality of supposedly "superfast" services (allowing for contention at peak times, latency, jitter, network bottlenecks etc.) can be inferior to that of a 10 mbps leased line. The problems are not just to do with nominal line speed and can probably best be appreciated by watching an "Actual Experience" promotional video.     

Or does "world class" mean "equal to the best in the world": e.g. Finland, Hong Kong, Korea, Japan, Sweden etc.? 

If so, the current definition should be "local access to IPV6 enabled, point-to-point, fibre networks, whose global connectivity is not constrained by backhaul (and other) bottle necks". Few parts of the UK yet have such services other than, for example, Aberdeen: where IPV6 services are being offered to the oil and gas  industry by IFB over the first phase of the Aberdeen Core . BT formally halted the supply of fibre to the premises earlier this year after dropping plans to make fibre to the premises available to 2.5 million properties in 2013. The announcements made just before the party conferences, including the statements by its CEO,  indicate, however, that it may be about to restart the supply of gigabit services as well as winding up the speed of its fibre to the cabinet services.

Meanwhile the members of INCA, including City Fibre, Gigaclear, Hyperoptic and ITS already offer fibre to over a million premises and those that do not already offer IPV6 expect to do so by this time year, Many, including tiny B4RN, use future proof "point to point" fibre with links direct to UK's main Internet exchanges in London and Manchester to bypass BT's congested backhaul networks. They also claim that they can collectively use private sector finance to serve over 10 million premises by 2017 - provided they are given a level playing field.

BT has now offered to provide 3 - 500 mbps to 10 million by 2020 using gfast, with fibre to the premises available on demand. It is unclear whether the latter will be "future-proof" point-to-point or the more limited gpon). It it is also unclear whether it is also conditional on using the BDUK Phase 1 underspend and Phase 2 funding without having to bid against others after councils have gone to open tender.

BT's rivals can currently build new networks for less than BT can upgrade existing ones  because they are not shackled by interfacing with a legacy network and can co-operate with local land and property owners and/or re-use local authority infrastructure to bypass the access and wayleave charges which account for much of BT's costs.

Meanwhile Sky has a national fibre network of its own, based on that created by Marconi using the British Waterways Board wayleaves, but it commonly uses BT unbundled exchange lines for local distribution Virgin and mobile operators often has to pass traffic through regional and national choke points controlled by BT Wholesale. Hence the calls for the separation of Openreach (so that the latter's revenues are used to improve quality of service rather than to subsidise footballers' wages) and for reviews of its boundaries with BT Wholesale and BT Retail..  

Meanwhile Sky has already transitioned over a million consumers to IPV6, without any of them noticing. It expects to complete the process by April 2016. In parallel it is piloting arrangements with other network operators, like City Fibre,to provide fibre to the home and with alternative national backhaul providers to bypass the BT controlled chokepoints, It is likely to make similar partnership deals with those like Hyperoptic (who work with landlords and property owners to provide fibre to those living in housing complexes with over 50 units), Gigiclear (able to provide rural future proof fibre for less than BT charges for "superfast") and ITS (Hammersmith and Fulham, WiSpire etc.) now that such operations have sufficient customers to be attractive.   

Meanwhile Virgin is extending its network providing mixed coax/fibre to the home, is about to  double the speed at which it runs, already provides IPV6 to its business customers and expects to transition all its residential customers to IPV6 by this time next year. BT appears to have a problem with providing universal IPV6 access. It offers IPV6 to business leased lines and expects to transition domestic users of BT Infinity users with its latest routers (Home Hub 5) by next spring. I can, however, find nothing on its plans for those with older routers, "standard" broadband or for SMEs.

More-over the boundary between fixed and mobile broadband has ceased to exist in the minds of most consumers and business users: with the majority of social networking, content viewing and on-line enquiries and transactions roaming over mix of mobile and wifi. Hence the growing number of not spot campaigns and the falling demand for landline based broadband where 4G is now running reliably at 100 mpbs.

IPV6 is important for business users, particularly those producing content or "apps" or interworking closely with overseas clients and ISP partners who have already transitioned (e.g. IPV6 is already mandatory for those working on Apps for Apple ios9).  Delays in availability also affect the global high tech or financial services industries because it can take several years to securely transition and test legacy systems. Those who cannot start soon will be at a serious competitive disadvantage in a couple of years as prices  for IPV4 addresses (already $10) rises sharply and they are excluded from markets. As one of the UK's fastest growing multl-media content providers put  it "If we wanted to compete with Amazon, we would have to spend hundreds of millions of dollars on IPv4 address space that they got for free. IPV6 gives us a less uneven playing field." 

The advantages for consumers are less obvious although applications which have already transitioned like Facebook are said to be up to 40% faster for native IPV6 users. The same may also apply to other OTT and cloud-based services. Those using IPV4 addresses may soon have to charge extra for slower services. It is also clear that IPV4-based products and services will not be considered "world class" in 2020 .

The overall message is that, unless and until BT expands its own infrastructure investment programmes to match those of its competitors, local authorities looking to provide world class broadband access,  fixed or mobile, to their local communities should be going out to competitive tender. We can argue about the competence of central government to help them, but those wishing to bid need to provide much better information than is currently available on what they offer and who has already used their products and services with what success. That information needs to be made available to MPs and Councillors while they are still deciding how to use the funds they currently have available or are about to claw back from BT.

I hope that BT will then respond positively with partnership deals that provide win-win solutions for all, including value for money for the communities currently excluded, its business customers and its shareholders.

I will blog separately on the need for a "Universal Service Obligation", how it should be funded and the performance measures needed to make it meaningful..          

Messages from the House of Commons Broadband Notspot Debate: over 40 MPs contributing

| No Comments | No TrackBacks
| More
During the run up to the Party Conferences I was asked whether BT's recent messages about using "community partnerships" to deliver broadband to "hard to reach " areas marked a change of heart, or were just to defuse criticism in advance of the party conferences and a series of select committee enquiries. I said that I hoped they reflected a genuine change of heart - because it is in the interests of both BT shareholders and the UK as a whole for BT to move from confrontation to co-operation (or rather co-opetition) in rebuilding the UK's communications infrastructures so that they are fit for the 21st century.

In the event, BT received a serious kicking at the Party Conferences. At one fringe meeting the chairman had to intervene when BT's Head of Infrastructure Delivery was accused of lying by a County Councillor who had chapter and verse on its use of state aid to overbuild a smaller community-based competitor in the area she represented. Whether or not the BT response was genuine, the exchange was evidence that it has serious communications (different sense of the word) problems either internally, or with councilors, or both..

The MPs speaking in the debate earlier this week were far more polite, perhaps because most do not believe their voters can be better served without the active co-operation of BT. They are correct. Almost all of BT's rivals depend on its services (Wholesale, not just Openreach) at some of the nation's communication choke points. However, it is often forgotten that BT is, in turn, critically dependent on services provided by its rivals at other choke points. Hence some of the confused and confusing arguments about mutual access. We need a much better informed and more granular debate over infrastructure competition issues - to encourage investment in robust and resilient bypasses round those choke points. The result should be to remove the critical dependence on BT but we also need to ensure that this is replaced by competition and choice, not other dependencies. 

Most networks, including those of BT, are built by third parties who provide infrastructure services but do not sell direct to consumers. For example BT has long contracted most of its construction to Carillion to which it recently awarded a major extension contract at the expense of Morrison Utilities . This resulted in the latter offering its capacity to others. During the run-up to Y2K I learned that Balfour Beatty and GEC Marconi had the best maps of BT's infrastructure, because of what they had built, supplied and maintained. BT's other suppliers had similar maps. That situation had not greatly changed when the BDUK contracts were being negotiated. Hence the genuine problems BT has had with predicting which post codes, let alone which premises, would receive what services as a result of state-aided upgrades. An interesting side effect is that, Sky, which now owns what were formerly the Marconi network operations (including the British Waterways Board wayleaves), may still have better maps of parts of BT's network  than BT! 

The MPs, however, concentrated on symptoms not causes.

I took seven messages from reading the transcript of the debate on Monday.

  • MPs feel that Broadband is the fourth utility and is important to their re-election prospects. Over forty 40 MPs wished to speak. All had stories of the problems faced by their voters, beginning with Matt Warman MP who opened the debate. Most of the subsequent speakers have postbags and inboxes bursting with complaints about delays and poor service and many have already held their own local "summits"..
  • The problems are urban as well as rural and cripple the competitiveness of many businesses. The debate attracted a full cross section of MPs from Mark Field (Conservative) and Karen Buck (Labour) for London and Westminster, through MPs for new towns like Telford (Lucy Allan), to  Neil Parish (Tiverton and Chairman of the DEFRA Select Committee|), Albert Owen (Ynys Mon, Labour), Patricia Gibson (North Aryshire and Arran, SNP) and Ronnie Cowan (Inverclyde, SNP) who contrasted the plight of Scottish communities with their peers in Sweden.

  • The digital divide is deepening, albeit not necessarily widening: with prices (including the mandatory land line) rising sharply in recent years (Julie Cooper, Burnley) and improvements in one village directly affecting service to another (Victoria Atkins quoted a service dropping from 1.5 mbps to .34 after the next village was upgraded). Caroline Nokes (Romsey) even talked of contractors disconnecting one resident in order to serve another.

  • It is dividing communities such as Ightham, in Tom Tugendhat's constituency or parts of the South Downs in that of Nick Herbert. Many others made similar points but Nick also raised the diversion of BT investment funds to EE and Sport (which cannot be accessed by those without good broadband). Jesse Norman (Hereford and chairman of the DCMS Select Committee similarly questioned whether Openreach was being starved of Capital. 

  • Effective action can also be locally divisive. Simon Hoare, Rishi Sunak and James Cartlidge raised the way that listed buildings and planning consent can get in the way of service improvement. James described how the residents of a beautiful notspot had been told they would not be served for "commercial reasons", when the reason was that a farmer had withdrawn consent for a mast after pressure from his neighbours. I covered this problem, and the side effects of my proposed solution, some years ago in my blog on the  Midsomer Broadband Murders.

  • Competitors to BT can provide better solutions to isolated communities and businesses at lower cost but BT co-operation is often essential. Stuart Blair Donaldson (West Aberdeen) talked of BT sending contractors on a six hour trip from Glasgow to do a ten minute job. Richard Drax (South Dorset) talked of BT wanting to charge £100,000 for nine connections to serve a £2.5 million lottery funded tourist project which will be provided for £99 a month by sharing a competitor's service. Victoria Atkins (Louth) gave an example of competitor to BT charging £3000 for a 100 mbps service for which BT had quoted £120,000.

There was, however, disagreement as to whether the answer was to co-operate with BT or to encourage its competitors. George Kerevan (SNP, East Lothian) thanked Ed Vaizey for attending the debate before comparing the timescale for deployment with that for winning World War 2 and blamed BT Openreach. Ian Liddell-Grainger (Conservative), said we should get a move on, councils should make the best of a bad job and give their wallets to BT to speed things up. Jake Berry (Rossendale) also hoped that working with BT would speed up the process of addressing his voters needs. Meanwhile one of Ian's Somerset colleagues, James Heappey, questioned whether BT fibre to the cabinet was the right model at all.

  • The opposition does not intend to support/defend the re-monopolisation of BT, whether via Openreach or otherwise. Stephen Timms and Chi Owurah questioned the value for money of the BDUK UK contracts, unless the small print of claw back is effectively enforced. They will also clearly enjoy embarrassing Ed Vaizey if he is unable to ensure effective action against anti-competitive behaviour on the part of BT. 
  • The final message is implicit rather than explicit, Those who wish to see better broadband for the communities they serve (or live or do business in) should work together to provide better information on the choices available to MPs planning local "summits" with their local councils and voters. They should not wait for the "National Notspot Summit" that may be called as a result of this debate.
As readers will know, I have blogged on this theme several times before and was delighted to be invited, at the Conservative Party Conference party, to draft a mailshot to help identify those Councils and Councillors who might be interested in pooling their experience to help produce practical guidance and relevant case studies.  I expect to be in a position to blog on that exercise next week but look forward to hearing from readers who would like to help.

If the separation of Openreach is the answer, what was the question?

| 2 Comments | No TrackBacks
| More
BT has threatened to to go to law and delay or reduce its infrastructure investment programme if Ofcom attempts to break it up. In an otherwise excellent debate on the call for a Broadband Not Spot summit earlier this week, Most MPs failed to spot that we have to stop relying on investment by BT if we want the UK to have a world class broadband infrastructure by the end of this parliament. Over 40 MPs contributed responded to Matt Warman's motion for debate and made many excellent points - including how alternative suppliers had supplied faster services  (100 mbps) at a fraction of the cost (£3000 as opposed to over £100,000) to businesses left out of BT's plans as "uneconomic". Chi Onwurah and Stephen Timms also had fun attacking the Conservative government for re-creating a BT Monopoly.

As the MPs pointed out, with many trenchant examples from their own constituencies, broadband is the fourth utility, without which modern life grind would grind to a halt and local businesses cease to be competitive.

But BT cannot afford the investment needed as the same time as building a TV business and buying EE, without massive state aid. Meanwhile BT's competitors need a level playing field, with political and regulatory stability, if they are to encourage fund managers to invest in future proof, fibre communications in the UK - as opposed to funding the plans of our overseas competitors.As I pointed out in my blog on the impact of Ofcom's past decisions on investment decisions , the Labour Party switch to local loop unbundling allowed the US-owned Cable Companies to escape from Chapter 11 caused BT's share price to collapse. In order to survive BT has to cut its investment programme from £4-5 billion per annum through £2-3 billion to barely £1.25 billion p.a.. It is difficult to do like for like calculations (allowing for management and other overheads and different access and wayleave arrangements) but it is probable that BT now accounts for less than 20% of the UK capital spend on fixed and mobile broadband. The other 80% is spread over about 60 suppliers, most investing in current world class full-fibre and/or wireless technologies with expected life spans of up to 40 years - while almost nowhere else in the world is deploying the FTTC technologies on which BT is relying. 

There are many good reasons for referring BT to the Monopolies and Mergers Commission but expecting a demerged Openreach to "make a difference" is not one of them. It controls neither the power supplies to the exchanges (said to be a major cause of current reliability problems) nor many of the choke points (single points of failure) in the BT wholesale networks where investment is most needed. 

P.S. I apologise to readers for the gap since my last blog. I have not been ill. Just busy. YOU may also be pleased to know that, given my current workload, these blogs are likely to be much shorter.


Training for jobs or jobs for trainers: the proposal for an apprenticeship levy

| No Comments | No TrackBacks
| More
The deadline for submissions to the consultation on the implementation of the apprenticeship levy programme announced in the budget is on Friday. The questions asked indicate just how flawed the proposal is. As I said when I blogged on the skill proposals in the budget, the case for a return to 1970s style levies and grants is based on a model of off-the-job training which has been made largely obsolete by the rise of on-line distance learning and assessment to global, as opposed to UK-centric standards. The "killer" statistics used to justify the proposal (Figure 8 on Page 20 of "Fixing a Broken Training System) effectively "blame" the rise of employer driven Sector Skills Councils for a collapse in the number of "employees attending training outside their workplace" (alias classroom based FE Courses). They should instead be used to "blame" the Internet for changing the model of training used by those employers who take skills development seriously.      

The proposal distracts attention from better ways of addressing our skills shortages and may help accelerate the trend to rely on supposedly skilled immigrants rather  than consider those who are the "wrong" sex or colour or from the "wrong" University let alone retrain those whose legacy skills are no longer in demand or who are seeking to return to work after a career break.

I sympathise with those in the Sector Skills Councils who have been tasked to get employers views on how to try to implement this sadly mislead proposal and apologise for not making time earlier to ask those of you who read this blog to respond to their attempt to get employer inputs. I also strongly suggest you respond to the main BIS consultation. My own response, typos and all,  is already available on-line . I would like to congratulate who-ever organised this facility as not only a welcome extension to open government and but also an encouragement to more rigorous proof-reading.   

We regularly see headlines about skills shortages and hear employers complaining they cannot get the skills they need. Meanwhile they recruit supposedly skilled staff in India  rather than unemployed UK graduates who are the wrong sex or colour  or from the "wrong" university . Few even consider retraining those whose legacy skills are no longer in demand or who are seeking to return to work after a career break.

The problems are not new. 

Studies every few years use much the same analyses to produce much the same recommendations. Few are ever implemented. Bottom up skills initiatives that succeed in meeting the needs of local employers, like the TOPS programme or City and Guilds 726, are killed off because they place students into jobs instead of onto other courses. Meanwhile schemes based on "national figures" often fail to fit local needs because so many "travel to work" communities do not fit "the national average".  Publicity for success, to enable it to grow organically, is commonly limited by the way public funding programmes work in practice. The problems are compounded by the rarity of business models that facilitate funding across the public-private divide from the recruitment/training budgets of employers or the agencies they use, let alone across the budgets of different funding agencies.  

Hence my previous Groundhog day blogs leading up to the question of who really wants to break out of the comfort zone of Groundhog day and turn the UK into a global skills hub. 

But there is good news. The Government has set ambitious targets although arguments about how to avoid a return to the failed training levy and grant mechanisms of the1970s are likely to prove a distraction from meeting these. We have a large and growing number of national and local skills programmes: from work experience, internships and careers guidance through and apprenticeships and vocational degrees to continuous career development and returner programmes. Some are excellent. But few MPs, employers or those providing or seeking careers advice, understand how they fit together, let alone which are likely to succeed, where or why.

Experience indicates, that success correlates with a focus on local needs - because these vary so widely: from areas where employers are competing hard for talent,(including trainees, (such as the Thames Valley) to clusters of high tech SMEs, needing fast-changing, innovative skills, adjacent to areas of high youth unemployment (such as Shoreditch and East London).  SMEs in some industries now require all employees to have digital skills. Others need only one or two support staff. Rural areas often have high tech clusters, (like Suffolk with Martlesham). Then there are the new towns, (like Telford). 

The information needed to plan and/or improve activity to meet local needs resides with a mix of local authorities and the employers active with the national and local sector skills councils. Hence the need for a bottom up look at strategies for achieving the government targets and creating a workforce fit for the evolving and changing needs of the 21st Century 

I am therefore working on the pilot for a programme to help MPs make sense of what is happening in their own constituencies so that they can work with their local authorities, local employers and local schools, colleges and universities to achieve results. Given the pressures on their time and the effort necessary, that means identifying employers who employ staff across the UK and professional bodies and trade associations who are willing to encourage their local staff/members to help their constituency MP, and his or her staff, to stimulate local action. That action may be very different according to local needs and whether there are already vibrant local partnerships.              

The immediate objective is to identify no more than three or four pilot constituencies to test the concept. The current shortlist, based on volunteers to date, includes Kingston and Surbiton, Telford, Eastleigh, Northamptonshire and Devon. Please let me know if you would like to help. I am particularly interested in hearing from employers who want to use the opportunity to improve their choice of local recruits - of all ages and backgrounds.

"On-line Age Checking - the time has come": why it matters to YOUR business

| No Comments | No TrackBacks
| More
When the Prime Minister David Cameron reiterated his pre-election pledge to "curb access to pornographic web sites by under 18s" there was a widespread assumption that this only mattered to those providing access to such websites. I recently tried to explain why the approaches that would be used have the potential to transform the business models for  advertising funded services. It is not just that almost every on-line retailer and content provider is potentially liable if they facilitate product (e.g knives, alcohol or tobacco) or content supply to those who are under age.

There are a growing number of businesses who need to check that customers are within a given age range (e.g. over five and under thirteen, over 60 or 65, etc.) but face a backlash (e.g. 2/3rd or more of transactions abandoned) if they ask questions which are seen as intrusive by those who no longer trust those they have never meet. It does not matter that some of the latter make irrational decisions, downloading apps which monitor their every move, while getting upset at the thought that their phone number and address might be in the hands of a stranger when all they wanted was to "prove" they were old enough to enter a night club.   

Next week you have the opportunity to hear from those more expert than me as to why the tone of debate and the business models being considered by major on-line advertisers and retailers have changed over the past few months - and the implications. A world class line-up of speakers and panelists has been assembled for the seminar on On-line Checking next Tuesday (22nd September).

The format is unusual in that those from all sides, including politicians, on-line service operators and product and service suppliers have been juxtaposed in panels to discuss the issues, implications, business case and practical implementation.

The event opens with scene setting presentations from the UK Minister Baroness Shields of Tech City fame) and the relevant Head of Unit from DG Connect in Brussels. The panelists for the "proof of concept" discussion range from Mind Candy and JISC (hub for the UK educational networks) to OIX (the hub for HMG identity policy) and ISOC (where the issues are discussed globally). When it comes to the panels on data sources, business cases, links to payment and safeguarding, the participants include  the Post Office, Barclays, Payments UK (the trade association for payment service providers), NSPCC, ATVOD (the content regulator), Equifax, Yoti (one of simplest and most disruptive of ID business models), Portland TV, Telecom2 and the Better Regulation Delivery Office.

There is not much time left event and the event is remarkably inexpensive (to enable social enterprises and cash strapped Fintech start ups to attend). I therefore recommend booking immediately. If you fail to do so you risk getting caught out when your complex and expensive  Identity and Access management "solution" is rendered obsolete before you have got it working. Cheap, robust, anonymised age checking services are not just a way of placating politicians and parents. They "threaten" to transform the on-line world.  

Responding to the revolt of target audiences against on-line advertising linked to data mining

| No Comments | No TrackBacks
| More
Recent surveys indicate that the "Millennial" generation is losing faith in the security of on-line players in the face of the growing flood of data breach stories. Those who stick their heads in the cloud of collective wisdom lack credibility compared to those who respond positively to the concerns of their users. The Amazon ban on Flash Adverts, because so many users are now blocking them because of security and response time concerns ,indicates how major players are responding to changes in customer behaviour. This also helps explain interest of major US players, from Disney to Playboy in the UK idea of using one-way data minimisation services as the basis of anonymised but robust age verification - to serve those who see no need to give their personal details to some-one they neither know nor trust, in order to visit an age-controlled website. I blogged on the business case back in April and was delighted when the Prime Minister not only made mandatory age verification, in the case of access to pornographic websites, one of his election pledges but repeated his commitment after the election.

That is only one of the use cases, but it gives a cutting edge to the approach now being explored by the DPA Age Verification group (e-mail DPA to join) in a BSI PAS. This has growing support from large internet advertisers: from childrens' games, entertainment and education providers, through on-line gaming and adult entertainment, to those giving discounts to old age pensioners.  The concept is simple: why should a girl who wishes entry to a night club have to carry a passport, potentially giving her name and address to the bouncers, when she need only carry a photopass with a QR code (such as provided by Yoti) which they can scan and their app will show she is over or under whatever the age is for admission. Feedback from mainstream credit reference agencies and financial services identity providers in providing necessary support infrastructure indicates that the concept can be applied cheaply and reliably on-line. Given that their business models already depend on combining, low cost, rapid, secure response (often while transactions are in progress) with higher levels of security than are achieved by almost any government agency, the consequences are profound.

Hence the growing interest in an event on 22nd September where the idea will be publicly explored. The presence of Mind Candy (alias Moshi Monsters) and Equifax among the lead sponsors indicates the range of serious commercial interest. The range of speakers indicates how the issues go to the heart of not only child safety but of national and international on-line identity strategies. They speakers include Baroness Joanna Shield, (once the Tech City Champion, now the responsible minister), Peter Wanless, (now CEO of the NSPCC) and Peter Johnson, (CEO of the on-line content regulator ATVOD). But they also include Don Thibeau, founder and prime mover of OIX, which lies at the heart of the Cabinet Office ID strategy, Pat Walshe (on the Kantara initiative) and Robin Wilton (ISOC global outreach Director for Identity and Privacy).

The event will be structured as a series of discussions which are expected to not only provide feedback into UK and EU political and regulatory policy but also into the commercial policies of some of the world's largest on-line advertisers: from drinks, gaming and entertainment to on-line retailing (anyone whose product lines include age-controlled products) as whole. I suspect this may prove to be one of those seminal events that has a global impact. Book now or else for-ever hold your peace.    



The politics of access and wayleave charges or "Why it costs BT so much more to build a better network"

| 3 Comments | No TrackBacks
| More
The difference between the costs quoted by BT for upgrading its legacy network and those quoted by its competitors for building new fibre networks puzzles those in Devon and Somerset who compare the compare the deal their council was being pressured to accept with those made by Gloucestershire and Berkshire with Gigaclear. They are right to be puzzled. It is not just because BT is saddled with cross-subsidising UK Sport and overhead charges which can treble its civil engineering costs. It is also at a massive disadvantage when it comes to access and wayleave charges, It is not easy for an outsider to unravel its costs but it appears these may well account for over half of them (and those of Virgin, Vodafone, EE or the other Mobile Operators) when it comes to new build, whether urban or rural.

Hence the pressure to update the Electronic Communications Code. But this will address only a fraction of  the difference. The national agreement with Country Land and Business and the National Farmers Union, allows farmers to waive charges in return for services to themselves or the local community. This has been used by at least one of the "great estates" to provide better (fibre-based) services to rural business parks and other tenants than is available to its inner London properties. Far sighted local councils may allow similar uncharged use of their wayleaves, buildings, street furniture and in-house communications infrastructures (including CCTV, traffic management etc.)  in return for service. Until Ofcom allows BT to exploit the opportunities available to its rivals, cannot match such deals. Its only option is to form partnerships with those who can. I hope to hear something of its plans to do so when I attend the INCA event in Bristol on the 15th and 16th September.

Even where BT has existing infrastructure sharing arrangements, as with the electricity companies, and wants to replace copper with fibre, it is charged fancy prices - because the electricity companies do not wants its engineers up their poles. There are similar problems with access to city centre rooftops on the part of mobile operators - because the risk of business disruption caused by damage to the equipment already there, perhaps serving high value applications in the building below, far outweighs any revenue.

Hence the need for a new look at the constraints on BT and go beyond "one size fits all" access and wayleave arrangements. When that happens we can cut the current estimates of the capital cost of replacing copper by fibre and of replacing mobile and wifi notspots by ubiquitous high bandwidth mobile (4G and 5G) by at least 50%, perhaps by as much as 75%.

The good news is that much of the necessary spadework in already under way. back in February I referred to the first meeting of a group of property owners and network operators to look at wayleave and access agreements that are suitable for inner city buildings in multiple occupancy. There are a number of issues to be addressed but the core message was that the value of giving tenants a choice of world-class services was far greater than any likely rental, but so too was the cost of any disruption to the services used by existing tenants. Several operators had, however, already agreed contracts with some some of the "great estates" and were willing to share these. With support from DCMS (a most helpful letter from the Minister commending the approach to other relevant players), a subsequent meeting decided to pool efforts with an exercises being organised by some of the London Local authorities consortium and the result is an exercise to use the BSI PAS approach to produce a package of agreements and clauses that will, hopefully, meet most situations and be suitable for adoption as guidance by players like the Law Society, the RICS and RIBA. If so, co-operation - with Ministerial support - will have achieved far more than legislation or regulation.

I am hopeful that the same group will also take a look at producing similar guidance for landlords and property developers regarding the equipment and cabling space they should allow for for the communications networks that will be needed to serve the tenants of "future proof smart buildings" - including rolling upgrades as tenants change, not just renovations and new build.

I hope that some of the great estates and landlords, not just property owners, will use the opportunity of the INCA event in Bristol to explore the potential for also co-operating with network operators and local authorities outside London so as to get better connectivity for their tenants at lower cost. In this context I include social as well as commercial and industrial landlords because providing low cost, high reliabllity fibre connectivity can help slash the cost of overcoming social exclusion and bring employment back to sink estates.            

Its not rocket science, just a WAN in a hostile environment

| No Comments | No TrackBacks
| More
It was delighted to see the reference to Gigaplus Argyll in the article on Nicola Sturgeon's launch of a new funding programme for rural broadband, funded from the state aid clawback mandated by the EU. As previous readers of this blog will know, our family croft is in the area to be served and I registered our interest some months ago.

One of the topics of discussion when I was on Mull earlier this month, (while waiting in vain for a data signal from the mast on the other side of Loch Scridain or a download over the wifi in the local pubs in Bunessan and Fionnphort), was the logistics of getting a signal to the Ross Of Mull and/or Iona. Local connectivity is not a problem, our neighbours have all the digging and trenching kit necessary for laying fibre and, as the B4RN team might say, building the network is "not rocket science, just a WAN in a hostile environment".       

Apparently the plan is, however, to trunk a radio service over the centre of the Isle of Mull through the area where the signals for the current BT, O2/Vodafone and terrestrial TV services are regularly degraded by storms and/or the equipment "taken out" by lightning strikes, pending the arrival of repair crews from the mainland, days or even weeks later. Hence the reason for basing support and maintenance for the new service on the island. The most hostile part of the environment for any community broadband service is, however, political - hence the importance of INCA and events like that in Bristol on the 15th and 16th September 

If you are having problems with your broadband (urban or rural), write to your MP suggesting he ask who your local council is sending to the INCA events in Bristol to learn how to provide better service at lower cost, help attract the jobs of the future and promote social cohesion by: 

  • getting better value from their existing BDUK contract 
  • going out to competitive tender using the clawbacks available under that contract
  • offering access to the council's own infrastructure and wayleaves for next generation networks and providing help with planning and regulation.    

Transforming broadband across the UK - not just Bristol

| No Comments | No TrackBacks
| More
The transformation of the UK broadband market over the past year is illustrated by presence of BT, CISCO, Microsoft, Virgin and Vodafone as well as City Fibre, Gigaclear, Hyperoptic ITS, Metronet, Callflow and Satellite Internet at an event that was originally intended to help use enhanced take-up of the broadband vouchers to pull through the City of Bristol's plans to leapfrog Manchester and Leeds, let alone London, as a hub for inter-active media development and on-line creativity.

That event has now grown into a one stop briefing that is ideal for for the senior officers and  politicians of any local authority, from parish to city or county council and those landlords and business park owners who are looking to work with their local Council or LEP to provide 21st century connectivity for their tenants. I also commend it to large business users who are getting pissed off with the way their needs are being ignored by those who assume they afford leased lines for their many sites (some on every high street or forecourt) and home-based users (who may need secure, inter-active global access to complex design and technical information). It should be a great opportunity to make contact with policy makers who might listen, as well as those who would love to be on your short list of delivery partners or alternative accommodation sites. 

On the morning of the 15th there is a half day workshop on the voucher scheme for local business followed by a technical showcase (in the afternoon) with many of the potential suppliers and operators. I plan to use the showcase to check whether, as I have been told, all the new suppliers are using IPV6 compliant equipment: i.e. the conversion problems are to do with the legacy equipment and systems of the incumbent operator plus, of course, the legacy applications that major fintech players (for example) are anxious to start converting and testing before they are shredded by overseas competitors.    

On the 16th there is a get together of almost all the major players, including the CEO of BDUK, the heads of Broadband Policy for DCMS and BT and the CEOs of many of the alternative network providers. The latter now appear to be in a position to provide local fibre or high speed wireless connectivity to most of the UK for rather less than is currently being quoted by BT. I say "currently" because I anticipate that we may hear that BT is about to change its approach and work with alternative network providers rather than compete.

There is a good reason for such a change of strategy on the part of BT.

It is, financial, akin to the reason why Telia became largest customer of Stokab instead of trying to block a shared municipal network, as BT did with Birmingham. BT and Virgin quietly dropped their case against the Commission for approving the Birmingham plans, because neither can afford to upgrade all their fixed, mobile and wifi infrastructures (including those needed by EE) to give adequate service to IPTV customers, at the same time as subsidising the salaries of the premier league footballers and other sportsmen on whom they are relying to attract new customers. Virgin is about to double its broadband speeds but also appears to be looking at partnerships akin to that which Talk Talk and Sky have in York. Meanwhile, the rocketing traffic being generated by local fibre operators, let alone wifi hotspots and 4G services, is placing increasing strain on BT's creaking back haul services and it is losing business contracts, like the Defence Fixed Telecoms Service.

It therefore makes sense from BT to focus on that which it does best - provided Ofcom allows it to make money from doing so - i.e. regulating on price and competitive behaviour and not return on capital.

If so, we can predict the consequences.

As in Sweden, the networks of future will be organised and paid for by communities which want globally competitive connectivity, while the former incumbent focuses on linking these to the outside world. Over time it then takes over the operation of the local networks: commonly under contract, so that it does not have to spend shareholders funds to buy them out. Interestingly Teliasonera not only now runs Stokab but disposed of its context operations on the way. This is also akin to the way the UK telephone and telegraph network were created in the first place - municipal enterprise that was nationalised only so that the government could eavesdrop during the run up to World War 1!

As with other INCA events, that in Bristol will be a great opportunity to listen to those who will be crating that future (or another one, or a kaleidoscope of competing futures!). I therefore look forward to meeting representatives from local government who are looking to use the event to learn how to get best value from the 129 million, and rising, of state aid claw back (required by the EU before it would approve the BDUK contracts), and to ensure that local access to world class broadband helps their residents get the jobs of the future, not just surf the net a little faster or watch a wider selection of sport over their smartphone instead of their TV or PC.  

The event is, of course ideal, for those authorities looking (as all should be) to go to open tender to serve those left out of the broadband extension plans to date. The scale of the claw back indicates that the 5 million of broadband advertising paid for by BDUK was not wasted state aid - provided of course the resultant claw back is not simply handed to BT. If it were, we could see a number of global law firms having a field day at the expense of BT, HMG and/or a selection of local councils . It is, however, also apparent that the claw back is geographically uneven. Those councils which drove hard to secure both rapid roll out and subsequent marketing and take-up, (not just spend and the achievement of nominal targets for properties theoretically passed), look set to get most. Those which go out to tender and are robust in their response to attempts at arm twisting can also be seen to have got better service from BT (as happened with Essex). It will be interesting to see what happens with Devon and Somerset now that their small business communities have become engaged alongside local MPs.

I have enjoyed watching INCA grow from a collective of vociferous community broadband enthusiasts into an embryonic trade association with almost every would be community broadband provider (from B4RN to BSkyB) in membership or in the process of joining. I also look to hearing more about its planned services to help Councils get better value for money 

However, one of my main objectives in Bristol will be to pick up ideas to help the candidates for Mayor of London to offer credible policies to prevent the "Southern Powerhouse" from falling behind its global competitors when it comes to business and mobile connectivity. I have nothing against the other Cities of the United Kingdom trying to leapfrog London into the 21st Century. I would just like to see London return the complement - so that municipal enterprise and competition helps achieve what state planning never has - world leadership of the type we had in the 19th Century.   

The Ashley Maddison hack illustrates why third party cyber- liability is now as uninsurable as IPR theft

| 1 Comment | No TrackBacks
| More
A couple of weeks ago I blogged on why insurers regard Big Data as the new asbestos: the source of massive claims triggered by the leakage and legacy of a useful but widely misunderstood and mishandled technology. I referred to the importance of the Long Finance study on cyber reinsurance that was about to report.

The report is now available on-line and I strongly recommend that CIOs (let alone CISOs) read it before it is drawn to the attention of their CEOs and main board directors by the company secretary. The Lloyd's Market Association Cyber Attack Exclusion Clause (CL380) and the Non-marine Association's Electronic Data Exclusion Clause NMA2914 probably mean that the organisation is no longer covered for cyber-risk. Serious cover for cyber-related property damage, business interruption and third party liability is difficult to obtain at reasonable cost, especially for a financial institution or an on-line retailer. Damages for the theft of intellectual property are also probably uninsurable.

The John Herrman's blog entry "Welcome to the first day of the rest of your internet", takes quick look at the consequences of the on-line posting of the data hacked from Ashley Maddison . These can be placed in context by the growing press cover of the leaked details. for analyses. The potential for legal action illustrates why the cyber insurance now on offer (sometimes called "cyber gap insurance") is commonly now confined to the legal and administrative costs of notifying customer in the event of a breach market and/or the implementation of a pre-agreed incident management plan. The total UK cyber insurance premium income for this market is said to be little more than the $148 million (barely 25% of which was covered by insurance) of provisional costs included in Target's second quarter results last year for a single data breach.  Those who think insurers will be impressed by "maturity models" should consider the way that Apple's controls were bypassed in the course of the Celebgate affair. They are more concerned about who might attack the organisation and/or system and why.

Now let us look at the growing scale of the breach of the US Inland Revenue Service systems. The underlying causes of the feuds between the Government Data Service and the rest of Whitehall become to become apparent. The enthusiasm of the GDS greatly impressed the  the digerati but not those concerned over the potential of using services like Verify to aid  serious fraud or their ability to more reliably identify the socially and digitally excluded or semi-literate (i.e. users aged more than about 35, let alone those over 65) than the derivations of the legacy alternatives used by the banks and those handling medium to high value transactions.  

How long will it be until evidence of the growing erosion of confidence in the security of the on-line world , coupled with the inability to insure against third party liability, leads to serious collective attempts to provide users with the protection they want.  Until then the arguments in the Long Finance report for a Cyber-Catastrophe Re-insurance pool (to handle systemic risk) should concentrate the minds of those, like main board directors, who are being expected to take responsibility for the irresponsibility of digital enthusiasts.who have forgotten the need for "user friendly" systems that are secure by design - not by afterthought or accident.  

Polite but deadly: The nails are inserted into the coffin of the BT Openreach Monopoly on the Today programme.

| 3 Comments | No TrackBacks
| More
Joe Garner, the latest CEO of Openreach, put up a competent defence when interviewed on the Today programme this morning in a follow up to the listeners' complaints covered on Saturday. His answers, nonetheless, indicate that it is probably only a matter of time before alternative suppliers, from Gigaclear to City Fibre replace BT as "infrastructure supplier" of choice for communities where there is a critical mass of business users who need (and will pay for) fast, reliable, world-class connectivity. If so, we can also expect current quad-play models to be amended with "infrastructure suppliers" offering menus of content providers - akin to the choice of search engine or browser on your PC. The way Ofcom uses its powers to ensure effective and informed consumer choice will, however, be critical. Hence the importance of its Strategic Review and the need for a wide and balanced range of inputs - not just "the usual suspects". .  

Garner's comment that services to the final 1%

Checking emails cartoon -Kipper Williams - Permission granted by Upottery PC.jpg

can never be economic, because some do not even have a power supply, led to questions by Justin Webb about the connectivity on offer to Birmingham, Bristol and South London: on which Bob Neill MP for Bromley and Chislehurst (and chair of the new all-party group for London) has requested a meeting with Ed Vaizey . Meanwhile one of the Conservative Candidates for mayor, Syed Kamall MEP already has London's mobile and wifi not-spots on his agenda.

I have been catching up on e-mails since returning from a break in our family croft, with line of sight to a mobile mast on the other side of Loch Scridain but no mains power supply (we use solar panels and a generator for lighting, power tools and charging the batteries of laptops and smart phones). Until a few years ago I could access e-mails (albeit slowly and with frequent restarts). Now, thanks to modern bloatware, even my smart phone cannot download more than the headings - on those days when we can get a data signal at all. Meanwhile in the local wifi hot spots it is common for my mobile to indicate "emergency phone calls only" and the pub wifi is, at best, too slow for a Windows 8 laptop. The area is outside BT's upgrade plans and I have registered with Gigaplus Argyll.The situation was little better across most of Dumfries and Galloway, where we took a break on the way home, although my son (who had joined us for a couple of days) was finally able to complete his Fantasy Football entry over a wifi connection in Kirkcudbright. This time webdid not even try to use our mobiles on M6. 

Things are, however, beginning to change in a number of directions - particularly with regard to availability of those competent to install and maintain modern networks. Joe Garner said in the Today Programme that BT Openreach has been expanding staff training in order to reduce reliance on sub-contractors (implying that competition for the latter had become a problem). Meanwhile HyperOptic switched to training their own installation and maintenance staff because of quality, as well as availability, problems with sub-contractors. This has had the added benefit of a sharp improvement in relations with property owners and managers and in the willingness of the latter to not only enter into access and wayleave agreements but to take the initiative in opening discussions on the provision of fibre, whether to high-value tenants who want world-class access or to "social" tenants who need reliable, low cost support. There is a message here for those who expect government legislation to help solve their problems with access to buildings and/or rooftops in order to address urban not-spots. 

"World class" raises the question of IPV6. The lobbyists for the main networks still claim there is no demand and Ofcom has said it is not necessary while promoting technologies for which it is essential. Meanwhile players like IFB have to meet the needs of their Oil and Gas customers in Aberdeen who are standardising globally.  There are signs that a similar situation is about to happen in London, with innovative Fintech companies, moving direct to IPV6 in order to met the needs of emerging markets, putting those with legacy applications to convert at a significant disadvantage. Until this month, the bulk of UK IPV6 traffic was over JANET and volumes reflected the academic terms. That changed with the launch of the Sky pilot. Traffic is already double that of any previous month this year and mounting. So what is in it for Sky customers?  At the basic level, they get up to 40% faster response from those applications, like Facebook which have already converted.

In short the digital divides in the UK have been deepening over the past year, leading to ever more anger on the part of those left out of current programmes. Those divides may, however, be about to change with those deploying lower cost, higher reliability fibre networks also transitioning their customers to IPV6 as part of the connection process. If it is correct that the INCA members presenting in Bristol later this month could provide fibre to 17 million UK customers, provided they are given a level playing field (and thus access to commercial finance), then those stuck with Openreach could end up on the wrong side of the divides.

I doubt that will happen because the shareholder pressure to break up BT and halt the cross subsidy of the Premier League would be irresistible. But "we live in interesting times" and the impending mix of consultations and select committee investigations will give plenty of opportunities for muckraking and mudslinging. Meanwhile also we need to quietly expedite the incremental UK transition to IPV6, lest we face a very expensive hiccup around the end of this parliament. It helps that almost all the equipment installed since the last election is compliant. The problem is the address lengths in the application software - a bit like the date lengths that caused the Y2K non-problem. The solution is the much same - a boring but essential audit job to ensure that no users experience problems. The difference is that this can be taken over time, provided the main ISPs have converted. The good news is that sharp rise in IPV6 traffic over Sky after it took a lead may well concentrate the minds of others. The bad news is that some parts of the UK, like the City of London, may well have less time than we think.   

The immediate headline question is, however, "How many of the councils in receipt of the BDUK state aid clawback (130 million and rising) will use that to go out to open tender for proposals to meet the needs of the final 5%?".

If BDUK learns from past experience and BT is forced to compete openly for the resultant business, we are likely to see a variety of different funding models emerge, including local partnerships involving BT and its main competitors where they need to co-operate in order the provide the performance and resilience needed. At this point the requirements of some regulators for critical systems to be backed up over networks that may well (and should) inter-operate but are not critically interdependent, should be used help preserve competition.



Is Big Data leakage the new Asbestosis: uninsurable? If so ....

| No Comments | No TrackBacks
| More
There is a growing gulf between those who think insurers should give discounts to those who  follow "best information security practice" (whatever that is) and underwriters who have been burned by breaches at US retailers (for example) with supposedly "mature" approaches to security. "Cyber" is now routinely deleted from mainstream theft, business continuity, libel or product, professional or director's liability insurance and underwriter are more concerned whether the operation is at risk of a sophisticated attack using insiders (innocent or otherwise) to bypass technology-based defences.
Most of the policies on offer cover only the cost of implementing a pre-agreed incident management plan: e.g. to minimise the damage when customer data, content and intellectual property right are compromised or a network or cloud goes off air, whether as a result of criminal activity, terrorism or digititis. The reason is the cost of recent US data breaches: $200 per record compromised: to notify those at risk, reissue credit cards and make the changes necessary to retain PCI-DSS status. There is also a test case which implies that, in the absence of evidence of actual financial loss, $1,000 (or pounds) is a reasonable figure for the hassle and distress to an individual whose personal information has been compromised. Now consider the potential cost of a data hack on an organisation where the identity of the users, let alone their credit cards, personal records or transactions is sensitive - such as : AshleyMaddison.

For all the talk of "Big Data" being the new "Oil" and "Cloud" being the way forward, it is now almost impossible to get insurance cover for the potential third party risk taken on by those who accept liability. And why should any of us trust those who do not .[Hence also the big question mark over the value, if any, of identities issued or recognised by government

Now let us take a quick look at the murky world of product liability where software has long been excluded as 'service" not a product" but is increasingly embedded in products. The well-publicised use of hacking into an in-car entertainment system to take charge of many of the controls illustrates the risks now being run with the world of interconnected (and insecure) everything. No wonder insurers are steering well clear.

Meanwhile the value of using "Big Data" to support the current surge in on-line advertising has been called in question by reports showing that almost half is blocked and three quarters is designed for PC users while well over half the target audiences already spend most of their time using smart phones. The backlash is under way.

That message has yet to spread from insurers to the world of "Big Data" enthusiasts, eager to collect everything possible about current or would-be customers. But the EURIM (now DPA) studies before the 2010 election on the Unlocking the Value of Information and Security by Design are now most apposite. The current DPA exercise on the use of data minimisation routines for Age Verification has strong government, as well as growing industry support: see the Hansard report of the ministerial response on the second reading of Baroness Howe's Online Safety Bill 2015

The good news is that players like IBM and BT are making massive investments in security training and services, not just security technology. The figures for IBM are not public but BT already employs six times as many full time security staff (3,300 in total, 1,700 the Security Division) in as Google (500) and its Security Academy (lead sponsor of the Cyber Security Challenge schools challenge) is by far the UK's biggest "cybersecurity" trainer outside GCHQ and the Defence Academy.

Hence the importance of the Long Finance "Cyber Catastrophe Reinsurance" study to the wider "Digital" Community, not just to the participating insurers and those who work with them to help manage and reduce risk - as opposed to those who merely sell cyber-security snake oil to the rest of us.

Minister urges business parks to bypass BT and organise their own broadband

| No Comments | No TrackBacks
| More
On July 13th the House of Commons had another Broadband Debate, this time introduced by Dan Poulter, on how BT was meeting the numbers in the BDUK targets for Suffolk, but leaving a wave of complaints, particularly across his constituency, because of how it was doing so. I recommend you read the full account in Hansard. It again illustrates the shortcomings of using government money to simply fund the extension of BT's 21CN network (designed over 20 years ago when X25, not IP, was expected to be the "future") to meet the needs of those being excluded from the Internet Age. The way in which engineers were moved to other counties as  soon as the targets were being met was probably because BT was resource limited. If so, that opens up the question of whether others could have filled the gap then, or now. If BT is still resource strapped (finance as well as people), that adds another dimension to the Ofcom review and also the CMA review into the BT-EE and O2-3 mergers (submissions due by 25th July).

The report in Thinkbroadband on the Suffolk debate illustrates how Waveney benefited from the initiative led by Peter Aldous but his intervention in Hansard on July 13th showed how annoyed he is that some of those who attended the meeting in Beccles at which he launched his broadband campaign, back in April 2011, have still not benefited - even though the nominal targets have been met.     

One of the issues has been the treatment of business customers. The response of the Minister, which I have paraphrased in the heading to this blog was:
"Business parks and industrial estates are also an issue that we negotiate regularly with BT. Again, the issue is somewhat balanced. It surprises me sometimes that business parks do not take it into their own hands to provide superfast broadband for tenants. The market is replete with numerous business suppliers of broadband. As we found from our business voucher scheme, which has connected 25,000 businesses, we have more than 600 registered suppliers all over the country that are more than willing to provide superfast broadband. Business broadband is a different beast from residential broadband."

Those who disagree with his analysis should contact the many would-be suppliers to help them with evidence to the Ofcom review.

P.S. I have been told that the Corporation of London has just issued an invitation to tender for a wifi concession two months ahead of schedule but now expects to take nine months over the process. Meanwhile other London councils, whose processes took less than three, will have their services operational.  I am awaiting details, including why the City is so different.

P.P.S. The majority of stockbrokers still show BT as a "buy" and I am not selling mine yet. I estimate the break up value to be well above the current share price - even though I am not sure it would be in the national interest!  

Find recent content on the main index or look in the archives to find all content.


Recent Comments

Philip Virgo on If barely half the UK FTT... : All the more reason for unpacking quality of servi...
Peter Barrin on If barely half the UK FTT... : These numbers are complicated by many people only ...
Philip Virgo on If barely half the UK FTT... : The October average speeds in the "Think Broadband...
Peter Barrin on If barely half the UK FTT... : 'the difference in average speed between the lines...
Philip Virgo on If barely half the UK FTT... : There are rather a lot of examples, both urban and...
Peter Barrin on If barely half the UK FTT... : Chris - who says councils are blocking requests, a...
hawk wind on How relevant is the Inves... : Re: Your Comments Yesterday. To protect victims, ...
Patrick Cosg on If barely half the UK FTT... : Further to my comment above, I've now been informe...
Christine Co on If barely half the UK FTT... : It wouldn't actually be that difficult to do urban...
Mike Kiely on If barely half the UK FTT... : As if DPI does not already exist? It is best not t...


-- Advertisement --