When IT Meets Politics

I recently heard it said that terrorists were unsophisticated in their use of the Internet and the real threats lay elsewhere. This week we have seen that they do not need to be sophisticated. The BBC handed them an unprecedented propaganda coup when its website hosted a two minute video clip of the "testament" of one of Gunner Lee's murderers. It then compounded that "triumph" by hosting a seven minute interview with his mentor. Other media outlets may have done similar but none had the authority, reach and influence of the BBC. We can argue what should have happened, such as a court order to ban publication of the clip as evidence, and therefor sub judice, pending the trial. But the bigger question is what to do now.

One "something" that should not be done is to waste more effort on the Communications (Surveillance) bill, as was called for by a retired Home Secretary within hours of the atrocity. Its irrelevance to such cases is demonstrated by what is emerging about the build up to the very public murder of a squaddy within sight of his barracks by perpetrators who were not only known to MI5 but seen as potential recruits.

I doubt, however, that "Keep calm and carry on" is a serious option, unless it is accompanied by effective action to deter, not just detect, those who might wish to obtain equivalent media cover for similar acts (whether their motives are racial, religious, animal rights or ...).

We will soon see demands for effective action to deny terrorists the oxygen of publicity and to drown their voices with messages which cause their current and would be allies and protectors to excommunicate and exile them (and their mentors) so that they can be "quarantined" and "detoxified". At this stage I will leave others to consider what those actions might be and how effective they would be - but many might regard Media and Internet censorship as preferable to the risk of mounting pressure for "ethnic/religious cleansing" after a series of copycat killings and reprisals, at all.

Meanwhile the Guardian carries an article on how propaganda techniques are being used in the Corporate world to drown our criticism, in parallel with an article that begins "The killers got their bloody hands on the front page first, but they struggled to keep the media's attention" - as though the target audiences the terrorists are seeking to reach are as flibbertigibbet as the media or share the values of the average Guardian reader.

The ancient Greeks probably had the right approach when they sought to ban the use of the name of the man who burned down the Temple of Artemis in order to be famous . They ultimately failed because the historian Theopompus recorded his name - but their approach may well have detered a generation or two copycat arsonists.

I suspect than one effect of this incident will be to accelerate the rate at which we move into an age of increasing Internet censorship and propaganda. I only hope that "our" side will be more effective than "their" side. I also hope that the funds available for cybersecurity are spend on that which is effective and relevant to the world of today and tomorrow - not that of the late 20th Century. 

Let me explain why UKIP MEPs (and their allies in other member states) may well determine the future of EU Internet regulation and what is at stake if they do. 

I have attended a number of recent meetings on the EU Cyber Security strategy. There is almost unanimous agreement with the objectives and almost unanimous condemnation of the means. For example, we need to make it much easier to report attacks, whether or not they are successful, in formats which enable rapid collation and response, as well as intelligence. The reporting of breaches, which may not be actually known until long after the event, is of historic interest only and diverts effort. Mandatory public reporting, as opposed to personally warning those known to be at risk via channels they can trust, is worse than useless. It is not merely a job creation programme for lawyers and compliance officers. It actively gets in the way of good practice in tackling threats as they emerge. More-over it penalises well run organisations which know what has happened, while protecting those which are unaware that their customer and personel files are in use by fraudsters.

Yesterday BIS issued a Call for Evidence on the EU Directive on Network and Information Security this is important - VERY important. You should read and respond.

The timing of the consultation is also very important. This Directive is unlikely to be scrutinised by the current crop of MEPs. We are moving into a period of interregnum when Commission initiatives will gather momentum while the politicians are away. There is nothing quite so dangerous as ignorance in motion and this Directive will be up to speed when the new crop of MEPs arrives, to be manipulated at will: save that half the new crop from the UK are likely to be members of UKIP or will have have done deals with them. Many other member states will have elected members of similar "a plague on all your houses" parties. In looking to educate those MEPs who will scrutinise this Directive we need to intercept the selection processes of the parties to educate the candidates, including those of UKIP. This may also be the type of cause which will appeal to those UKIP members who wish to do something useful while they are in Brussells or Strasbourg. 

In educating them we will, hopefully, also educate the Commission officals as to the changes they need to make for the European Union to survive the pressures for "democratisation not bureaucratisation". This directive could be the touchstone because the vast majority of Internet users appear to agree that something must be done to improve on-line security. Unfortunately this is not the "something" that should be done. In the meantime make sure you respond to the BIS call for evidence so that, with luck, we can get the Directive re-written before the start of the inter-regnum.

You do not have much time. The Call will close on 21st June. Evidence can be submitted anonymously but the more public you are and the more channels you use, including direct to the Commission and via allies and partners in other member states, the louder your voice will be heard.

Also make sure to join and use the Digital Policy Alliance working groups to help the follow through, including that on the Digital Single Market which Malcolm Harbour MEP chairs and those on the Data Protection and Electonic ID Regulations. If they did not already exist this would be the cause to invent them. Lord Erroll is in the process of restructuring the Alliance to handle the issues of the future. This is one of them and I anticipate a coming together of the above groups to try to bring about a similar coming together of the EU initiatives. But first we have to kill off the Commission plans to fight the electronic equivalent of the Boer War. 

Last week I received the report of the latest Open University Business School Quarterly Small Business Survey . This has been running since 1984 using the same methodology and therefore has a unique provenance.The special topic for this survey was SME use of mobile and web-based services. It contains some good news and some bad news. The bad news is that it confirms what I suspected when I blogged juxtaposing material from the 2013 Data Breaches Survey, the recent FSB - Intellect Report and the Policy Exchange Study and the National Fraud Authority examination of small firms as victims.
 

The good news is that 80% made payments on-line from their bank accounts, over 2/3 thirds sent invoices and slightly more (70%) received payment.This is double the proportion saying they were willing to transact on-line when replying to the FSB-Intellect and Policy Exchange surveys which I referenced in my most recent blog on this topic. I think the reason for the difference lies in the way the questions were asked, given that the FSB and OU surveys were both based on self-selected samples.

The difference does, however, raise interesting questions regarding the need for awareness campaigns "to help address "missed opportunities" that are called for in the other reports. There were few applications that most SMEs replying to the OU survey would never consider, although a quarter would never consider opening a bank account or taking out a loan on-line and a fifth would never consider using cloud services. Interestingly the latter was almost exactly the same as the proportion already using them - .

By far the most common obstacle to doing more on-line over "static" Internet connections was concern over the security of the PC or the Internet itself (cited by 35%). This was followed, albeit well behind, by privacy (13%) and confidence with the technology (11%). Technology limitations were cited by only 4%.

Security was an even bigger concern with regard to using mobiles (cited by 45%), with privacy equally far behind (24%) and technology limitations (20%) rather more significant. The proportion lacking confidence with their ability to use the technology was similar (12%).

Unlike the other reports the OU report contains splits between industry sectors, fixed and mobile and applications and organisation size and location. The variations by geography were significantly greater than those by size: Wales was well below average in on-line usage, followed by the East of England and Scotland. This may well reflect the ability to get a broadband service at all, whether fixed or mobile, let alone one that is fit for business use.

The variations by industry sector were also interesting. Usage was highest among those in "Agriculture Forestry and Fisheries" followed by "Business Services". It was lowest in "Transport, Storage and Communications" followed by "Hotels and Restaurants". This probably reflects the way DEFRA has forced farmers on-line to handle their claims while those running pubs and hotels appear happy to take bookings on-line, but not payment.

My conclusion is, therefore, that those who wish small firms to transact online should focus on ensuring that the products and services they wish to promote are indeed "fit for purpose" - with a premium on security processes that inspire confidence. Otherwise they risk merely stoking up paranoia with awareness exercises are not linked to effective education and support programmes. This was a core message from the awareness exercises in the early 1980s. It still has not been learned by the technophiliacs.

I am hoping that the Digital Policy Alliance will succeed where I failed and provide a neutral umbrella to bring together the various players who want small firms use their on-line products and services, because until that happens the current fragmented initiatives look set to fail.    

 

 

·        

·

 

 

·         

Ian Livingstone parked his tanks on Rupert Murdoch's lawn and the analysts clearly liked what they heard.  At the end of Friday, after some fluctuations, BT shares closed 7% above their peak in March. Sky shares were 10% down from a similar peak. Talk Talk was down 20% from its March peak.   

Thre is a lot of small print to digest with regard to what is really on offer, including price and quality of service but we can almost certainly see an overall surge in demand for broadband, as Sky and BT battle it out with a mix of special offers and retention deals. We may also see the re-introduction of competition in the local loop when Sky retaliates, not just with deals to ratin its customer base but by backing investment in Birmingham style open access broadband networks across those parts of the UK where business would benefit most from plugging gaps in BT's offerings - and is therefore likely to share the cost. We can also expect to see an extended range of Sky apps over smart phones. 

We can also expect vigorous Sky support for Talk Talk and pressure on Ofcom to expedite the investigation of BT's margin squeeze on resellers. In parallel Sky will seek to disengage Virgin from the attempt to delay the Birmingham open access dark fibre networks by suing the EU for saying that such municipal enerprise did not constitute state aid. The way will then be open for Sky to ally with Virgin's new owners, Liberty, and also threaten to sue the EU for allowing the BDUK framework to bypass state aid rules and give single tender business  to BT - unless the latter either withdraws its case or the rural networks are made open access. Sky will, in any case, almost certainly take legal action to ensure that the small print of the EU clearance (which was conditional not absolute) will be enforced

The result should be a win-win for business and consumers as BT gets the take-up and cash flow that will enable it to return to its pre-1997 investment trajectory and Sky (and others) bankroll the construction of world-class open access fibre networks, to leapfrog fibre to the cabinet before it runs out of capacity to carry the additional traffic. Theat leapfrog may prove critical to the future competitiveness of teh UK because  scale of BT's investment in content, which may have only just begun (next comes the bidding for the FA Cup), the announcment that BT will spend £300 million on a share buyback and the size of the increase in the pension fund deficit, mean, however, that BT may not have the funds to go beyond its current infrastructure investment programme for some tiem to come.

However, provided the open access networks are not crippled by business rates and are also genuinley available for BT to also use, we could yet see the UK returning to world leadership in the global information society on the back of healthy market competition.

Am I being too optimistic? Is the light at the end  of the tunnel an oncoming train? I hope not. But that also reminds me - last night I was told that the obstacle to making shared use of the National Rail Communications Network was contractual, not statutory. Similar issues appear to apply to the some of the other national fibre networks that are sitting unused - albeit the role of business rates should not be under-estimated.

I think we may be in for an interesting time as Sky, Liberty, Carphone Warehouse and also the mobile operators, for whom BT wifi is a formidable rival, plan their responses to BT's "declaration of war". I hope that the responses will including covering the final 10% in co-operation with local authorites, large and small and also affordable fibre to premises for inner city and suburban businesses as well as to rural business parks.

One interesting question raised in response to some of the analysts comments concerns the actual cost and quality of service being offered by BT, including that to pubs who will need the bandwidth to carry local wifi, as customers keep up with other sports (and vidoe gossip) while watching "the big event" on the main screen. Will the screen freeze when wifi traffic surges at half time? Will pubs wanting resilient quality of service end up paying for BOTH? 

If so, the ultimate losers may include premier league footballers as BT, Liberty and Sky realise there is little point in bidding against each other for exclusivities that markets, and not just regulators, deny them or markets fragment over the kaleidoscope of content that is available over the Internet.    

Related articles

• BT profit jumps 21% ahead of showdown with Sky (standard.co.uk)

I am told that BT plans a six hour briefing to Investment analysts - said to be a record. The build up is certainly going well. Last week a club of 22 analysts said they expect BT to outperform the market over the next year.

Am I out on a limb with my criticisms of BT's plans to invest in content to compete with Sky and Liberty (new owners of Virgin) instead of upping its plans to invest in better, faster infrastructure to rent to them?

Does a critical mass of analysts believe BT can create a profitable quadruple play business when so many others have failed: from AT&T (who remembers the consequences of the latter's attempt to provide the commercial, not just communications, infrastructures for the Internet?) onwards?

Or will they come to the conclusion that a break up of BT and sale of the content and systems integration operations would leave a much more profitable core business - selling better, faster customer connectivity and trunking to Liberty, Sky, Pearson, Reed-Elsevier and the rest of the UK content production and distribution industries, as well as the rest of British Business, in competition with players like Arqiva and the other MacQarie "children".

If so, BTbecomes a take-over target for who-over can organise a deal with HM Treasury to cover the pension fund liabilities and Cabinet Office to cover the Critical National Infrastructure responsibilities.

Unless, of course, the content plans are actually defensive, to add non-regulated revenue streams prior to a break-up led from within. My immediate thoughts are that that could make the analysts current projections look modest and return BT to its pre-1997 growth trajectory.

Either way, I would love to hear the discussions the analysts have with the fund managers they advise after the briefing - and to see how the share price moves once the analysts have digested what they hear. 

On the morning of the first day of Infosec I attended a PICTFOR briefing on the current state of UK Cyber Security. The lack of intelligible security guidance for small firms was identified as a major issue by several speakers. Later that day I attended the launch of the 2013 Data Breaches Survey. Over half the small firms responding had suffered staff related security breaches over the past year and 2/3rds had been attacked from outside.

The following day I attended the launch of "The Digital Imperative" a joint report by Intellect and the Federation of Small Business on small businesses, technology and growth. Nearly three quarters of the 2,200 respondents to an online survey had websites but barely a third used them for on-line sales. This tallies with the finding in the recent Policy Exchange report "The Superfast and Furious" that around 80% of small firms have a web presence but only a third are willing to transact (i.e. accept bookings or payments) on-line.

Why is this?

Last year the National Fraud Authority survey of small firms as victims showed that 2/3rds had experience as victims, a quarter within the past 12 months. They do not need awareness programmes. They know they need education and support - but to do what?

The 2013 Data Breaches survey indicates the value of ensuring that staff know what to do. Over 90% of organisations where the security policy was poorly understood had staff related breaches. Under half those where the policy was well understood had such breaches. I think we can quite reasonably conclude that one reason why small firms are so reluctant to transact on-line is that awareness without the knowledge of how to take effective action has led to fear, not confidence.

So what training and support do small firms need and who is going to provide it? There is no shortage of advice and guidance - usually based on variations on ISO 27000 which assume knowledgable staff with the time to learn how to use complicated products and make sophisticated choices as what they trust and why. BIS is currenlty seeking inputs to a consultation on which security standard it should support - as though a "standard" was a signiciant part of the "answer" to the problem of loss of confidence in the on-line world. 

When I was IT skills advisor to West London Training and Enterprise Council, three decades ago, we found that 2/3 of local organisations with more than 10 staff were already using computers but few had any professional IT staff. The "users had taken over the system" and most of them had received no IT training at all. Shortly afterwards another TEC, using a different methodology, found that the person in charge of IT in over 75% of small firms was the secretary/receptionist.

Today the world has moved on. Almost ALL small firms (including sole traders) use some form of IT and HMRC is trying to make Real Time inputs from approved accounting software mandatory for all who employ anyone (even a part-time Parish Clerk or a voluntary worker receiving a payment to cover expenses). Who is in charge of information security for the 99% of employers with no IT staff? What training have they received? The "Chief Information Security Officer" for an SME is typically the plumber's wife who, hopefully, reminds him to back up his smart phone when he gets back ... or it might be one of their children, who  discovered the perils of cyberstalking and bullying before reaching puberty.

In a discussion after the launch of "The Digital Imperative" I said that the problems of giving small firms the confidence to transact on-line without fear of fraud would not be solved unless and until Intellect members can make a good living from providing and supporting products and services to FSB members that are genuinely easy to use and secure. My experiences in the ealry 1980s from running the pilot Micro-System Centre and advising the ITECs prejudice me strongly against advisory services which are not based on a robust and sustainable business model: unlike all those services created to support SMEs which are staffed by those who have never run one.

But the ease of use and security will not help if you cannot get the bandwidth necessary to provided an attractive, interactive business experience to your target customers. The FSB/Intellect study makes many good points about how technology can help small firms but a significant part of the answer is Cloud Computing, including for support and security. I first asked what bandwidth do you need in order to make effective use of cloud computing about three years ago . The answer was "What do you mean by cloud computing?" with some respondents saying that webmail and similar applications for a firm with up to a hundred employers would work adequately over a 10 mbps leased line. In the US, however, those promoting cloud services tend to think in terms of customers having symetric pipes providing at least 100 mbps symetric. Around the Pacific Rim our the competitors of the future think of gigabit fibres. Now look at the needs of some FSB members to handle inter-active video traffic, as with a small firm providing hand-crafted customised products or a country pub with customers watching different sporting events over their smartphones. The bandwidth requirement is akin to that which is now commonplace around the Pacific Rim.

At the recent DPA event with Neelie Kroes speakers from Digital Britain First made the point very strongly that those who could not get Fibre to a Business Park in Buckinghamshire or Oxfordshire or to a Country House Hotel beside the Thames, (for webcams in support of international advertising, let alone the wifi traffic generated by the smartphones and tablets of the guests), were at a serious competitive disadvantage. In this context the Ofcom investigation into BT's squeeze on reseller margins for fibre , after its actions (in co-operation with Virgin) to block the Birmingham attempt to leapfrog its upgrade schedule, would be good news - were it to help expedite the availability of fibre to premises at affordable cost - as opposed to the Openreach "excess construction charges". However, Talk Talk had to employ a German consultancy to produce the evidence, such is BT's dominance of the UK market, including vis a vis consultancies who have long been in a position to produce such information, were it not that it would lose them more custom from BT and its partners than it would gain from others. More-over we need to get BT and Virgin to expedite and upgrade their investment plans rather than block those of offers.

I threfore fear that the result will be more fear, uncertainty and doubt as UK economic recovery is delayed because BT is putting over a £billion into trying to compete with Sky on Sports Content, instead of into infrastructure to rent to Sky and others. Given that economic recovery on the back of such investment is essential to bridging the ballooning gap in the BT pension fund, I fear that this strategy may prove to be a lose lose for almost all. The only winners will be thsoe in BT who are looking forward to salaries akin to those of their counterparts in the  BBC: whether or not the sports content business shows a better return to shareholders than BTs other attempts at diversification. Meanwhile sovereign wealth and pension fund managers around the world are looking to invest in the boringly profitable critical infrastructure utilities which MacQuarie, and others, are funding around the rest of the world.    

Now for some good news. At the end of March the contract for the Cybersecurity Skills Partnership was finally signed. e-Skills has the go ahead to organise a set of pilots, from schools activities through FE and HE apprenticeships to continuous professional development, bringing together a wide range of partners, building on that existing work which is well-regarded by employers. The programme is unusual in that the first public announcement is that of research into the actual paths followed by those in the industry . I have agreed to help identify employers wish to use the results to improve the skills and motivation of those they recruit and to improve and update the skills of those they already employ. I hope to blog on the details shortly but, in the mean time, e-Skills is looking for those who will take a lead and ensure that the programme really is built around employer needs and not just the shifting sands of government policy .          

Next I should say a word of praise (and I should say it is genuine praise) for BT's skills activities in support of its core business. BT is one of the few organisations that takes its apprenticeship programmes seriously. Its support for the plans for SME IT support apprenticeships should be copied by all who are serious about wanting small firms to have the skills and confidence to transact on-line.   

I recently described the rightly praised Government Direct website as lipstick on the face of a pig, and gave one example of what lies beneath (there are many more). A reader has just sent me a sharp critique of the Government Digital Services "over-enthusiastic" approach to agile computing. It rather looks as though the reform of public service delivery has become trapped between the Scylla of "delayed big bang" (exemplified by the hard rocks of the original approach to Universal Credit) and the Charybdis of "big bang" itself: sucking departments into a whirlpool of accelerating change using as mix of fashionable approaches from agile to big data, without understanding the disciplines, let alone possessing the in-house skills and experience necessary for their succesfull use on non-trivial change programmes.

In one of my first blogs on When IT Meets Politics I outlined the need to use the classical systems discipline of "structured evolution", incremental change within an overall framework, in order to achieve the radical changes to public service delivery that are long overdue. Things have moved on since then, particularly with regard to the maturing of Open Source software, but they have not moved on as far and fast as the enthusiasts would have us believe. I have jsut re-read my earlier summary of the some of conflicts that had to be overcome before we would achieve the benefits. We are barely a third of the way along the journey - delayed by unnecessary and unproductive firefights between enthusiasts, like the Open Rights group and those who take a more practical approach to achieving the same objectives.

I am of the opinion that the Government Digital Service (and also the rest of Cabinet Office and Treasury) should focus on mandating inter-operability, at all levels from technical standards and data interfaces through delivery, monitoring and management processes to funding mechanisms, rather than particular approaches or methodologies. Modular inter-operality is central to enabling flexiblity as needs and organisational structures changes and competition between suppliers. It removes the need to plan ahead in impr5atical detail and also enables the removal of contractual lock-ins ("components" can be replaced) which is why so many suppliers who "talk the talk" are very reluctant to "walk the walk".

It does, however, require mandation. I was supposed to use one of the early "agile" technologies employing re-usable code modules in order to merge and decimalise the sales ledgers for the ICL group of companies. I cheated and wrote custom code (albeit in well documented "common standard" Cobol) to cut days off the conversion and hours off the weekly overnight run for the new system. I was, of course, found out during my first test runs: the operators reported me even before I was ready to confess (it was a well run department). But no-one disciplined me or ordered me to follow process. Instead I put a nail in the coffin of that particular set of "agile" tools. Supposedly the technologies have moved on over the past forty years - but have the mindsets of young enthusiasts - as I was then.          

More-over I benefited from training and career development programmes, including structured and supervised, "apprenticeship-like" work experience and a subsequent full-time MSc at London Business School. Few, if any, of the public servants of today have had anything like those advantages. Hence my regular plea to implement the recommendations of the Fulton Report . Relying on private sector expertise is no substitute and the current Civil Service Learning framework is a joke in very bad taste.  

P.S. Just been sent a link to the interview with Brian Wernham on BBC News 24 on the (finally) phased and incremental implementation of the Universal Credit. Do watch. As readers will know I have been blogging on the need to adopt such an approach for over two years and have just looked at  again at one of my first postings. Brian was diplomatic and did not comment on the aim of completing the transition by 2017. I would merely say that having the new systems ready by April of next year for a straight line roll out at 300,000 a month is improbable as a successful way forward. Much will also depend on the success or otherwise of the switch to RTI for PAYE. We should remember that  PAYE is itself a creation of wartime, when the entire nation was mobilised working for the war effort except for those running the black market. The re-imposition of that mindset when a growing number of us no longer have one job at a time, let alone for life, is "at least as ambitious as the Universal Credit".  

The new Government Digital Service website is a great success and has deservedly won prizes, but it is still "lipstick on the face of a pig". On May 13th I am due to chair a round table to agree the terms of reference for a high level study concerned with the use of IT to aid the reform of public service delivery and have just reread the excellent National Audit Office report on "putting users at the heart of government's digital services" (see below for my thoughts on some of the highlights but do read the full report - if you just read the summary you will miss some of the dynamite).

Obvious topics for the study include the joining up of duplicated communications spend and the use of smart phone apps to strip out costs and inefficiencies at the same time as improving speed and quality of response. However, the "digital by default" approach requires that those in most need of public services not only have good broadband access, whether fixed or mobile, but can also use the services when they get through.

As a result of the work of organisations like Abilitynet most modern operating systems and browsers have quite good facilities for disabled users. I was therefore startled to be told that DWP, who won an Abilitynet Award two years ago for their use of TexBox , require those who use anything but obsolete and unsupportered operating systems and browsers to claim disability benefit in another way .

This was presumably because their outsource contractors were fully occupied digging ever deeper and more expensive holes with regard to Universal Credits. It does, however, add a very brutal context to the polite but thoughtful National Audit Office report "Digital Britain 2: Putting Users at the heart of government's digital services".

The £1.8 billion savings Cabinet Office expects from the Digital by Default Programme assume take up in line with the 80+% who now use the Internet. But the NAO report quotes evidence that many of those who are aware of an online public service chose to use an offline option instead, including 49% of those aged over 65 and 26% of social class C2DE. For the 20 public services covered by its research it found that the proportion of transactions done on-line by those surveyed ranged from over 80% for a student loan or a tax disc to under 50% for a state pension or housing benefit.

Over half those surveyed shopped on-line. Nearly half banked on-line. But less than a third had registered or paid for a Government Service and less that 10% had booked an appointment or claimed a benefit. More-over ease of use and awareness of online options were not the only barriers.

 

Concerns included fears about making mistakes (notices about penalties for wrong entries did not help), concerns as whether they were dealing with a government department or a fraudster and the need for physical confirmation of transactions. Attitudes to providing information on-line to government are interesting. Overall respondents were less willing to provide information to government than to banks and online retailers (see page 29 of the report) but this is not because they trust it less. 37% were happy to provide data to Government. 17% were not happy, but did so. Only 5% halted transactions because of security fears. By contrast only 30% were happy with providing information to on-line retailers, 29% were unhappy but overcame those reservations and only 7% had teminated transactions because of security fears.

 

On a more positive note, the NAO reported that government was missing a trick by not recognising that half those with no plans to go on-line themselves receive help to use on-line services from someone else, such as friends, family and work colleagues. The government's approach to assisted digital services does not recognise this situation. Its routines for handling those with, for example, legal power of attorney to handle the affairs those at most risk of fraud or intimidation, whether on-line or off-line, are even more primitive than those of the private sector. It needs to work much more closely with the charities working in this space and design public services, as recommended by the NAO, so that people can apply for licences or make payments on behalf of others, in a way that minimises fraud.

 

The NAO makes a number of other eminently sensible recommendations. I particularly liked the polite phrasing of:

 

"The service should consider whether having each government department develop arrangements for people who need help is the best approach. Those who are offline are more likely to be those who are particularly hard to reach. It is therefore important that they can find information about how to access public services easily. As these people are also likely to be using several public services, there will be opportunities for departments to work together, as required by GDS, to help the offline user."

 

and

 

"The GDS should increase its behavioural research to see what prevents capable internet users from using online public services more. Our research suggests there are reasons other than lack of awareness, frustration with services or lack of trust. Some users feel that, while a digital channel is appropriate for shopping, it is not formal enough for some government business. GDS needs to understand these behaviours".

 

I was recently sent a link to research that appears to show that, as they get older, existing IT users make less, not more, use of the Internet. It is not just a matter of running training and awareness courses for the elderly and expecting the problems of low usage to go away over time. We really do need to look at why those who used to be enthusiasts find it increasingly difficult or unattractive to go on-line as they get older. Hence the importance of programmes like Sus-IT which try to tackle the issues head-on with its programme into the "New Dynamics of Ageing". I took at look at this area when I was a Corporate Planner with the Wellcome Foundation, looking at the issues of an ageing population - 30 years ago. I never expected that so little practical progress would have been made by the time I would come to need the devices we then evisaged.    

The Daily Mail article "Big Brother to switch off your fridge" is a fiery attack on the proposals sent by the  EU "collective" of Energy Regulators to the Commission on March 27th. It should also be viewed as an attack on the Smart Metering Policy inherited by the Coalition Government from Ed Milliband's energy review and white papers. That policy embeds the ability to introduce energy rationing because we have failed to invest in new generating capacity while imposing green taxes, subsidising windmills and closing our coal and ageing nuclear stations.

Hence the first paper from the Conservative Technology Forum Energy Group on the short order challenges we face if it is not just the lights but UK data hubs and cloud services that have to power down during windless winter weather. The summary of "Power to the People" emphasises the need to give customers "the right to choose". In order to do so we need to bring forward effective inter-operability standards for smart meters so that those who will benefit most from actively managing their demand for power do not have to wait for those will not, because their demand is inelastic. It we do not, we may face very real problems before the 2015 election, let alone after.

Meanwhile those whose IT plans depend of UK-based server farms or data hubs should factor in the provision of standby power supplies that may need to be used on a regular basis - as in India or other nations with unstable power supplies. Even urban SMEs who are critically reliant on their IT systems and broadband connections need to consider installing standby generators of the type used by island  crofters, hill farmers or country house hotels, with satellite communications back-up for their broadband.   

At the next meeting of the CTF executive I hope to hear the plans for a stidy to produce recommendations on how the accelerate the investment necessary to ensure that the UK will have the power as well as communications infrastructure to be a location of choice for "big data" hubs but time is running out. 

I have long had strong views on the need for effective Data Protection but I have just received a e-mail via ISOC UK soliciting my support for tomorrow's "Press Stunt" by the Open Rights Group to "protect" the proposed EU Data Protection Regulation. I have sat in on meetings which helped produce some of the amendments that the Open Rights group are condemning as lobby fodder  and read their guide to the issues . Either the Open Rights Group has missed the plot or it represents a different set of interest groups to that which I thought it did..

The high level objectives of the EU Regulation are admirable but the focus on meaningless tick box rituals, like data breach notification, means that it is, in practice, unfit for purpose, unless the purpose is to drive on-line operations off-shore (to the United States or India) or to facilitate the quiet harvesting of data to commit systemic fraud. It will do little or nothing to protect privacy. It will, however, help protect those who abuse our privacy by giving them the excuse of "compliance" with the rituals.

The focus should be on "encouraging" those who want you to use their products and services to help protect us when the data needed to impersonate you is available over the Internet, whether legally or illegally. Current "data breach" notification routines serve to deter organisations from taking action to protect customers known to be at risk when the channels via which their data came into criminal hands are unknown or legal (e.g. Companies House and other "public record" sources contain almost all that is needed to impersonate anyone who has served as a director of a company). Meanwhile routines cited as "good practice" are known to facilitate fraud: we cannot dismiss  the US "evidence" that breach notifications are followed by attacks on the recipients, even though we may have doubts over its meaning.  Publicity for breaches is indeed commonly followed by a surge of false "notifications" to harvest rather more than leaked. 

The proposed EU Regulation will almost certainly make that situation worse. The need is instead to clarify the liabilities of those who do not take effective action to protect customers whose details are "available" over the Internet. I say "clarify" because, for common law countries, the liabilities may already be clear but unpublicised, (in the UK it is a mix of tort, contract, bills of exchange and fair trade) - and we can see large organisations beginning to take action accordingly. Indeed the recent "spat" between Spamhaus and Stophaus appears to have originated with an exercise to do so.

I spent yesterday at Infosec getting sore feet visiting the stands of the security snake-oil salesmen. Many were selling products and services to help clients meet data protection "compliance" requirements which did little, or nothing, to help them protect customers from fraud or abuse. Several had products which could also be used to help identify those attacking their clients and/or reselling "stolen" data - but this was not at all obvious from the material on their stands. Only one had publicity material promoting a product  (Garlik Data Patrol) designed for that purpose. Yet to my mind the use of such products should be the first duty of any organisation that suspects it has had a data breach. Indeed I would argue they should be used, in parallel, by all who use services like Trusteer.  Given that most breaches are identified weeks or even months after they occurred, the requirements in the EU Data Porection regulation are, by comparison, either meaningless or worse than useless.

So what planet is the Open Rights Group on?

Perhaps more interestingly, who side is it on?

I used to think is was on "my" side: thinking of "me" as an individual  who is as suspicious of

• Governments, who demand data retention in order to "protect" me,
  

• Regulators, who demand data retention for "consumer protection and
  

• Anyone who extols the virtues of "Big Data" as an aid to democratic decision making
  

as I am of the mass market ISPs, On-Line Retailers, Search Engines and Social Networks who track my on-line activities in order to improve service (alias sell) to me.

I now have my doubts about the Open Rights Group. I fear those doubts may be reinforced tomorrow when we see who it attacks, why and how. "By their enemies shall ye know them"

I also have my doubts about ISOC. I joined in 1995 in the fond belief that sooner or later it would become the Governance structure that the Internet so badly needed. It is now clear that it will not. It does much good work but appears unable to look at issues from the perspective of billions of users, most of whom no longer have english as their first language. I have a growing suspicion that the future of the Internet will come out of Africa (like mankind) and Asia (like printing) not California or the Cambridges (Fenland and New England). And Western Liberals may not like that future. if so, it will have been their fault. I remind readers that the one thing I am not is a Liberal. My politics are where left meets right, round the back, beside the bike sheds.

P.S. I have focussed on the counter-productive nature of the proposals for Data Breach notification but I could have made similar points regarding the proposals on privacy by design, impact assessments, consent, the right to be forgotten or data portability - when the small print will almost certainly deliver the opposite of what the regulation is supposedly eeking to achieve. 

If you think I am wrong please comment. In the past I have had a lot of time for the Open Rights Group  and I would love to believe that I have misunderstood their position.   

I have just been sent a link to a story of how "Anonymous", whoever or whatever they are, "solved" a particularly nasty case of gang rape and cyberbullying leading to suicide inside two days after the RCMP had got no-where in year. The case raises many issues from how police investigations should be conducted in the Internet Age through to the evidential quality, if any, of material that is widely circulated and believed.

I raised some of these when I last blogged on "Justice in the Internet Age" . This case puts them into a much bleaker context - including the duties and responsibilities of those outside the justice system.   The case between Lord McAlpine and Sally Bercow is also apposite. How could/should we differentiate between the gossipers of Twitter and the e-vigilantes of Anonymous?

Amid all the "tributes" and suggestions for memorials we have forgotten what would have happened if some of her less controversial achievements, such as telecoms liberalisation leading to full competition in the local loop, had not been reversed after 1997. The independent regulators put in place to open up competition to the utilities she had privatised and to subject them to market forces, such as Oftel, Ofgas and Offer, were replaced by instruments of state control run by former political advisors (Ofcom and OfGem), which "helped" plan investment, set policy, agree prices based on "acceptable rates of return" and protect incumbent players from uncontrolled innovation.

I therefore suggest that a fitting memorial, additional to a giant handbag on the fourth plinth in Trafalgar Square, would be to complete some of her unfinished business: beginning by re-opening the UK telecoms market to genuine competition. This does not appear to require any legislation. I have blogged before on the difference between the statutory duties in the Telecoms Act 2003 and those quoted on the Ofcom website . The recent spat between the bosses of Carphone Warehouse and of BT illustrates the need for an order from the Secretary of State to Ofcom to follow its statutory duties and take its anti-competitive powers seriously.

That new sense of purpose should begin with an instruction to organise a public enquiry into the supply of high speed connections for business users. The core objective is not, however, to indulge in another round of BT bashing. It should be to give BT and Virgin a vested interest in helping expedite investment in cheaper, faster, more reliable, basic utility infrastructures which they too can use. Rationing investment to the speed and scale that they can fund from existing sources, while they simultaneously try to create quadruple play businesses, should not be a serious policy option .

The attitude of a BT spokesman that a competitive market is one in which it resells local loop connections to its competitors at the same price as it sells to its competitors reflects the mindset which the 1979 policy of telecoms liberalisation, not just privatisation was intended to bring to an end. It is BT that is using a different definition of monopoly to the rest of the world.

This was a subject in which Mrs Thatcher was well briefed and took a personal interest. One of the few Britons who really understood what was at stake was a contemporary of hers at Oxford. Derek Broome, a dashing young fleet air arm pilot who went out with her best friend at University also fought hopeless seats in the 1950 and 1951 elections and briefly ran a Bell Operating Company before Arnold Weinstock put him in charge of Reliance Systems. 

Some older readers will remember Derek for his work on the PITCOM programme committee and his trenchant views on those who wasted time and effort because they had failed to analyse the reality of what they were trying to address. I was privileged to work alongside him on the 1979 computing and communications policy studies, having been introduced by Michael Spicer who was Sir Keith Joseph's link man with the Computing and Telecoms industries before Ian Lloyd was tasked to produce policy recommendations for the party to agree and announce. The election came earlier than expected and my "consultation paper", intended to provoke debate on the issues in wider context was published after the election as "Cashing in on the Chips".  

As a consequence of the decisions taken under Mrs Thatcher, the UK was well on the way towards having "at least two competing cable suppliers providing broadcast quality video to every home by 2002". Then New Labour put the policy into reverse with Local Loop Unbundling. Before the turn of the millennium BT already had fibre to within a mile of more than 60% of British homes. Meanwhile the Cable Companies had struggled to compete and ended up hiring Stephen Carter to help them replace "competition in the local loop" by "local loop unbundling" and to salvage NTL for its bondholders. That change, which saved the cable companies from bankrupcy and take-over by those with deeper pockets, wrecked BT's forward plans and its finances, delaying its plans to bring fibre to rest of the UK by over a decade (its much trumpeted current £2.5 billion roll-out). We are still waiting for its plans to provide fibre to every business, let alone home, to restart. 

Hence my modest suggestion that part of the memorial to Mrs Thatcher should be to mandate the regulators who lost their way under New Labour to stop trying to micro-manage markets and technologies and to focus on restoring competition to the industries she privatised. 

I have regularly blogged on the theme of IPR wars over the past five years but the Indian Supreme Court Case restricting patent protection to genuine innovations indicates that the pace of change may be accelerating. I recently enjoyed an article attacking the idea that "the Chinese are not innovators and rely on stealing the IPR of the West".

It reminded me of the American myopia when dealing with the "nation" whose engineers built the Pacific Railway across the Rockies, drawing on a millennium of expertise and innovation, thus helping build the fragmented United States of America into an equally centralised "nation". But neither China nor the United States are really "nations". They are "empires", united by common language, currency and communications networks which enable the executive of the central government (whether personified by Emperor, General Secretary or President) to enforce its will on the "provinces".

The big difference is that modern China is led by engineers, the intellectual descendents of those who built the great canals which held the empire together. The United States is commonly led by lawyers (like the Clintons, Nixon and Obama), intermixed with career politicians (Johnson and Truman), soldiers (From Jackson, through Grant to Eisenhower) and the representatives of semi hereditary clans which mix business and politics (the Bushes, Kennedys and Roosevelts): the intellectual descendents of that strange alliance of libertarian constitutional lawyers (like John Adams), wealthy traders (like John Hancock)  and authoritarian, slave owning, landowners (like George Washington) which brought it together.

Hence the reason that the Chinese have an attitude to copyright akin to ....

I do not always agree with Ian Grant but some of his recent posts illustrate why Ofcom really does need a good kicking - or should we instead stop kicking and give it the confidence to turn on the wolves and defend the sheep - as it was supposed to. Perhaps I was wrong.

I have commented before on the disparity between the priorities stated on the Ofcom website and those in the legislation which created it . Ian Grant's commentary on the deeper problems beneath the recent price changes revealed in the CSMG report which was part of the supporting evidence for that price review are most apposite.

Is, however, a good kicking really the answer?  In my "kicking blog"  I referred to the module on regulatory economics at the London Business School in the early 1970s. Some of the other "lessons" from that module concerned "regulatory capture" (because regulators are commonly staffed by technical experts from those they regulate) and the way they can be intimidated by incumbents with bigger and better paid legal departments and budgets - unless robustly supported at the political level by business customers and consumer groups.

The Conservatives had such points in mind when Oftel was created. So too did the politicians who scrutinised the legislation to create Oftel. But it is something else to provide the regulator with ongoing support over time. Hence the drip drip erosion of Ofcom's attention to fostering genuine competition in favour of, for example, the legal games on local loop unbundling to save the bondholders of NTL and Telewest, who were so ably represented by Lord Carter in his pre-Ofcom days. 

I therefore have more than a little sympathy for a regulator faced by incumbents with the temerity to sue the Commission in order to protect themselves from effective competition (the Birmingham State Aid case). I do not, however, believe Ofcom will ignore the points Ian found in the CSMG report. I suspect they were made to help give Ofcom the political support it needs to do its job.

But how many of the business users who need rapid and effective action (if they are not to have to relocate outside the UK) will actively lobby their MPs in support?

Will the Broadband Stakeholder Group or the CBI act as an umbrella for such lobbying?

I expect the businesses most affected to move instead to where they can get the connectivity they need - offshore if necessary, Shoreditch if they can afford the rents. Thus they will be marching in the opposite direction to that sought by a Government which wishes to encourage growth in those areas which have persistant of high unemployment because they have poor communications: road, rail, air or fibre. 

I expect the BSG to organise further worthy activity on topics such as valuations for business rates:disproportionately important though the uncertainty when it comes to discouraging investment by potential competitors to BT and Virgin.

On the action to be taken with regard to business rates I disagree, however, with Ian. Trying to get rid of business rates at a time when the Chancellor is desperate for revenue is not the answer. It would be far more effective to demonstrate, (in court by actions supporting by a critical mass of those affected if this is necessary), that the correct valuation, in accordance with basic principles behind business rates, is negligible. The reasons for not taking this approach do no credit to those concerned.

I do agree with Ian, however, on the importance of business rates: if we want pension funds and long term investors to help build the utility communications infrastructures that BT and Virgin and the others who believe in quadruple play regard as boring.

I have been trying to work out why the management of BT and the investment analysts of players like Macquarrie have such different views over the attractiveness of shared utility infrastructure ownership and operation as opposed to integrated communications and entertainment operations.

Then it dawned on me.

The latter pay salaries and bonuses akin to those of the Media World (e.g. ITV or the BBC) while giving similar (i.e. little or no) return to investors. Media lawyers and consultants also comman much higher fees. The salaries for running infrastructure operations are, by comparison, mundane unless, as in the case of British Gas, you also supply the content.

No wonder the tail wags the dog.

       

The Conservative Technology Forum has just released its first policy paper since the last election. It is on Smart Meters, where there is a need to revert to the original industry proposals put forward by "Sustainability First" in 2006 and ditch the unnecessarily expensive and now unaffordable plans inherited from Ed Milliband's 2009 White paper. The full press release is below but the paper is about rather more than smart meters. It is also about an approach to using market forces to draw in private sector investment to create a joined up 21st Century Infrastructure for a world of ubiquitous computing - the internet of things. I recommend you also read the full report. The follow up studies ...     

The controversy over Google's privacy policies is mounting. More data protection commissioners are getting in on the act. It is not that Googles policies are significantly different to those of the rest of the on-line world. It is that they attempted to make their policies coherant and intelligible. In parallel we have the news of the departure of Alma Whitten , whose breadth, depth and clarity of thinking put regulators and marketeers alike to shame.

It is always sad when the pedants and hypocrits win. But that is the way of the world. The majority of fines levied for breaches of data protection law are the result of self reporting. The Office of Fair Trade is more likely to take effective action to protect those whose data has been copied and sold, as with its recent action to withdraw the license of a pay day loan company used by impersonators . Meanwhile we are stumbling into a world where those who provide our on-line connectivity think they should to track our every communication for content and location, with or without our knowledge and consent, in case they (or the state, or a lawyer or a regulatoror a law enforcement agency) might have a use for such information. But equally they, and those who expect them to keep such information in case it might be "needed", have no intention of being liable if that retained data is used to impersonate, defraud or abuse us.  

Hence the potentially lethal nature of the current round of regulations coming out of the EU covering data protection, identity and cybersecurity. The intentions may be laudable but the small print is in almost every case seriously counter-productive - such as plans to pass breach "notifications" to those we do not trust (regulators, law enforcment agencies, government departments and, of course, their outsource contractors) or of which we have never heard.

Yesterday I was in a meeting with a senior industry figure discussing what should be done. He suggested waiting until the situation was clearer and before mounting a step by step exercise to correct the mistakes. I said that would mean that his organisation and its peers would get stuffed and have to move operations out of the UK/EU in order to remain globally competitive - because they would face a hundred thousand compliance officers, legal advisors and information security consultants all in support of "more detailed guidance" (i.e. tick box regimes supported by thousand page procedure manuals). The jobs of the latter would, of course, be safe, retainer by receivers to dispose "safely" of the data, after everyone else had been laid off.

I suggested that, instead, those wishing to reiman in business in the UK/EU should begin with the stated objectives and seize the moral high ground by demanding that priority be given be to the actions that were actually needed. Thus the Cyber Security directive is supposedly needed to help better protect critical national infrastructure. It should therefore be focussed on critical national infrastructure, such as power grids,  communications networks, payment clearing and food distribution - and the need for demonstrable resilience in the event of of fire, flood, storm and digititis (finger trouble) as well as actual attack. Topics such as social networking should be excluded from consideration.  Things like data breach notification should be secondary to responsibilities and liabilities for action to protect customers and suppliers (i.e. up as well as down the supply chain) in the event of suspected problems.

I suggested that the need was therefore to assemble a credible cross sector, pan-European group who would call for what was actually needed in order to protect the infrastructures on which their businesses (as well as the rest of society) dependend. They should also actively block attempts to side track the directives onto that with which regulators and compliance officers were comfortable but which would do less than nothing to protect them or their customers from the risk of infrastructure failure. That is much easier said than done - but the very effort of doing so can help kill off the displacement activities which make politicians feel they are doing something although they are actually making a bad situation worse.    

Similarly when it comes to breach notification. What is the point - when the information needed to impersonate most of us is already publicly available or out "in the wild". What we need is to make it easier to organise co-operation to find out who is collecting, collating  and reselling our data and to stop them - unless they have our consent to do so. If you have not already done so, watch Gary Kovacs, TED talk, Tracking the Trackers on behaviourial analysis.

At this point you can see just how difficult a task faced Alma Whitten and will now face her successor, Lawrence You. They are caught between a business model and a set of political assumptions - neither of which gives priority to usable and informed customer choice. They are not, however, the only ones. Since when did technology experts listen to their users - any more than suppliers listened to their customers - or party leaders to their members? The world is full of those who know best. The on-line world was. of course,  going to change all that. And we can see the electronic pigs flying past in virtual formation. 

A recession is, howver, a time when consumer power comes to the fore and real change happens - because the complacement can no longer throw money at problems.

I expect the way forward to come out of India (when the Supreme Court has just blocked add-on patents), China (which now has the world's largest on-line communities and is run by engineers who think ahead) or Cambridge (home of the Devil's Flamethrower) - not California (beginning to show signs of complacency) or Oxford (home of PPE and other dangerous delusions and causes which have yet to be lost).

Yesterday I blogged on the consequences of the recent cyber battles between Spamhaus and its allies (supposedly including five western law enforcement agencies, Google and others) and the Cyberbunker and its allies (supposedly including the Russian Business Network), the overall impact of which was to slow down the web significantly in the UK and parts of Western Europe but not in the United States and elsewhere. At about the same time the Egyptians caught three divers trying to cut the cables that link major UK on-line operations to their help desks in India.

This morning I took a detailed look at the recent NAO Landscape Review of the UK Cyber Security Strategy This contains a better summary of the strategy and of departmental responsibilities for implementation than you will find in the original announcement: see page 14 for the split and page 15 for the governance.

Compare this with the summary of spend by departments over time (pages 16 and 22) and the reasons for the scale and nature of lobbying to get a share of the £650 million of extra spend become much clearer.

Nearly 2/3 of the extra (£384 million over the four years including £157 spent to date) is for the

David Davis has said, in the Sunday Times, that "our bloated, toothless regulators must be leaner and tougher". He referred particularly to the Care Quality Commission, the Food Standards Agency and the Financial Services Authority as responsible, in no small part, for helping bring about the scandals they were supposedly there to help prevent.

Quis custodiet ipsos custodes. The elections for the Aediles, who regulated markets and entertainment were the most corrupt in ancient Rome. The regulatory "corruption" of modern Britain may be more intellectual than financial, but David Davis is almost certainly right in condemning the call for more regulation as the answer to everything.

So how do we get more "intelligent and independent regulators who are relentless in their drive to expose failings and put the consumer first"? 

I should, however, ask whether that is the right question, because of the damage that bad regulation is also doing to business and economy. I would also ask whether he has the right list of regulators.

Ofcom is quite good at putting the short term interests of consumers first, but has ignored the needs of business users, large and small. It has also not only ignored but actively damaged the case for investing in competitive networks to those of BT and Virgin - by its promotion of local loop unbundling instead of encouraging the constuction of alternative infrastructures. BDUK has colluded in the continuation of that policy. Meanwhile Ofgem has destroyed the case for investing in alternative energy supplies or efficiency measures - except when encouraged by green taxes and government bribes, as for windmills.  

Perhaps the greatest "political" scandal in the telecommunications world is the way BT and Virgin blocked the move by Birmingham City Council to try to give world class broadband to businesses stuck with slow and expensive leased lines in what used to be the workshop of the world. They achieved this by challenging the Commission's verdict that the Council's initiative did not constitute state aid. It will now be years before the case between BT, Virgin and the Commission is heard. By that time BT and Virgin may have got round to upgrading their networks serving central Birmingham but businesses in the areas affected will have moved away and other councils will have been discouraged from doing what is commonplace in other parts of the world where the incumbent operators are dragging their feet. 

The "cleverness" is that the case is between BT, Virgin and the Commission. In consequence there is supposedly nothing that Birmingham, DCMS or Ofcom can do to expedite matters. in fact there is plenty that a vigorous regulator could do - but do not hold your breath. 

Meanwhile the market for business  broadband gets no mention in the Ofcom Annual plan. Perhaps worse, the Ofcom proposals for the review of leased line charges in 2012 , where Ofcom acknowledge that BT had a dominant position, were for an increase of 3.5% above the rate of inflation for non-fibre links and 3.5% - 10% for rental analogues and for RPI minus 12% for gagabit (alias fibre links). Thus giving an incentive to BT to milk its obsolescent city centre leased line businesses for as long as possible.

This is exactly the opposite of the principles of good regulatory practice that David Davis and myself were taught at London Business School 45 year ago. The class reunion for MSc06, which included lectures on regulatory economics (I can remember some of the case studies but not the precise title of the module), is later this year.  

The actuals approved by the European Commission which come into force today are little different to the orginal Ofcom proposal: RPI + 2.5% for slow speed, RPI - 11% for gigabit and 2.5 - 10% for rental analogues. The non-fibre links should also have a similar, "technology neutral" below inflation cap to encourage their replacement as soon as practical.

The combined effect is an increased incentive for those needing fibre to the premises to relocate, along with the jobs they will create, to where they can get it - all too often outside the UK. The recent paper by Digital Britain First calling for Highspeed Broadband for all of Britain makes its points well but pulls its punches. The fact that businesses in the prosperous Thames Valley, including Oxfordshire and Buckinghamshire cannot get decent business broadband and have to relocate if they are to stay in business is truly shocking. How much worse is the situation in less advantaged parts of the UK where those would like to invest in alternative infrastructures are also being blocked?

But it is not just Ofcom and DCMS that have so spectacularly failed in their respective duties as regulator and sponsoring department. Ofgem and DECC have similarly brought about a situation where it is no longer possible to locate a big data centre in the UK as a whole, (not just within the M25), because of the rising probability, not just risk, of power rationing in the near future. Meanwhile US operators are pointing out that cheap energy in the US means we should migrate our data processing to where it will be outside UK/EU Data Protection law and our personal information can all be sold "for marketing purposes" or monitored under the Patriot Act, as part of our cost cutting operations 

Hence my "modest " suggestion to David Davis that he should add to his list of failed regulators.       

We have had stories about the internet slowing down after largest ever cyberattack which was focussed mainly on London and the UK. These are being followed by stories that it was merely a spat between two peripheral organisations which did not affect the Internet as a whole (e.g. Gizmodo "That Internet War Apocalypse is a Lie"). The battle was "won" by Spamhaus and its allies (such as Cloudflare) when they took Cyberbunker and its allies (a grouping supposedly called Stophaus) off air (Bulletproof cyberbunker busted). Some articles attempt to analyse what what actually happened but so far the "lessons learned" appear confined to improving DNS security.

The cyberbattle between Spamhaus and Stophaus was not, however, the only fight going on. American Express was taken off air for two hours. There were similar attacks on other US banks - albeit the firepower deployed against Spamhaus was allegedly five times (i.e 300 gbps) that being deployed (60 gbps) against the banks that were being attacked at about the same time. That implies there was a lot at stake. I have seen no cover, however, of the firepower used to silence Cyberbunker.

Last week also saw the public announcement of the long overdue attempts to bring intra-UK intelligence sharing together with a Cyber Security Information Sharing Partnership and a Fusion Cell following on from the announcement of a  Cybercrime Reduction Partnership Hopefully some of the contracts for work on cyber security skills will soon be signed so that we can move from words to action.

So how serious were last weeks cyberbattles and what are the likley consequences?

Did a consortium of five major law enforcement agencies and anonymous industry partners (with Google apparently willing to be named as one of them) square up under the banner of Cloudfare to do battle with a consortium of Cyberbunker customers (supposedly including the Russian Business Network) under the banner of Stophaus?

If so, are they going to follow through on their "victory" by using civil law (and tort) to begin the removal of not only Cyberbunker but the twenty or other, similar, operations which allegedly account for half the world's spam and malware distribution?

Will they have the co-operation and support of the Chinese, Indians and/or Russians or was this actually a proxy fight as part of the Cool War, hence the attack on London and not New York or Fairfax County? 

Will the UK's new cyber-security partnership operations take a leading role - bearing in mind that the main attack last week was supposedly on London?     

And did the Internet really slow down?

It depends who you ask. A couple of times last week I left my machine to make a cup of tea because I got tired of websites waiting to respond even though the line was supposedly running at over 70 mbps. Also at least one e-mail sent to me last monday has not arrived - perhaps hung on a security filter because of the topics being refered to.

Today my connection seems to be running ok ... touch wood.

The Home Office response to the National Audit Office report on the failure of the centralised police procurement service is yet another example of the common Whitehall approach of reinforcing failure instead of success. Few, if any, centralised procurement services live up to expectations, save in organisations with standardised and/or homogeneous operations - such as high street retailers. Even fewer of those that are mandatory have been genuine successes - delivering cost effective service, genuine savings and not just meeting nominal targets. Most mix corruption, inefficiency and waste. The reasons can be found in the writings of C P Snow and, more succinctly, of C Northcote Parkinson.

The solution can be found in the non-mandatory procurement co-operatives of local government and the private sector which have to compete on price, efficiency and quality of service. A government that supposedly believes in market principles should understand that these also apply to procurement services. It should publish league tables covering the the performance of the procurement services available to the public sector, including both central and local government, allow freedom of choice and expect those using the apparently more slower, less efficient and more expensive services to explain why. There can be good reasons as well as bad, but without public accountability we will never know.