Towards Gigabit/Full-Fibre Britain by 2025: Ed Vaizey and Sharon White change the game plan

| No Comments
| More
The announcement of the Government's Digital Strategy has been postponed until after the Referendum but some of the elements are emerging. One is the death of Verify, shunned by HMRC's users as well as by DWP and unfit for use by the NHS. Another is to turn the GDS from the most recent of a series of failed attempts (CITU, Office of the e-Envoy, eGU, TG etc.) to centralise public sector IT under the control of the Office of the President , into a worthy successor of the CCTA, policing standards, procurement and inter-operability and organising world class project planning, procurement and implementation skills for the public sector.

But perhaps the most interesting is the way in which the private sector is to be encouraged to turn the UK from a copper-bound broadband backwater, with quality of service unfit for the modern world, into a mesh of competitive, resilient and secure fibre and wireless networks, competing to offer ubiquitous world-class connectivity (alias universal service). Despite the disbelief of BT and the believers in a return to a regulated telecoms monopoly we look set to see more flesh put on the strategy announced in parallel with the 2015 budget.       

The oral evidence given by Sharon White and Ed Vaizey to the DCMS Select Committee enquiry into establishing world class connectivity throughout the UK illustrates how the UK broadband scene, let alone "vision", has changed over the past year.  Sharon Stone was cautious as to the reliability of data on "nominal" investment but the graph in section 7.1 of the Ofcom Written Evidence illustrates how the proportion funded by BT shareholders has fallen since the decision to cut capex a decade ago, to which I referred in my "Dirty Digest" of the Ofcom strategic review.

The graph also shows that I was "over cautious" when I said that BT now accounts for less than half of the converging fixed and mobile telecommunications infrastructure spend in recent years. It looks to be under 20%. More-over it currently appears set to fall further, especially if the EE infrastructure spend remains separate and shared with other mobile operators as a condition of the merger. The calculation is complicated by the different accounting conventions of players, the investment in overlapping fixed and mobile backhaul by players like Arqiva, MBNL, Cornerstone (CTIL), Wireless Infrastructure Group, plus that of US players, like Zayo (hoovering players like Viatel into their global network) and, of course, the rise of the altnets: (B4RN, Callflow, Cityfibre, Gigaclear, Hyperoptic, ITS etc.). It is also complicated by the possibility that BT's new largest shareholder, Deutsche Telekom, may decide to divest the content operations and use a mix of partnerships and direct investment to make a wholesale attempt to leapfrog the competition.

Given the investment challenges it faces in its home market that appears unlikely, Instead we are likely to see a twin track approach: with G-Fast used to increase FTTC speed and fibre to the premises increasingly used for new build, the replacement of exchange only lines and where the service over FTTC not only seriously inadequate but faces genuine competition. Where significant revenues are at stake because rivals are planning to share new-build dark fibre networks, Deutsche Telekom is more likely to take to tell BT to share than to compete: especially if it is planning to build on, rather than divest, BT's investment in content.   

More immediately interesting were Sharon White's comments on how she expected the market to evolve over the next decade. She felt that the long-term future would be fibre - with G-Fast as a bridging technology. Meanwhile Ed Vaizey envisaged a "Gigabit Britain" by 2025. There was much discussion with the Select Committee regarding the functional or structural separation of Openreach with a most welcome focus on that which would improve quality of service while encouraging investment. I noted the talk of BT's "excess profit" of 4 billion (supposedly intended to encourage investment but allegedly used to cross-subsidise Premier league salaries) and the gap between BT's target rate of return of 10.4% as against Ofcom's use of a reasonable rate of 8.6%. The rates illustrate why so many players have found attractive business opportunities, using internationally standard fibre and wireless technology (for which equipment and installation prices have been tumbling in recent years) to undercut BT, provided they can get the access and wayleaves to meet the locally unsatisfied needs of business and consumers.

This raises the question of how property owners, such as the 12,000 landlords with which Clutton's negotiates on behalf of Cornerstone, could and should respond. Is the potential increase in rental from providing a choice of world class connectivity to other tenants worth significantly more than the the fees available from individual fixed or mobile operators? And what about the disruption caused by successive operators wanting access to equipment rooms, risers and rooftops? Hence the joint DPA-Wired Westminster meeting (referred to in my last blog) that I have helped organise for the 19th April to bring together those who wish to begin planning today for 2025 onwards: beginning with fibre to the femtos and small cells needed today to address the not-spots of Central London and tomorrow to support ubiquitous smart devices in homes, offices, shops, streets and even fields across the UK.

Hence the importance of services like Wired Score allied to independent information on the quality of service actually provided, as from Actual Experience . Ed Vaizey's robust comments to the Select Committee on the failure of the Advertising Standards Authority to take action against adverts based on a quality of service received by under 20% of customers were most welcome. So too were Sharon White's comments on the need for the independent assessment of the speed and quality of service delivered locally - as opposed to that reported centrally.

We live in interesting times and I recommend watching the select committee hearings, not just reading the transcripts, if you have time. 

The battle for London's broadband vote: How are the Mayoral candidates responding to the rising tide of discontent?

| No Comments
| More

On April 1st the Daily Mail published a map of UK broadband speeds  under the headline "How fast is your broadband" and said that 1.5 million users still have "below minimum" speeds. Unfortunately it was not an April Fool Joke. Meanwhile O2 has just called for a rebalancing of UK network investment outside London and the South East  Observant readers may, however, have noted that, in the Daily Mail map, much of Inner London was "yellow" (the colour of slow speed Britain. On the same day we saw press cover for an FISP study calling for the new mayor of London to take drastic action because over a million Londoners are unhappy with their  broadband speeds and only a third believe London has the capacity to meet future needs.

Before commenting on the FISP analysis and recommendations it may be as well to remind readers of what the Mayoral candidates have said.  In February at a hustings on their technology policies, several of the candidates took the opportunity to comment on broadband. After praising Boris Johnson  for investing in physical infrastructure over his time in power, Zac Goldsmith said "investing in superfast broadband is now equally important for the next mayor. I would invest in broadband to make it the fourth utility."   Sadiq Khan (Labour) promised to hire a chief digital officer and use their knowledge to the fullest in devising a London plan that would require digital infrastructure. Caroline Pidgeon (Libdem) made similar comments:  "We have to consider broadband a utility and shouldn't settle for lack of access. As part of any planning application in London, new buildings should require super fast broadband,"  Peter Whittle of UKIP echoed her comments on investment in fast internet connections and said we should "eliminate not spots in London broadband". Sian Berry (Green) went further "As the only candidate to have worked for a tech company, I understand the issues this industry faces. This means tackling lack of access to office space, superfast broadband and planning ... I support calls to make public space available for mobile broadband infrastructure, as we did in Camden."

In his business manifesto Zac Goldsmith goes into more detail and commits to: "work with the boroughs to ensure that broadband becomes the fourth utility ... use Transport for London's 560 km network to lay cables ... rapidly expanding London's superfast broadband network and also providing mobile signal and faster broadband on the tube ... ask commercial premises broadband providers and local authorities to agree a standard two page [wayleave] document to tackle unacceptable delay in delivering fibre optic broadband service across London ... "ensure new build property is built "broadband ready" with the cabling ducts needed for broadband to easily connect to the premises."

Meanwhile Sadiq Khan has pledged to: "Improve our connectivity, making it a priority to tackle London's 'notspots', ensuring better access to public-sector property for digital infrastructure, and treating digital infrastructure with the same status as other key public utilities ... Broker a deal between providers and local authorities to provide better access to public property and land for the installation of broadband infrastructure."

I will not, in this blog, comment on candidates other technology related pledges save to say the everyone seems to pledge a Chief Digital/Data Officer who will sprinkle the magic pixie dust of "data analytics" over their policies. 

The FISP press release warns that  "London's broadband infrastructure is so poor it threatens the capital's ability to compete with other global cities in the future ... [the scale of discontent demonstrates that the market had] ...failed businesses and consumers when it came to providing the infrastructure needed to provide high-speed, future-proofed broadband services, which are already up and running in dozens of cities around the world." It then calls on the "mayoral candidates to create a new infrastructure agency - Digital for Londoners (DfL) - dedicated to making London a 'Gigabit City' by 2020 ...download and upload speeds of 1,000 megabits per second ... first step towards the Institute of Directors' call for 10 Gigabit services by 2030 and is essential for future 5G mobile plans."

FISP also says "there are more than 100 Gigabit operations worldwide and, across Europe, countries and capital cities competing for investment with London have both future-proofed fibre connections and access to gigabit speeds. In the UK more than 20 cities are already on track for Gigabit City status but London is not amongst them. "

ISP Review is critical of the FISP proposal to create a "Digital for Londoners Agency" to achieve "gigabit capabilities", pointing out that most of those "on track for Gigabit City status" in the UK are "merely" building dark fibre networks to serve the local authority needs plus commercials complexes and business parks. What is It does not point out, however, is that London already has several such networks, including those run by UK players like Colt and Venus and US players like Hibernia and Zayo to serve more than 70 co-location centres and meet the needs the needs of London's fintech and multi-media communities. Some of these are now being extended to provide the backhaul to serve housing complexes and shopping malls  Few of the UK's would-be "smart cities" yet have more than one or two co-location centres (essential to the local internet exchanges that are the beating heart of truly smart communitie), although Edinburgh has 3, Milton Keynes has 6, Leeds has 9 and Manchester has 20.

The question for the FISP authors is "What will an Agency add, other than overheads and delay, to what the candidates are already planning?". There is no reference in the FISP report to the core need, identified by Zac Goldsmith, of working with the London boroughs to  address access and wayleave arrangements. Zac also commits to making the TfL network available. Meanwhile  Sadiq Khan refers, more generally, to brokering a deal to provide better access to public land and property.

In fact a consortium of London boroughs and property owners is already making serious progress with regard to common access and wayleave agreements. The draft document, designed to cover the complex needs of multi-tenanted office, retail and housing complexes, is rather longer than 2 pages, but may well be ready for immediate adoption by who-ever wins on May 5th .

There is also the question of whether the need is for the Mayor to "Direct infrastructure providers and investors towards long-term objectives" or, rather harder in practice, to remove the planning and regulatory obstacles in the way of those who wish to co-operate in meeting the needs of Londoners now, in ways that will also make it easier to meet their evolving needs over the next couple of decades.

Either way an "agency" might be helpful, but its terms of reference and the mind-set of those running it would need to be very different.

"Direction" implies jobs for consultants and planners. "Co-operation" implies budgets for events and hospitality at which planners agree to work alongside property companies and network builders and operators to make investment in London's broadband infrastructure more attractive to fund managers and their clients.

I have therefore invited one of the co-authors of the FISP report, to a joint meeting (which I am helping arrange) of the Digital Policy Alliance and the Wired Westminster group to discuss building on the work to date in ways that meet the needs for those who are already planning capacity for the needs of 2025 and 2030, not just 2020. The theme is "We are only going to do this once" v. "The only constant is change". 

The underlying problem and/or constraint is how to enable and encourage those who will benefit most and/or are looking for long term investment opportunities. That may entail addressing the delay, cost and risk caused by political, planning and regulatory uncertainty and predatory behavior.  But it is unclear whether the best approach is  to agree to something (but what?) or to agree to do nothing - and allow market forces to work their magic, now that we have a regulator who appears to have rediscovered what they are there to do.

As I said at the end of my blog on the opportunity of the pre-referendum policy purdah  my role is to bring the players together and leave them to get on with it,



The government has postponed the announcement of its new Digital Strategy immediately after launching a consultation on how to fund the 10 Mbps Universal Service Obligation announced by the Prime Minister in November. Meanwhile Akamai says the average speed experienced by its UK customers is just under 14 Mbps and papers on the smart society of the future, such as the Atos "Digital Vision for London" fail to address how we will create the communications infrastructure necessary to be abreast of where the rest of the world will be in 2020 or 2025, let alone ahead. 

In 1858 after the Great Stink had made the Houses of Parliament uninhabitable,  Joseph Bazalgette was given terms of reference to build a sewerage network for London. He famously said "We are only going to do this once ... and there is always the unexpected", calculated that maximum demand anyone could envisage and then doubled the diameter of the pipes that would be needed to meet that demand.  I have previously described how BT abandoned a similar approach when local loop unbundling destroyed its business case for expediting fibre to the premises and it decided to divert funds to content instead. 

On Tuesday Sir Peter Bazalgette pointed out that Sky, BT and the BBC are spending 24% of their content budgets (over 5 billion) on content watched by 0.6% of the audience . In looking at how we will fund a 10 Mbps Universal Service Obligation we should recognize that those who think ahead (like Vodafone) are already looking at the capacity they will need to cope with a "smart society" and infrastructure providers like Zayo are already building capacity for customers who want it now to support applications, from those infuriating pop-up ads to instant response fintech. That raises the question of how to persuade them to invest in London instead of New York and in the UK instead of Germany or France (whether we Brexit or not).

I have been rightly criticised for my loose comments contrasting the approach of Salford in providing uncharged access to those willing to put fibre into its social housing  with that of London boroughs planning to charge wireless operators for access to their rooftops.The choice should not be an either/or.  The potential income from business users can be significant and used to help fund active social inclusion projects but charges should not be at the expense of the poorest in society. More-over one of the drivers is the failure of BT to provide adequate backhaul or fibre to the cabinet, let alone flat, in areas like the southern half of Camden, where it has been trying to avoid cannibalizing its leased line revenues. Now that others are beginning to install fibre anyway it has made the unsurprising announcement that it is restarting it "commercial" investment programme,   

There are a variety of business models and the return of business rates to Local Authorities  (with pilots for 100% to Manchester and Liverpool and a partial return for London) should begin the overdue process of allowing all councils to benefit directly from encouraging local regeneration.  But  until the benefits begin to flow, they face a dilemma. We need to find other ways of enabling and encouraging those who will reap the benefits to help fund the necessary investment - without further increasing the gap between the digital haves and have nots.

As with the railway booms of the 19th century the biggest benefits are not to the existing operators (whose revenues will be squeezed as were those of the owners of canals and toll roads) but to those whose land and property will increase in value and those whose communications costs  will fall nearly as fast as speed, capacity and reliability improve.
Viewed in this light, the expectations  of  Apple , of Google, of Netflix and of the other "Over The Top players" that some-one else should fund the construction of the communications infrastructures on which their profits depend (alias Net Neutrality) appears as strange as the reluctance to encourage business users and landlords to form local consortium to do so.  This may be changing as OTT players begin to support investment in local and regional broadband and internet exchanges (to improve service and reduce latency)  and network operators, like Verizon become OTT players and co-fund investment in local dark fibre networks underpinned by demand from business parks and commercial centres.
 
We need to use the opportunity of the Universal Service Obligation consultation to also take a new look at the investment needed to transition from the current heterogeneous mix of semi-incompatible, pre-internet-age,20th century fixed and mobile communications networks to the reliable, resilient and ubiquitous, fibre and wireless, IPV6 mesh that will underpin the "smart society" for the next few decades. 

The key questions include:

Who will benefit most from pulling forward that investment?

How do we enable and encourage them to cover the cost of doing so - and thus help lift the UK out of its current economic "plateau"?

How could/should Local Authorities balance the potential revenues from opening up access to their buildings, street furniture and other infrastructures with the need to attract those who could invest elsewhere - and what is the role of Central Government?

The exercise regarding the provision of affordable connectivity to those in social housing  which I started before Christmas (which Hyperoptic was the first to support) reinforced my view that the answers will vary - although I need to pay more attention to where wireless fits and balance the need to avoid taxing the poorest in society with the need for Local Government to raise funds from those who are able and willing to pay.
 
Almost the only certainty is that Bazalgette was right - but we do not have the equivalent of the Great Stink to concentrate the mind of Parliament. In consequence the future will belong to those communities whose property owners are in a position to work with providers to install the capacity today to allow for incremental change tomorrow, provided they can agree on mandating adherence to international inter-operability and open access standards.

But what are those standards and who is setting them, where and how?

Hence the need for the Communications Infrastructure sub-set of the Smart Society working group being put together  by the Digital Policy Alliance. The initial aim is "modest" - to identify those willing to work together across political, organisational and sector boundaries to achieve common objectives. The first meeting, hosted by the Wired Westminster Group, will focus on those willing to help encourage, extend and build on the guidance on voluntary access and wayleave arrangements and regulatory and planning advice, on which so much effort has been spent over the past year. 

Readers, especially those who disagree with me, will be pleased to note that my own role is merely to suggest who should be invited and topics that might usefully be progressed while the politicians are pre-occupied with Brexit. 

I then expect to be told, politely but firmly, to spend more time in my favourite not spot. and hope that Gigaplus Argyll will soon be able to provide a level of service at least akin to that a decade ago (before advertising and other bloatware clogged the Internet). Then I could read e-mails and even blog using a 56k modem over a 2G mast on the other side of the Loch.        

The Budget for Broadband was last year: this year it is time to act

| No Comments
| More
The Government Digital Communications Infrastructure Strategy, announced with last years budget included plans to underwrite broadband investment from a 40 billion infrastructure fund - beginning with 3 billion for Virgin's extensions - with a 1 universal 100 Mbps vision. I welcomed such a forward looking response to the submissions to the previous DMCS consultation, many of which had looked beyond catch-up games to the need to transition from a heterogeneous collection of semi incompatible, obsolescent, pre-internet, national and local networks to a world-class, internet-age resilient and ubiquitous fixed and mobile mesh. Over the past year we have seen a sharp rise in local, regional and national infrastructure investment by competitors to BT, some under-written by HM Treasury or European Investment Bank. Most not, including because of problems with applying. Now we have plans in the budget for a public-private Broadband Investment Fund which will be better able to draw down on the guarantees.

Perhaps the most important point in the budget is, however, the way the increased spend on flood defences will be funded. We can expect the insurance companies to draw attention to the need to move rapidly to replace Fibre to the Cabinet in all areas where flooding is likely. The consequences of the vulnerability of cabinets and their power supplies, compared to a passive fibre only equivalent, has, once again, been demonstrated. This, plus the news that Ofcom is finally going to take action on BT's declining services to business users could lead to a sharp increase in investment in fibre, including to replace FTTC on flood plains. Hence comments from BT about "restarting" its own "commercial" programme and the fibre to the premises plans that were dropped a few years ago. But how "future proof" will that investment be?        

Thinkbroadband has done a useful note drawing attention to the other communications-related statements. in the Budget . Perhaps the most important relates to the timescale for 5G roll-out .The commentator regards Bournemouth as an odd choice but its problems with 2G and 3G cover and "uneven" traffic levels (e.g. networks which fall over during the Holiday and Conference or bad weather) make it a good test bed for "national" roll out while global players like Zayo use experience from supporting 5G in other parts of the world to ensure their UK Fibre to the Tower (or Housing, Office or Shopping Complex) networks can not only cope with the small cell clusters already being planned to support 4G but the expansion needed for 5G and a "smart society".

I recently pointed out the need to complement "visions" of the "smart world" envisaged in reports like the Atos "Digital Vision for London" with forward strategies for creating the necessary communications infrastructure and complemented Salford for being one of the first local authorities to focus on pulling in private investment to turn its social housing into potential smart housing. Some of the comments in Salford blog have been criticised by those who think progress would be faster if it was easier for local authorities to auction their housing rooftops to the highest bidder - rather than provide non-exclusive access to those who will provide the best service to the tenants. The choices need to be publicly debated. I suspect that different local authorities and landlords would come to different conclusions. Some might come to different conclusions for different buildings and estates. The reasons for the differences, including the way funding pressures incentivise short and long term planning horizons, need to be brought out. What is almost certain is that "one size will not fill all".  

I find it interesting that the "great estates", who want their refurbishment programmes, let alone their new build, to meet the needs of tenants ten and twenty years into the future, are showing more profound vision and insight than many technology gurus, let alone the network operators (who often appear more concerned with the three month investor relations reviews that long term investors are now seeking to scrap).

The property owners are putting the need for incremental change, (because the future is uncertain and today's optimal is tomorrow's constraint) into the context of the Bazalgette strategy: think well ahead well ahead whenever you agree an upgrade. After the great stink had made the Houses of Parliament unusable, Joseph Bazalgette was given terms of reference to build a comprehensive sewerage network for London. When planning the network he took the densest population, gave every person the most generous allowance of sewage production and came up with a diameter of pipe needed. He then said 'Well, we're only going to do this once and there's always the unforeseen' and doubled the diameter to be used. The smaller diameter would have lasted until the 1960s (and Tower Blocks). Most of pipes are still going strong, although the main trunk sewers are now having to be complemented, You could say the same for Vint Cerf's foresight with regard to IPV4, only now running out of capacity.

Hence the need for the Digital Policy Alliance exercise to look at the communications infrastructure needs of a "smart society" so that those who are "only going to do this once" can install risers, ducting, equipment rooms, access points and/or shared fibre networks that can cope not only with current international standards but those likely over the next couple of decades. The exercise is planned as part of portfolio of projects, in partnership with others, to look at the issues posed by the transition to a smart society: smart phones, smart consumer goods, household appliances, toys, cars, house, cities et al.

What is different about the communications infrastructure group is that it may end up being driven by users and investors rather than by technology enthusiasts and would-be suppliers. They will, however, be wanting the latter to provide inputs so that rating schemes (like wiredscore) can cover all that might needed during the lifetime of a new build or refurbishment.     
. .                     

Salford Council leads the way into a world of smart council estates

| No Comments
| More
The news that Salford has done a deal to install gigabit fibre to its council estates, taking action while others still talk vision, should come as no surprise to those who have had dealings with the Mayor, over the years. As a local politician he was involved in the deals which led ultimately to the regeneration of the Manchester Ship Canal docks as Salford Quays and the Media City. I enjoyed watching him, as an MP on,PITCOM study tours helping tease out the politics behind the visions of the Swedes, (in planning Stokab), the Finns, (in using technology to enable 30% cuts without crippling their welfare systems), the Germans, (in handling industry-academic relations), as well as the Californians and Canadians (in trying to ensure that technology advance benefited the whole of society). He was also active in exploiting Manchester's long-standing relations with China, including as an early location of choice for Chinese students with a vibrant local Chinese business community.

The deal with the council estates also needs to be seen as one of a set of complementary initiatives to put Salford at the heart of developing, applying and exploiting smart technologies:  including as a hub for education and training in the skills of the future, from technicians installing and supporting smart systems, through practitioners designing and securing applications to development and research staff. Thus putting fibre into the council estates not only includes the residents in the world, (and jobs), of  Media City, it also enables the estates to become test beds for the affordable and socially inclusive telemedicine and telecare that we need so urgently in order to cater for an aging population (with further job opportunities at all levels).

Hence my hope that the London Mayoral candidates will show similar vision.  It is no longer a case of matching Singapore or Hong Kong. It is a case of matching Salford.              






Call for written evidence: Investigatory Powers Bill

| No Comments
| More
The revised  Investigatory Powers Bill may, or may not, be fit for purpose but now comes the next cahnce to make your views known. The Scrutiny Unit of the House of Commons has now issued a formal call for submissions to the Public Bill Committee and I have paraphrased this below because could not find it on-line to make a simple link.  

Their summary reads as follows:

"The Investigatory Powers Bill would overhaul the framework governing the use of surveillance by the intelligence and security agencies and law enforcement to obtain the content of communications and communications data. It follows three important reports published in 2015, all of which concluded that the law in this area is unfit for purpose and in need of reform, and a draft Bill that has been subjected to pre-legislative scrutiny by three parliamentary committees.

Many of the capabilities for which the Bill provides have been in use for a number of years. Some are openly provided for in the Regulation of Investigatory Powers Act 2000, whereas others have been only recently avowed, having operated on the basis of vaguely drawn provisions in legislation governing the general powers of the security, intelligence and law enforcement agencies.

Capabilities

The capabilities for which the Bill provides are:
·         The interception of communications,
·         The retention and acquisition of communications data,
·         Equipment interference, and
·         The retention and examination of bulk personal datasets.
·         Interception, acquisition of communications data, and equipment interference powers are provided for both on a targeted basis and in bulk.

The Government have said that the only new capability provided for by the Bill is the ability to require retention of Internet Connection Records, a kind of communications data that reveals the websites an individual has visited.

Oversight

The Bill would also reform the oversight regime for the use of these powers, replacing the three existing Commissioners with a single body of Judicial Commissioners led by the Investigatory Powers Commissioner. For the first time, these Commissioners would bring an element of judicial oversight to the process of issuing warrants to the intelligence services."


The Bill has now been sent to the Public Bill Committee where detailed examination of the Bill will take place and the Committee is now able to receive written evidence. It is expected to hold its first oral evidence session on Thursday 24 March and it would be extremely helpful to the Committee if written evidence was submitted by Wednesday 23 March in order to inform the debate.  The Committee will stop receiving written evidence when it reports, which could be earlier than than the current target of Thursday 5 May.

Submissions should address matters contained within the Bill and concentrate on issues where you have a special interest or expertise, and factual information of which you would like the Committee to be aware. Submissions could most usefully:

·         suggest amendments to the Bill with explanation; and

·         (when available) support or oppose amendments tabled or proposed to the Bill by others with explanation

It is helpful if submissions include a brief introduction about you or your organisation. The submission should not have been previously published or circulated elsewhere.

If you have any concerns about your submission, please contact the Scrutiny Unit (details below).

Submissions should be emailed to scrutiny@parliament.uk. Submissions sent to the Government department in charge of the Bill will not be treated as evidence to the Public Bill Committee.

Submissions should be in the form of a Word document. A summary should be provided. Paragraphs should be numbered, but there should be no page numbering.

Essential statistics or further details can be added as annexes, which should also be numbered. To make publication easier, please avoid the use of coloured graphs, complex diagrams or pictures.

As a guideline, submissions should not exceed 3,000 words.

Please include in the covering email the name, address, telephone number and email address of the person responsible for the submission. The submission should be dated.

The written evidence will be circulated to all Committee Members to inform their consideration of the Bill.

Most submissions will also be published on the internet as soon as possible after the Committee has started sitting.

The Scrutiny Unit can help with any queries about written evidence.

Scrutiny Unit contact details
Email: scrutiny@parliament.uk
Telephone: 020 7219 8387
Address: Ian Hook
Senior Executive Officer
Scrutiny Unit
House of Commons
London SW1A OAA

From DB, through Facebook to Amazon, Apple, Google, Starbucks and Uber - the Chancellor's route to balancing the Budget?

| No Comments
| More
The precedents set by judgement of the Supreme Court which voided the fictions used by Deutsche Bank and UBS to avoid tax on Bankers bonuses may be rather more profound than appears to date, We may find out tomorrow. The judgement appears to facilitate the enforcement of the Chancellor's 25% "Diverted Profits Tax", announced last. The combination provides context for the "radical accounting simplification" planned by Facebook and its decision to route its UK sales through its UK subsidiary and reduce its profits by paying staff taxable bonuses. The recent revelations about how senior IT industry staff (including some Civil Servants) are currently remunerated explain why Matt Brittin of Google did not know how much he was paid when asked by the Public Accounts Committee.

Many corporations, from Amazon to Uber may decide to resist tax decisions based on that judgement. But will they, like the "little men" be forced to pay first and appeal afterwards. If not, the Chancellor's hope of becoming PM, already diminishing, may well vanish - unless he can pull some remarkable rabbits out of the hat tomorrow.  Making the Amazon, Google, Starbucks and Uber pay tax has serious voter appeal - except among the under 25s who are least likely to vote. Meanwhile the Fair Tax Town movement inspired by Crickhowell (the town that took on the taxman) is gaining momentum.      

Tomorrow we may learn how much has been collected from the "Diverted Profits Tax" to date. It is probably embarrassingly little - which may help explain the 4 billion gap which the Chancellor supposedly has to fill. Hopefully this judgement will open the floodgates and help bring about tax parity between the on-line and off-line worlds as well as between multi-national indigenous players. If so, we may learn how much of the benefits of doing business on-line are for real and how many are "merely" tax and regulation avoidance, hidden under layers of hype and US legal jargon..

The is also the question of whether effective tax collection is easier inside the EU or outside: bearing in mind that London is a tax haven for those outside the UK while the Crown Dependencies are tax havens for both those inside and out. Until recently Chancellor could afford to be two-faced because the UK's "invisible earnings" (including from London as tax haven for other nations tax-avoiders) helped balance our books. This ceased to be the case after 1997 for a variety of reasons (some down to Gordon Brown, others not).

Perhaps the time has come to give the Crown Dependencies a choice of levying UK Corporation tax (to pay for the Royal Navy and the UK's global cyber warfare and law enforcement capabilities) or facing a fiscal blockade. That might seem "a little drastic" but may well have the support of other nations who see similar tax avoidance as the on-line multinationals route their IPR and other revenues through the Crown Dependencies (and/or  the Dutch Antilles) as much as they do through Malta, Luxembourg, the Irish Republic and Cyprus. perhaps the G20 has already agreed such a deal and that is why the Chancellor rejects any lesser EU arrangements.
 

It looks as though Ofcom got it right: BT is likely to give better service whole but scared of being broken up

| No Comments
| More
The hints that BT is to restart investment in fibre to premises and to upgrade services to premises previously deemed uneconomic indicates that the Ofcom Strategic Review almost certainly reached the right conclusions.

Back in the early 1970s Michael Beesley told his students at London Business School, of whom I was one, that the best way to get good service from a monopoly was to keep it scared of being broken up. He also told us they should be regulated on price, quality of service and behaviour towards would-be competitors, NOT on margins on costs, including of capital. One of my classmates became a multi-millionaire during the privatisation of British Rail because HM Treasury and its advisors did not understand the difference between risk finance and a set of leasing deals: "if looks like a duck, swims, waddles and quacks ..."  Another of our lecturers began his accounting classes by making us chant the mantra "Price is not a function of cost" for five minutes - before he would say: "Price is what the market will bear. If you cannot make it for less you should not be in business. If you can make it for a lot less - keep quiet, lest others find out."

I am delighted to see that Ofcom, under new management, has re-learned what Bryan Carsberg practised from the start.

But now it has to follow through as Britain begins the uncertain transition from a hodgepodge of obsolescent 20th century telecommunications networks, many still running over 40 and 50 year old copper cabling, through an internet age network of networks (with inter-operability devolved from LINX to internet exchanges serving every smart city) to secure, resilient and locally interconnected wireless and fibre meshes, capable of supporting a smart world: from smart phones, household appliances, consumer goods and toys, through smart cars, medical and telecare devices and buildings to ....        

The "Digital Vision for London" for London published by Atos last week, is interesting because it says nothing about the infrastructure needed. Meanwhile the members of the Westminster Property Association and the City Property Association are looking twenty years ahead,and supporting an exercise on common agreements for access and wayleaves to ensure their tenants have "future proof" access to world class services. I have already blogged on an exercise to use a similar approach to turn sink estates into smart estates at little or no cost to the housing association or local authority.

I am now looking to organise, hopefully via the Digital Policy Alliance, an all-party exercise to get the London Mayoral candidates on board, because fibre to the flat will do more to help improve inner city life chances than almost any of the policies currently being touted. Meanwhile fibre to the office and the eradication of mobile not-spots appear essential to London's survival as a global Fintech hub, with all the concomitant wealth creating jobs.

In parallel I am looking at how to help politicians around the country to look beyond the current controversies. As Sir Joseph Bazalgette said when planning London's sewerage network after "The Great Stink" had made Parliament uninhabitable "Well, we are only going to this once and there is always the unforeseen" - so he went for the highest possible estimates of need ... and then doubled the diameter of the pipes (enabling more than four times the throughput).

We know that G-fast is good for 300 Mbps over 300 metres provided the copper is good, but copper now costs more than fibre to manufacture. Demand has fallen to such a degree that there is now only one UK manufacturer left (owned by BT!) while property developers are wanting to build fibre only buildings and remove unused copper during renovations, because no new tenant is likely to prefer it. Hence the BT decision to standardise on fibre to the premises for developments of more than a couple of hundred properties. I expect we will hear more over the next few days and weeks as BT responds to the knowledge that it once again faced a robust competition regulator, not an ersatz nation strategy planner. As Michael Beesley did not say: "Industry strategy is for investors, for regulators".  And I remind those who think HMG should have a strategy that it has one - announced almost exactly a year ago


       

If Verify is the answer -what was the question? The politics of digital identities revisited

| 1 Comment
| More
The design of the Government "Verify" programme predates the European eIDAS regulation (covering the exchange of identities between public sector organisations) government which it supposedly implement. Neither has business models or costed proposals for private sector use although both make claims for applicability the public sector. Meanwhile the private sector identity and access management markets have moved on, driven by a rising tide of on-line impersonation and fraud.

Banks and transaction processing services routinely check the device we are using and our location as well as our password before taking action. Increasingly they also check a voice,   finger or face pattern. Such processes can be linked to routines to check the age of those with access to children's social and educational networks or to prevent children accessing what they should not (from knives to "adult entertainment"). Some use the routines and want others to do so too. Others (including those with advertising funded business models) do not - and do not wish to be made to. Hence industry splits over Age Checking akin to those over Ad Blocking. . 

The Verify performance dashboard indicated that barely third of applications to acquire an identity in the week ending 6th March were completed and only 2/3rd were successful. The volumes were not reported but the number of transaction authentications had fallen to barely 6,000 after a peak of 120,000 during the last week of January (the deadline for submitting personal tax returns).  The reason for the low take up may be that you are directed to apply via one of the government departments using the service. Most of these, such as Inland Revenue, appear to be quicker and easier for existing users to access via their existing routes, e.g. the Government Gateway account. Any attempt to remove these, as with Farm Payments, seems to trigger a crisis. This raises the question of why anyone should bother to register unless forced to. HMRC, for example, has said that its new Digital Strategy will involve the use of "Verify" for personal taxpayer access, when it is "mature". When is that likely, given that, so far, under 5% of those submitting tax returns have even tried to do so?  

The on-line world is awash with digital identity and access management systems. Some are robust, reliable and trustworthy. Some are not. Many are unknown quantities from start-ups and consortia of uncertain provenance and/or organisations with no intention of accepting legal liability for fraud or insecurity.  The basis of "Verify" is to enable the Government to similarly avoid liability. So why should it expect others to respect the value of identities based on the possession of a genuine (or fogged - as in the "false obtaining of genuine") passport, driving license or national insurance number, plus a bank account. Meanwhile the processes of some of those listed as providers are less robust and/or more expensive than those used by the on-line gaming industry to meet current regulatory requirements or by the adult content providers previously co-regulated by ATVOD.  

The law on electronic signatures goes back nearly 150 years (the case involved a telegraph authentication). The national and international routines used by the banks for checking the electronic signatures of each other's customers (SWIFT, Identrust, Mastercard, VISA, Vocalink etc. etc.) date back to the last century although the European Union and the Foreign and Commonwealth Office appear to have "conspired" to block the decade old attempts of the Notaries to move their processes on-line internationally as well as locally.  From the Scrivener Notaries (not to be confused with "mere" Notaries) , Lloyds Register, to Experian, RELX and organisations like CEDR, the UK hosts most of the world's globally trusted identity, authentication and disputes resolution services.

The attempts by the technology industries to create electronic identities for which they do not accept legal or financial liability (for example via the OIX group) have yet to gain the confidence of those whose funds, saving or transactions are under growing attack from organized crime.
.  
Meanwhile the market for checking the identities of those seeking to transact on-line has evolved over the past few years as the scale and nature of electronic impersonation has accelerated. The result is good business for those who assemble national and/or global personal and corporate identity databases (Call Credit, Experian, GB Group, Lexis Nexis etc.), those who run services (like IBM Trusteer or the Mobile Operators) to check the location and identity of the access devices commonly used (smart phones, tablets etc.) and those who supply low cost services to marry the two (e.g. Yoti).

Where does that leave the attempt to create a subset of the market for the identities that consenting UK Government bodies can recognize, without accepting any liability. Little wonder the Verify programme, has yet to reach critical mass? Has the time come to drop the pretensions and follow the market - recognising only those identity and authentication providers who are happy to meet the previously stated standards of security and privacy, because they already operate to these, or higher?

The addition of Barclays to the list of Verify providers may indicate that such a decision has already have been taken. If so, the dropping of those who have recently been subject to massive fines for privacy breaches would conform this.        

One can also ask where the need to address the rising tide of electronic impersonation leaves wider public policy, whether or not we Brexit or remain, on:
 
  • identity: not just Verify/eIDAS, HMRC, DWP, NHS etc but the liability or otherwise of Identity and Access management providers, both public and private sector,
  • privacy: from Data Breaches to Safe Harbours,
  • security: including the deliberate the lack of it with open and "bug" data policies.
  • consumer protection: including enforcement of the e-commerce directive and redress from those who deny responsibility for what happens over their services.
I was recently asked to appear on a panel to discuss government thinking on "cyber-security, identify theft etc.". I was sorely tempted to be candid:

  • "Yes Minister" is not comedy or satire but a set of training films. The core behaviour patterns, including the inter-actions with the "outside world" (of newspaper magnates and investigative journalists, city magnates, corporate superstars and global industrialists and lobbyists of every shade) are little changed since they were described by Anthony Trollope although CP Snow and C Northcote Parkinson added valuable insights and the days of Empire are long gone. Whitehall and Westminster now kowtow to the lobbyists of corporate decision-takers based in Brussels, Dublin, Luxembourg, Seattle and Silicon Valley, not just those based in New York or Washington.  
  • UK Government policy, on anything, is "a set of compromises between the semi-hereditary feuding tribes of Whitehall (departmental) and Westminster (political) where the objective is the personal prestige/survival/pension rights of the participants". EU policy adds a layer of Brussels fudge, using amibiguous definitions to enable verbal "harmonisation" to conceal lack of basic agreement between member states and interest groups.

  • Then we have TTIP, trying to conceal fundamental differences between Europe and US while China is coming to dominate the supply of the communications hardware on which the on-line world depends: from smart phones to communications switches. It is as well to note the comments on such deals of US Presidential candidate Bernie Sanders 
It is not enough to say that the time has come to bury the corpse of Verify and look beyond OIX and eIDAS to what is happening in the "real" world. There is a need for to review what should and should not be regulated in the interest of consumers and of business users.

Consultations on Digital Apprenticeships and the Apprenticeship Levy

| No Comments
| More
Many readers have strong views on both Digital Apprenticeships and the plans for an Apprenticeship Levy. Speak now or for-ever hold your peace or rather speak now and then continue to make a fuss until your voices are heard. The deadline for submissions to the Tech Partnership Consultations on both has been extended.  The link to the Apprenticeship survey, new deadline Monday 7th March, is here. The link to the survey on the Apprenticeship Levy is here . You may also wish to respond direct to the Education, Skills and Economy Select Committee Enquiry deadline 18th March. 

The Tech Partnership surveys are neutral and balanced. My own views on the subject are not. Many of the changes announced in last years budget were welcome. This was not. We had been making serious progress with genuine employer-led skills programmes but the apprenticeship levy risks a return to 70's. The levy and grant approach was comprehensively rejected in the 1980s as "Jobs for personnel officers, not training for jobs". Is there a way of implementing it which avoids the abuses of the past? I am not sure that any of those who made the proposal had even looked at what happened last time around. Meanwhile the gulf between the training wanted by employers and that which Ofqual will approve is widening.    

Now is the time to make your views known.  






Needed - facts about broadband: What "facts" do we really need?

| No Comments
| More
The controversy over the Broadbad report and its use of figures from May 2015 raises the interesting question of what supposed "facts" do we really need ... and why?

I have just received an e-mail which gives a contrasting set of 'facts" to those being quoted in the BT advertising campaign "Home truths about British broadband" - and I am not talking about the claim that Britain invented the Internet,   

It links the claim that Britain has "almost double the superfast broadband " delivery of countries like France and Italy" to the difference between the UK definition of 24 Mbps and the EU definition of 30Mbps. It contrasts the claim that "90% of the UK can get fibre optic broadband" with the equally correct statement "90% of the UK ... can only get a copper broadband service that strangles the fibre bandwidth". Virgin similarly advertises its coax connections as fibre - albeit coax can run rather faster than even a good quality twisted pair.

Most interestingly it reinterprets BT's claim that it has invested 10.58 billion in the Openreach network over the past decade using a Wall Street Journal analysis that the investment in Openreach has been static for almost a decade over which the revenues have doubled. The question I would like to ask is: How do the current and planned investment programmes of BT/EE as a whole (i.e. not just Openreach) compare with those of its converging fixed and mobile competitors and/or the many others now seeking to provide UK businesses (not "just" consumers} with world class broadband? 

I have tried to do comparisons but collating the spend of O2, 3, Arqiva, CGI, City Fibre, Colt, Fujitsu, Gigaclear, HP, Hyperoptic, IBM, ITS, O2,  through to National Grid, SSE, Sky, Virgin, Vodafone and Zayo .. and all the others building networks for Central and Local Government and the OTT services and their data centres (Amazon, Facebook, Google, Microsoft, Netflix),   is impossible. All that it certain is that BT no longer has a "natural" monopoly and accounts for rather less than half (it might even be as little as a quarter) of the current rate of spend. 

When it comes to the rural areas where BT has been given "gap funding" funding, the most pertinant question is How many of the premises/postcodes" which supposedly now have "access" to "superfast broadband" lines are connected by lines capable of carrying a broadband signal running reliably at 10 Mbps, 24 Mbps and/or 30 Mbps? And could the back haul cope if take-up was indeed 90%?

The "evidence" emerging from MPs postbags (and Select Committee hearings) is that BT often has no idea of the condition of local lines (in urban as well as rural areas) until after it has enabled a cabinet and has investigated customer complaints that services have not improved as a result. The Postcode maps are also flawed (it would have been better to use the Post Office delivery maps or the Ordnance Survey digital maps) and any future support should be subject to market testing and/or open tender and be much better targeted. BT should also be able to respond more accurately now that it has a better idea of the condition of its networks than the "semi-fictions" used at the time of the original BDUK negotiations. 
 
Another pertinent question is "What is the cost of a superfast broadband service?". I am bombarded with offers for introductory contracts bundling a phone line, a broadband services and content package for less than the current phone bills on either my business or my personal phone lines. Like many of those working from home I keep these separate for ease of accounting for VAT and Corporation Tax. But either I am not eligible, as an existing customer, or the price rises sharply once the introductory offer is over the price.
.
I could go on, but by far the most interesting question is Who would behave any differently if they knew the answers?

We are likely to have announcements from Ofcom and DCMS over the next month or so but the "real answers" will come from the investors who are pondering whether to put funds into:

  • providing London with the communications infrastructure that will enable it to survive as a world class financial services centre (whether inside or outside the EU)
  • helping other cities follow Aberdeen, Bristol, Coventry, Edinburgh, Hammersmith, Peterborough, Woking, York etc. in creating the Fibre/5G infrastructures of the future
  • helping landlords and property managers (from office blocks and shopping malls to business parks) install the Fibre/Wifi/4-5G connectivity for which their tenants will pay
  • helping those living in social housing complexes to realise the benefits of telecare and welfare, not just home shopping and entertainment, for less that their current phone bills.
Last year I made an attempt to identify those willing to work together to help councils get better value for their communications spend. The response was so muted (everyone wanting some-one else to pay and/or do the work) that I put the exercise on hold, save for helping stimulate an attempt to produce common access and wayleave arrangements and supporting guidance: where the benefits were such that city centre landlords were willing to lead the way, despite a lack of enthusiasm for practical co-operation on the part of those content with the current system. That exercise may be about to bear fruit. If so, the climate may a,so be ripe for an attempt at wider co-operation to be more successful.

Interestingly, BT shareholders may be biggest beneficiaries - because it can then focus on working amicably with those councils where it can indeed provide the best solution - while improving quality of service, making a success of the merger with EE and delivering resilient and secure back haul and support services for a society that is increasingly desperate need of them. I will not, therefore, be selling my BT shares. More-over I would expect the family business (if still going) to be using BT as part of its multi-sourcing in ten years time. 

P.S. If separating out Openreach is the "answer", I still cannot understand what the question was. I believe firmly that the question is "how do we stimulate investment in a world class communications infrastructure that is fit to support a "smart society" - from smart phones through smart toys, consumer goods and cars, through telecare, telemedicine to smart buildings and cities?"  The issues to be addressed go, of course, far wider than just the infrastructure. hence the importance of the "Smart Society" and iGov issues being considered by the Digital Policy Alliance.   

C Plan - A Plan For Consent‐Based, Confidential, Online Age Verification

| No Comments
| More
This was published by the Digital Policy Alliance in March 2015 and used to help brief politicians on why robust Age Checking processes had the support of a critical mass of on-line publishers and retailers who would also help deliver any political pledges with regard to child protection. It puts the current consultation on age checking to help protect children from pornography into context.  

Contact, Conduct, Compliance, Content, Commerce + Choice, Consent, Co‐operation and Confidence

Background
Robust age verification for both children and young people wishing to access a range of products and services online, including via mobile devices, is regarded by many as essential to improving children's safety online. Most children now spend more time online, unsupervised, using smart phones and tablets than in the playground or park. Child protection is the main driver for social networks and content providers to check the ages of those with whom they are dealing online. It is not the only one. The requirements in the "real" world for age checks, including on travel passes and other concessions for young and old, can be achieved simply by the presentation of a photocard from a reputable organisation, such as a Citizencard (for the adolescent) or a Freedom Pass (for the mature). Why should an online equivalent be so difficult?

Debate on practicalities masks that on commercial, moral and political priorities
Five years ago the age verification processes available were not fit purpose (see What's Changed). Today the UK is on the cusp of defining standards to underpin the roll‐out of scalable, viable, cost‐effective, age verification  solutions, built on the principles of 'verify once, use many times'. The next step is to turn these into internationally‐recognised interoperable standards, supported by certification programmes that define the liability models. It is time for social networking platforms, data aggregators and advertisers to re‐visit their approaches to age verification, not just to ensure that they comply with legislation designed to protect children online but also to facilitate the confident use of online services by all age groups.

Who is working to find realistic ways forward?

• Those providing online gambling services are required to ensure all customers are over 18. As many 18‐24 year olds are not on the electoral register and do not have a credit history gambling operators have had to develop innovative solutions to ensure all their customers are over 18.
• Those providing access to adult entertainment are required by ATVOD (Authority for Television on Demand - replaced 1st January 2016 by Ofcom) to check the age (but not necessarily the identity) of those seeking access.
• Those running online sales operations and payment services: who may be liable for not undertaking checks before selling age‐restricted products (e.g. alcohol, knives, tobacco, vaping products, etc.).
• Those running educational services and linked social networks for children: they need user friendly but robust age verification checks to facilitate social inclusion while protecting against abuse.

Solutions here can also be applied in other situations, e.g., to prove eligibility for education grants or to crowdsource business start‐ups [those aged under 18 not allowed to use most orocesses].

The Digital Policy Alliance has therefore brought together a range of industry players who need effective solutions for marketing and moral, as well as regulatory, reasons to work towards national and internationally recognized standards that reflect common needs. These should enable information already on file across central and local government (including DWP and The NHS) and/or the private sector to enable service providers to reliably check the age of almost any online user, including those who wish to remain anonymous, providing the relevant regulations permit this.

Delivering results at affordable cost (operational as well as up front) requires consensus on nine Cs: Contact, Conduct, Compliance, Content, Commerce, Choice, Consent, Co‐operation and Confidence.

Contact
One of the most feared risks in the online world is that of bullying and abuse as a result of inappropriate and unwanted contact between users, particularly (but not only) those who are not telling the truth about their age, let alone identity. This includes contacts in which one user may exploit another, such as an adult with a sexual interest in children.

Robust age verification has real potential to reduce the risks. It also has the positive effect of making it easier and safer to use educational and social platforms to, for example, enable school children learning foreign languages to network with those of the same age, in different countries. The benefits of reliable age verification, including the choice (see below) of whether to link identity and age, increase with adolescence and transition to the age of work.

Youngsters become increasingly vulnerable as they explore socially or try to do business online (perhaps below the age at which credit or conventional funding are available). They may, or may not, wish to disclose their age lest they be discriminated against. Similar issues apply to older age groups.

Conduct
Many risks relate to how people behave online. Those we seek to protect may also initiate or participate in antisocial or criminal activities. These can include bullying or victimization (spreading rumours and gossip, excluding peers from one's social group and withdrawing friendship or acceptance) and potentially risky behaviours (which may include divulging personal information, posting sexually provocative photographs, impersonation, lying about age or arranging to meet face‐to‐face with people only previously met online). Those who have not made the necessary checks are also placed at risk when children try to gain access to products and services which it is illegal to supply to them. Age verification mechanisms will not address behavioural issues but can be an important addition to the safety measures used by companies, parents and guardians and educational institutions. They also
make it easier for those providing services to fulfil their moral and legal obligations.

Compliance
The approach is to address the generic problem of age verification, using privacy preserving, data minimization routines to check different ages against authoritative sources while minimising the opportunities for abuse or fraud. Success will entail enabling low cost processes for account registration and transaction authorisation, which operate according to credible, effective and well‐publicised standards (including for anonymity processes where required) and enable low integration costs for less burdensome worldwide working. It also needs to be easier and more attractive (marketing and profitability) for reputable businesses to comply with processes which meet or better the mandatory standards, rather than work around them. That will entail educating staff accordingly.

Content
In the offline world, regulators require businesses to put mechanisms in place to limit the risks of children and young people being exposed to age‐inappropriate, harmful and illegal content. For example, the British Film Classification Board applies age ratings to films that will be shown at cinemas. These can be enforced during the sale of tickets or at the point of entry to view a film. It is relatively easy to assess the age of a young person in a face‐to‐face setting, albeit "proof" of age is increasingly being required. It is much more difficult to do so in an online setting.

New and emerging online age verification mechanisms seek to replicate the safety mechanisms used in real world settings. The efforts to deploy online age verification mechanisms designed to protect children from accessing age inappropriate content online have implications beyond the adult sector: for example, platforms such as Netflix are attempting to replicate the access restrictions applied in film theatres by enabling parents to set up a 'Kids' profile, with an assumption that children will only seek to access age appropriate films. Effective online age verification mechanisms would afford parents a higher level of confidence that their children are indeed watching age appropriate content. This would not, however, remove the onus on a parent to engage with children in "negotiation" as to what is appropriate for them.

Commerce
In the offline world, there are clear rules around the age restrictions that retailers must apply to the sale of, for instance, alcohol. Many retailers are engaged in initiatives designed to reduce the sale of alcohol to those who are underage, for example by implementing 'Challenge 25', the message of which is that if you are over 18 but look under 25, you should expect to be asked for some form of proof of age. Since 1st October 2007 it has been illegal to sell tobacco products to anyone under 18 - this includes cigarettes, cigars, roll‐your‐own and pipe tobacco as well as cigarette rolling papers. Selling any of these products to someone under 18 can result in a fine of £2,500.

Representatives of the tobacco industry and the Electronic Cigarettes Industry are working toward deploying online age verification mechanisms designed to restrict children and young people below the age of 18 from purchasing their respective products online.

When Internet users are purchasing products online and using online payment mechanisms, a number of checks are conducted to ensure that, for example, there are sufficient funds in your bank account and that the postal address associated with the payment mechanism matches that held by the bank etc. The inclusion of an age check carried out before a payment is authorised may be part of enabling frictionless, low cost, viable and scalable age verification solutions. The Digital Policy Alliance's Age Verification Working Group is working with a range of Identity and attribute providers (age is an attribute of your identity) to enable access to relevant age attributes from a variety of sources, some more authoritative than others. One of the issues will be to obtain access to those in the public sector which could be used to improve confidence and reduce the risk of fraud, impersonation and error in, for example, the Government Verify programme, particularly with regard to those aged under 18. Examples include the school and medical records already used to help control the issue of some age cards.

Choice
Many users, of all ages, complain that, in order to obtain service online, they are required to provide information that they see as irrelevant (date of birth is one of the most common). The excuse is commonly "to improve service". The reality is more usually to enable the supplier or its advertisers to collate information from a variety of sources to "refine" this into the new "oil" of information. The backlash can be seen with enquiries for age controlled related products and services dropping away, as more questions are asked. Many service operators would benefit greatly from being able to ask only that which will enable a trusted (by regulators as well as by the public) age verification provider to "confirm" that the enquirer is above or below the relevant age. Of course no verification be 100%, whether in the online world or the real world and the degree of confidence required (see below) will vary according to context, risk (legal, regulatory, moral and commercial).

It is rare that online users, of any age, are given a choice of what information to provide in order to use a product or service. That needs to change. Splitting age verification services from those for identity checking and transactions authorisation, giving choice to both suppliers and consumers, young and old, would be a powerful first step.

Consent
Internet users and regulators are concerned about the privacy implications of websites, apps and third party data aggregators tracking internet users' online activities. There is unease about the privacy implications of data aggregation, online behavioural advertising and the lack of transparency and accountability over what data is collected, how it is used and how long it is retained. There is growing opposition to the assumption that, by virtue of using a platform like Facebook, users have consented to their personal data being collected, collated and sold to unknown third parties. Such anxieties are significantly heightened with regard to young children who may not understand the safety and privacy issues created by the online collection of personal information and are particularly vulnerable to overreaching by marketers. A recent study recorded the levels of tracking on 40 of the top websites visited by children and discovered 1,110 third party trackers on these websites from 644 different
tracking organisations. There was an average of 24 third party trackers on pre‐school websites, 25 on education sites, 29 on gaming sites and 34 on entertainment sites. The level of tracking varied significantly, ranging from less than 10 to over 180 third party trackers on the 40 sites analysed.

The Children's Online Privacy Protection Act (COPPA) requires the Federal Trade Commission to issue and enforce regulations concerning children's online privacy. These apply to operators of commercial websites and online services (including mobile apps) directed to children under 13, requiring them to obtain verifiable parental consent to the website or app collecting, using, or disclosing personal information from children. In practice when a child indicates that they are below 13 years of age and wishes to register to access a website, they are asked to supply a parent's email to which an automated email is sent that contains a link. If the link is clicked it is assumed that parental consent to process that child's data has been obtained. Thus system has inherent flaws, e.g. a child may supply an email other than their parents' email, to which they have access. It is, however, deemed by the FTC to be sufficient.

Meanwhile a recent survey indicated that 45% of UK parents whose children had a profile on Facebook didn't know that the supposed minimum age for this was 13 years of age. More recently, the European Commission (EC) has proposed legislative measures that will define children as data subjects for the first time and require stronger legal protection of children's personal data in the online environment. In Article 8 of the proposal for the General Data Protection Regulation, the EC introduces verifiable parental (or custodian) consent that would serve as a means of legitimising the processing of personal data of children under the age of 13 on the Internet.

The electronic and mobile identities used in a number of EU member states, but not the UK, enable regulators to require local businesses to include both parental consent and online age verification mechanisms when children register to use online services. The Digital Policy Alliance Age Verification Working Group is exploring the scope to enable parents to have more effective control over how their children's personal data is processed online. Once these have been identified the intention is to work with the DPA Digital Single Market Group and others to help inform the reviews of Data Protection, Identity and Information Security Regulation, including by the European and UK Parliaments.

Co‐operation
The following groups have agreed to work together under the umbrella of the Digital Policy Alliance to agree common requirements: [Statements on DPA website]
• Online Gambling
• Adult Entertainment: ATVOD requires UK based adult content providers to verify that people accessing adult content are over 18.
• Tobacco Industry
• E‐cigarettes
• Alcohol Industry
• Online Dating Industry
• Educational Network Operators
• Child Protection organisations
• Silver Surfer support organisations
• Social Inclusion operation
• Crime Prevention organisations

Confidence
No identity or verification process, from physical passports and ID cards to electronic signatures is 100% foolproof. Attempts to achieve perfection tend to result in complex systems which open up as many vulnerabilities as they close, often using sources that are claimed to be "authoritative" but are already seriously compromised or capable of relatively spoofing. The need is therefore to agree standards that support processes, products and services that not only meet current and foreseeable regulatory requirements but exceed these and enable any weaknesses to be addressed as these emerge and affect consumer confidence, without awaiting government action. Performance measure should include the level of fraud and abuse (expected and actual) compared to that with supposedly authoritative online sources, such as the new Government Verify programme.

An idea whose time has come: robust on-line age-checking - and not just for access to pornography

| No Comments
| More
The announcement of the DCMS consultation "Child Safety Online: age checking for Pornography" is most welcome.  As yet, however, the press cover appears limited to a rehash of past arguments . The consultation document refers to the work of the Digital Policy Alliance in organising a standard for robust anonymised, on-line age checking (i.e. decoupled from personal identity). The same group is looking at how the identity checking and access management services already available might be used to help meet the likely standard. I have been able to sit in on many of the meetings. It is clear that the services already available have greatly - largely because of the pressures on the on-line financial services, transaction processing and gaming industries to protect themselves from on-line fraud and denial of service attacks while maintaining ease of use. The C Plan (issued at the start of the DPA exercise) remains well worth reading but the supporting paper on what had changed over the previous five years to make the approach viable is now dated. Anonymised age checking, as part of a data minimisation approach towards customer verification, is not only viable - it now makes good business sense (reducing the cost/risk of data breaches) - whether or not it is mandated for child protection purposes.

I recommend you read the consultation document rather than rely on the press cover. It is quite short (only 44 pages), clearly written and much more thoughtful than most of the current public debate. 

My first reaction was that I was delighted to be wrong in my New Years Eve Blog - Ofcom has NOT dropped the ATVOD ball - although we have yet to see the nature of the doubles match it will play with advertising and financial services authorities when it comes to enforcement with regard to uncharged services. The consultation raises good questions with regard to enforcement but these need to be put into wider context. For example, the London mayoral candidates have pledged action on knife crime and a member of Zac Goldsmith's team exposed the failure of some on-line retailers to even "go through the motions" when it comes checking the ages of those purchasing controlled goods and services (i.e. not just pornography but "zombie knives", alcohol etc.). This raises the question of what it is reasonable for such retailers to do. The same questions need to be asked of those providing "free" (including those where your details or those of your children are the "product" for sale) services - including supposedly "safe" social and educational networks.        

This led to my second reaction. You should read and re-read Figure 3, page 11 and Question 4, page 21.of the Consultation document.  Many of the "other comparable proof of account ownership ..." services are now cheaper, more robust and easier to acquire, use and check than those for the Government Verify programme let alone such flawed databases as the electoral role or passport file. This is the main reason the Verify programme is now floundering, unable to attract serious interest from those (e.g. banks and on-line retailers) who need to distinguish paying customers from fraudsters without turning the former away.

We are seeing the rapid roll out and take-up of "trusted computing" technologies linked to low cost biometrics. Thus the smart phone your child might use to access an age-controlled social or educational network might use the "selfie camera" to check their image against that stored by the age checking service (Yoti is an example of the new generation of approaches to identity checking) - setting off an alarm if you were to borrow their phone to check ...  In the adult world such image checking services are also being rolled out around the world by the mobile operators in support of (for example) payment systems which aim to check not only device, location, credential but user.

The main problem is therefore of process, not technology, when it comes to age checking for access to child or adult social networks, let alone age controlled products and services. Most current services wish the operator to help them collect customer data. But many retailers, faced with prospect of massive fines in the event of a data breach wish only to confirm the customer is above or below the age claimed, with no access to the school, health, credit or other records used for the checking process - and to collect or retain no record of the transaction/transmission other than for order fulfillment, billing or audit purpose. There is a consequent divide within OIX federated identity community between the "big data" and the "data minimisation/anonymisation" communities.        

In that context it is word re-reading the original 'C Plan" and putting your responses to the consultation into the context of privacy, surveillance and big/marketing data and advertising funded services. Those on-line retailers who are serious about the privacy and security of their customers and their customer's families should e-mail the DPA membership secretary, ask to join the Digital Policy Alliance Age Checking Group and then also exploit the opportunities for wider collaboration and better clarity of policy debate.       


Watch the DCMS Select Committee creeping dissection of the BT copper bound monopoly

| 2 Comments
| More
The evidence sessions for the DCMS Select Committee Enquiry into World Class Broadband Connectivity make for excellent reading. As yet their evidence session at Russell's Water is only available on video but is well worth watching. Malcolm Corbett very politely began the session by avoiding a condemnation of how BDUK had given a monopoly to BT while explaining how it had  driven away the £billions of private sector investment on offer for investment in alternative networks.* I greatly enjoyed the comments from William Perrin, sometime Private Secretary to the Prime Minister (Tony Blair) and then Deputy Direct Strategy and Policy in the Cabinet Office.  He was one of the Civil Servants I rated most highly and I finally discovered why he was so good at identifying the realities under the flummery. He grew up on a farm. More recently he had been quoted £54,000 for a 10 meg leased line with no guarantee that it would work better than business lines which turned out to be unable to carry a broadband signal without an "upgrade".    

I also liked Graham Long 's quotation from the Tratos report, Britain's Broken Broadband to the effect that the UK is seven years behind the rest of Europe in infrastructure investment. I was recently told that BT is still spending £100 million a year on copper cables from BT Cables , using production lines acquired in 2012 in an "interesting" transaction after they had ceased to be competitive with fibre (which already cost less to make). This helps explain why BT is resisting attempts by property developers to go "fibre only" and is trying to ensure the inclusion of mandatory "copper compatibility" in the proposed new DCMS "open access' procurement guidance for Local Authorities - even if this gets in the way of current international standards. Meanwhile Virgin appears to be purchasing Chinese DOCSYS 3 Coax via BT cables, paying considerably more than for "faster" fibre.  

Meanwhile every City with aspirations to be "smart" (from reliable and ubiquitous mobile and wifi, through buildings and traffic control to telecare and health) will need many times more aerials (inside shopping malls and office complexes as well as outside) to handle 4G and 5G. That will require a spirit of co-operation between landlords, property managers, local authorities and operators (fixed, wifi and mobile) over access and wayleave arragnements that is only now beginning to come about - and is not being help by those seeking statutory "code" powers which take precedence over voluntary agreement. Such cities will also require local internet exchanges, to reduce UK vulnerability to a uniquely centralised Internet peering structure as well as the growing problems of latency (not just over satellite services).   

There is much to be done to secure constructive and forward looking policy but the quality of the DCMS evidence sessions gives me a confidence I have not had before.


 

 * I did, of course, give the "real" explanation in my blog of April 2012.     

Investigatory Powers versus Fighting Fraud Together and the Skills for Both

| No Comments
| More
There is much to be digested in the report of the Joint Committee of the Draft Investigatory Powers Bills  but it is noteworthy that its publication coincides with the Home Secretary's launch of a new anti-fraud task force and the publication of two joint DCMS/BIS reports on Review of Publicly Funded Digital Skills qualifications and on Digital Skills for the UK Economy. The common factor is the need for political action to join up current debate around clear and consistent objectives, despite the lobbying from those who wish to see debate fragmented in line with traditional departmental and interest group (academic, trade association professional etc.) boundaries.

The headline recommendations of the Joint Committee are excellent although I would quibble over whether their recommendations on costs adequately reflect the concerns put to them . I still regard a statutory requirement to cover full costs as being the best safeguard against "mission creep". The current costs (para 194) were surprisingly modest (under £20 million a year). My guess is that it is that is because so much traffic is currently routed through a handful of monopoly players. Meanwhile Kevin Cahill pointed out: 67% of UK Internet users rely for much of the on the 9 players covered by the PRISM programme. He specifically mentioned the current EU case against Apple, Facebook, Google, Microsoft and Yahoo. In paras 70 - 73 the Joint Committee asks the Government to make clear whether such "entities" are covered or not. And, if so, how. That goes to the heart of the legislation.

If they are not covered, then the legislation is a nonsense, given how much our traffic they handle. If they are covered, then we have to publicly handle issues of unresolved extra-territoriality that have been unresolved since the British made the mistake of allowing William Thornton to save the Patent Office while they were destroying the Federal Government buildings in Washington in 1812. Such issues also have be handled in the context of a symbiotic intelligence sharing relations which goes back to the dark days of 1941, before America entered World War 2.  A relationship which Stalin knew about (from both ends) as soon as it was agreed, although the British and American public may have been surprised by what Edward Snowden and the Guardian told them, before he took what secrets were left to Moscow, via Hongkong.

The arguments regarding the operations of the PRISM participants are all the more potent since the only evidence of a substantiated  business case for retaining communications data (Para 52) was that the 10,000 requests in the previous year from HMRC supported 560 investigations which help prevent about £2 billion of lost tax revenue. That is probably about equal to the revenues lost by failing to tax the UK earnings of the PRISM participants in the same way as their indigenous competitors.

I found it interesting that Fraud prevention, detection, investigation and asset recovery accounted for only 5% of communications data requests. This may indicate the lack of seriousness with which Fighting Fraud Together was taken after its public launch in the Mansion House some years ago. A change seems to have occurred last year, perhaps when the Chancellor discovered just how much fraud was costing the Exchequer in lost tax revenues. Hence the importance of the announcement by the Home Secretary. But  co-operation needs to extend beyond the banks and City Of London Police. It need to embrace co-operation with Operation Falcon (the Metropolitan Police) and with the main ISPs and Mobile Operators and to be supported with budgets and resources akin to those being given to GCHQ and the War of Terror. If the evidence to the Joint Committee on the Investigatory Power Bill is accurate then the pay back to the Chancellor from being able to properly exploit continued access to fixed and mobile communications data is under 12 months.

Whether that access is better done by data retention or by better governance of co-operation was the subject of my own evidence. Either way effective response is likely to be crippled by shortage of the relevant skills, hence my link to the two most recent reports from BIS and DCMS..These indicate a schizophrenic approach to priorities with regard to digital skills which mirrors that with regard to cyber-security skills. The main area of agreement between the two reports concerns the need to be clear as to the definitions used,  But they then use different definitions.

The report commissioned from Ecorys and published in January , based on an extensive literature search, spends seven pages discussing definitions and eventually plumps for splitting its analyses and recommendations between:Basic Digital Literacy, Digital Skills for the General Workforce and Digital Skills for ICT Professionals. The report contains much useful material, including a list of initiatives - plus some good recommendations. There appears, however, to be no reference to safety and security - although this is now an almost universal user concern.  

The ministerial introduction to the review of Publicly Funded Digital Skills qualifications uses the same headline skills split but the report then uses as its "working definition": "the very broad set of skills that individuals need in order to understand, use or create the software and services we all access through services such as computers, tablets and "smart phones".  It is, subsequently, almost entirely concerned with basic digital literacy and general workforce skills. None of the courses and qualification referenced uses skills definitions less than five years old. Some, such the ECDL (which had 40% "market share"), are now twenty years old. 

Hidden in the appendices is evidence (Table A-2) that enrolments for "advance and specialist" courses has collapsed (from 9,010 in 2012/13, to 6,510 in 2013/14 to 4,612 in 2014/15. There is a caution in the text on using the most recent figures but these tally with the material on the impact of the Ofqual decisions in 2012 to bar the use of vendor and trade association qualifications which I quoted in my recent blog on skills gaps. Meanwhile demand for "general" workforce courses dropped 30% from 2012/13 to 2013/14 and appear to have continued down at the same rate. That for basis literacy is also going down, albeit more slowly, The taxpayer does not appear to have had good value for the £100 million that it is said, in the report, was spent on 200,000 students in 2013-14. Meanwhile the FE sector has been driven to the edge of bankrupcy.

Despite feeling unable to comment on such matters the report does make some useful, if bland, recommendations. More importantly it points to the importance of the issues that were outside its scope and makes good, succinct points on each (see page11). These included

  • Information, advice and guidance, including careers advice
[think also guidance, or lack of it,  on careers in security and/or investigation]
 
  • Prioritisation of funding
[think also spend on cyber versus spend on anti-fraud]

  • Teaching capacity
[think also of the shortage of competent, trustworthy, security trainers]

  • Alignment with the inclusion of digital skills within apprenticeships
[think not only of the cyber-security apprenticeships but of the need to include cyber-security in mainstream apprenticeships from banking and law to engineering, personnel and marketing, not "just" computing and communications] 
:
Now, perhaps, you begin to understand how, and why, the debate over investigatory powers can become so silo'd between competing groups of "experts"  and miss the wider issues of facilitating co-operation to help secure the on-line world against a tidal wave of, as yet, unreported, undeterred, unpunished and unchecked, computer-assisted fraud and crime   


  • s contain contains         
 







The House Of Commons Science and Technology Select Committee Enquiry into Digital Skills has so far focused on education, whether in schools or colleges or for the digitally excluded. It has yet to address the gulf between the skills (often technology or vendor specific) specified by employers when recruiting staff and the generic qualifications specified by public sector agencies when deciding what to fund.

Thus the English Trailblazer apprentice programme requires adherence to the Skills Funding Agency Qualifications Guide which effectively prevents (page 6, para 19) use of the vendor, professional, trade association or other "commercial" qualifications and associated materials commonly required by recruiters. This policy dates back to Ofqual decisions in 2012 which led to a collapse in FE/HE use of the materials available (often at no charge) from, for example, the CISCO Academy (which had previously underpinned most UK training in network skills) or the vendor neutral courses available from global trade associations like COMPTIA. The situation with regard to IBM, Microsoft and Oracle appears similar but the problem also appears to apply to the courses and qualifications developed by the trading and certification arms of all UK  trade associations and professional bodies - not just those linked to IT and Digital.

The reasons for the policy result from abuses that are more common to other industries, such as the motor industry. If your car is serviced by a local garage instead of a main dealer, the walls of the office may be plastered with certificates showing that the mechanics are competent to use this or that piece of computer-controlled diagnostic equipment. Even the certificates issued on behalf of reputable trade associations or professional bodies may be from money making subsidiaries over whose fees and processes their members have no vote. Meanwhile vendor specific certifications can be an integral part of policies designed to lock independents into the dealer networks of the motor manufacturers and squeeze out motor factors.  

But it is not as though the processes which Ofqual and the SFA are seeking to impose on the new trailblazer apprenticeships will curb the abuses of which most employers, students, practitioners and professionals complain - poor quality for the time, not just money, invested. There appears to be a wish by OfQual and BIS to mandate "open access", with the quality control of those running courses limited to sampling their certification processes after the event - as opposed to actively encouraging the inspection of the learning materials and equipment used and the CVs of the trainers.

The latter approach was used for Gordon Brown's Millennium Bugbusters programme - arguably the most successful large scale IT training programme the UK has ever run. It not only helped ensure a trouble free Y2K, it transformed the UK supply of competent microcomputer technicians and maintenance staff. Many of those running IT education and training programmes for the Department for Education and Employment failed to meet the "industry strength quality control" criteria demanded by Treasury as a condition of the Bugbusters funding, Unfortunately the new Department for Education and Skills, created in 2001, then reverted to previous procurement practice, despite what had been revealed during the fiasco of the Individual Learning Accounts.

That may been 15 years ago but the lessons are still, unfortunately, apposite - hence the importance of Julian David's comments in his excellent recent article on the need to get the right leadership and processes in place for the new Institute for Apprenticeships.

The limited and skewed response to the consultation on the Apprentice Grant and Levy proposals (most inputs were from medium to large organisations in public sector, health and services, few from engineering, manufacturing, construction or small firms) may help explain what is now happening.

We appear set for a fragmentation of standards: those for "Internet of Things security by design standards for mobile widgetmakers" differently organised to those for "non-mobile widgetmakers".

Meanwhile funding rules, intended to prevent double funding,  require recalculation of costs according to which material is used if students are allowed a choice of vendor supplied certifications to demonstrate generic competence.

Perhaps worse, the proposals focus on the completion of two year apprenticeships at a time when many IT employers are moving towards using eight week intensive, hands-on, blended and experiential learning "boot camps", to cover that which was traditionally spread over a year or two. The rest of the period covered by any "apprenticeship contract" commonly covers structured, but also productive (and often fee earning) work experience, interspersed with higher level modules, to ensure a return on the up front investment before the trainee is free to leave without incurring a penalty/transfer fee.  .  

We need to find ways forward that better meet the needs and practicalities of the Internet age if the grant and levy process is not to rapidly fall into disrepute..

At a meeting of the Digital Policy Alliance 21st Century Skills Group last week (to review progress with the plans for Local Skills Partnerships), representatives from FE and the IT industry agreed to work together to put flesh on the analysis I summarized in my own submission to the Select Committee (based on discussions at previous meetings). More importantly they agree to invite others to join them to find constructive ways forward. The key points from relevant discussion, (summarised in the meeting report due to be mounted on 9th February after the deadline for comments by those at the meeting) are as follows: 

====

The issues that need to be addressed in order to provide an effective and accountable framework for closing the resultant gap between FE/HE education and Vendor/Technology training were identified as:

a.    Identify, publish and maintain (the rate of change is accelerating) lists of employer recognized vendor, professional and trade association content and certifications.  

b.    Ensure FE/HE access to subject matter experts who can support delivery.

c.    Establish and maintain frameworks for positioning employer recognized training & certification within the qualification (QCF) constructs

d.    Processes for validating that trained students can apply the skills learned to meet employer needs

e.    Geographic (Skills Funding Agency and other) restrictions on use of employer recognized  training & certification.

The suggested means of addressing the issues is to ask CEdMA (The Computer Education Management Association is the global professional body for technology trainers) to bring those running trade, professional and vendor certifications alongside these in FE/HE to:

a.    Suggest processes for working together to align product, technology, trade and professional certifications with current qualification / frameworks (QCF).

b.    Make recommendations to address SFA regional (England, Scotland, Wales and Northern Ireland) inconsistencies and restrictions regarding the use of vendor training/certifications.

c.    Engage Vendors and propose a framework of engagement and support covering:
i.    Access to training materials for non commercial use for no charge.
ii.   Discounted access to certification.
iii.  Access to online facilities.
iv.  Support for FE/HE trainers.
v.   Terms and content access processes to enable FE/HE to offer local short courses
vi.  The alignment of vendor training & certification with Government/Industry needs.
===

The reason for suggesting CEdMA was that its UK and European membership straddles those running IT training operations for vendors, trade association and professional bodies and those contracting them to help with in-house training operations.

Other professional bodies (such as BCS), might not be seen as so neutral because of the revenues they derive from their own training and accreditation operations (e.g. what used to be known as ISEB) - already decimated by current policy and now at growing risk. Meanwhile the Sector Skills Partnerships would not find it easy to take a robust line with those on whose funding their programmes depend.       

If you would like to participate in carrying this exercise forward, and implementing the results, please contact the Digital Policy Alliance or one of its partners in this exercise (there is a growing list in the Skills Partnership progress report on the website.  
 
It is important to not "just criticize" the policies of the Skills Funding Agency and OfQual but to understand why they have come to be as they are - and help agree ways forward that meet not only the needs of IT employers but of all those facing a world in which the practitioner skills in demand can change faster than any professional body or funding agency can reasonably be expected to agree new specifications.

We also have to stop confusing practitioner skills with professional and academic disciplines, which change slowly, if at all.


The most important gap is therefore that between education and training.     

Who is winning the Broadband war? BT, Sky, Virgin or the Altnets

| 1 Comment
| More
BT claims to have achieved a 71% share of new broadband customers  in the most recent quarter. But Thinkbroadband reports the number as 177,000 of which only 130,000 were new to BT. The difference appears to include many of the 120,000 upgrades. Meanwhile the number of BT's new TV customers is 97,000 customers, excluding upgrades. So it seems that not all the new customers are taking up the TV services, however cheap the offer. 

Meanwhile, Sky is said to have added 144,000 new customers in the same quarter.

The loser is Talk Talk, said to be down 101,000 users, 95,000 of them as a result of the well-publicised breach,   

I was not able to find figures for Virgin, but where "pure fibre" is on offer it appears that players like Gigaclear and Hyperoptic are giving customers a significantly cheaper service and thus achieving a take-up that gives investors a significantly faster payback than BT's stated 15 years.

But that is only part of the story. Mobile and wifi now account for over half the traffic: from sport and pornography to shopping and gossip. We should therefore be factoring in services like the 4G infrastructure installed by Arqiva in Canary Wharf and elsewhere. Hence the significance of teh takeover by BT of EE. 
Do read the full report of the Science and Technology Select Committee "Investigatory Powers Bill: technology issues" released this morning, not just the press cover or even just the summary. It is barely 30 pages (plus appendices) long. Then think about the tension between the desire of Government to consult on supposedly future proof legislation, (without saying how it will actually be used) and the desire for certainty and clarity on the part of those most likely to be affected.  Then re-read the report and ponder the conclusions.

I stand by my view, quoted in the report, that the concept of "internet connection records" is meaningless and that the legislation should be based on something vague like "the addressing information used for electronic communications".  My reason is that making clear which communications will be monitored, and thus how to avoid monitoring, is incompatible with the objective of the legislation. That marks me out from all those seeking clarity while stating how impossible this is. 

My comments (page 11) are juxtaposed with a comment from Exa Networks that "some of the definitions of the Bill do not seem to accommodate the complexity of Internet Protocol networks". Andrews and Arnold correctly point out that greater clarity and consistency in definitions would "limit the scope of future governments to expand the retention beyond current limitation without a change to the legislation".  I agree with the analysis and disagree with the conclusion. It is as though the denizens of Bletchley Park were to be asked, in advance, to define the nature of the wireless networks they wanted monitored, in case they were carrying traffic that some-one might want them to try to analyse to see who was talking to who, and thus whether it might be worth trying to mount a decryption exercise.

Today, as Ross Anderson put it "technology changes just too fast".

The Home Office said "we will certainly not place obligations on every one of the "200 or 300" communications service providers". LINX already handles traffic from over 700 providers and that is barely a third of those whose traffic should already be liable to analysis and monitoring if the current legislation means what it says. The number will rise sharply with the transition to a world of smart and ubiquitous computing. On Friday I saw a poster describing a research project into the practicality of using a modified fitbit as the hub of a communications network.

Richard Clayton is quoted as saying "the present Bill forbids almost nothing ... and hides radical new capabilities behind pages of obscuring detail". Once again I agree, but draw a different conclusion: scrap the obscuring detail, admit the all-embracing nature of the powers, concentrate on  the accountability and governance of those the targeting the use of those powers.

This raises the interesting question of whether Tech UK is correct in saying that the consequent uncertainty is bad for British business (page10). Provided that the Home Office is willing to cover the full cost and provided the powers are actively used to help protect businesses based in Britain from fraud and abuse, I suspect the overall effect would be positive - although it will require changes to the business models of some leading members of Tech UK.  But the devil is in the governance, including the governance of co-operation. That leads to the question of whether ISPs should be liable to a requirement to open up end-over-end encryption services (if they can) and, if so, under what circumstances. I see this as directly analogous to an old fashioned telephone interception warrant.

When it comes to equipment interference Ross Anderson is well quoted as saying that "The right way to get round encryption is targeted equipment interference, and that is hack the laptop, the phone, the Barbie doll ... of the gang boss you are going after, so that you can get access to the microphones, to the cameras and to the stored data." I agree that "bulk equipment interference" is probably an inefficient method with uncertain (and potentially hazardous) side effects. This an area where the quality of the Technical Advisory Board and its ability to work with the Judiciary to maintain and police effective Codes of Practice will be critical.

The discussion of the impact on the Communications industry is largely confined to those who know they will be affected by the new definitions, but if the Bill is to meet its declared objectives then almost everyone running any kind of network or wifi or blue-tooth hot spot will potentially be affected. Mark Hughes is quite correct to raise the position of ISPs not based in the UK (page 26). The legislation cannot achieve its objectives if these are not covered. The issues of clashes of jurisdiction need to be clearly addressed - perhaps by lifting the veil on the current state of international "mutual assistance" arrangements.

The most interesting discussion was, however, that on cost. If Home Office does plan to reimburse all costs and expect these to be under 200 million pounds, then the ambitions for data retention are very much more targeted (and modest) than current debate implies and the risk of "mission creep" will be controlled by what the security services and law enforcement can afford. The reluctance to include 100% reimbursement on the face of the bill is understandable - but calls in question all other assurances. This is one area where lack of clarity will not help the UK to remain a trustworthy hub for global on-line business.

The recommendation of the Committee (page 32) that "The Government should reconsider its reluctance for including in the Bill an explicit commitment that Government will pay the full cost incurred by compliance" is therefore, for me, the most important part of a thoughtful and thought provoking report.      

More CISOs looking to recruit cyber-security trainers than leaders, analysts, engineers or pen testers

| No Comments
| More
I have often said our IT skills crises is not of skills, but of employers who train and have been looking at why that is. Evidence is emerging that the shortage of trainers is a prime cause. The headlines from the Harvey Nash/PGI 2016 Cybersecurity are not unexpected: "Half of all boards lack real understanding of cyberthreat" [one might same the same of supposed cyber-security "professional" with their obsessions over technology rather than strategy]. I was not therefore surprised to see that half of all respondents (CISOs) were looking for security architects. I was, however surprised to see that more (42&) are looking for those to run in-house training and awareness programmes than for leaders (39%) or analysts (34%).

Barely 21% were looking for pen testers but 78% had outsourced this, so that finding should not be surprising . Nut only 13% had outsourced training (lower than for anything other than incident management or security strategy). Given than outsourcing decisions were claimed to be based on getting guaranteed access to subject matter expertise or lack of in-house skills, this implies a serious lack of awareness of the shortage of those competent to organise security training and awareness programmes.

It was also interesting to note how few respondents (large or small) have invested in cyber insurance cover and half have no plans to do so in 2016. Mid-sized companies (large enough to be worth attacking but too small to have serious in-house security teams) were the most likely (29%) to have taken out policies. I plan to address this topic when I speak to a joint meeting of BCS Elite and the IoD next week. 

Next Thursday (4th February) will see the next meeting of the Digital Policy Alliance 21st Century Skills Group (click here for the papers to be discussed) and I do recommend that those who are serious about addressing the consequent problems consider joining. While there are some policy issues that need to be addressed, such as the gap between Skills Funding agency approved content and employer needs (on which I will blog separately), the core objective is to bring employers,  trainers and recruitment and employment agencies together in local partnerships to deliver "blended learning" - making best use of those who do possess the necessary organisation and delivery skills. These include, of course, Harvey Nash's co-sponsor PGI, but also many under-used teachers and lecturers in FE and HE institutions whose time would be better spent helping industry experts develop and deliver packaged materials and supervise structured work experience - whether as part of tailored in-house apprenticeships or CPD or via virtual colleges.

I am particularly looking to engage  those recruitment and employment agencies who see helping their clients organise in-house skills programmes as a more constructive and profitable business opportunity than helping them compete (all too often in vain) for those with the skills they most need.         

BDUK "state aid" to be brought into line with EU law and good practice

| No Comments
| More
Thee is much to be welcomed in the BDUK "focused market engagement" exercise to get views, by 24th February, from Local Authorities and Network Operators on the replacement for its previous procurement arrangements to get superfast (whatever that means) broadband "to 95% of premises by 2017". The State Aid decision which gave grudging, qualified and limited approval to the BT deficit funding model,  SA. 33761, expired on 30 June 2015. The aim is to bring any new BDUK arrangements fully into line with both EU law and good practice.

Local Authorities remain, of course, free to go ahead with plans akin to the many public private partnerships approved across the rest of the EU, including under the General Block Exemption Regulation II: "safe"  in the knowledge that there is now an army of lawyers waiting to take on BT, with the support of other network providers and potential customers, were it to try to repeat the exercise that blocked Birmingham's aspirations to copy Stockholm.

It is worth quoting from the summary of the "National Broadband Scheme: Market Engagement on Procurement Approach":
 
"As part of these discussions between BDUK and DG Comp, a new approach has been developed which has incorporated learning from both organisations since the approval of the previous decision in 2012 and reflects the publication of the 2013 Broadband Guidelines.  A key principle of these Guidelines is that networks built with public funds should where possible offer full open access, which requires the network operator to offer access to any part of the network for any purpose (this is further described in section C below).

The proposed approach aims to achieve the following:
●    Optimise the number and quality of bidders, in particular reducing the hurdles to participation in procurements by smaller suppliers;
●    Align supplier incentives to maintain competitive tension as far as possible.

While Local Bodies have the option of procuring networks that would only require open access networks, based on discussions with the market, BDUK anticipates that such procurements may not always yield suitable bids.  For example, if potential bidders consider that the value from new broadband customers is offset by the risk to existing business customers as a result of opening up their network. 

Working with the Commission, BDUK has developed an approach to mitigate this risk through a procurement approach that would consider a reduced form of network access, where no suitable open access bids are submitted.  This would be compatible with State aid rules while supporting deployment in the context of the marketplace across the UK."

I assume that "open access" means "networks which operate to international connectivity standards" while "reduced form of network access" (page 9 and 13) means extensions of the BT 21CN fibre to the Cabinet/G.Fast architecture and protection of its leased line business. 

I was concerned that the apparent mandatory requirement for "copper local loop access" (page 11) could be used to hobble support for fibre only networks while the references to NGA (Next Generation Access of 30 Mbs) also indicated an apparent desire to enable state aid for that which may would claim is already obsolete.

But those caveats apart, I was impressed by the document and the changes that now appear to be in prospect, bringing BDUK into line with good practice in other parts of the world and opening the way for incremental change (procurements broken into small chunks) on the scale (far more than BT can handle) necessary to create a "future proof" converged  communications infrastructure.  When I read the details on access and interoperability I began to ponder whether every state-aided BT exchange should now be viewed as a potential  open access local Internet Exchange. If so, how/should the necessary trust in the inter-operabiity and neutrality (as well as resilience and reliability) of their operation be assured.   

Yesterday I attended an excellent briefing on the need to devolve UK's internet peering from LINX to local internet exchanges (not just Manchester, Edinburgh, Cardiff and Brighton but one for each aspiring "smart city") to handle the rapid mushrooming of traffic generated by the UK's 2,500 "autonomous systems" (access and content networks with direct access to the global internet): 700 of which do their Internet peering via LINX. LINX expanded its capacity by 50% last year and planned to install 15 new hundred gigabit port. In the event traffic growth and customer demand was such that it had to install 50.

I was interested to learn that Sky (which is likely to have completed its transition to IPV6 within a couple of months) has already publicly announced its support for local internet exchanges because of the way they help reduce latency: traffic generated within a smart city no longer has to go to London for transfer between networks while commonly used services (e.g. Netflix) can be cached locally.    

Hence my concern over allowing BDUK and/or Local Authorities to continue to provide "state aid" funding to support improvements to networks which are not fully "open access" and therefore risk becoming obsolete as the rest of world, as well as UK cities like Bristol, Edinburgh, Peterborough and York begin the creation of resilient fibre and wireless communications meshes capable of supporting both:
 
  • a smart society (from smart phones, consumer goods and telecare devices through smart buildings and cars to and smart transport and power grids) in which everything is connected and people die when networks are corrupted or fail, even for short periods
and

  • iGov (informed, intelligent and interconnected central and local Government and public service delivery) from policy formation, through implementation to performance monitoring: with all the associated challenges of privacy, security and democratic accountability, not just of technology
There may be a case for state aid to help Openreach upgrade/extend particular local networks because BT has an expensive and difficult transition to engineer: paying for the acquisition of EE at teh same time as competing with Sky to subsidise the Premier League. But councils need to apply the questions on page 6 of the Market Engagement paper to BT and not just to its competitors, large or small. There is, however, one very important missing question - arguably the most important of all: is the network being built and operated to common international standards: if so it can be completed, operated or taken over by any one of a growing number of network operators - albeit not necessarily at the same price. If not ... then the other questions become important.      

It would be interesting to know how many of the MPs who supported the BIG report did so because they really believe a separated Openreach would do better, or merely because they wished to give BT and BDUK a kicking. Either way, it will interesting to see how many of them not only support their local authorities in giving measured, not merely robust, responses to this thoughtful (and thought-provoking)  consultation - but would go on to support the transition to a Victorian style competitive market: i.e. one in which co-operatives, mutuals and municipal enterprise competed with co-partnerships and stock companies to built most of the transport and utility infrastructures of today.   


Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

 

-- Advertisement --