How many times a day, week, month or year would you be dead if your Internet connection was your life support system. I have been aware of only two hiccups on my BT Infinity Service since it went live a couple of years ago (one was fixed with a simple router reboot, I blogged a couple of days ago on the second). But my e-mail, search engine and browser services regularly stop for long enough for me to be dead if my life depended on them. It is usually because their fights with my security software have reached stalemate and I have to reboot the system in order the clear the blockage. Meanwhile one of those with whom I work, who lives in a rural area, has just apologised for a late response after a ten hour outage last night

 The round table that I chaired last Friday to help drum up responses to the DCIS consultation on communications infrastructure strategy went even better than I had hoped. We had participants from BCS, C&G, CLA, FCS, FISP, FSB, INCA, ISOC-UK, INTUG, the LEP Network, NEN, PSNGB and TechUK as well as a number of major suppliers and users representing themselves. There was agreement on the need for three or four messages to explain to politicians why they need to provide the political and regulatory certainty that will enable investors to bring investment decisions forward to before the election purdah next year. The meeting report is available on the DPA website http://dpalliance.org.uk/wp-content/uploads/2014/09/20140912_DPA-Comm-Infra-Meeting-Report.pdf and several of the agreed follow up groups have already started work. PLease do not feel excluded. If you wish to participate and are not active in one of the groups listed above please visit the mebmership page of their website and e-mail for details of how to participate via the DPA.

 I was on best behaviour on the 12th and the meeting report reflects the collective views of the meeting, not my own. That said, the only significant area of difference is that I believe we need to spell out the consequences of regarding communications as a critical utility on which 21st century life depends. I should, however, be honest. The importance of this only dawned on me as I read the some of the sub-group e-mail trails after the meeting. These put flesh on the implications of some of the headline discussions as the volunteers discussed how to handle, for exmaple, the multl-headed hydra that is open inter-operability. .

The current lack of clarity helps explain why current debate can polarise between those who claim our communications infrastructure is creaking at the seams and those who lament that their networks are under-utilised. Applications which require 100% availability, such as personal life support or business critical supply chain systems, have low data volumes. Meanwhile volume demand from teenagers and their parents can fluctuate wildly and degrade response times even over nominally high speed lines.Then ther are all the other factors that affect delivered response times and throughput.

We expect other utilities to plan ahead to provide capacity (and a margin) for peak load, e.g. the coldest day of the year or the commercial break in the middle of Coronation Street.

We placidly accept the "World Wide Wait" when communications networks run out of capacity. 

The Internet  is built on "best efforts" with no guarantees. But those who want a world that is "digital by default" fail to appreciate the consequences. I was given an example recently of a small firm whose terrestrial and  4G connections (fine for the rest of the week) regularly become unusable on Saturday mornings, their weekly peak. Farmers often face a similar situation, unable to go-online to do DEFRA or other paperwork, let alone browse auction sites for current prices, in the evening when their children, or their neighbours' children, are doing homework and/or socialising.

 But who will pay for the extra capacity - and how?  

 Until the recent above inflation jolt in line rentals, the revenues of both fixed and mobile operators were falling despite sharply rising traffic volumes, because competitive pressures have forced them to drop volume related charges at the same time as entering a discounting price war. Meanwhile new technology gives the new entrants the potential to build and operate networks at well below the cost structures of the incumbents, even before the latter cross subsidise the purchase of sporting rights to try to their increase their share of the "discretionary spend" available to hard pressed parents and their children.

There are many investors willing to fund local fibre to the home or business premises, using a variety of business models, but many of their invesmtent models depend on landlords and property owners paying up front for installation and/or tenants committing to a period of service long enough to cover the cost of connection.

Those seeking to tap such funds face a number of obstacles:

 1)     Regulatory disapproval of discounts for term contracts or favourable rates for up-front investors.

2)     The availability of affordable backhaul - one provider of local fibre to the premises networks is said to have turned down over 70% of proposals because this is not available locally

3)     Confusion and delay regarding local planning and infrastructure sharing, adding 25% and upwards (sometimes even quadrupling) to cost and weeks, months or years to timescales.

4)     Political and regulatory uncertainty, deterring major investors.

One of the conclusion of the meeting on the 12th was that the last of these was the most significant.

Hence the importance of agreeing three or four key messages to concentrate the minds of politicians so that incumbents can get better terms for raising funds to upgrade and extend their networks at the same time as new entrants address local markets that are uneconomic for national players.

You get what you pay for when it comes to service. Why I would not risk switching from BT even though it costs more.

| 2 Comments | No TrackBacks
| More
This afternoon my BT Infinity line went down. Luckily I was able to browse the net over an old netbook using Vodafone and find a phone number (after the BT website I Googled told me my number was invalid and would not let me use online reporting: I suspect I was looking at a consumer website for a business line - but it did not tell me).

Once I rang the phone number I was, however, impressed.

A nice Scots girl answered almost immedately and asked for the phone number and details.

She had my account details up, again almost immediately and talked me through a series of tests using software already downloaded into my desktop as part of the Infinity package, giving me a quick commentary on what she was asking me to do and why.

She concluded that there was a problem and put me on hold for five minutes while she ran a fuller set of diagnostics and consulted her supervisor.

Almost immediately the line came back up,

She explained that running the diagnostics might well have alerted the exchange to the problem and/or that I was affected by a problem on which they were already working.

She also said that the fault would be reported anyway for attention tomorrow morning, but it might well be that response would simply be that the fault had been found and corrected.

The whole process took barely thirty minutes, from start of phne call, compared to the fifteen minutes to get through and hour to blag a engineering visit of my last problem (which admittedly took the engineer over four hours of work on line, cabinet and exchange). That was, however, a great improvement on seven to ten days to get an engineering visit booked, when I had two services (one BT, one not), during the collapse of customer service that followed local loop unbundling, Luckily my dual sourcing worked. Both lines passed through the same physical exchange building but never went down at the same time.

I may gripe about the need to have proper competition with regard to the construction of new network capacity and the lack of network inter-operability when it comes to operations and maintenance. But I remain a BT shareholder and my own multi-sourcing will include a BT service contract for the foreseeable future - and I am content with extra that I pay for that service. BT may be part of the problem with regard to the current faltering communications competition scene but I have no doubt that it is also part of the long term solution.

If I did not have BT Infinity would I think differently? Quite possibly. Would I like to dual source with a separate gigabit fibre to the premises link if BT did not offer me such an upgrade? Quite possibly. Do I feel sorry for those without such a choice - most definitely.      


Among the more interesting questions in the recent House of Lords call for inputs to their enquiry on Digital Skills were:

How are we teaching students in a way that inspires and prepares them for careers in the future workforce in occupations that may not yet exist, rather than the current one? How can this be improved?

 

How are schools preparing to deliver the new computing curriculum in an innovative way?

 

How can the education system develop creativity and social skills more effectively?


My answers are now available on-line accessible from the webpage of the new Digital Policy Alliance skills group along with the report of the meeting that minuted me to do a personal submission based on my material covering discussions over the past fifty years on how to respond to technology related skills shortages.


Yesterday, at a meeting of the CyberSecurity Challenge "Talent" group it was pointed out to me that responses to the current Department for Education consultation on Reformed GCSE and A Level Subject Content, particularly that on GCSE Computer Science may be even more important than thsoe to the Lords Enquiry. The wording of the Departments consultation appears to imply that subjects like, for example, network security, will be taught and examined as abstract subjects - without any opportunity to acquire, let alone requirement to demonstrate, practical skills. The is particularly significant given that "what is not inspected by Ofsted and examined in GCSEs and A Levels is likely to disappear from schools, under pressures from parents to perform in leagues tables".


I suggested that network security be taught and examined by attacking and defending the control systems for teams of robots, controlled by raspberry pi (or equivalent) and communicating by radio. This is in line with the philosophy behind the proposal for the original Micros in Schools programme (I chaired the relevant meeting before the 1979 election) and was delovered with the BBC Micro (remarkably well engineered for teaching image handling and process control not just information processing).


I was told that such an approach is not on, because sink schools cannot afford the necessary equipment.  


I therefore urge all readers concerned to see the overdue reforms delivered in such a way as to deliver the results intended to read the consultation and make their views known. 


The logic behind my suggestion that Ofsted be required to monitor the performance of a new "Micros in school" programme includes the changes that will require to the way Ofsted operates, particularly with regard to science and technology. We need to bring back "practicals" to "inspire" those who are not turned on by theory, until they can see it brought to life..

Would the UK be a happier or more sinister if the police routinely wore body cameras?

| No Comments | No TrackBacks
| More
The Home Secretary's suggestion that to save time the police should routinely wear body cameras sparked a rush of publicity, much of it from those opposed to the concept for a variety of reasons, including because it might lead to a fully digitalised criminal justice system  

In my entry for the Leo Anniversary competition in 2001 for papers on "The World and Business Computing in 2051, I summarised expected developments in this area (including the technologies to ensure that the record was indeed unalterable) as follows: "The police electronic notebook, an unalterable record of what the officer or surveillance system saw and heard, will transform the legal process. Lawyers will then create a new world of obfuscation about what it meant." The technology is supposedly in widespread use in the US and reports to date appear to indicate that it leads serious savings in time and paperwork, better behaviour (by both police and culprits) and more guilty pleas in return for quick trials although the first serious trial in the UK to test whether changes in behaviour against a similar control group who do not use cameras, only started in May. The US claims might also need to be treated sceptically since according to comments in the Wall Street Journal, they think we are ahead and forces like Fergusson had apparently bought the equipment but not deployed it.

Before blogging on the issues I therefore decided to ask the following question of those on the FIPR circulation list: "What are the issues surrounding the use of recordings from police body cameras instead of memories prompted by notebooks written up after the events. This would appear to be a welcome development allowing major savings in police and court time and a reduction in miscarriages of justice. What, if anything, am I missing? What other issues arise?"   

As expected I received some very thoughtful replies and I will take the liberty of reproducing the chain without comment or attribution - although I will be delighted to add attribution is requested.

The first comment was: 

"The police and the CPS will have to review the recordings - possibly rather a lot of them in some circumstances. They will all have to be reviewed for disclosure and then disclosed to the defence. The court will need to see them and the defence may challenge any editing to remove unnecessary footage. It's not clear to me that time will be saved. Some of the recordings may be open to ambiguous interpretations - which could actually lead to the CPS declining to prosecute in circumstances where a crime really has been committed and a notebook record would have secured a conviction. The recordings are likely to contain people other than the defendant - all captured without their informed consent. Where will these recordings end up? Maybe on some reality TV channel. I'm sure there are other issues."

Then came:

"One problem will be a loss of the power of discretion. If an officer (and thus their always-on camera) sees something that could be treated as an offence they may feel obliged to arrest and prosecute where without the camera they might choose to handle it in a different way.

For those interacting with officers there could be other effects. You are no longer just talking to a policeman: the camera represents an unknown number of other people with other agendas who can use your words against you later.

We have to assume that in the near future it will be standard practice for all police camera footage to be analysed by computers and stored effectively forever, so everyone within sight/sound of a police officer would be well advised to hide and be silent 'just in case'...

Are conversations with police officers protected by legal privilege? I suspect not. Suppose you see a fight in the street, run off to find an officer, and gasp out a garbled account: will your confused first impressions be held to be slander against the people involved? (or does
the recording make it libel?)
"

That contribution led to the comment: 

"That suggests such recordings should only be used "without prejudice"

To which the reply was:

"I don't really know what that would mean in this case.

I would have thought that the recordings should be usable in evidence, particularly if the recording devices and procedures are carefully designed. It may be necessary for the officer to appear in court to support and validate the recording.

As with all surveillance technologies, the technology itself is neutral but the data can be used for good or ill. I have no problem with police body-worn cameras provided there are strong rules around the use of the recordings. I would want the technology to support the officer in their duty and to provide accountability if they misuse their position, but I would not want it to become a big-brother-style intrusion that affects their behaviour in other ways.

Here are a few ideas. What I am aiming for here is the equivalent of a perfectly-honest policeman with a perfect photographic memory and good drawing ability, and I don't think anyone could really object to that!

1)    Video and sound recording to run at all times while the officer is on duty. We don't want any 'conveniently lost' recordingsso maybe the devices should just run constantly.

2)    Recordings to be stored securely for a defined period of time, then to be deleted unless required as evidence for a specific case.

3)    Recordings may *only* be accessed in defined circumstances:

* By the officer in person, in order to make reports, support a case, or defend themselves or others.

* By an officer investigating a specific complaint or incident that the recording officer was involved in. The system should constrain this access by time and/or location of recording.

Other constraints may be needed here to avoid creeping surveillance.

* Where a recording shows a person who is charged with an offence, that person's legal representatives should be given the relevant part of the recording plus enough before-and-after data for them to be certain that they have the full story.

4)    There shall not be any routine trawling or analysis of recordings.

5)    Recording devices to be tamper-resistant, to record GPS time and location data at 1-minute intervals, to encrypt all data such that it can only be recovered using keys held elsewhere, and to sign all data so that the identity of the device can be reliably determined.

6)    Officers to ensure that the recording includes their own face, voice, and shoulder number at least at the start and end of the shift.

7)    Recording format to be designed so that parts of the recording can be extracted for use as evidence without losing the security and authenticity features mentioned above.

Other things could be added, such as recording the IDs of other such recorders nearby.
"

The final comment was

"We should remember that the purpose of these devices is twofold: to protect the public from the brutal or dishonest officer, and to protect the officer from malicious allegations.  There is therefore a significant benefit of having the device working.

XXXX's points are good, but the first is not yet viable with the battery power readily available, so it may be better to state that the onus of ensuring the recorder is running at the appropriate time is on the officer, and any investigation into her/his conduct when the device is not running will lead to the investigator drawing the appropriate inference. However there will then (either in this case, or the always on scenario suggested by XXXX) be the problem that officers will hold back if they suspect that their device has failed for any reason.  This may lead to some unfortunate consequences and needs to be thought through carefully.
"

Most of the above points already appear to have been addressed in the US, where their claims and ambitions are more ambitious . My personal conclusion is that the more modest objective of linking the policeman's notebook to annotated video logs is most definitely "an idea whose time has come", whether the motive is to save police and court time or to improve justice. The knowledge that the activities are being recorded might even help reduce (or at least displace) crime. The issue of ensuring the digital record is any more trustworthy than a policeman's notebook is, however, non trivial. And what about private video logs.

I should perhaps add that for my 2001 paper I assumed the use of secure analogue worms (write once, read many) after the world had lost faith in anything digital.  


Reconciling the Cabinet Office Digital by Default strategy with DCMS Digital Infrastructure Strategy

| No Comments | No TrackBacks
| More
The responses to my attempt to drum up inputs to the DCMS Digital Infrastructure Strategy Consultation are beginning to come in and it looks as though the short order round table to begin the process of identifying who is willing to work with whom on what will be over -subscribed and more of the exercise will have to be done on-line, using services like that on which I blogged earlier this week. The inputs to date range from calls for better control over BT's pricing policies to action to prevent growing social exclusion - by firmly linking the implementation of the Infrastructure strategy to that of the Cabinet Office Digital by Default agenda, to ensure universal access to on-line services that are "fit for purpose". The means would include extending the mandatory PSN and G-Cloud use of international inter-operability standards to include IPV6 to ensure future compatibility with the rest of the world. 

There is a predictable split on whether the strategy should be based on centralised planning or on nabling market forces and local initiatitive to produce solutions that evolve over time. That split is not just between "left" and "right". I suspect neither side is "right" or "wrong" and that we will need a traditional English (Scotland and Wales have their own policies) compromise to get the best from both approaches. We have a good model with Government "strategy" toward the railways in the 19th Century, after Prince Albert failed in his attempts to get the railway network centrally planned. The Government used procurement, particularly Admiralty and Post Office "mail contracts", to support and expedite the lines it wanted for strategic reasons. And every line that wished to use compulsory purchase for parts of its route had to have a Private Act of Parliament - thus funding the start of the Westminster lobbying industry.

Unfortunately many of the players of today are still using nominal speeds and/or other technobabble as a proxy for "fit for purpose" when setting their targets. I have had to use follow up e-mails to tease out what was really being called for. Thus DEFRA believes that a 2mbs sevice is adequate to do Rural Payments Agency submissions on-line. But they appear to mean a genuine 2mbs", actually delivered, not "best efforts to deliver up to 2mbs, fluctuating according to contention etc." Over 20% of farmers do not yet receive even the latter. It is unclear when they will do so under current plans. Hence the the new agriculture minister's announcement (when talking of the new on-line services) of help for those who will need to use, as yet unspecified, Assisted Digital routines. Hence also the reason for the Country Land and Business call for a 2mbs "Universal Service Obligation", as opposed to a "Commitment". A guarantee that two 2mbs will be delivered is a much stiffer target than a commitment to provide an "up to 2mbs" service. Stephen Timms was well aware of this when he used the former, when giving an unscripted response to a call for the latter, at the 2009 Parliament and the Internet Conference. Officials have been backtracking on this, under pressure from network operators, ever since.  

That leads to the question of the quality and cost of service needed to reconcile the government agendas of social inclusion and digital by default. I will begin with quality of service and the vexed question of whether faster line speeds give faster services.

Ofcom has just issued some rather patronising guidance on how to speed up your broadband It left out the two main causes of slow response over supposed high speed lines:

  • advertising bloatware: including tracking software which fights with common security software for control, causing the system to slowdown or even hang and
  • traffic management: alias bandwidth rationing, particularly at inter-connection bottlenecks.

I recently mentioned how bloatware can negate the benefit of moving from 7 to 70 megs, linking to my previous call for action by the members of the "Reform Government Surveillance Group" to address this problem if they are serious about the interests of their customers. Resolving this problem is the responsibility of those who wish their customers to access their services on-line - beating up the Internet community and boycotting those who insert intrusive tracking services, as necessary. Government and regulators do, however, have a role in ensuring that consumers have genuine choice. We need to review the role of Ofcom and others in this space, perhaps viewing Browsers, Search Engines and Security Software as part of the communications infrastructure. This shades, of course, into 2015 and the case for an electronic Magna Carta which applies to the Barons (e.g. dominant ICT and ISP players) as well as the King (State).   

Last week I was told that one of those taking a domestic gigabit service from Hyperoptic was receiving little more than 300 megs (as measured by his speed tests) and no better response than from a 100 meg link. The main cause was thought to be traffic management, beginning with where the Hyperoptic fibre linked to the BT network. Incumbents and dominant players like to like tell us that bandwidth rationing is not a problem in the UK and that the net neutrality debate is peculiar to the United States. They are lying. The UK Internet still has more bottlenecks than a brewery. Traffic rationing  is a very real and growing issue in many parts of the UK and requires public debate. It should be raised by those responding to this consultation. I hope that some of the members of ISOC will help lift the lid on the cess pit of hidden deals.

But speed and response times are not the main factor when it comes to reconciling "digital by default" strategies with the on-line world as seen by those most dependent on our public sector health and welfare systems. The key questions include:

Are the on-line services of government usable by the target audience?

How is that usability measured?

Section 1.224 in the 2012  Budget papers on  "Reforms to support growth" read as follows:

"The Government is setting an ambition to make the UK the technology hub of Europe. To support technological innovation and help the digital, creative and other high technology industries the government will ... [after a list of other actions]  .... transform the quality of digital public services by committing that from 2014 new online services will only go live if the responsible minister can demonstrate that they can themselves use the service successfully".

No wonder Ian Duncan Smith is refusing to allow the new DWP systems to go ahead until they have been shown to meet the needs of the target audience. Or has this commitment been quietly dropped as part of the drive for Digital by Default?

Is that why Treasury has exercised its right to be forgotten and the link to the Budget papers from my blog (at the time) no longer works?

A BCS survey of an audience expected to have above average understanding of accessibilty issues indicates that the number requiring "Assisted Digital" support is likely to be very much higher that assumed by the "Digital by Default" enthusiasts. This is partly because of the low level of awareness and understanding among those developing systems and partly because of the lack of motivation among those commissioning them. Hence the need for those wishing to see a faster transition to listen to "OneVoice for Accessible ICT Coalition". I hope that the Coalition will make a robust submission to the DCMS consultation.  

Finally there is price.

BT's recent price hike for the mandatory telephone service that goes with any broadband contract has been called a "Football tax" . That and the growing divergence between "headline" wholesale and retail prices accompanied by the plethora of special offers for those who change supplier might be taken as evidence of a profound failure of regulatory policy which needs to be looked at by the DCMS Select Committee when it next meets with Ofcom.

I will stop there and go back to collating more of the inputs that have just come in.       
 






Launch of on-line consultation on inputs to the Digital Infrastructure Strategy

| No Comments | No TrackBacks
| More
While working through the invitation for the round table I am helping organise on 12th September to help drum up inputs to the consultation on the Digital Infrastructure Strategy I was contacted by Lindsey Annison regarding an exercise to put up an on-line service to enable those unable to get to meetings and not active in those professional bodies, trade associations and interest groups which are planning submissions to make their members' views known. The on-line consultation service is organised by TecQT and uses DigressIT. I am delighted to say that this is now live .

I look forward to seeing how this service is promoted and used in practice. I have observed many exercises to organise on-line consultations using a variety of tools, beginning with that organised by the Select Committee scrutinising the legislation to create Ofcom. That  committee received approximately 500 on-line responses, which was about the maximum they could handle with the resources they had available.   

P,S, I have been disappointed, but not surprised, to discover that some of the best known names in the on-line world have not spotted the importance of the DCIS consultation to the future of their UK operations.

I think this is because the jargon, including "DCIS Consultation" and "Digital Infrastructure", conceals the range of topics that need to be addressed: from social exclusion (inner cities and rural communities), through net neutrality (alias traffic and bandwidth rationing at network and interconnection bottlenecks) and planning (including to turn potential infra-structure clashes into shared security) to business models that ensure those who benefit reward those who pay.

UK employers need a level playing field when it comes to skills

| 1 Comment | No TrackBacks
| More
At the first meeting of the new Digital Policy Alliance skills group it was agreed that, rather than try  to agree a  collective submission to the House of Lords Digital Skills Committee we should encourage all member to make their own and that I should make a personal submission using the material I have on file, including from previous EURIM (now DPA) exercises. I have now done so, using material from the interdepartmental working group of the Department of Education and the Science and the Ministry of Technology (set up in 1965) onwards. In 1967 they recommended the establishment of a "National Computing Centre" to address the expected shortage of systems analysts by 1970. In the mid 1980s the then Director of the NCC enveigled me into spending five fascinating, but ultimately futile, years finding solutions to to the problems of the day. I think we found them. But they were unacceptable to officials and ignored.
 
Over the past couple of weeks it has been interesting to note how much and how little we have progress since then.

I had always known that our tax regime put UK employers and contractors at a disadvantage against their overseas competitors but until I checked some of the current HMRC small print I had not realised how serious that could be. One example is the apparent exemption from national insurance for up to a year for those employed by contractors back home in Brazil, India, Russia or the Ukraine. More generally accommodation and travel expense allowances subject to income tax for uK employees are often similarly exempt. Then there is the comparative tax position of spend on training and career development, whether funded by the employer or by indviduals seeking to reskill themselves.     

The summary of my submission is as follows:

1.             There have been regular enquiries into shortages of what we now call "digital skills" for almost 50 years. The underlying cyclical pattern was identified in the 1980s. Recession accelerates the decline in demand for old skills and delays investment in training for the new skills that are taking their place. Recovery sees a "crisis" and another round of studies. No amount of effort in "trying to predict the unpredictable" in order to better target vocational education, will bring about significant change unless we better reward employers who recruit trainees and retrain existing staff more than those who compete for staff trained by their customers or competitors, import supposedly skilled staff or export jobs.

 

2.             It is currently more economic for many UK employers to compete for skilled staff or import from overseas, rather than train their own. This problem will not be addressed until we level the playing field between those who recruit trainees and retrain existing staff and those who import supposedly skilled "contractors". Some of the latter can be paid tax free allowances for travel and accommodation and exempted from national insurance up to year. This can enable employers to save 50% (sometimes even more) compared to UK staff or contractors with equivalent take-home (after tax and expenses) earnings.

 

3.             We need to copy our overseas competitors in exempting employees following professionally and technically accredited training programmes from income and payroll (c.f. National Insurance) taxes and allowing individuals acquiring new skills, not essential to their current jobs, to offset the cost against current and future earnings. We also need the same tax and expenses regime for imported staff and contractors as for their UK counterparts. The changes needed also include addressing how IR35  penalises those seeking to keep abreast of changing demand for skills.

 

4.             When seeking to predict skills needs, we need to distinguish between core disciplines (which change slowly, if at all, over time) and technology, product and service technology related skills where demand can change before the curriculum, let alone content, is agreed.

 

5.             We also need to find better ways of relating publicly funded and accredited qualifications and courses to current and emerging skills needs and employers' recruitment and training plans, without overloading those who do seek to plan ahead with "consultations" asking questions they cannot answer. The solution entails pooling budgets for demand assessment and forecasting via, for example, consortia of Sector Skills Councils and LEPs, to enable the use of industry strength market research

 

6.             Few employers can forecast their needs more than a year ahead in the detail needed to plan conventional courses and qualifications. Those able to do so commonly wish to mix and match modules for just-in-time delivery (to meet immediate skills needs) with those for longer term career development across academic and professional disciplines. This presents challenges to colleges, universities and funding agencies. Those willing and able to respond can derive significant earnings from the delivery of short course modules (both residential and on-line) within the global apprenticeship and continuous professional development programmes of major engineering and financial services employers. They are alleged, however, to be actively discouraged by funding councils from doing so.  


I thought of posting the full submission but it is 11 pages and my blogs are usually far too long anyway. 

How consultation overload has led to communications policy paralysis

| No Comments | No TrackBacks
| More
In view of the many hidden agendas behind UK communications policy, I had expected Jim Prideaux  to comment (from a security and surveillance perspective) in reply to my recent post  speculating why the current DCMS/Treasury consultation is as it is - with an imploding list of those to whom the original notice was sent and almost zero press cover.

 Instead I received the following by pigeon post   from one of his former colleagues: "Disaffected of Dollis Hill" , who is concerned for his BT pension. I have changed nothing, not even the typos.

"Summary

Here are some thoughts that some companies might like to make but cannot. They may shock. So long as people keep buying the things they are supplying why do they need to care?  The truth is that the current process is broken.  There is a possible solution, but no need to provide it because someone probably already did in a consultation response that was ignored.  There are ways to reenergise things - but the aim of this paper is NOT to set them out at this stage.

Some Key Issues

These are just some private thoughts - the main issues that come to mind.

Consultation Fatigue

One of the key drawbacks of the "proto-pseudo-wet-string-Internet" the UK has today is that the Government and Regulators are bombarding companies with consultations - or so it feels from the company "front line."  The consequences of just one inadvertent comment can be catastrophic for individual and/or company, and companies form the East may be less willing to participate at all - or if they do to have a PR driven response which if of far less value than a considered response direct from the staff at the coal face.

Let's look at just one recent example from Ofcom - a principal culprit.  The consultation which closed on 29th August comprised 185 pages - and that was just the main body document!  One thing is certain - companies do not have unlimited time or resources to devote to consultations, so the losers in this may well be the companies - but also those who deterred responses by simply making their consultation too damned long in the first place!  Now the Internet makes it even easier to do this, as only limited hard company runs of consultations are often produced...

 Plus ca Change - so why bother?

Another reason for scepticism on the company side can be the view that this is just an exercise, another "fishing trip," and nothing will change - what value do regulations, or resolutions, arriving late, really provide anyway?  If in doubt "have a judicial review..." seems to be the prevailing mindset if there are real problems.  This is unfair - but we are dealing with perceptions, and these guide behaviours... We will comply with the law, so we are Ok anyway and need not bother too much.

The core regulatory problems in the sector are well known already, but has adequate meaningful progress been made on the scale necessary to keep the UK at the forefront of the Internet revolution?  Whilst this depends on who you might ask, the evidence is pretty conclusive.  We still don't have a superfast broadband infrastructure whilst many of our Global economic competitors do. Worse still there is absolutely no prospect whatsoever of another GSM... 5G will be driven by Asia.  That may not be bad either, but it doesn't matter either way because that's just how it's going to be. Roll with it or ignore it and die.

Below is a list of just a few issues:

1 The Infrastructure to enable people to properly exploit the Internet STILL simply isn't there. Who has been held accountable for this national scandal? Wayleave charges- which should be scrapped if the policy was as stated to accelerate roll out of infrastructure, have actually been extended! Mistrust results.

2 We still have a focus on PSTN interconnect, and the future focus has all been about the fact that where BT does fibre up local loops, the focus has been on how to force them to share it - delaying roll out.  It's just plan sad... BT is NOT to be blamed for its conduct - it has a duty to shareholders too, that's its "electorate."

3 Spectrum pricing has not delivered massive sums to HM Treasury - and never will again. What is has done is fragment the European market and prevented another GSM from emerging here - with massive detrimental consequences arguably greater than all the monies ever received (or promised) in auctions.  It has also arguably lead to the dislocation of the standards process.

Inaction Safer than Action?

Being seen as a radical "butters no parsnips" - and regulators and governments change anyway so what is the point of anything other than a shallow engagement some may feel? Better to avoid even the risk of consultation and confrontation until forced to act.  There is a fundamental asymmetry between companies in the market.  A few are huge, the majority supplying them cannot risk upsetting them nor easily afford the regulatory staff they would often like to employ (and who could really make a big difference to policy)

Two examples

1 Child protection

There was one company who actively sought not to get engaged throughout the whole process in UK

2 Dispute Resolution

One dispute over spectrum has now been running 12 years. The original complainant companies are mostly long dead now -as even is one of the judges who heard the case.  A speedier access to justice is needed

What Should Companies do?

Better in light of the above just to do a few forecast studies into the future and present these as the company position. They can always be disowned if they turn out to be wrong, and can conversely be used to demonstrate interest in the topic in general even if a particular consultation is not responded to. Safety first!

The Inconvenient truth is that Regulators and Government cannot promote Competition and Investment as fast or as well as the market and companies.  Those who must respond fastest to change are the companies.  If they do not they die.  The driver simply isn't there the other way about. 

Government and regulators can make a difference at the margin - but not much more unless they act on a coordinated global basis.  They may have to soon to address trust issues on the Internet... If hackers succeed in securing even more revenues from Internet fraud then they already do (and this activity is allegedly already more profitable than the Global cocaine trade) - then the use of the Internet to do business will wither away - along with the jobs and taxes that could have been generated.

Conclusions

1 This comes under the company heading of "only important if it hits the bottom line" - it does matter but is often under-resourced and SME's are not able to afford the energy and cost of a long term engagement programme

2 There are too many consultations and too little discipline exercised by those producing the biggest ones.  Impenetrability is not a benefit unless you want fewer responses

3 There is a shortage of those able to respond with quality answers

4 There is plenty of risk for companies in getting too involved - better to lie low when possible?

5 What's the point - "they" never listen (or act effectively) anyway

Toughest of all... is that we can never really know if this is what is really in the minds of company respondents to consultations, we can only guess. Seeking to try to get to the bottom of the problem by using common-sense however would be infinitely preferable to yet another "forward look" consultation... Something has to change for if we continue to do what we've always done, we'll get the results we've always got...  perhaps we should consult on what we need to do?  Alternatively we could risk using common-sense before we start consulting on consultations!  Without strong leadership, the right expert team at Government level and a top down desire to fix things with staff empowered to do just that we can bury all hope of change along with the UK's aspirations to be a future player in the Internet economy.  Maybe we could start by deciding if we even need ex ante regulation at all anymore?  Now that would be an interesting consultation!

By the way - YES - companies do need to engage in the process and absolutely should - despite all this.  One day we may get to the promised land!"

I am not one of the many engaged in debate over communications policy who is worried about their BT pension. I am, however, delighted that my BT shares have finally recovered to the price I paid at privatisation (£1.30 = £3.83), having crashed from £10.60 after the consequences of local loop unbundling became apparent. Also perpetual consultation leading to policy paralysis is not confined to Ofcom and communications.  I have just written (in a draft submission to the House of Lords Digital Skills Enquiry (deadline 5th September) about how similar behaviour underlies the reason why we have failed to address the underlying causes of our cyclical "digital" (we used to say data processing, computing or IT) skills crises. An ever smaller, and less representative, audience responds to detailed and duplicated consultations that fail to address the points of leverage.

Hence the reason I am seeking to help open up this consultation to a wider audience and am delighted that the Digital Policy Alliance has agreed to provide an umbrella for a short-notice, all-party round table on the issues 

Is Digititis still a greater threat to the on-line world than cyberattack?

| No Comments | No TrackBacks
| More
For all the spend on cybersecurity, it appears that cockup (as with the recent Time Warner down time) still causes more chaos over the Internet that does criminal conspiracy (as with the recent attacks on JP Morgan and others). Meanwhile advertising (and tracking) bloatware can negate the benefits of moving from 7 megs to 70 megs on - especially when it spends it time "negotiating" with your security software - without giving you any say over what is blocked and what is not.   

I am currently helping the Digital Policy Alliance with the invitation lists for an event on 12th September to help "round out" responses to the latest round of consultations on Communications Infrastructure Policy. But one starts involving users, whether business or consumer, it quickly becomes apparent that nominal line speed is just one of the factors that need to be addressed if the objective is services that are fit for purpose. One of the shockers I learned earleir this week was the difference between the time it took to install global connectivity to a third world construction site (whether or not it there are landlines in the area) with providing local connectivity to a similar site between two UK city centres. I am hoping that the UK company which provides the relevant technologies will provide me with a note on the reason why and what should be done if we are serious about reforming the way our sclerotic regulatory and planning systems get in the way of overhauling the UK's economic infrastructure after over a decade of neglect.       

It is also apparent that any consideration of future infrastructure policy has to consider the security of that infrastructure - from cockup and digititis. not just cyberattack.  

A local digital exchange in every market town?

| 1 Comment | No TrackBacks
| More
Yestrday I posed the question of how the UK moves from a mish mash of semi-incompatible pre-internet fixed and mobile communications networks to a seamless mesh. fit for the post-Internet age, when everything is interconnected.

This morning I received a rather good  answer, sent from a smart-phone at 0.1 mbps from a not-spot in the middle of an area supposedly well served by current fixed and mobile opeators. The suggestion was to bring the centuries old tradition of the market town alongside the modern concepts of carrier neutral data centres and internet peering centres and create a network of  "Local Digital Exchanges". These would provide local digital operations with access to a full range of connectivity products, whether or not these are part of the offering of the dominant local communications service provider(s).

I look forward to more details when the proposer an get better on-line access but this suggestion could help kick-start the inter-operablity to which all pay lip service, while seeking to insert their own lock-ins. 






A couple of days ago I said that the importance of the consultation to get inputs to a new Digital Communications Infrastructure Strategy  cannot be under-estimated. There may be flaws in the "vision" behind the consultation paper but that makes YOUR response all the more important. 

The consultation states (para 2.2) that "Looking ahead 10 -15 years in the communications space is challenging if not near impossible." It then proceeds to do so, with scenarios that are already out of date. Some of the technologies said (in Appendix D) to be "in development" have already been deployed. Several said to be "new to market" have been in use for over a decade. All three scenarios for 2025- 30 already co-exist, sometimes in the same geographic community, stratified by age and skill. And those creating the industries of the future are beginning to migrate accordingly.

The future is what we make it.

The core issue is whether our ambitions are to be constrained by government, regulators, incumbents or by the willingness of consumers and business customers to pay for what is on offer - and therefore of investors to provide the necessary funding.

The elephant in the room is willingness to pay: more particularly, who is willing to pay what, how and when. As with the early railways, progress (around the world, not just in the UK)  is being driven by those who have found ways of pooling needs (including with other utilities) and/or using advance payments and funding from would-be customers to remove the risk from their investment - despite the opposition of canal owners who saw no need to frighten the horses or set fire to the hayfields.  

Many existing networks are creaking under demand from those who do not expect to pay more than they currently do for a mix of fixed line, mobile services (including wifi) and content (whether broadcast, timeshifted or downloaded). But new entrants are building cheaper, more reliable fibre and wireless networks, capable of delivering much better service at lower cost and of handling future change in ways that many legacy networks cannot. Meanwhile those benefiting most from the take-off in on-line traffic and e-commerce (Amazon, Apple, e-Bay, Facebook, Google etc.) are calling for "net neutrality" while paying for little more than the links to their data centres. And those in government who wish us to transact on-line often appear very reluctant to contribute to the investment necessary to enable us to do so.   

The list of those who contributed to the exercise to draft the consultation may help indicate why the scenarios and questions are as they are, when surely the key question is how to ensure that networks support not only current inter-operability standards but are capable of incremental upgrade, as demand, technologies and standards evolve in ways that have not been predicted, let alone fit the business models of the dominant players of the day.

The main inputs, other than from trade associations and other collectives, are from Telcos, Mobile Operators and Broadcasters with past investments and well-established business models to protect. Apart from CISCO, Ericsson and Huawei the voices of those who are building and equipping leading edge networks around the world are missing. So too are the voices of most of the e-tailers, content publishers and social network operators whose traffic is causing our current infrastructures to creak (Amazon, Apple, e-Bay, Facebook, John Lewis, Netflix, Twitter). There appear to be no inputs from those measuring the speed, scale and nature of the growth of traffic flows over a mix of traffic from fixed to mobile to wifi, let alone how much of it flows between networks locally (part of scenario 3) as opposed to via central peering centres. There were no inputs from the alternative network providers who are beginning to provide gigabit services to the business parks and housing complexes left out of the plans of BT and Virgin. Nor from the interest groups representing business users (urban or rural) apart from the FSB who recently condemned our current broadband infrastructure as unfit for purpose  .

Is that the fault of Government for not consulting a much wider audience?

Or is it the fault of those not consulted for being too busy building the future to spend time Whitehall watching and thus "discovering" the opportunity to inputs to the draft. On this front I should plead guilty to not having spotted the importance of the previous exercise and blogged accordingly to drum up inputs, let alone made the time to submit my own views.

Hence my reason for repeating the call for YOU to respond to this consultation - even though it was launched with little fanfare during the silly season.

An "alternative vision" of the current UK communications market may help explain the importance of obtaining views from a much wider audience.

The UK consumer broadband investment model (dating from before the rise of the Internet) is broken.  Prices are falling faster than demand is rising. BT is therefore switching funds from infrastructure investment into improving service to retain existing customers and into a content price war to try to get new ones. Meanwhile BT's rivals are seeking to piggyback on its past investments (e.g. the doubling of Openreach fibre lines over the past year) and the extensions being funded by the taxpayer (via BDUK). They are lobbying for unbundled access (VULA and PIA) at prices which unscramble BT's cross subsidies with its new content business.

Meanwhile the needs of business (large and small) and of those consumers willing to pay up front in order to get world class connectivity are being ignored - except by the newcomers (some well funded, others not) who the incumbents have been seeking to lock out of the market. But some of BT's rivals are now looking to do deals with the newcomers in order to get better, faster access to high value customers and lower cost than via BT. And there is also increasing pressure on BT to offer better deals for those whose want to link their local fibre networks onto BT's national trunking service.

To look at the market another way:

BT's 21CN investment programme (completion delayed by nearly a decade when local loop unbundling wrecked the business model and caused the share price to plummet) is now coming to an end (except for the extensions paid for by Government). Virgin's new owner is planning to build on some of the old cable company infrastructure investments abandoned when NTL and Telewest had to focus on integrating the best of their networks in order to survive. Vodafone appears to be planning to give the bulk of its funds (after upgrading to 4G and investing in overseas networks) back to shareholders and try to get better prices for access to BT's infrastructure - rather than extend the infrastructure it acquired with Cable and Wireless. 

The other mobile operators are also (like Vodafone) looking at infrastructure sharing including with local authorities (e.g. the "Wireless Concessions"). Sky too appears to decided to put its funds elsewhere, while looking at how best to exploit the investments planned by new players like City Fibre. Meanwhile the new alternative networks may have finally broken through BT's successful blocking operation with regard to BDUK funding. From Cumbria and B4RN, through West Oxfordshire and Cotswold Broadband and the other small commuities served by Gigaclear to City Fibre  (with York, Peterborough, Coventry  and now Kirklees) and  ITS (with  Hammersmith and Fulham and othrs)  or the growing number of Hyperoptic networks , we can see a proliferation of local utility  broadband networks springing up, with their finances underpinned by demand from local authorities, commercial centres and business parks, apartment blocks  and housing complexes. We shold not forget, however, that most need to interwork locally with BT even if they do not rely on it for trunking to the London Internet Exchange

At this point I would like to applaud Ofcom (I do not often do so) for realising that the alternative network operatorsm who are beginning to transform the services available to communities left out of the plans of BT and Virginm have also been left out of their market review structure and for commissioning INCA  to help them with a survey to correct this. 

The problem for the incumbents with whom DCMS and Ofcom are used to working is that the UK is used to cheap, slow, always on Internet. Even our supposed "superfast" is fit only for video streaming and low resolution conferencing (e.g. Skype). New players like Hyperoptic have to compete with "free" (or almost "free") for anyone who take an over-priced phone line. However, their ongoing charge (i.e. leaving out initial freebies on both sides) for 100 mbps uncapped (including a telephone service) appears less than any of the BT "unlimited" broadband offerings (whether superfast or infinity). And their gigabit service costs only for only 50% more.

So what about the role of Government and regulators in promoting both competition and investment?

By original discipline I am a historian. I remember looking at the "rigging" of a pair of Royal Commission enquiries into price fixing during the early stages of the Industrial Revolution (when traditional pricing structures were collapsing as new sources of supply opened up and whole trades, such as handloom weaving, exploded and collapsed within a decade or so). By the time the evidence had been collected the market had been transformed. By the time the reports had been agreed the findings (and all the lobbying that had gone into securing them) were of no relevance - save that intervention that would have prevented or delayed that transformation had been avoided.

At London Business School I enjoyed the case studies in Michael Beesley's  course on the regulation of private sector monopolies and his explanation as to why it was futile to even try do  anything more than control price, quality of service and predatory behaviour. The recent histories of Ofcom and Ofgem indicate why he was right.   

Hence also my strong prejudice against Governments or Regulators basing policy on predictions of the future, as opposed to better detecting and responding to change when it happens and on removing the obstacles to change that block new entrants from exploiting better, cheaper ways of meeting user needs, even if only in niche geographic markets or business sectors. 

The pace of change is running well ahead of the timescales for the alternative scenarios in the consultation. They are happening already, in parallel. We need to stop wadting time trying to forecast and instead focus on how to allow and encourage (not discourage) new investors to fund those who will enable the UK to keep abreast of global change.

The questions asked in the consultation are relevant but the main of role of the regulator is to control abusive behaviour and the main role of Government, as in the early years of the railway age (and the Admiralty mail contracts), is as a lead customer - mandating (via PSN) adherence to inter-operability standards for those who want its business. Hence the importance of the City Fibre arrangements with Easynet to be piloted with Kirklees. 

Kirklees is by no means the only council which has to either take 30 - 40% out of its operating costs or grow its revenue base substantially.  Hence the impetus behind the local authority exploration of wireless concessions  to use ubiquitous local wifi to help kick start local economic growth, inprove social cohesion and slash the cost of local on-line public service delivery using their obligations under the Social Values Act as part of the planning and procurement process. Some of the wico plans are already, via coherant "smart city" thinking, helping pull forward Scenario 3 in the consultation. 

Those like Regional Network Solutions who are advising councils on how to get best value from such concessions also emphasise the need for these to operate to international inter-operability standards, not just for seamless connectivity today but also to enable seamless evolution into the world of tomorrow. I recently blogged on the importance of standards but I recommend you also read the comment (to that entry) by Sean Barker on the need to mandate user-driven standards in order to maintain long-term flexibility (he uses the intended life span of the Queen Elizabeth class aircraft carriers to illustrate the issues) avoid supplier lock-in. This is clearly a role for government and, given the way that the Internet itself is creaking badly because major players are not updating the routers they use, the time has come for HMG to follow the US government and include IPV6 compliance as a mandatory part of its own procurement processes.       

Adherance to international standards also makes much easier for failing network operators, large or small, to be taken over and consolidated, or broken up, with seamless transition for their customers (unlike the trauma that followed the collapse of Worldcom or the problems faced by those local authorities  who fell for the more recent profit share promises of Gowex).

The diagram on page 56 of Section 5 of the consultation paper illustrates why it is so difficult for incumbent players to raise funds at economic cost. Prices are falling faster than demand is rising. The same analysis could, however, have been done before each of the railway booms of the 19th Century. The lead investors in the railway floatations were nearly always eastate owners, merchants and businessmen who wanted cheaper, faster access to market for their coal, farm produce or manufactures than was provided by the canals. Later they were joined by those who wished to build whole new communities (c.f. Metroland, unusual only because the railway company itself was allow to exploit its land holdings). Many railways never much, if any, profit for shareholders but they transformed the communities they served.

Hence my regular calls to make it much easier to draw in infrastructure investment from those whose commercial centres and business parks will rise in value as well as from house-holders and businesses willing to pay up front for a three to five year service. In practice I expect many of the networks to then be bought up, or at least operated, by a relatively small number of national and global players (provided they were designed, built and equipped to global inter-operability standards) as were most of the railways built by the Stephenson's (or the original telephone companies).

I suspect, however, that enabling and encouraging customer (including local authority and other public sector) and community funding for local utility networks (built and equiped to international standards) may be the only way to bring forward investment of the scale and nature needed to give the UK a world-beating communications infrastructure - just as it gave us world-beating railway system and created our original water, gas and electricity utilities.

To conclude,. Speak now  or live with the consequences.

P.S. 20th August I have been getting some very interesting feedback - including the idea of a "local internet exchange" in every market town to help pull through both inter-operability and resilience.

Now is your opportunity to help change the future of the UK economy, not just of communications infrastructure policy.

| No Comments | No TrackBacks
| More
The importance of the consultation on inputs to a new Digital Communications Infrastructure Strategy  cannot be under-estimated. The Treasury/DCMS Consultation may have been launched during the silly season (August 6th) but it is anything but silly.

I apologise for not blogging earlier on this opportunity for you to help drag UK communications policy forward into the 21st century.  I spend my summer break in a not-spot (infrastructure not upgraded since the last century) where I needed twenty minutes of clean signal to download anything more than e-mail headings, let alone send an e-mail or browse the net.

[Do not feel sorry for me. I sat by the window sipping whisky, watching the seals scratch themselves and the buzzards hunt for lunch, while the solar panels charged my smart phone and netbook as they sought a 2G signal from the other side of the Loch. Feel sorry for those for whom this is their year round service - not just a break from the on-line merry-go-round]. 

Much of the background material in the Digital Communications Infrastructure consultation document is myopic. Some say that indicates how little officials have appreciated the changes under way. Others say if reflects the antiquity of parts of the infrastructure. More-over publicity for the consultation has been muted and its timing might seem to imply HMG is going through the motions and in not serious. But the politicians are serious and the consequences of a lack of response other than from those contacted will be profound. An example of the latter can be seen in the statements regarding user expectations in Ofcoms recently updated guidance on network security . No attributable inputs to the consultation that led to that update were received other than from BT, KCOM, Sky, EE, Vodaphone, Three, Verizon, DWP and the ICO. It appears there were no inputs from network users, large or small, other than from Government.

The importance of the responses to the questions in the Infrastructure consultation cover letter (see below) can be seen from recent news cover confirming that BT's investment programme (other than to acquire sporting rights to give away to stop the loss of revenue to Sky, Talk Talk, Virgin and others) or funded by government has come to an end and Openreach is now focussed on service improvement.

When I have been able to digest the consultation paper and the e-mails I have received commenting on it, I will plan to juxtapose these with material on recent attempts to open up the sclerotic UK market to more effective competition and on other opportunities to not only influence the political and regulatory agendas at both UK and EU level, but bring forward no risk, rapid payback investment in bottleneck removal without waiting for the result of the consultation.

In the mean time, this consultation offers the start point for bringing about changes as profound as those triggered by the studies on which I worked back in 1978 -9 which led to telecommunications liberalisation and privatisation and the revolution that followed.

Do respond. Including on the questions that are not asked.

Speak now or live with the conseuences.

"Dear Stakeholder

The Chancellor for the Exchequer has today launched a consultation published jointly by the Department for Culture, Media and Sport (DCMS) and Infrastructure UK seeking evidence to inform a new Digital Communications Infrastructure Strategy.

DCMS' Connectivity, Content and Consumers report identified a need to develop a longer term strategy to build on the UK's strong digital foundations. The strategy will consider the measures needed, from Government and others, to ensure that the UK has the infrastructure in place to meet user demand and to continue to benefit from world-class communications networks as technology and the digital economy develop further over the next ten to fifteen years.

We are not consulting on a draft strategy or on specific policy proposals. The consultation instead poses a set of intentionally broad questions to draw out evidence on the expected demands of business and consumers on technology and infrastructure. It also asks for views on the challenges likely to be faced in providing the infrastructure to meet those demands.

The questions are grouped according to the following themes:
•         the role of Government;
•         scenarios of possible user demand and technological developments set against a backdrop of a range of influencing factors;
•         how the regulatory framework could change to maintain competition and to facilitate provision of infrastructure to meet demand; and
•         the scale of private investment required, and by when and by whom.

We would welcome your responses to the consultation, which will close on 1 October 2014.
You can find the consultation document, along with details of how to respond, on the Government website: https://www.gov.uk/government/consultations/digital-communications-infrastructure-strategy-consultation

If you have any questions about the consultation please email the team at dcisconsultation@culture.gsi.gov.uk.
"

I remind you of the value of releasing your submissions to the press and of placing them on websites for easy reference, whether or not the department does so.

This makes it easier for those actions which do not require any change of government policy to gather pace as soon as investors perceive the necessary critical mass of support and investment analysts ask pertinent questions. An example of the latter might be: "Is the sum of the parts of BT worth more than the whole and is its "national role" therefore the main factor, apart from management ambition, militating against break up?". If so: "What should be the role of government, apart from maintaining  a "golden share" in those parts which are part of the critical national infrastructure."

Time has moved on but the stakes today are as high as they were in 1979 and the need for radical thinking is every bit as great.

The good news is that we see the impact of BT's £2.5 billion investment over recent years and of the Government's £1.2bn add-on funding . On-line purchases have risen sharply in the wake of broadband improvements . The use of video streaming services such as Netflix is also rising. The bad news is that the headline take-up of BT Infinity appears to have been below expectations and its overall revenues are falling. Hence its retrenchment and focus on giving away sports content and also improving service  

But if that is BT's foward strategy then much of the UK (urban as well as rural) faces economic stagnation and social exclusion - unless it can draw in infrastructure investment from:

  • Virgin (as with its 100,000 homes extension in East London),
  • Sky (although it now appears focussed on deals to exploit infrastructure investments by others),
  • Arqiva (probably about to receive a new injection of funds for long term investment if the UK climate looks ripe),
  • Mobile and Wifi Operators (faced with soaring consumer volumes but not revenues and therefore planning to better exploit location independent business and service markets).
  • Sovereign wealth and pensions funds looking for ways of investing in broadband utilities, large and small: using a kaleidoscope of business models (involving local authorities, business parks, commercial and social landlords and self help groups) to turn risk investment into boringly safe long term returns.

We should also remember that in Sweden the incumbent telco became an anchor tenant of many of the shared municipal communications utilities when it ran out of investment funds. Some of BT recent succesful wifi and public service delivery bids indicate that it too is exploring alternative business models as its costs of borrowing rise because it is viewed as as a media company rather than a utility.

When I tried to work out likely UKIP technology policies, based on the views of some of its new MEPs regarding "capitalism not corporatism" and the issues local to their areas, I realised that in their eyes the UK faces a simple choice:

Is it to become a sink for imported content with our high streets bankrupted by extra-terratorial and untaxed (except in Ireland or Luxembourg) on-line e-tailers?

or

Is to once again be a global hub for trusted, wealth creating and taxpaying businesses, setting its own agenda?

I will not go into whether that really is the choice we face. I would merely say that those who think UKIP is wrong have not only to convince the voters but need to bear in mind that UKIP is particularly strong in parts of the UK which do not have globally competitive business connectivity and do not even have that choice.

Hence the importance of this consultation. 

Is the BT Business Broadband monopoly about to crumble? How will it respond?

| 3 Comments | No TrackBacks
| More
I recently blogged on the demand aggregation exercise being organised by the City of London  A couple of days later I received a note on the current state of INCA plans in response to the recent Federation of Small Business report on how small businesses are often left out of the national superfast broadband rollout.

INCA membership has grown rapidly over the past year and now includes those ready, willing and able to provide high speed broadband services in areas that BT deems commercially unviable, provided a critical mass of businesses want the fast, symmetric, low cost access they can provide.  INCA has therefore teamed up with the Federation of Communications Services to develop a network of projects in enterprise zones and business parks around the country.

The first project to go live was not in a deeply rural area, but in the heart of Shoreditch, London (need door to Smithfield, still sloughed with rural crapband). The Perseverance Works, home to 90 SMEs, has just contracted a project with Fibre Options to deliver gigabit broadband speeds for a fraction of the price charged by BT for a 'leased line', the only high speed broadband alternative available to them (Infinity is not available in the City of London because ...) .
 
INCA members like CityFibre, with a range of 'Gigabit City' projects (beginning with York, Coventry and Peterborough), aim to cover all premises in their area, including all the local businesses. Other INCA members like MLL TelecomITS Technology Group, Gigaclear
and Hyperoptic have developed high speed services, using fibre and wireless technologies, specifically to fill the business park gaps left by BT. The City Fibre interchange arrangements with Sky and Talk Talk being piloted in York and the interconnection services offered by Fluidata and others mean that the pieces are now in place for consumers to benefit from investment in local networks where the return is underpinned by business demand. 
 
The movement in the market also means that a growing number of fund managers are looking at the opportunities now that business contracts mean fibre networks can be assessed as utility leasing deals rather than risk investments. The tragedy is that BT and Virgin appear trapped in a price war with Sky which they cannot win and therefore lack the funds to compete. That situation will get worse as BT's leased line monopoly comes under growing threat and the mobile operators improve the availability of ubiquitous (i.e. mix of fibre, wifi and mobile) 4G, eating further into traditional telecoms revenues.

Where does that leave government policy. The good news is that local authorities, both urban and rural are beginning to use the new generation of BDUK schemes (from vouchers to bids for innovation funding) to break out of the straightjacket framework about which I have been so rude in the past. 

The bad news is that not all have been successful - in some cities lack of engagement with local business and lack of publicity for voucher schemes means that the take up has been pathetic. In others, the rush to contract has let them to ignore industry advice (e.g. warnings about the Gowex business model over a year ago) and fall for superficially attractive exclusive deals which appear to bar mainstream UK wifi services from their city centres.

This does not, however, mean that the reimposition of central planning would provide other than uniform mediocrity. Provided the use of international inter-operability standards, (not just the subset used in the BDUK contract with BT) is mandated the way will be open for new players to seamlessly take over the operations of those that fail - unlike the Digital Region which will need to be reworked after its purchase from bankruptcy by Geo.

There are a many business groups now lobbying for action on business broadband, in addition to those representing  areas (inner city as well as rural) where investment in 21st century communications infrastructures is unlikely unless councils add in their own communications infrastructure and service budgets. As vice- chairman policy studies for the Conservative Technology Forum, I would find it most helpful if more of the players were to come together via the Digital Policy Alliance with a view to putting the same arguments to all parties - so that we can work out where we differ on fundamentals as opposed to bells and whistles.

That would encourage and enable officials to bring forward those actions on which we are in violent agreement to before the next election - thus saving over a year.


I should add that even the argument as to whether it is better to rely on market forces (including local municipal enterprise) or on central planning (including the role of Ofcom as more than a competition and standards regulator) appears to lead to splits within the parties rather than between them and need not delay practical progress within existing policy frameworks.

However, what is helpful to me is less important than what is helpful to the next generation and to the one after that who will have to live the mess we will make of the future of the UK if we try to second guess the future and are wrong. Hence my lack of faith in the Government, even if advised by me, picking winners. 

Why does the Bletchley Park Trust wish to airbrush Colossus out of history?

| 1 Comment | No TrackBacks
| More
The Daily Mail press cover for the visit of the Duchess of Cambridge to Bletchley
includes a photograph of Collossus, hidden among the fashion photographs. That was more than was evident on the day. Apparently the Trust took down all the signs leading to the Colossus site, locked all the gates and invited none of team who helped the rebuild and ran the school visits and tours during Bletchley's lean times before the lottery donation. 

Why? 

And why has there been no acceptance of the many offers to help mediate the dispute between the Trust and the Museum that is getting in the way of fund-raising for both?

There appear to be a number of reasons: from commercial, through personal to the legacy of Bletchley's cold war role, in which some of the Computer museum's supporters and volunteers played parts which are still secret. 

The commercial disputes range from rivalry for funding, tenancy agreements and the role of volunteers in a "modern" museum.  There seem to be many "obvious" ways forward, given goodwill on both sides, but the role of volunteers is more complex when some have memories that are still covered by the Official Secrets Act.  

The personality disputes appear more complex and some appear to date back to the cold war "tensions" regarding the role of the UK security services that were brought to a head by the actions of Peter Wright and his colleagues over what they supposedly learned in the course of surveillance operations. We are still living with consequences of the termination of plans to be more open about the nature and governance of UK surveillance operations that followed Wright's publication of Spycatcher after he had been denied a pension.

That brings us to the apparent policy of removing reference to the symbiotic relationship between the surveillance and computing : from sigint and cryptanalysis to search engines and deep packet inspection, from Colossus to the ICL 2900 series (the design of which was, in significant part, dictated by the requirements of the lead customer for the 2980 - GCHQ).

The current dispute is symptomatic of our inability to have an informed, rational and constructive debate on how to reconcile privacy, surveillance and security (personal not "just" state) in a democratic society.

We take sides, backing the "the Guardian" or "GCHQ".

Meanwhile the statements of those who actually understand today's use of the "Big Data" techniques and technologies pioneered at Bletchley commonly combine intellectual schizophrenia, moral hypocrisy and greed (whether for research funding or commercial gain).

Hence the importance of breaking down the barriers between the Theme Park and the Museum . We need to fund both sets of activity, properly, but also to join them, so that our children and grandchildren can learn the truth, not just the mix of simplifications and myths, interspersed with a few lies (some necessary, most not) that we feed those too immature to handle the truth. I hope that we might also use the opportunity to undo some of the damage done by Peter Wright and publicly contrast the governance structures of GCHQ (which so frustrated him - and for very good reason - as he himself demonstrated) with those of other agencies and of the private sector suppliers in whom they have so misplaced their trust (including those who designed the systems abused by Edward Snowden and then vetted and employed him).     

Are you suffering from Crapband in the City? Tell the Corporation.

| No Comments | No TrackBacks
| More

The problem of crapband (slow and unreliable mobile and as poor fixed line services) in the City of London and its effect on global competitiveness are summarised in a video clip by the Common Councilman for Bishopsgate . The Corporation recently conducted a survey and has now, unlike Ofcom, identified a market failure and is looking at what action it can take without being accused of "state aid" (as BT accused Birmingham when it sought to organise a Stokab solution to rejuvenate its original industrial heartland).  

The City of London believes, of course, in making markets work and is known to be exploring a variety of options.

These include:  

  1.  introducing new players (whether private led or a Stockholm-style joint venture) to provide ubiquitous fibre and/or to improve 3G and 4G cover using the City assets (as has been done by other Cities across the UK, beginning with London's traditional rival, Westminster)
  2. the use of simplified planning procedures to require all new-build office to have fibre and ducting  capability and co-ordinate street works to reduce civil engineering costs and improve speed to market
  3.  the identification of clusters of high demand, using demand registration programmes to help give investors confidence that they are financing a low risk utility projects
As yet none of the incumbent suppliers appears to have taken the rising tide of discontent seriously but the charges being quoted to SMEs in the City (plus £7 - 10,000 p.a.) appear to be three to four times the annual charge for domestic fibre to premises where the latter is available.

The Corporation's exploration of the third option has therefore moved forward with a YouTube video inviting registrations of interest and a new survey of demand from its 13,000 businesses, msot them SMEDs and 25% of them high tech, as well as its 9,000 residents, 
.
Meanwhile, over the border, in Shoreditch , I am told that a consortium is moving ahead with using publicity for the Government voucher scheme to support a demand aggregation exercise to make it easier for alternative suppliers to supply fibre and transform the prospects of those priced out of the Tech City complex   


I look forward to hearing the response to exercises being done by the Corporation of London to identify demand and whether these are to be made available to potential suppliers and their backers. I add the backers because I look forward to seeing the consequences when investment analysts pick up on evidence both of the latent demand and of the reluctance (or inability) of incumbent suppliers to satisfy that demand.

I was recently given sight of an analysis of the anticipated impact on BT of a rise in interest rates before the end of its current price wars with Sky, Virgin and Talk Talk. Apparently BT's "decision" that it is a content provider, not a publisher, has caused a significant rise in its cost of capital. Its borrowings are said to be rising while its investment plans (other than those funded via BDUK contracts) are falling. Hence the rumblings of support in some quarters for exploring a break-up of BT - provided a way is found of ensuring that the critical infrastructure roles (including the surveillance operations it conducts on behalf of GCHQ) remain under UK control.   

In the meantime I would urge those who live or work in the City and are suffering from the current market failure to respond to watch the video and register their interest and also to complete the survey contact their Common Councilmen. The City is unusual in that businesses have the vote. If they instead vote with their feet and move to where they can get affordable broadband that is fit for purpose, the consequences could be dire for UK as a whole, not just the CIty.

The rest of you who are suffering from crapband can, of course, now be assured that you are not being discriminated against, any more than the rest of British business, as suppliers cut prices in a fight for consumer market share in a shrinking market. Yes I did say "shrinking market". Overall consumer spend on on-line connectivity and content is now stagnant or falling - as the major players seek to give away each other's bread and butter in the hope of jam tomorrow.

The consequences of all those price wars and freebie offers do not look good if some of the analyses predicting an end to the bubble of debt-funded investment are correct. The share price of tech stocks with business models based on consumer or advertising spend look to tumble later this year when interest rates start to rise. Meanwhile there are many thousands, perhaps millions, of savers, plus businesses with cash reserves and pension and sovereign wealth getting out of dodgy government debt, looking for safe long term returns from utility investments.

The politics and economics of broadband have suddenly become even more "interesting".

 







Why inter-operability standards are essential for an open and competitive market

| 1 Comment | No TrackBacks
| More

Bryan Glick's summary of the "Big IT v. SME's" debate and the need to change supplier behaviour raises many questions, not least "how we bring about genuine competition?".

A little while ago, when blogging on the need for robust policies to preserve competition in the on-line world as a whole  I promised to reprise my script to a recent BASDA (the Business Software Developers Association) conference. I was asked to address the importance of inter-operability standards. These are boring but essential to genunine competition. Without  effective action on standards, the lobbyists of the oligopolists can still make a credible case to "Sir Humphrey" that the Minister will be happier with hiring consultants to plan a high cost/risk "delayed big bang" project (i.e. promises today, problems tomorrow: for his successor) than a low cost/risk incremental change programme. The former is safer for the minister - he will have moved on before the chickens come home to roast. The latter opens up the potential for criticism while the minister is still in office, whether the trials work (post code lottery because only a few have benefited) or not (waste of time/money, however small).

Chi Onwurah is correct in saying that we still need the big suppliers. If government is seeking to contract 25% of its business to SMEs that mean the big suppliers will still account for up to 75%, But securing value for money, with systems and contracts that can evolve over time, as needs and technologies changes, require fundamental changes in behaviour on the part of both government and its suppliers, small as well as large. The era of painfully negotiated, comprehensive and inflexible outsourcing contracts and PFI deals is coming to an end. Its demise will, however, be neither easy nor painless, unless and until major suppliers can find democratically accountable, (for public money and quality of service), ways of working flexibly and profitably with "families" of nimble, low overhead, innovators. Some suppliers are well down this route. But even they face problems because they risk cannibalising bread and butter revenue streams in favour of a reduced share of lower margin new business. The true winners are those (as yet only a handful) who have worked out how to use the opportunity to jobs back to the UK while dramatically cutting their off-shore, outsourced costs: the "win, win, win" strategy. 

I was, however, accused of "scaremongering" when I blogged on the possible implications of a recent criticism of a ministerial refusal to plough good money after bad until the end-user trials of the people processes the technology was to support had demonstrated success. I should therefore make a couple of disclaimers before I reprise the script I used when speaking to BASDA last month.

First as an occasional journalist and regular blogger:

I first wrote for Computer Weekly in 1973, when part of my London Business School Master's project appeared as a ten part series on "Why Computer Systems Fail" (£15 per thousand words was good drinking money in those days). I have been an occasional contributor ever since. I have also written for others. I even had a column in Computing for some years. I started this blog in September 2007 when I was "convenor" (alias programme advisor) for the CW500. The aim was (and still is) to put political matters into IT context and IT matters into political context, mainly for the benefit of Heads of IT (whatever the current titIe of the poor sod who carries the can for delivering systems that work), for users (alias victims) and for investors (from finance directors to fund-managers).

Apart from occasional speaking engagements and advice on thought leadership opportunities I have not worked for a supplier since I left ICL in 1977. I then had five years outside IT as a corporaate planner for a UK-based multi-national before joining the NCC, originally to set up a technology assessment operation. When I left the NCC in 1986, I took with me the operation that I had joined the NCC to create: helping banks, fund managers and major users to appraise new technologies and the associated investment opportunities. That has entailed both avoiding vested interests and taking a cool look at innovations and market enthusiasms. 

Second as a volunteer, unpaid, politician:

In 1978 I was co-founder of the Conservative Computer Forum. About the same time, I volunteered as an ASTMS representative (I paid the political levy and remain a member of Unite) on the TUC studies for the Labour Party on the impact of new technology. Some of the studies on which I worked appeared in the policy papers of both sides in 1979: e.g. telecoms liberalisation and the micros in schools programme. Others did not: e.g. telecoms privatisation and IT Year. 

 In 1981 I was one of the co-founders of the all-party Parliamentary IT Committee (PITCOM). Shortly afterwards I stood down as chairman of the Conservative Computer Forum (after joining the National Computing Centre I was barred from appearing on party political platforms). In 1993 I agreed to organise the re-launch of EURIM. Until 2010 (when I stood down as Secretary General of EURIM) I devoted my energies to working on an all-party basis.

In 2010 I agreed to do a three year term as chairman of the Conservative Technology Forum with a remit to try get the younger generation to do as we had done in 1978-9: collating industry inputs into peer-reviewed recommendations for submission to those responsible for drafting party policy. I made clear that I still regarded most matters IT and tele-communications as cross-party rather than partisan and would continue to seek support for all-party, pan industry studies where practical.

I stood down as chairman of the CTF on March 31st but remain Vice-chairman (Policy Studies). The list of topics for which CTF is currently seeking volunteers and submission is on their website . The nearest Labour equivalents are probably Labour Digital   and the Digital Government programme although Labour has also announced studies into Digital Skills and on the Digital Creative Industries. When speaking to industry audiences, including via this blog, I strongly encourage listeners and readers to be active via the party of their choice - because the silent majority gets what is deserves - ignored.
        
Now to the meat of this blog: the script I used when speaking to BASDA on why action on inter-operability standards is as important as action on public sector skills if we really do wish to change the behaviour of government and its suppliers towards using IT to serve the community. This is relevant to the issues raised by Bryan because without such action, we risk perpetuating practices condemned as unfit for purpose by the National Audit Office, the Public Accounts Committee and the Public Administration Select Committee     


I apologise for sloppy blogging: I should have said oligopoly not cartel yesterday

| No Comments | No TrackBacks
| More
Chris Keeler correctly pulled me up for using the work "Cartel" yesterday when I should have said "oligopoly". Do read his comment and my response.

This was very sloppy, especially since I had myself made the distinction when the accusations first emerged some years ago with the Public Administration Select Committee report which triggered the OFT investigation

Does Labour really plan to scrap incremental change and return to "delayed big bang" for government IT projects?

| 2 Comments | No TrackBacks
| More
No wonder the cartel who brought us the NHS National Plan for IT, the re-creation of the BT communications monopoly, overpriced and inefficient PFIs and all those other massively expensive, wasteful and under-performing central government "delayed big bang projects" are cosying up to those planning the Labour Party Digital Government strategy. Just read the Labour plans to scrap the incremental change programme that Ian Duncan Smith has finally succeeded in imposing on DWP and its suppliers.

I have blogged on this theme many times before , linking what was happening with the DWP programme, despite clear ministerial instructions on the need to follow an incremental path in line with good professional practice for major change programmes. Now it is apparent that at least part of Labour Party is still in thrall to those who advised them on IT policy during the run up to 1997 election.

I liked many of the questions being asked in some of the calls for evidence for the Digital Government consultations organised by Chi Onwurah: albeit I thought they focussed on the tactical rather than the strategic. Now we can begin to understand that focus.  Whatever recommendations come out of the studies, the cartel who have run UK public sector ICT for the past twenty years still expect to be able to recoup their recent losses after a Labour victory.

Those who wish to prove them wrong need to submit robust inputs to the Labour and LibDem policy studies, not just those of the Conservatives.

The divisions are not along party lines. There are similar divisions in all parties, between those technophiles who believe that this time we have learned from the past and that better planned BIG projects using BIG data will do it better, faster, using the latest cloud technology and those who believe that the problems are to do with BIG organisations (including BIG suppliers and BIG consultancies) planning BIG projects which cannot be delivered before the requirements and organisational structures, let alone the technologies, have changed.

The time has come to follow good practice. By all means think ambitious and integrated vision and architectures. But then think frameworks for co-operation across silo boundaries, focus on inter-operability standards at all levels and rebuild public sector delivery skills around incremental change projects which help build and reinforce those frameworks.

In this context I welcome the long overdue re-orientation of DWP around pilot pathways to identify and test the people processes before investing in technology. "Merely" employing an army of expensive consultant to look at theory is no substitute.

Meanwhile if we want a review of a progamme that is in trouble let us take a good look at "Civil Service Learning" - arguable the most important programme of them all, assuming we wnat to rebuild the skills of central government as an intelligent customer. The core quesitons do not relate to costs but to the number of officials, receiving which training to which standards over the past year.            


The feedback to my blog last week , on the review of the new cyberskills frameworks, revealed some interesting divisions of opinion with regard to training programmes in general. One of the most interesting was that between those with existing in-house programmes for mainstream skills and those without: with the former looking at how to extend these to include security skills (see section 4. in my previous blog) and the latter recounting problems with unmotivated trainees. 

What comes through is the importance of learning from the experience of those who have been successful in using well-planned internship programmes, "try before you buy", to reduce the risk- as well as from those whose attempts were less successful.

I am an enthusiast for such programmes. I used work experience trainees to turn round the NCC Microsystems Centre: the flagship awareness programme of the early 1980s. It had been created in the middle of a growing skills crisis with no attention to a sustainable business model. It was haemorrhaging staff because it paid according to national wage scales in the middle of London. The trainees enabled us to turn crass awareness programmes into cash flows that, in turn, enabled us to hire them. But I was only to do so with the committed support of the remaining consultants and operations staff - who enjoyed both the feel good factor of teaching and the ability to bring fresh minds to bear on the problems that were emerging in the "real" world before the academics had theorised them out of context.

The e-Skills cyber security internship program builds on the experience gained during last year's  IAAC pilot , involving 100 applicants, 50 Universities and 50 companies.  If you are serious about growing your own skills base before you are overwhelmed by the growing tsunami of threats  then you should get in touch before the programme is over-subscribed and while the boundaries are still flexible.

But you should also take a look at the past experience with cyber security internship programmes on which it builds.

The conclusions drawn by Mike St John Green in his report on the IAAC pilot are tentative - but it is only 22 pages and I recommend reding them all. You will find also other patterns that tally with the experience of other industries over many decades.

My own experience with studies into IT skills shortages and solutions dates back to the aftermath of decimalisation. My MSc project at the London Business School (MSc06 1971 - 3) was on the link between failed computer systems and the lack of skills to understand the business requirement and what was practical with the resources available: time and people being more important than budget and technology available. For that project I looked not only at the studies that led to the original formation of the National Computing Centres but had free run of the files of the British Institute of Management to do an analysis of the success and failure of training courses and programmes over the 1960s and 70s.

There are a few key messages for employers planning to use internship programmes to take the risk out of recruiting trainees:

1)    The staff, who are to work alongside interns and work experience trainees, must not only be supportive but have clear "rules of engagement", including how to provide confidential positive (as well as negative) feedback to both those supervising the training programme and their own line management.

When I had responsibility for the NCC Microsystems Centre in the early 1980s, (using work experience trainees to run the reception desk and demonstration facilities, act as helpers on hands-on training courses and provide practical help to SMEs), the attitudes of my line staff were central to giving the trainees the early responsibility that enabled them to blossom. [alumni of the centre can comment, including on the "in-house pun" that I only spotted after drafting, direct to me via Facebook].

I knew I would get rapid feedback on how they were performing - and things never got as far as me having to give a formal warming, as opposed to public praise for the job subsequently well done. One  individual, who subsequently ran major programmes in the Middle East, never knew how close he came to "the bums rush" - or perhaps he did and my staff did not tell me.  Also we gave everyone basic sales training, beginning with group viewings of the early John Cleese videos. This did wonders for attitude issues.

2)    Internships are more likely to be successful when you are recruiting from an organisation (school, college, university, welfare to work programme etc.) with whom you have a relationship and who will try to match the student with the placement.

We took our work placement students from a provider on the equivalent of today's "welfare to work" programmes. Most came from the "Threshold" programme (two placements as part of a double sandwich course). Apart from a couple who dropped out inside the first week, all repaid the time we spent on them and had got permanent jobs, half of them with us, before the end of the course. Given that we were in the centre of London paying Manchester salaries, I could not have run the operation without them.

3)    Within four weeks you should know whether an internship will work (on both sides).  Your staff will have worked out not only how to handle any attitude issues (those running the scheme should have given you advance warning and said why they thought the individual worth the effort) but how to turn these to advantage.  However it will take at least 6 - 12 weeks before you begin to cover the effort put in by you and your staff.

In the Microsystems Centre the first placement (of the double sandwich we commonly used) was genuinely pro-bono. We used the interview and first couple of days to make it easy for those who did not like what they saw to drop out before we wasted our time and theirs. As Mike St John Green mentions in this report, some of the best do not inteview well so we relied more on the references from the placement agency and their behaviour in the period we had them immediately before and after the "formal" interview. We then hoped to motivate them for the second half of their course, to keep in touch and to get them back for their second placement. It usually worked and they were earning their keep within a couple of weeks of starting the second placement.  
 
4)     If you pay peanuts, you get monkeys. Unless the interns are on a course that pays their expenses you should pay minimum wage (or London living wage) and provide assistance with accommodation if they do not live within easy travel distance. As soon as you have decided you want to keep them you should consider putting them onto a formal apprenticeship agreement. 

We were not permitted to pay our work experience trainees (they were on a government funded programme which included a modest payment) but when we assigned them to work for SMEs (who paid us only for the supervising consultant) we made clear that we expected the client to "show their appreciation" for a job well done: (£hundreds of pounds of credit at a book, record or wine shop was not unusual in return for installing a micro-computer based stock control, ordering and invoicing package, including file loading and staff training). 

I retained the trainees who was able to subsequently hire, despite being unable to pay them more than provincial wages, by giving them accelerated responsibility. But the financial pressures on youngsters today are such that I doubt I could justify the cost of external training without a contractual agreement akin to that which I agreed with ICL when they sponsored me on the London Business School Masters Programme (1971 - 3). That contract was very similar to that in Strathclyde v. Neal, the test case that is the basis for most current contracts.     
 
5)     There is no well-structured market for internships. Most current programmes are built around a summer "season" - befiore and after the exam results, competing for school-leavers who failed to get the University place and graduates not already picked up via the mainstream HR milk round. To get the pick of the crop you need to plan ahead, getting HR to include Information Security in the packages they promote to their chosen schools and Universities and/or to join in one of the tailored programmes, like those run by e-Skills.

You should, however, also look at alternative sources, including those who made poor choices and dropped out or graduated from the wrong course or University or who graduated during the recession and are coming off stop-gap post graduate courses or are seeking better than is being offered by their welfare to work programme.

One of the best of the alternative sources is women returners, taking a particular look for those seeking to return to work after caring for elderly relatives if you want them to be available to work unsocial hours.  This market is weven less well sructured. It is worth beginning by looking at those who have left your own organisation, including user managers and supervisors.  You should also look at co-operation with others so as to get economies of scale in promoting the opportunities you collectively offers.

6)    Many current government supported skills programmes, particularly those for cyber security are  built round those who qualify for public sector security clearance. If your aim is to acquire staff to handle global security in a post Snowden you want those who will be equally trusted by clients in Brazil, India, China and Russia and have the necessary languages. That gives you far more flexibility because UK citizenship is not a pre-requisite.
There is therefore a strong incentive to participate in the main cyber security programmes with a view to trawling those who will never qualify for "eyes only" security clearance.   

7)    I could go on but instead I would urge you to contact those running the e-Skills internship programmes and also consider using linked programmes like the Cyber Security Challenge, the Computer Clubs  for Girls and Cyber Champions if you wish to trawl for a wider choice.

For those who would like to get their HR team in on the ground floor of a more ambitious operation, and ensure that it also covers cyber security and not just digital skills, then I also suggest you get them to take a look at the plans for the "Good Careers Guide"
I recently agreed to help e-Skills engage financial services employers in reviewing their cyber security skills programmes, not just to find the gaps but also those willing to help fill them. So far I have found some good news and some bad news. The good news was that those concerned with recruiting information security staff thought the current frameworks (see the City and Guilds Documentation for Level 3 and Level 4 Apprentices plus the appendix mapping these onto existing industry qualifications for a detailed example of their practical implementation)  were a good checklist. The bad news was that almost all employers are looking for experienced staff, not trainees - and few have the skills in-house to organise a training programme. There is, however, serious interest in using the frameworks on a modular basis to upgrade the skills of those in post and to cross-train users who understand the business.   

I am now on the second phase of my study: circulating a draft report for feedback with the aim of identifying those interested in using early participation in the follow up to gain competitive advantage by developing and retaining the skills they need to protect themselves and their customers against fraud and abuse.

I am happy to send copies of that report to those with responsibility in their organisation managing and controling risk, reducing vulnerability and combating abuse. I am even happier to supply copies to those with responsibility for recruiting, developing and retaining the skills necessary. You can e-mail me for a copy and/or e-mail e-skills directly for an invitation to participate. Please include your name, job title, responsibilities, organisation and the areas and skills of most interest. If you can put the latter in order of priority that would be most helpful.

In the mean time readers may be interested in the headlines from my draft report. Some are obvious, in retrospect. Others may well be controversial, particularly for those who put their own agendas above that of preserving the reputation of the City of London as the premier, globally trusted, international, on-line trading hub.     

1.     The UK Financial Services Industry is Internationally focussed not UK-Centric

Financial services career paths are increasingly global. Major players are concerned to meet overseas, particularly US, regulatory standards, not just those of the UK. The US is not, however, the only, or even the most important, trading partner and global customers (e.g. sovereign wealth funds) expect their activities to protected against all-comers (including "our" security, surveillance, and cyberwarfare operations as well as "theirs"). This gives the opportunity to take a lead in setting global professional and security standards. It also, however, means that UK-centric requirements and co-operation arrangements are of limited interest.

2.     Cyber is a turn-off and information Security is boring. The drivers are a mix of fraud prevention, resilience, customer confidence and compliance

Few directors are interested in "information security" and "cyber" is a turn-off. Boards are, however, concerned about the consequences of insecurity:  impersonation, fraud, industrial espionage, sabotage, extortion and other forms of abuse and predatory behaviour. The skills sought come under a variety of headings: from compliance through intelligence, investigation and risk to security.

Commitment to action on skills, other than to fill known vacancies, appears unlikely without support from Board members who are seriously concerned to ensure compliance with regulatory requirements, maintain customer confidence, handle the transition to secure mobile transactions (already over 50% and accelerating) and improve the corporate ability to respond rapidly and effectively to major incidents.

That is because policy and budgets for recruitment and training are rarely controlled by members of the professional bodies currently engaged with the cyber security or information assurance agendas.  

3.     Understanding of the business is essential for those roles which cannot be "co-sourced". Most require skills mixes which cut across professional boundaries.

The days of "in-house" or "outsourced" are gone but attitudes are still different according to whether functions are handled in-house or "co-sourced" using shared service operations (e.g. to handle fraud reporting and investigation cross an industry sector) and trusted partners (e.g. retainers with audit practices and others to help with major incidents). 

Risk management and security roles in financial services require understanding of the business (objectives, constraints, priorities and vulnerabilities) and cut across people and technology processes as well as across electronic and physical security.  Few are purely "cyber" and many of these are more concerned with fraud prevention and resilience rather than information security.

Information Security is subordinate to those with responsibility for "Risk", "Fraud" and "Compliance", except where it is directly involved with the design, acceptance testing, operation and monitoring of people and technology processes and supporting systems. Many of those with cross-cutting roles have come in from other disciplines and need cross-training in information security.

Financial services employers therefore wish to mix and match modules from a variety of disciplines to update and broaden the skills of those who they already in place more than they wish to use these to develop the skills of new recruits. In consequence success entails co-operation with the Financial and Legal Skills Partnership , Skills for Justice , The Security Institute  and others.

4.     It is easier to get support for Continuous Professional Development and update programmes but widespread use of outsourcing presents serious complications with regard to delivery.

Outsourcing and co-sourcing mean that even large organisations often have in-house security teams that are too small for customised skills development programmes. More-over many security professionals are self-employed, individually accredited and/or responsible for their own training. Most employers are currently focussed on external recruitment to fill those in-house roles which cannot be filled by training users with security skills more easily than by educating outsiders to understand the business.

It is therefore easier to get interest in, but not necessarily commitment to, support for frameworks for "continuous professional development". Those with graduate intake and apprenticeship programmes for accountants, bankers and lawyers might be persuaded to extend these to include information security skills. However, given the limited number of employers able to organise in-house apprenticeship or CPD programmes, a better way forward might be to get recruitment agencies, HR consultancies, colleges and universities, to look at the economics of providing this as a service to local employers and/or alumni.

5.     There are significant issues to do with updating and marketing

The content needed in the modules will evolve over time in line with changing threats, technologies, opportunities and market structures. Generic structures which seek to avoid obsolescence by avoiding reference to particular technologies are, however, difficult for employers to relate to. They are concerned with developing the skills to address current problems - not looking into the fog of future needs.    

6.     A variety of marketing fronts and delivery channels will be needed to promote and present the content in forms to which the target audiences of employers and employees will relate.

.....

7.     The skills gaps identified to date:

Within most of the gaps identified there is a need for modules at all levels from process specification and system design, through operations, to end-user training, plus end-over-end performance monitoring. The frameworks and materials necessary to fill several of the gaps have potential global markets.

Some of the gaps below are addressed by the Financial and Legal Skills Partnership (FLSP), albeit with specifications focussed on the people processes to meet accounting, legal and regulatory requirements. Others are similarly addressed by Skills for Justice and the Security Institute.

The mechanisms for co-operation in ensuring the delivery of "joined up" material, covering both technology and people processes, when, where and how employers require are unclear.

7.1  Putting risks into business context and justifying spend

 

This requires an understanding of the business, an ability to quantify and balance the risks it faces (including of losing business because of intrusive or slow security processes) and turn problems into opportunities. The skills are not specific to information security but do require an understanding. It may be worth exploring use of the COBIT framework for linking security to business objectives.

 

7.2  Mobile: including identity, authorisation, data access, transactions and privacy

 

Most current programmes were planned before the transition to mobile gathered pace. Mobiles now account for over half of all financial services transactions and there are skills gaps at every level from system and application design, through the use of trusted computing technologies (including to identify the device and location being used and, with less certainly, the individual using the device), to educating end-users in personal security and safety using their own or corporately issued devices.    

 

7.3   Investigation: inc. forensics and the collection/preservation of evidence & co-operation with law enforcement

 

This is best organised in co-operation with the programmes planned by the National Crime Agency, City and Metropolitan Police, Crown Prosecution Service and others. The reasons are partly to ensure common standards and partly because training together is a good way of building the trust that is essential for co-operation. The programmes also needs to cover international processes because few major incidents are purely intra-UK. This area would benefit from close co-operation with Skills for Justice and those organising similar programmes to serve other parts of the globe, including, but confined to, the EU and US.

 

7.4   Asset Recovery: inc. local co-operation with overseas law enforcement and others

 

Financial services organisations are usually more concerned with asset recovery under civil law, rather than the cost and uncertainty of securing action under criminal law. The techniques available and disciplines involved overlap with 7.3 above and 7.5 and 7.6 below but are by no means identical.   

 

7.5   Governance/compliance: including Anti-money laundering, know your customer, suspicious activity reporting, customer protection, data retention/protection etc.

 

Financial services have a great many governance and compliance requirements which require technology support or the vetting of those who provide technology support. These include "know your customer",  anti-money laundering, suspicious activity reporting, data retention as well as protection, bring your own device policies, red flag behaviours, zero tolerance, bribery, corruption and customer protection. FLSP has modules covering many of these from a legal perspective. The technology perspective also needs to be covered.

 

7.6   Intelligence led Security: direction, collection, analysis, reporting

 

Direction and reporting require understanding of the organisation's objectives, priorities and culture (including to make reports on risks and threats meaningful to those running the business). Collection (logging, reporting, open source etc.) and Analysis (from historic log analysis to the real time use of big data tools) can be outsourced but the skills are in short supply (see 7.10).

 

 

7.7   Identity Management: including individuals, organisations and trusted devices

 

A prime need is for the skills to make effective use of the many ID systems and methodologies in current use and to enable the organisation to work with suppliers and customers using different approaches.  A particular problem is to bridge the different approaches of public and private sector. There is also the need to manage corporate identities, including on-line and along supply chains.  

 

7.8   Access Control: who has access to what, under what circumstances, inc. age verification

 

This is much wider than Data Protection but similarly links to identity management and authorisation. It may benefit from being organised in co-operation with other regulated industries (e.g. Credit Reference, On-Line Gambling and Adult Content) where reputations for security and privacy are core.

 

7.9   Authorisation Processes: inc. PCI-DSS and those of major suppliers/customers inc HMG

 

These should include both the evolving authorisation processes of the card and payment clearing industries and those of HMRC (including for  Real Time Information from employers), DWP (for inter-actions with employers and Local Government), Cabinet Office and others for those who have dealings with the public sector. This area may benefit from being organised in co-operation with Local Government, HMRC and DWP, all of whom have large numbers of staff to be trained at all levels from overall process and system design to end-user routines and guidance on handling exceptions.    

 

7.10        End User Skills and Processes: including access control and authorisation

 

Many large organisations run programmes to train all staff (i.e. not just those in call centres or on help desks) in basic security (how to reduce the risk of falling victim to social engineering and what to do if you think you have), the control of access to systems and information (particularly personal information on staff or customers) and incident reporting. There is a case for working with those organising such programmes on a commercial basis and with the CPNI Homer team to produce generic frameworks which can be used by those organising such programmes and for certificating those covered (e.g. all our staff are certified to XYZ). 

 

7.11         Incident Response: damage limitation, through notification requirements to public relations:

 

This cuts across a great many disciplines from those involved with handling the immediate response and restoring service through those handling the consequences (including technical, regulatory, customer relations etc.) to those handling image and reputational issues.

 

7.12        Big Data: both for detection and for protection

 

The skills needs range from understanding and using the techniques to analyse traffic and logs for detection and investigation purposes, through real-time authentication based on pattern analysis and  the means of assessing the security of services provided by others, to protecting data retained for analytical purposes or because of regulatory and law enforcement requirements. These range in level from the ability to understand and use packaged services operated by others separately or in partnership (e.g. Trend and IBM with "Deep Discovery" and "QRadar") to those to develop and maintain such services on a customised basis.

 

7.13        Website Security, including and the handling of abuse and impersonation

 

Nominet has produced some useful material in this area but there is a need to also ensure sites meet legal and regulatory requirements (e.g. under the e-Commerce Directive), are secured against hacking and abuse and contain routines for reporting abuse or impersonation (and responding to such reports) which help enhance confidence. There is also a need to address the security issues and exploit the opportunities raised by the transition from IPV4 to IPV6.

 

7.14        Vetting and personal behaviour

 

Financial services organisation are concerned with the motivation and not just competence of staff. A number of professions (e.g. the Chartered Institute of Securities and Investment) have mandatory programmes to develop attitudes towards good practice. There are also regulatory and statutory requirements in several sectors. This cross relates to 7.10 and FLSP has specifications covering the recruitment, selection and retention of colleagues. The issues do, however, go further and there is a good for co-operation with both CPNI and the Chartered Institute of Personnel Development on shared modules covering processes for CV checking and behaviour monitoring (including over social media).     

 

7.15        Support for Small Firms, generic and those in the supply chains of large firms

 

This should include the skills to implement, advice and support the audits by IASME or CREST that are to be made mandatory for SMEs supplying Government net and well as any other requirements from Banks, Insurance Companies (including PCI-DSS etc.). There is also a need to look at support for micro-businesses (e.g. the FSB members who are too small for IASME. The skills in this area are likely to cut across all others at the "foundation" level.

 

7.16        Process Control: alias SCADA, Internet of Things, Ubiquitous computing

 

This was not part of the remit for this exercise but serious interest and potential volunteers to help address the issues were found.

 

8.             Current Action Plans

 

8.1  Follow up on contacts made with ...

8.2  Work with ... on surveys to obtain views on which skills are in short supply and the priorities of those interested in participating in joint action.  

8.3  Follow up on contacts made with ... to look at organizing activities to identify employers willing to work together on skills issues.

8.4  Follow up on discussions with recruitment agencies and others to explore business models for commercially attractive (to all sides) co-sourced CPD and apprenticeship programmes.

8.5  Identify security suppliers interested in helping specify material that will help current and potential customers make effective use of their products and services.

8.6  Identify training providers interested in participating in the programmes with a view to supporting apprentices, those following continuous professional development or cross training programmes or those wishing to simply fill skills gaps   

I look forward to receiving comments, particularly from those with responsibility for protecting their employer and its customers and in helping with the specification, organisation and delivery of materials, courses and qualifications to fill some of the gaps above. I would also be interested in comments on how best to reconcile the various intra-UK, intra-EU and intra-NATO agendas with those of truly global players.

I am of the personal opinion that co-operation in education and training in the best means of reconciliation - but I remember being trained in the same signal school as those who were to man the signals rooms of the destroyers we had sold to Shah of Iran. We were strictly segregated. I subsequently came to appreciate the reasons. That said, the risk management and security teams of global trading operations have long needed to organise co-operation against common (criminal) adversaries between those whose governments do not trust either other.  The development of cyber espionage and warfare merely adds a new dimension to the tensions between merchants and warlords that goes back to the dawn of civilisation.   

 

 

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

Dave Walker on You get what you pay for ... : It loks like we've both been having problems with ...

 

-- Advertisement --