May 2011 Archives

What is the difference between South Tyneside Council and the Iranian Secret Police? South Tyneside uses californian lawyers instead of deep packet inspection to identify their on-line enemies.

It is five years since Goldsmith and Wu wrote "Who Controls the Internet: illusions of a borderless world" and readers will know that I blog regularly on the nature of the Internet as a "Cartel masquerading as Anarchy" and the question of whether we can and should trust industry ("merchants") more than governments ("warlords") to handle on-line malpractice. They will also note that my views on some of the key questions are little more consistent than my punctuation and spelling. It believe it more important that you understand the fundamental importance of the questions than listen to my attempts at answers.  

 

Next week the Information Society Alliance (EURIM) is due to announce a major exercise on information and identity governance. This will combine top down studies of the conflicting agendas that need to be discussed  "in the same room at the same time" with bottom up exercises to distil practical solutions. Later in the June I am due to introduce a high level workshop (of Whitehall Mandarins and Heads of Industry and Finance) on the differences between government and industry in their approaches to information assurance and security. I expect to get more from them than they do from me - but was honoured to be asked - especially when I heard who had recommended me.

 

I had not, however, expected the EURIM exercise and the high level workshop to be quite so topical, although I knew they were timely.

 

The draft prospectus for the EURIM study (see below) does not explicitly address the use of social networking for management and consultation - or its "monitoring" to "remove" dissenters" but one of the prospective members of the leadership team has already asked whether this will be included.

 

Last Thursday I was at the European Internet Foundation event on "Who Pays for Broadband" when Ed Vaizey made a strong statement on the need to use market forces to pull through investment in broadband work at thesame time as announcing that three bids for funds to support roll-out in rural areas had been successful. A day later Jeremy Hunt wrote MPs saying that further competitions would be replaced by allocations for local authorities to be "made available once we have eached agreement with them on other sources of funds and their plans for delivery". The change of approach is most sensible, given the number of bidders who had wasted time and effort proposing solutions that failed to build on the infrastructures already available or engage community support and other sources of funding, including local authority, education and health communications budgets, using BDUK funding only as top up.

 

Today's communique on UK-US co-operation on Cyberspace, see below for fulltext, includes the news that UK has finally ratified the convention on cybercrime. There are three views on this.

1) This is a long overdue of an obstacle to UK-based co-operation against on-line predators and shows 

2) It is a meaningless gesture unless backed up by serious resource 

3) The convention is flawed and needs updating.

I happen to share the first view - but fear the second view may turn out to be correct - unless industry (telcos, ISPs, payment and transaction services, on-line retailers etc.) use the opportunity to take the lead in organising co-operation to "remove" those who are attacking them and their customers.  

I'd very much welcome readers views.     

Read on for the full text:

The good news is that the Prime Minister and the Chancellor of the Exchequer are both asking the question, They are also serious about listening to the answers.

1) The UK tax and banking systems actively penalise hands-on investors and those who introduce them to those looking for funds - without going through expensive and useless (in terms of genuine investor proteciton) regualtory hoops. This problem is not new and was also the reason there was no British Apple.

2) It is too difficult to get planning permission in those locations with the necessary mix of power and water supplies, communications links and people skills. This is also the reason why there is no Googleplex in the UK and again is not but is getting worse as our power and water supplies crumble and our broadband and skills supply fall further behind,

3) The jungle of information and identity governance rules - from RIPA to Data Protection, from Know Your Customer to Money Laundering - that get in the way of good business practice and customer service. This is also the reason our existing data hubs are quietly emigrating.

 

Do read the full record of the House of Commons debate on May 19th on Rural Broadband and Mobile Coverage . The precise motion is dry, being a call for Ofcom to increase the coverage obligation attached to the 800 MHz spectrum to 98%, but it is a shot across the bows of both Ofcom and Broadband UK.

A hundred MPs supported the call for the debate and twenty had taken part before time ran out and the motion was passed. Some gave specific examples of how regulators and officials had killed off local initiatives. The strategy is simple, effective and not confined to broadband. Persuade enthusiasts to bid for extra support from departmental programmes - where the spend on bidding, adjudication, co-ordination and consultancy is commonly more than the original proposals, let alone the funds on offer, whether or not anything actually happens. Watch the enthusiasm drain away. Then claim there is no demand,

Would a test case between Sony and Amazon on whether the later is at fault for allowing its cloud services to be used to batter down the Sony security defences do more to sort out our rights and responsibilities in the on-line world than a decade of debate and discussion?

Or would it merely add layers of legal obfuscation and further get in the way of allowing our system engineers to sort the systemic weaknesses in the governance of Internet addressing that enable such attacks - whether using by botnets or clouds?  

Either way the allegations in the Register this morning add weight to the theme in my blog yesterday - that regulators and legislators bring little, if anything, to the table when it comes to sorting out the problems we face. 

If recently attended a meeting of senior bankers at which the thesis was advanced that the recent banking crisis was primarily a failure of information governance: with major players no longer understanding how supposedly diversified risks were correlated. More-over the flow of tick-box regulation (FSA, Sarbanes-Oxley, Basel 1, 2 and 3 etc.) had diverted management attention away from exercises that would have enabled corrective action. Thus regulators were to blame for turning the collapse of a few former building societies and their US equivalents (in the wake of government inspired property booms and associated mortgage scams) into a full blown global liquidity crisis. That is a gross simplification of the arguments, but I was struck by the underlying thesis that regulators do more harm than good when they try to do much more than enable customers to avoid those who do not follow adequate practice.