Scramble for Safety but not to protect Children

Those who complain about calls for action that are not based on conclusive evidence as to the harm done by the uncontrolled exposure of children to sado-masochistic sexual violence should re-read what what was actually proposed at the end of the Parliamentary Inquiry. Claire Perry did not get a Harvard MBA and jobs with Bank of America, McKinsey and Credit Suisse by taking a cavalier attitude to evidence. Her comments about "a social experiment without knowing the consequences" are most apposite. The recommendations are a well-crafted and practical compromise across many deeply-held convictions. 

They should also listen to what was actually said by Dr Magnanti, who is now a research scientist at the Bristol Institute for the Research of Child Health.

Those who blame parents for not being able to use the tools currently available to help protect their children should take a good look at how those tools are currently packaged and promoted. They should also take a good look at their own "evidence", including widely accepted mythologies about how and why the Internet works the way it does. The Internet is in a constant state of evolution. What was impossible a decade ago has become almost routine today. And vice versa. That is why so much of the thinking behind current debate over the Interception Modernisation Programme has also become divorced from reality.

At a time of recession Internet enthusiasts need to appreciate the potential cost of their patronising attitudes to those who pay to go on-line: whether by subscription or by providing their personal details to who-ever wants to sell whatever to them and their children. It is not just the threat of regulation that is almost certain to achieve the opposite of what is intended. It is also the loss of reputation and market share on the part of those ISPs and on-line advertisers and retailers who pay for their "expert" services.  

We need to work together to avoid unconstructive conflict between two crusading groups.

·         those concerned to separate benefit from risk and ensure that the new technologies are used to serve us, not enslave us

·         those concerned with the social and sexual, not just technical, education of our children so that they grow up to love and appreciate, not exploit and degrade, the opposite gender 

We need to identify "least risk" courses of action in the absence of clear or conclusive evidence. Given that one of the areas of agreement appears to be that we cannot trust governments and regulators to understand what they are doing, let alone get it right, that means doing the unthinkable: helping customers to make well informed choices.

That goes against the grain of all respectable academic and professional opinion. We

"the experts" know what is good for them.

Most of us share the ignorant arrogance of the Civil Servants and the major consultancies they employ to rationalise the status quo, bolstered by currently fashionable theories - albeit I like to think that, as a Peterhouse Historian (as well as sometime Acting Vice President of the British Computer Society and Principal Consultant at the National Computing Centre) I follow in the footsteps of those who earned Cambridge its reputation as the "Devil's Flamethrower" .  

Here I should nail my own colours to the mast:

"Grab them by the b***s and their hearts and minds will follow" has its technology equivalent "Grab them by the wallet and their marketing spend and development budgets will follow". 

We should give priority to mobilising industry support for recommendations 2 and 3 of the all party report:

• ISPs should provide better support for internet safety education and initiatives such a Parent Port and improve signposting for these services from their own web domains
• Government and industry representatives should draw up guidelines for improving the communication of existing internet safety settings, improving training for retailers, developing a family friendly kite-marking scheme for manufacturers and retailers and improving signposting to pre-installed security settings during device configuration

I believe we need two parallel and complementary campaigns in order to achieve results.

The first is to use customer and consumer boycotts to ensure that business migrates to those ISPs who take safety and security seriously.

The current near impossibility of finding, let alone making sense of, current guidance is indefensible.

Where are the links from most ISP websites to ParentPort , Get Safe On-Line or the Childnet material being used in the Cyber Champions initiative which uses young information security professionals to help turn children from potential victims into  on-line prefects and potential cyberwarriors?

Where are the links between ParentPort, Get Safe On-line and Childnet?

As Chairman of the Security Panel of the IT Livery Company  I recently hosted a round table to look at using support for the Cyber Champions programme to help draw the Banks and those running On-Line Payment and Transaction services into supporting a rationalisation of our current fragmented and under-funded on-line safety awareness programmes.  That  exercise is expected to begin under the aegis of the Information Society Alliance www.eurim.org.uk  and to focus on the business case for using better advice and guidance as a core part of marketing strategies for protecting market share  and winning new business at a time of recession. The success  of Talk Talk "Active Choice" already shows the potential.

I referred above to the need for a two campaigns.

The second is to harness the driving forces behind the planned legislation to "update" RIPA and force ISPs to retain communications data to better purpose.

It is not enought to simply reveal why the current proposals are as they are - despite the mounting evidence that what is proposed is a expensive way of weakening security. We have to demonstrate that there are better, cheaper ways of achieving the supposed objectives.

I hope to make time to blog on some thoughts for the second campaign shortly. I plan to link some of the more constructive discussions in the bar after yesterday's Scrambling for Safety to what I have learned recently about the scale and nature of some of the commercial monitoring services used by major ISPs and On-line transaction and payment services around the world, not just within the UK, to protect themselves and their customers.