July 2012 Archives

Lords support Commission Against BDUK Framework

| No Comments | No TrackBacks
| More
Chapter 3 Paragraph 59 of the House of Lords Communications Committee report looks like the coup de grace for the BDUK framework. "We endorse the Commission's suggestion that open access to dark fibre at the cabinet-level  be introduced as a condition of BDUK's umbrella state aid permission."  It looks narrowly technical, compared to the call for digital hubs, let alone the headline stories on lack of focus or rural broadband picked by the BBC or Telegraph . It goes, however to the heart of whether the UK is to have globally competitive networks, built, maintained and operated to international standards or is to fall further behind, as a state-planned, regulated and subsidised backwater.

The report continues "Accordingly, not least in order to expedite its own programme, we recommend that the Government incorporate open access to dark fibre voluntarily as a feature of its Framework agreement with suppliers. More broadly we endorse and invite the Government's view on the European Commission's conclusion on the broadband investment environment that "securing truly equivalent access by alternative operators to incumbent networks is probably the most important guaranteee of sustainable competition, on existing and new networks".

At this point I part company with their Lordships. It is not that I disagree with their recommendation or that of the Commission with regard to terrestrial broadband services to the domestic consumers. It is that the world has moved on. Our incumbent operators risk being left dead in the water, leapfrogged by alternative operators cherry-picking financial centres (like the City of London) and high tech hubs (like Shoreditch or Soho), linking them to their global peers but not to the rest of the UK. BT and Virgin also need help - including to share the cost of infrastructure investment with other utilities, from the mobile operators to power, gas, oil, water and transport - all with their own communications networks and plans.

More UK teenagers now access the internet, more often, over Everything Everywhere, Vodafone, O2 and 3 than do so over the myriad of ISPs who resell BT local loops. A mix of Local Authorities, Health, Education and Transport agencies plus players like Arqiva, Babcock, Fujitsu, Sky and Thales now build, own and/or operate at least as much of our communications infrastructure as BT does in-house.

Local and Central Government are looking to move the bulk of its employees onto PSN compliant networks, both fixed and mobile, to help cut 20 - 30% out of service delivery costs. They cannot afford to waste time or money waiting for a dead-end alternative that has been blocked by the Commission and condemned by a Select Committee.

Business has to compete with overseas competitors whose local supply chains are increasingly based on gigabit links, including to their homeworkers.

Now let us add-in the plans for smart meters and smart cities, from the modest UK  TSB competition and the EU SETIS initiative to the work of leading edge UK companies with those who take the future seriously, like the Chinese.

To summarise: I believe the Lords are correct in their analysis and have come up with a relatively simple way of enabling ministers to save face by focussing the BDUK framework on access and inter-operability rather than nominal speeds. However the world has moved on and the time has also come for "Infrastructure UK" to purge and merge the relevant operations of DCMS, DECC and BIS and make the UK a location of choice for pension and wealth funds, not civil servants, to pick winners. We need business models that are attractive for the Ruritanian Teachers Pension Fund, the Sheikyamoni Sovereign Wealth Fund and the Borchester 500 Club. In short: we need to allow market forces to compensate for regulatory failure.

Enhanced by Zemanta

Has the Olympic cyberwar begun?

| No Comments | No TrackBacks
| More
The refusal to accept Visa payments at Wembley has been blamed on a local fault but had they just discovered that they were using compromised readers . Thre is an intersting juxtaposition of stoires in the Daily Telegraph today. The problems with US card readers (they have yet to switch to chip and pin) being used to milk customer details have been known for some years. With visitors from the US world coming to London for the Olympics there was always likely to be a problem? Was this a first symptom? What comes next?    

The Atlanta Olympics was the test bed for the Internet. It was the first games to be organised using Internet protocols, incluidng for ticketing. The sytems had negligible security and it was said that if fraud was below 4% of turnover it would be counted a success. Fraud was negligible because few criminals and terrorists (apart from the Tamils and Al Qaeda) had yet to discover the Internet. Which on-line operations today could withstand losing up to 4% of turnover through fraud?

This is the first games to be held in a major financial centre since 1948. The Internet will indeed have come of age if card fraud and on-line can be held to negligible amounts without seriously inconveniencing customers. However, the temptation, at least for Daily Telegraph readers, to carry sufficient cash to be worth mugging, in case your cards do not work, has  just risen.  
Enhanced by Zemanta

UK Telcos and ISPs split over broadband rationing

| No Comments | No TrackBacks
| More
In a BBC news item today "ISPs split over UK Open Internet code of practice" the term "Open Internet" has replaced "Net Neutrality" as newspeak  for bandwidth rationing in much the same way as "superfast broadband" is newspeak for fibre to the cabinet. Meanwhile O2 has just switched on its ubiquitous broadband (alias wifi) for the West End and the rest of the world is galloping toward fibre to the home/femto, with services from 100 to 1000 mbs for those willing to pay.

Today the BBC is reporting on the breakdown of attempts to use the Broadband Stakeholder Group as an umbrella for rationing.   I spent yesterday afternoon at an INCA meeting on state aid. I heard the EU giving rapid (average 8 weeks) approval of municipal plans to invest in open access dark fibre infrastructures contrasted with their apparent (over a year to date) refusal to approve a BDUK framework that would trap BT (let alone its customers) into a second best service that will be very expensive to upgrade.

The business model behind MacQuarrie's parallel investments in Cityfibre and Arquiva, viewing fibre and wireless networks as utility infrastructures to be auctioned to lead customers (from  PSN local government, health and welfare users to local businesses and fixed and mobile operators) is a far more attractive model for politicians and investors than rationing plans. I was also interested to get confimration as to who really owns, builds and operates the quilt of infrastructures over which the services sold by BT, O2, Virgin and Vodafone run.

As I have said before, the time has to allow market forces to redress regulatory failure.

That does not mean we do not need regulation, but it does mean that regulation should be there to ensure that customers get a fair, robust, secure, resilient and sustainable service. It is not there to protect current incumbents from change, let alone lock them into business models (like fibre to the cabinet) that condemn their shareholders and investors to falling returns as they and their customers are leapfrogged.

The next few weeks is likely to resolve much current debate with a does of reality as we see what happens during "the Olympic challenge", (from smartphone traffic to teleworking).  Broadband, both fixed and mobile, is now part of the critical national infrastructure. It has to be treated as such. Hence my belief that the cabinet reshuffle should merge the relevant parts of DCMS, DECC and Transport as an infrastructure ministry and that we should also set about converging the regulatory activities - while splitting out content and putting it alongside surveillance and data protection!      

      
Enhanced by Zemanta

"Does IT have an image problem?" - no more than the Taliban.

| No Comments | No TrackBacks
| More
On one of the Linked In groups to which I subscribe I came across the question "Does IT have a bit of an image problem?". There are many possible answers but over the years I have come to the conclusion that IT has the image it deserves. Many of the groups of IT professionals who whinge about the image of IT have mindsets akin to those of the introverted tribes who have taken Islam back to the middle ages. Even "computing" has a better image.   

Is Treasury getting its act together on Infrastructure Investment?

| No Comments | No TrackBacks
| More
The departure of the DECC permanent secretary (days after the announcement of the Treasury £50 billion programme to stimulate infrastructure investment) indicates that HMG may finally be getting its teeth into the mix of centralised but nonetheless conflicting and fragmented (across departmental and regulatory boundaries) planning, control and regulatory initiatives that it inherited. The problems are not confined to utility infrastructures with DECC, BDUK, Ofcom, Ofgem et al. There are similar problems from financial services (where they helped cause the current crisis) through to health and welfare. The problems are, however, particularly acute with regard to infrastructure. We have growing rumours that neither DECC nor DCMS will survive the post-Olympic reshuffle because they, and their regulators, appear to be standing in the way of the investment needed to help pull forward recovery rather than bringing it forward. Meanwhile it is said that the officials working on Broadband and on Smart Meters are banned from speaking to each other because they are engaged in competing procurements (for communications infrastructures) with the same suppliers.

My advance reading for a meeting last week on bringing together Energy and Communications policies as part of an affordable "green" agenda, included a very sharp and well informed attack on the current smart metering programme. It was described as Ed Milliband's "poison pill" for his successors. Unfortunately the author, usually a great advocate of open government (you know who you are) marked it as "not for circulation". I hope he will change his mind after reading the rest of this post - if only to complain about having his paper misinterpreted.    

Is BDUK a triumph or a disaster - and for whom?

| No Comments | No TrackBacks
| More

Last week I was told that BDUK was a triumph because it had enabled the leveraging of a £billion of additional funding (from BT, EU and Local Authorities) on top of the DCMS funding. Three days later I heard that Fujitsu had withdrawn from the Cumbria bid and BT had been asked to retender. The Financial Times , quotes Fujitsu as citing "lack of a clear path towards a mass market". Computer Weekly quotes the Councillor overseeing the tender process as saying "Fujitsu's reasons ...[were] national rather than related to Cumbria". Meanwhile one of the local MPs is complaining at the lack of progress over the 18 months since the Minister announced the funding for Cumbria. One story is that the EU objections to the BDUK framework are a minor irritant and "the programme is still on track for its 2015 targets". Another is that the objections are fundamental: a refusal to allow support for an incumbent telco to provide a service that does not meet agreed EU performance targets. There are also stories of threats of legal action under state aid rules by those not allowed to bid. 

I wonder if the "triumph" story might read: "Fujitsu withdrew because the tender, under the  BDUK framework, lacked a clear path because it did not meet EU performance targets and fingers crossed, BDUK will get this right by 2015."

Meanwhile, according to the Guardian, BDUK spent over a £million last year on KPMG procurement consultants and over £700,000 on legal advice from Pinsent Masons. It has spent nearly another £900,000 so far this year and has a lifetime adminstrative budget of over £16 million. For comparison, Westminster and Chelsea spent £20,000 on procurement and legal advice for an ubiquitous broadband (alias wifi) deal for which negotations began approximately this time last year, the tender was awarded before Christmas and roll-out is under way. The consultancy and legal fees for the Birmingham broadband procurement which was recently approved by the EU are not in the public domain but I am told they had change out of £50,000.

Enhanced by Zemanta

ID (alias Internet Address) and Surveillance Wars: ICANN v. ITU

| No Comments | No TrackBacks
| More
Would you trust a bunch of self-appointed experts, corporate lobbyists and US IP lawyers with the governance of the Internet?

In looking at the interplay between identity and surveillance policy, I find it difficult to tell whether many players are naive, narrow-minded or "economical with the truth". It seems obvious (at least to me) that the scrutiny of EU Plans for a regulation on electronic Identities needs to be joined up that of the proposed UK surveillance legislation  and viewed alongside the objectives of those organising the ITU World Conference on International Telecommunications Communications for which the papers have now been leaked . Yet the almost no-one, except for some of the members of the EURIM ID governance group appear to be trying to link them. Most players appear to obssessed over technical detail, academic definitions or short-term business opportunities.
 

Those who claim WCIT would be ultra vires were it to seek to wrest the oversight of Internet addressing from ICANN should remember that until last month it was the ITU that was hosting much of the work on IPV6 standards for a world of individually addressable, ubiquitous computing devices. More-over, not only is ITU still the main source of advice on IPV6 for most of its members, they would probably see the end of "IPV4 address rationing and re-use" as allowing a return to "unique telephone numbers": the organisation of which was one of the key roles of the ITU before it lost its way.  Now let us look at the "addresses" enshrined in the supposedly trusted platform modules of every smartphone alongside the tools (like DarkComet ) used by investigators and criminals to monitor our on-line activities and let us revisit the inter-play between supposedly separate debates.      

Enhanced by Zemanta

Commission to regulate website authentication

| No Comments | No TrackBacks
| More
I have blogged before on the Commission proposal to regulate electronic identities and trust services but it was not until a EURIM workshop on monday to collate members concerns that I appreciated the enormity of what is proposed. The preamble alleges that the draft builds on extensive consultations but it is clear that few of those who might be affected were aware of these and the resultant draft is open to wodely differing interpretation practical meaning of what is proposed.

Some of the mandatory requirements are breath-taking, such as the state provision of on-line, uninterruptible, uncharged electronic identifcation authentication routines for which they accept liability to the third parties who use these (Article 5). Others are feeble in the extreme, such as accessibility to Trust Services by those with disabilities "whenever possible".

The requirement for supervisory bodies raises many more questions that it answers while the section on electronic signatures would appear to undermine the whole basis of international trade (where the technology neutral "common law" routines have been clear for well over a century since the cases on whether a cable authentication was a signature).

What most shocked me, was, however,  the requirements (Article 37) for qualified certificates for website authentication. It revealed a mindset behind the draft that appears worthy of a disciple of L Ron Hubbard

Overall the other concerns raised by EURIM members could be summarised as:

1.       Lack of clarity on key definitions. This caused confusion because different parties had interpreted the meaning of parts of the Regulation in different  ways. This was particularly apparent where liability was involved.

2.       Given that public consultation is over and this is now being handled on an inter-governmental basis, how do corporate members work together to submit consensus feedback to EU governments on the potential impact of the regulation?

3.       The regulation lacks a global perspective. For example "website authentication"  certificates  are among the electronic IDs covered by the regulation. This may be "logical" but raises many issues regarding existing routines for global e-commerce, including the use of "authenticated internet addresses" (including those linked to the use of trusted computing modules, geo-location data, transaction footprints etc.) as "signatures".

4.       The regulation and proposals regarding  co-operation to address e-Crime and Fraud must be aligned.

5.       We need a clear and unambiguous framework for looking at Trust services covering people, applications, software and "things" (as in ubiquitous computing  and the Internet of Things). The regulation will fail if there is no trust in who or what is behind a credential: e.g. how much can the UK "trust" a Ruritanian credential.

6.       The business world already has working solutions to many of the supposed problems and  is developing solutions to others. There is a real risk that the regulation may prevent "real world" progress.

The dynamite is 2) above: the assumption that the time for public consultation is over and this is now an inter-governmental matter.  Later on Monday, after its AGM, EURIM held a reception that was attended by many of those involved in running cross-border transactions both within the UK and around the world. Lord Erroll,  Syed Kamall MEP and Stephen McPartland MP all spoke on the need for industry to work together to educate politicians and officials and to use EURIM as one of the most effective umbrellas for organising the joined up scrutiny of well-meaning but screwed up proposals.  

The acronym EURIM originally stood for European Informatics  Market, the mythical "digital single market". It has now agreed memorandums of understanding with PICTFOR (the UK all-party parliamentary group concerned with IT and Internet matters) and the European Internet Foundation. The new Director of the European Internet Foundation was at the reception to discuss forward co-operation before returning to Brussels for a meeting to discuss follow up to the Digital Assembly.

As part of the forward programme of co-operation, EURIM will be organising "joined up" inputs to the scrutiny of the draft Data Processing and Electronic Identity Regulations  and  the draft Payments Directive . By "joined up" I mean looking at proposals in context to illustrate how they interact and should be used to facilitate, as opposed to in the way of, the creation of a globally competitive digital single market.  

Last night material from workshops to summarise members' concerns on all three was being presented in Brussels with the promise that over the next few months the relevant EURIM working groups will put flesh on those summaries and assist the Commission, UK Departmental and Parliamentary scrutiny processes in London and Brussels.

If you are serious about wishing to do intra-EU cross-border trade within the EU, without having to route your transactions via the US so as to avoid the overheads imposed by ill-considered regulation, the time has come to work alongside your peers to inject some common sense into policy formation and scrutiny. Of course you will not have the time to spend on meeting after meeting in processes that are designed to exhaust opponents into compliance. Hence the reason for using EURIM working groups to farm out the work while providing continuity of effort.

The process does, however, require professional support, including rapporteurs like the excellent Dr David Wright (who applies the same rigour to political issues as to carbon sequestration in his academic career). This has to be funded. Hence my support for the efforts of my successor as Secretary General (Dr Edward Phelps) in telling our many fellow travellers that the time has come to JOIN and help cover the cost. It is a lot cheaper that the consequences of living with "ignorance in motion".

And if the finance director says you have to hunker down and get next quarter's revenue target, just remember the side benefits from working alongside your customers, your suppliers and your peers, whether partners or competitors or both (depending on the business in prospect). On monday night I heard the happy buzz of business introductions being made - I myself one introduction (both players at main board level) that may well lead to a £multi-million commercial co-operation on the "greening" of shopping malls in three member states. 
 

Enhanced by Zemanta

Is 27001 to blame for the LIBOR fiasco?

| 1 Comment | No TrackBacks
| More

The ongoing LIBOR saga has two dimensions.

One is political - how much is the story really about banks responding to Government pressure to rig the rate, once they had discovered how easy it was to do so?  We should note that the systemic rigging came after the banks had supposedly said they wanted reform because it was open to abuse.

The other is how such a key market rate came to be based on subjective inputs in the first place. I have had some profoundly worrying e-mails since I blogged on how Libor broke the first rule of information governance. The gist of these is that the rigging of LIBOR may be only the first of a series of scandals that will emerge because of the way the FSA promoted "self-policing" by those who could be "trusted" because they adhered to 27001 or had similar processes which enabled boxes to be ticked.

Lloyds (whose Head of Security for Digital Banking is facing fraud charges) is among those which boasts that it processes are based on 27001.  I remember favourably reviewing one of the first text books on how and why to implement 27001. About two years ago I lost faith. I now wonder if it is part of the problem, not the solution.

That is partly because so few people in organisations that have been certified have actually read the processes they are supposed to adhere to. In some cases that may also include the supposed authors, who copied the sections from elsewhere.

But it is more because of way it can distract attention from the collation and prioritisation of risk, particularly the risks that arise from the way staff are motivated.

Many years ago, as a Public Corporations Sector Comptroller in ICL, I was the only member of the sector management team not on any of the bonus schemes. My staff ran the order taking, debt chasing, expenses and bonus systems and I reported to the Finance Director, although I hardly ever saw him. We also checked the profitability and I approved those discounts in my power (over and above those the salesmen could offer) or supported the case for more (alongside the sector manager).

Had I and my staff also been on bonus I suspect we would have reported rather more sales, paid more expenses and the company would have been paid but its customers rather more slowly and written off more bad debt: all without considering that we were being actively dishonest.  
 
I doubt that those dealers who rigged Libor in their own interests (or that of their counterparts in other banks as part of "easing" the market) are any more, or less, (dis)honest than the average computer salesman (wanting a better deal for his customer and an easier relationship for the upgrade) - or the man in the street.

Clive in the Daily Telegraph sums up the role of those policing compliance in a way with which many of those in large organisations would, unfortunately, sympathise. The following day he equally succinctly, summed up the current state of information governance in most large organisations, not just the banks but those central government departments with bonus schemes as well.

Will US Patent Wars hand regulation of the On-line World back to the ITU ?

| No Comments | No TrackBacks
| More
The Internet as we know it is the result of the waiving of intellectual property rights by not only its funders but by major corporations, more interested in its growth as a platform for other money-making products and services operations rather than possible license revenues. In consequence ICANN, IETF and W3C leapfrogged the dead hand of the ITU. Now the ITU is offering to ride to the rescue because US lawyers threaten to block the way forward.    

IPV4 and the World Wide Web did not trash X25, LYNX, Mosaic and other competitors as the basis for global on-line communications because they were inherently better. They did so because the intellectual property behind them was made freely (as in "free" beer) available. The mobile communications market took off because the GSM standards were similarly "non-commercial".

Now it appears that the ITU is about to intervene because a cartel of major US players and their patent lawyers are seeking to stand in the way and prevent the rest of the world from  leapfroging North America and Europe into the mobile world.  This could well be the start of a global trade war which the West will almost certainly lose far more than the license revenues directly involved. 

One effect will be to bring about the long overdue reform of intellectual property rights. I hope that will include a return to a regime akin to that which encouraged and rewarded those who created the first industrial revolution: the Statute of Monopolies and the Statute of Anne  - 14 years and loss of rights (or at least compulsory licensing) on the part of those who fail to bring their innovations to market. That simplistic way forward does, of course, raise as many questions as it answers but time is no longer on "our side". WIPO, like the ITU is subject to majority voting and if the Geneva Declaration and the Access to Knowledge proposals gain similar momentum it may not be an option. 

Meanwhile ICANN is now fighting for survival, having stirred a similar hornets nest of IPR issues with the ambitions of US registrars to earn more revenues from the sale of domain names rather than sort out a governance system that is well past its sell-by date. Once again the underlying issues are very messy - and time is not on our side (whichever side that is).

I have just agreed to organise a competition to get Masters Students (all subjects, not just the "techies" but business schools, lawyers and theologians) to look at "The Meaning of Trust in the On-line World". The idea is to get the thought leaders of tomorrow looking at some of the fundamental issues where the UK has to help lead if they are not to have to emigrate for work. That way we can get radical ideas into play without embarrassing those having to defend difficult (and worse, unprofitable as well as unsustainable) position until they find a better bandwagon to jump on. [I do to tend to mix my metaphors, but I hope you get the message].  

Perhaps there is a need for a similar exercise with regard to IPR and the need to once again unleash (but also reward) the creativity of the West. If so, I hope it will encourage entrants to also look at the need for change to the sclerotic testing and regulatory regimes (from pharmaceuticals to financial services) which increase cost and delay launch until patent protection is close to expiry.



Enhanced by Zemanta

Was the RBS system collapse a "Tay Bridge" moment?

| No Comments | No TrackBacks
| More
I have been told that the immediate cause was the accidental deletion (instead of implementation) of the restoration schedule by an inexperienced operator. If that is correct, it raises the question of how and why the system was so vulnerable.

As with the Tay Bridge, the question is, therefore, not why it happened but why it did not happen earlier.

As I said in one of my previous blogs on this topic, the time has come for the IT industry to take professionalism seriously and not just mouth the words.

There is a similar issue to do with Libor where the revelations of government interference merely add to the need to also take a new look at the standards of information governance, not just of technical competance, on which our society increasingly relies.  

Meanwhile I ask "Who would you rather trust with your savings, bankers rigging interest rates to boost their bonuses or politicians doing so to write-down what they owe you?"
Enhanced by Zemanta

About this Archive

This page is an archive of entries from July 2012 listed from newest to oldest.

June 2012 is the previous archive.

August 2012 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

David Moss on Is Universal Credit on th... : "By Philip Virgo on September 9, 2013 12:04 PM" To...
Philip Virgo on Who do you trust less? Go... : This is a good point but raises the question of wh...
Paul Rhodes on Who do you trust less? Go... : Risk is about more than threat it is also about im...
Philip Virgo on How many Bradley Mannings... : I fully accept your point regarding spell/grammer ...
Marc Escreet on How many Bradley Mannings... : Whilst all this is opaque, to the public, the shee...
Rob Kenna on BT to give fibre to the p... : OK so you can't talk about anything but "contentio...
Philip Virgo on Why can't small firms adj... : I am hoping that this post may draw responses from...
Darren Graci on Why can't small firms adj... : Have the businesses in the local area thought abou...
jo small on How rural is Smithfield (... : Ah, totally agree. Let's also discuss a fund for t...
Philip Thomp on BT to give fibre to the p... : GFor comparison, Gigaclear costs £69/month for Hom...

 

-- Advertisement --