February 2013 Archives

Press cover on the result of the .UK consultation conceals more than it reveals

| More
The BBC news story about the shelving of the proposals  put forward by Nominet for consultation is accurate as far as it goes but misleads rather than informs those outside the trade mark community (including registrants) which provided 90% of the responses and had, in some cases, very different views to the business and consumer groups which, between them, accounted for only 5%. Even Caroline Baldwin's piece for Computer Weekly misses the meat of the story. But that is not surprising because it is hidden away on pages 39 and 40 of the Summary of Reponses.

All of the business and consumer groups and those registrants whose businesses are based in the UK believe that .UK (whether long or short) should mean the operation is based in the UK and/or governed by UK law. About half the registrars and those registrants whose businesses are based outside the UK believe .UK should also be available to those, wherever based, who wish to sell to the UK.

Almost all respondents believed that security and verification should be improved and agreed with at least some of the proposals, nearly half with all of them, but most had severe reservations with, although they differed as to which. Only 10% wanted no change.

That is my summary of the 90 page Nominet summary which goes into great detail on technical issues of  interest to registrars, registrants and Internet enthusiasts. Nominet has some "interesting" feedback for when it tries to rework the proposals in line with the feedback. I look forward to seeing what they come up with.

The news story should therfore be that the introverted community which runs the Internet addressing systems is seriously out of step with the rest of society. It therefore risks being friendless and vulnerable when law enforcement gets the backing of politicians to take effective action, whether nationally or internationally, via ICANN or via the ITU, regardless of their protestations. I hope that sufficient of them recognise the danger and will work together with those in business and consumer groups who are serious about rebuilding confidence in the on-line world to help ensure the actions are not actually counter-productive when they come.     

Should the penalty be for the data breach or for aiding and abetting fraud?

| No Comments
| More
I have just had interesting feed back from a number of CISOs on my posting on the EU data Protection Directive. Some are still stuck in the past, adding yet more electronic nappies to cope with severe cases of data diarrhoea. Others are seeking to make the transition to a future where attack is the best form of defence: not only do you get damages from those who aided and abetted the attack (perhaps even from those who contracted it and trousered the cash) but next time the predators will attack some-one else, thus giving you competitive advantage.

A core question is whether it is the data breach that should attract any regulatory penalty (if and when you identify the breach to notify) or the failure to take action to help prevent data on your customers being used to for fraud as soon as you discover that it is happening, even if you have not identified how the criminals obtained it?  Should that liablity also apply to government departments and agencies, including regulators who demand that data be retained even though there is no business reason?

Once fraud has been attempted, the traditional penalties for "aiding and abetting" can be used against those who not only caused the breach but who helped the criminals exploit it. The innocent carrier defence under teh e-Commerce Directive is a double edged sword. The carrier ceases to be innocent if it fails to act on reasonable evidence of activities in breach of its own terms and conditions. Is the solution criminal law (with the burden of proof beyond reasonable doubt and all the overheads of internatioal co-ordination), civil law (using a mix of tort and contract to extract co-operation from all in the ISP supply chain lest they be liable for damages) or a mix of the two?

Hence my previous blog and belief that rabbiting on about data breach notification is just blether, compared to action on Internet addressing, e.g. cleaning up .uk,  because "real" action will not happen until a series of successful US class actions for damages reveals the liabilities incurred by those domain name registrars and ISPs whose services are disproportionately used by criminals because of laxity or their verification processes (if any).

At that point we might well see the addressing vulnerabilities that facilititate criminal (and military and espionage) anonymity start to evaporate: as that which is said to be impossible or impractical suddenly becomes routine practice. That prospect is likely to fill both the cyberwarfare and civil liberties communities with horror. Hence the need for well informed and balanced debate and scrutiny, like that being organised via the Digital Policy Alliance.

Can Big Data help balance the Budget?

| No Comments
| More
I have been quite scathing about the quality of government data and the need for action to improve the information management and analysis skills of those who seek to use it for decision taking. That does not, however, excuse the routine failure to even try to use the data we already have to better inform decision decision taking - including to help persuade the rest of the world that HMG is serious about getting public finances under control and to persuade the majority of voters that it is it serious about cutting fraud and waste before cutting services.

One example is the muddled debate about whether immigrants contribute to or detract from the national ability to create wealth. The overall figures may be in doubt but we have some clear evidence about which nationalities and types of immigrant are likely to contribute and which are not. The table of page 5 of ONS Social Trend 41 Income and Wealth [it appears imposible to insert a link to the downloadable file, so you will have to Google it yourself], may be out of date but gives a clear indication of the analyses that should be conducted in order to identity with which nations we might wish to establish fast track visa routines for businessmen, students and tourists: e.g. India and China.

Of course we will also need to look at the small print of the routines but we have some good models in those used for visitors to the Olympics (Beijing as well as London) and those used by overseas nations (from Australia to Canada and Hong Kong to Dubai) to attract wealth creators, including genuine tourists, skilled workers and career-motivated or creative students, while detering those they do not want. Part of the solution is not to rely on easily fabricated credentials (e.g. those certifying IT skills in short supply) but to copy the centuries-old approach of international traders to verifying the identities and credentials of those they have never met: essentially chains of references with each trusted link accepting responsibility and liability (with insurable guarantees) for their recommendations. The routines have, of course, had "on-line support", by telegraph, telex, EDI and now the Internet, for over 150 years.

Another example is the linked debate as to whether NHS crisis in London is caused by immigrants and health tourists (as much as by incontinent PFIs, on which I plan to blog separately).

A thought provoking Spectator article on the NHS crisis was followed by the firefight among commentators which triggered this blog entry. Readers of the comments will note my own cupfulls of petrol commenting on the apparent difference between the supposed law and supposed common practice and asking which Minister(s) might be responsible for producing the evidence for both and then organising the action necessary to reconcile them.

This leads me to the black hole of information non-exchange between the Home Office, DWP, HMRC and NHS where there are truly massive potential improvements in service and reductions in cost (including fraud) from using the data matching techniques used by the banks and commercial Identity Management (alias credit reference) and market segmentation (alias Identity collation) operations.

It does not need investment in comprehensive ID systems to produce the data necessary to produce simple predictive measures as to whether a benefits or tax credits claimant is unlikely to be fraudulent or a potential patient is likely to be UK citizen or resident entitled to free treatment  Given that some of the credit reference operations are global that may well allow for the majority, including genuine overseas students, tourists or workers seeking treatment on the NHS, to be fast tracked. Those who then try to browbeat GPs or Clinicians into given them free care iwthout evidence of entitlement or genuine emergency need can be given the third most common excuse for poor service: computer says no. [I have seen no reliable data but anecdotal evidence appears to shoe that this has not yet overtaken "Health and Safety, or Data Protection, provided you exclude refused credit and debit cards from the equation]. That leaves the interesting question as to which airline(s) are likely to bring in those already in predictable emergency need and how their passengers should be scanned at Heathrow and charges levied on the carrier if they have not examined evidence of the funds (or insurance) to pay. 

It does need the disciplines which the late Donald Michie called "knowledge refining" and are now routinely used across financial services, on-line marketing as well as by ISP for the fine turing of their servies and by consultancies like Oxford Analytica for a wide variety of commercial clients. I will not repeat in detail the arguments for using Donald's approach which I gave in one of my earlier blogs on why they should be used to reduce the cost and risk of the DWP Universal Credit programme 

I will merely say that the approach should be used much more widely to aid rational debate on, for example, taxation changes will raise more revenue or merely drive business off-shore.

Will returning business rates to local authorities and restoring the historic link with local property values (collapsing in some areas and rising in others) result in a restoration of local enterprise and a rebalancing of the economy?

How much would it really cost/raise if we were to add new Community Charge bands J to N covering properties up to £1 million and to value those which last changed hands for over £million at the price paid or probate or other independent valuation if it was not an open market sale?   

What are the "real" marginal tax rates (including withdrawal of benefits or tax credits) paid by how many (businesses, large and small as well as by individuals) and how would proposed changes effect these, encouraging and attracting creators, or driving them off shore?

Will the EU Cybersecurity Directive do more good than harm?

| No Comments
| More
Cybersecurity is fashionable. Everyone must have an initiative: from the dozens of fragmented and competing schemes across the tribes of Whitehall, Washington or the Berlaymont , through the IGF and ITU, to the World Economic Forum at Davos. There may now be more international cyber co-ordinating initiatives than there are global criminal networks exploiting the chaos. The initiatives may all have admirable objectives but how many actually do any good? More importantly, how many of them actually do harm, by adding layers of regulation, reporting and delay that get in the way of removing vulnerabilities and taking out predators. The EU economy is already shrinking as wealth creating business is driven offshore by over-regulation and over-taxation. Do we really want to accelerate that process, driven by tick box compliance with regulations that may actually make us less safe?   

The EU Commission has very worthy objectives. But the plans, such as for reporting breaches, appear equivalent to using the 1896 infantry manual to train Kitchener's Volunteers for the battle of the Somme. The reason given in 1916 was that the 1911 manual, with its instructions on how to attack entrenched positions with machine gun emplacements, was "too complicated". The reason today appears to be that EU officials have collated the views of regulators, of compliance officers and of consultants who are not working to help protect paying customers against current and emerging threats. Stewart Room has tried to put the initiatives into business perspective for Computer Weekly readers but like the EU Impact assessment, he misses the impact of the directive in driving offshore those who are serious about the security of their organisations and that of their customers. It is not just the cost of compliance but the vulnerabilities that this can open up, from the ability of compliance officers and regulators to cross the Chinese Walls that protect aainst insider fraud, to requirements to share information with agencies who are not seen as trustworthy. The latter might well include the national intelligence agencies, who Ross Anderson, in a thoughtful piece on the proposals, regards as even more untrustworthy. In this case I partially agree, given the intimate links, between them and the cyberwarfare operations of the nation states.

The Russians showed the vulnerability of Internet-based systems in 2007, when they took out the Estonian economy and agian in 2008, when they took out the US supplied Georgian air defence system. Then the US thought it would be a good idea to take-out the Iranian centrifuges with a computer virus (Stuxnet). They delayed the programme by three months. They also appear to have legimitised cyberwarfare: leading to plague of attacks that is variously blamed on China, Russia, Iran, Israel, Terrorists and Organised Crime. Hence the desire for a global convention to prevent these escalating into World War 2 by mistake. Hence also the UK £650, most of it to expand our military cyberware and surveillance capabilities, and the current lobbying for more.  

Effective action to reduce the vulnerabilities (from insecure internet addressing routines to vulnerable operating systems and browsers) that enable those attacks could cripple cyber warfare capabilities on all sides. That is why governments prefer to let the snake oil salesmen promote awareness exercises to sell us extra layers of expensive monitoring, blocking and consultancy products and services which will make us feel better while not significantly improving our security - or impeding their cyberwarfare games.

Security vendors and regulators, for whom govenrment is a major customer, say the answer is to spend more on security and regulation and to co-operate in organising awareness campaigns to persuade others to do so as well. But where is the practical advice on what to do if victimised because mainstream anti-malware products have failed to protect? The inability to find anyone to report the problem to, let alone to get help from, merely increases the paranoia of those who watch the awareness videos

Attack is often the best form of defence but the idea of working together to track and trace common predators, using civil law (tort and contract) to coerce co-operation from those whose services they use, appears taboo. It smacks of "private justice" and "vigilantism". The costs incurred by those who have to reimburse the victims of on-line banking scams (UK law is different to that of the US), are now rising sharply. But those costs are still probably less than the cost if the public loses confidence in the on-line world.

We spend £billions on ineffective Information Security which is commonly bypassed with insider help if we are believed to have data worth copying or funds worth stealing.  Meanwhile the budgets available to help enforce criminal law can be measured in "£millions.

We need to change the balance of effort and bring the banks and financial institutions alongside on-line retailers and transaction and communications service providers and law enforcement to create the frameworks necessary for effective co-operation to not only protect themselves and their customers but to take out the predators, wherever they are located, using whatever mix of civil and criminal law is most effective.

We also have to recognise that this will expose the schizophrenia of governments ("ours" as well as "theirs"), split between those who concern is crime preventation and those whose concern is with cyberwarfare and surveillance. But, as I have blogged elsewhere, that split goes back several millennia anyway.

First, however, we should seek to bring the indigenous (i.e. UK and EU) players together, via groups like the Digital Policy Alliance, working in co-operation with PICTFOR in the UK and the EIF in Brussels, to help politicians "scrutinise" the small print in proposals, like the Directive (and the accompanying regulations to strengthen the position of ENISA and EUROPOL), to ensure that they really do do more good than harm.

Otherwise yet more of our e-Commerce will go off-shore to those based in the US or Far East.

I emphasise the indigenous players because many of those based outside the UK currently have a win-win situation. They can work alongside their customers to help oppose that which would make the EU less competitive while also benefiting if they fail and their home markets and their customers elsewhere benefit. It is good when they help - but they have less "skin in the game" and we should not take their help for granted.

Enhanced by Zemanta

By targeting women you also get more productive men

| No Comments
| More
I have just read the latest entry on WITSEND but my attempt to post a comment failed. The problem Kayleigh Bateman raises regarding accusations of feminism is not new. My prime qualification for helping organise the Women into IT Campaign in the late 1980s (the one that temporarily lifted the ratio of girls applying to do computer science from 12% and falling to 27% and rising) was that no-one could point to me and say, "Well she would say that".

My core message was "You get a better women for your money because those who make it against all the discrimination are, person for person, more motivated and loyal and you pay less for them."  It was as provocative and politically incorrect then as it is now. But it worked.  Employers started listening to how they could attract and retain more women. Some even started taking their career progressions more seriously. Others discovered that offering flexible working arrangements also helped retain some of the men they were most scared of losing.

Unfortunately the Foundation that ran the campaign had to be closed down before the trustees became personally liable when DESc slashed funding for mainstream careers advice services, both for schools and for women returners. This led to an overload on the WIT advisory services which industry felt should be funded from their taxes. Employers were happy to pay for events and careers materials but not to make up short-falls caused by government cuts. Plus ca change ....

I particularly remember an academic (now a leading light in the industry) lamenting that she had only 8% girls on her course. She feared wipe-put. She then added that, looking at the men on the course, it was not surprising. The girls come for interview, took one look at the boys on the previous course and went elsewhere.

A core finding from that campaign was that when employers changed their recruitment messages to emphasise the use of IT to benefit users and society they not only got more women applying, they also got a better quality of man. That is if you measured "quality" as avoiding conflict and delivering what users want, to time and budget - instead of spending time winning avoidable contractual or technical fire fights over who was to blame for problems. Unfortunately it was (and still is) those who win such battles, however unnecessary, who tend to get promoted. Hence the poor value for money that users so often get.  

Hence also, in my opinion, the "real" case for getting more women into IT and then promoting them to take charge of critical projects and change programmes - even if, or rather because, they often do IT very differently. Vive la difference.  But then I am not a feminist. I just regard discrimination and the failure to properly exploit the skills and aptitudes of half the human race as bad (as in stupid) business and professional practice.    

Justice in the Internet Age: The Questions asked by the Pryce Jury

| No Comments
| More
Further to my previous blog on Justice in the Internet Age , the questions asked by the Jury in Pryce case indicate that a Saxon style investigative jury would have discovered the strength of the case against her in a fraction of the time and cost - especially if it too had been eight women and four men. I suspect their concern over agreeing a verdict result more from concern that she might be send to jail because she was guilty of being angry at the time but only going public after the divorce. Given the build up to the case it would require a jury drawn from that 20% of the public who have not used the Internet for them not to have been influenced by on-line speculation before the trial started.

The retrial may well be a watershed in the future of trial by Jury in the Internet Age.   

4G operators free to spend more on services and less on spectrum

| No Comments
| More
I am delighted with the news that the mobile operators will be able to spend more service and less on buying the privilege of investing £billions to help economic recovery by building a 21st Century infrastructure. BT's attempt to buy their way back into mobile makes far more sense than their attempts to build a content business. I do, however, sympathise with those who want better 2G and 3G cover first. 
Enhanced by Zemanta

What is the traditional telco model that is in "end game"?

| No Comments
| More
I was intrigued by a recent entry in BrokenTelephon3 which talked of "the end game for the traditional telco model". It was followed by comments attacking Ian Grant for confusingly juxtaposing disparate developments, much as I am wont to do myself. The "games" are changing but I was unclear which "model" was coming to an end.

I recently blogged on BT's latest attempt to diversify into content distribution. I am still unclear whether this is driven by greed or fear. Does BT believe it learned something from running the communications operations for the Olympics that will enable it to succeed against Sky. Or does it fear that Liberty-Virgin, Vodafone-C&W, Clan Macquarrie (Arqiva, City Fibre and the other siblings and cousins) and others will invade its "traditional" communications utility markets and cream off its leased line and business revenues (including the carriage of traffic for content publishers and entertainment operations) and it therefore needs to build up direct consumer revenue streams covering more than just the "connection".

The UK communications infrastructure (wayleaves, ducts, poles, cables and switches) has a heterogeneous ownership structure as well a complex set of architectures, let alone technologies. Like the Internet that rests on top of it, it is a network of networks. BT's last attempt to re-engineer those parts of the infrastructure that it manages (albeit does not always own) was interupted by local loop unbundling. It is trying again. BT's great strength in the past was its understanding of how to run build and run complicated communications networks. To date it has been no more successful in its attempts to diversify than other former telcos (like AT&T, Deutsche Telecom, France Telecom etc.). Hence the lack of enthusiasm of City Analysts for its latest attempt to take Sky head on.  

There is an interesting political conundrum.

Is the UK is better served by encouraging BT to put more effort into upgrading the UK communications infrastructure - for others to use to make money?

Or should it accept that BT management believes it has learned sufficient to give a better return to shareholders from diversifying into publishing sports content than from further increasing its investment into building and running the high-resilience 21st century communications infrastructure on which society will increasingly depend.

If HMG accepts that BT is going to diversify away from being a communications infrastructure operator, should it give greater encouragement to those who believe it is making a mistake and this is an attractive market to them - even if that means Treasury may have to bail out the pre-privatisation pensioners if BT's diversification attempts fail again.

This is not, however, a winner takes all race. As a private investor I have spread my money over a number of horses running different races on the same course at the same time. I have done quite nicely from buying BT shares shortly before the recent price rise, but suspect I may get a better long term return from the money I put into B4RN at about the same time. I also have shares in Sky and Vodafone.

However, I would really like to be able to invest in more operations like B4RN, because I believe that a mix of local shared infrastructure utilities and global operators may well be a safer and more profitable long term investment than companies fighting for a share of national or regional entertainment budgets. That is, provided the local operators build and run to international, any-to-any,  inter-operability standards, thus allowing their subscribers to also access any of the many competing local and global content services. Such an approach also makes it easier for those which fail to be taken over and run by others. 

I believe that bringing about and preserving that competitive market should be a prime focus of DCMS and Ofcom and that local authorities should be enabled and encouraged to do whatever is necessary to bring their communities on-line - including via municipal enterprise, mutuals, co-partnerships and co-operatives where this makes economic sense.

Is that an "end game" or a call to revert to the Victorian values and business models which created many of the shared infrastructure networks on which we are still building today. Let us also remember that Capitalism is a Marxist shiboleth. It had no place in The Wealth of Nations and in Victorian times the joint stock company was only one among a wide variety of investment vehicles.       

BT planning to buy EPSN from Disney: what does that say about UK Broadband Policy?

| No Comments
| More

This morning I received a note from my stockbroker relaying the FT report that BT is in talks with Disney's ESPN unit to acquire its UK broadcast rights, as ESPN seeks to exit the market. This would include live rights for certain FA Cup, Bundesliga and Europa League football matches, which would supplement its Premier League rights package of 32 matches. ESPN also holds a number of rights for Major League Baseball and the NHL ice hockey league. The note added that given "BSkyB holds a number of significant sports rights packages until around 2016, a successful acquisition of ESPN's rights by BT is not expected to significantly improve its competitive position."

What is it that BT knows that Disney does not? Or is that BT management finds running a UK based broadband utility too unprofitable or boring and would prefer to invest shareholders funds on trying to turn round a struggling content business? 

If so, why is it fighting so hard to prevent others, from local community groups to Birmingham Council, from doing the boring grunt work of laying fibre?


Enhanced by Zemanta

Justice in the Internet Age: has trial by Ordeal passed its sell by date?

| No Comments
| More
The recent suicide of a victim while the Jury was deliberating helps add perspective to the recent debate on whether "Trial by Google"  is "a risk to the Jury system". The opportunity should be used to facilitate a rebalancing of justice. Should we not return to something more akin to a Saxon investigative Jury seeking to understand what happened, followed by trial of the accused, not the victims, by Ordeal? Justice is all too often not served by the modern compromise, whereby the victim suffers the ordeal, as part of a ritual trial by battle (albeit the champions use words and obfuscation instead of swords and shields) during which the jury is drip fed only that information which legal protocol permits.   

Why should Counsel be permitted to google Jurors in order to adjust arguments to their prejudices (as revealed by their on-line habits) while Jurors are not permitted to go on-line to find out what is being hidden from them? Why should the scales of justice be so heavily weighted on the side of the accused long after the death penalty, corporal punishment and even penal servitude have been abolished?

My doctor assumes that I have Googled my symptoms and asks what I think I have got, as well as what I looked at, before he or she questions me. So too should Judges and Counsel ask Juries what they have found on the Internet and help them evaluate all the evidence, not just that subset which fits the case for the prosecution or that for the defence, as part of a set of rituals that has developed in response to flaws in the justice system in the period portrayed by  Garrow's Law : when those found guilty could suffer death or transportation for even minor offences.    

The Attorney General is correct to say that "Trial by Google" threatens to undermine the integrity of the current British jury system. He also asks good questions:"What does the Internet mean for our system of trial by jury? Is the trial process equipped, or even able, to regulate the information that jurors receive? How can we be sure that jurors decide their cases on the basis of the evidence they hear - and not what they looked up on their smart phones on the bus on the way to court?".

Some of his concerns are also valid: "The internet is a haystack of material, scattered with the odd prejudicial needle, as it were. Trial by Google allows a juror to locate the haystack, find the needle, pull it out and ascribe significance to it that it simply would never have had otherwise. It takes a minor risk and turns it into a major risk."

But the "fundamental principle of our legal system" which "Trial by Google" offends has been questioned by many generations of Jurors, albeit in private, because most take the secrecy of the Jury room as seriously as the alumni of Bletchley Park took their commitments. Many of those who have acquited defendents of heinous crimes, only to learn afterwards of track records which showed that they were indeed capable of that which was being denied, have severe reservations over the principle "that a conviction, or for that matter an acquittal, should be based on evidence adduced in court, in accordance with established rules of evidence, subject to the supervision of the judge."

That principle is not quite the same as the principle of open justice: "it should be clear to the defendant, the public, the victim and the prosecution what the evidence in the case is. If a jury is exposed to prejudicial material which, for whatever reason, is not before the court, the basis on which the defendant is convicted or acquitted will never be known." 

It could be argued that instead of expecting jurors to show restraint, they should be expected to declare what they found over the Internet so that it too is before the Court. Arguments over how that evidence should be evaluated could then be conducted in front of the jury. This would almost certainly lead to major changes in behaviour on the part of police, prosecuitors and defendents. These could well lead to fewer cases going to trial and a sharp drop in earnings for Counsel and employment opportunities for Judges, as more defendents plead guilty. MIght it also lead to a safer and most just society? 

Dominic Grieve is correct to say that "the internet has made the commission of many criminal offences much easier". But the way forward is surely to use the Internet to make it easier to convict the guilty without subjecting victims to unnecessary torment.

Seeking to prevent Juries from using the Internet is pissing in the wind.

I admit that working out how to guide their use of the Internet will be an "interesting" exercise.  I also suspect I would be in favour of draconian penalities for those publicising falsehoods outside the Courts with the aim of influencing juries. Telling lies in Court, alongside economy with the truth, is, sadly, part of the rituals that cause so many victims to suffer in silence rather than report crime to our injustice system.  

How do we rebuild confidence in digital data (Big or Little) without trusted physical inspection

| No Comments
| More
The discussion this morning on the Today Programme between Deborah Hallett from 90% and Lord Haskins, former chairman of Northern Foods illustrated why the public should not trust what the food they buy from those who rely on purely electronic data as to what is happening in their supply chains.

Without reports of physical inspections by those who can be trusted, which may well be sent electronically, (provided the authentication is fit for purpose), we can have no more confidence in what is claimed with regard to contents of our beefburgers than in claims about the  performance of our hospitals.

We see trust in traditional brands being destroyed as they are sold to "front" cost-cutting, outsourced operations with tick box, contractual controls (which may bear little or no relation to reality) at the same time as we are expected to trust new brands on the basis of Internet ratings which may have been generated by a botnet.

Who is serious about wishing to rebuild trust in the on-line world, as opposed to herding the sheep on-line to be fleeced? It is now over two years since I started blogging on this topic.

We appear to have over twenty Universities interested in participating in a competition for Masters' Dissertations on how to improve confidence in on-line products and services.

Now comes the interesting task of turning industry interest into active sponsorship.

The first to agree a budget has an unashamed objective of trawling the entries for interesting recruits to help improve the security of its product lines. It will be more than happy for its support to be announced when we go public (on March 10th).

The second, who will wish to remain anonymous lest they become a target for attack, is looking for credible answers that it can support with practical action.

The third, which has yet to agree a budget, has unashamed marketing objectives behind a mask of corporate social responsibility.

But the problem is not confined to the private sector.

Until we have restored confidence in public sector data any wet dreams of digital by default will remain just that.

On Friday I was discussing some of the implications this has for the long overdue plans for overhauling our information security skills frameworks, including to improve accuracy, reliability and resilience - not just to preserve cybercrud in aspic.

I am reasonably optimistic that the plans likely to be announced in a couple of weeks time will get a positive rsponses from private sector employers. But will the public sector follow suite?  How do we engineer the political pressures to ensure that it does so, without further damaging confidence? Or is further loss of confidence inevitable and a price worth paying in the longer term?

Is the ITU set to take control of the Internet from US lawyers and give it to global users?

| No Comments
| More
This morning I received an FIPR alert on the "Continuing Meltdown at the ITU". I read it. Re-read it. Then looked at who actually signed the Treaty and who did not . The signatories represented 50% more of the world's population than did the refuseniks - some of whom, like the US,  allegedly had rather different motives that those claimed. More interestingly those who signed  may also, already, represent more Internet users than those who did not. The litmus test for the future of the Internet is probably Brazil which the ITU thinks signed (alongside Korea and Singapore), while others think it did not.    

Meanwhile the US and UK have their own plans for monitoring everything that moves over the net, whether on grounds of national security security, to "improve" service or to sell advertising. Talks or pots and kettles.

Where do the plans for an EU Cyber Security Directive fit? Will they do more good than harm, with (for example) calls for ever more comprehensive breach notification at a time where security experts tell us to assume that everything is already compromised? The headline objectives in the strategy are admirable but the impact assessment (see here for detail) makes no mention of the risk that Internet hubs will be moved off-shore to escape the tick box compliance routines, overheads and added insecurity that EU and national regulators are likely to mandate, unless users as well as suppliers come to together in an unprecedented pan-EU coalition to impose common sense when it comes to implementation.

I have blogged before of my fears that at the WCIT event in Dubai we won the battle but lost the war. It looks as though we may actually be about to turn victory into defeat even faster than I feared.

A more interesting question is whether we deserve to win - given that "we" is an odd alliance, including US IPR lawyers, Californian libertarians, Western liberals, Post Cold War defence interests and those whose business models are based on selling advertising to those using an outdated IPV4, English language world of computers talking to computers over landlines. 


Is BT now a takeover target? If not, why not?

| No Comments
| More
In the course of one of my recent blog entries I contrasted the BT claim (at a PICTFOR meeting) that it was not a utility but a new and innovative business with an investment analysts comment that it was "a profitable infrastucture construction and management business being milked by an eclectic mix of unprofitable add-ons ... [and] ...a legacy pension fund"  and should be valued as a break-up target. It may have been that analysis that lies behind the recent sharp rise in the BT share price.

The Liberty take-over bid values Virgin at £15 billion (albeit getting cheaper as sterling slides). BT's market capitalisation, even after the recent share rise, is barely 50% more. Will we soon see a bid from AT&T or Verizon to counter Liberty's creation of a global ubiquitous broadband operator occupying the space denied to News International when the News of the World fiasco blocked their planned swoop on Cable & Wireless? If not, will it be because potential bidders perceive too many poison pills linked to the pension funds and BT's position as part of the UK critical national infrastructure (including defence and surveillance)? 

Either way, the Liberty take-over should cause us to take a new look at the UK Broadband and Communications markets (business as well as entertainment) - as seen through market eyes - rather than the current mix of regulatory myopia and political tunnel vision. 
Enhanced by Zemanta

Millions of lives blighted by toxic Big Data

| No Comments
| More
Big Data and Open Data are fashionable. Collecting and collating large volumes of data for some-one (medical researchers, the security services or sometimes even the general public) to share, search or analyse, will help us find the answer - whatever the problem. Yesterday at an excellent ISSA conference I listened to Eddie Shwartz (VP and CISO of RSA) talk about combatting furture cyber threats with Big Data transformation. He used the Wikipaedia definition of Big Data and began, after commending Nate Silvers' book. The Signal and the Noise, with a few cautions which I summarise and interpret below:

  • Big Data without an architectural strategy and roadmap is stupid
  • Big Data without intelligence (in all its meanings) is stupid
  • Big Data without analytics (including skilled people to use the tools)
  • Big Data without committed multi-year funding is stupid
I note that HMG plans to fund research into Big Data and there is most timely e-Skills-SAS report on the skills that will be needed by a predicted 28,000 Big Data technical staff. Eddie, however, made the point that making sense of Big Data requires a cadre of highly skilled  quants to focus the efforts of those involved. The rcent banking crisis was, however, brought to use by the undisciplined relience on quants, without understanding what they do and the meaning of what they had produce. The quants analysed what was happening . Some of their clients used their analyses to make fortunes with their own money. Others used them to sell complex gambling packages (alias derivative based products under a variety of guises, from packages of toxic mortgages to "insurance" against interest rate rises) to naive customers and cost the latter (and the banks, taxpayers and us) even bigger more.

My core point is that "Big Data" , however it is used, is lethal in the hands of those who do not understand its provenance and the meaning behind the analysis. Thirty years ago, (after the conclusion of the Water Industry Change Programme), ICL did not know what to do with me and I was "parked" for the best part of a year in what was left of the old English Electric Management Science Team. My job title was "Public Sector Financial Modelling Consultant".  I was the tyro acting as buffer between a handful of world-class statisticians (we did not use the word quant in those days) who had honed their skills in military operational research and intelligence. They politely bludgeoned into me, [with examples from military catastrophes, product failures and marketing blunders], the message that I should not believe the analysis, however statistically reliable, until I had not only worked out the likely causitive mechanism, but tested it.

This leads me to the message that much public sector "big data" is as vulnerable to systemic distortion as that which was used to set Libor. The reason is that the providers know it will be used to set targets and allocate resources, perhaps even to set their own pay and bonuses.

An obvious example is crime reporting, where the public no longer believe the figures because they know just how difficult it has become to report a crime and how little will be done if you do. Therefore the proportion reported has fallen away sharply, even in locations where reporting does not render you and your family liable to reprisals. The Cabinet Office may boast of the value of Crime Maps as an example of the imaginative use of public sector data, but I recently looked at that for our local area. It was as the local estate agents would wish: almost crime free. Yet a busy century old bank branch was recently closed because staff would no longer work there and my wife expects an escort if she has to go shopping at that end of the high street in the late afternoon.

I do hope that, in its forward plans to look at some of the issues around making effective use of Big Data, the Digital Policy Alliance will also build on the work of EURIM Information Governance Group in looking at the issues of data quality from the original round table organised in co-operation with the Audit  Commission ,"Uncovering the truth: using information to deliver more for less"  to the most recent report in produced in co-operation with CILIP and the Consultation Institute "Improving the Evidence Base: the Quality of Information .

I will blog separately on the opportunities that insecure Big Data gives to organised crime. But in the mean time I find the routine use of Big Data technology by those tracking our on-line behaviour, (whether to "improve service", target advertising, sell to others or ...) even more chilling. I commend the TED Talk used by Gary Kovaks to launch the "Collusion" add-on to Firefox.  When I showed it to my son he reminded me that "If is free, YOU are the product". Yesterday he sent me a link to an article on Silent Circle the latest attempt to help us fight back against the surveillance society. I sent him a link to Scrambls which enables you to encrypt your Facebook page so that tools like Graph Search cannot be used so easily by stalkers and fraudsters to track your conversations.

In conclusion - I support Big Data in much the same way as I support Nuclear Power. It can be a great force for good but .... 

Hence the headline.

The Midsomer Broadband Murders were only the start of the slaughter.

| No Comments
| More
A couple of weeks ago I blogged on "Midsomers Murders: The Broadband Killings" . On Monday at the PICTFOR Broadband meeting one point of  agreement between the dominant players (BT, EE and Vodafone) and their innovative competitors was the need to "reform" planning procedures. The following day I received an e-mail from DCMS on their consultation on"Proposed changes to siting requirements for broadband cabinets and overhead lines to facilitate the deployment of superfast broadband networks", together with  the related Impact Assessment  (Annex A). Today the Daily Telegraph put that consultation into NIMBY context, juxtaposed with a story which tells how to fell a Windmill .

The deadline for responses to the DCMS consultation is 13 March 2013. Please send email responses to:  fixedbbconsult@culture.gsi.gov.uk  If you live in a not spot and would like to submit a hard copy response, please write to: Sean Kenny, Broadband Policy Team, Department for Culture, Media and Sport, 2-4 Cockspur Street, London SW1Y 5DH.

Let battle commence. But tht is not the only set of battles ahead.

At the PICTFOR meeting Rory Stewart MP referred, however, to the comparative ease with which bottom-up community broadband initiatives have obtained local support for planning applications under existing law. I was also intrigued to learn that BT does not regard itself as a utility but as a supplier of innovative products and services. Nonetheless it is firmly opposed to Local Government initiatives to provide dark fibre utility networks (as in Birmingham) to enable local businesses to have affordable access to world class high speed symetric communications that might compete with its leased line business.

I suspect that BT's receipt of state aid funding for rural broadband (see here for full details) might well be open to better founded challenge (from a wide variety of players, from local fibre networks or wireless operators to Sky or Vodafone) were they less community minded. However, we are more likely to see a much bloodier battle over the provision of business connectivity to enable our major cities and industrial centres, like Birmingham, Bristol, Leeds, Manchester or Newcastle to compete with Shoreditch for the jobs of the future.  

I recently read an investment analysts report which described BT as a profitable infrastructure construction and management business that was being milked (both funds and management attention) by a eclectic mix of unprofitable add-ons, from Content and Internet Service Provision to Systems Integration - as well as by a legacy pension fund which Treasury had no intention of bailing out, save with regard to its legal obligations to pre-privatisation pensioners.

He made a compelling case for a share valuation based on selling off the dross (including the football rights on which they has already commited three times as much as towards the BDUK rural broadband programme) and going for a rights issue to fund a much more ambitious infrastructure investment programme. His point was that BT had only a limited window of opportunity to pre-empt the infrastructure investment plans of Arqiva, of the Mobile Operators and (perhaps) of Sky for a world of ubiquitous connectivity supporting the Internet of Things, with Smart Grids, Smart Buildings, Smart Cities and a mobile teleworking workforce, with each worker each supported by at least as much two-way bandwidth as a teenager can consume during a multi-participant video gossip.

My fear is that he is wrong - and the UK will be condemned to be an information sink, not a source, in the Global Information Society because we have failed to make it attractive enough for others (i.e. not just BT but most definitely including BT) to invest in giving our communities "real" access to the markets of the future.

In the 18th and 19th Centuries Birmingham, particularly Digbeth and the Jewelry Quarter, was at the heart of the UK's communications infrastructure, from canals through to railways to the ports of Bristol, Liverpool, Newcastle and Southampton as well as to London. The failure of BT and Virgin to give them similar global connectivity today is bad enough, to prevent others from doing so is .....    

About this Archive

This page is an archive of entries from February 2013 listed from newest to oldest.

January 2013 is the previous archive.

March 2013 is the next archive.

Find recent content on the main index or look in the archives to find all content.


Recent Comments

Mike Kiely on How rural is Shoreditch, ... : Currently Ofcom are proving very slow to consider ...


-- Advertisement --