"It's Ours: why we, not the government, must own our own data" an excellent paper from the Centre for Policy Studies has moved the debate on.
]]> Among the papers for release at the same time as the announcement of the new Government Security Strategy, including Cybersecurity, was supposedly an excellent paper encapsulating the latest policy on identity management, "Safeguarding your Identity", including the information assurance principles to be followed.I was only able to skim a copy supposedly given out at a briefing on the morning of the release. It was an excellent summary of good practice in Federated Identity Management and showed a refreshing recognition of the realities of working across the silos of Central Government. It recognised what has been inevitable since the breakdown of attempts to acheive concensus on centralised systems, whether run by the Office of National Statistics, Home Office, IPS or DWP. It does, however, require mindset transplants on the part of those who persist in ignoring political, economic and technical reality, let alone professional good practice.
Unfortunately I was not allowed to keep the copy I was shown. Worse, it does not yet appear on any website. Nonetheless, I look forward to giving an unequivocal welcome to an HMG paper on identity management.
Meanwhile, the CPS paper raises the question of why such systems should be run by government at all.
It is a great read, although I am not sure I would like my medical records held in the Cloud by Google Health or Microsoft any more than on the leaky and unreliable databases of the current outsource suppliers to the NHS.
However I would like the choice.
More-over I might be willing to trust BUPA or Experian - especially if I did not have to trust the security of a call centre or help desk in Bangalore or the receptionist in my local GP practice or hospital and knew that my data could not be accessed by the UK or US Governments under surveillance powers other than through the Courts - rackety though the latter might be.
More-over I greatly like the idea of organising low cost, high quality public services as simple add-ons to existing secure, high resilience, industry databases - in the way that DVLA on-line driving license renewal service does. I find it interesting that so many are happy to talk about the success of that service but not about how little it cost, let alone why it was so cheap.
P.S. Monday 17.15 I have just been given a link to the notice launching the new "Safeguarding Your Identity" strategy. Do read and enjoy.
]]>
Unfortunately I will not have to eat my hat.
We will indeed have to wait for the brains behind Google to appreciate the self-defeating nature of proposals to tax the users of infrastructures that are not fit for a world of Cloud computing. These will almost certainly delay rather than expedite the change necessary for us all to benefit from the success of Google and its competitors.
A couple of hundred million here or there is a drop in the bucket compared to the £3.4 billion and rising revenues of the UK pay-per-click advertising market for which Google is the gatekeeper. These are growing strongly, despite recession and are expected to overtake TV advertising this year.
But that entire industry, as well as the related aspirations of Cloud computing depend on ubiquitous access to properly resilient networks. During the heavy snow earlier this year mobile networks were going off air inside an hour of the mains power cut - as opposed to surviving 4 - 8 hours on the battery back up to the local masts. Its not just during an emergency like the 7/7 bombings that mobile gets overloaded. There are commonly blackspots around any motorway crash as those stuck in the queues ring home or try to catch up with their workload over mobile broadband.
At this point you should read and re-read the sections of the Digital Britain report on resilience and security - and be very, very afraid.
Part of the price for the licences for the spectrum to support mobile broadband should be not only a massive expansion in capacity but the provision of local standby power supplies to keep the networks going in the face of power cuts - a reversion to the standards of resilience expected when the Post Office telephone network, the London Underground and many other services had their own power supplies.
Given the increasingly availability of micro-generation and the potential for using satelite broadcast for kickstart alignment and recovery, this need not be that expensive. Some claim it can be consderably cheaper than the estimates currently banded about. Indeed I have heard one claim that migrating the local council, blue light and health networks onto a single highly resilient broadband network (with alternative standby routings and power supplies) would result in a net saving of 50% on their current bills.
Could such an approach be extended to give the whole community world class, secure access to the global information society? That is one of the questions on which I look forward to staging debate as part of EURIM's forward programme for the class of 2010 - the largest ever intake of new MPs.
Such an approach does, however, require innovative thinking.
And Google is clearly much better at that than Whitehall.
That said, do read the full Digital Britain report. It is far more than just a curate' egg: good in parts. It contains much excellent material. Just don't get hung up on the sections that are not so good. Treat these as the start point for looking at better ways forward.
]]>Will hope to make time to blog a wider invitation tomorrow.
]]>It is also the second greatest beneficiary of the always-on, free content, free access, advertising-funded world that most consumers want.
The greatest beneficiary is, of course, the consumer.
When did you last use a search engine other than Google?
The "real" test the Digital Britain Strategy will be in the implementation. Can harness the power of Google to pull through the investment in infrastructure necessary to give us all world-class resilient broadband. It will fail if it does not, because Google now dominates the revenue streams necessary to underpin private sector investment in that infrastructure.
That should entail an economic, fiscal and regulatory framework within which Google makes more money for its shareholders from underpinning infrastructure investment and losing market share to partners who will help carry that cost.
Any other strategy will fail and/or be counter-productive.
And Google is more likely to find the answer than Whitehall.
P.S. I expect much good analysis and many excellent recommendations in the Digital Britain strategy and will look forward to eating my hat if it does indeed contains a credible strategy for working with the Elephant to mutual advantage.
]]>
I am, however, more than a little uncertain as to how such guidance applies to those running/using the world's most widely used personal informaton "management" systems (Bebo, Facebook, Heritage and all the other social and gaming networks, let alone those mining our on-line footprints (from Garlik and Google, through Phorm to RIPA).
I'd love to see a joint BCS/FIPR workshop on how the BCS code and new BS Standard would have applied to the database of MPs expenses.
Hence the importance of the EURIM exercise to generate material for the largest ever intake of new MPs on the issues of Information Governance that they will face after the (r)evolution of 2010 (if not earlier).
I look forward to seeing animations of some of the examples in the BCS code appearing in the entries to the EURIM competition for YouTube material to bring Information Governance, (not just Data Protection) to life.
Do also look out for press releases in this area from the Audit Commission. They have some excellent reports due out shortly that will help add some of the missing dimensions to debate - based on solid research into current practice in the organisations they cover.
]]>
I have blogged before on the need to clean up the domain name system. Since then both ICANN and Nominet have made good progress at international and national levels - but they need your participation and support to complete the job.
Nominet has just embarked on an ambitious consultation exercise.
Purists might quibble that it is not easy to understand what is at stake but if you read my previous blog, follow some of the links, then go onto their consultation website and read between the lines - the penny will drop.
All that is necessary for evil to triumph is that good men do nothing - and that is essentially why we have the current plague of malware, exploiting weaknesses in the governance of the domain name system (both national and international).
All those expensive technobabble retrofixes are so much waste of money unless and until the governance is sorted. Once that is done it becomes possible to reduce the problems to manageable levels at a fraction of the spend current prospect. And at a time of recession that is essential. Until that is done we are fighting a losing battle.
Do read your way into the issues, attend one of the consultation meetings if you can. In any case, do respond to the questionnaire.
Also join Nominet and ICANN and vote.
They are democratic institutions - in other words decisions are taken, for good or ill, by those who join and then turn up and vote
Nominet, like ICANN, is surprisingly cheap to join (not much more than the anti-virus and firewall on a single PC). Any organisation with an on-line presence to protect should join both.
However, in order to avoid then wasting time on issues that are normally can be as exciting as watching paint dry, you then need to co-operate with your peers, perhaps via the relevant working groups of the members of the Information Security Awareness Forum, (ISAF) to understand the issues and, when necessary, participate and vote.
P.S. By copy of this I ask my colleagues on the ISAF co-ordinating committee (next meeting on June 2nd) to consider requesting those they represent to pool their efforts in this space. I also ask those of you who belong to the organisations that co-operate via ISAF to support that request from the other end.
]]>Or will they believe that the time has come to give power back to the people, whether by devolving power to on-line communities (geographic or sectoral) or to the individual (personal choice: real or illusory)?
Some of the candidates standing for election come from within the ICT industry and understand the limitations and fragility of the technologies for which so much is promised (social networking, cloud computing et al) - just as it was for mainframes, timesharing, transaction processing and hierarchical and integrated networks.
Others know only the joys and frustrations of the world-wide wait and services that are always on until society really needs them. Then they collapse with overload or because a single point of failure has been taken out by fire. flood, lightning or simple power failure - no need for terrorist attack when digititis or mother nature does it better..
So who will educate them as to what the technology and its ill-trained and worse disciplined pseudo-professional acolytes can reasonably be expected to deliver?
That "education" process will help determine whether they will wish to use the technology in support of reforming and rejuvenating Central Government or to help devolve power to a mix of Local Government, Municipal Enterprise and Local Co-operatives and Partnerships, driven from the bottom up.
Whichever they choose, the reality will, at best, be a change in the balance of power leading to an evolving set of compromises between Townhall and Whitehall. Meanwhile the pressure to remove at least 20% of Government spend, in order to balance the books let alone repay debt, will lead to the removal of the tiers of unelected quangos - as unpopular and unnecessary overhead
Only three things are certain:
1) Any attempt at comprehensive, centrally directed change will prolong the agony of recession and eventually lead to a reversion to close to the status quo - I graduated in 1968, the year of failed revolutions, having read Crane Brinton's "The Anatomy of Revolution" , having watched and re-watched the great revolutionary training film, "Battle for Algiers" and having had my certainties taken apart by Maurice Cowling with his "vision" of modern British politics as a series of ritual squabbles between semi-hereditary elites, bashing each other over the head with ism's and ologies - whether they believed in them or not.
2) The information used for any attempt at central planning will be as least as partial, distorted and close to worthless, if not positively misleading - as it has been in the past decades of "policy based evidence". I lost faith in Government statistics in 1970 when a much trumpeted "export turn-around". was based on the entire overseas sales of STC's Microwave and Line Division since start-up being put through in a single month: a colleague had just discovered this was part of his job description. No had done it, or even asked for it, before. Nothing was said when the balance of payments crashed back again the following month.
3) The main battles will be fought on-line. The traditional content controllers (the "dead-tree press", the BBC and Government and Corporate press agencies) will fight the new content controllers (the ISPs and Search Engine providers) for control of the social media channels. These will then be used pro-actively (as by the machine politicans who bankrolled the initial Obama campaign) to manipulate public opinion and provide the illusion of support for the views they wish promoted. Meanwhile the blogogracy and sousveillance community will wage guerilla warfare and achieve as much, or as little, as the French Resistance.
The EURIM Information Governance Competition exercise covered in my last blog on spyware, "How does the Cookie Crumble" is only one of a series of events for the Class of 2010 being organised with a variety of partners.
This afternoon I will be meeting with some of our partners on the event(s) being planned with the Worshipful Company of Information Technologists: "Look before you leap: the politicians guide to picking winners". This will put material on successful, as opposed to failed, systems into political context: cross linking to the best of recent guidance from OCG, BCS, Intellect and others as well as the recent EURIM guide on "Good Practice in Procurement" and "Let the poeple speak", the report from last year's exercise on practical experience with Transformational Government
Last week we had a planning meeting for one of the other exercises: to be built aound the material in the excellent LSE report "The UK's Digital road to Recovery" .
We have also discussed a possible exercise on "Smarter Britain": the innovative use of ICT (e.g. satellite and wireless broadband to rural areas) and demand aggregation to help transform the UK's digital infrastructure at a fraction of the cost/risk envisaged in Lord Carter's Interim Report. But, more importantly this exercise will put the infrastructure investment into the context of the use of ICT, including space technology, to address our terrestrial problems, from flood prevention to energy conservation, at a fraction of the costs that currently put off serious thought about Green Agendas.
The intention is that each of the exercises will be organised by consortia of those who wish to improve mutual understanding between the ICT industry (users as well as suppliers) and those (from whichever traditional or new parties) who are likely to dominate policy formation and implementation after the current dust setttles.
The only requirement of consortium members is that they be willing and able to work together to help organise lively and interesting session which stimulate thought and debate as to what is practical. We do not want the simplistic and patronising messages that are all that most ICT spokesmen can agree on. We don't want agreement - we want those who will air interesting and informative differences in public, in constructive ways, in words the audience can understand.
Please let me know if you organisation would be interested in joining this exercise.
]]>
Public debate on information governance (including the use of monitoring technologies) is about as realistic as that on MPs expenses. How would you feel if your neighbour could google your expense claims? Now think about all those with access to your on-line search and shopping records because you clicked on some unintelligible gobbledeygook. Did the MEPs get it wrong? Or, for once, did they get it right?
You may wrestle with firewalls and anti-virus but do you even think about the governance routines or security standards of the search engines you use, the websites you visit - let alone the social networks to which your children bare their souls or the always-on services to which you subscribe to keep your operating system or security up-to-date.
The Director's Round table on Information Governance organised by EURIM last year raised many difficult issues. Part of the follow up is a competition for succinct material, suitable for YouTube, to explain these: not just in the context of retrofit security, but as part of the basic planning for new databases or integrated systems to support innovative policies or services.
Is the choice really between "Drowning in Data Leaks" and "Death by Data Protection" ?
How can we reconcile calls for "sharing to enable professionals to better co-operate to protect the vulnerable" with calls to oppose the creation of "big-brother honeypot databases"?
Are Internet techies any more, or less, trustworthy than bumbling bureaucrats?
Are websites any more or less trustworthy than call centres?
If cloud computing is the answer, what on earth was the question?
We have dangerously ill-informed and simplistic debates on the issues of information governance that go to the heart of democratic accountability in an Information Society that appears to be increasingly reliant on electronic identities and databases.
How do we protect personal information and yet use it effectively for the benefit of all citizens?
EURIM tasked a sub-group to try to digest the morass of material on information security and data protection and put it into context: governance regimes that promote the provision of information that is fit for purpose, when and where it is needed - as opposed to tick box garbage protection motherhood, routinely ignored or over-ridden by waiver routines and exemptions.
The key is, of course, leadership from the top. That raises the question of how to convey complex messages of effective information governance to those who set the policy frameworks within which our databases, websites and social networks operate - whether public or private sector, under UK, European, US, Chinese, Indian or other jurisdiction.
The group's answer was to invite organisations with key skills and a flair for innovation in delivering a web-based message (suitable for YouTube) to take up this challenge in a competition.
The judges will be drawn from the Class 0f 2010 (the prospective parliamentary candidates standing at the next General Election). The winner will be the one that receives the greatest number of votes, as cast through a web-based voting procedure.
The group attempted to summarise the messages in an animated Powerpoint presentation, a short accompanying supporting text and a suggested voice-over script. Thesel are available on the EURIM website . There you will discover the 7 Information Governance gremlins - 'Iglens' - which the group believes any governance regime must include and manage. You will also find a references to the best of the material found by sub-groups looking at security by design, value, quality, sharing and Identity governance - as well as at information assurance/security and data protection.
Of course you will be able to able to think of better ways than animated powerpoint. But the challenge is not for slogans and partial messages - that would be far too easy. It is to illustrate how complex messages can be conveyed in a balanced way to an audience that is representative of those who will be making the political decisions of the future (the candidates standing in the next election). They will judge which entry does this best.
And the prize is KUDOS: publicity for the skills and imagination of you and your partners.
My deputy, Dave Wright, is a fount of pawky (it is in the dictionary) quotations.
The one he used for this exercise was: "We are continually faced with a series of great opportunities brilliantly disguised as insoluble problems" . John W. Gardner
P.S. I you wish to submit an entry or suggest who should be invited to do so, please e-mail eurim@eurim.org.
2) "Something must be done" politicians and the whole regulatory/compliance industry: for the expensive displacement activities that have drained budgets and resources away from that which might actually address the problems.
3) User, alias victims, for putting up with diabolical quality of service for far too long and not clubbing together to fight their corner.
I have commented before that ICT is unique among industries in passing from adolescence to seniity without passing through maturty.
Twenty five years ago I was acting Vice President Professional when BCS first launched the Professional Development Scheme. I used to lecture on the difference between the world's oldest and newest professions: even the most junior Soho tart could tell you what it would be like, how much it would cost and how long it would take - albeit with both professions you had to take measures to protect yourself against unpleasant consequences.
The oldest profession did not expect you to pay for the invention of new variations, previously unknown to man or beast. Today we see yet another generation of technophiliacs trying to write new ICT Kama Sutras at the expense of their users: as opposed to winning repeat business by giving customer satisfaction.
The current euphoria over cloud computing and "applications as a service" is yet another re-run of the enthusiasms first seen in the early 1970s. It is lethal without serious investment in local, regional, national and international communications resilience, in information security by default and in identity management and governance. None of this has yet moved from talko to action.
The attempt by secondees from well-known consultancies to persuade the Conservative Party to scrap the current public sector IT legacy and start again is similarly poisonous.
It is a rerun of the con-jobs visited on New Labour by a previous generation of similar secondees during the ruin-up to the 1997 election.
[on proof-reading that was such a splendid Freudian slip I felt I had to leave it there]
The state of ICT within the NHS may well be a decade behind where it would have been had the inter-operability stategy of the NHSIA not been scrapped in favour of the grandiose centralisation of the NPfIT - but we are where we are.
The quality of information and identity management (let alone inter-operability and sharing) across central governmant may well be equally behind where it would have been before all the wasted effort on a Nationally Identity Register and/or Card, but once again, we are where we are.
There is plenty of experience of how to turn round bloated, bankrupt, bureaucracies - public or private. Ambitious plans to start again are the way to destruction - not turn-round.
A simple comparison of the world two most bloated private sector empires of the early 1980s makes the point
AT&T was re-organised by every major consultancy in turn until it was finally drained of in-house management talent, enthusiasm and expertise. It no longer exists other than in name.
IBM was forced to return to its roots by a new chief executive who asked old-fashioned questions and enforced equally old fashioned management disciplines from within. It not only survived but is once again a global powerhouse of innovation.
Today the start point of any turn round is all too often a sclerotic and incoherent ICT operation, commonly piggy in the middle between a bunch of inflexible outsource contracts and user enthusiasms for social networking and mobile technologies, rather than focussed on supporting efficient service delivery and operational and tactical decision taking.
[I spent five years as a Corporate Planner and did only three genuine "strategic decision" exercises in that time: none of the information available on our in-house systems was relevant to any of them. However a single tactical decision repaid the cost of re-writing the management accounting system that identified both problem and likely solution].
A common start point for any turn-round is therefore now the ICT budget: starting with a systems audit, done by your own staff, not outside consultants, to identify the systems that no longer give benefit, if they ever did, because the functions they were built to serve are no longer relevant and then moving onto a programme of incremental change, using rapid payback projects to rebuild the skills and profsssionalism of your in-house management - whether to manage in-house operations or outside contracts.
Only after those those skills have been rebuilt and demonstrated will those at the top be able to set about the wider task of re-engineering service delivery in the expectation of success rather than terminal failure.
The result to date may well be savings of up to 70% from overhead budgets that may themselves be 10 - 15% of turnover, in parallel with a sharp rise in perceived quality of service and response to user needs. The team will therefore have earned the track record, respect and confidence needed to set about the next stage.
You may ask: what has this to do with user confidence in the security of the on-line world?
Bolting security onto crap systems results, at best, in a temporary delusion of safety.
No serious progress is possible until the underlying systems have been reformed. This includes people processes operated by individuals you can trust. And staff cannot be trusted until they once again feel secure.
While I have been off sick the EURIM groups working on Public Service Delivery and Information Governance have produced some excellent material, Cynics may say that I should go sick more often. However, that material needs to be viewed in the context of the scale and nature of the crisis of confidence we now face.
The more effective use of ICT will indoubtedly be at the heart of global recovery from the current recession but at the heart will be a return to the basic disciplines of using technology to better support people processes, not a new round of self-delusion
]]>
If organised crime is indeed costing the UK economy over £20 billion a year than at least half of that is almost certainly from the public sector and most of that is now computer-assisted.
What should you do?
Support the petition on the Number Ten Website and then write to your MP.
If you disagree or think this is far too simplistic, please post your comments as to why.
It is simplistic - organising that co-operation is a non-trivial task.
But Whitehall and Westminster need to recognise their responsbilities as victim: bankrolling organised crime, drug trafficking and terrorism.
Their failure to help co-ordinate action, including to recover the losses, costs us all dear.
At a time of recession, falling tax revenues and increasing pressure on public sector spend this should be a no-brainer.
]]>
Law and order was brought to the West by the ex-soldiers hired by Allan Pinkerton to protect railways, banks and other businesses. At its peak the Pinkerton Agency employed more agents than the standing Army of the United States.
I then suggest that, because the Internet is international, a better analogy might be the role of the Royal Navy in suppressing piracy and slavery. But the stories of walking the plank and of marooning come from the practice of letting pirates "swim home" because it was "too complicated" to take them to court for trial.
Today the Chinese devote far more effort to policing the Internet than any other nation while the self-tasking groups of the US NCFTA (National Cyberforensics and Training Alliance) are probably the nearest there is to a global Internet police force.
Most current debate on Internet Crime is dominated by those wishing to frighten users into spending ever more on their often incomprehensible and nearly always semi-incompatible, security products and services. The most common counterpoint comes from those selling security retrofits to prevent the accidental data losses that are inevitable in a world where security by default appears to be an alien concept.
Meanwhile, according to a recent article in the Washington Post, a couple of dozen global syndicates are systematically looting corporate websites and databases of all that is needed to impersonate those who control what is worth stealing. They are aided and abetted by barely a dozen registrars, whose services are used by those organising, for example, the fast flux hosting of child abuse websites.
My slide for this afternoon's debate at Infosec on "Who should police the internet" lists:
:
•The Sheriff of Nottingham and Robin Hood
•The Stockton & Dar1lington Railway Police
•Wyatt Earp and his Brothers and Cousins
•The Pinkerton Men
•The Royal Navy
•ICANN and the Registrars
•Spamhaus and the NCTFA
•The United Nations
•None of the above
As yet there is little agreement over who should do and pay for what: Internet Service Providers, Banks and payment service providers, those wanting customers to trade with them on-line, Government (by far the largest single victim) ...
Then there are the questions of governance and jurisdiction that have never been satisfactorily answered nationally, let alone internationally - witness the problems when criminals cross the county boundaries or state lines in the UK or US
There does appear to be agreement that the answer has to be a partnership. But partnerships require mutual understanding, commitment and resource.
The discussion this afternoon between Superintendent Charlie McMurdie, (working to create the Police Central E-Crime Unit) and the Rt Hon Alun Michael MP, (championed Crime and Disorder Partnerships and presided over the deal to create the Internet Governance Forum) will hopefully flesh out the way forward.
But there will then be much to do to make the Internet as safe as the Wild West or High Seas - let alone a suburban shopping mall.Hence the focus of the Eurim E-Crime Group on making a reality of the proposals for a nno-geographic E-Crime Reduction Partnership
But also stand back from the sales pitches and consider how the world is changing.
Time spent on-line is still rising (social networking, multi-player gaming etc.) but spend (call charges, subscriptions, transactions, advertising etc.) is falling. Reported losses (fraud, theft, extortion etc.) are rising. The black market in confidential data is burgeoning as websites and databases are "milked" and suppliers lay-off staff (who take files with them) or go down (with their files and equipment sold off to the highest bidder).
Meanwhile the profitability of communications and on-line service providers and retailers has fallen, impacting their ability and willingness to reimburse theft and fraud to retain consumer confidence.
The mantra of firewalls and anti-virus is of limited help to a business whose e-Bay or Google accounts have been hi-jacked to sell stolen cars to their customers or whose chief executive or finance director has been comprehensively impersonated after falling victim to a sophisticated spear-phishing attack.
The time has come to go on the offensive.
On Tuesday I am due to chair the Infosec Keynote session on "Who should Police the Internet?". My introductory notes should appear in a Guardian supplement on E-Security just before then and I plan to blog again with a link when they do.
Superintendent Charlie McMurdie will hopefully use that session to describe progress with the formation of Police Central E-Crime Unit. Then the Right Hon Alun Michael MP will take a wider perspective. As a co-op MP, Home Office Minister for the legislation to create Crime Reduction Partnerships and then DTI minister presiding over the deal that created the Internet Governance Forum during the UK Presidency of Europe, he is uniquely qualified to understand the issues of creating effective partnerships.
Meanwhile I draw your attention to the six reports of the EURIM-ippr study into Partnership Policing for the Information Society
The Scale and Nature of Computer Assisted Crime
Supplying the Skills for Justice
Reducing Opportunities for e-Crime
Building Cyber-communities: Beating Cybercrime
Time has moved on since they were published but most of the material and recommendations are still valid and some are about to be implemented.
The situation is now so bad that even major players have to co-operate to survive.
The case for joining the e-Crime Reduction Partnership is no longer corporate social responsibility to help customer education.
The case is now driven by the need for operational, professional and political action to:
· stop the bleeding (cash and data)
· remove the vulnerabilities (people and processes, not just technology)
· rebuild business confidence (board and shareholders as well as customers)
· deter future predators (by tracing current predators to obtain redress and revenge)
· disrupt the malware supply chain (by cleansing Internet governance structures)
Main Boards are now asking whether they are getting value from collectively paying only £3 billion a year protection money and under £30 million on policing - or whether they should be changing the balance. The next step, already taken by some, is to ask how they should be working together to change that balance, including what they can share to get better value, what they cannot and how to structure that sharing.
On Tuesday morning we will discuss the means on offer to help you to change that balancefor your organisations. We will also issue the first public invitation to "come and join us" in creating the necessary structures.
Note that, while the creation of the partnership is being initially driven and resourced via the EURIM E-Crime Working Group, the role of EURIM is that of midwife, or (for those who regard that analogy as too messy and bloody), the first stage rocket in a satellite launch.
By this time next year the partnership should be fully independent - but there is much to do to get there from here. Hence the need for membership fees and sponsorship to resource the organisational effort necessary.
Think Tanks spout the mantra of "evidence based policy". The reality is more commonly "policy based evidence". Any data likely to used for resource allocation, let alone performance monitoring, will be systematically massaged before it is passed upwards.
I have sat in on a number of the meetings in the EURIM work stream on Information Governance. The subgroup on "basic principles" found a morass of definitions that confuses rather than clarifies debate and some profound mismatches with regard to priorities and values. I am personally most concerned over the attitude that equates "Information Governance" with "Data Protection".
To my mind the objective of "Information Governance" is to have data that is fit for purpose, when and where it is needed. Security and protection are not objectives. They are core parts of the quality control process, alongside checking for accuracy.
Data that is insecure can be accidentally or deliberately falsified. It can also be used in ways that negate the objective: e.g. data used to accredit secure transactions also passed to fraudsters.
But data has to be regularly used and validated if it is to remain fit for purposes. Otherwise it can become out-of-date and useless, like the fingerprints of a bricklayer, the physical address of an itinerant worker or the IP address of a fraudster using a fast flux host.
"Secrecy" and confidentiality are all too often used to mask error and ignorance.
And as for the "power of information" ...
"Where is the wisdom we have lost in knowledge
Where is the knowedge we have lost in information"
T S Eliot, Choruses from the Rock
]]>
]]> 1) 100% capital allowances and zero valuation for business rating purposes for new investment in permanent communications infrastructure between now and 2012.