When IT Meets Politics

Tell UKIP that it holds the key to the future of EU Network, Information and Cyber security

2013-05-24T07:44:12Z

Let me explain why UKIP MEPs (and their allies in other member states) may well determine the future of EU Internet regulation and what is at stake if they do.

I have attended a number of recent meetings on the EU Cyber Security strategy. There is almost unanimous agreement with the objectives and almost unanimous condemnation of the means. For example, we need to make it much easier to report attacks, whether or not they are successful, in formats which enable rapid collation and response, as well as intelligence. The reporting of breaches, which may not be actually known until long after the event, is of historic interest only and diverts effort. Mandatory public reporting, as opposed to personally warning those known to be at risk via channels they can trust, is worse than useless. It is not merely a job creation programme for lawyers and compliance officers. It actively gets in the way of good practice in tackling threats as they emerge. More-over it penalises well run organisations which know what has happened, while protecting those which are unaware that their customer and personel files are in use by fraudsters.

Yesterday BIS issued a Call for Evidence on the EU Directive on Network and Information Security this is important - VERY important. You should read and respond.

The timing of the consultation is also very important. This Directive is unlikely to be scrutinised by the current crop of MEPs. We are moving into a period of interregnum when Commission initiatives will gather momentum while the politicians are away. There is nothing quite so dangerous as ignorance in motion and this Directive will be up to speed when the new crop of MEPs arrives, to be manipulated at will: save that half the new crop from the UK are likely to be members of UKIP or will have have done deals with them. Many other member states will have elected members of similar "a plague on all your houses" parties. In looking to educate those MEPs who will scrutinise this Directive we need to intercept the selection processes of the parties to educate the candidates, including those of UKIP. This may also be the type of cause which will appeal to those UKIP members who wish to do something useful while they are in Brussells or Strasbourg.

In educating them we will, hopefully, also educate the Commission officals as to the changes they need to make for the European Union to survive the pressures for "democratisation not bureaucratisation". This directive could be the touchstone because the vast majority of Internet users appear to agree that something must be done to improve on-line security. Unfortunately this is not the "something" that should be done. In the meantime make sure you respond to the BIS call for evidence so that, with luck, we can get the Directive re-written before the start of the inter-regnum.

You do not have much time. The Call will close on 21st June. Evidence can be submitted anonymously but the more public you are and the more channels you use, including direct to the Commission and via allies and partners in other member states, the louder your voice will be heard.

Also make sure to join and use the Digital Policy Alliance working groups to help the follow through, including that on the Digital Single Market which Malcolm Harbour MEP chairs and those on the Data Protection and Electonic ID Regulations. If they did not already exist this would be the cause to invent them. Lord Erroll is in the process of restructuring the Alliance to handle the issues of the future. This is one of them and I anticipate a coming together of the above groups to try to bring about a similar coming together of the EU initiatives. But first we have to kill off the Commission plans to fight the electronic equivalent of the Boer War.

Main obstacle to SMEs going on-line IS security - OU Survey

2013-05-20T15:51:54Z

Last week I received the report of the latest Open University Business School Quarterly Small Business Survey . This has been running since 1984 using the same methodology and therefore has a unique provenance.The special topic for this survey was SME use of mobile and web-based services. It contains some good news and some bad news. The bad news is that it confirms what I suspected when I blogged juxtaposing material from the 2013 Data Breaches Survey, the recent FSB - Intellect Report and the Policy Exchange Study and the National Fraud Authority examination of small firms as victims.

The good news is that 80% made payments on-line from their bank accounts, over 2/3 thirds sent invoices and slightly more (70%) received payment.This is double the proportion saying they were willing to transact on-line when replying to the FSB-Intellect and Policy Exchange surveys which I referenced in my most recent blog on this topic. I think the reason for the difference lies in the way the questions were asked, given that the FSB and OU surveys were both based on self-selected samples.

The difference does, however, raise interesting questions regarding the need for awareness campaigns "to help address "missed opportunities" that are called for in the other reports. There were few applications that most SMEs replying to the OU survey would never consider, although a quarter would never consider opening a bank account or taking out a loan on-line and a fifth would never consider using cloud services. Interestingly the latter was almost exactly the same as the proportion already using them - .

By far the most common obstacle to doing more on-line over "static" Internet connections was concern over the security of the PC or the Internet itself (cited by 35%). This was followed, albeit well behind, by privacy (13%) and confidence with the technology (11%). Technology limitations were cited by only 4%.

Security was an even bigger concern with regard to using mobiles (cited by 45%), with privacy equally far behind (24%) and technology limitations (20%) rather more significant. The proportion lacking confidence with their ability to use the technology was similar (12%).

Unlike the other reports the OU report contains splits between industry sectors, fixed and mobile and applications and organisation size and location. The variations by geography were significantly greater than those by size: Wales was well below average in on-line usage, followed by the East of England and Scotland. This may well reflect the ability to get a broadband service at all, whether fixed or mobile, let alone one that is fit for business use.

The variations by industry sector were also interesting. Usage was highest among those in "Agriculture Forestry and Fisheries" followed by "Business Services". It was lowest in "Transport, Storage and Communications" followed by "Hotels and Restaurants". This probably reflects the way DEFRA has forced farmers on-line to handle their claims while those running pubs and hotels appear happy to take bookings on-line, but not payment.

My conclusion is, therefore, that those who wish small firms to transact online should focus on ensuring that the products and services they wish to promote are indeed "fit for purpose" - with a premium on security processes that inspire confidence. Otherwise they risk merely stoking up paranoia with awareness exercises are not linked to effective education and support programmes. This was a core message from the awareness exercises in the early 1980s. It still has not been learned by the technophiliacs.

I am hoping that the Digital Policy Alliance will succeed where I failed and provide a neutral umbrella to bring together the various players who want small firms use their on-line products and services, because until that happens the current fragmented initiatives look set to fail.

BT launches offensive on Sky's broadband bulge: markets believe Talk Talk, not Sky, will be the main loser ...

2013-05-12T10:45:32Z

Ian Livingstone parked his tanks on Rupert Murdoch's lawn and the analysts clearly liked what they heard. At the end of Friday, after some fluctuations, BT shares closed 7% above their peak in March. Sky shares were 10% down from a similar peak. Talk Talk was down 20% from its March peak.

Thre is a lot of small print to digest with regard to what is really on offer, including price and quality of service but we can almost certainly see an overall surge in demand for broadband, as Sky and BT battle it out with a mix of special offers and retention deals. We may also see the re-introduction of competition in the local loop when Sky retaliates, not just with deals to ratin its customer base but by backing investment in Birmingham style open access broadband networks across those parts of the UK where business would benefit most from plugging gaps in BT's offerings - and is therefore likely to share the cost. We can also expect to see an extended range of Sky apps over smart phones.

We can also expect vigorous Sky support for Talk Talk and pressure on Ofcom to expedite the investigation of BT's margin squeeze on resellers. In parallel Sky will seek to disengage Virgin from the attempt to delay the Birmingham open access dark fibre networks by suing the EU for saying that such municipal enerprise did not constitute state aid. The way will then be open for Sky to ally with Virgin's new owners, Liberty, and also threaten to sue the EU for allowing the BDUK framework to bypass state aid rules and give single tender business to BT - unless the latter either withdraws its case or the rural networks are made open access. Sky will, in any case, almost certainly take legal action to ensure that the small print of the EU clearance (which was conditional not absolute) will be enforced

The result should be a win-win for business and consumers as BT gets the take-up and cash flow that will enable it to return to its pre-1997 investment trajectory and Sky (and others) bankroll the construction of world-class open access fibre networks, to leapfrog fibre to the cabinet before it runs out of capacity to carry the additional traffic. Theat leapfrog may prove critical to the future competitiveness of teh UK because scale of BT's investment in content, which may have only just begun (next comes the bidding for the FA Cup), the announcment that BT will spend £300 million on a share buyback and the size of the increase in the pension fund deficit, mean, however, that BT may not have the funds to go beyond its current infrastructure investment programme for some tiem to come.

However, provided the open access networks are not crippled by business rates and are also genuinley available for BT to also use, we could yet see the UK returning to world leadership in the global information society on the back of healthy market competition.

Am I being too optimistic? Is the light at the end of the tunnel an oncoming train? I hope not. But that also reminds me - last night I was told that the obstacle to making shared use of the National Rail Communications Network was contractual, not statutory. Similar issues appear to apply to the some of the other national fibre networks that are sitting unused - albeit the role of business rates should not be under-estimated.

I think we may be in for an interesting time as Sky, Liberty, Carphone Warehouse and also the mobile operators, for whom BT wifi is a formidable rival, plan their responses to BT's "declaration of war". I hope that the responses will including covering the final 10% in co-operation with local authorites, large and small and also affordable fibre to premises for inner city and suburban businesses as well as to rural business parks.

One interesting question raised in response to some of the analysts comments concerns the actual cost and quality of service being offered by BT, including that to pubs who will need the bandwidth to carry local wifi, as customers keep up with other sports (and vidoe gossip) while watching "the big event" on the main screen. Will the screen freeze when wifi traffic surges at half time? Will pubs wanting resilient quality of service end up paying for BOTH?

If so, the ultimate losers may include premier league footballers as BT, Liberty and Sky realise there is little point in bidding against each other for exclusivities that markets, and not just regulators, deny them or markets fragment over the kaleidoscope of content that is available over the Internet.

I would love to be a fly on wall after BT's mammoth briefing to investment analysts

2013-05-09T08:44:29Z

I am told that BT plans a six hour briefing to Investment analysts - said to be a record. The build up is certainly going well. Last week a club of 22 analysts said they expect BT to outperform the market over the next year.

Am I out on a limb with my criticisms of BT's plans to invest in content to compete with Sky and Liberty (new owners of Virgin) instead of upping its plans to invest in better, faster infrastructure to rent to them?

Does a critical mass of analysts believe BT can create a profitable quadruple play business when so many others have failed: from AT&T (who remembers the consequences of the latter's attempt to provide the commercial, not just communications, infrastructures for the Internet?) onwards?

Or will they come to the conclusion that a break up of BT and sale of the content and systems integration operations would leave a much more profitable core business - selling better, faster customer connectivity and trunking to Liberty, Sky, Pearson, Reed-Elsevier and the rest of the UK content production and distribution industries, as well as the rest of British Business, in competition with players like Arqiva and the other MacQarie "children".

If so, BTbecomes a take-over target for who-over can organise a deal with HM Treasury to cover the pension fund liabilities and Cabinet Office to cover the Critical National Infrastructure responsibilities.

Unless, of course, the content plans are actually defensive, to add non-regulated revenue streams prior to a break-up led from within. My immediate thoughts are that that could make the analysts current projections look modest and return BT to its pre-1997 growth trajectory.

Either way, I would love to hear the discussions the analysts have with the fund managers they advise after the briefing - and to see how the share price moves once the analysts have digested what they hear.

Why do SMEs who advertise on-line not transact on-line: lack of bandwidth, confidence, skills or support?

2013-05-08T12:30:36Z

On the morning of the first day of Infosec I attended a PICTFOR briefing on the current state of UK Cyber Security. The lack of intelligible security guidance for small firms was identified as a major issue by several speakers. Later that day I attended the launch of the 2013 Data Breaches Survey. Over half the small firms responding had suffered staff related security breaches over the past year and 2/3rds had been attacked from outside.

The following day I attended the launch of "The Digital Imperative" a joint report by Intellect and the Federation of Small Business on small businesses, technology and growth. Nearly three quarters of the 2,200 respondents to an online survey had websites but barely a third used them for on-line sales. This tallies with the finding in the recent Policy Exchange report "The Superfast and Furious" that around 80% of small firms have a web presence but only a third are willing to transact (i.e. accept bookings or payments) on-line.

Why is this?

Last year the National Fraud Authority survey of small firms as victims showed that 2/3rds had experience as victims, a quarter within the past 12 months. They do not need awareness programmes. They know they need education and support - but to do what?

The 2013 Data Breaches survey indicates the value of ensuring that staff know what to do. Over 90% of organisations where the security policy was poorly understood had staff related breaches. Under half those where the policy was well understood had such breaches. I think we can quite reasonably conclude that one reason why small firms are so reluctant to transact on-line is that awareness without the knowledge of how to take effective action has led to fear, not confidence.

So what training and support do small firms need and who is going to provide it? There is no shortage of advice and guidance - usually based on variations on ISO 27000 which assume knowledgable staff with the time to learn how to use complicated products and make sophisticated choices as what they trust and why. BIS is currenlty seeking inputs to a consultation on which security standard it should support - as though a "standard" was a signiciant part of the "answer" to the problem of loss of confidence in the on-line world.

When I was IT skills advisor to West London Training and Enterprise Council, three decades ago, we found that 2/3 of local organisations with more than 10 staff were already using computers but few had any professional IT staff. The "users had taken over the system" and most of them had received no IT training at all. Shortly afterwards another TEC, using a different methodology, found that the person in charge of IT in over 75% of small firms was the secretary/receptionist.

Today the world has moved on. Almost ALL small firms (including sole traders) use some form of IT and HMRC is trying to make Real Time inputs from approved accounting software mandatory for all who employ anyone (even a part-time Parish Clerk or a voluntary worker receiving a payment to cover expenses). Who is in charge of information security for the 99% of employers with no IT staff? What training have they received? The "Chief Information Security Officer" for an SME is typically the plumber's wife who, hopefully, reminds him to back up his smart phone when he gets back ... or it might be one of their children, who discovered the perils of cyberstalking and bullying before reaching puberty.

In a discussion after the launch of "The Digital Imperative" I said that the problems of giving small firms the confidence to transact on-line without fear of fraud would not be solved unless and until Intellect members can make a good living from providing and supporting products and services to FSB members that are genuinely easy to use and secure. My experiences in the ealry 1980s from running the pilot Micro-System Centre and advising the ITECs prejudice me strongly against advisory services which are not based on a robust and sustainable business model: unlike all those services created to support SMEs which are staffed by those who have never run one.

But the ease of use and security will not help if you cannot get the bandwidth necessary to provided an attractive, interactive business experience to your target customers. The FSB/Intellect study makes many good points about how technology can help small firms but a significant part of the answer is Cloud Computing, including for support and security. I first asked what bandwidth do you need in order to make effective use of cloud computing about three years ago . The answer was "What do you mean by cloud computing?" with some respondents saying that webmail and similar applications for a firm with up to a hundred employers would work adequately over a 10 mbps leased line. In the US, however, those promoting cloud services tend to think in terms of customers having symetric pipes providing at least 100 mbps symetric. Around the Pacific Rim our the competitors of the future think of gigabit fibres. Now look at the needs of some FSB members to handle inter-active video traffic, as with a small firm providing hand-crafted customised products or a country pub with customers watching different sporting events over their smartphones. The bandwidth requirement is akin to that which is now commonplace around the Pacific Rim.

At the recent DPA event with Neelie Kroes speakers from Digital Britain First made the point very strongly that those who could not get Fibre to a Business Park in Buckinghamshire or Oxfordshire or to a Country House Hotel beside the Thames, (for webcams in support of international advertising, let alone the wifi traffic generated by the smartphones and tablets of the guests), were at a serious competitive disadvantage. In this context the Ofcom investigation into BT's squeeze on reseller margins for fibre , after its actions (in co-operation with Virgin) to block the Birmingham attempt to leapfrog its upgrade schedule, would be good news - were it to help expedite the availability of fibre to premises at affordable cost - as opposed to the Openreach "excess construction charges". However, Talk Talk had to employ a German consultancy to produce the evidence, such is BT's dominance of the UK market, including vis a vis consultancies who have long been in a position to produce such information, were it not that it would lose them more custom from BT and its partners than it would gain from others. More-over we need to get BT and Virgin to expedite and upgrade their investment plans rather than block those of offers.

I threfore fear that the result will be more fear, uncertainty and doubt as UK economic recovery is delayed because BT is putting over a £billion into trying to compete with Sky on Sports Content, instead of into infrastructure to rent to Sky and others. Given that economic recovery on the back of such investment is essential to bridging the ballooning gap in the BT pension fund, I fear that this strategy may prove to be a lose lose for almost all. The only winners will be thsoe in BT who are looking forward to salaries akin to those of their counterparts in the BBC: whether or not the sports content business shows a better return to shareholders than BTs other attempts at diversification. Meanwhile sovereign wealth and pension fund managers around the world are looking to invest in the boringly profitable critical infrastructure utilities which MacQuarie, and others, are funding around the rest of the world.

Now for some good news. At the end of March the contract for the Cybersecurity Skills Partnership was finally signed. e-Skills has the go ahead to organise a set of pilots, from schools activities through FE and HE apprenticeships to continuous professional development, bringing together a wide range of partners, building on that existing work which is well-regarded by employers. The programme is unusual in that the first public announcement is that of research into the actual paths followed by those in the industry . I have agreed to help identify employers wish to use the results to improve the skills and motivation of those they recruit and to improve and update the skills of those they already employ. I hope to blog on the details shortly but, in the mean time, e-Skills is looking for those who will take a lead and ensure that the programme really is built around employer needs and not just the shifting sands of government policy .

Next I should say a word of praise (and I should say it is genuine praise) for BT's skills activities in support of its core business. BT is one of the few organisations that takes its apprenticeship programmes seriously. Its support for the plans for SME IT support apprenticeships should be copied by all who are serious about wanting small firms to have the skills and confidence to transact on-line.

Government Digital Service condemned for shallow thinking

2013-05-07T16:47:38Z

I recently described the rightly praised Government Direct website as lipstick on the face of a pig, and gave one example of what lies beneath (there are many more). A reader has just sent me a sharp critique of the Government Digital Services "over-enthusiastic" approach to agile computing. It rather looks as though the reform of public service delivery has become trapped between the Scylla of "delayed big bang" (exemplified by the hard rocks of the original approach to Universal Credit) and the Charybdis of "big bang" itself: sucking departments into a whirlpool of accelerating change using as mix of fashionable approaches from agile to big data, without understanding the disciplines, let alone possessing the in-house skills and experience necessary for their succesfull use on non-trivial change programmes.

In one of my first blogs on When IT Meets Politics I outlined the need to use the classical systems discipline of "structured evolution", incremental change within an overall framework, in order to achieve the radical changes to public service delivery that are long overdue. Things have moved on since then, particularly with regard to the maturing of Open Source software, but they have not moved on as far and fast as the enthusiasts would have us believe. I have jsut re-read my earlier summary of the some of conflicts that had to be overcome before we would achieve the benefits. We are barely a third of the way along the journey - delayed by unnecessary and unproductive firefights between enthusiasts, like the Open Rights group and those who take a more practical approach to achieving the same objectives.

I am of the opinion that the Government Digital Service (and also the rest of Cabinet Office and Treasury) should focus on mandating inter-operability, at all levels from technical standards and data interfaces through delivery, monitoring and management processes to funding mechanisms, rather than particular approaches or methodologies. Modular inter-operality is central to enabling flexiblity as needs and organisational structures changes and competition between suppliers. It removes the need to plan ahead in impr5atical detail and also enables the removal of contractual lock-ins ("components" can be replaced) which is why so many suppliers who "talk the talk" are very reluctant to "walk the walk".

It does, however, require mandation. I was supposed to use one of the early "agile" technologies employing re-usable code modules in order to merge and decimalise the sales ledgers for the ICL group of companies. I cheated and wrote custom code (albeit in well documented "common standard" Cobol) to cut days off the conversion and hours off the weekly overnight run for the new system. I was, of course, found out during my first test runs: the operators reported me even before I was ready to confess (it was a well run department). But no-one disciplined me or ordered me to follow process. Instead I put a nail in the coffin of that particular set of "agile" tools. Supposedly the technologies have moved on over the past forty years - but have the mindsets of young enthusiasts - as I was then.

More-over I benefited from training and career development programmes, including structured and supervised, "apprenticeship-like" work experience and a subsequent full-time MSc at London Business School. Few, if any, of the public servants of today have had anything like those advantages. Hence my regular plea to implement the recommendations of the Fulton Report . Relying on private sector expertise is no substitute and the current Civil Service Learning framework is a joke in very bad taste.

P.S. Just been sent a link to the interview with Brian Wernham on BBC News 24 on the (finally) phased and incremental implementation of the Universal Credit. Do watch. As readers will know I have been blogging on the need to adopt such an approach for over two years and have just looked at again at one of my first postings. Brian was diplomatic and did not comment on the aim of completing the transition by 2017. I would merely say that having the new systems ready by April of next year for a straight line roll out at 300,000 a month is improbable as a successful way forward. Much will also depend on the success or otherwise of the switch to RTI for PAYE. We should remember that PAYE is itself a creation of wartime, when the entire nation was mobilised working for the war effort except for those running the black market. The re-imposition of that mindset when a growing number of us no longer have one job at a time, let alone for life, is "at least as ambitious as the Universal Credit".

DWP excludes disabled users with modern browsers from using on-line services

2013-04-29T14:17:26Z

The new Government Digital Service website is a great success and has deservedly won prizes, but it is still "lipstick on the face of a pig". On May 13th I am due to chair a round table to agree the terms of reference for a high level study concerned with the use of IT to aid the reform of public service delivery and have just reread the excellent National Audit Office report on "putting users at the heart of government's digital services" (see below for my thoughts on some of the highlights but do read the full report - if you just read the summary you will miss some of the dynamite).

Obvious topics for the study include the joining up of duplicated communications spend and the use of smart phone apps to strip out costs and inefficiencies at the same time as improving speed and quality of response. However, the "digital by default" approach requires that those in most need of public services not only have good broadband access, whether fixed or mobile, but can also use the services when they get through.

As a result of the work of organisations like Abilitynet most modern operating systems and browsers have quite good facilities for disabled users. I was therefore startled to be told that DWP, who won an Abilitynet Award two years ago for their use of TexBox , require those who use anything but obsolete and unsupportered operating systems and browsers to claim disability benefit in another way .

This was presumably because their outsource contractors were fully occupied digging ever deeper and more expensive holes with regard to Universal Credits. It does, however, add a very brutal context to the polite but thoughtful National Audit Office report "Digital Britain 2: Putting Users at the heart of government's digital services".

The £1.8 billion savings Cabinet Office expects from the Digital by Default Programme assume take up in line with the 80+% who now use the Internet. But the NAO report quotes evidence that many of those who are aware of an online public service chose to use an offline option instead, including 49% of those aged over 65 and 26% of social class C2DE. For the 20 public services covered by its research it found that the proportion of transactions done on-line by those surveyed ranged from over 80% for a student loan or a tax disc to under 50% for a state pension or housing benefit.

Over half those surveyed shopped on-line. Nearly half banked on-line. But less than a third had registered or paid for a Government Service and less that 10% had booked an appointment or claimed a benefit. More-over ease of use and awareness of online options were not the only barriers.

Concerns included fears about making mistakes (notices about penalties for wrong entries did not help), concerns as whether they were dealing with a government department or a fraudster and the need for physical confirmation of transactions. Attitudes to providing information on-line to government are interesting. Overall respondents were less willing to provide information to government than to banks and online retailers (see page 29 of the report) but this is not because they trust it less. 37% were happy to provide data to Government. 17% were not happy, but did so. Only 5% halted transactions because of security fears. By contrast only 30% were happy with providing information to on-line retailers, 29% were unhappy but overcame those reservations and only 7% had teminated transactions because of security fears.

On a more positive note, the NAO reported that government was missing a trick by not recognising that half those with no plans to go on-line themselves receive help to use on-line services from someone else, such as friends, family and work colleagues. The government's approach to assisted digital services does not recognise this situation. Its routines for handling those with, for example, legal power of attorney to handle the affairs those at most risk of fraud or intimidation, whether on-line or off-line, are even more primitive than those of the private sector. It needs to work much more closely with the charities working in this space and design public services, as recommended by the NAO, so that people can apply for licences or make payments on behalf of others, in a way that minimises fraud.

The NAO makes a number of other eminently sensible recommendations. I particularly liked the polite phrasing of:

"The service should consider whether having each government department develop arrangements for people who need help is the best approach. Those who are offline are more likely to be those who are particularly hard to reach. It is therefore important that they can find information about how to access public services easily. As these people are also likely to be using several public services, there will be opportunities for departments to work together, as required by GDS, to help the offline user."

and

"The GDS should increase its behavioural research to see what prevents capable internet users from using online public services more. Our research suggests there are reasons other than lack of awareness, frustration with services or lack of trust. Some users feel that, while a digital channel is appropriate for shopping, it is not formal enough for some government business. GDS needs to understand these behaviours".

I was recently sent a link to research that appears to show that, as they get older, existing IT users make less, not more, use of the Internet. It is not just a matter of running training and awareness courses for the elderly and expecting the problems of low usage to go away over time. We really do need to look at why those who used to be enthusiasts find it increasingly difficult or unattractive to go on-line as they get older. Hence the importance of programmes like Sus-IT which try to tackle the issues head-on with its programme into the "New Dynamics of Ageing". I took at look at this area when I was a Corporate Planner with the Wellcome Foundation, looking at the issues of an ageing population - 30 years ago. I never expected that so little practical progress would have been made by the time I would come to need the devices we then evisaged.

The backlash against the smart meter programme has begun. What are the implications for IT users?

2013-04-28T11:13:18Z

The Daily Mail article "Big Brother to switch off your fridge" is a fiery attack on the proposals sent by the EU "collective" of Energy Regulators to the Commission on March 27th. It should also be viewed as an attack on the Smart Metering Policy inherited by the Coalition Government from Ed Milliband's energy review and white papers. That policy embeds the ability to introduce energy rationing because we have failed to invest in new generating capacity while imposing green taxes, subsidising windmills and closing our coal and ageing nuclear stations.

Hence the first paper from the Conservative Technology Forum Energy Group on the short order challenges we face if it is not just the lights but UK data hubs and cloud services that have to power down during windless winter weather. The summary of "Power to the People" emphasises the need to give customers "the right to choose". In order to do so we need to bring forward effective inter-operability standards for smart meters so that those who will benefit most from actively managing their demand for power do not have to wait for those will not, because their demand is inelastic. It we do not, we may face very real problems before the 2015 election, let alone after.

Meanwhile those whose IT plans depend of UK-based server farms or data hubs should factor in the provision of standby power supplies that may need to be used on a regular basis - as in India or other nations with unstable power supplies. Even urban SMEs who are critically reliant on their IT systems and broadband connections need to consider installing standby generators of the type used by island crofters, hill farmers or country house hotels, with satellite communications back-up for their broadband.

At the next meeting of the CTF executive I hope to hear the plans for a stidy to produce recommendations on how the accelerate the investment necessary to ensure that the UK will have the power as well as communications infrastructure to be a location of choice for "big data" hubs but time is running out.

On whose side are Open Rights with their campaign to "protect" the EU Data Protection Regulation?

2013-04-24T05:31:22Z

I have long had strong views on the need for effective Data Protection but I have just received a e-mail via ISOC UK soliciting my support for tomorrow's "Press Stunt" by the Open Rights Group to "protect" the proposed EU Data Protection Regulation. I have sat in on meetings which helped produce some of the amendments that the Open Rights group are condemning as lobby fodder and read their guide to the issues . Either the Open Rights Group has missed the plot or it represents a different set of interest groups to that which I thought it did..

The high level objectives of the EU Regulation are admirable but the focus on meaningless tick box rituals, like data breach notification, means that it is, in practice, unfit for purpose, unless the purpose is to drive on-line operations off-shore (to the United States or India) or to facilitate the quiet harvesting of data to commit systemic fraud. It will do little or nothing to protect privacy. It will, however, help protect those who abuse our privacy by giving them the excuse of "compliance" with the rituals.

The focus should be on "encouraging" those who want you to use their products and services to help protect us when the data needed to impersonate you is available over the Internet, whether legally or illegally. Current "data breach" notification routines serve to deter organisations from taking action to protect customers known to be at risk when the channels via which their data came into criminal hands are unknown or legal (e.g. Companies House and other "public record" sources contain almost all that is needed to impersonate anyone who has served as a director of a company). Meanwhile routines cited as "good practice" are known to facilitate fraud: we cannot dismiss the US "evidence" that breach notifications are followed by attacks on the recipients, even though we may have doubts over its meaning. Publicity for breaches is indeed commonly followed by a surge of false "notifications" to harvest rather more than leaked.

The proposed EU Regulation will almost certainly make that situation worse. The need is instead to clarify the liabilities of those who do not take effective action to protect customers whose details are "available" over the Internet. I say "clarify" because, for common law countries, the liabilities may already be clear but unpublicised, (in the UK it is a mix of tort, contract, bills of exchange and fair trade) - and we can see large organisations beginning to take action accordingly. Indeed the recent "spat" between Spamhaus and Stophaus appears to have originated with an exercise to do so.

I spent yesterday at Infosec getting sore feet visiting the stands of the security snake-oil salesmen. Many were selling products and services to help clients meet data protection "compliance" requirements which did little, or nothing, to help them protect customers from fraud or abuse. Several had products which could also be used to help identify those attacking their clients and/or reselling "stolen" data - but this was not at all obvious from the material on their stands. Only one had publicity material promoting a product (Garlik Data Patrol) designed for that purpose. Yet to my mind the use of such products should be the first duty of any organisation that suspects it has had a data breach. Indeed I would argue they should be used, in parallel, by all who use services like Trusteer. Given that most breaches are identified weeks or even months after they occurred, the requirements in the EU Data Porection regulation are, by comparison, either meaningless or worse than useless.

So what planet is the Open Rights Group on?

Perhaps more interestingly, who side is it on?

I used to think is was on "my" side: thinking of "me" as an individual who is as suspicious of

Governments, who demand data retention in order to "protect" me,

Regulators, who demand data retention for "consumer protection and

Anyone who extols the virtues of "Big Data" as an aid to democratic decision making

as I am of the mass market ISPs, On-Line Retailers, Search Engines and Social Networks who track my on-line activities in order to improve service (alias sell) to me.

I now have my doubts about the Open Rights Group. I fear those doubts may be reinforced tomorrow when we see who it attacks, why and how. "By their enemies shall ye know them"

I also have my doubts about ISOC. I joined in 1995 in the fond belief that sooner or later it would become the Governance structure that the Internet so badly needed. It is now clear that it will not. It does much good work but appears unable to look at issues from the perspective of billions of users, most of whom no longer have english as their first language. I have a growing suspicion that the future of the Internet will come out of Africa (like mankind) and Asia (like printing) not California or the Cambridges (Fenland and New England). And Western Liberals may not like that future. if so, it will have been their fault. I remind readers that the one thing I am not is a Liberal. My politics are where left meets right, round the back, beside the bike sheds.

P.S. I have focussed on the counter-productive nature of the proposals for Data Breach notification but I could have made similar points regarding the proposals on privacy by design, impact assessments, consent, the right to be forgotten or data portability - when the small print will almost certainly deliver the opposite of what the regulation is supposedly eeking to achieve.

If you think I am wrong please comment. In the past I have had a lot of time for the Open Rights Group and I would love to believe that I have misunderstood their position.

Anonymous Justice in the Internet Age

2013-04-18T08:36:58Z

I have just been sent a link to a story of how "Anonymous", whoever or whatever they are, "solved" a particularly nasty case of gang rape and cyberbullying leading to suicide inside two days after the RCMP had got no-where in year. The case raises many issues from how police investigations should be conducted in the Internet Age through to the evidential quality, if any, of material that is widely circulated and believed.

I raised some of these when I last blogged on "Justice in the Internet Age" . This case puts them into a much bleaker context - including the duties and responsibilities of those outside the justice system. The case between Lord McAlpine and Sally Bercow is also apposite. How could/should we differentiate between the gossipers of Twitter and the e-vigilantes of Anonymous?

Would re-opening the UK Broadband market to competition be a fitting tribute to Mrs Thatcher?

2013-04-15T18:18:59Z

Amid all the "tributes" and suggestions for memorials we have forgotten what would have happened if some of her less controversial achievements, such as telecoms liberalisation leading to full competition in the local loop, had not been reversed after 1997. The independent regulators put in place to open up competition to the utilities she had privatised and to subject them to market forces, such as Oftel, Ofgas and Offer, were replaced by instruments of state control run by former political advisors (Ofcom and OfGem), which "helped" plan investment, set policy, agree prices based on "acceptable rates of return" and protect incumbent players from uncontrolled innovation.

I therefore suggest that a fitting memorial, additional to a giant handbag on the fourth plinth in Trafalgar Square, would be to complete some of her unfinished business: beginning by re-opening the UK telecoms market to genuine competition. This does not appear to require any legislation. I have blogged before on the difference between the statutory duties in the Telecoms Act 2003 and those quoted on the Ofcom website . The recent spat between the bosses of Carphone Warehouse and of BT illustrates the need for an order from the Secretary of State to Ofcom to follow its statutory duties and take its anti-competitive powers seriously.

That new sense of purpose should begin with an instruction to organise a public enquiry into the supply of high speed connections for business users. The core objective is not, however, to indulge in another round of BT bashing. It should be to give BT and Virgin a vested interest in helping expedite investment in cheaper, faster, more reliable, basic utility infrastructures which they too can use. Rationing investment to the speed and scale that they can fund from existing sources, while they simultaneously try to create quadruple play businesses, should not be a serious policy option .

The attitude of a BT spokesman that a competitive market is one in which it resells local loop connections to its competitors at the same price as it sells to its competitors reflects the mindset which the 1979 policy of telecoms liberalisation, not just privatisation was intended to bring to an end. It is BT that is using a different definition of monopoly to the rest of the world.

This was a subject in which Mrs Thatcher was well briefed and took a personal interest. One of the few Britons who really understood what was at stake was a contemporary of hers at Oxford. Derek Broome, a dashing young fleet air arm pilot who went out with her best friend at University also fought hopeless seats in the 1950 and 1951 elections and briefly ran a Bell Operating Company before Arnold Weinstock put him in charge of Reliance Systems.

Some older readers will remember Derek for his work on the PITCOM programme committee and his trenchant views on those who wasted time and effort because they had failed to analyse the reality of what they were trying to address. I was privileged to work alongside him on the 1979 computing and communications policy studies, having been introduced by Michael Spicer who was Sir Keith Joseph's link man with the Computing and Telecoms industries before Ian Lloyd was tasked to produce policy recommendations for the party to agree and announce. The election came earlier than expected and my "consultation paper", intended to provoke debate on the issues in wider context was published after the election as "Cashing in on the Chips".

As a consequence of the decisions taken under Mrs Thatcher, the UK was well on the way towards having "at least two competing cable suppliers providing broadcast quality video to every home by 2002". Then New Labour put the policy into reverse with Local Loop Unbundling. Before the turn of the millennium BT already had fibre to within a mile of more than 60% of British homes. Meanwhile the Cable Companies had struggled to compete and ended up hiring Stephen Carter to help them replace "competition in the local loop" by "local loop unbundling" and to salvage NTL for its bondholders. That change, which saved the cable companies from bankrupcy and take-over by those with deeper pockets, wrecked BT's forward plans and its finances, delaying its plans to bring fibre to rest of the UK by over a decade (its much trumpeted current £2.5 billion roll-out). We are still waiting for its plans to provide fibre to every business, let alone home, to restart.

Hence my modest suggestion that part of the memorial to Mrs Thatcher should be to mandate the regulators who lost their way under New Labour to stop trying to micro-manage markets and technologies and to focus on restoring competition to the industries she privatised.

IPR Wars: who really are the heroes and villains, winners and losers?

2013-04-09T13:49:13Z

I have regularly blogged on the theme of IPR wars over the past five years but the Indian Supreme Court Case restricting patent protection to genuine innovations indicates that the pace of change may be accelerating. I recently enjoyed an article attacking the idea that "the Chinese are not innovators and rely on stealing the IPR of the West".

It reminded me of the American myopia when dealing with the "nation" whose engineers built the Pacific Railway across the Rockies, drawing on a millennium of expertise and innovation, thus helping build the fragmented United States of America into an equally centralised "nation". But neither China nor the United States are really "nations". They are "empires", united by common language, currency and communications networks which enable the executive of the central government (whether personified by Emperor, General Secretary or President) to enforce its will on the "provinces".

The big difference is that modern China is led by engineers, the intellectual descendents of those who built the great canals which held the empire together. The United States is commonly led by lawyers (like the Clintons, Nixon and Obama), intermixed with career politicians (Johnson and Truman), soldiers (From Jackson, through Grant to Eisenhower) and the representatives of semi hereditary clans which mix business and politics (the Bushes, Kennedys and Roosevelts): the intellectual descendents of that strange alliance of libertarian constitutional lawyers (like John Adams), wealthy traders (like John Hancock) and authoritarian, slave owning, landowners (like George Washington) which brought it together.

Hence the reason that the Chinese have an attitude to copyright akin to ....

]]> th Century England, when most of the political leaders were busy employing engineers and mechanics to build wealth creating industrial complexes on their estates or funding canals and trading fleets to transport the results. Meanwhile American politicians, whose nascent industries were founded on stealing the IPR of Europe, have long sought to preserve and enhance their own rights, regardless of whether the length and nature of the protection they give fosters innovation.

In the middle of the current fierce debate as to who are the world's innovators and who are the protectors of the past, I find a curious reluctance to look at what, to a scientist, or even to a historian (my original discipline) are some obvious questions and to seek evidence to support the "answers" being thrown around.

Is it easier for a small UK or European firm to defend its intellectual property rights in Brazil, China, Europe, India, the UK or the USA?

Is it easier for a dominant player to block innovative competitors (perhaps mixing regulatory "capture" with predatory legal action) in China, Europe, India, the UK or the USA?

Where is it is easiest for Doctoral Student to retain a fair (what is fair) share of the IPR in his contribution to knowledge: bearing in mind the differing policies of Universities within the UK let alone the different approaches in other parts of the World?

Where is it easiest to turn new ideas into products and services and reap a reasonable (what is reasonable) reward?

One man's innovator, wishing to build on the knowledge of the past, whether or not those who "own" that knowledge wish this to happen, is another's intellectual pirate - whatever his motives. Thus St Columba, was sent into exile for breach of copyright , or rather for causing the death of 3,000 men when he contested the decision of the court against him.

One of the special subjects for my undergraduate degree (History) was the causes of the English Industrial Revolution. This was a fashionable topic when I was a student but one which appears taboo (apart from the mythology) today. Whatever the overall mix of causes, change was accelerated by a "interesting" mix of intellectual piracy and protection.

Piracy as Nobles on the grand tour brought back German metal-working technology, the designs of Italian machines for manufacturing fine cloth and silks and French steam engine technology, to be blended (often by refugees from the religious and secular wars across Europe) with the ideas and designs brought back by merchants from Indian and China.

Protection under patent and copyright was limited in scope and time and treated with suspicion (monopolistic restraint of trade) at least as much as with respect (reward for endeavour). More-over that protection was lost by those who did not actively manufacture or publish that which was protected. We should remember that Boulton and Watt , for example, built only a fraction of the steam plants that transformed the England. Their attempts to extend their patents failed and former windmill engineers were more adept at harnessing the power of the cheaper (albeit less efficient and inferior in precision and power) engines built by their rivals. The Boulton and Watt company grew and survived by agreeing licensing deals based on the fuel their better engineered and serviced machines saved in locations and applications where this was important.

Meanwhile the fledgling United States refused to recognise the Intellectual Property rights of Europe just as they refused to accept that Indians might have equal rights as subjects of the King or that slaves might become free by setting foot on "English" soil. This perspective adds an interesting dimension to the mindsets of that the alliance of interest groups which fought for independence from Westminster and Whitehall while their neighbours fled to Canada. It also adds to the irony of the decenends of intellectual pirates, slave owners and their lawyers seeking to set the protection rules for the rest of the world.

I do not have a conclusion - other than that the time has come to look more seriously at the evdience as to which IPR regimes best mix encouragement and reward for innovation in practice. If 14 years protection was good enough for the fast moving 18th Century how can one sensibly justify, let alone enforce, the copyright extensions of today? The exception is where products cannot be legally be sold until safety testing has been completed and checked. As a former Corporate Planner for the Wellcome Foundation I have strong views on who is to blame for the drying up of medical innovation but in the context of this article I would "merely" say that it should be possible to extend patent protection to "recommence" from the date the product is licensed - but that such an extension should only available to those who organise and fund the necessary testing.

I also believe that a smilar approach should apply to complex software. As one of the founding directors (back in 1984) of the Federation Against Software Theft , I recollect our discussions as to whether copyright or patent was the best approach to protecting the nascent consumer software industry (e.g games) from being wiped out by piracy. We concluded that copyright was simpler, even though the life of protection was too long. We also expected the regime to be reformed, not just extended, when the long promised DTI bill came forward.

There is no easy way forward but unless the UK and Europe help lead the way towards a win-win solution, they will cease to be among the locations of choice for those seeking to build and grow innovative businesses. They will have been crushed between India and China and their trading partners as US lawyers and lobbyists enlist the UK and EU as allies in seeking to defend positions on IPR that are no longer globally sustainable.

Should you really kick a regulator which is scared to do its job?

2013-04-05T09:05:50Z

I do not always agree with Ian Grant but some of his recent posts illustrate why Ofcom really does need a good kicking - or should we instead stop kicking and give it the confidence to turn on the wolves and defend the sheep - as it was supposed to. Perhaps I was wrong.

I have commented before on the disparity between the priorities stated on the Ofcom website and those in the legislation which created it . Ian Grant's commentary on the deeper problems beneath the recent price changes revealed in the CSMG report which was part of the supporting evidence for that price review are most apposite.

Is, however, a good kicking really the answer? In my "kicking blog" I referred to the module on regulatory economics at the London Business School in the early 1970s. Some of the other "lessons" from that module concerned "regulatory capture" (because regulators are commonly staffed by technical experts from those they regulate) and the way they can be intimidated by incumbents with bigger and better paid legal departments and budgets - unless robustly supported at the political level by business customers and consumer groups.

The Conservatives had such points in mind when Oftel was created. So too did the politicians who scrutinised the legislation to create Oftel. But it is something else to provide the regulator with ongoing support over time. Hence the drip drip erosion of Ofcom's attention to fostering genuine competition in favour of, for example, the legal games on local loop unbundling to save the bondholders of NTL and Telewest, who were so ably represented by Lord Carter in his pre-Ofcom days.

I therefore have more than a little sympathy for a regulator faced by incumbents with the temerity to sue the Commission in order to protect themselves from effective competition (the Birmingham State Aid case). I do not, however, believe Ofcom will ignore the points Ian found in the CSMG report. I suspect they were made to help give Ofcom the political support it needs to do its job.

But how many of the business users who need rapid and effective action (if they are not to have to relocate outside the UK) will actively lobby their MPs in support?

Will the Broadband Stakeholder Group or the CBI act as an umbrella for such lobbying?

I expect the businesses most affected to move instead to where they can get the connectivity they need - offshore if necessary, Shoreditch if they can afford the rents. Thus they will be marching in the opposite direction to that sought by a Government which wishes to encourage growth in those areas which have persistant of high unemployment because they have poor communications: road, rail, air or fibre.

I expect the BSG to organise further worthy activity on topics such as valuations for business rates:disproportionately important though the uncertainty when it comes to discouraging investment by potential competitors to BT and Virgin.

On the action to be taken with regard to business rates I disagree, however, with Ian. Trying to get rid of business rates at a time when the Chancellor is desperate for revenue is not the answer. It would be far more effective to demonstrate, (in court by actions supporting by a critical mass of those affected if this is necessary), that the correct valuation, in accordance with basic principles behind business rates, is negligible. The reasons for not taking this approach do no credit to those concerned.

I do agree with Ian, however, on the importance of business rates: if we want pension funds and long term investors to help build the utility communications infrastructures that BT and Virgin and the others who believe in quadruple play regard as boring.

I have been trying to work out why the management of BT and the investment analysts of players like Macquarrie have such different views over the attractiveness of shared utility infrastructure ownership and operation as opposed to integrated communications and entertainment operations.

Then it dawned on me.

The latter pay salaries and bonuses akin to those of the Media World (e.g. ITV or the BBC) while giving similar (i.e. little or no) return to investors. Media lawyers and consultants also comman much higher fees. The salaries for running infrastructure operations are, by comparison, mundane unless, as in the case of British Gas, you also supply the content.

No wonder the tail wags the dog.

Power to the people: Smart meters under user control as the first building block for a trustworthy 21st Century Infrastructure

2013-04-04T10:03:57Z

The Conservative Technology Forum has just released its first policy paper since the last election. It is on Smart Meters, where there is a need to revert to the original industry proposals put forward by "Sustainability First" in 2006 and ditch the unnecessarily expensive and now unaffordable plans inherited from Ed Milliband's 2009 White paper. The full press release is below but the paper is about rather more than smart meters. It is also about an approach to using market forces to draw in private sector investment to create a joined up 21st Century Infrastructure for a world of ubiquitous computing - the internet of things. I recommend you also read the full report. The follow up studies ...
]]> Will address more of the issues - but first the full text of the press release

Power to the People

Conservative Technology Forum Energy Group launches smart metering paper

London, UK, 3^rd April 2013, the Conservative Technology Forum (CTF) Energy Group has launched this first paper in response to a meeting with Charles Hendry, MP, in April 2012. The Group has brought together interested parties from suppliers, consumers, standards bodies and politics to formulate the paper. This has been presented to Baroness Verma and the Group hopes to hold a meeting with the Minister in the near future.

"We have to turn the approach to smart metering on its head and emphasise the benefits to early adopters" says the Andrew Henderson, Co-Chair of the Energy Group, introducing the Conservative Technology Forum policy proposals in their paper: Power to the people. "The policy will fail unless adoption is encouraged by giving choice and the ability to better control their spend to consumers and more certainty of return to lead investors. This does not require a change to the commitment to roll out. But it does require change to presentation and priorities."

As Energy Minister, Ed Miliband, rejected proposals put forward by Sustainability First in 2006 for a market-led pilot, based on consumer choice. We would encourage the current government to look again at a market-led approach, addressing consumers' concerns over cost and giving suppliers the incentive to invest to avoid the rationing processes, implicit in Labour's plans, having to be used.

The three pre-conditions to success are:

Consumer engagement,

Investor engagement

Inter-operability standards

The paper does not suggest changing the commitment to the roll-out of smart meters. The route and timetable have, however, changed over time. The economic climate has changed. Pressures on customer (business as well as consumer) budgets have increased sharply since Conservative policy was last published as part of the "Rebuilding Security" policy document. It is also important to remember that smart meters are not an end in themselves. Their value depends on ubiquitous broadband, smart grid and smart infrastructure so that we can all make effective use of the information they generate.

"I am very pleased to have helped the Energy Group get this paper off the ground. A tremendous effort has been put in by people from both the consumer groups and industry. This represents a great step forward in what we all want to be a successful project," commented Laura Sandys MP and first Co-Chair of the Group.

A four page management summary of the full paper is available at www.conservative-technology.org

The full paper is available at www.conservative-technology.org. For more information contact: andrew.henderson@wychwoodconsultingltd.co.uk

ENDS

Press contact:

Andrew Henderson, Co-Chair, Energy Group, Conservative Technology Forum
Tel: 01256 861 813
Mob: 07780975696

Email: AHende1006@aol.com

Conservative Technology Forum, c/o Conservative European Parliament Office, Europe House, 32 Smith Square, London SW1P 3HH

Email: secretary@conservative-technology.org www.conservative-technology.org

A case study in regulatory hypocrisy: Google tried to produce a privacy policy that users can understand and ....

2013-04-03T07:27:37Z

The controversy over Google's privacy policies is mounting. More data protection commissioners are getting in on the act. It is not that Googles policies are significantly different to those of the rest of the on-line world. It is that they attempted to make their policies coherant and intelligible. In parallel we have the news of the departure of Alma Whitten , whose breadth, depth and clarity of thinking put regulators and marketeers alike to shame.

It is always sad when the pedants and hypocrits win. But that is the way of the world. The majority of fines levied for breaches of data protection law are the result of self reporting. The Office of Fair Trade is more likely to take effective action to protect those whose data has been copied and sold, as with its recent action to withdraw the license of a pay day loan company used by impersonators . Meanwhile we are stumbling into a world where those who provide our on-line connectivity think they should to track our every communication for content and location, with or without our knowledge and consent, in case they (or the state, or a lawyer or a regulatoror a law enforcement agency) might have a use for such information. But equally they, and those who expect them to keep such information in case it might be "needed", have no intention of being liable if that retained data is used to impersonate, defraud or abuse us.

Hence the potentially lethal nature of the current round of regulations coming out of the EU covering data protection, identity and cybersecurity. The intentions may be laudable but the small print is in almost every case seriously counter-productive - such as plans to pass breach "notifications" to those we do not trust (regulators, law enforcment agencies, government departments and, of course, their outsource contractors) or of which we have never heard.

Yesterday I was in a meeting with a senior industry figure discussing what should be done. He suggested waiting until the situation was clearer and before mounting a step by step exercise to correct the mistakes. I said that would mean that his organisation and its peers would get stuffed and have to move operations out of the UK/EU in order to remain globally competitive - because they would face a hundred thousand compliance officers, legal advisors and information security consultants all in support of "more detailed guidance" (i.e. tick box regimes supported by thousand page procedure manuals). The jobs of the latter would, of course, be safe, retainer by receivers to dispose "safely" of the data, after everyone else had been laid off.

I suggested that, instead, those wishing to reiman in business in the UK/EU should begin with the stated objectives and seize the moral high ground by demanding that priority be given be to the actions that were actually needed. Thus the Cyber Security directive is supposedly needed to help better protect critical national infrastructure. It should therefore be focussed on critical national infrastructure, such as power grids, communications networks, payment clearing and food distribution - and the need for demonstrable resilience in the event of of fire, flood, storm and digititis (finger trouble) as well as actual attack. Topics such as social networking should be excluded from consideration. Things like data breach notification should be secondary to responsibilities and liabilities for action to protect customers and suppliers (i.e. up as well as down the supply chain) in the event of suspected problems.

I suggested that the need was therefore to assemble a credible cross sector, pan-European group who would call for what was actually needed in order to protect the infrastructures on which their businesses (as well as the rest of society) dependend. They should also actively block attempts to side track the directives onto that with which regulators and compliance officers were comfortable but which would do less than nothing to protect them or their customers from the risk of infrastructure failure. That is much easier said than done - but the very effort of doing so can help kill off the displacement activities which make politicians feel they are doing something although they are actually making a bad situation worse.

Similarly when it comes to breach notification. What is the point - when the information needed to impersonate most of us is already publicly available or out "in the wild". What we need is to make it easier to organise co-operation to find out who is collecting, collating and reselling our data and to stop them - unless they have our consent to do so. If you have not already done so, watch Gary Kovacs, TED talk, Tracking the Trackers on behaviourial analysis.

At this point you can see just how difficult a task faced Alma Whitten and will now face her successor, Lawrence You. They are caught between a business model and a set of political assumptions - neither of which gives priority to usable and informed customer choice. They are not, however, the only ones. Since when did technology experts listen to their users - any more than suppliers listened to their customers - or party leaders to their members? The world is full of those who know best. The on-line world was. of course, going to change all that. And we can see the electronic pigs flying past in virtual formation.

A recession is, howver, a time when consumer power comes to the fore and real change happens - because the complacement can no longer throw money at problems.

I expect the way forward to come out of India (when the Supreme Court has just blocked add-on patents), China (which now has the world's largest on-line communities and is run by engineers who think ahead) or Cambridge (home of the Devil's Flamethrower) - not California (beginning to show signs of complacency) or Oxford (home of PPE and other dangerous delusions and causes which have yet to be lost).