When IT Meets Politics

William Heath asks “what happened to the Crosby review” in his “Ideal Government” blog (a must for those of you who want to keep abreast of the thinking among the e-government movers and shakers). However, while I always find William’s insights most perceptive and his blog most informative I think he is on the wrong tack. I think that Crosby has put issues into the wider perspective and the result is even more challenging, across the whole of Whitehall, not just Home Office, than William speculates. Hence some of the drafting of the Public Service Agreement to which I referred in my entry on delivering the Transformation of Government.

Next week will see the annual Get Safe On-line campaign and also the Internet Governance Forum in Rio de Janeiro - at which the need to improve security will be a major thread. Last week the government response to the report of the House of Lords select committee enquiry on Personal Internet Safety was published. The doctrine of Ministerial Infallibily means that no department can publicly accept in full the recommendations of a committee that it did not appoint. The wording of the response is, however, such that I would expect all the main recommendations to have been adopted before the next General Election - provided they have the necessary support and commitment from industry: users as well as suppliers.

Yesterday the Cabinet Office Mnister, Gillian Merron MP presided over the launch of the annual Get Safe On-line security awareness campaign. The GSOL website now includes material on business, as well as consumer protection and every customer-facing website should have a hot-link. And if you think the material needs improving, join up and help improve it.

Those at the launch event heard the usual barrage of statistics, this time from a survey of 2000 adults conducted by ICM in October. Three hit home.

- 88% of end users (and 99% of SMEs) now have some form of Internet Security software,
- 73% believe some-one else should have prime responsbility for their on-line security, usually those who want them to transact on-line (i.e. only 27% beleive they themselves should have prime responsbility)
- 36% will not bank on-line (and 21% will not even shop on-line).

Last week, in describing the challenge of moving towards citizen-centric service delivery, Sir David Varney reminded his audience that the current structure of Whitehall dates back to 1918, when Lloyd George's coalition government decided to organise the post World-War 1 public services in vertical silos, each with its own legislative powers. In order to protect against abuse the agencies were often forbidden to share information except under specific circumstances.

The minutes of the first of the EURIM "Transformational Government Dialogues are now available and help explain why the reform of public service delivery is so important, why it is so difficult and why technology enthusiasts are all too often part of the problem, not the solution,

"Who do you trust? The Government, Marmite, Michael Fish .. Tesco .. ? So begins Matthew Gwyther, in a Management Today editorial on corporate trust. Debate over on-line trust is even more surreal.

Those who believe in the benefits of the on-line world must act rapidly and effectively to turn the current backlash against its perceived insecurity into well-informed votes of customer confidence in those who practice, not just preach, secure information sharing.

Recent revelations as to the scale and nature of data losses in both public and private sectors, like events at the Northern Rock, show that current information governance regimes are not fit for purpose. So who can be trusted to act?

Until last week, HMG information assurance policy assumed that hundred of thousands of public servants would follow security procedures better than the Wermacht, Luftwaffe and Gestapo whose codes were broken by Bletchley Park.

Recent revelations and those yet to come, including from the private sector, threaten untold damage to trust in the on-line world. The time has come to transform attitudes towards information risk management.

I have just received the letter asking for inputs to the independent review requested by the Prime Minister. Inputs to this review will be discussed at most of my meetings tomorrow. What will you be doing to help?

I got the name wrong. It is sousveillance not su-veillance, but we have now seen the concept at work over the past couple of weeks, as e-mails leak and the omni-incompetance of our over-centralised bureaucracies is exposed.

The growing flood of data leak stories means that few, if any, large UK public sector ICT programmes will be progressed until political confidence is rebuilt. That is a major challenge for an industry that has lost touch with reality

This evening the Number 10 Website had 8,245 petitions, on all sorts of subject from the serious to the frivolous. That on e-Crime has now climbed out of the noise. It may have only 348 signatures: but what quality!

External directors have the opposite problem to journalists. Under "fin de siecle capitalism" and in public sector "quangoland" they are sacrificial goats: little or no power to effect change but expected to share responsibility for failure. The time has come to butt back.

The speach for which the Archbishop of Canterbury has been attacked goes to the heart of legal and cultural issues that have to be addressed if our globalised, multi-jursidictional, multi- cultural, global information society is to survive, let alone flourish.

Across the UK we can see unholy alliances of data protection and security consultants, technology salesmen and regulatory lawyers bureaucrats queuing up to "help" Sir Humphrey "protect" our privacy.

It takes a child psychologist to navigate the politics of Whitehall and the Internet and produce, on time, a meaty report whose recommendations will be almost impossible to ignore - despite some painful stings - although I would prefer to call them "therapeutic accupuncture"

I have just received an e-mail from "The Excellent Network" on "10 Thinks you didn't know last week" inviting me to click for actions in the coming week. If arrived just after a reference to another data breach at US supermarket chain; I decided not to trust it. I also concluded that my wife was not irrational when she declined to trust the security of our local supermarket.

I have agreed to chair the session on "Ethical aspects related to the use of government on-line services" at the European Commission workshop on "Ethics and e-Inclusion" in early May. In parallel I am mapping "issues and players" for the new UK Internet Governance Forum. As with climate change it looks as though we are walking backwards into a most uncertain future.

Yesterday at Infosec the Information Commisioner said that the Cabinet Secretary's Review was expected to be focussed on "issues of accountability and governance", indicating that the heads of departments would be personally responsible in the event of serious data breaches. But where is the guidance on how to share information securily going to come from?

There in no excuse for permanent secretaries and senior responsible owners to ignore "The Directors' Guides to Managing Information Risk" published yesterday. Each of the eight guides follows the format a Churchillian "prayer": "pray let me know on one sheet of paper ..."

How ethical is it to try to persuade the socially-excluded and digitally naive to go on-line when you are not going to provide them with easy to use and secure access or keep the data they enter secure from predators, fraudsters or those who would use it to enforce the "honour" of the family, clan, school, gang or other community?

This week the Economist publishes an excellent article describing the ambivalent attitude of the British Public towards Civil Liberties and the Surveillance Society. It could be, but is not, summarised as: "We want to be looked after but do not trust the systems".

Over 20% of the population of the world and over 60% of that of the UK population now use the Internet to do business, learn or play. The proportion of criminals who use it to identify and exploit victims is at least similar.  So who is policing it - everyone or no-one?

The loss of the Home Office prisoner mash-up on an unencrypted USB appears to have triggered a long overdue "review" of the national children's database ("the honeypot for pederasts"). Meanwhile the inflexibility of current contracts and the drop in the value of sterling have triggered similarly fundamental reviews of private sector ICT strategies..

The Internet is the most concentrated and regulated communications system the world has ever known. Players like Google or Microsoft take a far larger revenue share of the markets within which they operate than Standard Oil, Ma Bell or IBM ever did. Meanwhile over 500 agencies and regulators in the UK alone claim powers to access traffic data or stored content: albeit almost none are capable of securing what they demands.

During one of the plenary sessions at the "Parliament and the Interent Conference" a contributor from the floor said that "Information promiscuity" was a natural reaction to the unholy combination of the surveillance society and data incontinence (losses of personal and other data). That set me thinking.

A strong response to the consultation on the "Additional Uses of Patient Data" (e.g. to help planning, research, audit etc) could change the nature of UK debate on data protection and information security . Respond as a patient. Ensure responses from all organisations with which you are involved. Get them to distribute to their employers and members to also reply as patients.

"A Fine Balance", the joint conference of four Knowledge Transfer Networks in Thursday provided an excellent update on the current state of "privacy enhancing technologies". When I introduced the Earl of  Erroll I made the point that the Lord High Constable of Scotland was not only the sole cybersecurity professional in either House of Parliament, he is also the only person genetically cleared to draw a sword in the presence of the monarch

Were you good little boys and girls in 2008?

Are you entering the worst recession since  .... (pick your own date) with loyal customers and reserve funds in a bank/currency that has not yet collapsed? 

If not, Santa has a copy of Voltaire's Candide for you. 

What is the difference between the Larry Page's claim that making Google wipe data after six months would hit Flu Protection and a Ministerial claim that spending umpty £billion on data retention and Interception Modenrisation would help the War Against Terror"? This morning I also received an eloquent lawyer plea "Please kill this cookie monster to save Europe's websites".