It's no use complaining about IT-illiterate MPs - the tech community needs to step into politics

Twice in the past week, the UK government has passed legislation despite overwhelming concerns from the technology community.

The Digital Economy Bill – a mostly sensible attempt to update laws around the digital economy – was waved through the House of Commons in the face of warnings from privacy experts about the data sharing aspects of the bill. The House of Lords now faces the challenge of tackling those concerns.

Meanwhile, the Investigatory Powers Act received Royal assent, formalising what some critics have labelled as the most intrusive surveillance laws in the western world.

In both cases, the new legislation is an attempt to apply 20th century, industrial-era constraints to the emerging digital world. There is a very real risk that both – or either – could instead hinder the progress of the UK’s tech sector by anchoring it in politics that cannot keep up with digital change.

Privacy experts described the data sharing proposals as applying concepts developed for paper documents to digital information – as if data that needs to be shared has to be “photocopied”, creating a new version for whoever needs it. There was no understanding of simple concepts such as distributed databases or application programming interfaces (APIs), which would avoid duplication, enhance privacy, and improve security.

The new surveillance laws include clauses that could allow the government to force communications companies to break encryption or allow backdoor access to their products. All it will take is one example of a UK tech company being forced to fulfil such a provision, and nobody will ever trust a product developed by a UK supplier again. Some US companies have already suffered from similar issues with US laws.

Separately, health secretary Jeremy Hunt was pilloried by the tech community this week after suggesting that technology companies should take responsibility for preventing children accessing online porn, or being victims of cyber-bullying. While well intentioned – nobody would disagree that social media firms, for example, have a role to play here – Hunt’s comments displayed a fundamental misunderstanding of how technology works, and perhaps more importantly, how people actually use that technology.

Increasingly our politicians are running to keep up with technology – and failing. Sadly, this is nothing new. The tech community has long complained about the lack of digital literacy among MPs. Nothing has changed, and most of those MPs have little incentive to do so.

It will take a generational shift in MPs, as they are replaced by younger, tech-savvy politicians, for the situation to improve. In the meantime, perhaps the tech community ought to take a different approach – instead of simply shouting from the sidelines (although don’t stop doing that), wouldn’t it be good to see IT experts getting actively involved in politics as well, maybe even becoming MPs themselves to take the lead.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Well we could petition the government and ask them to debate this

Or not, as despite having 155014 signatures last time I looked they just sent me an email saying it was debated a lot before being passed so they aren't going to debate it again

And before that they sent me an email saying the bill had unprecedented scrutiny, and mentioned David Anderson QC by name.

David Anderson QC specifically told them not to use ICR logs, but they appear to be in the act so we're stuck with them.

ICR logs are my personal pet problem with the act I'm sure there are others but I'll let other people bring those up.

ICR logs are too easily tainted with entries that you know nothing about but would be of great interest to the authorities.

If the experts among you will bear with me a moment I need to explain for the less technically literate.

When you access a web page you download a set of instructions for your browser that tell it how & what to display on your screen. This site will now be logged in your ICR log.

These instructions can download more information from other sites, these other sites will also be logged in your ICR log.

They can also download scripts which cause complex actions such as downloading advertising quietly in the background while you read the page, or handling animation of webforms, some of these scripts come from 3rd party sites and yes these are also logged in your ICR log.

So most people think that when they visit a web page the address at the top of the browser is the only address that goes in the ICR log, it's not it's all these other 3rd party sites too.

Which wouldn't be a problem except these 3rd party sites are the targets for the bad guys who want to put malware and viruses on your machine, for example around the middle of 2016 the BBC website was found to be serving infected adverts to it's visitors because a 3rd party site had been hacked.

Now we have developed tools to deal with this which by and large keep the problem under control, it's a pain, it still goes on, but antivirus software deals with most of it.

So lets imagine for a second one of these bad guys hacks a 3rd party server, like they do already, and plants a few lines of javascript in the middle of another legitemate script.

This new code then contacts a terrorist or child pornography website & downloads some content, quietly, like is already done with adverts, and dumps this into a Javascript variable which is thrown away without being displayed.

You know nothing about this but your ICR log shows the access, and while it doesn't show exactly what you accessed it shows the site, time, IP addresses and quantity you downloaded.

Then the bad guys remove their script so there's no evidence linking to them but your ICR log now shows that while you were sat at your PC you accessed a child porn or a terrorist website & downloaded several megabytes of data.

The bad guys then make an anonymous tip to the authorities, or the authorities go fishing, and you get a knock on the door at 4am and are hauled off to 'explain' this access while every piece of electronic equipment you own is taken away for forensic inspection while they sarch for more evidence.

The authorities may eventually give up when they find no more evidence, but can you guarantee you'll still have a job, a home or a family by then ?

And no antivirus or antimalware package in the world will prevent this, your browser is just doing what browsers do.

The ICR log is dangerous, it destroys the trust you have in the website you're visiting, you may as well play russian roulette as use the internet once these go live.