The press and media cover linking the deaths of April Jones and Tia Sharpe to computer pornography, coming on top of the murder of Lee Rigby means that the political pressures on HMG to do “something” to control access to “unacceptable” material on the Internet and identify those attempting to access it are probably unstoppable. So how do we ensure that the “something” helps achieve the “objective” at acceptable (democratic accountability and civil liberties as well as financial) cost.
This puts the onus on those who believe that the measures proposed in the Communications Bill are a counter-productive waste of time and resource, to devote their skills to suggesting what would be effective in helping break the progression from fantasy through delusion to action, whether we are dealing with potential perverts or terrorists. It would be even better if the suggestions also helped rebuild confidence among the 25% of on-line users who have already suffered from on-line fraud and impersonation. Most will have had their financial losses reimbursed but the dent in their trust in the on-line world can be seen in recent surveys of the obstacles to take up (such as those I recently quoted regarding the attitudes of SMEs). BT’s dropping of Yahoo as an e-mail provider should help concentrate the minds of others. But what could/should they do – individually or collectively?
I grappled with such issues for over over a decade when I was Secretary General of EURIM and some of our recommendations are finally being implemented. I am also delighted with the approach being taken by my successors with EURIM’s relaunch as the Digital Policy Alliance and also their support for the competition to get younger and fresher minds to look at the issues throuigh the other end of the telescope. That idea has gathered pace over time . The websites for the pilot were announced last week and students in the 15 participating universities can now register.
I am told the first to show interest included four students at one of the UK’s leading schools of journalism. I look forward to seeing if any of them choose to address the question of whether publicity for monitoring and censorship enhances or reduces “trust” and “confidence”. We also have students at two of the UK leading law schools interested. I look forward to their views as to whether clarity or change with regard to legal responsibilities and liabilities might help change reality. However, the real impact will come as employers agree to sponsor prizes on the topics of interest to them and their customers and support the entrants with a view to harvesting their ideas as well as evaluating them as potential employees.
ln the mean time my personal view is that the review of the Communications Bill should focus on making it very much easier for those who wish to protect their customers to co-operate with each other and with law enforcement at the operational level: exchanging information on attacks, including as they happen, so that malpractice can be blocked and perpetrators (and those aiding and abetting them along the Internet supply chain) can be identified and held to account (whether under civil or criminal law). The perpetrators, and their allies, can normally outspend legitimate business, let alone law enforcement, when it comes to regulatory obfuscation. Success therefore entails means greatly simplifying guidance as to what is legal so that those co-operating on a voluntary basis can do so without fear of interference from compliance officers and other jobsworths with foot thick ISO 270001 manuals.
One of the most useful single tasks that EURIM (now the Digital Policy Alliance) did while I was Secretary General was to help re-write the Statutory Instrument concerning the Lawful Interception of Business Communications. We need a similar approach to enabling “Partnership Policing for the Information Society” – allowing organisations to report the possible use of their networks by perverts and terrorists without fear of legal action. I also believe that the follow up should include making full use of specialist constables and military reservists working in industry, perhaps within the organisation making the reports.
I am delighted to note that action is finally planned on this as part of the HMG cyber security strategy but am concerned at both the limited resources allocate to this approach and the apparent failure to look at the issues of governance and accountability, including from the perspective of industry. These were raised in the final section of the last report of the EURIM – IPPR study . The suggested way forward was ideal and was intended to start the debate that we might have had, but did not, in the Internet Governance Forum. The stakes are now much higher. The time has come for those who think they understand the problems to start putting forward effective solutions, not just snipe at those who advocate that which it impractical or counter-productive because they know no better.