From phone hacking to spearphishing: we need to tackle the present not the past

I have just watched the Press Conference from Number 10.

I was unexpectedly impressed by the performance of the Prime Minister. I knew he was a good performer – but I did not appreciate just how good a performer. I was impressed by the content and clarity of thinking as well as the style.

I was particularly pleased that he slipped in reference to the failure to follow up the concerns expressed by the Information Commissioner and the DCMCS Select Committee five years ago – which I referred to in my blog on Wednesday.

The Select Committee criticised the ICO for not giving editors and newspaper proprietors the names of the other 304 journalists who had used the services of Mr Mulcaire and his colleagues. 285 of them were from newspapers other than the News of the World. Nearly all of them were from papers not owned by News International. That was unfair. The Motorman investigation that is now being criticised for being inadequate had cost over a £million and led to derisory sentances because of the approach taken by the Crown Prosecution Service. In consequence neither police nor ICO were in any position to spend more effort on any potentially controversial follow up.

The Prime Minister’s allocation of blame for failure to follow up on the concerns of the ICO and the DCMS enquiry was fair and balanced.

I also liked his reference to the need to address the new on-line dimensions. That was also one of the points I liked in the Leader of the Opposition’s earlier Press Conference. Albeit neither of their audiences was in a mood to listen to more on that subject.

The scandal illustrates the need to bring together the relevant activities of the ICO, the Surveillance Commissioner (who he), Ofcom and others to address the problems as they are now manifested, not just as they were 5 – 10 years ago. .

Those in the information security industry discuss spearphishing as though it is done by overseas hackers to support fraud and cyberwarfare. It is equally likely to be used by the successors of Mr Mulcaire and his colleagues, alongside blagging their way through call centres, to gain what they need to eavesdrop on the e-mails and web-browsing habits of their targets – whether they are working in support of fraud or piracy investigators, investigative journalists or no-win no-fee lawyers.

And those journalists who would never dream of employing a private investigators, if only because they have no budget, may well be able to find all they need by using publicly avialable search tools themselves.

Hence the time I am currently spending on structuring a serious policy study into the need to rationalise our approaches (UK, EU and international) to Information and Identity governance (from security to surveillance, not just sharing, protection and breach notification). The current muddle does not bode well for future customer service and consumer confidence, let alone a balanced mix of public accountablity and personal privacy.

I hope to be able to say more on this next week after the first meeting of the leadership team.