Herding the sheep on-line to be fleeced

The recent hype on Cyberwarfare, alias bids for a slice of HMG’s £640 million and the rather bigger US Government pots, needs to be juxtaposed with that for the loss of credit card details from Lush. What is different about the Lush is that, being an ethical company, they came clean before they had to. Meanwhile the price of personal details on the on-line “dark market” appears to collapsed – so much is available. I do commend the OECD report by Peter Sommer and Ian Brown – but note their conclusions.  

The key is security by design – not e-sticking plasters.

For example HMG needs to ensure that its on-line services are fit for purpose, including availability, usability and resilience as well as security before getting to enthusiastic about the savings it can make. Otherwise the automation of tax and benefit fraud will far more than wipe-out any nominal savings.

It was said some years ago that the main factor preventing loss of confidence in the Internet as a safe place is that the criminal networks wish to milk the cow, not kill it. 

I probably need to update the summary of the situation and solutions that I gave in my opening remarks (to introduce the Earl of Erroll as the keynote speaker) at a conference on Privacy Enhancing Technologies some years ago. The only comment that I would add to my then comments on the different types of PET (yappy puppies, silent killers, piranha fish etc.) is that the probable main cause of  Gulf War syndrome was the organo-phosphates (the main ingredient of most sheep dips) that they sprayed on and around their tents.

Today we can see the steady spread of the on-line equivalent of Gulf War Syndrome.

The time has come to move on from the indiscrimate use of the on-line equivalent of organo-phosphates and start addressing the root causes of the problems – such as sorting out the domain name system. The technical solutions currently in prospect are complex and may well not work. The “economic” solutions, howver, appear simple. Those who register names (even on a “trial” basis) should pay, albeit with a refund, less admin charge, when they release the names. More-over chargebacks should be enforced on those registrars who regularly accept payment with false credit/debit card details.

We need to change the “business model” of the domain name administrators and registrars from “pile it high and sell it cheap” (hence the drive for top level domain names which no-one appears to want except for thsoe who want to sell them) to making serious money from helping paying customers to protect their reputations and trade-marks.  

In parallel, however, we need serious routines to protect those who wish to protect their anonymity while we, not our ISPs, can chose to decide whether to accept their communications. I recently had cause to re-read the script I used to introduce a Freedom Forum discussion on Internet Censorship ten years ago.

It was interesting to see how much and how little we had moved on – and how wrong I then was about the likely timescales for change. When it comes to Governance an Internet year appears to have 1,000 days, each with 240 hours. We are still living with forty year-old temporary fixes.


Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Whitehall is quite incapable of delivering secure web services.

Have you seen what Margaret Hodge MP, chair of the Public Accounts Committee, is saying? She is quoted in the FT as follows:


“Neither ministers nor senior officials make longer-term decisions with any sense that the consequences of their actions can ever come back to haunt them,” Margaret Hodge, recently elected chair of the Public Accounts Committee and herself a former Labour minister, said on Thursday.

“It is as if there is an unwritten rule that failures in big government are inevitable, and it would be unfair to penalise any one individual for any particular decision,” she told a meeting at the Institute for Government.

“The trouble with such an approach is that it encourages irresponsible and poor value decision making,” she said ...


In some distress, I imagine, Tony Collins has found himself advocating open source as the solution. You want to alter the arrangements for top-level domain names. You both know that that's no solution. It's fiddling while Rome burns.

In my submission to the Public Administration Select Committee, I recommend that senior Whitehall officials must be elected. It must be possible to vote them out. Everything else has been tried. Including open source. Something much more radical is required.

Is that silly? I'm an outsider. John Suffolk is an insider. Until he leaves in March. His testimony will have more weight than mine. He believes that the top 200 posts in Whitehall should be put out to open competition.