Investigatory Powers versus Fighting Fraud Together and the Skills for Both

There is much to be digested in the report of the Joint Committee of the Draft Investigatory Powers Bills  but it is noteworthy that its publication coincides with the Home Secretary’s launch of a new anti-fraud task force and the publication of two joint DCMS/BIS reports on Review of Publicly Funded Digital Skills qualifications and on Digital Skills for the UK Economy. The common factor is the need for political action to join up current debate around clear and consistent objectives, despite the lobbying from those who wish to see debate fragmented in line with traditional departmental and interest group (academic, trade association professional etc.) boundaries.

The headline recommendations of the Joint Committee are excellent although I would quibble over whether their recommendations on costs adequately reflect the concerns put to them . I still regard a statutory requirement to cover full costs as being the best safeguard against “mission creep”. The current costs (para 194) were surprisingly modest (under £ 20 million a year). My guess is that it is that is because so much traffic is currently routed through a handful of monopoly players. Meanwhile Kevin Cahill pointed out: 67% of UK Internet users rely for much of the on the 9 players covered by the PRISM programme. He specifically mentioned the current EU case against Apple, Facebook, Google, Microsoft and Yahoo. In paras 70 – 73 the Joint Committee asks the Government to make clear whether such “entities” are covered or not. And, if so, how. That goes to the heart of the legislation.

If they are not covered, then the legislation is a nonsense, given how much our traffic they handle. If they are covered, then we have to publicly handle issues of unresolved extra-territoriality that have been unresolved since the British made the mistake of allowing William Thornton to save the Patent Office while they were destroying the Federal Government buildings in Washington in 1812. Such issues also have be handled in the context of a symbiotic intelligence sharing relations which goes back to the dark days of 1941, before America entered World War 2.  A relationship which Stalin knew about (from both ends) as soon as it was agreed, although the British and American public may have been surprised by what Edward Snowden and the Guardian told them, before he took what secrets were left to Moscow, via Hongkong.

The arguments regarding the operations of the PRISM participants are all the more potent since the only evidence of a substantiated  business case for retaining communications data (Para 52) was that the 10,000 requests in the previous year from HMRC supported 560 investigations which help prevent about £ 2 billion of lost tax revenue. That is probably about equal to the revenues lost by failing to tax the UK earnings of the PRISM participants in the same way as their indigenous competitors.

I found it interesting that Fraud prevention, detection, investigation and asset recovery accounted for only 5% of communications data requests. This may indicate the lack of seriousness with which Fighting Fraud Together was taken after its public launch in the Mansion House some years ago. A change seems to have occurred last year, perhaps when the Chancellor discovered just how much fraud was costing the Exchequer in lost tax revenues. Hence the importance of the announcement by the Home Secretary. But  co-operation needs to extend beyond the banks and City Of London Police. It need to embrace co-operation with Operation Falcon (the Metropolitan Police) and with the main ISPs and Mobile Operators and to be supported with budgets and resources akin to those being given to GCHQ and the War of Terror. If the evidence to the Joint Committee on the Investigatory Power Bill is accurate then the pay back to the Chancellor from being able to properly exploit continued access to fixed and mobile communications data is under 12 months.

Whether that access is better done by data retention or by better governance of co-operation was the subject of my own evidence. Either way effective response is likely to be crippled by shortage of the relevant skills, hence my link to the two most recent reports from BIS and DCMS..These indicate a schizophrenic approach to priorities with regard to digital skills which mirrors that with regard to cyber-security skills. The main area of agreement between the two reports concerns the need to be clear as to the definitions used,  But they then use different definitions.

The report commissioned from Ecorys and published in January , based on an extensive literature search, spends seven pages discussing definitions and eventually plumps for splitting its analyses and recommendations between:Basic Digital Literacy, Digital Skills for the General Workforce and Digital Skills for ICT Professionals. The report contains much useful material, including a list of initiatives – plus some good recommendations. There appears, however, to be no reference to safety and security – although this is now an almost universal user concern.  

The ministerial introduction to the review of Publicly Funded Digital Skills qualifications uses the same headline skills split but the report then uses as its “working definition”: “the very broad set of skills that individuals need in order to understand, use or create the software and services we all access through services such as computers, tablets and “smart phones“.  It is, subsequently, almost entirely concerned with basic digital literacy and general workforce skills. None of the courses and qualification referenced uses skills definitions less than five years old. Some, such the ECDL (which had 40% “market share”), are now twenty years old. 

Hidden in the appendices is evidence (Table A-2) that enrolments for “advance and specialist” courses has collapsed (from 9,010 in 2012/13, to 6,510 in 2013/14 to 4,612 in 2014/15. There is a caution in the text on using the most recent figures but these tally with the material on the impact of the Ofqual decisions in 2012 to bar the use of vendor and trade association qualifications which I quoted in my recent blog on skills gaps. Meanwhile demand for “general” workforce courses dropped 30% from 2012/13 to 2013/14 and appear to have continued down at the same rate. That for basis literacy is also going down, albeit more slowly, The taxpayer does not appear to have had good value for the £ 100 million that it is said, in the report, was spent on 200,000 students in 2013-14. Meanwhile the FE sector has been driven to the edge of bankrupcy.

Despite feeling unable to comment on such matters the report does make some useful, if bland, recommendations. More importantly it points to the importance of the issues that were outside its scope and makes good, succinct points on each (see page11). These included

  • Information, advice and guidance, including careers advice

[think also guidance, or lack of it,  on careers in security and/or investigation]

  • Prioritisation of funding

[think also spend on cyber versus spend on anti-fraud]

  • Teaching capacity

[think also of the shortage of competent, trustworthy, security trainers]

  • Alignment with the inclusion of digital skills within apprenticeships

[think not only of the cyber-security apprenticeships but of the need to include cyber-security in mainstream apprenticeships from banking and law to engineering, personnel and marketing, not “just” computing and communications] 
Now, perhaps, you begin to understand how, and why, the debate over investigatory powers can become so silo’d between competing groups of “experts”  and miss the wider issues of facilitating co-operation to help secure the on-line world against a tidal wave of, as yet, unreported, undeterred, unpunished and unchecked, computer-assisted fraud and crime   

  • s contain contains