What really annoys me about the current proposals for the Interception Modernisation Programme is how much it will cost, (including driving communications hubs and high value commercially confidential traffic off-shore) and how little it will achieve. I will not recap my previous arguments on why the proposals do not make sense , harking back, as they do, to an age that never was. Instead I will focus on my final point, the need to look at what has changed and why the way forward should be built around engaging GCHQ in the fight against on-line crime and malpractice, alongside those protecting the on-line world against the threats of today and tomorrow.
HMG is spending hundreds of millions on cybersecurity. The private sector, led by the CIty of London, is spending billions. Neither is getting value for money. Resolving the conflicts between the two, instead of exacerbating them, should help both to better achieve their objectives at significantly lower cost – and should also help address one of the main barriers to UK economic recovery.
Ministers talk of industry-led partnership – perhaps because it isso difficult to get meaningful co-operation across the tribes of Whitehall. It issaid that the departmental responsibilities for implementing the Cybersecurity Strategy werefinally agreed last week. Whether what was agreed is more than a new arrangement ofthe deckchairs on the boat deck of the Titanic is unclear. But we can already see another group of lifeboats rowing away, as those who do not wanttheir affairs monitored, (for whatever reasons, good or bad), move theircommunications to where they cannot be recorded by black boxes placed onBT circuits.
We really do need a new approach.
I suggest it be based on genuine partnership with industry, rememberingthat some of the UKs most important export earners and generators oftaxable wealth tax now have to be good citizens in China as well as inthe United States.
If that is too difficult for Government to comprehend then we really are in trouble.
Isuspect the approach is much easier in practice than in theory,provided we are clear about what we are happy to share with our overseaspartners and what we are not. We have always tried to keep some thingsback from the Americans, in order to be able to “trade”. A little morehonesty and robustness on that process would greatly aid relations withthose with whom we will need similarly constructive co-opetition in thefuture.
In particular HMG needs to look much more seriously at working with andthrough the commercial intelligence sharing networks used by globalbusinesses to protect themselves and their customers: not just thosetied to Western defence companies but those used by the Chinese, theIndians and by those managing the sovereign wealth funds of the MiddleEast.
Such co-opetition might, of course, lead to theunravelling and dismantling of botnets that have been created as part ofthe cyberwarfare capabilities of nation states (“ours” as well as”theirs”). Would that be such a bad thing?
I have blogged several times on the issues in the millenia old conflict between warlords and merchants , including in the context of ID policy and of the riots last year. Effective action against terrorism is one of the issues that has thepower to unite both interest groups but what is currently being proposedappears to be both ineffective and divisive.
So who should take the lead on finding more effective ways forward?
I think the Home Secretary could do a lot worse than ask a couple of herpredecessors (e.g. the two Davids: Davis as Shadow and Blunkett as oneof those he scalped) to work with a former Director of GCHQ (take yourpick) a former CISO of a global bank (take your pick) and a wellrespected academic (e.g. Sophie Neveu’s tutor) to lead a group of their choice.
And if you do not like that idea, please come up with your own – becausewe really do need some fresh thinking if we are not to go round andround in circles yet again – while the world moves on and we are left “surfing the cybercrud in a latter day Cannery Row”.