Social inclusion and e-services causing security fears

The art of getting people to use Government e-services.

I got a taste this week of the sort of reaction many security professionals find when they ask the question: "But is it secure?"

I was at a conference about social inclusion which was looking at the power of technology to help people who, for various reasons, find themselves outside the mainstream of society. Delegates represented local government and a range of charities, all of whom were working to open up the world of the internet and provide services to the old, the poor, the blind, deaf and otherwise disabled people.

They all had the best of motives and spoke in fulsome terms about some of the successful projects that had already been achieved around the country.

But there was a problem. While 90% of all public services can now be accessed online (hurrah), two-thirds of the population have never used them (boo). And that two-thirds tended to be people living in social housing, or with a disability. If only these people could be shown the power of technology, the speakers said, they could reconnect to the rest of community and become proper citizens of the country.

No arguing with that. And because online services are so much cheaper to deliver than traditional face-to-face transactions, it would save the country a packet into the bargain.

But when the time for questions arrived, I took the opportunity to suggest that we need to be sure that security is tight before going for a blanket implementation of technology for the masses.

After all, the Government has hardly covered itself in glory over the last few months with its handling of private and personal information. And the word 'technology' in this context is usually shorthand for a Windows PC, which as we know, can be a dangerous tool in the wrong hands.

The first response came from Government speaker, Bert Provan, who is involved with the National Strategy for Neighbourhood Renewal. While admitting there had been a bit of a "hiatus" after the recent embarrassing losses of data from Government departments, he said there was no need for concern. In fact, we should see new plans for data sharing across Government by the autumn. And we should not worry about this either, because all Government data sits on a private network and only anonymised data would be shared between departments anyway. So that's OK, then.

Then the man from Citizens Online got stuck in. All this security stuff was "scaremongering", he said. As if to prove the point, he asked how many people in the audience did online banking, and many hands went up. There you are, he said, a group of intelligent people who all think it's OK to do online banking, so it must be safe.

By this time, I was sinking in my seat feeling, as Billy Connolly once put it, "about as welcome as a fart in a spacesuit." But then a third speaker gave me reason for hope. Ian Clifford of UK Online Centres spends his life going around introducing technology to the uninitiated, and yes, he thought we needed to give more thought to security. Hallelujah.

It was a small consolation, though. I felt that I'd put a damper on the proceedings by bringing up an awkward truth. And yet, I couldn't help thinking that if these proponents of social inclusion actually raised the security issue themselves – and tackled the awkward questions head-on, rather than burying them – they might have a better chance of attracting that two-thirds of the population who don't use the e-Government services.

At the moment, Britain's record on getting e-government accepted is poor. According to research by Deloitte, we spend 1.2% of GDP to get less than a third of people to use e-services. By contrast Holland spends just 0.7% of GDP and has nearly half of its population online. Norway gets more than half of its population and spends 0.8%.

I'd like to think a greater emphasis on security here would encourage more people on line. But I fear, as many infosec professionals find in their daily lives, you get few thanks for pointing it out.


Read more on Security policy and user awareness