When IT Meets Politics

June 28, 2019  10:35 AM

Who is serious about On-line Harms?

Philip Virgo Profile: Philip Virgo
DCMS, Facebook, Google

1) DCMS kicks the can down the road – again

The deadline for submissions to the DCMS consultation on On Line Harms  is July 1st. The NAO report politely savaging the UK failure to join up its approaches to tackling organised crime was released today. Organised crime derives much of its revenue from the On-line harms listed in the DCMS white paper. This is co-signed by the Home Secretary. No-where is there any indication in the white paper of the need to join up policy and policing. It is as though the departments still live in parallel Universes.

Meanwhile the timescale for implementing the Age Verification has been delayed again . It is well worth reading the reactions of the House of Lords to the statement . They did not believe the reasons given any more than did the technical press. When DCMS last kicked this particular can down the road they denied it would be further delayed . Pink News then interpreted “three months” in Whitehall speak as the end of the year.  Techspot has more recently interpreted six months as manana .  This is not a victory for “freedom of expression“. It is another own goal in the fight against organised crime and abuse. The extra time should be used to see whether a simpler solution, e.g. audits against processes which meet the BSI’s PAS 1296, would better protect the privacy of both adults and children.

2) And can expect to pay a price

The excuse given by DCMS is probably open to legal challenge from as many directions as its approach to implementing the Age Verification legislation. Those who believed the original timetable spent £millions developing the necessary “age gates” and gearing up to handle the expected volumes of traffic from July onwards. That work has now been halted amid growing scepticism that the law will ever come into force, let alone be properly regulated and/or enforced. Lay offs and cutbacks are now certain. The DCMS credibility cap, (which dates back to when it “leaked” the e-mail addresses of over 200 technical journalists at the original launch of the scheme )  has widened. We can expect those affected to seek assistance in rectifying the damage.

3) Meanwhile British Industry has produced a global solution

More significant, but unpublicised, is that British service providers have delivered on the promises made when David Cameron was persuaded to announce the original plans for legislation .
The day after Jeremy Wright announced the delay in implementation, Telemedia carried the news that not only had the UK first supplier been audited against the extension of the existing Age Check Certification Scheme  to cover on-line checking using PAS 1296 . The PAS is now probably on its way to becoming a global standard. The service is fully operational and was used for the Web Portal for the Channel 4 Documentary “Mums Make Porn”.

Age Checking is not, of course, just about protecting children from accidentally accessing porn, or from having their age controlled social networks penetrated by adult predators. The members of the embryonic Age Verification Providers Association  do most of their business with the suppliers of other controlled products and services, such as alcohol, gaming or tobacco.  More-over this is a global business. UK-headquartered players like Experian and Lexis Nexis compete with those, like Facebook and Google, who seek to use their domination of Internet Access and Social media to invade the trusted identity market and link it to their big data business models.

4) Who is trusted by Who?

At this point it is worth looking at the annual Edelman Global Trust Barometer to add context.  Last year saw a collapse in UK confidence in Government. It has not recovered. This year saw a similar collapse in trust in social media, particularly across Europe and North America. “On-line only” media are now significantly less trusted than “traditional” media. Meanwhile brands headquartered in the UK are more trusted than those headquartered in the US, but not as trusted as those with HQs in Germany, Japan or Switzerland.  The global brands, on whose advertising spend the business models of Facebook and Google rely, are looking to halt “contamination” by association with the “on-line harms” listed in the White Paper. They plan to do so by taking back control of programmatic advertising.

5) Facebook and Google have no choice but to respond

There is a simple explanation for  Nick Clegg’s welcome, on behalf of Facebook, for Government Regulation . Facebook has less to fear from governments than from a revolt by global advertisers. The track record of regulation in this space is deeply unimpressive. By contrast they face an existential threat if they cannot provide a credible response to the pressures from global advertisers . The latter have been so badly burned by click-bait fraud, linked to free porn at least as often as to fake news, that they will not be content with ticking a few regulatory boxes. They will demand audit that is at least equivalent to the processes of the controlled circulation media . This is likely to include using third party Age Checking, just as the main security consultancies (including the big four accountancies) have had to use third party penetration testing operations. No one trusts big players to mark their own homework.

6) So Age Verification moves centre stage globally

At this point the work of UK Age Verification providers in producing robust processes for anonymising the use of secure and authoritative third-party identity databases (from the credit, education, financial services and health industries, as well as government) come into their own.  They should not be viewed as a threat to either the big data business models or the privacy paranoia industry. They complement both.

But where does that leave Government and DCMS?

They appear to have painted themselves into an embarrassing corner – seeking to sustain an idiosyncratic approach to age-checking which fits neither the relevant UK legislation nor that of the EU.

Can they use the six months delay to produce a simpler, cheaper way forward, perhaps based on using audit against PAS 1296 in the context of EU data protection requirements?

Or will they be stuck, defending the indefensible, against all comers – from the Child Protection charities to the Open Rights Group?

Positioning the UK as a globally trusted on-line hub for inter-operable authentication, authorisation, audit and quality control goes hand-in-hand with retaining our position as a world class financial services hub. It also needs privacy processes that are sufficiently robust to the protect the finances of the ruling elites of the world from their security services (as successive US Presidents failed to protect themselves from J Edgar Hoover) and their children from abuses.

I would also like to see effective protection for the rest of us – now that the Internet is used by over half the children in the world.

My new role with the local Safer Neighbourhood Board has led me to discover just how little the “other half” of society trusts either Government or Global Big Tech. The Edelman analyses also reflect the views of the inner city youth and faith groups to which I have been listening. The consequences for the advertising funded Internet are profound.  I am therefore prepared to bet a pound to a penny that Facebook and Google will embrace third party audit, including for their age checking process, before Government implements effective regulation.

I would of course be delighted to be proved wrong. But money talks rather more coherently than Government.


June 18, 2019  10:27 PM

Is the internet destroying Western Liberal Democracy?

Philip Virgo Profile: Philip Virgo
democracy, fake news, Internet, propaganda

There is an irony in the appointment by the House of Lords of a committee to explore the impact of digital technologies on democracy.  The Internet is now, however, global. The majority of users live in parts of the world which had city states and empires while our ancestors were still wearing woad. They tend not to equate not to equate “democracy” with “listening to the empty vessels who make the most noise”. They believe that social cohesion is better served by a more “mature” process in which elder statesmen decide after listening to the views of all parts of society.

The formation of the Global Alliance for Responsible Media is likely to have far more impact on the way the Internet functions than the actions of politicians and regulators. The latter are in thrall to those with the biggest budgets for lobbyists and lawyers. No-one today has lobbying and legal teams bigger than the US West Coast Internet giants. Players like Facebook and Google have, however, seen the need to take action to preserve their advertising revenues from spending strikes by global brand-owners, like Diageo and Proctor and Gamble   The advertisers are also looking to take back control from the intermediaries who put their brands at risk , placing them alongside content from terrorists, abusers and peddlers of click bait.

The moves to deny a voice to those who have been driving “moderates” off-line raise questions as to who should exercise editorial control over content. If the dominant players exercise their ability to block/remove content which damages the brands whose adverts they appear alongside, can they sustain the argument that they are not publishers – with the responsibilities of the latter for the content of “letters to the editor” and “classified adverts”.

1) From open debate to self-reinforcing cyberghettos

Early enthusiasm about global dialogue and “on-line town halls” morphed into disappointment that most on-line forums served to polarise opinion into self-reinforcing groups. In parallel we saw the rise of mass-market social media and advertising/trading platforms dominated by a handful of US players. That led to the collapse of the traditional channels of communication between politicians and people. National and local press and broadcast services and labour-intensive write-in and phone-in campaigns have been replaced by botnet-driven spam and twitter storms organised by who-ever has the budget and expertise.

The primitive “dictatorship of the sysadmins” (mediating on-line voting systems) has given way to the automated “dictatorship of the algorithms” with precedence to those views/stories which generate the most clicks, regardless of whether these are from humans or botnets. Now, after protests from around the world and pressure from large advertisers, players like Facebook are bringing back banks of humans  to remove material which damages the image of brands alongside which it appears.

2) Mediated by the most powerful cartel the world has ever known.

The rise of on-line bring and buy services and pay-per-click programmatic advertising model have made it uneconomic for newspapers and broadcasters to employ journalists to do much more than regurgitate press releases. The cartel has thus come to dominate communications between current and would-be political leaders and their current or potential followers via advertising funded social media. It appears impossible for that dominance to be challenged by those who recognise US copyright and patent law.

It may be intellectually satisfying to discuss how this situation came about. The bigger question is what should be done to restore democracy. But that masks the question of what we mean by “democracy”.

3) What is democracy?

For over a century we equated “democracy” with universal adult suffrage based on a published electoral register and a secret physical ballot. Then with the rise of postal voting our electoral system rapidly degenerated into one that would disgrace a banana republic . Add on-line registration, the failure to prosecute election fraud and an allegedly “stolen” by election in Peterborough and we have growing scepticism that UK election results reflect “the will of the people”.

Meanwhile we have a steady flow of comment from the intellectual and business elite of the Country, as represented by the BBC, Guardian, Institute of Directors and CBI, that the people were mislead and lied to when they had the temerity to vote to leave the EU. They feel we should therefore re-run the referendum because the plebs had the temerity to disagree with the consensus of the graduate, metropolitan intelligentsia over the nature of Britain’s relationship with the European Union.

4) How did the ruling establishment of Westminster, Whitehall and Media City  become so out of touch with over half the electorate?

That split between the plebs and the intelligentsia is not confined to the UK. It is reflected in debate on the supposed need to address the “democratic deficit” of the European Union as a whole. The Union uses hierarchies of consensus creating bodies to produce policies, directives and regulations for Parliamentarians elected by proportional representation to agree. Is that not a triumph of mature democratic process over the shallow populism of Farage, Le Pen and Trump?

London and Brussels have produced consultation processes which engage and satisfy those sufficiently well organised to employ professional lobbyists. These grind on until any dissidents have lost the will to live. We have similar situations in local government. E-mails to councillors protesting against decisions are blocked as spam. On-line objections to planning applications are acknowledged but not registered. But there are no longer any trainee investigative journalists on the local paper seeking to make their reputations by investigating why, how and what is accidental, careless or deliberate.

In consequence dissent can gain traction and grow to critical main using communications channels that politicians and pundits fail to monitor.

5) Leading to Government by Protest

The UK has a long and proud tradition of peaceful protest. Rhis erodes when the gulf between the political establishment and the people becomes too wide. Perhaps the most spectacular example was the UK fuel protests in September 2000 . These appeared to come out of nowhere and were supposedly resolved by firm Government action, alias capitulation followed by revenge (as with the Peasants Revolt). A better way of looking at what happened is to see it as the first and last spontaneous mass protest to be organised over CB radio.

40 years ago CB radio spread from truck and taxi drivers to farmers and teenagers, with illegal burner/relay station on urban tower blocks and rural hill tops. National “cover” was probably as ubiquitous as wifi today. Faced by crippling fuel prices rises, groups of farmers and lorry drivers discussed mounting a French style protest. Support for the idea spread nationally within a couple of days. The consequences are history. Appalled by what they had achieved and with no plan to handle the consequences, the nominal leaders called for the protests to end as soon as the Government, faced with no credible alternative, publicly gave in.

Unfortunately the lesson the Government learned was that independent lorry and taxi drivers and farmers were outside Trades Union control and had to be brought to heel, including surveillance by the security services. The Radio Communication Agency set about monitoring CB radio and shutting down relay/burner stations. No-one concluded that Government needed more sensitive consultation and communication processes in order to avoid provoking such anger.

6) Using the Social Media of the day

Over the next few years mobile phones replaced CB radio over most of the UK. The 2011 riots  were “organised” via SMS, Twitter and Blackberry Messenger. Subsequently more of the rioters were caught from social media footage than from CCTV or material collected using powers under RIPA.

The effect of social media campaign and fake news on the 2016 referendum campaign is a matter of disagreement. Government, the EU and those campaigning for Remain spent many times more than those campaigning for Leave. Cambridge Analytica had little if any influence on the results and techniques it tried to sell to the Leave campaign were used extensively used by the Remain campaign – but to little effect. Those using them appear to have miscalculated either the audiences (plural) or the messages (plural).

Then came the 2017 elections which caught no-one, except Conservative Central office, by surprise. The shock result resulted largely from a short order social media campaign to encourage students to register at both home and University and vote and get their parents to vote.

More recently we have the rise of the Brexit party, based on the use of social media to communicate simple messages to the audience that came together for the referendum campaign and were increasingly tired of being patronised and told they did not understand.

Almost exactly two years ago I took part in an event organised by ISOC UK on the theme “Fake news: annoying symptom or life threatening disease”  I recommend listening carefully to the comments of the Facebook speaker. What do we really want from them and their peers with regard to editing news, views and comment?  I blogged my views on the question “Is fake news destroying democracy?” in advance of the meeting . I quoted Tom Standage’s excellent book “The writing on the wall“. It traces the evolution of social media from the first stirrings of literacy through the ages.  The first election campaigns to be successfully distorted by fake news were those of Julius Caesar. His letters described the genocide of the Gauls (we now have archeological evidence) to steal their gold as a series of heroic fights against vast odds. I also used the opportunity to blog my paper for the 50th Anniversary of LEO under the title “Everything on-line is potentially fake and we cannot tell the difference“.

My conclusion was a question: “Can you check the sources, or are you left deciding which editor (Google, The Guardian or the Goebbels of the day) you choose to believe?”

7) The propaganda to influence “democratic decisions” is only part of the problem.

The honesty, integrity and auditability of consultation processes and voting system are critical. The public have to feel confident that results said to represent their views/wishes do indeed do so. That is being lost in the UK.

Key  questions for House of  Lords enquiry include how we could/should use technology to help restore confidence that our representatives are honestly elected, our “democratically accountable” institutions really are, and that their decisions are not so far out of line with the consensus of public opinion as to risk serious civil disobedience.

I f we do not find and implement answers quickly, the next General Election could be the most fractious, vicious and violent since the 19th century, when the processes for a secret ballot based on a published register of voters were developed. The candidates in  the Conservative leadership debate organised by the BBC after the second leadership ballot all wanted a General Election postponed until after trust in Parliament had been restored. Others might say that a General Election is needed to help restore trust. But in the current mood would the losers have any more faith in the result than in that of the Peterborough By Election?

June 7, 2019  5:15 PM

A hospice for a dying HE/FE funding regime – A review of the Augar Report

Philip Virgo Profile: Philip Virgo
apprenticeships, Open University

The report of the Independent Panel to the Review into the funding of Further and Higher Education was not just about Student loans and University Funding . But most of the 370 submissions came from Universities and their acolytes. There were only 9 from Further Education providers. “Businesses” and “Employer bodies” were a subset of “Others” alongside academic experts, institutes and organisations representing the arts and science. See Page 14 of the Annex on the Call For Evidence for details.

Those who complain that, like the recent review of Apprenticeship Standards, the report only addresses part of the problem have themselves to blame. Most employer organisations were (and still are) more concerned to be able to import talent than to help grow our own. Hence once of the reasons for the Brexit revolt of the have-nots against the Establishment.

Despite that constraint it is a thoughtful report . It makes serious and detailed proposals to reform the current system. Read carefully. But also think about the political and economic context as you do. Philip Augar is a former equities broker. He was a non-executive board member at the Department for Education while he was writing (he had a History PhD) about the cultural changes  that led to the 2008 banking crisis. Now think about the current challenges to the way the century old UK FE/HE funding regime has been evolving over recent decades. Perhaps the best than can be done really is to buy time for constructive evolution as opposed to destructive change akin to the banking crisis and that which followed.

The Tectonic Plates are shifting – the 1917 Consensus is under threat

The authors of the report have done a good job in drily assessing the signs of movement in the tectonic plates that underlie the UK education system and its values. The Haldane Principle has been the basis of Government funding for HE (with FE as an increasingly poor relation) since 1917. It is now under serious threat. Even were the sixty or so recommendations in the report to be implemented in full they would probably not preserve the current system against change. They might, however, reduce the threat that the baby will be thrown out with the bathwater.

The idea that HE/FE funding and policy should be determined by councils of experts with a vested interest in the out-comes, trumping the views of employers, students or the public, will not survive exposure to the scrutiny of the Internet Age. But reaching consensus on a new and more balanced and sustainable approach will not be easy. Nor will transitioning from the present set of hierarchical processes.

That is why it is so important to read the report and the analyses on which it is built. The submissions to the review omit the views of employers or public. Those who submitted may not recognise the way the global English language education and training content and qualification industries now dwarf the UK academic world. They may be ignorant of the way commercial and/or international  providers are eating the lunch of those who have not already partnered with them. But the submissions do represent the thoughts of those who dominate our current policy and funding frameworks  on how best to respond to the challenges that they see. You ignore them at your peril.

The current structures cannot handle the accelerating pace of change

The evidence submitted pays little or no attention to the way libraries of on-line materials transform the dynamics and economics of global education and training markets. These enable the assembly of customised, modular, blended learning programmes which cut the time to master content or acquire new skills from years to months, months to weeks and weeks to days or even hours.

Those used to a four to five year cycle to approve a new course cannot compete.

The processes the report is attempting to reform will never be capable of handling the pace of change necessary to do more than educate students in the basic disciplines they need for their first career. But a world of accelerating career change and life-long learning will still need academic cadres trained in those disciplines and research methodologies. The issue is to reach a new consensus on the balance of priorities when it comes to using public funds.  

How should the recommendations be judged?

The report begins with eight principles:

1. Post-18 education benefits society, the economy, and individuals.
2. Everyone should have the opportunity to be educated after the age of 18.
3. The decline in numbers of those getting post-18 education needs to be reversed.
4. The cost of post-18 education should be shared between taxpayers, employers and learners.
5. Organisations providing education and training must be accountable for the public subsidy they receive.
6. Government has a responsibility to ensure that its investment in tertiary education is appropriately spent and directed.
7. Post-18 education cannot be left entirely to market forces.
8. Post-18 education needs to be forward looking.

There are then nine headline proposals to address the “core problem”of the unfair and wasteful split between the 50% who supposedly benefit from HE/FE and the 50% who do not.

1. Strengthening technical education
2. Increasing opportunities for everyone
3. Reforming and refunding the FE college network
4. Bearing down on low value HE
5. Addressing higher education funding
6. Increasing flexibility and lifetime learning
7. Supporting disadvantaged students
8. Ensuring those who benefit from higher education contribute fairly
9. Improving the apprenticeship offer

We should judge the detailed recommendations against the principles and the headline recommendations.

They are not prioritised. Most of the publicity to date is for proposals 5 and 8, addressing principle 4. That is because most of the submissions were from those seeking to preserve the current funding regime, with modifications in their favour.

To quote the Annex on the call for evidence:
Across all groups, responses focused overwhelmingly on university education, with fewer responses on the other aspects of post-18 education, including technical education or apprenticeships.

• Further Education (FE) providers considered that higher education works best for well-qualified 18- to 30-year olds and that FE needs further investment in technical education facilities.
• Higher Education (HE) providers emphasised their view that HE is not a business but provides a society-wide benefit. On funding they felt that the review should not just consider fees in isolation.
• Students, graduates and the public were mainly concerned with financial issues, with costs of HE being too high and flexibility of provision limited.
• Employees working at educational organisations particularly noted a decline in part-time, mature students and Level 4/5 course take-up, and commented that the fragmentation of post-18 policy and funding across HE, FE and apprenticeships is restrictive and prevents a joined-up approach.
• Public bodies and others emphasised value for money, choices to meet skill needs of the UK, wider participation in Level 4/5 qualifications and generally better communication with learners.”

The Augar recommendations help open the way to a new consensus.

The press cover to date is almost all on the recommendations on student fees .

The changes proposed are unlikely to change the erosion of public belief in value of incurring debts that will never be repaid in order to spend three years away from home acquiring a qualification that employers do not value. There is no mention of  the most serious barriers to widening access for the most  disadvantaged: e.g. the way DWP processes penalise a family on benefits when one of its members accepts a place on an apprenticeship programme.

If the core objective are “fairness” and economic value then the first recommendation in the Augar report is the most profound in its potential impact:

The government should introduce a single lifelong learning loan allowance for tuition loans at Levels 4, 5 and 6, available for adults aged 18 or over, without a publicly funded degree. This should be set, as it is now, as a financial amount equivalent to four years’ full-time undergraduate degree funding.

Combine this with the 11th ,

• The careers strategy should be rolled out nationally so that every secondary school is able to be part of a careers hub, that training is available to all careers leaders and that more young people have access to meaningful careers,

and the effect could be dramatic. But only if the careers advice neutral. It must not be skewed by the way schools are penalised if they allow their brightest and best to be tempted by apprenticeships – even those which are degree-linked and offer privileged entry into world-class careers. That neutrality will only be achieved if schools earn as much from supporting apprenticeships (e.g. in parallel with T levels) as they do from keeping hold of their academically competent pupils to do A levels – whether or not the latter improve their lifestyle choices or employability.

Given such neutrality we can expect the implosion of those FE/HE courses which do not give economic value. This is likely to be the most effective way of addressing recommendation 4.

Handing over the baton of bringing education and training policy into the Internet Age

In May 1968 I accepted a job offer from STC Microwave and Line as a graduate Engineer 1st Class, alias apprentice computer programmer. I then graduated with a degree in History and within two years was a guest lecturer on one of the first Computer Science courses. I have since watched half a century of  attempts to define the content of courses and qualifications intended to help students acquire the intellectual disciplines and applications skills to research and exploit digital technologies before they change.

My career, let alone thoughts on how to handle digital skills, on which I have blogged for more than a decade, would have been very different without the habits of mind that I acquired at the Devils Flamethrower  The THES article with that title is now behind a pay wall. Ross Anderson’s “Alternative History of Cambridge” and my review are not.  In 1971 my reward for a successful decimalisation was two years at London Business School. My education on “manpower planning” began with listening to Denis Pym and Charles Handy. The class included Peter Lampl (Sutton Trust) and David Davis MP  (who has also written a review of the Augar Report).  One of my MSc projects was on the economics of the commercial training market. The aim was to help ICL decide on the future of a course on business for IT professionals which was not selling. I analysed the database of UK management courses then maintained by the British Institute of Management to find out which courses were regularly repeated, over weeks, months or years. And what was different about them. In the 1980s, after the publication of Learning for Change (see here for original text ) I had responsibility for the NCC Microsystems Centre. My staff maintained similar files. I advised the High Tech Unit of Barclays Bank on requests for finance from several commercial training operations. I also had responsibility for turning found that which I inherited at the NCC as well as advising succession of  ministers – although the minds of most of their officials were firmly closed to evidence that did not fit departmental policy.

Earlier this year I pulled together my most recent material in a discussion paper  to help set the scene for wider discussion after the Augar review was expected to report. That time is now.

On May 8th a very impressive team at the Open University took over support for the Digital Policy Alliance Skills Group. Much of the discussion was about how to extend the OU tradition of open access to academic excellence to lifelong learning as a whole, keeping pace with the evolution of digital disciplines and the accelerating pace of change in cross-boundary research and applications skills. In other words how to deliver the wider Augar principles and headline recommendations. I was also very happy in the quality of thinking among those to who would be taking over where I left off. I am confident they will do a much better job of bringing the relevant players together across all boundaries – not just intra-UK.

The Augar report is the start of a debate.

At best the recommendations on Student Loans may buy time for sufficient students to vote with their feet to enable a more politically acceptable solution to become affordable.

You should read the analysis and the other recommendations – bearing in mind that this is the “insider” view. Then e-mail dpa@dpalliance.org.uk or DPA-Open-University@open.ac.uk to be kept in touch with (or better still join and help) the plans of those taking over from me to widen the debate and home in on the actions needed to deliver constructive change.

May 31, 2019  8:12 PM

Passing the baton on Cybersecurity Skills

Philip Virgo Profile: Philip Virgo
CompTIA, cybersecurity, DPA, ISACA, Skills

This year will be the first time I visit Infosec with no agenda. Or to be more precise I will have a Community Safety rather than a Cybersecurity Skills Agenda. This has caused me to take a cool look at what has happened and what has not over the past decade. It has also caused me to consider what has changed over the past year as the pace of change has accelerated.

What has changed over the past couple of years

The main change has been the rise of the virtual CISO as all but the very largest users outsource their security operations. Unfortunately most of the providers target the 10,000 or so organisations who employ more than 250 staff. The other 1.5 million, who employ between 2 and 250 staff, are commonly left bereft of meaningful support, whether or not they are willing to pay. The Digital Policy Alliance recently held a meeting on the role of Cyber Insurance in setting the standards necessary for a business to be insurable, beginning with an externally assessed version of Cyber Essentials and a support contract. But far too few organisations are addressing this market. And who trains and updates technicians and professionals with the skills necessary? A recent ISSA survey (global but in practice mainly US) identified that training Virtual CISOs and maintaining their skills is a global need. But few employers help maintain the skills of those they have, let alone train new ones.

Who is addressing the skills standards  for Virtual CISOs to support large numbers of SMEs, other than Comptia?

Meanwhile, as the recent  Institute for Apprenticeship standards review identified, pen testing is not enough.

But who, other than ISACA, is looking at the skills standards to do holistic audits of security processes, including for applications which use ever more complex and vulnerable networks of IoT devices? We need to cross fertilise the work on intelligent weapons systems and integrated warfare systems with than on, for example, autonomous vehicles and mobile phones. Hence a new dimension on the way that the US – China electronics “arms race” has over-taken global co-operation.

Both CompTIA and ISACA helped the Cybersecurity Skills pilot, led by Bluescreen IT on the Plymouth University Science Park.

This showed the viability of a local Cybersecurity Skills partnership, using a shared skills incubator to bring together education and training programmes (from schools to post graduate) in providing work experience running a world class security operations centre with globally recognised qualifications as part of the apprenticeship programmes. The centre is coming up for its second anniversary. In February Bluescreen IT received funding from DCMS  to package its methodology for harnessing the skills of “over inquisitive” teenagers to enable others to replicate that success . Perhaps more important is that it has demonstrated the viability of an unsubsidised shared skills incubator providing virtual CISO services to the local community at affordable prices. Put this model alongside COMPTIA Cyber Ready and the growing market for boot camps and apprenticeships and there is the potential to transform the supply of the skills to secure the 99% of British businesses (employing half the private sector workforce) whose needs are left out of the current mainstream cybersecurity skills strategy. The 99% are not greatly helped by a central government strategy which subordinates their needs to those of GCHQ and MoD for cyberwarriors and of major consultancies to secure those businesses large enough to afford their fees. But we now have a viable alternative way forward.

This therefore seemed to be a good time to for me to retire (for the fourth time). On the morning of May 8th I met the team at the Open University who have taken over from me in co-ordinating the work of the Digital Policy Alliance skills group . The group’s portfolio includes the Cybersecurity Skills partnership. I very much hope that one result will be the replication of that approach wherever the Open University has a sufficient footprint. E-mail DPA  for details.

My new role brings a new perspective

My new role, as an independent member of the Lambeth Safer Neighbourhood Board, “convening” a pilot Community Safety Partnership, has given me a rather different perspective of the need. The closure of the last bank in West Norwood (population 34,000 and several hundred businesses) has brought home how little the banks, for example, appreciate that as they close branches (rural or urban) they are opening their customers, including small businesses and pensioners (who control half the nation’s disposable wealth) up to on-line fraud [herding the sheep on-line to be fleeced].

The latter need a human, not a help desk, to get them get back on-line. Meanwhile local law enforcement needs a lot more than a couple of skilled investigators per force. Hence the need for many more police forces to exploit the changes made in 2011 to enable security professionals to become police service volunteers, whether warranted as special constables or not.

Meanwhile the failure of major players to act on evidence of criminal abuse using their social media and on-line marketing networks, means that a growing proportion of society (particularly those whose children, elderly relatives or vulnerable neighbours have been victimised) strongly supports holding them to account in ways that may, or may not, be rational – but will certainly destroy shareholder value.

I therefore intend to remain active in campaigning for effective change to meet the needs of users, while leaving those younger than me to do the heavy lifting of making it happen in ways that enable responsible suppliers to develop more sustainable and ethical business models.

Time has, however, run out.

Trust in the cyber security industry has been eroded by the failure to remove decades old vulnerabilities because they are still being used in the three track (AI, Big Data and Cyber) and three way (United States, China and Organised Crime) arms race.  There are, of course, other players but result leaves the rest of us (from children and vulnerable adults through SMEs to big business and the critical national infrastructure) unnecessarily open to on-line abuse, attack, fraud and harm.

The focus on “awareness”, without credible action plans, is increasingly counterproductive.

Back in 2008  I had the task of doing the warm up act for Lord Errol as opening speaker for an event on the use of encryption to better secure the on-line world . The fashion of the day was for Privacy Enhancing Technologies. I referred to the industry promoting e-immodium (when the need was to identify the causes of data diarrhoea) and PETS (privacy enhancing technologies) when the need was for bloodhounds and wolf packs to hunt down those causing the mayhem.

Having failed to secure action it is time to pass the baton to those who I hope will do rather better.

But the world is changing.

On the afternoon of May 8th I attended the third annual Global Cybersecurity Alliance  briefing in the Mansion House. I am a big fan of their approach, using the proceeds of crime to remove common vulnerabilities. We learned, inter alia, of their new small firms tool kit  to help the 99% improve their security. We also had a very interesting briefing on how Intel has carried its end-point security offerings to the next level  . What a pity our Computer Science and engineering graduates are still not routinely educated to use the hardware security facilities that have been embedded in most common chip sets for over twenty years. One might even call it criminal negligence – akin to the attitudes of those who place adult rights to privacy above children’s rights to be protected and block the use of anonymised age checking.

Afterwards I learned of Cybersmart  which automates the process of compliance with Cyber Essentials. On May 9th I sat in on a global webinar with the President of ISSA on their latest survey on cybersecurity skills and careers. One of the key priorities of respondents was the need for access to training to keep up with the tools now available to remove vulnerabilities, automate response and dramatically improve security. This is particularly so since many more businesses, especially in the US, are now protected by a virtual CISO than have one in-house.

Or is it?

That week I read the Europol press cover  for the latest success of an NCTFA  led international investigation. We had press cover for the discovery of one of the tools  used by intelligence agencies (and others) to spy on supposedly secure social media communications. We had a bout of publicity for the vulnerability of the submarine cables that carry the Internet . I first blogged on this in 2008  . Readers should, however, be aware that their local internet connection is more vulnerable and that regulatory pressures for duct sharing with BT mean it will remain so.

City centres and business parks need multiple routing to meet critical infrastructure standards. Building these will run into the construction skills shortages that I highlighted at the end of last year. I am pleased to say the DPA sub group created in February to address the problem is now under way, chaired by the CEO of the Highways Electrical Association, and has identified the points of leverage that need to be addressed. I plan to blog separately on this, which is also part of the skills partnerships portfolio for the main DPA Skills Group.

Meanwhile Ofcom is talking about setting up a group to forecast future trends so that it can regulate them. This is the very approach that was rejected when its predecessor, Oftel, was created – because it would constrain the future. Instead Ofcom should be looking at how to handle the long overdue job of regulating telecoms as a critical infrastructure utility – with multiple inter-operable routings and mutual hot standby between competitors, maintained by technicians whose competence is individually accredited.

Time to move on

Anyway time for me to move on and leave it to others to make the on-line world a safer, more secure and resilient place as I spend more time off-line – where life is safer … or is it?

The whole of society increasingly depends on the industry living up to customer expectations, not best efforts and blame avoidance. I therefore have a vested interest in ensuring that the next generation make less of hash of skills policy that the current one.

May 29, 2019  12:22 PM

IT in the Tory Candidates’ Manifestos

Philip Virgo Profile: Philip Virgo
apprenticeships, Broadband, Leadership

I added a comment on Dominic Rabb’s inclusion of degree apprenticeships in his call for Fairness and Choice to my recent blog on the IfA apprenticeship review.  In his opening campaign letter Rory Stewart call for “the vocational training and apprenticeships that equip people for the jobs of an ever-changing economy”.  He is also “enraged that our broadband speeds in the UK are slower than Madagascar”. Back in 2010 Computer Weekly reported on the event organised by Rory Stewart that led to the BDUK programme. Rory’s Reivers are still showing the rest of the UK how local enterprise can build better, as well as far cheaper, than Central Government or the incumbent.

Shortly after he was elected Kit Malthouse chaired  “Towards a post Brexit Strategy for Gigabit Britain – Building the infrastructure for a Smart Society” at the Conservative party Conference in 2016. That was the conference at which Matt Hancock, having read his way in at DCMS, came down firmly, at a series of meetings, in favour of full fibre – to the surprise and consternation of many lobbyists.

I will update and extend this blog as other candidates raise IT issues in their battles for the votes of first their fellow MPs and then the party faithful.

Their fellow MPs are a sophisticated (to use the polite term) electorate and will be looking to some-one who can not only deliver Brexit (whatever that means) but can rebuild an election winning party around issues that matter to voters in their own constituencies.

Their comments on matters IT, and responses to questions on matters IT, will therefore reflect what they think are the priorities of the future.

Given that the forthcoming NSPCC report on a world-wide review of “On-line Harms” will be launched between two of the main “hustings” meetings I will be interested to see how they reconcile the need to expedite effective action on child safety with improving the protection of personal privacy

May 25, 2019  5:16 PM

5/10 for the IfA Digital Apprenticeships Standards Review

Philip Virgo Profile: Philip Virgo
Apprenticeship, CompTIA, Skills

The Statutory Review of the Digital Apprenticeship standards  inherited by the Institute for Apprenticeships answers less than half the question. Much of the question (e.g. allowable costs) is outside its remit and the resources available for the review were limited. A low score should, therefore, not be unexpected but the conclusion that IT Support skills are be covered elsewhere was surprising, to say the least.

An Insiders’ Review

The inputs to the review were limited to those employers, apprentice and training providers with “direct experience of the apprenticeship standards”. Those unable to make the standards process work, not interested in the standards agreed or unable to participate for other reasons were not asked to comment. The positive responses:

  • 85% of apprentices said the apprenticeship met their expectations.
  • 95% of respondents said the title of the standard reflected the content.

from those involved were therefore to be expected.

However, “41% of respondents (employers and training providers) encountered difficulties training apprentices”. Unfortunately these are not described in any detail.
89% of respondents said that off the job training on the standards was between 20% and 39%. Those with experience of mainstream industry training programmes would regard this as surprising high for programmes expected to last more than year. The use of supervised, hands-on blended learning, home study modules, interspersed with the occasional group workshop or residential modules means 5% or less would be more common. Such a training programme would not qualify as an apprenticeship for levy purposes. Meanwhile employers with large numbers to train to common standards appear to prefer 10 – 12 week digital boot camps to 12 – 18 month digital apprenticeships, even though the latter can be offset against the apprenticeship levy.

The review looks at a subset of the market. Great care should be taken in extrapolating the results

Sensible updates mixed with unrealistic ambitions

Most, but not all (see below) of the recommendations as to which the inherited standards should be retained and revised and which should be withdrawn, with “some of the content incorporated into revised standards, broadening and enhancing the content” are uncontroversial. The plans to align apprenticeships, T levels and Level 4 and 5 qualifications with common occupational maps are welcome.. So too are plans to link reviews of Level 3 standards and content.

But the idea that the IfA map will cover “the whole of technical education” is over ambitious. The standards for which the IfA has responsibility cover but a subset of the English subset of a digital education market in which most of the standards recognised by industry are international. The IfA is right to focus its efforts on establishing a reputation for quality and relevance but this will not be helped by over ambition as to what it can achieve by itself. It needs to partner with reputable players, local, national or global.

Specific Comments

  • “Digital and Technology Solutions Professional (Level 6): will be retained on the basis that each of the individual options are reviewed in detail to ensure they each meet the requirements of an occupation.”

Each of the “occupations” cross boundaries and overlap with technologies and applications which are evolving at an accelerating rate. Reviewing the cross disciplinary intellectual frameworks necessary to cope with change is more important than the reviewing transient detail. That will entail looking at how those running industry and commercial certification and accreditation programme handle the pace of change. When the IfA was created I attended a meeting (organised at the request of the Minister) at which members of Digital Policy Alliance Skills Group offered to brief IfA staff on the processes they used to keep abreast of change. At the time there were no staff in post to brief. Perhaps the time has come for the IfA to take up that offer.

  • IS Business Analyst (Level 4) will be revised and broadened in scope to become Digital Product Analyst/Digital Business Analyst (Level 4). The occupation should apply to a broader range of sectors rather than just Information Systems to better serve the needs of employers.”

This is particularly important given that there is no separate standard for “systems engineering” where the “system” is an evolving mix of networked hardware, software and wetware (people processes) with shifting boundaries between the three. Thus the AI-based “system” may be hardware (inference  and authentication  chips) and software in support of people processes (because complete autonomy without human oversight is uninsurable).

Including systems engineering in “Digital Network and Infrastructure Engineer” implies a narrow definition of the range of roles where the disciplines and techniques are required. I speak as one who was trained in the in the 1970s before systems engineering became confused with digital systems engineering.

The problem with removing knowledge units and mandatory qualifications as opposed to the need for robust, rapid and efficient change processes

The report identifies the problems with using “knowledge units” from existing qualifications to enable “future proofing” by building on the review and update processes of those maintaining them. However, requiring the “trailblazer groups” to “bring all relevant information into a standard as they are redeveloped” gives them a difficult choice. Do they attempt to bring the update processes in-house (a massive task) or to negotiate compromises which have the support of those for whom enabling their trainees to acquire the skills currently recognised by their suppliers, customers and peers is more important than recovering their levy. The latter will be essential for the digital apprenticeship market to achieve its potential.

Digital (both information and control systems) is not, however, the only skills market dominated by requirements for internationally recognised qualifications, some generic but many vendor maintained (e.g. to install, use and maintain specific product ranges). Aerospace, automotive and critical infrastructure utilities and many branches of engineering have similar needs.
The solution to the problem of maintaining lists of relevant qualifications coving “the full range of software and approaches required for full occupational competence” is not to wish this onto the existing trailblazer groups. It is to allow them to work with the qualifications bodies, professional bodies, trade associations and training providers who are already in the process of developing semi-automated, networked, routines, linked to on-line libraries of course planning, content and assessment materials. The IfA should look at the potential for working with those seeking to create a neutral “hub“ for such routines in order to transform the position of the UK as market-leader.

This happens to be one of the projects I have just passed to the team at the Open University which has taken over from me in running the DPA Skills Group https://dpalliance.org.uk/about-21st-century-skills-group/. The aim is to package and publicise the existing inter-operability and exchange processes of JISC, the Grids for Learning, the various STEM, Coding and Content initiatives and the main global content libraries. It could also be used to provide a much more practical solution than that proposed.

Supporting Small Businesses

The basic idea of meeting the needs of small businesses, whether suppliers or users, by directly involving sample SMEs in setting digital standards is impractical. According to the ONS Business Survey 2018  there are

  • 7, 500 employers with more than 250 staff, i.e. large enough to have the in-house expertise to help specify training needs.
  • 35,000 with between 50 and 249 employees i.e. large enough to employ more than a handful of apprentices.
  • 210,000 with between 10 and 49 (who might employ one or two)
  • 1,1 million with 1 to 9.
  • 4 million sole traders

Meaningful inputs on the needs of all but the top 7,500 employers will only come via the relevant trade associations or professional bodies.

The decision to require the IfA to work direct with employers, cutting out intermediaries (like the sector skills councils), without providing the necessary resources and budgets, means the standards processes are unable to reflect the needs of over 95% of employers and half the workforce. To remedy the situation it has to allow the trailblazer standards groups to re-create processes for working with those intermediaries who genuinely represent the collective needs of their members, the 1.3 million SMEs who collectively employ as many as the top 7,500.

The good news is that we can see that happening with former “intermediaries” providing the secretariat for many of the more effective standards. But the lack of such input to the review process may explain the most puzzling recommendation in the report: that to remove ”IT Support, as the occupation was judged to be covered elsewhere”. Apart from suppliers of IT products, services and support, only 7,500 businesses are likely to have more than one or two full time digital technicians or professionals. The other 1.3 million are reliant on external support. Hence the reason for qualifications like those from COMPTIA  (a not for profit trade association created to provide vendor neutral training for the employees of the IT support market).

There is a need to explain where “elsewhere” is – since it covers most of the digital skills market. .

Promoting Diversity

Changing the language in job adverts can be surprisingly effective but there is also a need to address the academic or other pre-requisites for apprenticeship programmes. Many of these merely serve to filter out those excluded from mainstream education for reasons not relevant to their employability. The bigger issue with promoting diversity is, however, allowable costs – including for socially inclusive recruitment and pastoral care for vulnerable apprentices in SMEs with no in-house processes. This is outside the scope of the review.

Establishing principles for future approval

Most of these look sensible, albeit THEY ARE much harder to implement than to agree.

One of the hardest is: “Naming conventions – occupational standards should adhere to consistent naming conventions across the Digital Route to promote consistency and understanding”. It reads well and similar phrases are repeated regularly in report on skills and professionalism.

Over the fifty years since I became a graduate apprentice programmer (before there were computer science courses) I have seen countless attempts to produce common taxonomies. None achieved traction.

There is, however, an alternative way of achieving the objective.

In the 1980s I ran the NCC Microsystems Centre (the flagship awareness programme of the day). We needed a taxonomy for indexing our monthly-updated “Directories on Disc”, covering the hardware, software and training on the UK market. We used what would now be called AI to help collate those already available. We quickly determined that many definitions overlapped and rarely matched the claims of the suppliers. We decided to instead embed a synonym finder. This was also updated monthly with the aid of the journalists and product reviewers for whom we held open house after I scrapped the PR budget. The result turned the Directories into a must-have industry index and turned round the finances of the operation.

The situation with digital definitions (whether of hardware or software techniques, products and services or the skills to develop and use them) has become even muddier over the decades since.

None of the many subsequent attempts to produce skills taxonomies has been successful outside specialist areas where certificates to practice are mandatory or big budgets (as with some of the US DoD contracts for NIST) are available. That has not stopped players (UK, EU or US) from trying, whenever they can find a sponsor with deep enough pockets. Einstein’s supposed definition of madness  is apposite . A synonym finder updated by those who want to use the results for their own purposes is much easier and more useful, especially if it has on-line cross references to the work of others.

The reference to the cross-cutting nature of digital skills and the “Essential Digital Skills Framework” is apposite but that framework is itself overdue for review. The reference to “Handling information and content” needs to include reference to recording and/or checking the provenance of the information. Security for that which is false or misleading, not just misleading, is not enough. This is commonly omitted. The consequent risks are profound. When I did my “digital apprenticeship” in 1968/9 it was core part of my training, alongside the GIGO (“garbage in = garbage out”) principle. I had to find out when, where and how the data was collected and the motivation (if any) of the staff collecting it, correcting it and entering it to the system.

Occupational Maps and the removal of the IT Support path

The removal of “IT Support” without alternative pathways will severely limit the relevance of digital apprenticeships to those who support the 99% of businesses with no full-time digital expertise. One can understand the reasoning that led that conclusion only in the context of confining the review to those who have been able to make the current standards system work. But the consequences it makes my headline score of 5/10 appear generous in the eyes of those whose needs are left out.

In the 1980s the NCC Threshold Programme, the Microsystems Centres and ITECs provided apprenticeship-like programmes and hands-on skills incubators to train tens of thousands of support technicians (with City Guilds 726 providing the framework for customisation to meet the needs of clusters of employers). But their success in putting socially excluded teenagers into well-paid jobs threatened the status of academic computing. Funding and support was diverted into “computer literacy” programmes (to feed students onto the academic courses). The UK supply of digital support technician skills imploded (save for the Millennium Bugbusters programme) until the Americans came to the rescue with vendor neutral programmes (like those of COMPTIA) to complement the vendor Academy programmes (like those of CISCO and Microsoft).

The success of local skills incubators in organising digital and engineering apprenticeships (and other training programmes) to meet the needs of geographic clusters shows what can be achieved. But it appears that those conducting this review decided, possibly correctly, that they have neither the resources nor terms of reference to provide digital support apprenticeship frameworks for use by the Borchester  or Causton  skills incubators or to help the digital supply chain copy the approach of the Builders Merchants. The latter have apparently organised a network of 200 local training agents to handle the organisation of apprenticeships on behalf of those in the supply chains of their 800 members.

Future Statutory Reviews

The report tells us what we can expect from future reviews. They will “again start with the content of the occupational standard” but “will have an enhanced focus on the quality of each EPA [end point assessment]. They will also “ benefit from even more targeted communications and engagement activity with employers, apprentices, provides and other stakeholders such as EPAOs [end point assessment organisations].

In others words they will again be conducted by those who stayed the trailblazer course and have been able to make the existing system work to meet their needs.
It is unclear how “public” the future consultations on “Occupational Maps” for other sectors will be but it is well worth looking at the IfA Occupational Map for Digital
and comparing this with the maps produced by the various professional bodies, trade associations, training providers and advice services trying to attract people into digital careers


I have awarded half marks because the report covers only half the question. It addresses the concerns of those who have been able to make the standards system work. It does not address the concerns of those who have not. And there are far more of the latter.

Given the resources available to the IfA for this review it might be unreasonable to expect more. But if the Government wants to use a successful start to rebuilding the UK apprenticeship system as part of its platform for the next General Election (whenever that comes) it will need to provide the IfA with the resources and terms of reference to ask, and answer, the whole question.

Comments received:

Jon Hall (Open University) has commented as below

  1. Digital and Technology Solutions Professional (Level 6): will be retained on the basis that each of the individual options are reviewed in detail to ensure they each meet the requirements of an occupation. occupation as opposed to a profession?

The choice of words is revealing: occupation applies to the practitioner as part of a profession, perhaps, but what is an apprenticeship if not the expression of the sustainability of the profession over the individual? Are we to assume that the correct criteria for review are those of the individual, in that case? If so, what hope for those critical skills a degree teaches?

2. Future proofing

This isn’t necessarily achieved by removing anything from a syllabus, but from thinking more carefully about its conceptual core, something that universities (should be) good at, but that trainers can miss. From that conceptual core come the notions of, what I call, a ‘sand topic: something that moves (sand dunes drift) but sufficiently slowly as to be captured in a long term syllabus, and a ’sky’ topic which, like the clouds, moves too fast to capture once and for all. Trainers do the latter better than universities under the traditional models of both, but some unis, including mine, have techniques for keeping up with the leading edge and providing self-updating skills at the same time.

3. Promoting diversity

You’re right, of course. The work of Rachel Acraft is also pertinent (thesis available on demand from me) in which she identified the ‘drama’ model of computing: (paraphrasing) we need set designers, musicians, lighting engineers, producers, directors and myriad others to have something of dramatic value, not just authors. Producing a solution with computation embedded is similarly team based, requiring skills from all over the place. So diversity or role provides for a broader skill base. Digital apprenticeships mould recognise this sort of diversity too.

It has also been pointed out to that the first video manifesto for a Conservative party leadership candidate uses degree-linked apprenticeships as an example of “Fairness” and “Choice”. At least three of the other declared candidates are know to be strong supporters of apprenticeships. Will they also use them as a plank in their campaigns?

May 10, 2019  1:48 PM

Brexit: golden rules and taboo questions

Philip Virgo Profile: Philip Virgo
Brexit, fake news

The Brexit debate sees the endless repetition of mendacious claims, meaningless slogans and fake news. But key questions appear off limits – because no-one wants to discuss the possible answers.  They reveal that what is a stake is not a simple matter of “in” or “out”. It is what is allowed to happen afterwards – and who really wants what.

Now that the manifestos of the European Reform parties in other members states have been published can we begin to read some of the arguments that no one wants us to hear.

I therefore feel a need to throw a rock into the stinky pool to see what emerges.

But first the Golden Rules for interpreting the answers.

  1. Nothing is quite what it seems.
  2. Everyone has a vested interest, alias valid point of view and they all have good reasons for them.
  3. Those accusing others of ignorance or stupidity should take a look in the mirror and then think a little harder.

Please bear these rules in mind when asking taboo questions and listening to the answers.

I summarise my top three below, I also summarise some of the answers. I would very much wish to hear yours.

1 What is the difference between “the” Customs Union, “a” Customs Union and Swiss style frictionless borders?

  • “The” Customs Union means that US multinationals can continue to pay VAT and Corporation Tax on UK earnings in Dublin or Luxembourg.
  • “A” Customs Union means that US multinationals may be able to continue to pay VAT and Corporation Tax on UK earnings in Dublin or Luxembourg.
  • Swiss style frictionless borders mean VAT and Corporation Tax on domestic earnings are collected (and retained) locally while goods from, for example, Italy can transit a non-member to France (and vice versa) with no need to stop. Pre-cleared Swiss imports and exports can transit equally rapidly. The TIR processes predate the EU and are international. The Mayor of Calais (which stands to lose most from border delays, Calais also owns the port of Dover) has promised equally rapid processes. The risk is that he may have problems with striking customs officials (fearful for their jobs) or fisherman (if they are not squared after Brexit).

2 What is the Irish Backstop?

The Irish backstop is  a McGuffin . The aim is to delay decisions that could lead, inter alia, to a 10% (or more) cut in the budget for running the Commission before the current incumbents have left.  Such a cut could necessitate halting sessions of the European parliament in Strasbourg. This is already being called for by reform candidates in other member states.  It would be a severe embarrassment to President Macron – but not to anyone else.

3 What difference would No Deal and reverting to WTO rules make?

It depends which rules you invoke:

  • A two year period of no change while agreement is reached?
  • No change until agreement is reached?
  • Independent arbitration (various formulae) when agreement cannot be reached?

None of these is the nirvana or the existential threat claimed – according to which side you are on. All, however, end the ability of the EU (or EU Court) to impose a solution in the event of dispute. They also end the potential for imposing changes that have not been agreed by the UK.

So what other questions do you think need to be asked? 

Having spent twenty five years of my life trying to make a reality of the mythical digital single market, with its tangle of geographic software and content licenses and differential pricing, I can think of plenty more questions. Then there are questions about the various “licence to practice” barriers to the free movement of professional and technical staff – except when they are in short supply and will not undercut the natives. The depressed after-tax earnings of freelance IT staff in the UK should, of course, be blamed on IR35 and Tier 2 visas for non-EU immigrants. The EU has had little impact. It has its own shortages and many of our freelances have done better by working in, for example, Germany.


February 23, 2019  9:42 PM

Will Advertisers and Insurers hold Social Media Platforms to Account after Governments fail

Philip Virgo Profile: Philip Virgo
Governance, Internet, Internet safety

The Shareholder Backlash

Most digerati appear to be in a state of denial over the scale and nature of the damage being done by the abuse of social media. It is fuelling family breakdown, mental problems and violence, particularly in our inner cities. They may, however, be correct in saying that current political and regulatory efforts to address the problem will not achieve their objectives.  The delay in implementing UK legislation on Age Checking, in the face of opposition from those whose business models are based on intrusive mass data collection as well as those promoting anonymous access services, shows how easy it is to mislead officials and politicians over the impact of proposals that help enhance, not invade, the privacy of the vast majority of users, particularly the most vulnerable.

Advertisers and, more importantly shareholders, are not so easily fooled.

The dips in share price last year, when luxury brands began pulling adverts which might appear alongside ISIS videos and risk their Middle Eastern sales, were short lived. So too were the dips which accompanied the original revelations of scale and nature of the fake news/click bait “industry”. In both cases assurances of the “technical” measures being introduced appear to have been sufficient.

Not so the 20% fall in Facebook share price as complaints grew that family friendly content and adverts were being used to promote child abuse and drug gang messages and not “just” fake news about politicians and celebrities. Assurances of action have, so far, proved insufficient – in the face of evidence of practical ineffectiveness, particularly with regard to addressing abuse over its platforms for teenagers, such as Instagram and Whatsapp.

The arguments received a very public twist when the DCMS Select Committee used forgotten powers  to seize evidence of “intra-US misbehaviour” for use in its report on Disinformation and Fake News . This report refers to the Ledger of Harms  produced by the Centre for Humane Technology: “loss of attention, mental health issues, confusions over personal relationships, risks to our democracies and issues affecting children” but focussed on the harms supposedly caused by targeted misinformation in support of political campaigning. Hence the committee’s proposal for a new regulatory category for organisations that are neither “Platforms” nor “Publishers”. But can organisations which claim ownership of the content placed on them (including records of usage and location) and analyse this, sometimes in real time, to target advertising, really claim “Innocent carrier” status at all, let alone avoid responsibility under common law and tort for failing to take rapid action to enforce their terms and conditions when warned that abuse is leading to harm, suffering and death, whether on the streets or in the bedroom.

The Twitter share price has been hit harder, now down over 30%, as it becomes a medium of choice for some of more prolific abusers, whether of truth or of the vulnerable. It has yet to find a way of reassuring advertisers that their brands are not at risk.

The Google (Alphabet) share price has been more resilient, down barely 10%. So far its efforts to monitor abuse have seemed more credible to Advertisers. But it remains to be seen how it will respond to the loss of well- known clients for You Tube advertising. In particular will it be able to reassure AT&T. We can expect it to step up efforts to use technology to identify and remove abusers. Will it feel a need to go further and take a lead in helping drain the swamp, including by organising systematic co-operation to help advertisers prevent their images from being contaminated by indiscriminating pay-per-click automated adtech placement algorithms? Will it feel the need to go further, in co-operation with AT&T and Verizon, to restore faith in the safety and security of the on-line world. If so, where will that leave the current “division of labour” between the Internet Community and the ITU.

The Public Backlash

Meanwhile parents, teachers, picking up on what they know about the hidden fears of their children and pupils,  are now well aware that the on-line world needs at least as much supervision as physical playgrounds and streets. We have long had anecdotal evidence of the scale of parental concerns over some of the apps being used to stalk their children . We are now seeing evidence on the fears felt by children and what they would like to see in response.

We can also see the debate over on-line harms spilling over into the way social media are being used to create a climate of violence and fear on our the street. We are also beginning to see constructive thought on how the processes actually work and what we might do in response.

Last Saturday I attended a meeting for local residents on violence reduction. It was attended by the constituency MP, the GLA member and three cabinet members from the Council (in this case Lambeth) . It was standing room only.I had expected some of what I heard. I did not, however, expect the extent to which social media were blamed for contributing to the problems and the anger at their ongoing failure to use their profits to become part of the solution. Perhaps the saddest contribution came from a teacher who was describing the effect on family life. She mentioned a contribution to an early years discussion on what “what do you want to be when you grow up”: – “I want to be an I-Phone, so my Mummy will speak to me.

At the teenage level the use of social media to video and brag about violence and/or issue challenges is said to be a major factor in the escalation of a local dispute into open warfare. It is also said to be impossible to get rapid and effective action taken by those operating the relevant “platforms”. The resultant bitterness against those who make so much profit while driving local shops out of business and denying responsibility for their actions has to be seen to be believed.

I had not previously appreciated how much of this bitterness is linked directly to the systematic use of social media by drug gangs (not just ISIS or pederast rings) to groom their audiences with the mix of fear and exhilaration that will promote their product at eh same time as helping them control their neighbourhoods and supply chains.

In the physical world you can call Crimestoppers and report where and when the action is happening. What happens when you try to report abusive content to Facebook, Google or Twitter?
The social media giants claim they are innocent carriers but their claims to own the data posted by their users and analyse transmissions to facilitate precisely targeted advertising indicate clearly that they are publishers (and more) – with all the duties entailed.

It appears to be only a matter of time before crowd-funded class actions on behalf of the victims of bullying, abuse and violence cause them to change their business models.

So what could/should be done by those who wish to expedite that process without destroying the undoubted benefits from advertising funded open internet access?

Pre-empting the damage the backlash could cause

1) Implement Age Verification to PAS 1296

The first and most obvious action is to expedite implementation of the UK Age Verification legislation passed two years ago . The members of the new Age Verification Providers Association  spent £millions to get effective systems operational in time for the original deadline. More-over the technologies they had in mind to help with enforcement (based on those already used by Hollywood and the Music Industry for copyright enforcement) could also be used to address other forms of on-line harm.

The reasons for delay do not stand up to examination and are doing serious harm to UK-based business. They are in part based on misinformation by those who do not want to see the spread of effective, low cost, anonymised access technologies. The access provider or retailer need only ever know the name and id number and/or biometric of the individual. In some cases even the service provider knows only the age or other relevant attributes (e.g. a membership or security clearance). Everything else is stored behind further layers of one-way encryption on the files of the third parties e.g. health, education or financial services providers who provide only extracts. Such a privacy-centric capproach fits, however, neither mass surveillance nor big data agendas. Hence the publicity for misinformation based on services which do not use data minimised implementations of PAS 1296  (on its way to becoming a global standard).

Early, well publicised, adoption of such implementations, audited against the PAS, without waiting for the legislation to be implemented, is not only a good way of demonstrating family friendly credentials, it can also greatly reduce your potential liabilities under GDPR if allied to an overall data minimisation strategy.

2) Work with Law Enforcement, Crimestoppers and Child/Mental Health/Victim Support and Welfare Charities on expedited and/or automated/collated reporting and response processes

The current confusopoly of victim-hostile, labour-intensive reporting processes is unfit for the internet age. Those involved have neither the expertise nor the resources to sort the situation. That will require action by those who want the rest of society to have confidence in the safety of themselves, their children and their grandparents in the on-line world. More-over, until we have created  processes for effective co-operation between industry and law enforcement, the responses will have to come from industry under a mix of civil and contract law.

That raises the questions of whether the organisation is more concerned over avoiding legal liability or enhancing consumer confidence (and profitability). That will divide industry between those whose “conscience” and/or “appetite for risk” are driven by the legal department or the finance director.

3) Find ways of using your expertise and resources to plug the gaps of those in Law Enforcement.

It is now over a decade since the EURIM-IPPR study  into Partnership Policing for the Information Society identified that law enforcement would never have more than a fraction of the resources and expertise necessary to policing the on-line world. The need was for processes to enable the police to draw on those of industry – including (but not just) as warranted special constables.
Since then there has been little, if any, progress in implementing the recommendations. We may actually have gone backwards. The current Metropolitan Police criteria for Special Constables  appear to preclude almost all those professionally involved with Information Security.

It is unclear whether change requires primary or secondary legislation or this a local requirement but action should be a core part of the National Cybersecurity Skills Strategy
as well as of any strategy to address the on-line safety of the rest of society.

February 18, 2019  8:34 AM

Fit for whose purpose? Submit your views on the Initial National Cybersecurity Skills Strategy

Philip Virgo Profile: Philip Virgo

I re-read the “Initial National Cyber Security Skills Strategy: increasing the UK’s Cyber Security Capability” after attending the first of their discussion meetings. The meeting illustrated the difficulty of the task the DCMS team will have reconciling the need of MoD and GCHQ for patriotic cyberwarriors and the need of the rest of us for the skills to protect ourselves and our customers at the same time as working with law enforcement to identify on-line predators and use a mix of civil and criminal law to remove and/or deter them, wherever they may be.

The skill sets do overlap.

But do they overlap sufficiently for a single professional body?

Almost certainly not.

Hence the reason the creation of a Cybersecurity Council makes such good sense.

But the Council will not meet the needs of UK plc if Government support is constrained to fit the undoubted needs to grow our own indigenous cybersecurity skills base while neglecting the need for the City of London, as the world’s premier financial services and global trading hub, to have the cross-cultural and jurisdictional skills base needed by a global hub for security audit and investigatory co-operation. And what about the need to protect the rest of society from script-kiddies, on-line bullies, pederasts and those using social media to promote, for example, a gang-driven, drug-fuelled teenage subculture.

The strategy also neglects the skills needed to build and maintain a resilient and secure digital infrastructure for a society that is critically dependent on 24 by 7 on-line service. The failure to regulate UK telecoms (including internet services) as part of the critical national infrastructure, with all that implies (including for the relevant skills), appear to undermine the rest of the strategy.

I strongly recommend reading the strategy and thinking long and hard before answering the questions.  And remember the deadline – March 1st.

Below I summarise the points I am thinking of making in my own submission.

Perhaps most controversial for many readers is that the number of genuine cybersecurity professionals, capable of a UK eyes only security clearance, needed is probably only about 10% of the numbers being bandied about by those making business plans for new professional bodies. Instead we need are very much larger numbers of competent technicians with skills that cross professional boundaries.

Moreover, if we really do want to a world leader, we should look at how to be at the heart of setting and auditing global skills standards and co-operating wholeheartedly with non-Nato countries educating and training those who will help secure the on-line world against all-comers (including nation state actors, “ours” as well as “theirs”). The latter also entails fixing the vulnerabilities that are there because nation state actors want them to be there.

Hence my sympathy for DCMS officials expected to reconcile the irreconcilable – or rather produce a globally acceptable and evolving fudge machine. I am mindful of how, nearly a decade ago, office also from across Whitehall came together to block the joined-up Home Office e-Crime strategy on which I and others had spend so much time and money.

My points below follow the structure of the Consultation paper.

The Strategic Context – Page 15
I found the analysis of the size of the cybersecurity skills gap (page 12) very odd. I then looked at the background report “Understanding the UK Cybersecurity skills labour market” and understood why. It repeats an error common to almost all reports on UK IT skills and demand. It fails to appreciate that 95% of the 1.4m UK businesses with employees have fewer than 50 staff, none of them full time on IT support, let alone cybersecurity. The responses to the survey come from those remaining other 5%, plus the Cyber consultancy community. The statement that 710,000 business and 107,000 charities have a “technical skills” gap is then used to produce numbers requiring differing different types of skill. The UK has barely 250,000 businesses with more than 10 staff and only 42,000 with more than 50. It has barely 34,000 charities with more than £100,000 of income and only 11,600 with more than £500,000. Most businesses with under 50 staff use packaged and/or outsourced IT products, services and support. They have no-one with serious in-house IT, let alone cybersecurity expertise. Only businesses with more than 250 staff (7,500) and charities with more than £5 million turnover (2,200) are likely to have any in-house cybersecurity expertise, as opposed to providing one of more members of staff with the training to know when to call in an “expert” and, hopefully, a call off contract with a reputable “expert.

There is then the question of how many of the “experts” merit the term “professional” and how many are best described as “technicians”, competent to use the semi-automated tools which can be mastered in the 3 – 4 month modular training programmes which produce “consultants” capable of being billed to HMG at £2-300 per day. To the numbers quoted should be added those not on degree courses or IfA “approved” apprenticeships. One commercial training provider appears to have a throughput of over 3,000 students a year (counting up the numbers of the courses it is contracted to run for major aerospace and defence contractors and/or cloud computing suppliers). Meanwhile the big four accounting firms are believed to each be training several hundred a year via the “cyber-academies” they run with the help of well-known Universities. BT has claimed that it has 3,000 in its cybersecurity operations and has said it is training 300 “apprentices” a year and looking to recruit a further 300 a year from outside to replace turnover.

Meanwhile the financial services industry has largely outsourced/co-sourced technical cybersecurity while embedding cybersecurity modules within mainstream disciplines from risk management to identity and access control (including know your customer), fraud prevention and asset recovery. ISACA (over 150,000 members world-wide, over 15,000 in the UK) is probably the main professional bodies for those “auditing” cybersecurity in the financial services sector. Its “body of knowledge” appears to be far wider than that envisaged, because its members already have to audit IoT devices integral to on-line, interactive payment, shipping and maintenance services around the world

The main gap in the analysis is, however, the skills to build and maintain the nations digital communications infrastructure. There is talk of societies increasing dependency on connected devices and services but not on the need to treat digital communication as part of the critical national infrastructure – with the implications that would have for regulated standards for quality of service, resilience and response times and for independent certification of the competence of those maintaining the necessary inter-operable networks with mutual standby.

That leads to the question of the skills to address the responsibilities of Internet Service Providers, including “Over the Top” providers, given that their use of algorithms to fine tune service provision of behalf of advertisers means that “innocent carrier” status no longer applies. They look set to face a perfect storm of class actions under civil and/or common law for the consequences (suicide and murder let alone lesser injuries and suffering) of their failure to take “reasonable action” to enforce their terms and conditions

The National Response – Our Mission

There is a need to unpack the needs for UK or NATO “eyes only” skills for national defence and cyberwarfare purposes from those of the financial services sector where UK-based organisations may be part of the critical national infrastructures (including payment services and sovereign wealth management) of Governments around the world.

One of the best ways of ensuring that the UK has world class skills is to maintain and foster the position of City of London as the neutral base for auditing and quality controlling the cybersecurity of the rest of the world – even if that means operating, at least in some respects, at arms-length from the City of Westminster. That relationship needs to open and honest, including the means for handling the inevitable conflicts, for it to be open trusted and trustworthy.

A Structured and Trusted Profession

Trust is earned. Much will depend on the nature of the “delivery lead”. It needs to be a mutual, jointly owned by a balanced mixed of UK and International professional bodies and trade association with Government contributing as a major user/employer of skills. It also need to move rapidly towards the creation of a de facto “certificate to practice” regime, with members maintaining inter-operable (common formats/definitions) log books of training, updating and performance, validated by course/assessment providers, employers and customers.

A Vibrant Education and Training Ecosystem

The “demystification” of cybersecurity careers is much easier said than done, given that these are probably evolving faster than the attempts to describe them.

It is probably easier to:
• describe the various roles,
• the attitudes, aptitudes, knowledge and experience they might draw on and
• how these might be demonstrated and/or acquired

It is probably that in future, as in the past, the majority of those working in cybersecurity will have transferred in from other career paths and a spell in cybersecurity may well be a stepping stone to another career path.

We need to make it much easier to assemble courses and training and assessment programmes from evolving modules which are internationally recognised,
How successful the Cybersecurity Council is crating the necessary frameworks will help determine its overall it overall success/failure.

Government (DfE as well as DCMS on Cyber)  should support (both funding and information on its own activities) clearing houses for work experience, apprenticeship and training opportunities (both local and national) and guidance on pastoral care, particularly for the neuro-diverse and returners.

Broader Cybersecurity Capability

The Government should work with the Information Commissioner and others to implement the outstanding recommendation of the Culture Media and Sport Select Committee report “Cyber Security – the protection of personal data on-line”.

“All relevant companies should provide well-publicised guidance to existing and new customers on how they will contact customers and how to make contact to verify that communications from the company are genuine. This verification mechanism should be clearly signposted and readily accessible, as with existing customer contact and complaints mechanisms.” (Para 14)

“security by design should be a core principle for new system and apps development and a mandatory part of developer training, with existing development staff retrained as necessary.” (Para 18)

“where the risks of attack are significant, the person responsible for cyber security should be fully supported in organising realistic incident management plans and exercises, including planned communications with customers and those who might be affected, whether or not there has an actual breach.” (Para 20)

“it should be easier for consumers to claim compensation if they have been the victim of a data breach. There are a number of entities (for example the Citizens Advice Bureau, ICO and police victim support units) that could in principle provide further advice to consumers on seeking redress through the small claims process. It would be useful for the Law Society to provide guidance to its members on assisting individuals to seek compensation following a data breach. The ICO should assess if adequate redress is being provided by the small claims process.” (Para 25)

“All telecommunications companies and on-line retailers, and other cyber-vulnerable organisations, should take steps to ensure that compliance with data protection rules and Cyber Essentials are key criteria when selecting third party suppliers.” (Para 26).

“Cyber Essentials should be regularly updated to take account of more recent attacks, including the need for security, incident management and recovery plans and processes for responding to cyber ransom demands.” (Para 30)

“The ICO and Cyber Essentials should publish further guidance on informing the relevant authorities and include best-practice examples of how to inform in an appropriate way those affected, in order to strike the best possible balance between protecting information that is sensitive to police investigations, whilst recognising consumer/customer requirements to be made aware of a breach that may affect them. This is particularly relevant as the EU GDPR will extend the obligation to inform consumers to all companies and organisations, not just telecommunications companies and ISPs.” (Para 33)

“escalating fines, based on the lack of attention to threats and vulnerabilities which have led to previous breaches.”. Para 18 … escalating fines for delays in reporting a breach.” and “scope to levy higher fines if the organisation has not already provided guidance to all customers on how to verify communications.” Para 34

“the attention of individuals within the organisation may be better engaged by the threat of a custodial sentence, rather than a fine for their employer.” (Para 36) “bring into force Sections 77 and 78 of the Criminal Justice and Immigration Act 2008, which would allow a maximum custodial sentence of two years for those convicted of unlawfully obtaining and selling personal data.” (Para 37)

“Companies and other organisations need to demonstrate not just how much they are spending to improve their security but that they are spending it effectively. We therefore recommend that organisations holding large amounts of personal data (on staff, customers, patients, taxpayers etc.) should report annually to the ICO on:

• Staff cyber awareness training;
• When their security processes were last audited, by whom and to what standard(s);
• Whether they have an incident management plan in place and when it was last tested;
• What guidance and channels they provide to current and prospective customers and suppliers on how to check that communications from them are genuine;
• The number of enquiries they process from customers to verify authenticity of communications;
• The number of attacks of which they are aware and whether any were successful (i.e. actual breaches).

Such reporting should be designed to help ensure more proactive monitoring of security processes (both people and cyber) at Board level, rather than reporting breaches after they have happened. Those submitting reports should also be encouraged to include such data in their own annual accounts to help give confidence to customers, shareholders and suppliers that they take security seriously and have effective processes in place. (Para 38)

“The vulnerability of additional pooled data is an important concern that needs to be addressed urgently by the Government. Part of the response could be to require enhanced security requirements and background checks for those with access to large pools of personal data.” Para 41 .

My guidance on the DCMS Report recommendations for the Main Board Directors of Computer Weekly readers is available here. DCMS and the ICO have yet to provide a substantive response but they are even more apposite now that the GDPR has come into force.

February 6, 2019  10:38 AM

A Skills Policy for the Fourth Industrial Revolution

Philip Virgo Profile: Philip Virgo
Artificial intelligence, Robotics, Skills

The pace of change in the skills in demand (as machine intelligence, now called AI, matures) is matched only by the pace of change in educational technology (using machine intelligence to transform the learning experience) and the ways we can use to acquire the new skills.

Both have overtaken the ability of our national education and training frameworks to respond and the main political parties have recognised this.

Last year the Conservatives called for inputs on Skills and Training for the 21st Century . Labour similarly called for responses to their “Learning society” discussion paper . Meanwhile an army of education “industry” lobbyists have been seeking to influence the Prime Ministers FE/HE funding review  due for publication later this month.  The Open University has just joined the Digital Policy Alliance with the aim of building on the work of the 21CN Skills Group of the Digital Policy Alliance and its allies. Last week we began the hand-over of the work I have been doing over the past couple of years to bring about change.  The “public” programme will include a high level, all-party round table to discuss the policy challenges.

I have just completed editing the first draft of a paper to help inform that discussion. The paper is very much “draft for discussion only” and is being placed in the members areas of the DPA website for comment. Given that this is not yet a DPA discussion paper and we want balanced input, I have also been given clearance to circulate copies to wider audiences. The purpose of this blog is therefore to invite feedback from a wider audience and identify those interested in helping look at the implications.

Below are some of the headlines and a summary of the key points and contents. Please contact DPA if you would like to register interest in joining to help review the draft and organise the necessary follow up studies.  Alternatively you can contact me direct.  I particularly look forward to comment on errors and omissions and, of course, from those who completely disagree with the analysis and regard me as a heretic who should be burned at the stake for not understanding academic values or business drivers.  That will be a nice change from those who say that I am really an academic at heart or a cold-blooded capitalist.

The headline recommendations for Government include:

1) Apply industry-strength market research and simulation techniques to all education and training policy initiatives to help assess the relevance of the objectives and likelihood of success.

2) Change the “target” from 50% “to go to University” to over half (including most public sector employees) to be engaged in life-long learning at graduate/post graduate level.

3) All academically or professionally accredited education, training (including recruitment) and assessment to be allowable against tax (personal and/or corporate), whether or not relevant to current employment.

4) Apprentice grant and levy scheme and other tax allowances/incentives to be extended to cover all professionally accredited training or technical/professional skills acquisition or development costs, including talent attraction, assessment, pastoral care, supervision, schools support etc.

Extracts from the preface

In 1982 I said (at a seminar on AI and Robotics for the UK Technical Press) “a single career change may not be enough in an age of fundamental structural evolution”. Today we can see the spread of annually updated professional and technician “certificates to practice” from medical consultants and aerospace engineers to other areas where proof of current competence is essential. Meanwhile digital marketing or security practitioners can become seriously out of date within months unless they spend time each week keeping up to date. A more profound problem than the supposed threat to jobs is the challenge posed by artificial intelligence to the status of academic values and the knowledge-based professions.

We have, today, a wealth of globally networked on-line materials and assessment tools (many using AI, from the simple to the sophisticated) that can enable teachers and learners to keep abreast of change, including of personal competence, motivation and performance. But our consultation and planning mechanism for setting skills definitions and standards, let alone forecasting volumes, cannot keep pace. We need to look again at policy and funding frameworks and processes that have changed little in a hundred years. We need to allow schools, colleges and universities to give teachers and pupils/students the freedom to follow good practice as it evolves, without waiting for semi-mandatory national “guidance” and funding.

Key Points

1) Analyses of the reasons for the voting patterns in the 2016 referendum and 2017 General Election indicate that, whatever the outcome of Brexit, it is no longer politically acceptable for the UK to rely on imported talent for the skills needed by employers while saddling so many voters and their children with debts they may never repay. It is little wonder that the study into FE and HE funding launched by the Prime Minister last year is taking so long. The issues go well beyond funding. The pace of change with regard to the skills in demand and our ability to use technology to help assess, educate and train raw talent have outstripped the ability of public sector policy, funding and accreditation processes to respond to the resultant challenges and opportunities.

2) At the same time the mass deployment of on-line learning, expert systems and artificial intelligence means memory and logic are losing status, as did the ability to read and write when literacy became commonplace. Basic digital disciplines (such as coding and systems thinking) change slowly, if at all, but the application skills in demand change faster than we can agree a curriculum, let alone agree academically acceptable accreditation of the knowledge and competence expected by employers and specify and deliver publicly funded courses and qualifications. The pressures pose an existential challenge to traditional educational hierarchies and academic structures, not just planning and funding processes.

3) There has been a dramatic shortening (from years to months) of the time necessary to assemble mass market or customized on-line learning programmes, many using “AI” and gamification to enable personalised motivation, delivery, practice and assessment. Skills which took months or years to master can then be acquired within days or weeks by those with the necessary attitude and aptitude. But the gap between the expected delivery standards and timescales of industry and commerce and those of academic accreditation bodies are widening, equally dramatically.

4) There are also tensions between processes (from “T” levels through Apprenticeship or Degree Standards) intended to meet the needs of specific sectors, trades or professions and the growing use of “intelligent systems” (accessing whatever body of knowledge is needed) to enable digital users to cross disciplinary boundaries. The current focus on national “standards” needs to embrace processes to facilitate customized cross-boundary skills development, mixing pre-existing and/or shared modules from an evolving variety of sources, national and international.

5) The falling proportion of the population who can now expect one career (let alone job) for life brings into question the mandatory, “league table enforced”, focus of schools on “national” curricula and examination hierarchies designed to filter pupils for “suitable” full-time University degree courses. The availability of reliable of schools broadband should be used to empower teachers to “educate” all with the basic skill and motivation for a world of modular, flexible, graduate level, lifelong “earn while you learn”, with time out to “enjoy learning for its own sake”, changing career, occupation and vocation as aspirations and the employment on offer evolve.

6) There are growing pressures on Universities and College to improve teaching and pastoral care as they compete for the student loans and apprentice funding of a shrinking pool of school-leavers. The long-term winners will be those who also work with employers (local, national and international) and sports, leisure, cultural and travel operations to offer and exploit lifelong learning activities which support freedom of choice with regard to work-life balance – from career development, through family responsibilities to post retirement “learning for pleasure”.

7) We can also see some of the older Public Schools and Oxbridge Colleges, masters of survival, involving their alumni with careers events which offer world-class globe-trotting apprenticeships, with residential periods in best of breed research centres around the world. At the other end of society, far-sighted councils are looking at the provision of full fibre broadband to social housing estates – to provide affordable access for the excluded (whatever reason) to world class education and training programmes supported by teachers based on their local school/college.


1) Turning the pace of change from a challenge to an opportunity
1.1 Tomorrow came yesterday
1.2. The pieces are in place for a world class industrial strategy for educational technology
1.3. We also need a joined-up strategy for vocational skills and employment
1.4 Both require cross-boundary co-operation
1.5 It presents challenges to traditional academic structures not just processes
1.6 Variety is the spice of life – One size will not fit all

2) Predicting the skills of the future in ways that aid meaningful decisions
2.1 Planning Consortia, Consultation and Market Research
2.2 Segmentation: from expert, through professional, technician and application to user
2.3 The shape-shifting of skills boundaries across trades, professions and disciplines
2.4 Basic attitudes, aptitudes and disciplines change slowly, if at all
2.5 Coding , robotics, systems thinking and data analytics (the basis of AI) are core
2.6 The rate of change in technician and applications skills is accelerating
2.7 Growing the talent pool
2.8 Is “digital literacy” still needed, as opposed to literacy, numeracy and social skills?

3 A national strategy based on local access to global planning and delivery partnerships
3.1 Facilitate rapid, flexible, local response within national planning/funding frameworks
3.2 Enable local access to international programmes and globally recognized qualifications
3.3 The Linage and interoperability of learning and competence modules is critical
3.4 So too is building on the bet of what already works
3.5 Enabling local access to international programmes and globally recognized qualitications
3.6 Support faster UK response cycles to emerging/changing demand
3.7 “Liberate” Universities, Colleges and Schools to serve as local, national or global support and delivery hubs in world class life-long learning, quality control and/or research networks
3.8 Change the Apprentice Levy and Grant into an Accredited Skills Levy and Rebate

4 Empowering Informed Choice
4.1 The growing range of choices
4.2 Help pupils, parents, adults and employers understand the alternatives

5 Removing the obstacles to painless change
5.1 Facilitating response to changing the economics of retrain versus recruit
5.2 Prioritise tax-free training over the “prevention of abuse”
5.3 Replace “challenges” by “funded experiments” and publicise success
5.4 Raise the status of apprentices
5.5 Link skills policy to immigration policy

6 The Action Plan
6.1 Recommendations for Employers and Recruiters
6.2 Recommendations for Education and Training Providers
6.3 Recommendations for Trade Unions and Professional Bodies
6.4 Recommendations for Central Government
6.5 Recommendations for Local Government
6.6 Recommendations for Voters

1 Turning the pace of change from a challenge to an opportunity

Accelerating technology change presents serious challenges to those seeking to plan courses and curricula in advance to meet predicted skills needs – examples include the new “T” levels. But advances in educational technology also transform our ability to develop and distribute new courses and materials to meet new needs within months, not years.

1.1 Tomorrow came yesterday
We can now see the reality of the future envisaged in the early 1980s when the Micros in Schools programme was launched and “Training for multi-career lives” was commissioned as part of project to look at the implications for society (including education) of the adoption of “Knowledge based reasoning systems” over “The Next Ten Years”. The seminar was for the UK technical press on the economic and social implications of Artificial Intelligence and Robotics for Education. This was the paper than introduced the concept that education should be the introduction to a world of life-long learning rather than a career for life and that. “status will pass to the man doing the job that no mere machine can do”.

The forecast was that:
The impact of technology on the personal service jobs, from street cleaning to street walking, will be negligible. Gardeners, window cleaners, plumbers, cooks and so on will be needed just as now.
At the other end of society, however, the changes may well be traumatic as expert systems render obsolete the book-learning and machine-like logical skills of most lawyers, accountants and consultants … the complex diagnoses that elevate the Harley Street consultant above the local general practitioner, can already be done faster and more accurately by computer. In twenty years … the general practitioner will no longer refer you to the hospital for analyses and diagnoses but will do them himself with the aid of his surgery expert systems backed by links to national epidemiological and other databases … the simple application of memory and logic which any properly programmed computer can do.

The consequent argument was both re-assuring and challenging. To quote the abstract:

Most of the basic skills needed over the next hundred years can be predicted with reasonable certainty but many of the precise trades and professions cannot. “Age related careers” is an employment strategy which can handle such uncertainty. Fundamental changes to the education system are necessary. Information technology makes these possible at economic cost. Encouragement and favourable publicity are more effective weapons of persuasion than coercion but many actions at all levels are needed if the inability of our education system to cope with change is not to deny us the benefits which the new technology is bringing to other societies.

Since then millions of jobs have been lost and millions more created as the pace of change accelerates. Today a wealth of globally networked on-line materials and assessment tools (many using AI, from the simple to the sophisticated) enables teachers and learners to transform the processes of acquiring and demonstrating both knowledge competence in new skills. These are used by employers around the world to cut the time from “learning to earning” from years to weeks.

Schools with access to full fibre broadband can transform the delivery of STEM education and careers advice, using the wealth of material already available. They are also being used to open the potential for lifelong learning in the skills of future.

Example include the commoditization of both Artificial Intelligence (many definitions and variations as the human intelligence copies/extends) and training in how to apply it. In May 2018 the University of Helsinki and a design consultancy launched an app to promote a free online “Elements of AI course. By December 2018 this had been adopted by 250 Finnish companies as part of their response to the business case for the Finnish industrial strategy to lead the world in the application of AI and over 10,000 students, 6,300 from Finland, had already graduated using the English language version).

To see more please register your interest in joining the 21CN Skills Group with the DPA  or contact me with you details.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: