When IT Meets Politics


February 9, 2014  7:26 AM

Is “know your customer” the on-line fraudsters’ greatest ally?

Philip Virgo Profile: Philip Virgo
Barclays, crime, Data protection, Fraud, kyc, liquidator, Money laundering

The press cover for the use by fraudsters of files from a defunct Barclays subsidiary serves to highlight the counter-productive nature of the “know your customer regulations” which require banks, brokers and “financial advisors” to collect and keep information for supposed consumer protection and anti-money-laundering reasons. The churn rate among brokers and “financial advisors” and the lack of responsibility of liquidators to safeguard (or at least delete) the files on computers they may be selling, as opposed to getting the best price for the creditors, illustrates soem of the consequences. 

The Daily Mail article also reminded me of a conversation after an “awareness” event. I was asked to consider a similar exercise for a silver surfers by an organisation whose high value clients were being targeted by fraudsters who had all the information necessary for  successful impersonations. They did not know if the problem was shared or peculiar to them. It was too commercially sensitive to talk with their competitors and they could find no leak or breach. Was it some-one in their supply chain? Was it a common problem: e.g. a fake “Cruises’Rus” website to harvest the details and preferences of high value silver surfers? They did not subsequently offer to help with funding, so I filed the conversation away. 

Yesterday I was drafting a possible call for reform of the EU approach to Data Protection, Electronic Identities and Information Security. One of the high level recommendations was:


·         “Regulation should focus less on what is stored, (given the many requirements of consumer protection regulators and others to retain that which is not required for business purposes) and more on who has access, under what conditions and how that right of access is checked and exercised.”


We should never forget that what is retained for regulatory, not business, reasons is a potential honey pot for fraudsters.

 

      Related articles

February 6, 2014  10:59 AM

Men fight over Bletchley Park: where women won the war.

Philip Virgo Profile: Philip Virgo
BBC, Bletchley, Colossus, FIPR, national museum of computing, Testery, Tunny

codebreakers-_2812302c.jpgbletchley_2328727b.jpg

I have been dismayed, but not surprised by the unseemly spat between the Bletchley Park Trust and The National Museum of Computing. Common sense tends to fly out of the window once men, money, the Lottery Fund and the Charity Commission get involved. Bletchley should be about using the symbiotic relationship between computing, communications, cryptography and surveillance to inform and inspire future generations, whether they have been drawn in via the theme park or an educational visit to the museum.

We should also remind the world that Bletchley was an almost all female operation: around 9,000 women, who did most of the deciphering and translation once a couple of hundred cryptographers (not all men) had broken the codes, plus 3,000 men, guarding the site and building and maintaining the equipment (although much of the latter was also done by women).

The photos above are from a couple of excellent articles in the Daily Telegraph. One very recent contains an illegal (probably still in breach of the Official Secrets Act) photograph of “C” Watch for the Colossi (around a dozen operational at the time) in 1945. The other picture, timed for the TV series, was said to be of “Typists” and appears to be of part of the Testery   where the ATS girls deciphered German teleprinter traffic and checked for sense, guided by equally young, or even younger, cryptographers (Roy Jenkins was only 25 at the end of the War and Donald Michie was only 22).     
 
Meanwhile I am indebted to Brian Randell for kindly allowing me to reproduce the guide to the current dispute which was sent out as an FIPR alert last week-end. At the end I give my own facile opinion as to the obvious resolution. But how to get there, given the personalities involved and current UK Charity Law (for which the last Government and its appointees bear a terrible responsibility), is less than obvious.

First the text of the FIPR alert summarising the state of play:

“I’ve had several requests for detailed page links related to the very unfortunate dispute at Bletchley Park, a subject which has given rise to a large amount of traffic on the Web and in social media since the BBC News broadcasts of 24 Jan. Here, for those wishing to gain a better understanding of this dispute, is my attempt to identify and provide links to the most significant web pages that have been produced as a result of the BBC News broadcasts, as of 1 Feb 2014. (In many cases the pages I’ve identified have already had an extensive set comments added to them.)

I have no plans to take on a role of unofficial chronicler of this dispute, which I fear is going to run and run, unless the senior staff at the Bletchley Park Trust can be persuaded to reverse some of their recent policy decisions promptly, but would nevertheless appreciate being informed of any other/further really significant web pages related to the dispute.

Meanwhile I note a very significant spike in the rate of contributions to The National Museum of Computing, so have included a link to their donations page.

Cheers

Brian Randell

——

THE BBC NEWS ITEMS OF 24 JAN 2014

BBC TV News – a 2.4 min video clip
 
BBC Radio 4 – a 5 min audio clip

OFFICIAL STATEMENTS FROM THE BLETCHLEY PARK TRUST

Progress in Perspective

Crossed Wires at Bletchley Park
 
OFFICIAL STATEMENTS FROM THE NATIONAL MUSEUM OF COMPUTING

Deciphering dissent at Bletchley Park

The bigger picture: fragmenting a heritage site

THE BEST (IN MY OPINION) INDEPENDENT ACCOUNTS OF THE DISPUTE

Disharmony at Bletchley Park

UK National Computer Museum Off-Limits At Bletchley Park

ACCOUNTS BY (ANONYMOUS) VOLUNTEERS

The history behind the Bletchley Park dispute:

Bletchley Park plan to “cull old and infirm”

THE NATIONAL MUSEUM OF COMPUTING

Donations Page “

[P.S. The Virgo solution

Objective – to more than double paying visitors and untied (i.e not linked to specific projects) donations to both: operating in a symbiotic relationship which exploits rather than fudges the differences.

1)  Joint ticketing with the standard price covering both, albeit with options: to book only for Trust (plus Colossus/Tunny) or to book only for the Museum (plus Colossus/Tunny). Note that I view Colossus and Tunny as common to both and the aim is to get day visitors to book for both even if school parties (more severe cost and time pressures) do only one or the other, depending on age and educational objectives. 
 
2)    Make a feature of the gate and perhaps add a few more. Station X was a secure facility with guards, barriers and pass inspections between many of the buildings. The fence should be World War 2 barbed wire (as should the gate). The gate should be manned by uniformed sentries who inspect passes (alias tickets) and pose for photographs.

3) Trust to waive rental to Museum and/or provide management and marketing support with the aim of attracting museum visitors (including school parties) to also visit the Trust and to generate additional revenues from joint shop and catering facilities.

I should perhaps add that I have been over HMS Ocelot (in Chatham Dockyard) nearly as many times as I have been to Bletchley. Each time was different. Once our guide was one of the Chatham Dockyard staff who built her, went on her sea trials and later maintained her. He explained how and why she was different to rest of her class. Once our guide had served on one of her sister ships. He described sitting on the bottom of a Russian harbour. They had different reasons for being grateful they had never to use the escape hatch for real. I hope their various accounts have been taped so that, when they are no longer available, more professional guides can give future generations a similar experience.

I very much hope that Bletchley is also planning this. Anything less would be a betrayal of the past. I can, however, also appreciate the pressures to sanitise history – particularly with regard to the very special relationship between the operations based at Bletchley Park and those now based at “Fort Meade” It may be helpful to refer to one of the blog entries I did on this before the Snowden affair.

P.S. Added 12th February I have just been given links to the photos at the 70th Anniversy of the first run of Colossus breaking the Lorenz code and the video of the reconstruction. I have not checked to see if any of those in the photos taken last week were in those at the head of this article.


February 3, 2014  12:45 PM

Is investment in UK/EU Broadband (fixed and mobile) falling – and, if so, why?

Philip Virgo Profile: Philip Virgo
BT Retail, btgroup, Capex, Communications, Crapband, decline, investment, McAfee, Ofcom, Openreach, regulation, Sky, Surveillance, Vodafone

At a recent event on European Communications policy, held under the Chatham House rule, the audience was told that revenues and investment across the European telecoms markets, both fixed and mobile, are now stagnant or falling. This was blamed on incoherant over-regulation which is about to be exacerbated, not alleviated, by the Telecoms, Data Protection and Security packages currently being discussed. The overall effect is to weaken investor confidence in the telecoms markets at the same time as giving competitive advantage to those syphoning intra-EU on-line business across the Atlantic. The collective message was about the need for a much sharper approach to regulatory reform.

Prices were said to have fallen faster than volumes were rising, although I note prices are now rising again, sometimes very sharply, e.g. 50 – 200% for BT Fibre to the premises. Price comparisons with the US, where spend per customer is said to be double that in the UK/EU, were said to be seriously misleading because usage per customer was also double ours for data and six time more for voice. I was surprised at the “authority” with which such figures were quoted until I looked at Ofcom’s recent Consumer Experience report , This shows how UK consumer spend on fixed and mobile communications services peaked in 2006 and has yet to recover, albeit it has been rising as services extend to cover more of those parts of the UK previously on crapband: bandwidth that is not fit for purpose – whether purpose is doing homework, a DEFRA return or watching football.

I also looked at  BT’s reported Financial Results as opposed to its press releases.

During the year to March 31st 2013 the capital spend by Openreach in fibre roll-out was said to have accelerated by 5% (to £1,144 million), despite one of the wettest years on record and the consequent demand on engineeering resources. However, by Quarter 3 of the current year it was down, by £38 million (13%) over the previous 3rd Quarter. The reason given in the accounts is “reflecting £42 million of grant income relating to our investment in the regional broadband programme”. This appears to mean that BT’s own investment is going down, not up, in response to the contributions from BDUK.  

The overall trends in BT capital spend over recent years, despite the surge in investment to handle the Olympics, is down. Overall capex was £2.6 billion in the year to March 2011,  £2.6 billion in the year to  March 2012, £2.4 billion in the year March 2013. It is currently running just below the level last year, with investment falling in Openreach (local utility infrastructure) and rising in Global (overseas) and Wholesale (bulk connections). Capital investment into BT Retail, despite the need to handle the demand being hopefully generated by the foray into Sport, appears to be the same.

BT’s has indeed said to investors that its current strategy is to focus on using the entry into Sport to build up consumer demand to make better use of its past investments. BT Retail is having its best year for some time, attributed to the growth of its Sports TV serves. However, the increase in revenue in BT Retail is less than the drops in revenue from BT Wholesale and Openreac. It also appears to be less than the increase claimed by Sky during a similar period. Might BT not have done better for shareholders by selling utility infrastructure to Sky and its competitors? Or is the investment really just a large scale negotiating ploy to bring about a series of cross licensing deals for content? 

Such analyses and speculations help put BT’s infrastructure investment into perpective.

This appears to be running at about £1,15 billion a year – approximately the same as Vodafone’s annual spend on upgrading its networks to meet its past obligations , prepare for 4G and renovate the networks it acquired from Cable & Wireless.  When I last blogged on the scale of UK communications infrastructure investment figures I thought that BT’s broadband investment was running at “£billions a year”. It seems it is actually “£billions over the life of a programme”: no more than that of its largest intra-UK competitor and barely a quarter of the industry total.

Meanwhile we have the Broadband Stakeholder Group saying it cannot understand why anyone needs more that the current average UK speed, while consumers across much of the country complain that “when the football comes on, everything else goes off”.

I have been taking a look at why so many experience poor quality of service despite the nominal speeds claimed by their suppliers. The reasons are many and varied: from problems with old PCs or wiring to responses times from the servers they visit. Perhaps the most common problem is, however, is the incomprehensible and patronising answer they get when they ask the question: if they can get any answer at all. 

Looking at why my own system regularly slows and hangs, I have come to suspect that is usually waiting: while Firefox, McAfee and others fight their various filtering battles with each other and with the surveillance bloatware attached to the newspaper and other sites that I visit in order to collect material for posts like this.

Hence my growing view that we need a revision of RIPA designed to better enable us all to chose to block surveillance other than by law enforcement or our own choice of ISP.  I expect to hear squawks from all sorts of Angry Birds and their allies but this is a debate that needs to be had. I therefore plan to make this point at the forthcoming  Real Time Club Debate on which I recently blogged.

In the mean time I would be interested to see who has done what research into why it is that customer experience appears to becoming increasingly adrift from expectations.

I would also like to know why it is that the UK and EU are so unattractive for infrastructure investment on the part of those who are supposedly sitting on $hundreds of billions of cash reserves made from those going on-line.  Is it that the incumbents, regulators and politicians are standing in the way? Or are there other reasons?


February 1, 2014  9:38 AM

Everyone is recording what we do over the Internet: why should the NSA and GCHQ be different?

Philip Virgo Profile: Philip Virgo
Cabinet office, cyberbullying, Data protection, Edward Snowden, GCHQ, Google, IBM, ICANN, ISOC, Nominet

On February 18th I am due to propose the motion “Nobody is telling the  truth about cyber security – not even when they think they know what the truth is” at a Real Time Club dinner debate.

I do not plan to accuse anyone of lying, merely of a mix of ignorance, myopia, tunnel vision and “economy with the truth”.  I expect to begin by describing the symbiotic relationship between communications surveillance and computing that the Bletchley Park trustees appear concerned to erase from their sanitised version of history. That relationship still lies at the heart of the modern on-line world, as with big data technologies and tools, whose roots lie with the need to digest sigint from the enormous volumes of data passing over the cables serving the main Internet peering points .

Just as “everyone” uses computers today, so “everyone” is recording what you do on line: including to help:
 
– telcos and mobile operators to charge for and fine tune their services,
– advertisers to better target those they wish to sell to
– lawyers to police their clients’ intellectual property
– market and consumer protection regulators, in case they they ever decide to do their jobs
– organised crime with victim selection
– transaction services to distinguish between known customers and impersonators.

All Edward Snowden has told us is that our national security services are also trying, under semi-democratic control, to use subsets of the same technologies to identify the current and potential enemies of our Governments.  

The over-reactions to that “revelation”, like the similar over-reactions to attempts to protect children from on-line bullying and abuse, tell us that the Internet has lost its innocence.

Whatever we do on-line is not only recorded (to enable the packet-switched, store-and-forward, Internet to work at all), but stored (often well beyond the time needed for resilience), analysed (not just to improve performance) and the results are made available (legitimately or otherwise), to a growing variety of “researchers”, lawyers, spooks and organised crime groups.

“They” not only know you are a dog, but which breed and what trees you pee against.

I plan to question the relevance of the EU obsession with Data Protection principles drafted for the age of mainframes, because today our most personal data (including our on-line habits) is being routinely collated, stored and analysed around the world by persons outside the reach of any UK or EU regulator.

I will question the relevance of the obsession of the Cabinet Office and European Commission with Digital Identities and Trust Services, because those running banking and payment services can no longer afford the risk that their certificate providers have been “quietly compromised” (and not just by the NSA). Instead they increasingly use real time transaction profiling to back up their in-house routines.

Meanwhile those who are serious about protecting their organisations and their customers are joining a variety of “intelligence led security” partnerships to not only identify those attacking them but support “asset recovery” exercises to get redress and deter future attacks.

In short: almost everyone is running surveillance operations, whether to identify terrorists, victims or potential customers or those in need of health and welfare services or to attack, exploit, serve or protect existing customers and their families.

But the on-line world has also gone both mobile and ubiquitous. The first fridge has been caught taking part in a botnet attack. To quote the Choco Leibnitz adverts before “Person of Interest” – Who is watching yours?

– The food police for breaching the latest NHS obesity “guidelines”?

– Google or Amazon looking to target advertising?

– Organised crime looking for an exploitable change in your life style?

I look forward to a debate as hard-hitting and informative as when the Real Time Club debated whether Google was a greater threat to personal freedom and civil liberties than GCHQ. That debate was introduced by a former Director of CESG and a senior Google executive.  I do not think that my opponent (one of his current roles is a reporter with the Register) and myself can match their expertise: but, between us, we have half a century of experience with throwing rocks into stinky pools.

P.S. You can book on-line via the Club’s website (the untruth in the booking form concerns my directorships, I have only two and neither affect my impartiality, i.e. ability to throw stones in any direction without breaking my own windows.

Those looking to actively help in clearing up the current mess of misinformation and apparently contradictory mindsets, objectives, values leading to schizophrenic public policy should also put the following in their diaries:

Internet Safety Day

the next meeting of the UK Internet Governance Forum

the Internet Engineering Task Force (IETF)  meeting on 2-7 March in London 

and

the ICANN meeting in London from 22 to 26 June .

ISOC England will be taking the opportunity to be involved in both the IETF and ICANN events including co-chairing the “ISOC in ICANN” meeting on the eve of the ICANN meeting and the Chair of ISOC England has just sent out an e-mail asking the three thousand or so individuals on their mailing list to get involved, including channelling inputs on the issues under discussion.

I was persuaded to join ISOC back in 1995, by the then head of IBM’s Internet Strategy. IBM was about to use the Internet Protocols to run the systems for the Atlanta Olympics. He told me that sooner or later the Internet Society would have to develop into the governance structure that would be needed as the Internet matured – because Governments could not trusted, even if they could agree.

I am still waiting – but the juxtaposition of meetings in London does give the opportunity to “make a difference”.

If you are serious about making the Internet a safer place, rather than run the risk that politicians will do it for you (or rather them), then you should join ISOC, Nominet and/or ICANN and make your voice heard in the inside.

Alternatively join the political party of your choice and get them to take action – as chairman of the Conservative Technology Forum I have already asked my opponent on the 18th February to lead a group looking at the issues. I also know that the Council of the Digital Policy Alliance is looking at an exercise in co-operation with the European Internet Foundation to help politicians make sense of the current rash of Internet governance initiatives (another one was launched at Davos).


January 20, 2014  12:17 PM

European Commission welcomes US Presidential Remarks and Directive

Philip Virgo Profile: Philip Virgo
bigdata, Cyber security, Data protection, Edward Snowden, European Commission, European Union, NSA, obama, Surveillance

Do read the statement by a European Commission spokeswoman on President Obama’s remarks on the review of of US Intelligence programmes. 

In my previous blog, a couple of days ago, I compared those remarks, and the accompanying directive, to the assurances given to the Foundation as the start of Isaac Asimov’s saga on the process of shortening the chaos that followed the disintegration of “the Empire”. I led through to the need for a fundamental political rethink in order to avoid, or at least shorten, the period of chaos that will follow the disintegration of the Internet.

The first response, from a leading figure within ISOC, focused on my comments on the On-line Child Protection debate. It illustrated a lack of understanding that the scale and nature of the demands for action from parents around the world (and not just in the UK) may be even more potent than the Snowden revelations. If these are harnessed by those wishing to preserve the Stasi on-line world, because those who wish to restore personal control …

On a more positive note, I enjoyed watching the Musketeers last night and woke up in the middle of the night having dreamt that I was in charge of drafting NRDP (National Restore Democracy Party) manifesto for the European elections this year.

This was part of the section on European Internet Governance policy:

“The current European approach to Data Protection, Digital Identity, Cyber Security and Surveillance has been overtaken by events and is now over a decade out of date.

The Internet has lost its innocence. Thanks to Edward Snowden we all know that whatever we do on-line is not only recorded (to enable the packet-switched, store-and-forward, Internet to work), but stored (often well beyond the time needed for resilience), analysed (not just to improve performance) and the results made available (legitimately or otherwise), to a growing variety of “researchers”, lawyers, spooks and hackers. 

The Data Protection principles, drafted for the age of mainframes, have yet to be properly applied for the Internet age, when our most personal data (including our on-line habits) is routinely collated, stored and analysed around the world by persons outside the reach of any EU regulator. 

The Digital Identity principles are irrelevant in an age where confidence in accreditation services (e.g. Diginotar) has collapsed and those running reputable banking and payment  processing operations use transaction profiling, not third party trust providers to back up their own authorisation routines. 

Conventional approaches to cyber security no longer protect against serious attacks. Those who wish to protect their organisations and their customers are therefore joining a variety of “intelligence led security” partnerships to not only identify those attacking them but also use aggressive “asset recovery” techniques against the predators and those in their supply chains to get redress and deter future attacks.

In consequence almost everyone is running surveillance operations, whether to identify terrorists, victims or potential customers or those in need of health and welfare services or to attack, exploit, serve or protect them. 

Most of the data needed to digitally impersonate most of us is now out “in the wild”. The “Big Data analytics” technologies, whose use by the NSA has been revealed to the world by Edward Snowden, are routinely used by criminals to identify victims and by financial services organisations to identify attacks on their them and customers as well as by Internet Service providers to “improve” their services and National Security Agencies to identify terrorists or subversives.

Meanwhile the world has gone mobile, Even on Christmas Day nearly half of all UK traffic was over mobiles . More than half of us now use pay as you go . More-over the traffic figures are understated, because most of us piggyback our smart phones onto wifi wherever possible to get better speed and keep the charges down.

Things are also about to get much more complicated.

The Corporation of the City of London ordered the immediate removal of surveillance chips (measuring local footfall) as soon as it discovered they had been included, without its knowledge, in smart rubbish bins being piloted in the City.

The first fridge has already been caught taking part in a botnet attack. Who will be monitoring your kitchen appliances?

– The food police for breaching the latest NHS obesity “guidelines”?

– Google or Amazon looking to target advertising?  

– Organised crime looking for exploitable changes in life style? 

Most of what we are commonly told about the Internet is not true. “They” not only know you are a dog, but which breed and what trees you pee against. Conversely, however, hardly anyone, except those harvesting you profile in order to obtain electronic credentials for sale to fraudsters, is genuinely interested in you as an individual.    

We need to bring regulatory policies designed for late 20th Century on-line systems and threats, when on-line was an exception, into the 21st Century, when it is an integral part of the mainstream world, with our lives increasingly dependent on the secure and resilient functioning of a multitude of on-line support systems, which are dependent, in turn, on secure and resilient energy supplies   

So far the issues have been raised in the context of Government surveillance but US-centric players, such as the members of The Reform Government Surveillance Group , Facebook, Google, Twitter etc.) while European players, such as Vodafone have taken a more international approach.

Whether Europe steps up to the plate with a coherent forward looking approach, in place of the current mish-mash of irrelevant, tick box, regulatory overheads, will determine not only its future as a location for on-line business, but also whether the Internet as a whole survives as a globally integrated service or it fragmented along regional or national lines.

NRDP policy is that we should halt all current initiatives which do not have a compelling business case, showing how the benefits outweigh any possible economic or social harm, pending a review of the basic Commission approach to the regulation of the on-line world and the governance of the Internet.

We believe that the review should have the following objectives in mind:

– That we each own our personal information (from DNSA and Biometrics to transaction profiles) and all who presume to collect, copy, collate or use that information owe us a duty of care.

– That …”

And then I woke up   

Suggestions as to what I should have dreamt would be most welcome.


January 18, 2014  7:01 AM

Has President Obama just confirmed the status of the Internet as the US on-line Stasi State?

Philip Virgo Profile: Philip Virgo
Barack Obama, Big Data, CESG, cloud, diginotar, Edward Snowden, Facebook, FOSI, GCHQ, Google, IBM, Mobile, NSA, Outsourcing, RIPA, Safer Internet Day, Surveillance, twitter, Vodafone

The actions announced by President Obama in response to the Snowden revelations have failed to put the Genie back in the bottle. His measured rhetoric indicates how he is caught between the “surveillance for safety” and “civil liberties” lobbies. I looked up Isaac Asimov’s Foundation and re-read the section where Mayor Hardin uses “symbolic logic” to analyse the rhetoric of Lord Dorwin and the treaty between the Empire and Anacreon.

The Internet has, like the Foundation, lost its innocence. Thanks to Edward Snowden we all know that whatever we do on-line is not only recorded (to enable the packet switched, store and forward, Internet to work), but stored (beyond the time needed for resilience), analysed (not just to improve performance) and the results made available (legitimately or otherwise), to a growing variety of “researchers”, lawyers, spooks and hackers.

We are beginning to see the consequences of that knowledge, even though the politicians are engaged, as yet, in apparently content free blether. The squawks of those US operations whose business models depend on analysing our behaviour for the benefit of their paying customers (The Reform Government Surveillance Group , Facebook, Google, Twitter etc.) were better publicised. But the statements of Vodafone and IBM regarding their own policies are far more profound.

The world has now gone mobile. Even on Christmas Day nearly half of all traffic was over mobiles . More than half of us now use pay as you go . More-over the traffic figures are understated, because most of us piggyback our smart phones onto wifi wherever possible to get better speed and keep the charges down. Now that Vodafone, arguably the nearest we have to a truly global telco (fixed as well as mobile), is no longer bound by its Verizon link, it is better able to state publicly some of the principles it adopted after the Greek scandal and on which it has privately briefed major customers (as well as governments) for several years.

I remember IBM describing how it then implemented its policy for the use of security technologies that met the legal requirements of wherever it operated, at one of the Global Internet Project first events, an  Encryption Summit It was hosted by Lord Renwick whose comments in Hansard after the briefing material was made available are well worth re-reading – particularly if you remember when they were made – in 1997 !!!

IBM’s most recent announcement  can be seen not only as a statement of confidence in the future of Cloud computing, despite Snowden, but also that it is already able to offer nationally segmented cloud services – and has been since long before they were packaged and promoted as such.

My understanding is that others (with similar long-standing policies) may also be ready to go public.

In other words, “those who think ahead” were ready for the Balkanisation of the Internet well before Snowden and the Guardian told the rest of the world what insiders had known all along.

One can also see what is happening as the logical consequence of outsourcing not only key parts of the NSA’s surveillance operations but the vetting of those employed in them. This links to my comments elsewhere on the way that critical functions are now being brought back in-house as part of an, as yet, not fully articulated but nonetheless increasingly coherant UK Government IT Strategy.

I happen to trust GCHQ and Law Enforcement rather more than I trust my Telco, ISP or Search Engine – let alone the copyright enforcement agencies and market research operations to whom the latter may pass data about me and my on-line activities.

I also note how the banks and on-line transactions providers are moving towards big data based behavioural analysis to validate on-line transaction because of the “compromise” (from  Diginotar onwards) of so many of the electronic identity, (alias “Identity and Authorisation Providers”), and accreditation services, (alias “Trust Service Providers”) on which Cabinet Office and the European Union are still obsessing. The techniques developed to help target the NSA and GCHQ surveillance operations are now being routinely used by others on an even larger scale to look at content and not just traffic data.

I would like to see GCHQ similarly focus more of its effort on protecting “the economic wellbeing of the United Kingdom” as part of the objectives of not only RIPA but of the claims that the Cyber Security Strategy has objectives related to cyber crime in general, not just “the war against terror” and “nation state activities”.

Such efforts should, however, be open to better resourced scrutiny, as with the agreement proposed by the Corporation of London  after the earlier Big Brother Watch report on Local Authority and other abuses of RIPA. But the issues go much wider. I remember being told how the Corporation ordered their immediate removal as soon as it discovered that surveillance chips (measuring local footfall) had been included in smart rubbish bins being piloted in the City. Welcome to the smart world where your fridge reports you to the food police for breaching the latest NHS obesity “guidelines” at the same time as taking part in a spam attack on your bank. The Corporation of London (and its predecessors) have been running a democratically governed trading city for over a thousand years (even William the Bastard had to negotiate his entry and the chaos at his Coronation in Westminster showed how right they were not to let his troops into the walled City.

We should remember that most of what we are commonly told about the Internet is not true. “They” not only know you are a dog, but which breed and what trees you pee against. Conversely, hardly anyone, except those harvesting electronic credentials for sale to fraudsters, is actually interested in you as an individual.    

In that context the Digital Policy Alliance briefing session for MPs and policy advisors on the morning of 22nd January, chaired by Helen Goodman MP may help break the current dialogue of the deaf between those concerned over Child Safety and those concerned over Civil Liberties. The introductory speakers include David Miles from FOSI and Jim Killock from the Open Rights Group, Will Gardner from Childnet and Chris Ratcliff of Portland TV as well as Peter Davies (currently managing the transition of CEOP to the National Crime Agency) who has just confirmed. The event is intended as part of the build up to secure wider support for Safer Internet Day when those who understand how the Internet works and are serious about making it safer, as opposed to “going through the motions” try to promote awareness of what works.  

I look forward to seeing the report from the DPA meeting. In the mean time, those of you who are serious about organising activities in support of Safer Internet Day, or the follow up, should visit the DPA website and send an e-mail (saying who you represent and what you expect to contribute) asking if there are any places left.

My own questions, which I will probably keep for the follow up, given all the more constructive points that I expect to see made on the day, include:
 
Should the On-line Stasi spend more time on things that matter to the population as a whole, such as cyberstalking, bullying and abuse?

Should those who aim to sell our profiles (and those of our children) to their customers owe us a duty of care – including of victim support when abuse happens? 
 
That follow up will include the next meeting of the UK Internet Governance Forum , being organised for the Thursday after Safer Internet Day. 

We need to widen debate beyond the internationalisation of Internet Governance, now under way, “merely hastened” by President Obama’s remarks (in much the same way as Lord Dorwin’s visit and the subsequent treaty hastened the Anacreon invasion). But, as in Asimov’s “Foundation” – that is the beginning, not the end. The task is to ease the pain of transition to a new and much healthier cyberworld 


January 14, 2014  7:20 PM

IPO Consults on Copyright on Orphan Works: a rather more important topic that it seems

Philip Virgo Profile: Philip Virgo
BBC, BlackBerry, Brussels, copyright, Facebook, Instagram

in the 18th Century those who did not publish that for which they had copyright or manufacture that for which they had a patent were liable to lose their protection. There was no copyright protection for works that were out of print and no place for trolls, like those who broke Blackberry for breaching patents they had no intention of bringing to market.

Today the world has moved on even further. Last week the IPO launched its consultation on the secondary legislation (i.e. no debate in Parliament) that some allege will allow others to use the photos you post on Facebook or Instagram – because it is “too difficult” to check their copyright position. This is akin to the defence routine used in the US by those who copy intimate photos to put on public porn websites, whether for cash or for revenge.  

The Government’s orphan works scheme aims to better address the issue of reproducing works when rights holders cannot be found. The UK wide scheme provided under the Enterprise and Regulatory Reform Act 2013, allows for the commercial and non-commercial use of any type of orphan work, by any applicant, once they have undertaken a diligent search for missing rights holders and paid a licence fee.

Alongside the UK scheme, the Government is implementing the complementary EU orphan works Directive. This will allow publicly accessible archives to digitise certain works and to display them on their websites for access across the EU.

This technical consultation is seeking views on the legal effectiveness, structure and effect of the draft secondary legislation only. The overall policy is outside the scope of this consultation.

The closing date for comments is Friday, 28 February 2014.

This may only be a consultation on the details of legislation that has already been decided in Brussels (I cannot find UKIP‘s views on the topic) but it raises interesting questions such as:

  • What is “a diligent search” for the copyright of that which has been posted on a website?
  • How much is the license fee and to whom does it go?
  • What happens if you discover later that it is your photo that some-one else is publishing without informing, let alone paying, you?

Even more interesting is the small print of the routines for allowing “publicly accessible archives” (? the National Archive and British Library or the BBC and Google?) to digitise and display “certain works”.   


January 9, 2014  2:28 PM

The “rift” between Cabinet Office and DWP indicates that the new HMG IT Strategy is for real

Philip Virgo Profile: Philip Virgo
cabinetoffice, dwp, HMRC, Technical support, Universal Credit

I have just compared the original story about the “rift” between Cabinet Office and DWP with the refutation as covered by the BBC, recent Cabinet Office recruitment advertising and also cover on the forward plans of DWP and the skills problems that it faces The result illustrates the pace of progress that is being made (or not made) with implementing the strategy of rebuilding the skills of Central Government as an intelligent (or at least less stupid) customer. It also shows the consequent realisation that outsourcing had gone far too far, that rather more has to be brought back in house and that that requires further effort on skills.

I will begin with a quick critique of some of the original story. The Cabinet Office did not have an elite team of IT experts to loan to DWP to help sort out the Universal Credit. The Major Projects Authority within Cabinet Office is a team of reviewers, not a team of trouble shooters. The Government Data Service has only just started to recruit those it needs to expand its project monitoring  capacity. Even when they are in post it will have too few of those with experience of planning and delivering major projects to provide serious support for the change programmes of the great “Silos of State”, as opposed to the “dashboard” monitoring of those programmes and assistance for smaller departments with less ambitious projects.

Meanwhile Gov.uk  is still best viewed as a set of design principles and some “lipstick on the face of a pig”, although hopefully it will contionue to make serious progress over the year ahead as it gathers momemtum. In parallel the GDS is trying to build the necessary in-house expertise in open source and cloud services to help make a reality of its aspirations for a brave new world of re-usable mix and match modules for common needs, using rationalised, resilient and secure data centres.

Meanwhile the  DWP needs very different skills to handle a massive change programme where the main investment is organisational change and staff training, including to handle co-operation and secure, accurate and reliable information exchange across silo boundaries (e.g. with the Border Agency, Local Government and HMRC). By comparison the techology requirements and even the data volumes are relatively trivial, compared to those at Vodafone, from which DWP has recruited its new of Head of Digital (who was undoubtedly dismayed by the lack of hand-over when had arrived). The problem lies in the complexity of the assessment of the individual cases by front line staff, before the data is put into the main delivery systems.

Unfortunately, over the past two decades politicians, officials and public sector consultants have persisted in putting digital carts before “people process” horses.  This time, after the Minister put his foot down and called a halt, we saw squeals from technophiles, in cacophony with squawks from the Public Accounts Committee, neither trying to identify why and how the programme had got out of control, despite supposedly clear agreement at the start that the implementation of Universal Credit would follow a low risk, incremental strategy, based on identifying and testing claimant “pathways ” 

The best news is that Ian Duncan Smith has not called in yet more consultants. Instead the Department is trying to rebuild the in-house skills base to do that which cannot be sensibly contracted out, whether to an outsource provider or to Cabinet Office (even if it had the necessary skills available).

The successful use of agile methodology requires that the users are intimately involved, ideally trained to use the tools themselves, with the IT “experts” in support roles only, until such time as systems are ready to be scaled for live running. Then the IT experts often have a major role, “fine-tuning” the systems (o ensure rapid and reliable response for the volumes to be handled.  In the past that fine tuming has often required a complete re-write, while keeping the user interface and application definitions the same. That is less necessary today, using tools developed originally for automatically transitioning legacy systems to new operatiing systems.
 
Over the past two years we have heard much rhetoric about rebuilding the skills of Government to be an intelligent, or at least less stupid, customer.  Many of us feared it would prove to be hot air, botched and/or rushed – e.g. with inexperienced staff trying to run before they could walk. I am hopeful that I will soon be proved wrong. Both Ministers and officials appear to have come to appreciate that the efficient and flexible delivery of on-line services to meet changing needs requires giving power to front-line users to work direct with in-house IT support staff, not binding them with inefficient and inflexible outsourcing contracts and overseas call centres, whatever the nominal savings from centralisation and standardisation. That is also by far the best way of developing the skills on both sides. It is also usually easier to give the necessary IT skills for most of the roles in incremental project planning, development and implementation s to users than to teach IT staff how the organisation operates.It is the skills to organise the process that are in short supply and the Cabinet Offiep lans for work in this area are most welcome. 

It is interesting to see how some of the former outsourcing dinosaurs have seen where this leads. They are beginning to  look at how to provide scalable item of service, open source and cloud services to the SMEs and to the Third Sector providers to which HMG says it wants to devolve delivery to those who are hardest to reach.

Unfortunately, the Government Procurement  Service  still appears wedded to the idea that centralised procurement (as practiced by supermarket and clothing chains when screwing British farmers and exploiting Bangladeshi sweat shops) will give value for money. And we should not under-estimate the challenges of changing that approach, given Treasury accounting rules as well as EU Procurement law. In consequence those with innovative, joined up solutions, that really would deliver better service at lower cost, have simply walked away – to sell to those who appreciate what they have to offer.

The rebuilding of Central Government’s skills to be an intelligent customer may have begun it is a long long road.

We can, however, see the likely future. 

There will be a Government Data Service (akin to the old CCTA) that

–    helps smaller departments with their technology needs (including the use of open source, cloud based systems to meet common needs)

–     sets standards for inter-government  co-operation (including identity arbitrage and secure data exchange)

and

–    monitors progress (in co-operation with the National Audit Office).

In parallel the great silos of state, who collect and spend most of the money (HMRC, DWP and MoD) will rebuild their in-house expertise and run down their all-encompassing outsource contracts, replacing them with multiple sourced, item of service frameworks.

In a post Snowden world we can also expect to see increasing pressure for any outsourced UK public sector services to be supplied from locations or suppliers which do not fall under foreign jurisdictions which claim right of access to data or communications and/or meet all UK regulatory, security and resilience requirements. Given similar pressuress in other EU member states this may also mean that the Digital Single Market, particularly for public services, will remain a fiction for the foreseeable future.  

How long the process of change will take is much less easy to predict.

How many of the current dominant suppliers will fight to preserve the status quo and/or milk their legacy contracts for as long as possible? Perhaps in cahoots with a Government Procurement Service for whom such a change of approach represents an even greater re-education challenge?

How many will join those who have already walked away from UK central government as unprofitable (after sales costs, overheads and hassle) despite being over-priced?

How many will they join those looking at how to do business in the new world that is emerging?

Some are, of course,  trying to have their cake and eat it. They have set up innovation teams looking at new ways of doing profitable business (e.g. providing item of service support for flexible and selective outsourcing via a variety of channels) at arms length from the teams seeking to extend the life of their current “big” outsource and PFI contracts and win new ones.

Like so many other strategies, this is far easier said than done. I would, however, far rather have shares in those who follow such a twin track approach, are open about doing so, and allow their teams to compete head to head – including for the in-house resources to deliver that which they win. That is in no small part because I suspect that those who pick too soon will go down just as painfully, albeit perhaps faster, as those who move too late and that getting the timing right will be impossible.     


January 7, 2014  8:26 AM

Inputs to January 6th House of Commons Debate on Rural Broadband

Philip Virgo Profile: Philip Virgo
Broadband, btgroup, Halifax, Hollingbourne, kent, rural, Shropshire

Julian Sturdy MP, himself a farmer, has secured a Westminster Hall Debate on Rural Broadband .

I do not think I could put the case for e-mailing your MP much better than Patrick Cosgrove, who copied me with his e-mail to Shropshire Broadband activists, as below, yesterday:

Dear Better Broadband Supporters

This  Wednesday the MP for North Yorkshire, Julian Sturdy, has secured a debate in the House of Commons to ask how Superfast Broadband can be made available for all his rural constituents. The issue applies as much to you as it does to people in North Yorkshire. Mr Sturdy hopes to persude the government to release money from the Superfast Extension Programme (SEP) sooner rather than later.  If that happens, it could also benefit this area.

More details can be found at this link

Please email your MP asking him to attend that meeting and to speak up on behalf of his digitally disenfranchised constituents. You might consider making the following points:
 

1.     Broadband in rural areas is starting to get slower with more people coming on line every day and households owning more than one piece of equipment

2.     A growing concern is that  BT will again grab all the government cash (as is currently happening with existing funding sources) and will continue to roll-out expensive ducted fibre, therefore still not reach everyone. Other methods need to be considered including overhead fibre-optic cable, high speed wireless broadband, 4G and, in some case, satellite. Alternative broadband providers need to be involved to provide the much required competion that will drive down costs, to improve service delivery and to encourage technical innovation.

3.     The issue could prove to be a vote winner/loser in forthcoming elections

Of course, personalising your email from an individual prespective is always more persuasive.

It would greatly help us on the campaign team to know if you have written. A reply to this email saying “Yes, I wrote to my MP” is all we require, but if you would care to copy it to us, we’d be very interested to know what you’ve said.

It may, however, be helpful to also quote from an e-mail sent out yesterday on behalf of the  Hollingbourne Parish Council petition:

In April 2013 Hollingbourne Parish Council initiated an e-petition to provide better broadband in rural areas including the village of Hollingbourne in Kent where download speeds are often less than .5MB. BT have stated that it is not “commercially viable” to improve the Hollingbourne service and this is the situation in most rural areas where they own the local broadband and telephone infrastructure.

Since April BT have launched BT Sport which is advertised as being free to BT subscribers but which needs a download speed of 10MB which is at 20 times the slowest speed recorded in Hollingbourne and many other villages. This means that most country dwellers who are BT subscribers cannot access BT Sport.

BT last year paid their outgoing Chairman some £10 million and have received money from the Government to improve the rural broadband access but it is simply not happening.

For further details about the e-petition please go to  

If you would like to support the e-petition and have not done so already please go to 

Please feel free to forward this e-mail to anybody who may be interested in improving broadband access in rural areas.

I should perhaps add that the Hollingbourne e-mail was sent to me by my sister, who lives in West Sussex, and just before Christmas I learned that one of the sometime architects of the ICL “New Range” is helping drive the broadband campaign in West Dorset. He tells me that his is local MP is being very helpful. I doubt, however, that protocol would allow a Cabinet Office Minister to participate in the debate on Wednesday.  

Those writing to their MP might also wish to refer to the effect of broadband availablity on property values and see if Broadband Choices or the Halifax can help them with local data. If not, the regional breakdown in the Halifax data may still be helpful. 

:   


January 4, 2014  2:08 PM

Will the impending US Mobile price war expedite the switch from fixed to mobile?

Philip Virgo Profile: Philip Virgo
AT&T, Mobile, Ofcom, T-Mobile, US, Verizon, Vodafone

Clever Vodafone to sell its stake in Verizon just before the US mobile price war started.

When I chaired the Conservative Technology Forum round table in December to help plan a policy study on a Digital Infrastructures for the 21st Century I was surprised to learn that US mobile phone charges are three times those common in the UK. When, about the same time, I was able to e-mail but not text the smart phone of a US businessman visiting London, because of the terms and conditions of his mobile service, I began to wonder if I am a little harsh on the success of Ofcom as a regulator and rose-tinted about what we can learn from the US.

Will US mobile charges now collapse to parity with prices across the rest of the world?

If so, what will the knock on effect be? 

Will it help expedite the switch from fixed to mobile across the US

If so, will traffic soar and profits (whose profits) rise?

Will US operators decide to invest in other parts of the world – and will the rest of the world trust them in a post Snowden world?

Or will the US mobile (and Internet) industries go the way of their car industry as consumers, led by their children, opt for simpler, cheaper, easier to use products and services and thier industry dinosaurs fail to respond?

And what will the impact be on the UK?

We are potentially the worlds’ most competitive and trusted location for on-line services, but we are also in danger of overkill – as policy makers and regulators seek to protect the past from future by planning for the unpredictable.
 


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: