While the House of Commons was embarking on its second ballot to elect a new Speaker, the House of Lords was debating an amendment to the Policing and Crime Bill proposed by Lord Imbert, a former Commissioner of Police for the Metropolis.

The Bill, as drafted, gives the Commissioner a statutory right to be consulted by the Metropolitan Police Authority over any appointment of an Assistant Commissioner, Deputy Assistant Commissioner or Commander.  At present these are the prerogative of the Police Authority, although customarily the Commissioner acts as an advisor to the Authority.  The Bill’s proposals are sensible and enshrine in law current custom and practice.

Lord Imbert’s amendment, however, went much further.  This would have given the power of appointment to the Commissioner, who would in turn be required to consult the Police Authority.  A complete reversal of the present practice – effectively side-lining the Authority and moving against the direction of the Bill which gives a greater say to local communities in their policing arrangements.

Lord Imbert (for whom I normally have the highest of respect), in moving the amendment, said that he was moving the amendment with the “full knowledge and support” of the present Commissioner, Sir Paul Stephenson.  (In fact, I understand that the amendment was drafted by Sir Paul’s office in New Scotland Yard and was actively promoted by them.)  The implication of this is that Sir Paul does not have confidence in the Police Authority to make such senior appointments properly and to take his views sufficently into account.

Not a happy basis for a relationship with the Police Authority to whom he is accountable.

The amendment itself was withdrawn without being voted upon.

This morning the SlimStat function on WordPress informed me that this blog has now notched up more than 250,000 hits since I started up last October. The question for me is how pleased about this should I be. Does that quarter million mean that my investment (admittedly not huge) in time and effort into blogging has been worthwhile? Or have I created a pointless chore for myself? Is anyone (apart from me) really interested?

Last night we went to see ‘The Winter’s Tale’ at The Old Vic. The theatre was packed to see Sam Mendes’ Bridge Project (transatlantic collaboration) production of one of Shakespeare’s least (by me anyway) well-known plays.
To be honest I can see why the play is not often performed: the first act is grim tragedy (in this production played largely by the English) while the second act, set 16 years later, is lighter (played largely by Americans) with a happy ending if you are prepared to suspend sufficient disbelief to accept a statue coming to life.
However, the Old Vic production is excellent and makes the most of the play. There are particularly fine performances from Simon Russell Beale (Leontes), Rebecca Hall (Hermione), Sinead Cusack (Paulina), Richard Easton (Old Shepherd), and Ethan Hawke (Autolycus). The direction is inspired – watch out for the balloon scene and the original ‘Exit pursued by a bear’.

I see that two Scottish Health Boards are to be directly elected.  This is a pilot announced by the Scottish (SNP) Health Secretary.  The pilot will be evaluated after two years.  What would have been even more interesting would have been to run a parallel pilot in which the functions of two Health Boards were taken over by the relevant local authorities.

If people are really committed to the concept of local democracy and local accountability, then the answer is to make local councils genuinely all-purpose and equip them fully to represent the interests of their communities.

.

A notice has appeared on the board in the House of Lords where important administrative announcements are made (such things as the use of the car park by chauffeurs and the like), but this one is different.

It is an invitation to a meeting next Monday when Lord Redesdale, a Liberal Democrat ex-hereditary peer, will demonstrate “the Parker Mark 3 Squirrel Trap”.  All members of the House “with squirrel problems” are being encouraged to attend.

I wonder whether it deters urban foxes?

However, I am not sure that I will be attending.

The Boston Globe has an article from a fellow at the Harvard Kennedy School of Government arguing that the United States should assert its right to cyber self-defence by declaring that “it will promptly counter-attack as accurately and as proportionally as technology allows”. 

This is an interesting – if scary – argument.  It conjures up memories of the Cold War and “Mutually Assured Destruction” or even further back of Lord Palmerston and “the send a gun-boat” style of diplomacy.  Did either strategy work?  Well, some would argue there was no nuclear war during the Cold War years (although, the aftermath poses some interesting problems of proliferation etc).  And, of course, during the Palmerston era the Sun never set on the British Empire (allegedly because the Sun knew it could never trust the British Empire in the dark).

It is undeniably the case that a number of nation-states are developing an offensive cyber-warfare capacity and those that ostensibly are only interested in developing a defensive strategy can readily reverse the process to become offensive (Porton Down was always ostensibly about developing chemical weapons defence …).

Similarly, non-state-sponsored cyber attacks often emanate from countries who are either indifferent to the activities going on within their borders or are powerless to intervene.

Does this give a country the right to retaliate?  The Boston Globe article suggests that a few bouts of such retaliation would bring about the creation of some international means of regulating and protecting  cyberspace.  That may be true, but it would be good to think that such an outcome could be achieved without the digital trench warfare that the article describes.

Today’s “Digital Britain” report has an interesting paragraph on “Securing Home Networks” which says:

“In addition, the market is increasingly providing a high level of after sales support to its customers through additional assistance in relation to dealing with technical complexity – a sort of “AA breakdown” assistance for your personal networking needs. As home networks become more complex, it is legitimate to expect that these types of service will continue to grow. Services such as “the Geek Squad” from Carphone Warehouse and “Tech Guys” at PC World provide consumers with fast and effective advice on a range of issues including computer optimisation, device set-up, software installation, parental control set-up and tuition, security and software installation, back-up services and many others.”

I expressed some reservations about this when the report was introduced in the House of Lords this afternoon by Lord Stephen Carter. saying:

“I note in the report the support for the after-sales services provided by a number of computer retailers, such as the Geek Squad, the Tech Guys and so forth.  Have the Government given any thought to the personnel who visit people in their homes and put things on their computers?  What steps are being taken to ensure that those individuals are quality-assured and regulated in the same way that physical security personnel are regulated by the Security Industry Authority? “

My concern was that at present the individuals who work in such areas are unregulated, there is no agreed quyalification standard, and there is no guarantee that they are honest.  Those people who rely on such services to protect or maintain their IT equipment are the least likely individuals to know whether something adverse (such as installing a key-logger) has been done to their systems.

The Minister’s response recognised that there was an issue, although he sidestepped the point about regulation,:

“I do not know what checks and balances those operators put in place, but I will do further due diligence to find out. My noble friend raises an interesting question; as people’s domestic IT systems become more and more sophisticated—which they will—the level of complexity, and therefore the level of security and trust that people will want to have with the providers of those services, will only increase. My view is that it will be four or five years before we have a sort of AA or RAC of the IT world providing that level of assistance at scale for many homes. It is an intriguing question.”

The issue may well be worth pursuing ….

The “Digital Britain” report, published today has an excellent section on “Digital Security and Safety”.  The report makes it clear that there will definitely be a national Cyber Security Strategy, something I have been calling for for some time, when it says:

 

“The UK’s National Security Strategy describes how ‘cyber security’ cuts across almost all the national security challenges that it identifies, and the need to address them in a coherent way. To this end, the Government is developing a Cyber Security Strategy to build a safe, secure and resilient cyber space for the UK, through both the beneficial exploitation of cyber space and the reduction of risks posed by those who seek to do the UK harm: the forthcoming Cyber Security Strategy will set out how the Government intends to approach this task.”

This is an extremely welcome development.  When Lord Stephen Carter made his statement introducing the report in the House of Lords this afternoon, I asked him when the Strategy might be issued and he said he hoped it would be ready by the end of July.

According to David Hencke (so it must be true) in today’s Guardian, the Government is planning to establish a new Cyber Security Agency and this will be announced in a wide-ranging statement, updating the National Security Strategy.

Last month I pointed out the radical approach being taken by the Obama Administration in the United States towards tackling the cyber threat.  As I told David Hencke, it will be welcome if the UK is now going to do something similar. 

However, whatever is proposed will have to be adequately resourced and will need to be properly linked to the national Police E-crime Unit and also to the national security apparatus.

Earlier today I chaired a meeting of the Metropolitan Police Authority’s Corporate Governance Committee.  This is the body that oversees audit matters, health and safety issues, and risk management for the Metropolitan Police Service.  The meetings are long, the papers voluminous, and the discussion often detailed and arcane.  It is true to say that there has rarely been much press interest in the meetings.  Today was different.

So why this time was a BBC television crew present?  Over the weekend, the Observer carried an article by the “Investigations Editor” which seemed to be based on fearless investigatory work (consisting of accessing the Committee’s papers online and then speaking to an MPA Member).  This referred to the ongoing work of the Authority’s Internal Audit Service in identifying concerns about misuse of American Express cards issued to officers by the Metropolitan Police.  This was hardly a new story – as the “See Also” column on the BBC’s coverage indicates. 

The key passage triggering the interest was in the Annual Report of the Director of Internal Audit which said:

 

“Corporate Credit Cards

 

In excess of a third of my investigative resource for 2008/09 has been

allocated to the enquiry into the misuse of AMEX cards. This diversion of

resource has impacted on other work that could not be undertaken as a result

and directly explains the drop in casework handled from last year. The

forensic audit team has now arrived at the end of their role in reviewing AMEX

expenditure. In excess of 300 police officers have been referred to the

Directorate of Professional Standards by my staff and forty-six of these have

become formal investigations overseen by the Independent Police Complaints

Commission. This has resulted in two prosecutions and convictions but most

cases are still under investigation. The software tool acquired in the course of

the year proved successful in identifying cases for referral to the Directorate of

Professional Standards – 100% of the cases selected required further

investigation or contained expenditure outside the MPS policy for use of

AMEX cards. As a result of the ending of the AMEX work arrangements are

in place to have the software tool re-programmed in order to process data

from the replacement Barclaycard contract on an on-going basis.”

 

The report highlights some excellent work by the Internal Audit Service.  Individual cases are still being investigated.  It is important to point out that the cases referred for further investigation include those in which the credit card use was to buy items that were entirely legitimately purchased but should not have been purchased through the corporate credit cards and those where there was private use but the money was refunded.  Nonetheless, there are other cases where the explanations are not as strightforward (and in any event all the cases were against the conditions under which the officers were issued the cards).

The real issue is would these matters have come to light without an independent Police Authority (with responsibility for the internal audit function) overseeing the Metropolitan Police?

The American Express issue should also not be allowed to overshadow the main key conclusion of the Head of Internal Audit, namely that:

“the adequacy and effectiveness of internal control in the MPS falls below an acceptable standard. Key controls have either not been applied, applied inappropriately or not applied in time to provide an adequate and effective control environment.”

Controls have improved dramatically over the last ten years (when I became Chair of the MPA in 2000 the equyivalent report pointed out that at that time the Metropolitan Police had no system for telling whether bills had been paid more than once – they do now), but there is still more to do.