I have a confession to make.  At least once a day I read Iain Dale’s blog.  Sometimes I find it amusing and sometimes I find it interesting, particularly as a means of understanding the modern Conservative mindset.  Occasionally, of course, I read it as an antidote to low blood pressure.

Today, he had a good rant with “This Pseudo-Fascist Plan Must be Scrapped“.  This relates to the proposals on communications data and the need to preserve these for law enforcement purposes.

Reading the rant, I was surprised – not at its tone (Iain Dale is renowned for giving good rant), but at what I naively assumed was the factual trigger for the rant.  It sounded as though the Government was pressing ahead with legislation on this with a view to getting it passed this side of a General Election.  I was surprised for two reasons: first, that I had missed the announcement; and second, I had understood that this was not what was intended.

However, such was my faith in Iain Dale that I have only just got round to checking the facts.

And what did I find?  The entire rant was based on absolutely nothing.

The Government has NOT announced that it is pressing ahead with legislation.  All it has done is publish the results of its consultation exercise on the issue.  And sensible commentators (not Iain Dale) have recognised that the plans have been shelved.  The idea of a single Government database had in any event been dropped months ago.

I have two warnings for Iain Dale.

First, if he gets himself this worked up about something that ISN’T happening, he will need to be on heavy-duty tranquillisers long before we get into a General Election campaign.

And second, as I have pointed out before, there is a real and serious issue here that any Government must address.  As I said before the consultation was launched:

“At present, telephone companies keep data on their subscribers who make telephone calls, who they connect to and for how long.  They do this, so that they can bill people.  For many years, it has been possible for the police to access this data as part of their investigations into crime.  To do so, they have to get proper authorisation, certifying that accessing the data is proportionate to the crime being investigated and each case has to be considered individually.  The data can be used as evidence in Court and does not involve tapping the call and listening to the content.  Many trials rely on this evidence for criminals to be convicted – there is a murder trial under way at the moment where the crucial evidence is which mobile phones contacted each other just prior to and immediately after the murder took place.

But – and this seems to have passed the pundits by – technology is changing.  Telecoms companies (both fixed line and mobile operators) are building new networks based on VoIP technology.  This is cheaper and more flexible and - critically – does not require detailed call-by-call billing.  The data on which so many trials now rely will soon cease to exist.  The Government is therefore quite rightly going to consult on what can be done to capture this information and allow it to be used in criminal investigations where necessary.

It is not about giving the police more powers to pry into people’s personal lives.  It is about not losing vital material that is currently used to catch criminals.

And, of course, new forms of communication are being created all the time (eg. on social networking sites and chat facilities built into on-line gaming).  Should the police have powers to find out who is communicating with who in these new ways?  That’s what the consultation is about.  It is not some monstrous new assault on civil liberties.  It is allowing a sensible debate about how existing powers should be modified to reflect the changes in technology.”

Unless Iain Dale wants to see the police having to fight serious criminals with even less information available to them than they have at the moment, this is a nettle that is going to have to be grabbed.

Even though Parliament isn’t sitting, each week Hansard publishes the written answers to Parliamentary questions tabled before the recess started and whose answers have finally emerged from the civil service sausage machine and been signed off by the relevant Minister.  I have just caught up with the latest list, which includes the answer to the question I tabled five or six weeks ago on electromagnetic pulses (EMP) and the National Security Strategy.

My question followed on from a scary briefing I had attended on the threat of EMP attacks on the critical national infrastructure.  (Some comments have suggested that the briefing was scare-mongering rather than scary, although I remain convinced – as subsequent discussions I have had with people who know about the subject have confirmed – that the subject has real substance and should be taken seriously).

The answer I have received from Lord Alan West is as follows:

“The Government’s updated National Security Strategy takes into account the threat posed to UK interests, including the critical national infrastructure, by the full range of “threat actors”, a definition that includes natural hazards, as well as individuals or organisations with malign intent. The associated Cyber Security Strategy of the United Kingdom, published alongside and reflected in the National Security Strategy update, considers a number of methods of cyber attack, including those that generate high levels of power that can damage or disrupt unprotected electronics.

In addition, the Centre for the Protection of National Infrastructure (CPNI) provides advice on electronic or cyber protective security measures to the businesses and organisations that comprise the UK’s critical national infrastructure, including public utilities companies and banks. CPNI also runs a CERT service which responds to reported attacks on private sector networks.”

Reading between the lines, I take this to mean that EMP attacks (and including natural pulses emitted by the Sun) are considered as part of the Strategy and that the CPNI provides relevant advice.  I am reassured by the first part of the answer, but less convinced by the second part – I received similar-sounding answers to my questions a few years ago about the advice that the CPNI (or its then predecessor) were giving about information security.  And the big question remains: it is only advice, is anyone actually doing anything?

When the Digital Britain White Paper was published on 16th June, I raised some concerns about the White Paper’s apparent endorsement of “The Geek Squad” and “The Tech Guys”.

I have now received from Lord Stephen Carter a response to the points I made in the debate.  Unfortunately, the response slightly misses the point (by about a mile, actually).  It sets out the measures being introduced to improve the enforcement of consumer law applying to on-line transactions.  This is all good stuff – a single online complaints register for people encountering an online scam; investment in new equipment, training and staff for on-line consumer law enforcers; and a review of enforcement powers in an on-line world.  However, this is not really going to provide much reassurance for people nervous about letting an unknown person into their homes to fidedle around with their computer systems.

I have now written back to Stephen Carter – although my letter may well have arrived after his last day in office (he is one of the GOAT ministers who is resigning this month).  My letter says:

“Thank you for your letter of 8th July.  I am grateful for the clarification you have provided on the points I raised following your statement to the House on 16th June.

 

However, I would like to come back on the second issue I raised.  This related to the need to ensure that consumers have adequate protection when dealing with suppliers, such as “The Geek Squad” or “The Tech Guys” – both specifically mentioned in “Digital Britain”.

 

In your response, you mention the measures being taken to improve enforcement of consumer law applying to on-line transactions.  Whilst these measures are valuable, they rather miss the point of my concerns.  Both “The Geek Squad” and “The Tech Guys” involve the consumer permitting individuals to access their computer equipment (and usually their homes).  Such individuals are being given a position of trust by the consumers concerned, who will assume that they are (1) honest and (2) know what they are doing.  As far as these points are concerned, it is extremely unlikely that the consumer will have the technical knowledge to understand (or indeed to be able to detect) what has been done to their equipment – that is after all why they have asked “The Geek Squad” or “The Tech Guys” to visit or to look at their equipment.

 

If you engage a security guard from a security firm, the individuals engaged are required to be registered with the Security Industry Authority and will have been vetted for criminality and there are requirements relating to their training.  Yet the activities of most security personnel will usually be visible and will normally be comprehensible to the person engaging them.  Should there not be some similar system of regulation and customer assurance of the quality of work in place for those individuals engaged by “The Geek Squad”, “The Tech Guys” or any other similar service?  If no such system is in place, most customers – who are likely not to be skilled technically – will be vulnerable to data being stolen from them, to malicious code being placed on their machines or to more traditional forms of criminality.

 

I would welcome your comments on what can be done to address this.  I am copying this letter to Lord West of Spithead (in view of the information security implications) and to Alun Michael MP (in view of his role chairing the Tripartite Internet Crime and Security Initiative).”

I will be interested to see if the civil servants get the point this time.

This morning I took part in a breakfast discussion on the Lords Terrace (over orange juice and croissants, but fortunately under cover as it was pouring with rain) with Lord Young of Graffham and Lord Razzall about what can be done to re-energise the British technology sector.  The occasion was the launch of the Micro Focus Technology Manifesto, “Making BrITain Great Again“.  It was well-attended and the Q&A session at the end was lively and could clearly have continued for much longer.

The central theme was that Britain has the potential to generate a much larger proportion of its GDP from the technology innovation-driven sector and the manifesto is designed to kick-start a debate about what can usefully be done to create an environment in which the sector can thrive, expand and create new and sustainable jobs in the UK.  The manifesto has five strands:

• increasing the supply of world-class technology talent in the UK
• harnessing the expertise and goodwill of successful leaders around the world to mentor leaders of UK-based emerging technology businesses
• changing substantially the tax incentives available to companies and individuals who want to invest in growing technology businesses in the UK
• implementing fiscal incentives for UK-based companies seeking to take forward world-leading R&D
• encouraging overseas technology companies to invest in a UK hub

I hope that the manifesto does kick-start a debate on these issues and that all the main Parties will commit to following the direction of travel indicated.  Indeed, I would hope that the core principle would be readily endorsed.  Future UK prosperity can only be sustained if the country is able to offer something significant to the world economy and that something in my view has to be that Britain is able to exploit innovation effectively and can deliver substantial value-added in technology and intellectual property.  The UK will never compete by trying to cut wage costs to Third World levels, we no longer have a heavy manufacturing base and there is a limit to how much national income that can be generated from tourism and heritage.  The only route to sustainability has to be through becoming a leading force in innovation and technology.

I remain concerned that too many young people do not see careers in technology as exciting, that too many further and higher education courses are irrelevant to the technology sector’s needs, and that for those who do emerge from further and higher education there are too few entry-level job/training opportunities.  Moreover, as a country we do not do enough to foster entrepreneurialism, nor to support investment in innovative start-ups and to support the growth of such enterprises as they develop.  The Micro Focus manifesto contains a number of suggestions as to how these issues may be addressed.  I am sure it is not definitive, but the future of the UK economy requires that this debate starts now and is taken seriously.

I have tabled a question for written answer on electromagnetic pulses and the National Security Strategy arising from the meeting I went to yesterday:

To ask Her Majesty’s Government:

 

“What consideration was given to the threat to the critical national infrastructure of a high intensity electromagnetic pulse, produced either by malign intent or as a result of solar activity, in preparing the National Security Strategy.”

Earlier today I went to a meeting (organised by the Henry Jackson Society) in one of the more remote Commons Committee Rooms chaired by James Arbuthnot MP, the Chairman of the Select Committee on Defence.  He began by intoning that we were all attending “the most important meeting you will ever go to”.  I am not sure about that, but it was undoubtedly one of the scariest I have ever attended.

It was addressed by Avi Schnurr, President of EMPACT (The EMP Awareness Coordination Taskforce) and concerned the threat of an electro-magnetic pulse that could permanently disable the electricity grid and most electrical systems.

In 1962, the United States conducted “Starfish Prime,” a nuclear weapon test over a remote region of the Pacific Ocean. The test was successful, with one unexpected result: fifteen hundred kilometers away in Hawaii streetlights burned out, TV sets and radios failed and power lines fused. This was unexpected and demonstrated that a nuclear warhead set off above the atmosphere causes an Electromagnetic Pulse, or EMP. Unlike a ground burst, an EMP blast can mean (depending on how high in the atmosphere the explosion takes place) continent-wide catastrophe, a capability potentially in the hands of any rogue nation or terror organization that can acquire a single nuclear-tipped missile.

With some of the world’s most unstable regional powers acquiring or already in possession of nuclear weapons, the United States Congress established the Electromagnetic Pulse (EMP) Commission, tasked with evaluating this growing threat. The Commission, based on testimony from throughout the federal government, warned that America’s current vulnerability invites attack. They concluded, remarkably, that “EMP is capable of causing catastrophe for the nation,” as “one of a small number of threats that has the potential to hold our society seriously at risk, and might result in defeat of our military forces.”

During the Cold War, the USA and the USSR relied on deterrence, but because of the threat from EMP (which could have limited their capacity to respond after a first warhead had detonated) both would have responded to a single missile in flight by a full maximum response within minutes – hence the briefcase with the codes that still follows the US President.

However, if one postulates a rogue state or a rogue group having access to a quite small nuclear device and a rocket powerful enough to send it into the upper atmosphere above the target nation or nations (perhaps launched from a boat), deterrence is no longer the answer.  The attraction for a North Korea or an Iran (and in both countries there is evidence according to Avi Schnurr that the military elites are not only aware of the potential of EMP attack but have also actively discussed it) is the comparative simplicity of delivering such an attack that would disable the United States or Europe and that it could be done stealthily.  The same attraction would also be there for terrorist groups.

And there is no question that the effect of an EMP attack could be devastating.  Electricity grids would be destroyed as transformers burnt out (and although these could be replaced the process would take years and again according to Avi Schnurr there is only one company in the world that makes the transformers on which the US electricity grid relies).  Control systems for parts of the critical infrastructure (eg the water supply) and even for vehicles would be destroyed by an EMP attack.  For a significant period the infrastructure could not function, distribution systems (eg for food) would not function, and the internet would not work.  Given the nature of modern society, social structures would break down very rapidly.

And as if the threat from a rogue state or terrorists was not enough, electromagnetic pulses can occur naturally as part of solar activity. Avi Schnurr quoted the US National Academy of Sciences as warning that solar activity can produce effects of equivalent magnitude and does so approximately every hundred years or so.  The last such massive solar surge was in 1859 and shorted out telegraph wires and caused widespread fires.  The next occasion when there might be such a surge is 2012 (although it might not be the big one, but that is when the next peak of solar activity is anticipated).

I will have to check but I don’t remember any of this being mentioned in last month’s National Security Strategy.  I can feel some Parliamentary Questions coming on …

According to the Independent this morning, the announcement of the new Cyber Security Strategy that was promised last week and that I have been calling for over the weeks (years?) will take place tomorrow.  Earlier this week I chaired a seminar on “Meeting the Threats in Cyberspace”.  One of the most impressive (worrying?) presentations was from Scott Borg of the US Cyber Consequences Unit.  His conclusions, which spell out why a fresh approach from the UK Government is so urgent, can be summarised as follows:

“Based on the work the US-CCU has already done, it is evident that the potential economic and strategic consequences of cyber-attacks are very great.  The US-CCU’s research has demonstrated that the numbers widely quoted for the costs of denial-of-service cyber-attacks lasting up to three days are actually wildly inflated.  But the US-CCU’s findings show that other types of cyber-attacks are potentially much more destructive.  Especially worrisome are the cyber-attacks that would hijack systems with false information in order to discredit the systems or do lasting physical damage.  At a corporate level, attacks of this kind have the potential to create liabilities and losses large enough to bankrupt most companies.  At a national level, attacks of this kind, directed at critical infrastructure industries, have the potential to cause hundreds of billions of dollars worth of damage and to cause thousands of deaths.

Some of the attack scenarios that would produce the most devastating consequences are now being outlined on hacker websites and at hacker conventions.  The overall patterns of cyber intrusion campaigns suggest that a number of potentially hostile groups and nation states are actively acquiring the capability to carry out such attacks.  Meanwhile, the many ways in which criminal organizations could reap huge profits from highly destructive attacks are also now being widely discussed.  This means that American corporations and American citizens need urgently to be informed, not just of their technical vulnerabilities, but of the economic and strategic consequences if those vulnerabilities are exploited.  It is only by basing our cyber-defenses on a comprehensive assessment of cyber-attack consequences that we can make sure those defenses are sensible and adequate.”

I had recently come to the view that my comments on this blog were receiving more attention than anything I might say in the chamber of the House of the Lords.

So I suppose I should be flattered that the debate I initiated in the Lords on young people and social networking sites should have got a full half-page of coverage in today’s Observer.

Catherine Bennett certainly seems to have got the measure of the effects of being in the Lords on some of my colleagues (I hope not me, but you never know ….) when she writes:

“Given what we now know about the human brain, it is clear that prolonged exposure to an unnatural environment like the House of Lords must have a damaging effect. If the ageing brain is artificially denied stimulation over a long period, it might lead to a condition almost indistinguishable from idiocy.  The effects on communication have been documented for years. Now some leading neuro-scientists are suggesting that flashing lights and bells be fitted to go off regularly in the chamber, in order to induce in members something resembling an average attention span.”

She then weighs in to attack the comments of Baroness Susan Greenfield for her contribution to the debate analysing the impact of social networking and online phenomena like Twitter from her standpoint as a neuro-scientist.  It is a fine polemic and yes the comments from Susan Greenfield were rather tangential to the purpose of my debate which was intended to explore whether more safeguards were needed to protect the interests of children and young people online.

However, the comments (and the whole debate can be read here) were of interest and do deserve some serious discussion.  Twitter and Twittering seems a largely pointless exercise to many and as Catherine Bennett puts it:

“Twitter emphasises its desirability by being unfathomable to anyone a bit inflexible or busy who is neither a self-promoter nor an exhibitionist.”

Now I don’t feel that Susan Greenfield’s speech detracted from the rest of the debate – it is part of the way that the House of Lords operates that colleagues bring their various experiences and expertise to bear on the topics under discussion.  And it certainly didn’t “hijack” the debate as Catherine Bennett suggests.

Catherine Bennett was kind enough to say that “The Lords are right to want to protect vulnerable users from exploitation and from the inadvertent creation of an indelible archive of social networking follies.”  So, if that is so, and she wants to avoid the debate being hijacked, perhaps she might have devoted more than just three lines of her article to the rest of the  debate and what she rightly regarded as its main substance.

Or perhaps I’m missing something ….

My debate on social networking has just ended. 

In my opening speech, I set the context by citing the OFCOM research that found that virtually all (99%) of children and young people aged 8 to 17 use the internet.  In 2005 the average time spent on line by children was 7.1 hours per week.  By 2007, this had almost doubled to 13.8 hours per week.  And virtually half (49%) of those aged 8 to 17 have set up their own profile on a social networking site.

 

My thesis was that social networking and video sharing sites, online games, iPods and internet-enabled mobile phones are now an integral part of youth culture.  While many adults worry that their offspring are wasting precious hours online, children and young people themselves see online media as the means to extend friendships, explore interests, experiment with self-expression and develop their knowledge and skills.

 

However, in the same way that young children are taught how to cross the road and at the same time safety features are built into cars and traffic laws regulate unsafe driving, we need to make sure that our children and young people are protected when they make their way on the internet.

 

As we know, there are real perils for the unwary.  Children and young people have been the victims of sexual predators as a result of the information they have revealed about themselves on social networking sites; there are increasing problems of cyber-bullying; security weaknesses on sites have led to serious privacy infringements; and young people have discovered the hard way that the permanence of information posted in public cyber-space may not only be embarrassing in later life but may also mean that employment offers (or university places) are not forthcoming.

 

I went on to argue that:

 

·     Children throughout their education should be taught digital citizenship so that they can both make the most of the internet but also recognise and deal with any dangers they may encounter.  As most parents acknowledge that their children are more internet literate than they are, there should also be a serious effort in parallel to help parents (and indeed all adults) to keep up with the rapid development of the internet and social digital media.

 

·     At the same time, privacy laws ought to be strengthened with an age-related component, specifically giving enhanced protection to the data relating to or provided by children and young people.  The US Children Online Privacy Protection Act, whilst not perfect, provides a model that has required a number of US-based companies operating on the internet to improve their standards significantly.

 

·     There should also be higher expectations on those responsible for social networking sites – particularly those aimed at children or where there are a significant number of users who are children and young people.  These higher expectations should include:

o        Prominent and clear safety information, warning about potential dangers;

o        Simple systems for reporting abuse or inappropriate/threatening behaviour with appropriate links to the police and law enforcement;

o        Increased numbers of suitably-vetted moderators patrolling areas of sites frequented by young people;

o        User-friendly systems enabling people to ignore and erase unwanted comments and to erase permanently their own profiles; and

o    Increased server security to prevent hacking and unauthorised access to personal information.

 

·     Finally, there should be urgent work undertaken by internet and technology companies to find and agree a simple, efficient and cost-effective means of achieving age-verification on the internet, so as to prevent under-age people accessing inappropriate sites and older people passing themselves off as under-18.

 

In addition, other peers made a range of interesting points. 

There was a notable contribution from Baroness Susan Greenfield approaching the topic from the stand-point of neuro-physiology. 

Baroness Doreen Massey told the House about the Bill she is introducing on internet age verification and the Minister replying, Lord Bill Brett, almost gave a commitment on behalf of the Government to support it – although when I pressed him on it he entered the most enormous health warning about what he had said.  Nevertheless, it was clear that there was a lot of support in the House for the principle of such legislation.

In his New Year interview with The Observer today, Gordon Brown talks about creating 100,000 jobs by a programme of public works, focused on school repairs, new rail links, hospital projects, investment in eco-friendly projects and the broadband infrastructure.

This is all eminently sensible, but should really be on a much greater scale. The 100,000 jobs presumably equates to the £3 billion of public investment included in last month’s PBR statement. I argued then that the balance was wrong with too great an emphasis on boosting consumer spending by cutting VAT.
Nothing that has happened since alters my view.
Yes, there has been a splurge of High Street buying – mainly of imported goods (this will no doubt help maintain world employment levels, but won’t do a lot in the UK and will further push down the value of the £ against the € and the $). Interestingly, elsewhere in The Observer, the excellent Bill Keegan (delightfully appointed a CBE in the New Year honours) points out that much of this High Street spending may have been overseas visitors capitalising on the low exchange rate.
Instead, we should be treating the economic situation as an opportunity to invest in the UK’s long-term future. The Government should set a series of infrastructure objectives to be achieved over the next four or five years and put in place the resources and mechanisms for these objectives to be met. For example, local councils could be tasked to achieve better insulation and energy efficiency in the housing stock in their areas, a major programme to further improve school buildings and health care facilities should be instituted, every home, every school and every NHS facility should be cabled and enabled to have high speed broadband access with public wi-fi access in every town centre etc..
The opportunity should be taken to improve skills and equip young people (and indeed any adult) with the training needed to achieve their aspirations in the modern world.
No doubt this is ambitious, but – as Barack Obama has preached about ‘The Audacity of Hope’ – perhaps in the UK a Labour Government should dare to put that hope into practice.