Next week is Get Safe On-line Week and I have been busy trying to persuade those who are serious about protecting their organisations, their staff, their customers and the families of their staff and customers to get involved. I am, however, struck by how many pay lip service to the need for "awareness" but are unwilling to link to practical advice on on-line safety and incident reporting form their own websites.
The reasons vary but I am struck by those in the public sector where there is also a strong reluctance to admit to the scale, nature, causes and consequences of fraud and impersonation and the value of using tried and tested, twenty year-old. technology-supported (but not technology-driven) approaches to the reduction of fraud and impersonation. Thus we see displacement activity regarding new UK government electronic ID policies or the EU "harmonisation" of IDs instead of using electronic invoicing against agreed purchase orders to slash £2 billion of procurement fraud. We see an equal reluctance to use credit reference checks to fast track benefit claims and transactions that are unlikely to be fraudulent - so that effort can be focused on those who really do need support because they drift in and out of employment and temporary accommodation and no-one will provide them with credit, whether or not their current claim is valid.
Hence my rants on ID Policy and the potential problems with the grandiose plans for the computer systems to handle Universal Credit. However, next week I will be focusing on the positive and have helped organise a couple of meetings to look at alternative ways of improving confidence in the on-line world: the first (on Monday) is to progress the competition on the meaning of trust in the on-line world. The second is on the use of civil law to improve redress and deterrence. But first we have to see what the current situation is really costing those who believe they need do no more than mouth platitudes.
At a Policy Exchange Fringe Meeting at the Conservative Party Conference one of the speakers, Chris Yiu, used data from a recent survey which showed that almost all SMEs now have websites but barely a third transact on-line. I asked whether that was because they could not get the symmetric broadband access that is necessary to run an inter-active website or because they were scared of not getting paid. Dido Harding of Talk Talk spoke of 10 mb leased lines available for £1000 (although the lowest quote I can get in West Norwood is well above that and I am told the choice available to me is not available in, for example Wapping, let alone across most of the UK). Chris had not yet unpacked his data but it gelled with that from other sources where the cost of compliance and the liability to fraudulent charge were blamed for take up of under 30%. Meanwhile the National Fraud Authority Segmentation Analysis of the vulnerabilties of small firms to fraud is chilling.
So who really does want to win new business from SMEs by not only helping them go more confidently and securely on line - but also helping them get redress when (not if) they are successfully attacked? And how are they going to go about it?
Ross Andreson has regularly exposed some of the economic nonsenses in this area and raised the value of using old fashioned civil law to obtain redress. On Tuesday evening the Conservative Technology Forum has a meeting to look at the practicalities and implications of swtiching political focus from criminal to civil law. It greatly reduces the burden of proof: balance of probability v. beyond reasonable doubt and brings in the potential for action under tort etc. against those who aid and abet by negligence not just design. It allows the use of well-established routines for cross-border legal action and avoids law enforcement politics over jursidaction etc. But quite apart from all those international law firms and forensic accounting practices eager to help trace and retrieve the money (less their fees), there are also issues of accountability and of predatory action by copyright and patent trolls.
Hence I stop with the question.
Perhaps on Wednesday I will be a little wiser.
I hope to then make a suggestion to my successor at the Digital Policy Alliance (DPA) (the legal name is still EURIM and most of the material is still on the old web site) for an all-party exercise supported by those who really do wish to see action instead of yet more irrelevant and expensive euro-gobbledeygook overheads.
Those who mouth de-regulation but do nothing to make it happen should remember that the revolution was brought about by those who not only turned up but joined and helped pay for the ammunition.
The new DPA has far more potential to achieve results but not increased its subscription rates so it even better value for those who are serious about UK digital competitiveness, whether inside or outside a digital single market.