Innovation

Special report: TechUK’s manifesto for change (Part 1: Digital Security)

As the UK gears up for its third General Election in less than a decade, techUK has released a manifesto for economic renewal in an information-led economy.

May 25, 2017

The organisation that represents over half of the UK’s technology innovators and professionals has set out its ambitious vision for the post-Brexit landscape in a 55-page report, Inventing the Future: How Global Britain Can Shape Our Digital Future. The document should serve as a clarion call about what the UK must do to thrive in the digital world.

The manifesto says: “The [technology] sector recognises that it must be an active partner in helping to invent and shape a new future for the UK. No other sector has quite the same potential for delivering economic and social transformation, but UK tech must acknowledge the policy challenges this entails.

“The sector commits to support government in bold and forward-looking policy choices that can create a prosperous future for all those in the UK.”

Then it makes a telling observation:

“As the UK reinvents itself outside of the European Union, the next government and the sector need to work with, rather than against, the grain of change.” An iron fist in a velvet glove, if ever there was one.

TechUK makes its detailed recommendations across five areas: Brexit; digitally enabled government (the smart state); the need for a revamped industrial strategy centred on new technologies; life-long education and skills; and IT security.

This article will focus on the latter, and hncnews.com will return to the other four topics in the run-up to 8 June.

“The UK needs to build on its strong cyber security credentials, while also making the UK the safest place for people to go online,” continues techUK. “Essential cyber security tools, such as encryption, must be protected, and young people must be supported to develop digital resilience to navigate the online world safely.”

To achieve all this, techUK recommends that the next government should:

  • Provide a ten per cent increase in the total National Cyber Security Strategy budget to strengthen government and public sector ICT.
  • Commit to protecting end-to-end encryption while supporting a robust rule-of-law approach to law enforcement.
  • Work with industry to update the Cyber Essentials Scheme ensuring it is fit for purpose amid increasingly sophisticated threats.
  • Require government procurement to come from Cyber Essentials approved organisations.
  • Provide a cyber security tax credit for startup and scaleup businesses to promote safe and secure innovation.

To make the UK “the safest place in the world to go online”, techUK adds that the new government must:

  • Commission an independent and detailed review into current best practice in industry and education to underpin a long-term and evidence-based online safety strategy.
  • Give the Children’s Commissioner a seat on the board of UKCCIS to represent the voice of children directly on the Council.
  • Develop a new PHSE curriculum in ‘Developing Digital Resilience’ to roll out to schools nationally.

Good recommendations. But the subtext is clear: the government needs to set aside ideological oneupmanship and focus on building a strong, diverse economy for 2020 and beyond, enabled by evidence, partnership, and new technology (to “work with, rather than against, the grain of change”).

The manifesto arrives as more and more organisations are lining up to caution against a hardline, high-stakes version of Brexit. For example, the Russell Group of universities has warned of the potential threat to collaborative scientific research programmes between the UK and Europe.

But is this government listening? And if Theresa May wins a renewed mandate from the electorate, can a party that is ideologically obsessed with financial cuts and citizen control do the opposite: invest from the centre, and trust its own people?

One thing is certain: this is an extraordinary time in Britain’s history. The internal union is at risk of crumbling; the UK is leaving the community that has sustained its economy, but with no long-term strategy for the future; and the government is pursuing a ‘strong and stable’ agenda that looks increasingly like populist froth, u-turns, and panic.

The Sun praised the Prime Minister’s steel-capped shoes, but the surprise was she wasn’t wearing flip-flops.

Digital security is at the heart of that stance. State surveillance has been the Prime Minister’s pet project for years, but in 2017 May has gone further on the campaign trail by calling for full-scale regulation of the internet, effectively sanctioning government control and censorship of the nation’s communications.

This risks turning the UK into a mini China that is at odds with its allies – not to mention many of its own people, especially the young.

However you look at it, this vision of invasive, real-time surveillance, censorship, and state control is hardly a modern, forward-thinking programme to inspire international confidence and inward investment. It is closer to economic suicide.

Any move to ignore techUK’s recommendations and ban or undermine end-to-end encryption would drive an ideological tank through the UK’s digital economy. Meanwhile, any attempt to sanction its use among businesses and government, but forbid it among private citizens, would fail, because there is no such distinction anymore – thanks to mobile technologies and flexible working.

At the very least, it would make secure remote working impossible, put data security at risk, and neuter the ‘gig economy’ that right-wing think tank Reform – one of the Prime Minister’s favourite advisors – believes is the future of public service. More, it would cost organisations a vast amount of money, freight their businesses with risk, and undermine their customers’ and partners’ trust. In short, two hat tricks of own goals.

what-gdpr (1)

Combined with the EU’s incoming GDPR next year, and with a decade-long Brexit in the offing, the government seems hell-bent on destroying any credibility the country has as a 21st Century economy, while storing up decades of litigation and unnecessary problems. (For more on the challenges of GDPR, see our separate report.)

So why is it taking such a hard line on the internet and mobile communications?

According to Whitehall, one of the aims of state surveillance and the proposed control of communications is to keep children safe from abusers and pornographers. A noble purpose that everyone supports, but it rather ignores the fact that by far the largest distributors of illegal images of this kind are children themselves. 1.25 million teenagers engage in ‘sexting’ in the UK alone, according to some recent estimates, with up to one million of them being underage.

Cyber-bullying is also commonplace among millennials, and so it is hard to see how surveillance can achieve much more than criminalising the very people it is designed to protect, however foolish these youngsters’ activities are – as even recent episodes of EastEnders have made clear.

But in such a superheated, paranoid environment, it’s easy for a compliant press to whip up scare stories about the internet and social media (despite their own survival being dependant on them). And they do, particularly in the wake of terrorist attacks, in which the tabloids’ focus on encrypted chat apps – a technology demonised by the last two Prime Ministers – trivialises mass murder to push a bogus technology agenda.

A better focus would be on celebrating how social media and mobile technologies helped to bring communities together in opposition to the Manchester attack, and source help, support, transport, accommodation, fundraising, and supplies, while enabling worried families to trace their loved ones. Children’s station CBBC even used social media to reassure terrified youngsters.

But some in the media would have us think differently.

Even the Windows XP ransomware that locked down thousands of NHS computers was presented as a story about hostile foreign powers waging war on innocent bystanders, which missed the only important point. ‘WannaCry’ was actually a tale of massive Whitehall budget cuts forcing the continued use of out-of-date hardware running an unsupported OS – something the government was repeatedly warned about for years by analysts and suppliers. (Trident still runs on a version of XP!)

Whitehall paid Microsoft hundreds of millions of pounds to continue supporting XP after the manufacturer’s cut-off point, and then even gave up on that.

In other words, it’s irrelevant whether it was North Korea, Russia, or a 15-year-old in his bedroom who unleashed the malware: had the computers been up to date, secure, and supported, there would have been no problem. Surveillance would have achieved nothing.

nintchdbpict000257396245

So the truth is that Whitehall wasn’t bravely battling evil cyber-superpowers to restore the NHS’ embattled computers the other week; it had simply made itself a target, thanks to its own incompetence and parsimony, and the proverbial had finally hit the fan.

But this government isn’t entirely to blame for having so little money to throw at public sector technology: the multibillion-pound failure of the NHS Programme for IT was down to the last Labour government, whose ambition exceeded its reach. But, for all their faults, at least Mr Blair and Mr Brown wanted to be modern.

Let’s hope the next government listens to the experts: they understand that the UK’s future success has nothing to do with rhetoric.