We're all going on a [regulatory] holiday…

As is often the case, the devil is in the detail.  Alistair Darling’s Budget speech did not mention Ofcom at any point.  Why would it?  However, there is an interesting statement of intent buried in one of the Budget reports.  Particularly, in paragraph 4.41 of Chapter 4, it states:

In advance of the Digital Britain final report, the Government will review the powers and duties of Ofcom to ensure it can strike the right balance between delivering competition and encouraging investment in the communications infrastructure.

What does this mean?  Does this imply that Ofcom will be pressured to accept that BT be given a regulatory holiday for any broadband roll out?  That is certainly what some sources appear to be suggesting to the Financial Times.

We have also heard rumours that the Council of Ministers may also have included similar wording into the draft revised electronic communications regulatory framework currently going through the EU co-decision procedure. We will have to see what appears in the EU Parliament at Second Reading.

If this means that regulatory holidays are alive and well and living in Europe, then this is a monstrous victory by incumbents, which will arguably put back the liberalisation and development of open competition in the electronics communications sector in the EU by at least three years.  The position in the UK will also be reversed.  No longer will Ofcom’s position as a leading regulator be maintained, and it will destroy the equivalence of access principles developed by Ofcom in its settlement with BT that are considered in many circles to be best international regulatory practice.

Or maybe we are just being too cynical?

Is UK data security mission impossible?

A story in The Sunday Times that an agent of the Serious Organised Crime Agency had a memory stick containing details of all undercover agents being run in Columbia had parallels with the sub-plot in Mission Impossible concerning the ‘Non-official Cover (NOC)’ list.  Unlike Ethan Hunt, our Agent T appears not to have ensured that the “list” would not get out in the open, as she left it on a transit bus in Bogata Airport.

The implication of the article was that an unencrypted memory stick was being carried rather casually by a new agent. Was there a rather sexist tone to all the details that the agent was female and the stick was left in a handbag?

A bit more disclosure online and in the papers today reveals that this may all have occurred in April 2006. The apparently relaxed reaction of SOCA (Agent T not, it appears, dismissed) seems to suggest that there is more to the story; at least we hope so.

However, this is yet again another timely reminder that there are two aspects to information security: organisational AND technical security. If the facts on this potential leak as reported are true, then was the agent really “a bit daft and scatterbrained”? What encryption techniques were used to safeguard the memory stick?

We only have to pray that this was not another data security screw-up.

Phwoar-m: Commission commences action against UK

We will post a comment on the European Commission’s notice letter against the UK shortly, but until now see the EC Press Release.

There has been talk about the Commission taking action against the UK implementation of the Data Protection Directive (and laterly, the Privacy and Electronic Communications Directive) for years.  The wait is over.

Public not convinced on data retention

Readers of the Metro may have already seen that a survey by PoliticsHome.com has found that there was little public support for the retention of communications data by communications providers.

In the current data protection environment, we are not surprised.

Nothing gets in the way of "National Security"

Some of our team, as members of the Society of Computers and Law, argued in the SCL’s response to the Home Office consultation on the Data Retention Regulations that the Home Office had not made out a coherent case for the introduction of a 12 month data retention period for all communications data.  Why 12 months, when the Data Retention Directive allowed for anything up to 24 months, for example?

We had a number of other issues, including about the continuing problems concerning access to any retained data, but none of them were addressed by the Home Office.  Liberty had similar concerns. 

It’s all too late now.  In the current climate, anything done in the name of “national security” goes through.  The final regulations were made on 2 April and come into force on 6 April.