Zentelligence

Love in the Time of Blackberries
With Apologies to Gabriel Garcia Marquez

I’m in love but not with an Angel this time but with a Blackberry.

Before you decide that I have developed an unhealthy obsession with soft fruit, I should point out that a Blackberry is a Palm-style organiser, with one rather interesting extra feature. It’s a wireless GPRS device, which delivers my Outlook email to me, wherever I happen to be. In bed, on my motorcycle or even in the bath, there’s no escape from the presence of the 24*7 world anymore unless you press the “off” key.

You may remember that a couple of weeks ago, I was struggling with my IPAQ Pocket PC and my Ericsson mobile phone, trying to source my email, at high speed, in much the same way. Of course, the principal difference with the Blackberry, is that it’s already configured and it works much like a mobile phone, which it is, if you plug-in the earpiece as well. The one I have has BTCellnet engraved on the front – now O2 - and the company (Research in Motion in the UK) has also signed a fourteen country roaming agreement with Vodafone.

This isn’t really a product review, as the Blackberry, in principle isn’t really different to a host of other devices and probably has the most annoying miniature keyboard in the world – why they didn’t go for Palm-style pen input or a virtual keyboard is anyone’s guess -. No, what’s interesting about the Blackberry is that it introduces wireless GPRS to the Enterprise customer as an adjunct to the existing Mail Server infrastructure.

I recall, many years ago, trying to convince the Marketing Director of Lotus Development that investing in mobile phones might be a good idea for the sales team. They were of course expensive, the size and weight of a brick and Lotus simply couldn’t see the point. After all, wasn’t that why we had phone boxes? A year later, they changed their minds and from that point on, they couldn’t do business without them.

Again, nobody believed that SMS would be popular and yet today, the networks strain to keep up with the SMS traffic, particularly between lovers wishing each other goodnight in the evenings around 10 PM until midnight, when it’s mostly likely to grind to a halt.

To be honest, I find the Blackberry to be a great relief. Not only can I synchronise my Outlook client’s calendar, notes, tasks and contacts as well as receive and send SMS messages but also I don’t worry that I’m missing email when I’m out of the office. It finds me. It is of course desperately sad to think that email is becoming as 24*7 as the mobile phone and I don’t doubt that untold numbers of people will very soon be falling victim to careless car drivers attempting to read their inbox behind the wheel.
But telecoms convergence has been a fast approaching reality for a decade now.

Having a single device that does everything has been a dream for harassed road-warriors for a long time and in the case of the Blackberry, however daft the keyboard happens to be, they have a single solution, which allows them to sit and watch TV with their families in the evening rather than run out and check their email on their laptops every thirty minutes, as email addicts invariably do. In fact, Blackberries might be good for relationships, although I would recommend switching it off in bed! – Speaking as one who once had the direction of his love life shattered by an incoming mobile phone call –

Love and money don’t mix well together and that’s really the issue with wireless GPRS solutions like the Blackberry, once they become widely available. Thanks to the government squeezing every last drop of blood from the mobile phone companies during the 3G-license auction GPRS isn’t cheap and the Enterprise Server software from 02 (remember that was BT but they are trendier now) costs £2,500 for a twenty-user license. On top of this a company has to factor in the cost of each unit at between £350 and £400 and the monthly connection charge per user which lies between £30 and £40.

An affair with a Blackberry could cost you rather more than a fling with an Angel but it comes with much less threat of a broken heart – Vive La Difference is all I can say.

No Taxation Without Representation

Historically, periods of economic growth and low taxation go hand in hand. So while I welcome what the Chancellor has given to small business, in terms of tax cuts and funding incentives for going online, I don't believe that higher taxes for individual or corporates will fend off the threat of a downturn in the global economy.

Also, having once worked on a voluntary basis, one day a week, in a large London hospital A&E unit, I'm not convinced more money holds the solution to a crumbling health service.

Increasing the tax burden at a time of economic uncertainty has never struck me as a particularly good idea, even when a shamefully Goebbels-like attempt was made to sweeten the message by surrounding a clearly uncomfortable Chancellor with a group of small children with red lunchboxes and equally bright red sweatshirts offering astute economic advice.

Ironically, there was a time when I wrote speeches for politicians, so I'm hardly guiltless. In mitigation, these were on technology matters rather than economic policy, but knowing how little they knew about the former, I sometimes wonder how much they knew about the latter.

We can talk, as usual, about a Budget for the IT industry or, more accurately, a Budget for business, which this certainly wasn't, but I do believe we need to grasp that technology and the growing information economy is rapidly creating a gulf that politicians can't hope to fill.

"Politicians," as the LSE's Ian Angel writes, "are complaining about their loss of control over the national destiny. They gave up on the financial markets years ago." Meanwhile, computerisation is deskilling and, far worse, displacing a large proportion of the working population, a third of the 1990s banking workforce alone. The government, to its credit, has pursued a programme of education designed to offer people the IT skills needed to find work in an information society, but invariably the skills on offer don't reflect the areas of real demand. Making the transition from unemployed assembly-line worker to certified Cisco engineer is not always an easy one.

Returning briefly to Professor Angel and his "Age of Rage": "Because the masses were needed in the production process, the bourgeoisie was forced to share wealth around and this eventually led to the present dependency culture. But in the information age, who are the new bourgeoisie, now that production takes place inside a human head, rather than in a factory of machines? And what is their attitude to the masses now they no longer need them?"

While this may have been a Budget for education, government has to grasp the fact that technology and automation, in conjunction with an expanding service economy, produces proportionately fewer skilled jobs at one level and a demand for more "burger flippers" at a second. In between, the millions who once worked in the declining manufacturing sector have fewer prospects in transitioning to new-economy jobs.

In planning for future Budgets, I would urge the government to think more even more deeply about the changes that technology is forcing upon us and the impact that this will have on our society in 10 years' time. How do we get from where we were, a manufacturing economy, to where we want to be, an information economy, beyond the application of some very broad brush stroke initiatives. There's a huge amount of work to do and I suspect, very little time to do it in before the true social impact of new technology makes itself felt

Do What I Say - Not as I Do

Once upon a time, a catastrophe claimed the reputations of several, very large companies, that, in their arrogance, jettisoned all reasonable standards of common sense and corporate governance simultaneously. These were global brands which failed to realise, as have most other companies, that the critical elements of the business process in the 21st century demands a fresh perspective, a paradigm shift of kinds, involving matters of reputation and risk.

Time for a new acronym perhaps, as if we didn’t have enough already. On this occasion, though, it reflects a new business science, one that can take a number of different but related areas, such as information security and ethics and brand management and subject them to what I call ‘Corporate Integrity Analysis & Management’ (CIAM).

Enron, Merrill Lynch, Xerox, Computer Associates, Bank of Ireland, The Department of Transport, Norwich Union, Ford. The real list is even longer but each name reflects a story, which has had an adverse impact on the company or department involved and which, in most, if not all cases, is related to a technology, it’s management and potentially, the absence of appropriate controls involving internal regulation or policy.

Companies today are more than ever before defined by their brand; McDonalds and Nike to name but two. In a wired-society, both the value and public confidence in a brand that has been built-up over decades can be destroyed in a matter of hours, either through a single malicious act or through the activities of an individual or group of employees. I would argue that in attempting to protect their brands and the business upon which it is based, companies today are failing to see the wood for the so-called trees. Where the arrival of new technology and the Internet may act as a powerful facilitator, it also presents the greatest danger to any Enterprise. This isn’t anything new, we all know the risks, both internal and external, There’s hacking and viruses. There’s the ever-present danger of loose and irresponsible email. The liability risk surrounding inappropriate content and there are questions of ethics and corporate responsibility and much more besides.

When a brand is compromised, the responsibility will invariably fall at the feet of the CEO, particularly when the value of the stock collapses around his ears, as in the case of eBay when it was hacked by a seventeen year old. Invariably however, the problem arises because a vital element of the company’s virtual infrastructure has been delegated down the chain of command. This was true when I asked Jeff Bezos of Amazon two years ago if he was confident that Amazon was secure. From his perspective, this wasn’t a business issue but it quickly became one when the site was attacked not long after.

It’s time; I believe that business took a more holistic view of the connection between risk and reputation. It’s no longer sufficient to place anti-virus in one box, corporate liability in a second and business ethics in a third. We need a better way of assembling the many different pieces of the puzzle into a single picture that better describes the many new risks to business and which can be more easily managed from the top of the Enterprise. Perhaps CIAM is one name for it but perhaps you can suggest another?

A Boy’s Own GPRS Adventure

Time, I thought, for a new gadget and having upgraded my mobile phone to the tiny, GPRS capable Ericsson T39, I decided to see how well GPRS works. Could I really collect my email on the run or even use my phone as a high speed Infra-red modem for my Compaq IPAQ?

The best laid plans of mice and men, being about the same, I should have expected that making the technology work in practise, wouldn’t be as easy as asking Project Telecom, my Vodafone provider, to connect me to their GPRS network; obligingly bumping my existing call package up to the more expensive data tariff at the same time.

While WAP may be crap or at best, a complete waste of time, collecting email over the GSM network is of course OK. As a data transfer medium, it may be marginally better than stretching a piece of string between two tin cans but it works without a hitch on both my Palm and my IPAQ in some of the strangest places across the world. ‘Valley of The Kings’, no problem, deepest Kent? A bit iffy sometimes but the connection works in the end.

Of course the appeal of GPRS is the speed. GSM is horrendously slow and collecting a handful of emails can take several expensive minutes if I’m sitting in the departure lounge at some distant airport.

So here’s the story of my search for GPRS conenctivity.

Having requested the service, twenty-four hours later there was still no evidence it was actually working. More importantly, my phone’s instruction manual tells me that I need a network ID and a password to use for the GPRS network and if you can remember the pain of using your first WAP phone, what happened next will not be a new experience.

Eventually and quite possibly because I write this column, I managed to persuade Project Telecom to call me back with the settings for the phone. Having entered these, there was still no evidence that GPRS was working and it finally took a”re-boot” of the phone before the service was recognised.
The good news? I can select “Services”, “eMail”, “Send & Receive” and seconds later, the first six messages from my POP3 Inbox at Easynet, appear on my phone. Six messages are the limit on the Ericsson but it’s still instant gratification for this email junkie of sorts.

And it’s useful too. Taking my small daughter to the zoo today, I was able to read my mail while she attempted to release the wolves from their enclosure. I suspect I’m suffering from the worst form of email dependency.

Of course, a six-message limit isn’t really a stunning advantage, which is why I have a Pocket PC, a Compaq IPAQ. The technical support desk at the service provider, now emailed a detailed, six page guide to setting-up the Pocket PC (PPC) to use GPRS. I should add, at this point that I have at least four pocket PC’s and helped Microsoft solve a glitch with GSM access, when the PPC first came out, so you would think I could get my Compaq IPAQ to work with the Ericsson first time? Of course I couldn’t and many conversations later with the support desk, we were still no nearer understanding why the Pocket PC attempts to dial out and then drops out.

Rescue came in the form of Microsoft’s Steve Clayton and the answer, “*99# “ in the phone number field and not “99***1”, as suggested by Project Telecom. Moments later, my IPAQ is browsing the web and picking up my email almost as quickly, it seems, as my PC on the network. Better pass the answer back to Vodafone.
So score one for Microsoft and for GPRS. It works, it’s a little expensive but it solves my mobile connectivity problems. Next step then is to get the Blackberry PDA, I’ve been promised to work, so more fun and games to come perhaps?

So if you’re even thinking about GPRS over good old GSM, then watch this space!

No Hiding Place

According to this week's forthcoming report by the DTI, computer crime and bad software is costing the country as much as £10 billion each year. That's almost as much as the unofficial figure given by The Sunday Times for benefit fraud.

Incidences of compuer-based attacks against companies are rising steadily and the DTI have found that four out of five companies have become victims of viruses, hackers, fraud or all three in the last twelve months. This is hardly a surprise. We know it's getting worse and indeed, only a year ago, the government's antidote to the threat of cybercrime, The National High-Tech Crime Unit (NHTCU) was launched in a blaze of publicity, surrounded by a special ‘Hacking exhibit’, at the Science Museum in London.

At the time, I was asked to offer comment on the launch and the role of the NHTCU for both the BBC and Sky News and speculated whether such a relatively small team would have any measurable impact on one of the world’s fasted growing criminal opportunities.

So, a year later and this time, not at The Science Museum but next door at the Natural History Museum, I invited Tony Neate, the NHTCU’s industry liaison officer, to a meeting of Security First, an industry forum, to offer an update on the unit’s progress.

We should remember that when the NHTCU was launched by the Home Secretary, Jack Straw, last April, it was with £25 million of funding. This was split two-ways, with £15 million going to establish a national unit with 60 specialist officers within three years and £10 million to bring local police forces up to a benchmark standard for dealing with computer crime.

With cybercrime going through the ceiling, are our prisons now being filled with 'scrip-kiddies' and cyber criminals you might wonder? It’s never quite as simple as that, as Neate is quick to remind me. The cybercrime unit only really became operational in October and since then, it’s been busy developing the necessary international relationships with other police forces, working closely with the NISCC and chasing cyber criminals and paedophiles around the Web at every given opportunity. Already, the unit claims it has “taken down” two or three ‘Virtual banks’ and a number of the popular West African bank fraud scams, which many of us find in our mailbox at least once a month, from allegedly distressed members of the Abacha family or their friends and which surprisingly, people still fall for.

Neate is proud that in what is really six months of operational existence the unit has already conducted ten operations, is working with twenty-two countries, has made twenty-seven arrests and collected three terabytes of evidence.

With 11,000 new users and 20,000 new Websites appearing every day, it’s hardly surprising, Neate points out that the villains are chasing the money and some of the international gangs, in places such as the Ukraine or Russia, are becoming extraordinarily sophisticated, challenging the NHTCU to stay at the very leading edge of the technology.

This is of course just the beginning and with one in five companies experiencing a security breach of one form or another, Neate argues that the unit’s role has an educational element to its work, reminding businesses that computer crime can be even more damaging than a physical crime and offering the guidance that the judiciary needs in assessing the seriousness of cybercrime in its wildly different forms.

Unlike the United States perhaps, there is a reluctance to report cybercrime activity in this country, as companies worry over the potential damage to their reputation that might accompany an approach to the Police. One reason why the DTI decided it was time to undertake its own survey. Neate offers an example of one international car giant, who refused to accept their web site had been hacked even though he had a mirror image of the defaced site. Businesses should be as prepared to report cybercrime to the Police as they would any other crime. Moving forward then, Neate believes that the NHTCU needs to build trust among business and develop a partnership with industry, with the objective of establishing a confidential, national cyber crime reporting system and a code of good practise.

In all fairness, the NHTCU hasn’t really had the time to make its presence felt within the industry. None the less, it’s encouraging to believe that in support of the Prime Minister’s dream of making the UK “The best possible place for eCommerce”, that we have the “Men from Uncle”, the NHTCU, steadily developing the skills, relationships and procedures to protect us from the unwanted attentions of the ‘World Wide Weasels’.

The big “If” of course, is whether any agency, the FBI, the NHTCU or even the Men from Uncle, can successfully direct the methodical and relatively slow pace of Police work against a global criminal epidemic of a speed and scale which we have yet to measure with any real accuracy. I for one hope they find the answer before companies start to wonder whether being on the Internet is worth the risk.

I wonder, how do you handcuff someone in cyberspace? I should have asked.

An Uneasy Revolution

There’s a danger that the National Audit Office report on our progress towards eGovernment, will be seen as a big finger being waved at everyone involved in the development of the ‘UK-Online’ agenda.

The UK is no different to any of the other countries I have visited over the last two years in trying to meet the cultural challenges associated with an ambitious and constantly evolving eGovernment programme, Accepting the vision, as one Greek Minister told me, is the easy part, reforming the civil service takes a little longer!

My own experience appears to support the view that there’s a resource gap between vision and execution in this country. Some would call it a gulf. When, last year, I chaired a roundtable at the eGovernment conference in London, some thirty local authorities, offered me one-line messages to deliver to The Office of The e-Envoy. These varied considerably between:

“Tell the e-Envoy that it’s all fur coat and no knickers” to “Most of here have day jobs. We need to spend less time thinking of clever ways to satisfy Whitehall’s paper targets and more time exchanging information and skills with other government departments”

We have to be honest with ourselves in looking at the entire eGovernment programme. This is as much about social re-engineering and good practise as it is about paying for your road tax on-line. In this country, government suffocates us with procedures and paperwork and at last, a conscious decision has been made to find a more efficient and cost-effective way of presenting, managing and facilitating some five hundred different services that touch us as citizens.

It is this breadth of vision and ambition which makes the UK’s own eGovernment programme so interesting to other countries with more modest targets in mind and in this case, being at the leading edge of eGovernment can mean that we are at its bleeding edge as well.

The Office of The e-Envoy is valiantly standardising the greater part of what is required to help central and local government departments on-line (there’s the e-Government Interoperability Framework and the e-Government Metadata Framework to name but two) but a project on this scale demands a huge pool of skilled people and an even larger pool of money to carry through the project management and business process re-engineering that the UK’s own eGovernment programme demands. Civil servants have to believe in information age government as much as the politicians and many of the former appear unconvinced, unskilled and unhappy at the extra workload, which is being thrust upon them.

But this is a revolution in the making and while I won’t start quoting Lenin or Marx in support of UK Online, I will paraphrase what I said at a meeting at No10 last month. There’s nothing wrong with the vision but revolutions cost money and are driven more by involvement than by direction. It’s the involvement part of the puzzle that still defeats us, convincing the public sector that it’s part of the UK’s eGovernment revolution rather than part of the resistance.

One Degree of Separation

‘One Degree of Separation’ is the Microsoft advertisement showing on the television in my living room. “What does that mean Daddy”, asks my daughter and I try and explain, with the help of my Compaq IPAQ.

“Once upon a time there was a man called Bill and he had a magic .Net….”

But her question led me to think of something else. An important subject, close to my heart, which readers tell me is important to them too.
I know that the good people at Microsoft pay attention to this column and so I’m going to ask you to pay particular attention to this request on the part of concerned Hotmail users everywhere.

Hotmail and MSN Messenger are an important part of my life, both inside and outside of work. With it, I can, sitting in my room at the Kuwait Sheraton, easily chat, to the people in my office or a friend in Vancouver. Web-based mail is a great tool as is Instant Messaging, whether it be Microsoft’s or anyone else’s but most of the people I know use Hotmail, so full marks to Microsoft for making it an indispensable part of the human experience.

But Hotmail has a problem. Not a security problem for once but an every growing spam problem. And yes, Microsoft has an anti-spam policy and filters and an ‘exclusion’ list option but this filled up over a year ago in my own case.

Most of my Hotmail is rubbish or filth or both and many of you tell me you have the same problem. It’s gradually getting worse and more explicit in its content. I can see that the spammers are using a name generation engine, so if your Hotmail address is Y$%Z@Hotmail.Com, then you may not be bothered that much but if you have a proper name or combination of surname and first name, then you’re fair game.

Microsoft, I have a family and a little girl and there is no way on earth that I’m going to let her near her own Hotmail address, until you use your considerable ingenuity to tighten-up your spam filter and add some kind of parental control mechanism that can automatically trash any incoming mail with the following words……!
No I won’t include them here but ask me and I’ll give you a list that would make a paratrooper blush.

The others of course are “Debt”, “Loan”, “Vacation”, “Mortgage”, “Won” “Viagra”, “Herbal”, “Congratulations”, and “Prize”. In fact if we all got together, I’m sure we could come up with a small volume to present to MSN.

A good 25% of the mail I receive each day is spam but the really unpleasant stuff invariably comes through Hotmail. Here’s an ideal opportunity for Microsoft, not to exercise censorship but demonstrate leadership and common sense before we all suffocate beneath a sinister tide that exploits our identities and threatens our sensibilities.
So Microsoft, are you going to help us resist or simply use the “Best Efforts” defense? I think you could do a great deal more and win friends by doing it.

So will you?

The Great European Wotsit!?

Just ducked a call from another journalist, asking for comment on the European Union’s eCommerce directive, something that I was up to speed on last year but since then, have conveniently ignored, much like the rest of the population, including our own Government, as the 17th January deadline for compliance passed.

So do you know what it is? Are you following the rules or will you be getting a visit from EuroPol in the distant future?

The answer is ‘Probably not’ but in reality, the directive is all about creating an agreed-upon structure for the conduct of eCommerce within the European Union, which embraces both business and consumer rights, which of course vary greatly between the member states. In reality and not much of a surprise, we missed the implementation deadline in this country but The Department of Trade and Industry (DTI) has published a draft of the regulations for businesses to consult if they aren’t sure of what it all means, which in most cases means just about everyone outside of the DTI.

So I have been looking at my own Web site and I’m pleased to say that I’m unlikely to be sent on a one way trip to Devil’s Island just yet. None the less, there’s the inevitable red tape to cut through. Is your VAT number on your website? Your email and contact details? Nothing annoys me more than Websites that don’t have telephone numbers. One of the worst offenders I can remember was First E, the Internet bank. Everything had to be done by email and it didn’t occur to them that customers might occasionally wish to talk to someone in an emergency.

Consistency across commercial websites isn’t a bad idea and it’s certainly good for customers who can’t tell the difference between a reputable on-line business and a shady Web service but at least can look for clues from what they see or can’t see.

The challenge I suspect for businesses who might be considered to be trading over the web will lie in meeting the contractual regulations described in the EU Directive and from our own point of view, these remain draft regulations “under construction” until the beginning of next month.

I would recommend that every business with a web presence at least consults the DTI web page on what the regulations are, chapter and verse and at the same time, starts adding in a Web page called ‘Legal’ to their website, rather like I have on my own. This is where you can start to tuck in most of the detail that you will need to have in place once the EU Directive becomes law over here.

Perhaps the best advice going forward, is that if you have a Website, think ‘Euro’ from now on, even if you don’t accept the currency.

Better Out Than In.

The catastrophic events of September 11th left the world wondering about security. And if you read the annual Computer Crime and Security Survey from the States, it appears that Eighty-five percent of respondents, detected computer security breaches in 2001, which in most cases cost them money to fix or resolve. Of course, attacks aren’t always isolated incidents, they can be deliberate and prolonged and from the strangest places. In my recent visit to the Middle east, I noticed that both Saudi Arabia and Kuwait appear to be attracting hackers from China.

So far, there’s been a great deal of talk within the IT industry about ‘terrorist’ threats but little or no evidence that the bad guys will use anything more lethal than email against our national infrastructure. In the States, my good friend, Howard Schmidt, moved from his role of Chief Security Officer at Microsoft, to the Whitehouse, where he’s now ‘Vice Chairman of the President's Critical Infrastructure Protection Board’ and responsible for the security of a much larger network than Microsoft’s. Over here, we have many different agencies with overlapping responsibilities, UNIRAS, CESG, NISCC, NHTCU and so on but no single security ‘Czar’ and his team, like Howard Schmidt or Dick Clarke.

Two months ago, I suspected that something new might be happening behind the scenes when I noticed that CESG (The Computer Electronic Surveillance Group at GCHQ) was advertising for a new Director. Now I haven’t heard anyone in my own circles say anything good about the work done by CESG so I was even more surprised when it was suggested that I throw my own hat in the ring for the role, which I did, with a covering letter, informing the selection panel that if it was a civil service-type reformer they needed, then they should ignore me, which they promptly did. No surprises there!

Having quizzed a well connected friend, who offered very useful background and advice on CESG’s work, I arrived at the conclusion that in light of everything that has happened since September 11th, CESG might have a more useful future outside of GCHQ and I fired-off an email to No10 explaining why.

At present the most significant government groups dealing with information security are probably CESG, NISCC, e-Envoy Office, DTI, NHTCU and The Cabinet Office. Of these, only the DTI ‘INFOSEC’ group’ has a specific remit to promote information security to industry and the wider community.

The Office of the e-Envoy concentrates on government to citizen (G2C) issues. CESG has a remit to promote ‘INFOSEC’, but as a part of GCHQ there’s an inevitable conflict of interest. NHTCU (The National Hi-tech Crime Unit) is obviously more concerned with catching paedophiles than with promoting security and any remaining agencies are more likely to be concerned with intra-governmental issues.

Perhaps the solution to our own National Infrastructure Protection challenge is to bring CESG out of GCHQ - leaving behind the cryptography element of its work. Personally, I think the INFOSEC function it controls would be better placed within the DTI or The Office of The e-Envoy rather than the Cabinet Office, as the issues it deals with primarily concern industry.

By effectively boosting the INFOSEC group it will have more authority to resolve such weighty matters as security evaluation in a much more industry-friendly fashion. This solution might also give the support needed to expand the government’s t-scheme to cover the whole range of trusted security provision.

Outside of GCHQ and the ‘Spook’ environment, CESG could operate as a central point of focus for INFOSEC issues with regard to those outside government and will raise the profile generally of information security within the wider business community, something we badly need.

Is this a good idea? I think so of course, because if we are to take information security seriously, then we need a better line of operational responsibility than the one we have, which to be honest ‘Kind of confused our American friends’, when I first discussed it with them at the end of last year.

Will No10 shuffle the pack and come-up with a better solution? Your guess is as good as mine but I would like to think that the message may have arrived at the right quarters and that the announcement of a new head of CESG may also coincide with some kind of internal change that reflects the concerns expressed in my letter.

Anyone care to take a bet on it?

Peace in our Time - Not!

For Microsoft to suggest that AOL is a monopoly may appear absurd or indeed, the worst kind of hypocrisy but the argument as to whether AOL is as bad as Microsoft has been going on for some time.

Professor Lawrence Lessig, in his book, “Code and Other Laws of Cyberspace”, worried that the Internet might collapse into a handful of ‘walled gardens’, Portals dominated by the likes of Microsoft or AOL and to an extent, this is happening around us. Of course, no single interest can dominate the Internet but the content management and the middleware upon which it relies, is open to a kind of 21st century land grab.

For the end user, middleware is invisible, even irrelevant and content is everything. Witness the battle between the two companies over the future of Instant Messaging, the virtual presence of the future. Today, like me, you may use Hotmail’s Instant Messenger or AOL or ICQ to maintain an on-line relationship with a range of different people, something I have started to rely upon. I move in and out of conversations all day, with the editor of CW360, friends, my brother-in-law, the fabulous Pussycat-1, my pen friend and office colleagues. Very soon, that kind of relationship, courtesy of .Net and other similar technologies, will migrate to your smartphone and your television set. Even your email. Send an Outlook message, with a signature icon that let’s the other person know whether you are on-line or not. Don’t believe me? Visit www.presenceworks.com and try it for yourself.

Now Microsoft is squabbling over AOL about content and whether the AOL/Time Warner media empire has an unfair advantage, which will exclude .NET from sites using AOL's Magic Carpet technology. The danger of course is exactly what Lessig predicted, a kind of splendid isolation for tomorrow’s Internet users. You’re either using our technology and our messenger and our content or you’re with them. You can’t have it both ways. You’re with us (as a valued customer) or you’re against us as one of their customers.

Personally, I think that this is a far greater worry for the future than the rather jaded debate over who is the biggest monopolist or baddest playground bully. Unless AOL and Microsoft can arrive at a compromise or even frigid coexistence, then the future is going to be an awkward one for everyone else. Nobody wants to live in a technological ‘Us or them’ future but sadly, that’ s the way it’s heading with all the promise and optimism of the Middle-east peace process.

If AOL and Microsoft can’t sit down and agree on a future, one which includes transparent competition and a borderless Internet, in every area, content, middleware, messaging, you name it, then Government may be forced to show them the way. Unfortunately, I don’t have much faith in anyone being large enough, determined or influential enough to broker a future, which will be in the best interests of the half billion or so Internet users out there.

But then, what else would you expect from a cynic like me?

"Alice had not a moment to think about stopping herself before she found herself falling down a very deep well!"

One of the more entertaining members of the UK's IT security community is Symantec's 'Security Theoretician' in the UK, Dr Jeremy Ward. Jeremy used to be with the Cabinet Office before he exchanged his service issue Walther PPK for a much larger Mercedes. These days he's still just as busy saving the world, but mostly from the constant threat posed by computer viruses and hacking.

Next week will see InfoSecurity Europe taking place at London's Olympia and I asked Jeremy, who will be presenting, what he viewed as this year's "Big Threat" - if there is such a thing.

"It's the 'pool of tears'," he said, quoting from Lewis Carroll: "'the pool was getting quite crowded with the birds and animals that had fallen into it'".
"You've lost me," I said. "Alice in Wonderland"?

"That's right" said Jeremy. "The big problem facing us all is the always-on, constantly connected pool. It's something that Dick Clarke, the US cyberthreat guru has already warned about. Clarke said quite recently, that we need to re-think the 'unwritten rule' that everything on the Internet is automatically connected to every single place on the planet. Continuing with his 'Alice in Wonderland' theme of wireless disaster, Jeremy added “It's the 'Mad Hatter's Tea Party' out there – but much worse, particularly when you consider the explosion in wireless networking. And in much the same way as that Tea Party, we are going to see networks increasingly plagued by the sudden arrival of unwelcome guests - from hackers, to hacktivists and cyber-terrorists. That is unless business wakes-up and takes the danger from the spread of uncontrolled wireless networks as seriously as it should".

Now we may think that everyone must, by now, know all know about wireless and the danger posed by drive-by hackers with Pringles cans - yet, only recently I walked into one of the more sensitive offices in the country and heard it 'suggested' that the wireless network probably wasn't secure, as if the topic was a fairly unimportant one.
"Of course," says Jeremy, "this situation has everything to do with policy and responsibility, rather than technology - something that appears to have escaped most of us in the head-long rush down the 'rabbit hole' of innovation. The time has come to pause, take stock, and get down to some serious security risk assessment and risk management. We must all be involved in developing a 'culture of security', where security is built in to all new systems and becomes an intuitive part of the behaviour of all users of information systems and networks."

That of course is voice of reason and most informed IT Directors agonise over the spread of wireless networks only a little more than they worry about Personal Digital Assistants (PDAs). And while a firm policy can be set at the top of the organisation, the increasingly consumerised technology, the Palms or IPAQs or Cisco Aeronets, has an unwelcome habit of creeping in from the outside.

So Wonderland may yet be coming to an office near you whether you wish it to or not.

In the Cause of True Love

Following ‘The Night of the Long Knives” at the end of last year, which saw Unisys decimated in the UK and the sad loss of a number of my friends there, it looks very much as if the company has tightened its belt and is bouncing back with a multimillion-dollar global marketing campaign to convince the owners of those expensive, Sun IBM and Hewlett Packard boxes that the ES7000, ‘Windows Mainframe’ is the way to go for any intelligent corporation that should decide that Unix has passed its sell by date.
Of course, this comes with a little friendly help from Microsoft, which badly needs support at the high-end of the Enterprise for Windows Datacenter– one of the reasons why the HP – Compaq Merger would be a good thing from the Seattle perspective – .

Interestingly enough the company has launched a website www wehavethewayout.com and something called an eCommunity, a technical forum, crammed with supporting bet time reading such as “Data Center Simplification and Consolidation" – “A comprehensive guide to the key issues facing today's Data Center Managers”. I suspect that this is initiative is very much driven by the US Unisys parent, as I’m not entirely sure that temperamentally we’re quite ready for a spell of ‘Care in the eCommunity’.
Strangely though, the eCommunity’s diary of events appears to be stuck in July 2001 on my browser – Yes definitely stuck – but that’s not unusual for the Unisys site in my experience. Lots of Golf but they could do with something a little more imaginative as a calendaring application. And the Unisys site still has a late nineties feel about it.

I’ve said many times that Unisys, as a company, has some great technology, particularly, what I lovingly call ‘Fat Bird’ the ES7000 (SMP) Server, which launches Microsoft to the dizzy heights of the Enterprise. I even heard it suggested last year by one relatively senior Unisys executive, that Microsoft might even buy or license the ES7000 or that Unisys might spin-out its hardware business and keep the consultancy business, where it does well. This isn’t as wacky as it sounds, although if you think about it, Microsoft puts a toe in the water with the X-Box and then moves on and up with an ES7000 bundle. The best of both worlds for some people I know.

Seriously though, Unisys has staked the future of the company on Windows DataCenter and the ES7000 and yet the company is looking a little isolated in an increasingly commoditised market, dominated by a handful of players or partnerships with end-to-end solutions. The Microsoft / Unisys connection is very much a marriage of convenience and it’s close to symbiosis. Whether they are actually good partners, from a cultural or emotional perspective is irrelevant. They need each other to achieve a high-end future for Windows for one partner and continued survival in a viciously competitive hardware market for the other.

All that’s missing now is the ring.

The Hidden Costs of Broadband
When I read Barry Collins comparative analysis of broadband pricing, in The Sunday Times, over the Easter weekend, I felt something close to despair.

A month ago, the day prices fell, I was chairing The LondonOne Conference at the TUC Conference centre - an event devoted to the ideal of broadband Britain- and the news that the cost of ADSL was at last within the reach of the ordinary home, was welcomed with a sense of universal relief from those involved in a struggling cable broadband sector.

Of course, once the dust settles after the first big PR ‘Puff’, reality is always a little disappointing. I’ve been trying to find a spare moment to try and find out from BT – never a simple experience – what might be involved in bringing broadband to my home but the Sunday Times appears to have done much of the work for me.

First of all, it should be said that competition and the big drop in costs immediately drove-up the demand for domestic broadband, with BT apparently taking sixteen thousand new orders within days. This of course had the effect one might expect, the arrival of a long queue of customers waiting for installation. As a result, there are really two options – three if you are thinking of wireless of cable - . You wait for an engineer and pay a hefty premium or you do it yourself. Buy a cable modem and plug and play. Is it ever that simple I wonder?

Prices are, from my point of view, far too high, with only Pipex coming in below 25.00 a month and with the others, including BT hovering around 29.99 (why not just say 30.00).

On top of this, there’s the modem charge of around 100.00 and an installation charge if you can wait for an engineer. This rather does lead me to wonder how the government expects us to overtake Germany as a broadband society within eighteen months. You might have to wait that long for an engineer!

When all is said and done and my natural cynicism is put back in a box, where it belongs, we are looking at a cost of around 450 – 500 in the first year for broadband Internet access on a ‘Do it yourself’ basis and around 600 if you can wait for an engineer.

In my opinion, it’s still too expensive and much too complicated for the man in the street and I’m thinking of my in-laws here, silver surfers with their first PC and a passionate interest in a world they’ve only just discovered.

I still get the same feeling that I had when I plunged into the Internet in its early days of FTP and Winsock and Netscape 1.0. It was a very ad hoc experience, prices varied between ISPs; technical support was a nightmare and BT executives spent hours in my office agonizing over how they might set-up a consumer Internet service.
The last mile problem hasn’t really gone away; it’s just been divided-up between competing services. Until my in-laws can pick-up their phone, ask for broadband and have it installed and working in a week and at below 25.00 a month, broadband Britain may still be a while coming.