I was pretty damning of the ICO in my post outlining Alex Owens’ witness statement to the Leveson Enquiry (looking into the phone hacking scandal). You can read that here: Something rotten in the state of the Information Commissioner’s Office – will Leveson act?
Well, surprise, surprise. Richard Thomas doesn’t remember it.
The informal meeting to which Mr Owens refers took place in this instance because (understandably) the team wished to share the nature and scale of their success with me. I recall that meeting as the occasion when I was informed about the volume and nature of the materials – the “treasure trove” – which had been discovered. I recall congratulating Mr Owens and the team for a job well done. I do not, however, recall any course of action being formally or informally recommended by Mr Owens or anyone else, let alone being “bemused”. Specifically, I do not recall any proposal, on that or any other occasion, that any journalists – nor indeed any other customers of Steve Whittamore and his associates – should be investigated. I not recall even any suggestion that any further investigations were under consideration. One of my central memories of that meeting is a recognition of the challenge presented for a very small team by the sheer bulk of the evidence, without any suggestion that even more should be obtained. I do not recall whether Francis Aldhouse was at that meeting, but I do not ever recall hearing the words attributed to him.
…I do not have any recollection or awareness whatsoever of preventing any Investigating Officer…
…Nor do I have any recollection of making any later “decision” or issuing any sort of instruction…
…Nor was I aware at any time of any grievance…
…Although I cannot recall any discussion…
Fourth Witness Statement of Richard Thomas CBE
That’s the defence. And now the attack:
Mr Owens has made a number of allegations about me and the ICO. It is therefore necessary for me to alert the Inquiry to the fact that there were a number of performance, disciplinary and grievance issues between Mr Owens and the ICO…
It’s all so predictable that any media relations person could have written it for him without ever needing to speak to him. The difference is that Owens states things happened, while Thomas doesn’t deny them, just can’t remember them.
When a security site is backed by several government departments (including the Home Office), by law enforcement (the Serious Organized Crime Agency) and the intelligence services (Centre for the Protection of the National Infrastructure, which holds hands with MI5 and CESG), then it should be taken seriously. So, when such a site (Get Safe Online) releases a grandiose report with a grandiose title (UK Internet Security: State of the Nation – The Get Safe Online Report, November 2011), we should expect something serious. This is, we are promised, the state of the nation.
But it is poor. It is trivial. Most secondary school magazines could do better simply by writing to the security industry and asking different companies to provide a brief comment on a particular security aspect. Because that’s all that this is – a series of separate contributed articles from some of the companies and agencies that sponsor Get Safe Online.
Coupled with the widespread use of advanced anti-spyware software provided by banks, as well as the excellent advice from Get Safe Online, HSBC believes our online customers are now safer than ever.
SOCA gives us this gem:
It would be good to think that we could arrest and prosecute every cyber criminal… [but] this will never happen. [So] an equally important activity is prevention and awareness.
Which just goes to show that law enforcement has forgotten its role: viz, we should prevent crime first, and arrest the remaining criminals. The modern version believes that we should arrest all the criminals we can, and then try to stop the ones we miss.
At VeriSign we’re constantly trying to educate people about online threats and raise awareness about the dangers of social engineering, which is the main trick used by cybercriminals.
Which is simultaneously horribly naive (all cybercriminality depends upon social engineering somewhere), and self-aggrandizing. Trend’s Rik Ferguson makes a serious attempt at saying something meaningful without blowing his company trumpet:
The volume of mobile malware has not yet reached the epidemic proportions of computer-based malware, but criminal interest is clearly there and growing. We are seeing multi-platform attacks distributed by the same criminal groups that traditionally have focused on conventional systems. Smartphone security, such as encryption and anti-malware, is available but not widely deployed. The need is already there for it to be commonplace.
But here’s the problem with a government-backed site taking sponsorship money from private companies. That company endorses the site – but there is a clear indication that the reverse is also true: the government sponsors that company. Since Trend Micro is the only anti-virus company mentioned in the State of the Nation report, it comes across that Trend Micro is the anti-virus company preferred and recommended by government. The same argument can apply to most of the other ‘contributors’.
So not only is this ‘state of the nation’ report both trivial and a possible contender for being prosecuted under the Trades Description Act, it is also an insult to the 99% of the security industry that has declined to spend its money on buying dubious government advertising. You may have gathered that I am not merely unimpressed by this report, I am frankly appalled.