Three days later and still no response from the British government. We’re still waiting to hear back from the Department for Business, Innovation and Skills.

The weakness is in older versions of Internet Explorer like 6 and 7 which were running Windows XP SP3. The code has now been released making it fairly simple for an attacker to exploit the hole. Microsoft confirmed that the hole was used in the attacks against Google and 33 other companies believed to come from China. At its most extreme it would let an attacker run code on your machine.

If you don’t want to ditch IE altogether then at least running it in safe mode, with ActiveX and JavaScript turned off, will reduce the dangers.

Internet Explorer is the default browser on government computers. It would be a big job for them to all be changed overnight, but surely the government could offer some advice on keeping the rest of us safe?

The gaping hole might seem like bad news for Microsoft, but most IE users will probably remain unaware of the problem. If enough of them do notice then it might provide a bit of a boost for Firefox and Google’s Chrome – currently being heavily advertised in the UK. Microsoft is still working on plugging the hole which, so far at least, has been used to target corporations rather than individuals

UPDATE (19-Jan):

Microsoft’s Head of Security and Privacy in the UK, Cliff Evans, is now saying that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser.

With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft’s browser, and although the vulnerability has only been used against IE6, the company has not ruled out that something similar could be used against the later versions. With Microsoft not prepared to give details of how soon a fix will be released, and advising people to leave the appalling IE6 and its successor for the latest version – IE8 – Microsoft’s UK security chief insists that a non-Microsoft browser is the worse option.

The whole Google IE flaw issue is clearly a PR disaster for Microsoft, with Evans conceding that this particular problem is not likely to afflict IE’s rivals. Asked when a fix would be ready, Evans states that the rollout might or might not be before the normal upgrade cycle, but has no further details. In the meantime, the company will be hoping that the knee-jerk reaction of France and Germany is not mirrored elsewhere.

UPDATE no.2 (27-Jan):

Lord Avebury has since tabled a parliamentary question regarding the security of Internet Explorer and whether the UK government would reconsider its use. He got an answer from the UK Home Office that’s unlikely to please most readers. The UK government contends that ‘there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure.

As a reminder, the governments Interception Modernisation Programme (IMP), which is part of the wider Communications Data Bill, will see all YOUR email accesses and website visits (not content) monitored and stored for a period of one year. Many organisations, such as the NHS and Royal Mail could then be granted access to this data, not just the police.

The LINX Response – Selective Quotes:

“We do not believe sufficient information has been given to say with confidence whether we will support or oppose the Government approach. Following discussions with officials, we do not even have confidence that “a Government approach” even exists – it appears that even the basic conceptualisation of the Interception Modernisation Programme is in flux. We can identify numerous areas where important questions remain unanswered.”

…

“Firstly, the government has not been clear about the range of communications data it proposes should be collected. The existing data retention regime is narrow, and at least attempts to be closely specified. These new proposals suggest an intention to capture anything and everything, regardless of the communications protocol used, or other aspects of the communication inhibiting this approach (the case study reference to a user chatting in a computer game certainly carries such an implication).”

…

“Fourthly, as we have outlined above and discuss more fully below, we are not satisfied that the existing safeguards adequately protect the public, our members’ customers and end users, even with regard to the current regime let alone as they relate to the far more intrusive proposals under discussion. We would need to be satisfied that the safeguards proposed to be relied upon were adequate before we could support the government’s approach.”

…

“Fifthly, we are concerned for the security of customer data collected once it is no longer under the exclusive control of the CSP. More particularly, we are concerned that the public have confidence in its security. It should go without saying that this is sensitive and valuable data that could do a great deal of harm in the wrong hands.”

Click here to download full response (MS Word .doc)

LINX concludes by saying that it cannot have confidence that any forthcoming legislation will support the public interest until the outlined issues have been satisfactorily resolved. In short, LINX appears to be in stiff opposition to the government’s plans; though whether the government will care enough to adjust its proposal is another matter.

The Digital Britain report proposed that ISPs should adopt a more active regulatory role to help curb piracy and the distribution of illegal content. Yet it is debatable whether ISPs are best placed to act as the gatekeepers of the Internet, because the control they have over the networks is limited.

The main function of ISPs as regulators is to help law-enforcement agencies determine the source of illegal content more easily by monitoring connectivity data. In theory, ISPs could inspect every packet of data, but cybercriminals can conceal illegal content inside inconspicuous data packets. Monitoring content also raises obvious privacy issues.

Role of ISPs

ISPs should not police the content of Internet traffic. They could act in a similar fashion to telephone companies, which keep track of dialled numbers without listening in on calls. Ultimately, it is technically impossible for ISPs to moderate and monitor everything that goes on in their networks.

It has also been proposed that national governments and the European Union take responsibility for Internet regulation. But government-led processes can be inflexible, and traditional routes of legislation often take long to become law.

As a result, legislation cannot possibly hope to keep pace with innovation in the Internet industry. Additionally, while national governments are able to restrict Internet traffic to tackle criminal activities, such restrictions can easily be seen as an attack on civil rights. Because of the limitations of ISP and government-led Internet governance, an open, bottom-up regulatory model is the only feasible way forward.

Open Policy Development

Industry-wide collaboration between ISPs, the technical community, supporting organisations, national governments and law-enforcement agencies helps ensure open and transparent policy development and regulation.

Governments should look after the interests of the public by taking an active role in the debates and policy-making processes of the Internet community. They also need to work closely with the community to ensure an appropriate, flexible, regulatory framework is in place to help stimulate innovation and growth.

There are already examples in the Internet industry of the problems over-regulation can produce. Afnic, the French registry for the .fr country code top-level domains, is a classic illustration of how regulation can impede growth.

At a time when the market for domain names around the world was growing strongly, registrations for .fr domain names were hampered by strict eligibility rules. A process of deregulation, started in 2004, saw a sharp and immediate increase in the market for .fr domain names.

Another example of how regulations can stand in the way of innovation is the failed rollout of the Open Systems Interconnection (OSI) protocol suite in 1977. Developed by international standards body the ISO and telecoms standardisation agency the ITU-T to standardise networking, OSI followed government-led predecessors such as Arpanet.

Its aim was to enable vendors with different proprietary network protocol suites to collaborate on common network standards, facilitating interoperability. However, OSI was never widely adopted because the ISO and ITU-T attempted to impose it on the Internet community, who deemed it too costly and complicated to implement. Instead they opted for TCP and IP, on which the Internet operates to this day.

Community and Public Benefit

An inherently open system such as the Internet does not fit into a closed, heavily certified and regulated mould. As with open-source systems, both the community and the general public benefit from the openness of the Internet, which stimulates innovation, access and diversity, as people are encouraged to experiment with different technologies.

This bottom-up, multi-stakeholder and self-regulatory approach will ultimately help safeguard the dynamic and responsible development of the Internet.

“BT’s network is in a strong position to cope with the expected demands in home working,” the firm said in a statement.

In our opinion, the real issue will be for companies to ensure that their own computing systems are robust enough if many people are going to be remotely accessing machines in their offices. This uses both upstream and downstream capacity. What is likely to happen, is that the evening peak spike may be repeated during the day and providers that have no spare capacity now, will struggle. This could give the impression that the infrastructure is failing.

The main key points of the report are as follows:

1. The UK is to have a Universal Service Commitment of 2Mbps (2 Mega bits per second) by 2012, this is to be funded in a number of ways, £200m surplus from the Digital Switch Over Help Scheme, commercial gain through tender contract, contributions from private partners, money from other public sector organisations, consumers themselves by resolving wiring issues in their homes. Additionally the wider coverage obligations placed on mobile broadband providers will help to meet this obligation.
2. The report does not set an minimum speed for upstream or latency, though does suggest that money spent on meeting the USO should be spent in such a way that does not preclude expansion to Next Generation speeds in the future.
3. A 50p per month on fixed copper lines (basically telephone lines, i.e. residential phone lines, business analogue lines, ISDN2 lines and cable telephone lines. This £6 a year will go into the Next Generation Fund, the purpose of which is to fund the roll-out of Next Generation services in the third of the country where at this time commercial operators are saying solutions like fibre are not feasible. A sum of £150m to £170m is expected to be raised per year from the fund, with the aim of connecting most of the final third by 2017.
4. The 50p levy is not part of providing the basic 2Mbps USO.
5. In the area of illegal file sharing the report outlines a proposal to legislate and give Ofcom the a duty in reducing the amount of file sharing over the Internet in the UK. This will comprise of notifying account holders when it appears their account has been used to infringe copyright, and an obligation to keep records so that serious repeat infringers can be identified and thus allow targeted court action against the most damaging breaches of copyright.
6. A code of practice to underline these obligations will be produced, which should set out the processes for rights holders to inform Ofcom.
7. Ofcom will also be provided with additional powers, so that if this warning system does not have a significant impact on illegal file sharing then Ofcom can place additional conditions on broadband providers. For example blocking of sites, port blocking, bandwidth capping, data volume caps, traffic shaping. This measures are only expected to be used if the overall level of illegal file-sharing does not diminish after a 6 month initial period.
8. The report outlines that it plans for the first stages of the warning system will be deemed successful if infringement is reduced by 70% in the first year.
9. Fair use gets a mention, since at present even if you own a copy of an album on CD, ripping it onto your MP3 player is a violation of copyright law. Nothing concrete appears, other than to mention that this area is heavily constrained by the EU copyright framework.

The 50p levy on the telephone line is not likely to be popular and people acceptance will largely be down to whether they feel broadband is a utility and everyone should have a bite at the cherry. In terms of Next Generation services, eight years of £150 amounts to about £1.2 billion, which considering BT has talked of £5bn to do Fibre To The Cabinet to the whole country does not look to be a large enough pot of money.

The Universal Service Obligation looks set to be a slow process, we can expect the creation of a Network Design and Procurement Group in the Autumn, which suggests 2010 at least before people start to see action on the USO. Procurement is almost a dirty word as many people will associate it with long drawn out Government projects that deliver late and are over budget. Hopefully in this case, a lean mean machine can be created also access to information on the USO needs to be straightfoward so that consumers can easily find out which service is available in their area and what speeds it can offer.

Martha Lane Fox appears to have gained a figurehead role, as Champion for Digital Inclusion, forming part of the reports aim to drive forward Digital Inclusion and convince people that going online is worthwhile. The appointment seems somewhat odd, a more well known respected UK figure might have been more appropriate.

Overall its hard to say the report has been a waste of time, since the USO is better than most other countries, but at the same time the overall ambition is clearly still led by the commercial operators, with the Governments role being one of filling in the holes around the edges. Whether the new role for Ofcom will succeed is hard to know, and there is no guarantee that reducing the amount of unlawful file sharing will lead to an increase in sales, and if some surveys are to be believed it may for some content lead to a reduction in sales.

So the message now is clear, if you want ultra fast broadband, i.e. something over 8Meg then you need to move into the cities, otherwise you may be waiting until 2017 or later. Of course by then other countries will have completed their own Next Generation roll-outs, leaving the UK where it is now in relative terms in the worldwide digital economy. There is still the risk that countries that missed the first generation broadband wave could leapfrog the UK as we take our step by step approach to faster broadband.

Sir Tim Berners-Lee will lead a panel of experts to advise the relevant Cabinet Office minister on how government can best use the internet to make non-personal public data as widely available as possible. He will oversee work to create a single online point of access for government held public data and develop proposals to extend access to data from the wider public sector, including selecting and implementing common standards. In addition, he will help drive the use of the internet to improve government consultation processes.

Announcing the appointment on 10 June 2008, prime minister Gordon Brown: “So that government information is accessible and useful for the widest possible group of people, I have asked Sir Tim Berners-Lee who led the creation of the world wide web, to help us drive the opening up of access to government data in the web over the coming months.”

Berners-Lee has been a proponent of better access to all forms of government and other data. In a talk to the Technology, Entertainment and Design conference in March he said: “What you find if you deal with people in government departments is that they hug their database, hold it really close, so that they can build a beautiful website to present it.

“I would like to suggest: sure, make a beautiful website, but first, give us – all of us – the unadulterated data. We have to ask for raw data now.”

Andrew Stott, the director of digital engagement at the Cabinet Office, commented that he was delighted to be working with Berners-Lee and his panel. “They will provide the expert challenge and insight we need to drive action across the public sector,” he said.

The home secretary scrapped plans for a database but wants details to be held and organised for security services. The new system would track all e-mails, phone calls and internet use, including visits to social network sites. Announcing a consultation on a new strategy for communications data and its use in law enforcement, Jacqui Smith said there would be no single government-run database.

The Internet Services Providers Association (ISPA) has welcomed today’s consultation into Communications Data. The ISPA said it was committed to assisting law enforcement agencies in the investigation of serious crimes and threats to national security, and supports effective legal measures that combat terrorism.

Short version: the IWF investigates suspected child porn websites and adds any it finds to a list that ISPs can use to block these sites. Uk.gov wants ISPs to use this list, however:

• The IWF is not an official government organisation
• It does not appear to have legal permission to view child pornography
• and is quite possibly is breaking the law by doing so.

1. Universal Broadband for UK

The government has today confirmed plans for a digital Universal Service Commitment (USO), which aims to make broadband capable of “up to” 2Mbps available to everybody in the country by 2012. The report found that UK take up of first generation broadband has grown faster than almost all the other major economies, yet it is now at risk of falling behind.

Presently the existing costs of our out-dated universal service obligations (USO) fall firmly on BT and KCom, both of which are required to make sure that every UK household has access to a telephone line capable of supporting a 28.8Kbps dial-up connection for narrowband style Internet access. Typically the vast majority (99% population coverage) of UK households now have access to at least basic broadband connectivity.

Happily Lord Carters report doesn’t take the easy option by recommending that 512Kbps become the new universal minimum. Instead its initial assessment, subject to detailed analysis, is that a 2Mbps universal service commitment could, with careful policy design, strike the right balance.

The costs for doing this would also be shared more widely between a range of communications providers. The contribution could be financial or in kind (e.g. if mobile operators continued to build their networks towards near-universal coverage, facilitated by the acquisition of additional wireless radio spectrum).

It’s understood that public money from end consumers might also come into play, although few details about that are offered. Similarly the 2Mbps pledge wouldn’t strictly have to come from land-line services, with wireless (Wi-Fi) and Mobile Broadband solutions being touted too.

Finally the plan calls for a special taskforce of experts to be setup, which would be headed by a “public service champion” (i.e. somebody who knows what they’re doing) and drive the Government’s work on digital inclusion. The BBC would also play a role, using its expertise in marketing, cross-promotion and provision of content to drive interest in taking up broadband.

2. Next Generation Networks

Disappointingly the Interim Digital Britain report doesn’t actually say anything terribly new about the governments drive to help develop future next generation broadband networks. Instead it proposes the creation of yet another Government-led strategy group to examine the issue.

This strategy group would be designed to assess the necessary demand-side, supply-side and regulatory measures required to underpin existing market-led investment plans for next-gen broadband. You’d certainly be forgiven for thinking that this all sounds vaguely familiar; last Septembers Francesco Caio review (original news) comes to mind.

Similarly there’s the usual splashes of praise for BT’s £1.5bn investment (original news) in a future fibre optic broadband network, not to mention Virgin Media’s good work on introducing a 50Mbps cable service (original news).

The report goes on to state that, at this stage, demand for services requiring maximum speeds of 100Mbps is very uncertain. But between now and 2012 demand for average speeds of 20Mbps is likely. It also points to the problem of growing congestion within BT’s current broadband network. It finds that the operators 21st Century Network (21CN) programme will play a part in upgrading the network, though the author does not believe that this alone will solve the whole problem.

Net neutrality, the principal of making sure that ISPs give equal access to all online services, is also touched on and largely shunned. Ofcom states that provided consumers are properly informed, such new business models (giving more traffic to specific services) could become an important part of the investment case for Next Generation Access.

On the same basis, the Government has yet to see a case for legislation in favour of net neutrality. In consequence, unless Ofcom find network operators or ISPs to have Significant Market Power and justify intervention on competition grounds, traffic management will not be prevented.

In short it looks like we’ll have to wait until the final Digital Britain report surfaces during this spring, which is when the new strategy group will reveal its findings. Otherwise it seems like earlier talk about the government putting public funds behind next-gen networks was a bit wide of the mark.

The Government is still not persuaded that there is a case for a UK-wide public subsidy of Next Generation Network deployment, since such widespread subsidy could simply duplicate existing private sector investment plans or indeed chill such plans.

3. Proposals for illegal file sharing

The government will force UK ISPs to warn customers suspected of involvement with illegal file sharing of copyrighted (c) content. The proposal will also require Internet access providers to disclose related customer details. These could then be made available to copyright owners for possible legal action, although it would still require a warrant to be produced first.

Unlike earlier proposals for a “three-strikes and you’re out (disconnected)” system (To Ban or Not to Ban (Illegal File Sharers)), the new method will not require ISPs to forcibly disconnect repeat offenders. The move is being seen as a response to BERR’s recent failure to find a voluntary co-regulatory solution to the problem, thus forcing the government into carrying out its threat of imposing a legislative solution.

Carters review doesn’t stop there though and hints at another method that could involve increasing the broadband cost for everybody via an additional charge (tax) on monthly bills. The extra revenue from such a hike would then be used to compensate music and film companies for their piracy related losses.

However the review does not specifically detail such an idea directly, preferring instead to talk about generalised funding solutions. Perversely such a tax would not make online piracy any less illegal, yet could run the risk of encouraging illegal downloading by fostering a “haven’t we already paid for it now?” mentality; effectively requiring even innocent individuals to pay for the criminal mistakes of others.

Then there are the practical issues, such as how you manage the system and deal with the complicated “who gets what?” question. We suspect there’d be no shortage of groups vying for a slice of the cash pie. Full details and conclusions will surface later this spring when Carter publishes his final report.

Finally a new ‘Rights Agency’ has been proposed, which would act as an intermediary between ISPs and the creative industry. This organisation would help to develop incentives for legal use of copyright material (e.g. special ISP music services) and work with both sides to develop anti-piracy solutions.

The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state which drives “a coach and horses” through privacy laws.

The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room. Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.

Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.

A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years.

UPDATE:

The Home Office has denied it has made any change to rules governing how police can remotely snoop on people’s computers. Any such remote hack – which normally requires physical access to a computer or network or the use of a key-logging virus – is governed by Ripa – and the rules have not changed.

A spokesman for the Home Office informs us that UK police can already snoop – but these activities are governed by the Regulation of Investigatory Powers Act and the Surveillance Commissioner. He said changes had been proposed at the last Interior Ministers’ meeting, but nothing has happened since.