A new take on National Security

Today I spoke in a debate in the uk house of lords on national security. Here’s what I said.

“Even just a few years ago it would have seemed slightly surprising that a dotcom entrepreneur was speaking in a debate about national security. Now it would seem strange if I wasn’t. In fact I am looking forward to contributing as a new member of the joint committee on national security strategy. I also declare my interest as a director of twitter and as cofounder of Doteveryone a charity fighting for a fairer internet.The world has changed irrevocably and irrefutably with the immensely rapid rise of the internet and digital technologies. When Brent hoberman and i started lastminute.com nearly twenty years ago, we were grappling with the early technologies to make credit card payments on the web safe and the largest dark cloud we faced was the drama that the potential of the millennium bug presented. Now we face a set of complex and interrelated challenges unprecedented in human history and all exaggerated by the global and borderless nature of the technology woven so deeply into our everyday lives.

There are so many themes relating to our security it would take far more time than i have today to describe even just recent history. Look at what we have faced just in the last few months – nhs data breaches, wanna cry ransom attacks,, ATMs hijacked,fake news, jihadi content on YouTube, and then let’s think for a moment of the future – more big data, autonomous vehicles, internet of things implementations and more and more ,machine learning underpinning all our systems.

So I would like to pick off three areas – firstly, the role of the large tech platforms, secondly, the levels of digital understanding in parliaments and thirdly the wider digital security concerns of citizens.

So, firstly, the role of the large technology platform businesses. I am the last person to rush to the defence of the monopolies that dominate the consumer internet. Indeed, it is one of the greatest surprises to me that the original promise of the web – to redistribute and enable many more voices to be heard has not been fulfilled. Five large companies dominate our online worlds and they have unimaginable power – google, apple, Facebook, amazon and Microsoft.

However i find the lack of sophisticated debate about the internet and security in the media and in parallel the knee jerk reactions by parliamentarians extremely serious.

Too often all the internet is lumped together and blamed for an attack in the real world.

It has recently felt as though as long as we turn the internet off we would all be safe.

I was lucky enough to hear John Kerry give a masterful annual ditchley lecture this weekend and he highlighted this point. He called for elected representatives to be honest with us all about the real causes of extremism and he specifically talked about social media. He reminded the audience that the young people demonstrating in tahir sq during the Arab spring were organising themselves using twitter and they were not terrorists – they needed the anonymity of social media to stay safe.

As Prof Peter Neumann & Dr Shiraz Maher wrote in June this year -

“Big social media platforms have cracked down on jihadist accounts, with result that most jihadists are now using end-to-end encrypted messenger platforms e.g. Telegram. This has not solved problem, just made it different.

“Moreover, few people are radicalised exclusively online. Blaming social media platforms is politically convenient but intellectually lazy.”

As we have heard, Some of the big tech businesses have now come together and formed the global Internet forum to continue to fight extremism. They will be working on four strands :

Firstly, sharing and developing new software to detect terror related content

(and this is harder than many realise to use a twitter example that I know well – if we run an algorithm runs at 90% accuracy in finding inappropriate content then we could wrongly remove 50m tweets)

Secondly, it will be researching – bringing academics, industry and government together to share intelligence on the nature and scale of problems

It will share knowledge with smaller companies as many tech companies find themselves with huge user bases v quickly and without the infrastructure to deal with legal/ policy issues. So this group will share best practice and help them set up internal systems.

And lastly it will focus on counterspeech – boosting efforts by working in communities.Lord king talked of the german government’s recent decision to impose massive fines on these businesses and although I believe this might be the wrong solution and will be hard to implement, It is imperative that governments hold these companies feet to the fire and make no apologies for them – they have been slow to realise the gravity of the content created on their watch.

Nevertheless we cannot undermine a free and secure internet for political expediency or allow the systems underpinning our daily lives to be weakened.

It was refreshing to hear Robert hannigan, the ex head of gchq speak eloquently just this morning on radio four about why the idea of a so called back door into encryption is flawed and shows the gap between the reality of the dangerous activity online and perception.

This brings me to my second point – how will we ensure we make the right choices if our parliamentarians do not have the experience from which to understand the issues?

I believe that the gap between innovations driving the pace of change in citizens lives and the ability of policy makers to keep up is one of the most pressing questions of our time.

Do we need some new global institutions? Do we need a much more focussed parliamentary education program?

As a local example, Doteveryone ran an mp mentoring program. A small cohort of MPs were matched with digtal mentors to help increase knowledge. It was a huge success.

Corporate boards now have digital security in all its forms as a top priority.

Even compared to a few years ago it would now be as unacceptable if a CEO claimed she did not understand its seriousness as it would be to say she did not understand the balance sheet.

This has to be true in the public sector too. Every new minister should have the tools to ask the right questions when they start a new brief – only then will we avoid another situation such as the mammoth failure to upgrade departmental software we witnessed in the NHS.

Finally, I was very struck by research I read about at the weekend undertaken by Haifa university. Do random cyber attacks increase feelings of anxiety and panic? It is surprising to me that this is the first such study of the wider impact of attacks. It is however unsurprising that the results overwhelmingly showed that when an attack happens cortisol levels are raised and people immediately feel more anxious. Perhaps more interestingly, these feelings then led to a formation of more militant political beliefs.

I end with this as we are only at the beginning of understanding how these new cyber threats will affect us all.

Noble lords will have heard me talk before about the urgent need to increase skills in citizens who do not understand technology but this is not enough – we must be relentless in encouraging digital understanding for everyone – at all levels of society and all sectors.

Only then will we be able to talk honestly about the threats we face and make the right decisions both individually and nationally to keep us safe.

I fervently believe in the power of an open internet to help in this endeavour. We cannot allow an already fearful public to become more fearful of technology and so i end by urging the minister to do what she can to tone down the alarmist rhetoric that comes from some parts of government and the media so that we can engage in a well informed debate.””