To be published as HC 252-i

House of COMMONS





wednesday 5 June 2013

dr martyn thomas cbe, freng, william heath and kevin seller


Evidence heard in Public Questions 1 - 69



This is an uncorrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.


Any public use of, or reference to, the contents should make clear that neither witnesses nor Members have had the opportunity to correct the record. The transcript is not yet an approved formal record of these proceedings.


Members who receive this for the purpose of correcting questions addressed by them to witnesses are asked to send corrections to the Committee Assistant.


Prospective witnesses may receive this in preparation for any written or oral evidence they may in due course give to the Committee.

Oral Evidence

Taken before the Science and Technology Committee

on Wednesday 5 June 2013

Members present:

Andrew Miller (Chair)

Stephen Metcalfe

David Morris

Stephen Mosley

Sarah Newton

Graham Stringer

David Tredinnick


Examination of Witnesses

Witnesses: Dr Martyn Thomas CBE, FREng, Vice-President, Royal Academy of Engineering, William Heath, Chairman and Co-founder, Mydex, and Kevin Seller, Head of Government Services, Post Office Ltd, gave evidence.

Q1Chair: Gentlemen, can I welcome you to this morning’s session? This is the beginning of an inquiry. You are the first panel we are seeing. For the record, I would be grateful if you would introduce yourselves.

Kevin Seller: I am Kevin Seller, head of government services of Post Office Ltd.

Dr Thomas: I am Martyn Thomas. I am vice-president of the Royal Academy of Engineering, and I chair the IT policy panel for the Institution of Engineering and Technology.

William Heath: I am William Heath, chairman of the Mydex community interest company.

Q2Chair: Thank you very much. First of all, I have a couple of general questions. What do you see as the benefits to both the Government and the public of going digital by default?

Kevin Seller: For me, there are numerous benefits. For Government in particular, it makes their services more accessible. Quite clearly there is a savings element to it; they can save a lot of money by going digital by default. It makes customer journeys much simpler and easier to go through, and it starts to take out some of the complexity. From the customer perspective, it really opens up the service. It is much easier to get hold of the information, go through the customer journey and get access to the service. If you are online, you can get all of the information you need in one place without having to make numerous phone calls and so on to get the detail that goes with that customer journey or experience. There are many benefits to both sides.

Dr Thomas: I agree with that, and it is simply the way that things are done these days. It is where people expect to find information and access services. If it is done properly, it can be highly efficient for the organisation and users.

William Heath: I agree with all of that. It is cleaner, cheaper and faster. There is the opportunity to introduce better design, for it to be more inclusive and safer from the citizen’s point of view, and for it to be more convenient and better personalised, but it depends on how it is done.

Q3Chair: You say "if it is done properly" and "it depends on how it is done". What evidence is there that digital by default will work? In other words, is there the competence to deliver the answer to your caveats "if it is done properly" and so on?

Dr Thomas: There are services that have been working for some time digitally such as, for example, renewing vehicle excise duty online, which seems to work very effectively. Therefore, there is some evidence that it can work effectively. There is also clear evidence that, if it is not done competently, it will not work effectively. For example, if you were to attempt to apply online for disability living allowance, you would immediately meet a page that said you must not be using a Macintosh, UNIX, any of the up-to-date versions of Internet Explorer, Windows Vista, or any of the other modern browsers like Chrome or Firefox; in other words, if you want to apply online for disability living allowance, you have to use old, unpatched and nonupdated software that is full of security vulnerabilities. There is a counter- example.

William Heath: You asked about competence. The Martha Lane Fox report is a powerful and strong piece of work by a successful, acknowledged entrepreneur. Since then, there has been a completely new team in the Government Digital Service, who have repeatedly stated their commitment to design, to meeting user needs and radical cost reduction. So the signs are very promising.

Q4Chair: Mr Heath, you and I have spoken before about things that have gone wrong in the moves towards digital delivery. Since public services started appearing online about 13 years ago, have the Government improved their understanding of the use of the internet and kept abreast of technological advances, or are there still weaknesses in the system?

William Heath: Both things are true: it has improved and there are still weaknesses. There are definite examples of good practice. The whole move towards open data, transparency, making available structured data, and the power of information agenda, which started under the last Administration and continued under this one, is very powerful and strong. For me, the big missing ingredient is a similar agenda about personal information. The power of information and open data is about stats, numbers, money, organisational structures and legislation. What is not yet on the right track, but there is progress, is understanding the real role and power of personal information and data. The idea of personal control over personal data is an idea whose time has come; it is not just a liberty, human rights, Lib Dem idea; it was in the Labour and Conservative manifestos. There is broad agreement and support for the notion that personal control over personal data is a big step forward, and we are now at the stage of working out just how that should happen.

Kevin Seller: As to "if it is done properly", William makes a good point. There are still at least 7 million people who are not online, and it is estimated that about 16 million probably could not complete a complex online journey. I think that is where the Post Office comes in. We have always been about universal access to service. Traditionally, we have always been about access to Government services. Even today, we still carry out a number of Government services. Typically, if customers have something from Government and don’t know where else to go, they come to us. I would see that happening both as people start to move online and in the online world. We still get people coming to our website to find out about passports, car tax and so on, so we are associated with Government journeys, and in the future we have a big responsibility to make sure that for those who are not online the Post Office is there to help them and get them through that experience.

Dr Thomas: Things are getting better slowly, but the Government still have a lot to learn about the real science that underpins the dependable development of software. The Government do not appear to understand how easy it is to de-anonymise supposedly anonymous data, for example. Consequently, they keep announcing policies that are clearly going to become unravelled as a result because it will be possible to-

Q5Chair: Can you give an example?

Dr Thomas: I give the example of the release of medical records. The general principle is that, if the information started off as personally identifiable data and post-anonymisation it still contains enough information to be of any use to anybody, by matching it against other existing datasets you can find out who the people are. That has been demonstrated time and time again. Therefore, the notion of useful anonymised personal data is an oxymoron. The idea of releasing personal data about citizens in the country ought to be off the agenda. I do not believe that the Government have kept up with the advances in privacy-enhancing technologies and different ways of doing identification and the strengths and weaknesses. In particular, from a technology point of view, there is a constant assumption that you can get stuff good enough by testing it and if, for some reason, there are faults in software it means you have not tested it enough, when heroic amounts of testing won’t give you a high degree of confidence that things are correct or have the properties you expect.

Q6David Tredinnick: What do you think of the progress of the Government Digital Service to date? Could the Government provide further help to deal with the problems you are describing?

Dr Thomas: I have no doubt that they could help substantially further by adopting policies, but, unfortunately, they will get a lot of pushback from the industry if they attempt to do that. We need much better engineering in the software that is used. In general, it would mean, at least for a transition period, that you would have to stop using off-the-shelf commercial software in a lot of applications, and the industry would claim that that would make everything hugely expensive and so people would back away from that as a policy. I would like the announcement of a timetable at the end of which people who develop software that contains vulnerabilities that should have been detected because a state-of-the-art developer would have found them are liable for any damage that is caused. If the Government were to adopt that as a policy and set a timetable, the market would respond to that. Maybe it would have to be a five to eight-year timetable to introduce such a policy, but it would put the risk back on the shoulders of the people who have the power to fix the problem, whereas at the moment the public carry the risk of things being developed badly and, unfortunately, they cannot do anything about it. They cannot even tell whether or not they are accessing something that is secure.

Q7David Tredinnick: You think that further testing is required, mainly by a Government standard?

Dr Thomas: Testing won’t do it; it has to be done by analysis. That means the software has to be written in such a way that it can be analysed, and that is a big change to the way the industry currently works. It is the way people work in the safety-critical or security-critical community at the moment. Software is developed in such a way, and it is not unreasonably expensive to do that, because most of the cost of developing software comes from finding and repairing the errors. If you avoid the errors and make it easier to find those that remain, you reduce the costs.

Q8David Tredinnick: Do you think creating Digital Leaders is an effective method to drive the strategy?

William Heath: I am probably not qualified to comment on how internally some officials get other officials to do what they think is the right thing. In response to your earlier question about the GDS more generally, they have an exemplary commitment to design, to meeting user needs and to radical cost-cutting, which is long overdue in Government technology. They use agile methods and open-source software. They make their own software available, which means it can be easily inspected. They have already won an award for their Government UK website, and as that moves to transactional services it will achieve a great deal. We are a social enterprise start-up of a small number of people, so how you get large numbers of people to change their behaviour is not my area of expertise.

Q9David Tredinnick: How effective will the Cyber Security Information Sharing Partnership Initiative be in combating cyber crime?

William Heath: Again, our focus on keeping data safe is to help individuals to keep their personal data safe. That is where all our focus is, so I am really not best placed to comment on a wider initiative like that, but perhaps Dr Thomas is.

Dr Thomas: Sharing information about the threats and the ways other people are countering them is obviously beneficial-it can do no harm, and it will do a lot of good-but it does not get to the heart of the problem, which is very often the quality of the software. If somebody sends you an image, you ought to be able to trust that all the software will do is display it and it won’t run any code or execute something that could damage your computer. That is simply violating the nature of the object that you have been sent. An awful lot of the threats that arise have at their root bad engineering, and we need to fix the engineering.

Q10Stephen Metcalfe: You touched on the potential weaknesses within some of the programming software itself. How robust do you think is the actual infrastructure that could carry all of this digital Britain? Is that vulnerable to threat, or is it pretty robust?

Dr Thomas: Do you mean the internet?

Q11Stephen Metcalfe: Yes, the infrastructure-the physical parts rather than us at the end.

Dr Thomas: It is pretty robust. It is subject to things like denial-of-service attacks and so on. There are known vulnerabilities in internet protocols and in some of the routeing components, for example. It would be possible, and has in some countries proved possible, to bring down parts of the infrastructure by cyber attack, but the internet was designed to withstand a fair amount of damage and continue to deliver services, and it is an extraordinarily successful piece of engineering.

Q12Stephen Metcalfe: What about the Government servers that are plugged in at the end of that relatively robust network?

Dr Thomas: They vary, inevitably, yes.

Q13Stephen Metcalfe: We suffered 44 million cyber attacks last year. Is that an over-exaggerated figure?

Dr Thomas: It depends on what you count. An awful lot of the numbers quoted about the degree of cyber attacks come from people who have a vested interest, in that they are either trying to sell security software, and therefore it is worth identifying a large number, or they are in the business of providing security advice inside or outside Government and it is worth talking up the numbers. If you count every port scan and phishing e-mail as a potential cyber attack, you get very high numbers. If you count only the serious cyber attacks, where somebody is deploying a very focused and highly technical attack on a particular piece of infrastructure, you would not get very high numbers, and it is not clear to me that we know what those numbers are.

William Heath: You asked how secure the Government servers are. Can I turn that question on its head in a way with an image? If the Government servers are like castles with strong walls and a strong door in which lots of personal data is kept, Mydex is saying to the disenfranchised hunter-gatherers outside, "There’s an alternative to putting your personal data in that castle and hoping it doesn’t get abused or pinched, and that is to have a secure lock-up-a cottage with a strong lock on the front door-to which you and only you have the key." Our focus is entirely on the strength of the cottages for the individual, and I am not qualified to speak about the strength of the Government servers.

Q14Stephen Metcalfe: I like the analogy, I have to say. The problem is that you have a lot more cottages than castles.

William Heath: That is fine.

Q15Stephen Metcalfe: The danger is that there are weaknesses and some people might leave their cottage door open, whereas, hopefully, if you are the keyholder to the castle, you know that you are in charge of huge amounts of data and you know that you have to take that responsibility seriously. Is there a danger that someone can sneak in through those cottage doors?

William Heath: This is the whole point raised by the agenda of personal control over personal data. One alternative is that your medical record is in the care of the NHS and subject to its policies, to which Martyn referred earlier, or in the care of HMRC and at risk in different ways. These organisations will take steps to protect that data, but protecting the data of 25 million people is a far more substantial task and responsibility than protecting your own data. The individual is highly motivated to keep their own data safe, and the nature of technology and cryptography is that effectively the same tools-the same strengths of walls and lock-are available to the individual as to the organisation. It is long overdue that the individual should have that sort of place or format in which to protect their personal data. The individual is also interested in a much wider range of data about themselves, not just their health record but exercise record, diet, shopping, utility companies and future intentions. There is something complementary but qualitatively different, in that it is holistic and sees round the entire individual’s life, but to which very similar forms of often standard and off-the-shelf protection can be applied.

Dr Thomas: If you are protecting a large amount of personal data-millions of records-the damage that can be done if you lose that data, or if it is exposed to unauthorised access, is very large as well. Realistically, that ought to mean it attracts a very high security classification and is treated in the same way as the Government would treat highly classified military data, for example. That is not done. The degree of protection that is accorded to large datasets of personal data is, in my opinion, completely disproportionate to the threat that they pose to the citizenship if they were to be exposed. We need to try to pull those things into balance. Interestingly, in the smart metering programme, for example, they have decided not to have a large central database. The individual meter readings will remain in the meters and be distributed around the country. There will not be a central repository of that data. That was a decision taken in order to improve security.

Q16Stephen Metcalfe: Earlier you questioned the number of cyber attacks. Of those that would be considered serious attempts to gain access to the data, is the threat from within the UK or is it predominantly from outside it, and what is the purpose?

Dr Thomas: This is straying into territory that you may not wish to go into. If you do want to go there, you probably need a private session with GCHQ or CPNI to answer those questions. In terms of what has reached the press, it appears that the major threats have come from outside the UK, and the same thing appears to be true in America. Things that have reached the press appear to have come from outside America.

Q17Stephen Metcalfe: But do you see it as individuals or organisations trying to make some financial gain, or is it a more systematic approach to undermine the functioning of the country?

Dr Thomas: There is no doubt that both things are happening. State cyber attacks are increasing, and organised crime is becoming ever more technically capable and using the technology in very highly funded ways in order to take forward crimes. Both things are on an increasing trajectory.

Q18Stephen Metcalfe: The Government have put £650 million into increasing cyber security. First, is that having an impact, and secondly, is that enough?

Dr Thomas: Most of that money went to the security services. It can never be enough. It is not possible to tell whether that money is being spent effectively, because it is being spent within organisations that do not, for very good reasons, talk about what they are doing in this space.

Q19Stephen Metcalfe: My final point leads on from an earlier question about how swiftly the Government adapt to changing technologies. Are they keeping up with the changes in personal technology trends-for example, mobile phones, iPads and different ways of accessing data? Are they up to speed with that, and do they adapt quickly enough to make sure that those are also secure access points?

William Heath: One thing that will stabilise and standardise is the way computers talk to each other. In open data, the emergence of application program interfaces-APIs-has been crucial to standardise how all this works. Government can never adapt and adjust to the full range of individual nuances, conditions and difficulties. The idea that Government centrally can provide personalised services to meet everybody’s needs and preferences is a nice idea, but it is not going to happen. What can happen is that standard Government services, open data information like Government services and the ability to transact, can be made available through these standard interfaces. If that is standardised, on the individual’s side you can evolve as fast as you like-iPads, smartphones, glasses, whatever is next-and the Government can focus on providing standard services through a standard API; and that is where it is headed.

Kevin Seller: The Government Digital Service have been quite clear that one of the ways they will get take-up of digital is through excellent customer journeys, so they have absolutely the right focus. It is about what the customer wants to do, how the customer interacts and how they feel about the journey. Our role in the Post Office is to make sure that everybody has access to those customer journeys, and if they get the excellent customer journey right it will encourage take-up.

Dr Thomas: Devices like smartphones have not been designed from the beginning with security in mind. If you start allowing people to access data inside your firewall over devices like that, clearly you are creating security vulnerabilities. Government will always be in the position of playing catch-up on what is going on in the consumer field. You cannot realistically expect Government to stay completely up to date, or, for the same sort of reason, any other large organisation: the investment would be too great.

Q20Stephen Metcalfe: Do you think that the Government are at least aware that they are always playing catch-up, or does it come as a surprise to them when new technology emerges?

Dr Thomas: In my opinion, the advice that CESG provides to Government Departments is exemplary.

Q21Stephen Mosley: How important is the Identity Assurance Programme when it comes to the digital by default strategy?

William Heath: If you are going to provide digital by default services, people need to be able to prove their entitlements or claims that they make, so it is essential.

Dr Thomas: It is essential to be able to authenticate people when they are accessing services or looking at data and claiming to be the person who is entitled to look at that data. The process of doing that is hard. Therefore, getting that right and making sure it is robust against attack is going to be critical.

Kevin Seller: From our point of view, you need to have three things in place to make digital by default work. The first is identity. Knowing who you are dealing with when they are online is absolutely essential; ID is crucial. The second point is that you need to have somewhere for those who are not online to be able to get access or to have a way of accessing services. The third thing is that you have to have a way of getting the paper out of the process; otherwise, if you have an online journey, all the good is undone if you end up sending something somewhere that has to be processed. You have to get those three things right, and ID is right at the top.

Q22Stephen Mosley: Since 2001 we have had the Government Gateway in place. What is wrong with the Government Gateway? Why can we not continue with that approach? Why do we need something different?

William Heath: I am perhaps not best placed to comment on that. The Government asked for an ID Assurance Programme. We are a UK-based start-up social enterprise that lets individuals take control of their personal data. That is not in itself about proving you are who you say you are; it is a generic capability about any form of entitlement or what underlies any kind of claim. For example, "I’m over 18 but you don’t need to know who I am," or, "I am entitled to welfare and therefore entitled to the lowest form of energy tariff." I am not an expert on the Government Gateway. I don’t know why the Government would decide to move on from that, but, given that it has been 10 years, I can well imagine that a technology refresh could be timely.

Dr Thomas: Establishing ID requires, first, that you have a robust way of registering people so that you have tied whatever you are using to authenticate them to the biological individual who ought to have that authorisation. Then it requires the authentication process to be robust when you check that the person who is accessing is the person who registered. Tying those two things together in a way that is not vulnerable to abuse is very difficult. If you look at the way in which commercial organisations have done that, they are moving more and more towards two-factor authentication, requiring electronic one-time pad generation of passwords and so on. You have a challenge response that means that, at the very least, you know somebody is capable of telling you a shared secret about themselves, and that they have in their possession a physical object you can verify, like a smartcard or one-time pad generator that they got at the time of registering. That is an expensive process. Some banks have gone down that route. If the Government go down that route, a lot of investment is required and you have to be able to handle the failure modes when people lose the token generator, or whatever it turns out to be. Keeping up with the kind of integrity you need for identity verification is pretty hard.

Kevin Seller: I don’t really have anything to add to what William has said. I don’t really have a view on the Government Gateway; that is very much a matter for them. We have responded to the Government procurement and we intend to be one of the IDA providers. I think our brand absolutely lends itself to that sort of market because customers trust the Post Office, especially for Government business.

William Heath: We have rightly focused on trust and safety, and that is exactly what we were obsessive about in setting up our company, but as we researched and did a community prototype involving data passing from individuals to local authorities, we learned the very strong lesson that from the individual’s point of view these processes are all about convenience. The adoption of digital by default is all about it being designed in a way that is immediately convenient to the individual. The questions of trust remain essential, and they will crop up and bite you if you get them wrong, but, if Government can adopt a way of signing on for Government services that is more convenient, they undoubtedly should do so.

Q23Stephen Mosley: Your answers were very full, and a lot of them were, "If the Government do this, this is what they should do." The Government have produced good practice guides that they are asking potential suppliers to comply with. Have you had an opportunity to look at those good practice guides, and are they what you would describe as good practice?

William Heath: Do you mean the identity and privacy principles?

Stephen Mosley: Yes.

William Heath: We think the identity and privacy principles are excellent. They are currently in draft. We believe they are moving from draft to a published form; we would welcome that and are very happy to be held to that standard.

Dr Thomas: The good practice guides are good in what they actually say, but as an ordinary user of the service you cannot tell whether somebody has implemented a system according to the good practice guide, so it leaves you with a degree of uncertainty. I very much doubt that the identity providers will be willing to carry any liability if it turns out that they have security vulnerabilities in the ID verification that they are providing, simply because that liability could be extremely large if they had to notify all the users and compensate them for any damage caused by unauthorised release of their personal data as a consequence of those security vulnerabilities. It is not clear that, in the implementation, you will end up with something that is strong enough. From the point of view of the Government service, you end up importing all the security vulnerabilities of all the people you allow to become authenticated as identity providers. For each individual, it is only the ones they have chosen to use that put them at risk, but for the service, if any of them is compromised, it will damage the reputation of that service.

Kevin Seller: They are in draft, as William says. Our initial view is that they look okay to us, but the key to this is how it will impact on the customer. In the Post Office we are always trying to make sure we focus on the customer impact and how the customer feels when they have to go through this experience.

Q24Stephen Mosley: I know that the next questioner wants to ask about the specifics of how it will work with the different identity providers. Looking at the macro level, one of the advantages that the Government are proposing is that it will allow users to control their own data. Could you explain to the layman how that would work?

William Heath: Sure. That is our bread and butter: we are set up deliberately for that sole purpose. The idea is that you create for the individual and offer them for free in perpetuity a place where they can acquire and store data. They could type it in; they could download it through a data give-back, such as is available from online service like Google, Twitter or Facebook. There is the Government’s "mydata" programme, which presumes that banks, utility companies and phone companies will give the structured record back to the individual-after proper authentication of course. Individuals will need a place safely to store and manage that data. To get utility from it and to get stuff done, they will need a highly controlled way in which to reveal parts of that data to fulfil the requirements of the service that they want, which could be a Government public service. That is what Mydex does. It gives the individual a unique, personally encrypted data store to which only the individual sets the combination lock, effectively, and the capability from that personal data store to make a connection to the standard interface for a service that they want.

Stephen Mosley: Maybe I could butt in later when we get to the specifics.

Q25Sarah Newton: I imagine that from a layperson’s point of view they will be thinking, "Local or national Government have a lot of information about me and will always need to have that information about me." In your opinion, why have the Government sought to look for third party identity assurances rather than build their own capacity?

William Heath: The Government have a lot of data in a lot of databases, but they are nothing like the full richness of data that people use to run their own lives. When people perceive the locus or centre of their personal data, they do not immediately think of a place in Whitehall that knows more about them than they do. Perhaps they may be uncomfortable about surveillance or data safety or leakage, but only they themselves know their true intentions, preferences and real reasons why they do things. Perhaps "identity" is an unhelpful term. We would think of it more in terms of proof of claims that people make. It has always been a third party matter. It has always been the DVLA that says you are licensed to drive, the IPS that says you have a passport and can travel, or the bank that says you can have a bank account, you are creditworthy or able to pay a bill. The whole notion of proving your trusted status in an economy or in society has always been about your relationships with other entities. We have been through a relatively short period-10 or 15 years-in which the assumption is that those proofs are held not by the individual but by the other organisation. That is fundamentally unenlightened and technically it has shortcomings, which are becoming increasingly clear.

Kevin Seller: I don’t really have anything to add to that. I don’t think it is for me to comment on Government policy as part of the Post Office.

Q26Sarah Newton: Following on from that and looking at some of the practicalities about having third parties, what risks do you think there are in going that route? Why have the Government chosen more than one organisation to do this?

Dr Thomas: The risks are that people will lose control of their data simply through the vulnerabilities in the identification process. At the moment, if, for example, you lose control of your PayPal account through one of the standard routes of phishing, hijacking, key-logging or whatever, there is a limit to the liability and the damage that will be caused. You are likely to lose money, which can at least in principle be replaced. If you are using your PayPal account credentials to log in to get access to and curate your personal data, which is highly sensitive, and you lose access to your PayPal account, you lose access to that data and somebody else gains access to it and can do what they like with it. Potentially, the damage goes well beyond things that can be replaced, because privacy once lost cannot be regained. You are increasing vulnerability in areas that may not be apparent to the people who are using it. If you are using an account that appears relatively low risk, you may lend the credentials to a friend or family member. If you start using that to give you access to personal data on a Government website, it may not be apparent to you what you have done in terms of exposing that data to somebody else. There is a conflation of issues here that poses a potential difficulty in the way forward.

Kevin Seller: As to why they have more than one provider, they want to create a market so there is competition out there, and it gives the customer a choice of where to go to have their identity certified and held. That was the idea. Of course, if you create a market, you drive better value for money.

William Heath: As I said at the beginning, it is long overdue that there should be practical tools and rules for protection of personal data. Diversity and competition is a healthy thing in this process. The Government have admitted very diverse companies to the ID Assurance Programme. Kevin’s Post Office is very different from Mydex, a high-tech start-up. They have held the door open to the idea that this problem can be solved by personal control of these crucial personal credentials. That is a model that, in theory, works well. It has been tested only in prototype, so to have it in there as one of the options seems to us a very healthy and wise thing. All the ID assurance providers want this process to work. In one sense we are in a competitive position, but Martyn’s point is, as ever, a sound one. This is as weak as the weakest link. None of us wants a weak link in ID assurance and far less do any of us want to be that weakest link.

Q27Sarah Newton: What mitigation can be undertaken to prevent this weakest link and the impact on the overall quality and protection of the data?

Dr Thomas: You have to come back to making the people who are providing the service of identity verification liable for the consequences of any failure of that service and for the consequential damage that occurs, because only they can fix the security issues.

Q28Chair: Is that why organisations like some of the card companies-Visa and so on-are more trusted than Government, because they accept that the buck stops with them?

Dr Thomas: Yes, I think so, and because they are dealing with things where you can compensate. You have a quantum that is clearly identifiable when something goes wrong. If somebody has stolen £10,000 out of your account, £10,000 will fix the problem for you. When you are dealing with personally identifiable data, people’s health, sanity, maybe even their lives, are at risk if that is exposed to the wrong people, so you have a much different scale of threat.

Q29Sarah Newton: Taking the analogy that the Chair raised and what you alluded to, what could that compensation be? I understand that, in order for the organisations to take responsibility for the very important service they are going to be providing, if they felt consumers would have some come-back when they made a mistake, that would be motivating. How could that be done? How would you put in place a financial measure in terms of the issues you identified, such as health records getting into the wrong hands and decisions being made incorrectly?

Dr Thomas: Realistically, you could not guarantee to compensate adequately, but if you had statutory compensation that was reasonably substantial, even at the level of a few thousand pounds, and multiplied that across the number of people who would be using these services, it becomes an extraordinarily powerful incentive to get it right.

William Heath: From our point of view, we are happy to be held to account for meeting or exceeding all the standards set out in the Government procurement for ID assurance. That seems a good start. Martyn made a series of very good points about poor engineering and software liabilities and failures. There are also points about conflicted incentives and poor underlying intentions. It is difficult if a company acquires a vast amount of personal data as a by-product of providing a service for Government and is usually in the position of wanting to mine or exploit that data. The Mydex model is that the personal data that flows through this platform is under the control of the individual. The individual is the data controller and Mydex as service provider cannot see that data. We could not use it even if we wanted to, which we don’t. The alignment of incentives is just as important as the valid points Martyn made about the competence of the implementation.

Q30Chair: But that does present a paradox, doesn’t it, in areas like health, where your system gives me the right to protect my data but societal benefits could be gained from having better anonymised data sharing? How does one deal with that? Is there a technical solution?

William Heath: The best way of putting it is that there is a technical solution for what society decides it wants to do. As for an individual who controls their own personal data, imagine they have a complex set of dealings, not just with health but also social services, the ambulance and the local authority. If the individual has control of either the whole data record or even just the keys that give permission for access, the individual can allow a joined-up service to take place. They can permission access to what is necessary for each service provider to do what it wants, so it solves the data-sharing problem in cross-boundary care. That could be either just a permission or the part of the case records that they need. The Data Protection Act recognises that personal data is the individual’s and their informed consent is an absolute protection for data sharing. If you have infrastructure on the side of the individual as well as with each organisation, you can implement any choice you decide to make about how much of people’s health records should be shared for research purposes, and to what extent that should be under their sole control.

Dr Thomas: There are technical solutions once you characterise the problem you are trying to solve, but you cannot make the data generally available for arbitrary use while preserving privacy. That simply cannot be done. Therefore, it is a political decision whether you decide that the privacy of the entire use of the health service is less important than the societal benefits that would come from being able to exploit their medical records.

Q31Chair: In the inquiry we have just completed on clinical trials, some evidence suggested that the concept of a trusted third party to place the bank data could be a way of progressing that.

Dr Thomas: That gives you the ability to hold the data in a trusted way in principle, but if you are releasing that data for use, the people to whom it is being released are not that trusted third party; they are other third parties. There are technical solutions that would enable you to measure the reduction in privacy caused by each search against a database and the data yielded by that. Proposals have been put forward where, for example, you would measure the reduction in privacy against a particular dataset to the point where any further search would compromise it beyond a threshold that you pre-determined. Then you would say, "You can’t use this data ever again for any purpose in future; it’s finished." That is a powerful incentive to make sure you do only the most narrowly-focused searches that have the least privacy impact, because they are taking less of the value out of the dataset you are holding. Those approaches are available. I don’t know of any proposal to go down that path on the Government’s behalf.

Q32Sarah Newton: I have a question specifically for the Post Office. I represent a rural area. Like anybody who represents a rural area, our post offices are unbelievably important to us for lots and lots of reasons. I am very interested that you are here today and in the way you have talked so positively about the importance of your ability to engage with this new service. How important do you see it as part of the future of the post office network?

Kevin Seller: For the part of the business that I run, which is the Government service, it is hugely important, for a number of reasons. I would not like to talk about the commercial side. For me, this is more about the public side of it. You are quite right-in rural areas, how do people get access to services, especially if they are not online? Nationally, about 99% of customers are within a mile of a post office; in rural areas it is about 93%. So accessibility will be crucial for customers who are not online.

We see that we can do three things. We can be one of the identity assurance providers because our brand lends itself to customers trusting us. When you look at the process customers will go through, they will need to choose their identity provider. I think a lot of people will choose the Post Office brand. I am sorry, William.

The second part is about the assisted service. If you are going to go digital by default, the Post Office needs to be there to make sure that everybody can access digital services in branches. We need to look at how we do that. I don’t see it using paper; I see it using online technology, in the same way that the Government will through GDS.

Thirdly, I think we can play a key role in taking that paper out of the process. Some of the technology we are looking at is about how we do digital photographs to support passport applications and digital signatures to support driving licence and passport applications, and how we can make those customer journeys better for the individual-particularly for the individual who will not be able to use online services. There is a huge opportunity to provide a great joined-up customer service, and that has a commercial benefit that makes the whole post office network more viable in the future.

Q33Sarah Newton: That is all very exciting, and I would agree with your vision from the customer’s point of view, but if I think about the physicality of post offices in rural communities right now, that is a big change programme. To create spaces in them so that people can sit down with a computer and be assisted-I am thinking of vulnerable people claiming benefits, old age pensioners, and all sorts of people who will so thoroughly benefit from the customer journey you are describing-is a big transformation programme within post offices as they currently are. Is your vision aligned to the post office network transformation programme?

Kevin Seller: Yes, absolutely. We are investing in the branches at the moment. Part of what we are doing is to try to do some future-proofing to look at how we introduce those sorts of services. Will all services be available in all post offices? I doubt it. Will there be some services available in all post offices? Yes. Will there be some post offices that have all services? Yes. Is there a vision for the network and the aspiration for these sorts of services? Yes, they are absolutely aligned.

Q34Graham Stringer: If I correctly understood your answer to Andrew’s question, are you saying it is impossible for Government to keep records and individuals’ information anonymous?

Dr Thomas: No. I was saying that, if you release personal data so that it is accessible to people who also have access to a lot of other data, and it is data that is rich enough to be useful to anybody, you cannot release it in an anonymised form, because by comparing it with other publicly available data you will be able to identify the individuals.

Q35Graham Stringer: I am clear about that and there are all sorts of implications in that for work on research.

Dr Thomas: Yes.

Q36Graham Stringer: You make the obvious sensible point in your written submission and said earlier that the public have no way of telling whether the good practice guidelines have been followed. Is that important?

Dr Thomas: At some level-not if the liability for any failure falls upon the people who are providing those services, because the individuals will be compensated at whatever level has been decided and will gain some assurance from the fact they know that the pain will fall on the people who are offering them that service. Otherwise, yes, it is important, because why would they trust the service if they were not able to tell that it was trustworthy?

Q37Graham Stringer: So you think that compensating them is a more effective way of dealing with the problem rather than explaining whether or not the good practice guidelines have been followed, or allowing them to test that?

Dr Thomas: I do not know of a mechanism whereby it would be practical to explain or allow them to test it.

William Heath: To repeat our message that it is convenience that leads people to adopt these things, Facebook has over 1 billion users worldwide. Like it or loathe it, it is very successful. When we did a prototype with local councils, the DWP and Cabinet Office, we wrote privacy policy terms and conditions that were extremely favourable and friendly to the individual. We made a real effort to make them as comprehensible, supportive and helpful as possible. The average eyeball time spent on them was less than a third of a second. People won’t even look at this stuff; they simply go ahead with what is convenient. Whether or not it is trustworthy emerges in later months and years.

Q38Graham Stringer: The Post Office is aiming to increase the nation’s digital skills over the coming years as well as improve ID assurance. What are your plans over the next two or three years? How are you going to achieve that?

Kevin Seller: At the moment, we are engaged with the Government Digital Service. They have recently issued a prior information notice for procurement for what they call assisted digital, which is the service that will be available to customers who do not have online access for their own benefits and will need to go somewhere or have somebody help them complete an online journey. We will be responding to that. We believe we already have contractual cover in place that will allow us to provide some of those services through a DVLA framework. We are trying to work closely with GDS, the Government Procurement Service and Government Departments to make sure that we are at the forefront of accessing those services and providing assistance to customers who cannot go online. We do not see ourselves necessarily providing the training to enable people to become competent with computers, but we already have in place a database that will allow a customer to go to any post office and we can direct them to the nearest facility for training to get them more digitally enabled in the future.

When we look at the customer base, there are about 16 million customers who probably could not complete an online journey at the moment. Within that, about 7 million have never used online. You will start to see more and more customers coming in. One group will come in who will need some help once, and they will be on their way; another group will come in and need help two or three times, and they will be on their way; and there will be a group who will always need help to do this simply because they will never get the digital skills. That is where the Post Office has a core task to make sure those customers are included and not left behind.

Q39Chair: It may be that it is not appropriate for you to do the training, but it would seem to me fairly straightforward for the Post Office to prepare a training pack for people in communities where there are online training centres, especially in areas of deprivation where access is difficult. Have you thought of doing anything like that?

Kevin Seller: We are working very closely with Go ON UK and a number of stakeholders to make sure we can provide facilitation and access. We will not be doing the training, but we will make sure that for any customer who wants access to the training we can point them in the right direction and make sure they know who they can go to in order to get the training.

Q40Chair: Mr Heath, earlier I thought you were trying to come back to something raised by Sarah Newton.

William Heath: Perhaps I should pick up Kevin’s point. He is absolutely right that Mydex is not yet as well known as the Post Office. We are in this programme on an equal basis on merit. Our service is live and available now and already contracted to the BBC, housing associations and so forth, so we look forward to rectifying that.

Chair: It is an interesting challenge. We will watch this space. Gentlemen, thank you very much for your time this morning.

Examination of Witnesses

Witnesses: Tony Neate, Chief Executive Officer, Get Safe Online, and Clive Richardson, Director of Research and Public Affairs, Go ON UK, gave evidence.

Q41Chair: Can I welcome the two of you here and first invite you to tell us who you are for the record?

Tony Neate: I am Tony Neate, chief executive of Get Safe Online.

Clive Richardson: I am Clive Richardson, director of research and public affairs for Go ON UK.

Q42Chair: It would be helpful if you could just outline your organisations in the digital by default strategy.

Tony Neate: Get Safe Online was formed about seven years ago. We are a notfor-profit organisation backed by UK law enforcement and Government but very much a partnership between the private and public sector. We are to educate computer users from children all the way up to silver surfers, but that relates to security, not necessarily child protection issues.

I am an ex-police officer. I helped to set up the organisation when I worked within the then National Hi-Tech Crime Unit dealing with serious organised crime. It was a combination of Government and private sector realising they needed to educate people in a clear, understandable way in order for them to be more progressive and productive when online.

Clive Richardson: Go ON UK is a small charity. We are the UK’s digital skills alliance and want to help individuals and organisations share their digital skills with others. Baroness Lane-Fox is our founder and chair, and we have eight founder partners who help us deliver services.

Q43Chair: Are the public aware that Government services are becoming digital by default?

Clive Richardson: People who are using services are aware of this transformation. Customers of DWP who will be claiming benefits under universal credit know there will be an online component to that. I think perception of the digital by default agenda is not widely understood. Lots of people who are offline are offline because they are not interested in being online. It is not because they are put off by difficulties; they are just not interested in having anything to do with the internet.

Tony Neate: They are probably not. They will probably be aware of those services only when they require them, and either they use them online automatically or they cannot obtain them in what I would classify as the real world. I think it will be a matter of time, but people will become very much aware that, as with most things, you need to be online in order to progress what you are trying to do.

Q44Chair: But doesn’t that present a problem? To cite an example, I suspect that most people in this room could not recite their national insurance number, although a lot of people coming to our surgeries can do so because of their familiarity with it from time to time. Lots of people who need Government services come into the system for the first time. How are they going to cope?

Tony Neate: It is going to be difficult for them initially, but it is inevitable. I would like to give two examples. First, I went to a family birthday party of a two-year-old. My wife gave the two-year-old a cardboard book, which probably all of us over a certain age recognise. It had four or five pages, all made of hardboard. When we gave it to the two-year-old, the first thing she did was swipe it like a touchscreen. It is inevitable.

Q45Chair: My granddaughter did that with a television screen, trying to change the page.

Tony Neate: Absolutely. When I looked around this Select Committee, I think there was only one person I saw who didn’t have a mobile device in front of them-a gentleman sitting over there. Automatically, this is going to happen. We want to make that a good experience for the user. We want to make it a good experience for people. I always remember the 10-80-10 rule. 10% of people will automatically pick something up immediately, so 10% of people went out and bought a flat screen television. 80% will wait to see how it works; they will look and get advice; they will see they have no choice. 10% will never go there until they can’t do anything else.

Clive Richardson: If we look at some of the statistics on this, an ONS survey shows that 7.1 million people, or 14% of the population, have never once used the internet. The majority of those are over 65, and about half tend to be from the lower socio-economic groups. About 32% of all disabled people have never been online. There are some groups who are less likely to use the internet than others. Of those people who are offline, the ONS survey also showed that half of them say they just didn’t need it. About one third say that cost is a barrier; about a fifth say they do not have the skills to go online, and, interestingly, 4% say they are not online because they have concerns about privacy and security. But access is only one part of the equation. The ability, confidence and skills to transact on line and send an e-mail to communicate is another part. Being connected does not mean you automatically have the ability to understand how to use services. As you heard before, 16 million people lack those basic online skills confidently to operate online.

Q46Sarah Newton: You identify the digital divide extremely well. It is the group of people you have just described who probably use Government services to the greatest extent. These are particularly people who use the NHS, the benefits system and social care. From the Government’s point of view-in the broadest sense of the word "government", because it can be local and national Government-these are the people one would want most to engage with because they offer the greatest potential savings, and, on the positive side, the ability to link up services around them, if there were adequate data-sharing mechanisms. There are lots of Government schemes to try to get health professionals, social care professionals, social workers and even the criminal justice system to link up around families or people with particular levels of support. What is going to be done about that?

Clive Richardson: That is what the assisted digital programme is looking to do. The AD programme will ensure that customers of those services that are being transformed will either be assisted to enter their permission into a new computer, or someone will do it on their behalf. GDS is working with the Department to redesign 23 exemplar services, which will be the first ones to be fully digital. All have assisted digital provision.

If you are looking to claim universal credit, carer’s allowance or personal independence payment, there will be a mechanism in place by which you can do that if you cannot self-serve and do it online at home. There will be some provision available. It is in the Government’s interest more widely to make sure that individuals have the ability to self-serve. Where people will be able to do it themselves, with a little assistance, there should be some provision available for them to get trained up to do it, but there will be some individuals who, for whatever reason-disability, low levels of English or other factors-can never do it themselves. There always needs to be some other method of allowing them to access Government services that are being transformed.

Q47Sarah Newton: Let’s drill down into that. From the plans that you are aware of, are you saying that in, say, Jobcentre Plus there will be an area where there will be computers and staff to assist people coming in and show them how to make online applications? Is that the sort of thing you have in mind?

Clive Richardson: I think so. I am not familiar with exactly what plans Jobcentre Plus or DWP have, but I know that currently some Jobcentres have internet access devices. You can do an online job search and put your CV through terminals provided within the Jobcentre. I understand that, in the future, there will be a range of options for people to deliver other services like universal credit, which does not necessarily involve being in the Jobcentre; it could be from the Post Office or one of the other parties who are interested in providing assistance.

Q48Sarah Newton: Or it could be on a mobile tablet with a district nurse.

Clive Richardson: Absolutely.

Q49Sarah Newton: I can see how different vulnerable groups of people who are not able to access the internet at home, or, even if they did, would not be able to for other reasons, could get access to it, but are you aware of a plan to make that happen practically? It is one thing to have well designed gateways once people get on to a screen; it is another thing as to how you ever get to the point where they are in front of a screen with somebody alongside them to enable them to do it.

Clive Richardson: I am not aware of there being one plan to do this, but different sections of the population learn in different ways. Users who may be online in a slightly narrow sense and have a medium level of digital literacy quite like to learn by observing friends and family and from others, so they are more comfortable with trial and error. They will do things for themselves and be online generally. Lower literacy users and those offline may well need more formal structured training to enable them to be confident to operate online more generally. I don’t think there is a one-size-fits-all solution; it depends on different groups’ preferences for learning how to do stuff online.

Q50Sarah Newton: I definitely agree with you that it is not one size fits all. What evidence is there that, once people have enabled access, they prefer to do it that way than have a more paper-based personal approach?

Clive Richardson: Ofcom carried out research into adults’ media literacy, including digital literacy. It showed that, if the benefits of using a service are clear, people will use it and they will learn how to use it. It goes back to the point made earlier that, if the service is straightforward, convenient and easy to use, people will want to do that and overcome other barriers in order to allow them to use it fully. The design and quality of the service is absolutely paramount here to encourage people to use that rather than any other mechanisms. If you try to interact with the online service and it is frustrating, or it does not really work, you will pick up the phone, turn up at the Jobcentre or go to your GP surgery, but if the service is easy, straightforward and convenient to use you will prefer to use that.

Q51Sarah Newton: Having established that people are interested, once they clearly see the benefit and they have access, how might people who are part of the digital divide and are not accessing this now go about finding out? If you live in Truro, which is my constituency, how would you find out to get help to do this?

Clive Richardson: There is a range of organisations to help people with digital literacy and skills. The Online Centres Foundation have a few thousand sites across the UK that have more formal face-to-face courses to help people learn. You can log on to their website, type in your postcode and they will give you the five nearest ones to where you live. That is what the Post Office is also doing as part of their counter service. Age UK, one of our partners, also run digital inclusion sessions at day centres. Community groups often do this in community halls and church halls around the country, so there is a range. Apart from UK Online Centres, there is not one national database, but theirs is pretty comprehensive. Some of the more corporate organisations that have an interest in getting their customers online may also run sessions. EE, which own T-Mobile and Orange, run something they call "techie tea parties" in their retail stores where they get their staff to help potential customers, who tend to be over 65, to come in and get familiar with what an iPad can do for them and how they might get online. There is a range of ways of people picking up digital skills.

Q52Sarah Newton: That sounds fantastic. Has any evaluation ever been undertaken to look at the relative success of these different activities?

Clive Richardson: I am not aware of anything that shows how effective different methods are. BBC media and literacy research shows that the majority of people prefer an informal way of learning, asking friends and family-if you are online-how to solve a particular problem. About a fifth of people would prefer a more formal approach. That may be a face-to-face course; it might be an online course; or it could be a book; they could just read "The Internet for Dummies" and that is how they want to do it. The majority of people do informal stuff and that is their preference.

Q53Stephen Metcalfe: One of the issues that we have touched on is how secure services are and whether or not the weakest link in security is the individuals themselves. How security aware do people have to be to be able to use online services safely?

Tony Neate: It is a matter of sharing this particular problem; it is not an answer for one. People say that it is the responsibility of the individual, the Government, the police or software manufacturers. At the end of the day, the person who loses out is the individual. If somebody is hacked and money is taken from their account, they will be affected directly and other people will try to help. It is about confidence and making the process relatively easy.

When it comes to processes, I give the example of passwords. You have to be very pragmatic. We were criticised the other day on the Get Safe Online website for not mentioning that you should have 40 different passwords and change them every month. Plainly, it is not reasonable to ask an average person to do something like that. A bunch of keys is for different security devices or locks; there are different keys for different locks. It is the same with passwords. We do not tell people that every couple of months they have to change their keys because they have not lost them, but that is not the issue. We have to be more pragmatic. The more we can educate people about it the better. Time will be a big thing in relation to this. Make it an easy, simple process. That is what is important for people to use this type of functionality.

Clive Richardson: I come back to the Ofcom research, which shows that security concerns are not a significant barrier to banking or shopping online or using Government services, but being aware of security concerns demonstrates a reasonable understanding of digital literacy. If you are digitally illiterate, you may never or always do something because you are not really aware of the risks, so being concerned about something shows a reasonable level of literacy. The Ofcom research also shows that people who are confident online and do more things tend to be more aware of security risks but carry on with that behaviour anyway, so they are not put off by security concerns.

Q54Stephen Metcalfe: Why do you think it is that people who are obviously aware of cyber security issues are still using relatively weak passwords and are not necessarily up to date with their protection software?

Tony Neate: My belief is that, until it happens to them or a member of the family, they don’t really think about it. I don’t want to use the words "don’t care", but it does not affect them so they are not worried about it. When it does, that is when they will start to realise that it is important to look at the security elements. That is what we have got to do. We are trying to change people’s behaviour models and explain to them what it is.

Clive and I had a conversation outside. If you lived in an area where every time you left your house you got mugged, you would move; if every time you went online you were hacked or your computer was compromised, you would not go online. Clearly, that is not the case. We hear horror stories about how many bad things are happening online. We don’t hear about the millions of very successful transactions. That does not mean we have to be complacent; we still have to look at the good things and educate, but in a way to make it look positive and that it is a good thing to do and not a negative thing.

Q55Stephen Metcalfe: How successful are you at getting across that message? Is there more the Government should be doing in terms of communicating that?

Tony Neate: When it comes to digital inclusion, we have to look at above-the-line marketing and advertising. It is great to start pushing security online, but that is not very good for people who are not online, and one of the reasons they are concerned is the security element. You spoke earlier to the last panel about money. We could always do with more money. My daughter, who is the deputy head of a primary school, said, "Dad, until you start a big advertising campaign on television, people won’t know what the consequences are." We have seen the private sector move away from social media advertising back on to television and radio because it works. If the big guys use it, we should use it. There is a lot more we can do, but we are in an environment and economy where we do not have easily available money.

Q56Stephen Metcalfe: Do you think that sometimes the message about how you should be secure is too complex? There are too many different aspects to this, and sometimes people think it is all just too much. Is there merit in having a few, very simple, straightforward messages that would reduce the threat of cyber crime and cyber attack and online security?

Tony Neate: Absolutely, and we are looking at those messages. I go back to what I was talking about in relation to complex passwords and the number of times you change them. You have to look at this in an open way to make it easier for people. You don’t want to know when the latest virus comes out. People are not interested; they just want to know they are secure, and they have taken simple, easy steps to secure themselves, their computers and now, more importantly, their mobile devices. We are in a place now with mobiles that we were in 10 to 15 years ago with desktops. People need to realise that they need to be secure as well. Unfortunately, all of this is a matter of time and education.

Clive Richardson: About one fifth of the online population are classified as narrow users, so they are doing a very small range of tasks. They may visit five websites or so per week. Those users are the ones who are more worried about security and are less likely to take steps to put in place filters and understand how to use passwords. The way to build their confidence is to get them to do more things online. People who undertake more activities tend to be more able to deal with negative events, whenever they happen. Part of this is probably making it simple and communicating it quite clearly, but the more you can encourage people to do more things online, the more able they are to cope with whatever happens to them that is untoward.

Q57Stephen Metcalfe: We have to educate people that the threat can appear friendly. One of the things I don’t do is open unsolicited photos, because I am aware that potentially that can allow something to happen. It says, "I’ve found this picture of you. I thought you might like to see it." If you click, you end up infected. It is getting people to use it more, yes, but, also educating them that not everyone on there is their friend and to have a little bit of net savvy about them when looking at it-the "If it seems too good to be true, it probably is" type of approach.

Tony Neate: Yes and no. I had a conversation with Martyn, who spoke earlier, about the fact that on the Get Safe Online website we tell people not to click on unsolicited links. That is great if you don’t do much on the internet and no one contacts you on a regular basis. I do. To give you an example, if I write to you as an MP and send you an e-mail and say, "There is a loose drain which has been like it for three years, and this is the picture of it," have you got a duty to have a look at what I am sending you? I am trying to make this slightly obscure, but there are times in business and in what you are doing when you think, "Is this genuine?" We need to protect ourselves when we do click on that and when we put something right. I am going to speak to Martyn Thomas about perhaps altering some of the advice we put on the website to make more pragmatic what people should be looking out for when they click on that link.

Q58Chair: Just taking your earlier observation about advertising, do you think service providers selling goods online, providing bandwidth and so on have a greater obligation than they currently exercise in raising public awareness?

Tony Neate: Yes.

Q59Chair: As an example, immediately you try to click on the online service of my bank it says, "Do you want to download this piece of virus protection software?" and provides an explanation as to why you should do that. My system is pretty well protected, but people who are inviting you to look at sensitive data ought to be doing that.

Tony Neate: Yes, and that is happening. I give one example, of which there are probably a number. TalkTalk has a filtering system that is on by default and works upstream of the computers, so it works on the information coming through. You can tweak that to make sure that is helpful.

Q60Chair: Is there a case for Government doing the same thing?

Tony Neate: I never want to say that Government should directly be involved in that filtering and making those sorts of decisions.

Q61Chair: Or suggesting to people that they do that?

Tony Neate: There is a suggestion that people can do it. When TalkTalk did it, the big outcry was about freedom of speech, but you are the person who is making the decision whether you want this filtering put on. They are not; they are just giving you that opportunity. There is possibly an awful lot more that can be done. Security is a selling point. We have seen a number of banks selling their online credit cards and their banking online saying, "If something goes wrong, we will protect you in this way." I always look at the private sector because they are there, and they have got to exist and make money to survive. Government do not work like that necessarily. If something does not work in the Government, it does not mean the Government collapse, but it does with the private sector. Let’s take some very good learning curves from the private sector on how they do things. I think that is what is happening with Government and Government services with the ID assurance framework. They are putting it in the hands of eight trusted companies that can be dropped off if they are not providing the right services. I think there is good and bad on that.

Clive Richardson: In the example of your bank, presumably they encourage you to keep safe online because they may be partly liable if anything goes wrong whenever you are doing that transaction. This is a complex issue. TalkTalk is a good example where in the home you can have controls over what is seen by devices connected to your own wi-fi, for example. If your kids have mobile-enabled devices then your home software blocks stuff, but if they take them elsewhere they can access everything. There is a limit to what you can control, and the solution is probably more awareness about how you make the right decisions for your family and children rather than blocking things. It is a tough one.

Tony Neate: There are additional pieces of software you can put on devices outside. You can monitor what your children do outside as well. I am not suggesting that you be Big Brother. I have three daughters. I always wanted to know where they were going. If they were going to the park or I dropped them off with friends, I would not hide in the bushes but I would know where they were, what they were doing and who they were with. That is important when your children go online. You don’t have to be looking over their shoulder, but you need to talk to them, know where they are going and what they are trying to do.

Q62Stephen Mosley: We have seen some survey results that suggest that just 37% of people trust the Government to look after their personal details and keep them safe. Why do you think that figure is so low?

Tony Neate: I don’t know, but I don’t necessarily agree with it, personally. I always find it astounding that we criticise the Government for holding all this data, when massive commercial organisations and retailers hold a huge amount of data about us. A number of supermarkets know where I am at any point because of where I shop and what I do. I have insurance with them; I do everything with them online. They know everything about me, and yet we are paranoid, I think, about the Government.

A lot of people think that all Government data is in the same place. I was a policeman for 30 years. As a police officer, it would have been fantastic if I could have accessed the Inland Revenue or DSS to find out where somebody was. We keep it in separate silos. I am not quite sure why they don’t trust the Government. I don’t think there have been any major true losses. We can go back to the Inland Revenue and the CD that was lost, but that was lost and never found by anyone as far as I am aware, and it was an individual’s, not necessarily Government’s, fault. To be honest, I don’t know why it is relatively low.

Clive Richardson: I am not sure that people necessarily trust any other institution more or less than the Government.

Q63Stephen Mosley: Banking was 34% and shopping was 30%.

Clive Richardson: Ipsos did a poll about it, which I am looking at here, "How much do you trust supermarkets and online retailers to collect and use data about you?"-and also the Government. 40% don’t trust supermarkets very much, and 41% don’t trust Government very much. It may be a general suspicion of institutions holding personal data rather than Government being any better or worse than anything else.

Q64Stephen Mosley: The Government have the target of getting 80% of universal credit claimants online. Do you think that is a realistic target?

Clive Richardson: I know that DWP has the target of 80% for online applications for jobseeker’s allowance by next year. They recently ran some trailblazers to understand what has the biggest impact on increasing take-up of the online service. They had three different models. The one that had the most success was where the adviser helps and supports the claimant to use the online channel. Of the other two, one added delay in to the phone. It took either five or 10 minutes longer on the phone. You hear a message saying it is quicker and easier to do it online. The third one slips my mind, but personal support had the biggest impact. It does look like it is on the up, but they have got quite a long way to go before they hit the 80% target. As digital technologies come in, there will be other ways for people to access their benefits that do not rely on them having to do it at home for themselves. It is quite a journey and an ambitious target, but it is moving in the right direction.

Tony Neate: It is a time thing. Here and now, it is quite a big "ask". If we were having this conversation in 50 years’ time, there will be nobody who isn’t online. It will be done from your mobile or from your watch; it will be automatic. It is a bit like the two-year-old who swipes a finger across a book. 80% is potentially achievable because I think they will put small blocks in the way of doing it any other way. If people think they can get their money easier and quicker by doing it one way, they will get involved in it. I am quite pleased. My daughter is in a very deprived school where the vast majority of the children throughout the school have computers at home, and the ones who don‘t have mobile phones. The thing that may or may not be alarming is that, out of a class of 17 three to four-year-olds, three have mobile phones that are internet-connected. Those children cannot read. We are going that way and, given time, it will happen. Whether it happens in the time scale you and we would like it to happen is debatable.

Q65Stephen Mosley: In the previous question you did encroach on ID assurance and the fact that the Government are looking to have a number of suppliers. You pretty much answered it in the last question. Do you think that having a variety of suppliers will increase people’s level of trust and assurance?

Tony Neate: You can then pick and choose your trust. Government can monitor those organisations. The Post Office is one of the trusted organisations. You need to have a trusted organisation on a high street. A number of retailers are trusted. One of the areas that we are looking at is the ability to go to a variety of places. Maybe there should also be the alternative to go directly to the Government and they should be the ninth supplier, so you can do both. As we have discussed, 30% to 35% is the level of trust across all. You could add the Government to the end of it. The Government can say, "You’re not doing it right and you’re off, and a new guy is on," and it keeps up their mettle in relation to it. There is profit but also accountability.

Clive Richardson: I am not an expert on the ID assurance framework. Of the people who are offline and not internet users, 80% of them are not interested in accessing Government services, and only 3% are offline because they have concerns over security and privacy. I am not sure whether the ID assurance framework is going to be a benefit to the offline population at all. They will be equally suspicious, or not suspicious, of any of the providers or Government.

Q66David Morris: Has Government engagement with Get Safe Online improved since the publication of our malware and cyber crime report?

Tony Neate: Yes. We are working very well. It is probably not at the level I would like it to be. One thing that I do not think they embrace with Get Safe Online is that we are part of their process and protocol in what we do, and there are still numerous Government websites that do not link to Get Safe Online. There are lots of things that happen within Government in which we are not involved and we could be. We are talking about people going online. Nobody has come to us and said, "What can Get Safe Online do to enhance our security provisions in relation to what that is?" We are still looking for funding. We have had funding from Government every single day since we started, which is very well accepted. We are a public-private partnership. That was very good last year. We are still looking at what is going to happen this year in relation to that, especially the fact that potentially there is going to be a new digital campaign. We hope we are going to be very much part of that, but it is still a funding issue. The Government could use us a lot more to do some of the things they are looking to do, but one of the problems is that it is departmentalised.

Q67David Morris: How many people use your websites at this moment?

Tony Neate: It fluctuates. It is going up all the time, but roughly 60,000 to 70,000 people come to the website. We don’t think that is enough.

Q68Chair: Is that a daily figure?

Tony Neate: That is a monthly figure. Don’t I wish? That is what we are trying to do. Everything we do is trying to push people to come to the website. We are broadening out into all areas. We have just taken on the Charity Commission’s work in relation to what they are doing. We link in with everybody we can. We want people to be part of it. We want it to be a one-stop shop so people know where to go, and we try to push that. As you have probably gathered, I am passionate about the internet and people being secure on the internet. We can provide more education, let people know we are there and give good, solid, independent advice that tries to cover all areas and age groups, which is a very difficult thing to do. I think an awful lot more can be done.

Q69David Morris: Following on from that, has the public profile of Get Safe Online improved, and if so, where do you think you have made an impact?

Tony Neate: We have made a big difference in social media. I was not being rude at the back when I was on my mobile phone. I was tweeting where I was and what we were talking about. That has made a big impact. Just looking at the figures of people who come to a website is not a good record of what we are doing. People may pick up a short piece of advice because I have given an interview to The Times. I was on "BBC Breakfast" and "You and Yours" at the beginning of the week. If they do something as a result of that, that is a good thing.

We are getting more and more opportunities with the media. That is a big driver. The media will pick up the phone most days and come to us about any online issue, even those that do not really relate to us. On one of the partnership programmes the Government put up, I got a phone call from Russian radio to ask me about the process. It was very much an industrial matter, but they saw us as being there. We are increasing the number of media, people going online and social media, but we can do more. I would love to say we are going to do some above-the-line advertising through television and magazines. It is not possible with the funding we get. It is important, but we will do it in any other way we possibly can.

Chair: Gentlemen, thank you very much for your attendance this morning. It has been very helpful.

Prepared 12th June 2013