Interview: Lord Erroll

News by Richard Thurston

The outspoken Lord Erroll is the voice of the House of Lords on internet security. Keen to keep the Government on its toes, he is quick to criticise the efforts of the Commons to keep the nation's data secure, as he tells SC Magazine.

For a Parliamentarian, the outspoken Lord Erroll boasts an amazing amount of hands-on experience of technology, having worked as an IT consultant for several years in the City of London and as a programmer and system designer. Retaining that interest in the House of Lords, Lord Erroll is now closely involved with the Parliamentary IT Committee, EURIM and the Lords' Science and Technology Committee, the latter for which he is the spokesperson on internet security.

Rarely shy to criticise Government plans, Lord Erroll has grave concerns about our information society, particularly plans to assemble phone and internet records and ID card information in huge central databases.

In an interview with SC Magazine, he shares his concerns about data security and insists the Government should lighten up on regulation.

Q: The Government has revealed plans to record details of all UK citizens' phone calls and internet usage in one central database. Are you supportive of these plans?

A: In some ways, it doesn't worry me, but it does worry me that it will be all in one place. The proposal is for the Home office to hold it. It'll make it more convenient [for the Government to access information]. In a rush to find [details of] conversations under pressure, the various enforcement agencies will do what they can. While the data is with separate ISPs, they have to make a proper approach. With one big database, they can just trawl it.

Q: The suggested law which will create this central database is just one of many governing data protection. Are you in favour of all this legislation?

A: I'm very much a light-touch person. I don't think laws and regulations work. The problem with Labour is they are using legislation for PR. We're passing lots of stuff, but there's no way of enforcing it all. We live in a complex system - it's part of chaos theory - so we can't control it using rules. The more rules there are, the easier it is for the bad guy to screw you rigid.

Q: One of the Government's latest moves is to announce the creation of a dedicated unit to tackle e-crime, though the Home Office has sought to downplay the issue.

A: I'm behind the national e-crime centre. After our report [the House of Lords Science and Technology Committee Report into personal internet security, released last July], we suggested putting money into a national e-crime unit. It will be the start of what we need. It will tackle the stuff SOCA [Serious Organised Crime Agency] can't deal with. If you are a business and [currently] someone is attacking you, what can you do if there is no policeman to do something about it? That's what the e-crime unit will do: you'll have somewhere to report it and there will be someone to arrest someone. But it seems the obsession is with analysis and intelligence without having any teeth in order to discourage criminals.

Q: With the prolonged attacks in Estonia last year, should businesses in the UK be concerned about such a concerted effort happening to them?

A: If you look at Estonia, it wasn't just government organisations that they [the hackers] were trying to take down. You need to find out if there is a risk of it happening to you.

Q: Do you think that we are well protected against e-terrorism like this?

A: I hope so. We in general have very good security systems in place. But I don't think we should go down the route of Fortress America. They are so frightened by it. They are over-reacting.

Q: Should we be frightened?

A: Frightened or worried? If we are frightened by everything, we'll never do anything. You have to balance the risk of someone else getting the information against not getting it if you need it. If you are about to die, you probably want the hospital to have access to your medical information.

Q: No-one can have failed to notice the abundance of news stories of all the dozens of data losses over the last year, many by the Government. Because of all these incidents, there have been repeated calls for a data breach notification law.

A: We will get it. We have no idea how big the situation is. Governments are reporting everything that is going wrong, but corporates aren't. The point of the law is to find out how big the problem is. Should there be individual liability for data losses? There's definitely an appetite for that.

Q: One of the other big stories in the media for some time has been the costly plans to introduce ID cards. Do you have privacy concerns about ID cards?

A: I have no problem with having one card. The ID card problem is bringing everything into one place. The reason it's [currently] so difficult to steal someone's identity is we have information in 20 different places. The audit trail is my problem with it. Every time you are stopped by a policeman or open a bank account, all that is logged on a central database. The ability to track my behaviour I'm worried about.

Q: Finally, you have said you will produce a follow-up to last year's personal internet security report. Will that still happen?

A: Yes. It will be a short thing. We're doing follow-ups to report [why] the Government has not reacted to it properly.

Q: Yes, you've said you weren't happy with the Government's initial response to your report and I understand you largely feel they have ignored your findings. Has their attitude changed?

A: Yes, they are taking things a bit more seriously.

Biography - Lord Erroll

Lord Erroll, 60, is a cross-bench member of the House of Lords and takes pride in "voting against stupid Government ideas whoever is in power". Born, Merlin Sereld Victor Gilbert Hay, he is the 24th Earl of Erroll, chief of the Scottish clan Hay and also Lord High Constable of Scotland.

Before taking up his seat in the Upper House, Lord Erroll served for 15 years in the Territorial Army as well as holding several technical roles as an IT consultant, programmer and system designer.

He is now active in many parliamentary committees, including PITCOM (Parliamentary IT Committee), EURIM (European Information Society Group) and E-RA, the E-business Regulatory Alliance.

Lord Erroll was also one of the leaders in the creation of the personal internet security report released last July by the House of Lords' Select Committee on Science and Technology, and is its foremost spokesperson.

In his spare time, Lord Erroll promotes Scotch whisky and writes for a blog about wine which he founded called the Secret Sommelier.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events