Monday 29 December 2014

Emergency messages: delivered in a decade

Precisely a decade ago, just as staff at the mobile telecoms were getting ready to vacate their offices for the New Years holidays, a request was delivered from the Foreign and Commonwealth Office. I was one of those who received the request.

An earthquake off the coast of Sumatra had, a few days earlier, sent a tutsamni surging across the Indian Ocean, killing more than a quarter of a million people, and rendering hundreds of thousands homeless. It caused horrific devastation across more than a dozen countries.

British Airways had very generously laid on a plane to evacuate British citizens, free of charge, from one of the hardest hit areas. But how could the Brits be advised that this flight had been arranged and was due to depart in the next 18 hours? Could the major mobile providers send a text message to its customers who were likely to be in that area? And could they send the text message as quickly as possible – preferably within a few hours, to give victims sufficient time to catch the flight?

Yes they could. And yes, they did. (Or at least, yes, they certainly tried to send the messages). No mobile operator declined on the grounds that the sending of such messages was unlawful, as they weren’t permitted by the Privacy and Electronic Communications (EC Directive) Regulations 2003, which placed restrictions on the ways that traffic data could be used to send messages to users.

Bugger the legal restrictions. What was more important was offering practical assistance to people who were victims of a regional calamity.

Shortly afterwards, and bearing in mind the practical lessons which were learnt from that incident, the FCO embarked on a series of discussions with the mobile operators about creating a more formal process for sending emergency messages to customers.

The FCO-sponsored discussions continued at what can only be described as a glacial pace. Eventually, the issue was handed to the Cabinet Office.

A couple of weeks ago, the Cabinet Office was finally able to announce the result of these discussions.  After a decade of deliberations, a consultation document has been published, proposing minor tweaks to the Privacy and Electronic Communications (EC Directive) Regulations 2003, to set up a more robust public alert system.

The deadline for commenting on the proposals is 26th January.

I don’t expect that many people will bother responding to this consultation exercise. If I were to respond, I would ask why it has taken a decade for this matter to be addressed. When an issue like this emerges, it should not take the relevant stakeholders -including the public officials - so long to react. After all, when issues relating to the retention of communications data arose earlier this year, threatening the destruction of records that were potentially of considerable value to the law enforcement and intelligence community, emergency legislation was rushed through Parliament in days. 

The third sentence of the consultation document’s Executive Summary is misleading. It is not fair to state that “in 2010 the Government committed to evaluate options for an improved public alert system in the UK” if readers are left with the impression that credit for the proposal should rest with the Coalition Government. This is just PR spin. It would have been much more accurate to state that since 2005, all Governments have dithered over how the system for sending alert messages to the public should be improved.

To use a more media-friendly phrase, they've dithered for a decade.

The main problem with initiatives like this is not in legitimizing them – but in executing them. Serious emergencies do not occur very frequently. So how will the Gold Commanders (the senior police figures who direct the emergency response teams) remember what process should be used to invoke the alert messages? How will the operational network management staff within the telecoms control rooms know that a genuine request is on its way? And how will the target recipients be sent the messages within the proposed 15 minutes? All this will require a lot of training, and regular exercising, to ensure that what ought to happen in theory actually does happen in practice.

Knowing how good the EE operational network management staff are at dealing with incidents, I’m pretty confident that my phone will receive an emergency message if I’m unfortunate enough to be in the affected area at the relevant time. Whether I’ll read it in good time is another matter.