Events in the US are top of mind, with President Trumps administration pushing against the diversity, equity and inclusion (DEI) agenda, particularly within government offices and departments. The main thrust of this appears to be from a legal perspective the danger of litigation if an individual claims to have been overlooked due to DEI targets as well as financial considerations, given that running DEI teams and initiatives creates costs that, in a strict sense, could be viewed as optional.But these arent the only headwinds against DEI. Nationalism remains on the rise a fifth of the electorate in Germany recently voted for the far-right party, for example and this is usually typified by embracing a single world view and the valuing of specific characteristics over others.For anyone who supports diversity and inclusion as a matter of principle, as I do, these are disconcerting developments.However, its important to remember that its not yet clear where all of this will land. On the DEI front, the US as influential as it is is only one country and doesnt automatically dictate what happens elsewhere. And while some US corporations, including major players in my own industry of tech, have indicated that they will revisit their approach to DEI, that doesnt mean they will abandon it altogether. It is worth noting the words of Apple CEO Tim Cook when he recently said: As the legal landscape around this issue evolves, we may need to make some changes to comply, but our north star of dignity and respect for everyone and our work to that end will never waver. He added that the company would continue to work on a culture of belonging where everyone can do their best work.I believe it will always be true that businesses need to be representative of the communities, customers and markets that they serve. For most organisations, those communities and markets are diverse. So there remains a clear business case for diversity inside the workforce too.Only time will tell how much difference there is in practice to hiring and promotion decisions as they happen in the daily workplace. My gut feeling is that the effect wont be to decimate diversity ratios although it may not actively help them either.So where does this leave us, and in particular around gender given the approach of International Womens Day? My message to women is simple: continue to believe in yourself. As women, we often spend a lot of time nurturing and caring for others, whether as mothers, carers, colleagues or friends. That should continue of course but now also feels like the time to invest more energy in nurturing yourself. Nurture your skills, your career and your aspirations. Believe in your abilities. Barriers are nothing new after all weve always faced them so dont get distracted by the judgements or biases of others and keep on forging your path. Maintain your networks, stay connected and lean into development opportunities. If you dont have a mentor, consider looking for one. If you are a mentor yourself, stay committed to that.There is a message here for men, too. They can be powerful allies and advocates in promoting gender equality and inclusion and that should continue. This is no time to step away from it. If youve been thinking about becoming an ally in a formal sense (perhaps through mentoring or supporting a network) then now is the time to do it. Think about the women, the daughters, in your life who matter to you and do something in support.While there are plenty of reasons to be concerned, fundamentally I believe that great people will always win through. Thats why women should continue to believe in themselves and keep setting their sights high. After all, most women I know dont put themselves forward for jobs or new responsibilities on the basis that theyre a woman they do it on the basis that theyre a great professional in their field.Perhaps we are moving towards an era that is more explicitly about meritocracy than equity. If that is the case, history is full of examples where capable women across the business landscape have broken through. Now is the time for us to not just celebrate these achievements but use them to fuel our own ambitions. Happy IWD!

Britains National Cyber Security Centre (NCSC) has secretly censored detailed public computer security guidance provided to barristers, solicitors and legal firms without explanation or announcement.The guidance, a web page and a seven-page PDF report called Cyber Security Tips for barristers, solicitors, and legal professionals, was removed from the Centres public website two weeks ago on 24 February.NCSC refused to respond to questions from CW asking if they knew that the deleted web page and booklet had automatically been archived by The National Archives, multiple times, and so were all still online.On the NCSC website, requests for the legal advice web page are now redirected to an incorrect page on the same site. The deleted booklet link returns a 404 http not found error page stating sorry - the page you're looking for isn't here. Embarrassingly for NCSC, the not found error page then suggests that The National Archive might have archived versions of the removed file. It does.Cyber criminals are not fussy about who they attack, the censored NCSC booklet had warned, which means law practices of all sizes are at risk. The booklet lists 37 steps lawyers and legal firms should take to help them to reduce the likelihood of becoming victims of a cyber-attack.The booklet was published on 11 October 2024, following a special 2023 NSCS Cyber Threat report for the UK legal sector. The Cyber Threat report, published with the assistance of the Bar Council, noted that by 2020 three quarters of UK legal firms had reported cyber-attacks.According to the Bar Council, barristers in England and Wales face threats, harassment, and intimidation at the hands of state and non-state actors from around the world. The Bar Council is concerned by the rising reports from members who have faced different forms of attack and threats because of their international legal work.Targeted attacks reported to the Bar Council have included physical as well as cyber surveillance, cyber harassment including threatening or impersonating emails, repeated and sustained hacking attempts, death threats and rape threats, threats to family members via email or social media, and 'privilege phishing' which attempts to seek to persuade those who are targeted to divulge sensitive information.These threats are not just an attack on the legal profession, they also have a chilling effect on access to justice and the rule of law, it said.NCSCs advice to lawyers was removed one month after these grave warnings from the Bar Councils and on the weekend after Apple had indicated it would refuse to comply with a UK Home Office Technical Capability Notice (TCN) requiring it to disable its high security end-to-end encrypted Advance Data Protection (ADP) system used on iCloud. The ADP system causes the encryption keys for users iCloud files to be stored only on devices, so improving security for legal data from outside attackers.This looks like clumsy Home Office political censorship, according to cybersecurity expert Dr Ian Brown. This kind of politicisation by GCHQ [which runs NCSC] is a hazard to security, because of the risk of subordinating protective security to surveillance, he said. Brown and other security experts warned when NCSC was set up it should be run separately from GCHQ to avoid conflict and embarrassment.Cambridge University Professor of Communications Systems John Crowcroft, commenting on the move against Apple, said The UK now is in a weaker state of protection. The attraction to the bad guys is increased here massively above other countriesOur government has painted a target on us, and explicitly on all the us that are not engaged in anything other than everyday commerce and discourse. The UK weakened position now recommended by NCSC now fails to refer to the critical need for end-to-end encryption, except for one isolated and obscure document. The incorrect page that lawyers are now linked to does not refer to encryption at all.In contrast, and in the face of an onslaught of suspected Chinese led attacks against multiple high-value targets, the US equivalent cyber defence agency, CISA, has recently stipulated that highly targeted individuals [should] immediately review and apply the best practices provided including consistent use of end-to-end encryption.Highly targeted individuals should assume that all communications between mobile devicesincluding government and personal devicesand internet services are at risk of interception or manipulation, CISAs advice states.NCSC refused this week to answer any questions from CW and referred enquiries to the Home Office, who also refuse to respond. The still unanswered questions included who ordered the takedown, why, and why partner legal organisations were not notified or consulted in advance of the tampering. NCSC also refused to say whether it would now seek to have government archive copies erased and consigned to a memory hole - a reference to technique adopted by the Ministry of Truth in Orwells 1984; or whether they would put the censored pages back.Until the secret takedown, the NCSC booklet included the instruction to lawyers to turn on encryption. It advised, Turn on the free encryption products included with your Windows or Apple devices, so cyber attackers cant access your sensitive data if your device is lost or stolen. Make sure encryption is enabled on your mobile device (this is done automatically on modern Android/Apple devices).For iOS devices, users were told to enable Advanced Data Protection for iCloud. This advice had become impossible for UK users because of Apples reaction to the Home Office notice. All the other cybersecurity guidance in the booklet remained validThe escalating row between Apple and the Home Office has also flushed out more serious concerns about the use of far-reaching powers to impose controls on telecommunications companies, by issuing National Security Notices. The vague terms of National Security Notices require telecommunications operators to take specific steps that the Secretary of State considers necessary in the interests of national security. Parliament was led to believe that this power applied only to technical facilities such as interception arrangements. Multiple industry sources say that since 2016, NSNs have been used to require telecommunications company boards, including Apple, to delegate Board authority to secret Home Office controlled and selected internal National Security Committees, all of whose members and staff, and any lawyers they hire, must be approved for Developed Vetting (DV) checks. The arrangement means that companies may be ordered to implement security breaches that directors and engineering staff do now know about.Notoriously, after the 2016 Investigatory Powers Act came into effect, the Home Office and intelligence agencies used the Developed Vetting Process to block the newly appointed Investigatory Powers Commissioner, Lord Justice Adrian Fulford, from appointing the Commissions chosen Head of Investigations, lecturer in surveillance law Eric Kind. Although initially approved by a Vetting Offices, Kind was told that DV security clearance had been rejected after the intervention of the Security Service, MI5.As reported earlier, Apple has now appealed against the ADP instruction to the Investigatory Powers Tribunal. All eleven members of the IPT are senior barristers who have serves as Judges. After checking, the Bar Council told Computer Weekly that it was not notified of the takedown of this document by the NCSC. We will contact the NCSC and make enquiries about the status of the document and its removal. A Bar Counsel Spokesperson added that the Council would consider linking to a National Archive copy of the removed page and document after speaking to our IT panel and raising it with the NCSC.Read more about the Home Offices battle with AppleApple IPT appeal against backdoor encryption order is test case for bigger targetsUS intelligence chief Tulsi Gabbard probes UK demand for Apples encrypted dataApple withdraws encrypted iCloud storage from UK after government demands back door accessTop cryptography experts join calls for UK to drop plans to snoop on Apples encrypted dataUK accused of political foreign cyber attack on US after serving secret snooping order on AppleApple: British techies to advise on devastating UK global crypto power grabTech companies brace after UK demands back door access to Apple cloud

charles taylor - stock.adobe.comNewsEuropean cloud providers unite over data sovereignty-focused APIThree of the continents cloud providers have joined forces to create an API that will make it easier for users to move apps, data and workloads from one European providers platform to anotherByCaroline Donnelly,Senior Editor, UKPublished: 06 Mar 2025 15:50 European cloud providers are being urged to adopt a newly created open source infrastructure management application programming interface (API) designed to make it easier for customers to move workloads and applications between competing off-premise platforms.The Sovereign Europe Cloud API (SECA) is freely available to all European cloud providers to adopt and contribute to the development of, and has been co-created by suppliers Aruba S.p.A, Ionos and Dynamo.The offering is being touted by its creators as a tool to enhance interoperability so that users can run workloads and applications in the European cloud environments of their choice.It also ensures seamless access to the respective platforms, while upholding the highest levels of security, control, and data sovereignty in full compliance with stringent European standards, said its creators, in a statement. At the same time, this will enable enterprises to leverage integrated solutions that drive greater efficiency and innovation, all while ensuring full compliance with European regulations.Web hosting companies Aruba and Ionos have committed to becoming the first two European cloud service providers to roll out the SECA API to their customers.Achim Weiss, CEO of Ionos, said the API will ensure its customers, which are predominantly SMEs, will have the digital independence they need to thrive during the era of artificial intelligence (AI).AI and cloud are transforming the global economy, and Europe cannot afford to be left behind, Weiss said. Europe needs a strong, sovereign digital ecosystem. SECA is a critical step in building a secure, independent and future-proof digital infrastructure one that keeps Europe strong, competitive and in control.Stefano Cecconi, CEO of Aruba S.p.A, added: The creation of these common APIs with Aruba and IONOS as first movers marks a pivotal and voluntary step for the European cloud industry towards enhanced interoperability, strengthening the continents cloud services ecosystem.The third participant in the creation of SECA is Dynamo, which is a company that offers an all-in-one platform that brings together multiple cloud service providers from across Europe, and has committed to offering connectors based on SECA to automate the provisioning process for all compatible providers joining its network.Dynamo CEO Francesco Bonfiglio, said the offering of sovereign APIs such as SECA represent the offering of a a strong handshake of trust between customers and providers.The timing of the APIs creation is notable, as matters of data sovereignty are increasingly top of mind for European cloud providers and their customers, as concerns about entrusting all of their data and workloads to US tech giants, such as Amazon Web Services (AWS) and Microsoft, rise.In recent weeks, this movement has seen the Cloud Infrastructure Services Providers in Europe (CISPE) trade body announce a shake-up of its governance structure, with greater emphasis on championing the interests of the continents homegrown cloud services providers.The organisation announced an update to its articles of association on 13 February 2025 that means only European cloud providers are permitted to hold board positions at CISPE. The rule change resulted in US cloud giant Amazon Web Services (AWS) stepping down as a board member, meaning it now has no sway over the organisations governance or direction, because only board members have the right to vote on such matters at CISPE.At the start of 2025, details of the EuroStack initiative also emerged, which is geared towards creating an open, interoperable and sovereign digital infrastructure for Europe, which will incidentally be supported by the SECA API and Dynamo.According to its creators, EuroStack will provide the building blocks for Europe to build its own cloud ecosystem, independent of external control, and that will underpin a competitive, sustainable and democratic digital economy.Read more about data sovereigntyWe assess the impact of new regulations and government policy on the ability to use public cloud services.Documents show Microsofts lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueCan the government's new digital broom sweep the civil service clean of its resistance to change? Computer Weekly Editors BlogSLM series - Iterate.ai : Strategic sweet spots for sustainable savviness CW Developer NetworkView All Blogs

Birmingham City Councils Oracle system woes have continued into 2025, with concerns being raised in Mondays meeting of the council to set the annual budget, highlighting accounting problems. These cannot be fixed until reimplementation of the enterprise resource planning (ERP) system is operational.One councillor said: When you look into the budget book, you find that there is a deficit in the budget of 380m over the next three years, but what really concerns me is the effect of Oracle and that we have a deficit of 141m of uncollected business rates that is equivalent to a 30% increase in council tax.During the latest Birmingham audit committee meeting, which took place the following day, on 5 March, councillors raised serious questions over why the decision to go live with the Oracle system was taken, despite many areas of the project being incomplete.There was an optimism bias, said Grant Thornton auditor, Mark Stocks.Reflecting the findings of the Grant Thornton value-for-money report in relation to the implementation of the ERP system, which was published at the end of February, Stocks, who led the team of two external auditors present, said: Nobody took ownership.Stocks went on to describe how the council had lost corporate knowledge of the reimplementation of the Oracle ERP system after its finance officer Fiona Greenway left. Significantly, the suppliers all told the council to go live.The information was there to stop this, but all the suppliers said go live. The system wasnt ready when it went live, he added.As Computer Weekly previously reported, since the implementation of an Oracle ERP system to replace SAP in April 2022, the council has faced significant issues with the processes and interfaces, as well as the systems ability to produce reports.Rather than adapting its internal business processes to align with the way the new system worked, Birmingham embarked on an ERP programme involving adapting the Oracle system, which resulted in an incomplete implementation at the time the system was meant to go live.Regarding the decision to proceed with going live with Oracle, the auditor said that council officers did not have a thorough understanding of the risks they were taking. The advice from the suppliers was caveated and these caveats, according to the auditor, should have been looked at. The areas of concern included the bank reconciliation system (BRS) and general ledger in testing.Theres correspondence from officers saying they were struggling with the BRS system, the accounts receivable and some aspects of the general ledger were reported as untestable. Concerns were expressed over past customisations; accounts payable and accounts receivable customisations were not switched on and the programme was still receiving change requests, he said.Commenting on the Grant Thornton report, councillor Richard Parkins said: This report is probably the worst one Ive seen. Of all the reports across my desk, this really is a case study in how not to implement an IT system. The go-live decision is an astonishing one when you look at where we were and how many people sat around the table.When questioned on whether the system had been adequately tested before the go-live date, auditor Thomas Foster from Grant Thornton, said: Testing was completed in many areas. Payroll had been highlighted as a key area, but the problem was that the testing wasnt complete and there were key areas that hadnt been tested and they, perhaps, were lower down the list of risk highlighted items and therefore didnt get the focus that they deserved at that time.The commissioners review of the audit committee report published on 5 March stated that the council is running a business change programme underpinned by technology, which requires people to be trained and upskilled in how to use the new ERP software.The council must not deviate from adopting the best practice processes offered by the software, it must focus on completing the system design and obtaining full executive commitment, the review document stated.The commissioners also said they remain concerned about the inherited quality of data that was loaded into the 2022 implementation and the current poor-quality data held in the current system.Even if the council delivers a well-designed system and equips users with the training required to use it, if the quality of the data migrated to the new system is of poor quality (missing, inaccurate, duplicated), the system will again fail to operate and deliver the benefits the council needs, the commissioners warn in the review document. They urged the council to address data quality ahead of the implementation.At the previous audit committee meeting on 29 January, councillor Paul Tilsey asked if the culture of the council is changing around areas such as the ERP project: Do you think that there are adequate independent ways of reporting on progress of these to make sure that we are on track?The need to change the culture at the council is among the key recommendations Grant Thornton highlighted in its report.Stocks, who was the auditor at the 29 January meeting, acknowledged Tilseys concerns that the ERP may not be fixed in a short time. The earliest I think is April 26, he said. Until I see everything aligned, I am worried. Until you have an operating financial system, this is always going to be difficult.Read more stories about the Birmingham City Council ERP projectBirmingham City Councils Oracle implementation explained What went wrong: The council swapped out a heavily customised SAP ERP system for Oracle Cloud, but since it went live, it has had numerous technical challenges.Birmingham looks into reimplementing troubled Oracle ERP: City council audit committee meeting shows Birmingham City Council plans to follow Oracle best practices.

In 2024, the Norwegian government set out a national digitisation strategy with the aim of making the country the most digitised in the world by 2030.This intent is nothing new and has both ignited, and been ignited by, a tech startup ecosystem that has taken Norway away from its industrial and maritime roots and into a new era of innovation. Chief among the countrys startup impact has been a globally significant fightback against financial crime.Fintech as an all-encompassing term has proved to be something of a double-edged sword. Greater accessibility and democratisation of finance, more seamless financial management for the general public and whole new industries such as blockchain point to progress. In opposition lies a new catalogue of opportunities for criminals to commit fraud, attack personal and business finances, and to obtain sensitive data.Finding solutions to these problems, fighting tech with tech, was always likely to be a lucrative pursuit, and three Norwegian-born companies are finding just that.One cyber security company, Promon, is a driving force behind the global cyber security agenda, with more than three decades of influence. Promon, known as the godfather of app-shielding, has more than two billion users globally, and protects more than $2.5trn in market capitalisation.Norways forward-thinking approach has created fertile ground for a thriving tech ecosystem, with startups across sectors like fintech, cyber security and AI all flourishing, says Promon founder, Tom Lysemose. Widespread digital infrastructure, a tech-savvy population and government support for innovation foster an environment where Norwegian startups can rapidly prototype, scale and connect with global markets.Lysemose notes that cyber crime in general continues to escalate globally, fuelled by the rise in digital transactions, making banking apps prime targets. Malware, phishing and ransomware remain the most common forms of attacks, with Promon uncovering several sophisticated strains of these vectors in recent years. One, he notes, defrauded just one victim out of $280,000, adding: It highlights the urgent need for robust, proactive security solutions.Promons journey manifested from Lysemoses Masters thesis and doctoral work, realising the vulnerability of applications while networks, devices and operating systems were getting so much attention.It seemed natural that the only way to protect an application is to understand how the application should behave, he says. This way, you can detect when someone tries to make the application do something it should not.These core ideas were present in the very first Promon product, and today they are also some of the core tenets of the entire industry known either as Runtime Application Self-Protection (RASP), app shielding, or in-app protection.Lysemose recalls: We had two disruptive ideas. The first was that the application needed to have security embedded directly in it to proactively prevent attacks. The second was that the security tools needed to understand the intended behaviour of applications and when an attacker might try to change that behaviour.Many other companies emphasise threat detection, but thats like identifying a criminal after theyve already entered your house. Helpful, but youd rather prevent them from getting in at all.The result of this ethos and service, still ongoing, is a two billion user portfolio across the world, all the while still being headquartered in Oslo.Weve seen some amazing cases in e-commerce and banking, especially. In many of the cases weve seen, the fraud entirely ends, full stop. Adding app shielding isnt about reducing or minimising, but stopping malicious activity from happening entirely.Being proactive is also the name of the game for Strise, a company founded in 2016 by Marit Rdevand, Patrick Skjennum and Sigve Srsen while they were studying together in Oslo.What started as a university project, has since grown into a leading innovator in anti-money laundering (AML) technology, after noticing that traditional AML compliance methods often struggle with fragmented customer data and manual processes both leading to potential vulnerabilities.Strise developed software that unifies disparate data sources and automates compliance workflows, empowering institutions to proactively detect and prevent financial crimes, Rdevand says. This approach not only enhances security but also reduces operational costs and ensures adherence to complex regulatory AML landscapes.Initially, Strise focused on creating a platform that organised vast amounts of public and external data into customer-centric workflows, supporting AML, know your customer (KYC) and know your business (KYB) processes.Over time, we integrated advanced AI models and expanded our data sources to enhance the platforms capabilities, Rdevand adds. Our geographic footprint has grown from serving Nordic clients to partnering with international clients, and since first launching commercially in 2020, we are now leading the AML automation revolution.Strise is already planning to enhance the AML Automation Cloud to cover a broader spectrum of crimes in the future. One of its core areas, KYC, is a focus shared by Convier, a Norwegian tech startup that enables financial institutions to identify and report on customer risk regardless of where data is stored.Only founded in 2022, the company is not as far along in its journey, but like all ambitious Norwegian startups is already targeting international traction very soon.CEO, Andreas Engstrand co-founded Convier after having a very similar realisation to Strises founders. He recalls: I had noticed in my former role as head of financial crime at KPMG Norway that customer data in a bank was often fragmented, scattered across multiple systems, and was difficult to access, which meant that customer due diligence took hours to perform.Vitally, it also meant that they didnt see the full customer risk picture. We started building a platform that would unify banking data.A key issue that many financial institutions around the world have is a pressure to keep up with the rapidly changing landscape and associated technologies. This often equates to a race to comply, forgetting that there is an extremely important security and business purpose behind safeguarding data.Regulated entities spend up to $280bn a year to comply with regulations, says Engstrand. But the focus needed to shift away from just avoiding penalties, to directly addressing underlying criminal activities and vulnerabilities.We built our platform to run within the banks infrastructure without its own data store. This meant that instead of the bank spending months or even years trying to clean up its data, our platform would do that job for them so they could start identifying risk immediately.Not building a SaaS from the start was something completely different to what others were doing, but it has been a real accelerator for us because it enables us to deliver value from day one.Engstrand sees a clear correlation between Conviers own positive experience in Norway, the global success of companies such as Strise and Promon, and the role of Oslo as a hub for all three.Its such a good place to start building and testing technology because a lot of the data you need is openly available. It enables any startup to demonstrate quite early on what you can do with the technology you build, he summarises.While the citys impact on global finance and on the financial crime landscape now seems inevitable, it wasnt so long ago that oil and maritime occupied the minds of the citys innovators.Now, these three examples among many more serve as role models and mentors for the entire tech ecosystem, often sharing their insights with academic institutions and at industry events. Oslo is set to remain a thorn in financial crimes side for many years to come.Rdevand concludes: Oslo has rapidly transformed into a hub for digital innovation, fostering a vibrant tech startup scene characterised by collaboration and a forward-thinking mindset. The citys emphasis on education, coupled with government support for technology initiatives, has cultivated a talent pool adept in digital solutions.While Norways economy has traditionally been rooted in industries like maritime and oil, there has been a strategic shift towards technology and finance. This transition has opened avenues for startups to develop solutions addressing financial sector challenges that are being felt all over the world.Read more about Nordic tech innovationNordic innovators look to revive the zombie subscriber population.Virtual wards to digital feedback: the Nordic approach to post-pandemic healthcare.Channelling Nordic startup innovation towards global survival.

alexskopje - stock.adobe.comNewsCFIT publishes blueprint for digital company business IDsPlan to increase the use of digital identities by businesses could add billions of pounds to UK economy through compliance savings and reduced fraudByKarl Flinders,Chief reporter and senior editor EMEAPublished: 06 Mar 2025 8:00 The government-backed Centre for Finance, Innovation and technology (CFIT) has outlined its plan to fight economic crime through digital business IDs.Digital IDs for business will improve business efficiency, security and trust, according to the CFIT, which was launched in February 2023 with 5.5m funding in response to a report into UK fintechcarried out by WorldPay chairman Ron Kalifa in 2021.The organisation has published its blueprint for the plans it first announced in December. At the time, chancellor Rachel Reeves said she would consider any findings that emerge from CFITs work.The business IDs will consolidate information about companies in one trusted place, easing the process of accessing finance for them and streamlining compliance costs.CFIT said they will reduce regulatory and administrative burdens for businesses, particularly SMEs, and financial institutions could see compliance costs reduce by 1.7bn a year. It said the IDs, which it likens to digital passports for businesses, will also help reduce the annual 6.8bn cost of fraud.Fraud, it said, will be reduced directly through unified and secure data sharing that will disrupt fraud networks and close exploitable gaps and indirectly by enabling financial institutions to redeploy compliance savings into strengthening anti-fraud efforts.Emma Reynolds MP, economic secretary at HM Treasury, said: The UKs leading financial services sector is key to driving growth and putting money in peoples pockets through the Plan for Change. CFITs work in countering fraud demonstrates the UKs position as an innovator within the global financial ecosystem. I look forward to considering the coalitions findings as part of our range of work to grow the sector.Charlotte Crosswell, chair at the CFIT, said the organisation has brought together some of the brightest industry minds to work together and find solutions to reduce the fast-rising, multi-billion-pound annual cost of fraud to the economy.Access to verified, authenticated and centralised data sharing through Digital Company ID would help to dismantle systemic barriers, close the loopholes exploited by fraudsters, reduce compliance costs for banks and transform the business landscape in the UK, she added.Elyn Corfield, Lloyds Bank CEO for business and commercial banking, said: The coalition has proven that digitising how banks undertake know your customer obligations will help to make compliance checks more user-friendly for small businesses and support the UKs fight against financial crime.Jordan Shwide, general manager at Monzo Business, added: Driving innovation and supporting initiatives that make life easier for SMEs is in our DNA so were incredibly excited to be at the forefront of delivering a Digital Company ID solution. This will enable quicker access to financial services for legitimate businesses and ensure that key business information lives in one place. This will also make it harder for fraudsters to set up fake companies and ultimately help to prevent people falling victim to fraud.The CFIT blueprint makes seven recommendations:Develop a prototype for digital company ID: The CFIT, in collaboration with industry, should launch and test a fully functional Digital Company ID prototype, preferably with the support of FCA Innovation services.Enable reciprocal and secure data sharing: The government should consider mandating all relevant organisations across the ecosystem to share data on economic crime, via Digital Company ID.Appoint a lead authority: To address market coordination failures, the government should consider appointing a responsible body to oversee implementation and governance.Promote standards for interoperability: CFIT should work with industry to establish standards that ensure interoperability, accountability and secure adoption of Digital Company ID.Create a multi-stakeholder taskforce: Establish a taskforce to identify, prioritise and develop high-value use cases for Digital Company ID within financial services.Review the regulatory framework: Policymakers, working closely with industry, must review the regulatory framework for Digital Company ID ensuring it is fit for purpose.Drive market confidence through government adoption: Government departments should lead by example, adopting Digital Company ID for critical interactions such as procurement, tax filings and confirmation statement submissions.Read more about CFITIn The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - Iterate.ai : Strategic sweet spots for sustainable savviness CW Developer NetworkRelaunching Neighbourhood Watch for the Internet Age When IT Meets PoliticsView All Blogs

iStockNewsBig bank systems crashed for over 800 hours in last two years due to IT outagesBank bosses forced to reveal extent of banking IT failures to MPs on the Treasury Select CommitteeByKarl Flinders,Chief reporter and senior editor EMEAPublished: 06 Mar 2025 8:07 Nine of the UKs biggest banks accumulated over 33 days of IT downtime over the last two years with millions of people affected.Data received from banks by MPs on the Treasury Committee revealed at least 158 banking IT failures between January 2023 and February 2025, equating to over 800 hours of service unavailability..Following the recent three-day outage experienced by Barclays Bank customers, which began on payday at the end of January, MPs demanded answers from bank CEOs.Chief executives at Barclays, Santander, NatWest, Danske Bank UK, Nationwide Building Society, Allied Irish Bank, HSBC, Bank of Ireland and Lloyds Banking Group were asked for information on the scale and impact of IT failures over the past two years.The data does not include the recent Barclays crash, but the bank did provide MPs with details of the effect of the outage. It revealed that during the three-day incident 56% of online payments failed due to severe degradation of mainframe processing performance, according to the Treasury Committee. Barclays said it will pay between 5m and 7.5m to customers as a result of the outage and in total Barclays could pay out up to 12.5m in compensation due to outages over the two years in scope.The banks told MPs that systems and internal software malfunctions were common reasons for the IT failures.Meg Hillier MP, chair of the Treasury Committee, said for families living pay cheque to pay cheque banking downtime is a terrifying experience.The fact there has been enough outages to fill a whole month within the last two years shows customers frustrations are completely valid. The reality is that this data shows even the most successful banks and building societies hit technical glitches. Whats critical is they react swiftly and ensure customers are kept informed throughout," she added.Last month, Hillier said the closure of high street branchesin favour of online banking means bank crashes hit customers harder. The rapidly declining number of high street bank branches makes the impact of IT outages even more painful; thats why Ive decided to write to some of our biggest banks and building societies.She thanked banks for their responses and was reassured they are taking action to minimise the impact of IT failures on customers.Barclays Bank reported the most incidents, 33, with Allied Irish Bank, HSBC and Santander next with 32 each. Nationwide Building Society reported 18 outages, NatWest 13 and Lloyds Bank 12. In single figures were Allied Irish bank (9), Danske (5), and Bank of Ireland (4).NatWest reported the most downtime at 194 hours, followed by HSBC with 176.Just last week a further payday outage hit banks including Lloyds Bank, Nationwide, TSB and Nationwide, according to outage monitoring organisation Downdetector.One senior banking IT professional said that if a number of banks experience problems at the same time, it points to a relating factor. If its lots of banks, it makes me think theres a common denominator, like theyre using a supplier or software thats shared by multiple banks, because it would be coincidental for several of them to go down on the same day, he said.Further pointing to a potential problem with external IT, the expert added that in his experience, banks try to avoid making IT changes at the end of the month. End of the month is normally a time banks avoid making changes. For example, financing departments inside the banks do not like the risk of chaos at an unprecedented end of the month because theyre doing month-end accounting and dont want technology problems.Read more about banking IT outagesIn The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - Iterate.ai : Strategic sweet spots for sustainable savviness CW Developer NetworkRelaunching Neighbourhood Watch for the Internet Age When IT Meets PoliticsView All Blogs

Apple has filed a legal appeal against a secret Home Office order to provide back door access to its users encrypted data in a case that will test the limits of how far the government can lawfully go to access the publics private messages and emails.The Home Offices pursuit of Apple is widely seen as a stalking horse for more significant targets, including WhatsApp, Signal and Proton Mail, which provide the public with encrypted messaging and email services.Apple has fought back against the Home Office by filing an appeal to the Investigatory Powers Tribunal to challenge the lawfulness of the Home Offices order which requires it to provide UK law enforcement and intelligence services with access to encrypted files stored by Apple users on its iCloud service.The Home Office appears to have chosen Apple as a test case to test the limits of government powers under the Investigatory Powers Act 2016 to issue Technical Capability Notices (TCNs) requiring companies to give government agencies the ability to obtain and read encrypted communications.Ministers will be watching the publics reaction carefully to see whether people understand or care about the loss of their privacy of iCloud and if they do care, whether they care enough to vote against the government in future elections.Apples iCloud service is seen as and easy and relatively uncontroversial target compared to platforms like WhatsApp or Apples own encrypted iMessage service.Apples ADP cloud encryption service is an opt-in service, which is not widely used and might not be missed by those Apple customers that rarely think about their privacy and security.When the case reaches the IPT, which could be as early as this month, the first argument will be whether the case should be heard behind closed doors for national security reasons or whether the normal principles of open justice can and should apply.For the Home Office to continue to neither confirm nor deny the existence of the Technical Capability Notice issued against Apple will be hard to sustain when its existence has already been widely leaked and reported in the Washington Post and the Financial Times.The Spy Catcher case in the 1980s proved that it is pointless for governments to attempt to ban the publication of material that is already in the public domain. In other words, once a secret is no longer a secret there is no need for secret hearings.The courts took a dim view of MI5 when it emerged that the spy agency had falsely told three courts that the name of its agent had to be protected through secret court hearings without mentioning that it had already disclosed the agents name to a BBC journalist.Having a public hearing would allow the IPT to hear expert evidence from cryptographers and technical specialists who can properly explain how an order to break encryption could expose individuals and businesses to cyber security risks.For example, over 200 cyber security experts, companies and civil society groups, signed a letter in February calling for home secretary Yvette Cooper to drop demands for Apple to create a backdoors to its iCloud service.They pointed out in an open letter that back doors introduced for the government could just as easily be exploited by hostile nation states or cyber criminals, placing the UKs national security at risk.For national security professionals and government employees, access to end-to-end encrypted services allows them to safeguard their personal life, it said. Ensuring the security and privacy of government officials is vital for helping prevent extortion or coercion attempts, which could lead to greater national security damage.Apple's application to the Investigatory Powers Tribunal is believed to be the first time that a technology company has challenged a government Technical Capability Notice.Although similar notices have been issued in the past against traditional telecommunications companies, such as BT or Cable & Wireless, the companies have chosen to quietly implement them rather than to challenge them in court.The IPT will need to decide whether the Home Offices order against Apple is proportionate, which will mean weighing up the impact of breaking Apples encrypted services on security and privacy against the claimed benefits of the government having access to encrypted data on Apple's cloud storage.The argument is largely academic. Apple withdrew its Advanced Data Protection (ADP) service - which allows users to opt-in to use encryption to protect their iCloud data - from UK users in February, rather than comply with the Home Offices demands.That means that if police want to retrieve data from a UK registered phone, for example after a suspect had thrown their phone into the sea, they can ask Apple to retrieve the data from the phone owners iCloud account.For an overseas phone the task would be more difficult but far from impossible. GCHQ or the National Crime Agency for example have the ability to apply for equipment interference warrants to obtain data by lawfully hacking of a suspects phone.That leaves the only real case for introducing the order against Apple - to test the waters for issuing TCNs against big tech companies like WhatsApp, Signal and Telegram that appear to be the governments ultimate targets.UK law enforcement agencies and the Home Office have been claiming for years that such services pose a risk because they can be used by terrorists or paedophiles, regardless of whether they are used by millions of people for lawful purposes.The UKs action has created tensions with the US, however. President Trump told the Spectator on 28 February that the UKs actions were something you would hear about in China and that he had warned the UK you cannot do that during talks with prime minister Keir Starmer.Rebecca Vincent, Interim Director of Big Brother Watch, a civil society organisation that has successfully challenged the government over its use of intrusive surveillance in the courts, told Computer Weekly that the move against Apple would impact millions of people.The governments latest escalation towards Apple is alarming, as is the fact that the legal proceedings around this may take place in total secrecy. This is a matter of high public interest that will impact the privacy rights of millions in the UK, she said.If the government wins at the Investigatory Powers Tribunal, we will no doubt see similar orders to other platforms in the very near future. We will all pay the price, leaving the door to access our personal data wide open to the government and malicious actors alike, she added.A spokesperson for the Home Office said, We do not comment on operational matters, including for example confirming or denying the existence of any such [TCN] notices.But more broadly, the UK has a longstanding position of protecting our citizens from the very worst crimes, such as child sex abuse and terrorism, at the same time as protecting peoples privacy, the spokesperson added.Security Minister Dan Jarvis told the Commons on 24 February that it was not the case that privacy and security were at odds and that we can and must have both.The Investigatory Powers Act contains robust safeguards and independent oversight to protect privacy and ensure that data is obtained only on an exceptional basis, and only when it is necessary and proportionate to do so, he said.In response to questions about its legal appeal, Apple referred back to a statement it issued last month announcing its withdrawal of ADP services in the UKApple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will, it said.Read more about the Home Offices battle with AppleUS intelligence chief Tulsi Gabbard probes UK demand for Apples encrypted dataApple withdraws encrypted iCloud storage from UK after government demands back door accessTop cryptography experts join calls for UK to drop plans to snoop on Apples encrypted dataUK accused of political foreign cyber attack on US after serving secret snooping order on AppleApple: British techies to advise on devastating UK global crypto power grabTech companies brace after UK demands back door access to Apple cloud

When I first started work as a civil servant in 2017, people were quick to talk to me about issues with the way that we funded digital work. I subsequently had the opportunity of experiencing these challenges and reading countless blogs and opinions arguing that reform of funding was the single most important issue to unlock to truly deliver digital government.I disagree. While funding is important, its just one of a number of fundamentals that need to change that together represent something much deeper and more complex to shift than one particular policy or process.In the digital world, IT leaders spent years refining technology and ways of working to become more adaptive and responsive to change. We deploy updates multiple times a day, design modular architectures, leverage APIs, and build platforms that allow for and indeed thrive on constant iteration and improvement.In government, however, we layer these modern approaches onto a system of thinking and doing things designed in the 19th century one built for a more static, predictable world.Successive governments see technology as a silver bullet. Whether its process automation, blockchain or artificial intelligence (AI), they assume that implementing the technology, perhaps with a few tweaks to a process here or there, will be enough to overcome deeply embedded inefficiencies. It wont.In a policy-led environment, we have to start there. The way government creates policy and legislation hinders the ability to deliver modern digital services. The civil service is not set up for, incentivised to, or focused on creating digital solutions to problems. They bake in ambiguity or subjectivity that requires human intervention, which means its not possible to fully automate processes.The system builds in lots of conditionality and complexity which adds cost and time to delivery. Its difficult and slow to iterate and change policy in line with changing needs, even when change is constant. While there is an aspiration to break down silos and work in multidisciplinary teams, it isnt happening fast enough.Government needs to be bolder and compel a different approach to policymaking. There are many approaches they could take here. For example, they could set up a customer experience duty to compel consideration of implementation up front; make it mandatory to create wireframes or prototypes before finalising legislation; or direct 25% of all policymaking work to focus on solving problems through digital, technology and AI.One of the things that surprised me the most going into the civil service was the absence of data something I was used to seeing when working in the private sector.Having come from commercial organisations where the cost and performance of service lines were understood and constantly challenged, I was surprised to see that wasnt the case in government. For lots of reasons it is hard to define where public services start and finish, and difficult to gather and track cost and performance metrics for those services. But that needs to change.If we dont know what a service costs end-to-end or how its performing, how do we know where to invest or where to truly find efficiencies or improve user experiences? If we dont know what a service costs or how its performing, how do we know where to invest, where to find efficiencies or improve user experiences? Gina GillTo incentivise and drive improvement the government needs to get back to basics and understand spend based on the services delivered rather than the capabilities or organisational structures that exist.We need to understand the performance and user experience of those services. And we should tie both future funding and individual performance to the cost, performance and experience of the services that the public and businesses rely on.Its not all about funding, but funding is important. Current funding processes are designed for things like railways and submarines, not modern software development. They are too slow, too rigid, and too bureaucratic.This results in delaying delivery, not properly funding business-as-usual or risk reduction, and stifling innovation and experimentation with new technologies. A recent review of digital funding also found that departments implement the most stringent and onerous version of processes to ensure compliance, rather than taking advantage of measures that are built in to enable flexibility.Government needs a new and separate approach to fund digital work to allow it to deliver faster and pivot quickly, enabling improvements in real time rather than waiting years for a major transformation programme to be set up.As I left, some departments were setting up pilots to test models to enable this. These need to be tested, mandated and embedded quickly. But we can and should go further. Alongside funding, there is a need to focus on incentives and, given the economic climate, on incentives to save money.The biggest financial prizes need departments to be incentivised to work together to unlock them. For example, if the cost of recidivism is upwards of 18bn per year, we need to collectively task the relevant departments, agencies and local authorities to reduce that cost, rather than everyone shaving an arbitrary percentage off the cost of all services.I spent many years in the private sector and public bodies as a commercial leader. Much like with funding approaches, civil servants take the most stringent and onerous approaches to comply with procurement regulations.Rather than putting the outcome first and working out how to compliantly achieve that outcome, compliance is put first and people hope it delivers the right answer. The cost and time taken to procure along with a risk-averse approach to regulation, leads to long-term, rigid contracts limiting the ability to adapt, usually with a handful of large suppliers as only they can afford to take part in lengthy procurement competitions.The government needs a different approach to procurement of digital products and services, led by digital commercial specialists. It needs to mandate the use of the flexibility that exists in frameworks already to compete faster so that departments use that flexibility - using benchmarks and setting standards for what good looks like. Departments must contract in a more modular and flexible way, allowing for course correction, scaling and innovation from the outset.There is also an opportunity to contribute to growth by creating a GovTech ecosystem, such as Scotlands CivTech programme.Last but not least, there are many things written about the shortage of digital and data skills. What I want to talk about instead is digital understanding outside of the governments digital and data profession which, while improving, is still a long way from where it needs to be.The recent State of digital government report found that digital is not seen as a valued skillset at a time government is looking to technology to play a core part in making service delivery better and more efficient.We should expect senior leaders in the civil service to be able to run digital businesses - which is effectively what many of them now do - and equip them to do so well. We need to embed different expectations in job descriptions, recruitment processes, learning and development, and performance approaches for all senior leaders.Small interventions are not enough to develop leaders that have skills and confidence to lead government in a digital age. A more holistic approach is needed that immerses leaders in digital and enables them to qualify to lead the change government needs.These challenges arent easy to solve, but lots of the building blocks are in place, from understanding the issues to some parts of solutions in departments and agencies.To create a digital government, technology is not the only thing that needs to be responsive - the entire system of government needs to be designed for adaptability.The question is - are we ready to embed this thinking at the heart of how government operates? If we dont do it now, will we ever?Gina Gill was chief digital information officer at the Ministry of Justice from 2021 to 2024, and subsequently executive director of the Central Digital and Data Office, until leaving the civil service in February 2025.Read more about digital governmentLabour announces plans to overhaul digital government - The Government Digital Service will be expanded along with changes to the way technology is funded, built and delivered across the public sector, as Labour aims for improvements previous administrations struggled to achieve.Rewiring Whitehall: The next steps in digital government - Theres a new government in place with fresh impetus to accelerate the digital transformation of public services, but whats going to be different, better and more successful this time around?Digital transformation - the missing government mission? Not for the first time, an incoming government has an enormous opportunity to improve public services through digital transformation - but whoever wins the general election will need to learn the lessons of the past.

The government has concluded its long-running consultation into stamping out tax and employment rights non-compliance by umbrella companies, meaning the sector is now one step closer to becoming regulated.In its response to the consultation, the government said it would use a two-pronged approach to ensuring IT contractors (and those working in other sectors) receive the employment rights they are entitled to when working through umbrella companies and are taxed correctly for their work.The first prong will see the government legislating to define what umbrella companies are, through an amendment to the Employment Rights Bill, which will bring their activities under the watchful eye of the Employment Agency Standards Inspectorate (EASI).This is a move that contracting market stakeholders have called on the government to make for several years, as the EASIs remit includes protecting the rights of employment agency workers.What are umbrella companies?Umbrella companies are frequently used by recruitment agencies and end clients to run the payroll procedures for any contractors and freelance workers they engage.The number of contractors who provide services to end clients through umbrella companies is thought to have soared in recent years, following the introduction of changes to the IR35 tax-avoidance rules in the public and private sector.Under the reworked rules, the end clients are now responsible for determining how the freelance workers they engage should be taxed, whereas previously this was the responsibility of the contractors themselves.In response to these changes, Computer Weekly has unearthed numerous examples of private and public sector organisations that have introduced hiring bans that mean only contractors who work via umbrella companies can be engaged by their organisations.This is because the contractor is considered the umbrellas employee in this setup, which means the end client is no longer responsible for determining how the contractor should be taxed.In a typical contractor-to-end-client supply chain, employment agencies often rely on umbrella companies to manage the payroll for the workers on their books, which is why involving EASI appears to be logical move.On a similar note, the second prong to this umbrella company clampdown will see employment agencies assume responsibility for ensuring the correct amount of Pay As You Earn (PAYE) contributions are paid by their workers when an umbrella company is involved in the labour supply chain.This change was announced in the Autumn Budget 2024, with the government stating that it expects the move to generate 895m in additional tax during the 2026/2027 financial year by making it harder for umbrella companies to engage in tax avoidance-related activities.Where an umbrella company is used in a labour supply chain to engage a worker, the government will bring forward legislation to move the responsibility to account for PAYE from the umbrella company that employs the worker, to the recruitment agency that supplies the worker to the end client, said the government, in its consultation response.Where there is no agency in a labour supply chain, this responsibility will sit with the end client. This will take effect from April 2026.The governments consultation document does, however, acknowledge that some of the steps involved with defining what umbrella companies are, and working out how to regulate them, may not be straightforward.To this point, it confirmed that no consensus was reached by the stakeholders who contributed a total of 75 responses to the consultation about how best to define umbrella companies.A topic where some agreement was reached was on what the substance of umbrella regulations should be.Responses indicated a consensus that the government should concentrate on addressing financial detriments, worker understanding of the umbrella arrangement and ensuring genuine businesses operate in the umbrella market, the consultation document stated.As stated in the document, tax avoidance is widespread within the umbrella company market, with HMRC claiming that 500m was lost to disguised remuneration tax avoidance schemes during the 2022 to 2023 tax year, which it said almost all of which was facilitated by umbrella companies.The document added: This tax non-compliance can leave workers facing substantial tax bills and enables non-compliant umbrella companies to undercut their competitors, threatening the viability of those businesses that do the right thing, as well as the functioning of the market itself.It continued: HMRC takes robust action against non-compliant umbrella companies using its compliance powers. However, there is a clear case for strategic action to prevent these forms of non-compliance from occurring at all.Crawford Temple, CEO of independent payment intermediary compliance assessor Professional Passport, said the governments response confirmed much of what was already known about its plans for the umbrella market, as much of it has been foreshadowed.However, it remains to be seen what the true impact of these changes will be, he continued, and more detail on that will come when the draft legislation emerges, which will provide employment agencies with a steer on how much work they will need to do to comply by the April 2026 deadline. The government needs to tread carefully in the implementation of its plans as any loopholes could simply lead to further exploitation of the rules and another boom in non-compliance Crawford Temple Professional PassportOne area he said the government will need to tread carefully is in how it defines umbrella companies. Any definition needs careful consideration as any definition can be re-engineered and could open the doors to further non-compliance, he said. Government needs to tread carefully in the implementation of its plans as any loopholes could simply lead to further exploitation of the rules and another boom in non-compliance.The government first committed to regulating the umbrella sector way back in 2018, so the fact there is tangible progress being made towards this goal is significant, but according to Temple regulation and making agencies accountable for ensuring contractors pay the right tax will only go so far.HMRC needs to step up, and we know that legislation is not the sole answer and must be supported with visible compliance and enforcement, which has been lacking from HMRC in recent years, he added.Meanwhile, Dave Chaplin, CEO of contracting authority ContractorCalculator, said regulation of the sector is long overdue, but the measures being put forward by the government mark a major step forward in the fight to protect workers and tackle tax non-compliance.Shifting PAYE responsibility to agencies and end clients is a game-changer, ensuring taxes are properly collected before rogue umbrella companies can rip-off workers and the exchequer with non-compliant practices, he said.Regulating umbrella companies will finally bring accountability to an industry that has operated unchecked for too long. The fight against tax fraud and unfair deductions isnt over, but these reforms lay the foundation for a fairer labour market.Read more about umbrella companiesWith the umbrella company industry increasingly findingitself under attack from cyber criminals, contracting market stakeholders embark on a fresh round of calls for the industry to be regulated.With thousands of IT contractors set to start working through unregulated umbrellacompanies for the first time when the IR35 reforms take hold in the private sector, concerns are growing about the danger this could pose to their income and tax affairs in years to come.

The NHS is "looking into" claims made by an IT whistleblower that patient data was left vulnerable by security failures within a private healthcare provider.The personal details of NHS patients referred to virtual healthcare provider Medefer were exposed due to an application programming interface (API) security flaw.There is no evidence that data was compromised and the vulnerability has been fixed, but Medefer admitted the API security flaw left data vulnerable to a targeted attack.Medefer offers patients online appointments through the NHSs e-referral system (e-RS). When a patient is referred to Medefer, the firm receives patient data from e-RS or the NHS Spine to make it available to medics, who provide online consultations.The healthcare provider said it has appointed an independent security firm to investigate the flaw and an external counsel to advise on the situation, but did not say when.The security hole in the Medefer API, which was discovered in November 2024, meant data on Medefers internal patient record system, which contains data from the NHS, could have been accessed without requiring authentication, via the API.Medefer CEO and NHS consultant doctor Bahman Nedjat-Shokouhi said the problem was fixed within 48 hours of being discovered, but he admitted to not knowing how long the vulnerability existed.He said the exposed data was not full medical records but admitted it included names, addresses, NHS numbers and some doctors' notes.The whistleblower, a software testing contractor, said he reported the security hole in the private companys systems to its management, while working for the company. He said he believes the problem existed for at least six years.Hackers target vulnerabilities such as this using a suite of automated tools and techniques to retrieve private and sensitive information that could be monetised or used for further malicious activity.Since no authentication was required, attackers could script automated calls to the APIs to exfiltrate large amounts of data, for example all patient records, he added.The NHS and Medefer know the identity of the whistleblower, but he has asked to withhold his name from this story. Computer Weekly has seen evidence of conversations between Medefer employees expressing the seriousness of the security problems.The whistleblower said: I found a number of other vulnerabilities and highlighted many issues with how the systems were built, maintained and deployed, which were repeatedly raised over the next two months. Upon, again, raising this with the CEO and threatening to go public my contract was terminated abruptly."Nedjat-Shokouhi said this was not the reason the whistleblower was let go, but would not comment furtherA statement from Medefer said: We are taking the matter seriously so that we can provide reassurance to patients and other interested parties. In the interests of transparency, we have notified the Information Commissioners Office (ICO) of the allegations and lines of communication remain open. We have also commissioned an independent investigation into the matter to be conducted by a City firm of solicitors with the assistance of external data experts and leading and junior counsel."The company added: To date, we have found no evidence that any patient data has been compromised. We will continue to ensure the highest standards of data security and patient confidentiality are upheld and we will keep the ICO updated, as appropriate. If any weaknesses are found to exist, they will of course be addressed."After his contract was terminated, the whistleblower contacted the NHS last month for support and requested it contact him urgently, but he did not receive any acknowledgement or response, he told Computer Weekly.After Computer Weekly contacted the NHS, a spokesperson said: "We are looking into the concerns raised about Medefer and will take further action if appropriate. Individual NHS organisations must ensure they meet their legal responsibilities and national data security standards to protect patient data when appointing suppliers, and we offer them support and training nationally on how this should be done.The NHS was not aware of the Medefer security concerns when Computer Weekly contacted it on 27 February.Medefer has hired a security firm to produce a report on the API flaw and fix, which is due to report imminently.The ICO confirmed Medefer made it aware of the investigation into the security problem and said there has been no reported breach. Computer Weekly asked the ICO when it was informed by Medefer of the vulnerability, but said it would not provide that detail.The whistleblower, who said it seems Medefer is now doing the right thing, said the Post Office scandal influenced his decision to speak out when he felt not enough was being done by the NHS, ICO and Medefer. "Its a matter of responsibility, integrity and ethics, he said.Neil Gordon, a professor at the University of Hull and chair of the British Computer Society's ethics specialist group, said the Post Office scandal has highlighted the important role that IT staff have in alerting employers and authorities to potential problems.The Post Office Horizon scandal has starkly demonstrated the critical need for IT professionals to speak up when they identify problems. The destructive consequences of silence are evident in the injustice suffered by so many subpostmasters, he told Computer Weekly.As our reliance on IT systems grows - particularly in safety-critical areas like healthcare and autonomous vehicles - specialists must not only feel empowered to raise concerns but also be heard when they do.Gordon said organisations should foster a culture that welcomes internal scrutiny, rather than suppressing it.

Tina Ifremer sounds like the latest R&B singer youve never heard of. But, actually, its the name given to the Atempo backup software thats been in use for 23 years by the French national institute for ocean science and technology.Thats quite a lengthy period for a piece of software to be deployed, given that customers are much more likely to change things every few years.And for good reason. The institute Ifremer, for short; its an abbreviation needs to be able to access records that date back over that period of near two-and-a-half decades. Ifremer specialises in oceanographic studies, aims at sustainable use of the seas resources and the marine environment, and shares information with a wide range of organisations to those ends.It employs 1,500 in a workforce that includes scientists, engineers, technicians and admin staff across five centres in France and its overseas territories. Meanwhile, it has around 20 operational sites across the worlds oceans.Its a public sector organisation an EPIC, in the terminology established so that while most of its funding comes from government ministries, Ifremer has the capacity to respond to service requirements from elsewhere to help with funding.A third-party support provider, RIC, based in northern France, looks after operational maintenance, infrastructure, networks, backup, storage and the security of research data. It also looks after high-performance computing (HPC) on the Datarmor supercomputer, which carries out oceanic modelling that includes temperatures, salinity, and so on. Ifremer selected Atempo as a data protection provider back in 2002. That included protection of bare metal servers, databases and the organisations network-attached storage (using NDMP). A total of 400TB (terabytes) is protected, with Tina deployed at each site and backups centralised at a site in Brest, France.That configuration allows for rapid and reliable restores from the central site while also protecting local sites. Ifremer works to a 3-2-1 backup schema and also stores backups off-site on tape. That occurs via a Quantum DXI disk-based backup appliance that stages data off to tape, which optimises performance during backup windows and builds in data reduction.The key challenges and, as a result, the key criteria in product choice were:The need to be multisite, with an IT environment shared across the worlds oceans, which complicated centralisation of backups.Large volumes of data, with hundreds of terabytes of data resulting from research that needs to be stored.Large numbers of small files, which presented issues of performance, especially in indexing millions of small files.Self-service restores, carried out by the researchers without needing to depend on the IT team.We want to protect the intellectual heritage of Ifremer, said Batrice le Berre, who works on the team that runs Tina at Ifremer. Ifremer has the challenge of data sovereignty. We are partisans of the principle of open data in science, but at the same time, we have to be aware of espionage and attempts to take critical data.Jrme Le Letty, who also works on the Tina team, added: Being able to navigate temporally was another key factor in the adoption of the solution. That allows us to visualise the state of a disk in the Tina UI [user interface] and view its deleted files, maybe in error, and recover them, and thats essential.At each of the remote sites, backups take place daily and locally, going to tape or disk depending on the size of the site. Once a week, local backups are sent to the central datacentre at Brest.The solution does its work and does it well, said Le Berre. Tina works on the different platforms that we use, even the Linux servers.Next, the plan is to back up virtual servers to Tina. Also, Ifremer wants to create a digital replica of the oceans on the Datarmor supercomputer, which itself is undergoing a huge update.Ifremer pays for Tina via a three-year renewing licence with no restriction on data volumes stored. The software is updated twice a year.Read more about backupBackup technology explained the fundamentals of enterprise backup: We look at backup and its role in enterprise data protection, including what to backup and how often, RPO and RTO, full and incremental, and if backups can be replaced by snapshots.Backup types explained full, incremental, differential, synthetic: We look at backup on-premise and cloud and the key variants available, from full backup to synthetic full, via incremental, differential, incremental forever and reverse incremental.

In thisstorage supplier profile, we look at Dell storage, which is part of the infrastructure solutions group of the Texas-based giant Dell Technologies.Since the last profile we did on Dell, its acquisition of EMC, which formed such an important part of its storage portfolio, has been eclipsed as the tech worlds largest ever. But only just, and by the sale of former EMC subsidiary VMware to Broadcom in 2023 for $69bn.What has been eclipsed, however, is any trace of EMC branding in Dell storage. And, while under the hood, and in the spread and scale of its storage products, EMCs legacy remains, you wouldnt know unless intimately familiar with it.Here, we look at Dells storage offer, which sees upgraded storage for artificial intelligence (AI) use cases and includes the ability to extend on-premise to cloud storage, manage containers and take advantage of as-a-service methods of storage procurement.Dell made its first foray into storage in 2008 when it bought iSCSI storage area network (SAN) player EqualLogic. It then added tiered storage SAN specialist Compellent in 2011.Its big move came in 2015 when it bought enterprise SAN giant EMC for $67bn in a deal that closed in 2016. That also brought virtualisation pioneer VMware, which was sold to Broadcom for $69bn in 2023.Dell was founded in 1984 by Michael Dell in Texas, where he started to sell IBM-compatible PCs. The company made big gains from the early consumer PC market and saw off competitors, but by the early 2000s it started to expand beyond PCs while sales growth slowed.In 2023, IDC ranked Dell EMC top of the storage array makers with market share of 26%. That was quite a long way ahead of Huawei (9.7%), HPE (8.3%), Lenovo/Lenovo-NetApp (7.7%), NetApp (7%), Pure Storage (6.1%), and Hitachi and IBM (both just under 5%).Dell Technologies was ranked 48th in 2024s Fortune 500. Thats a little down on the last time we wrote about it in 2023, when it was 34th.In 1996, Dell revenues were $5.3bn. That increased to around $60bn between 2008 and 2012. After that, revenues declined to a low of $51bn in 2016, only to begin recovery following absorption of EMC to stand at $102bn in 2023. That dropped away to near $88.5bn in 2024.PowerMax SAN and network-attached storage (NAS) arrays formerly EMCs VMAX are non-volatile memory express (NVMe) flash-equipped products aimed at critical databases, big virtual machine (VM) clusters and mainframes. PowerMax comes in two series, the 2500 and 8500, both powered by Intel Xeon processors, NVMe flash drives and Nvidia BlueField DPUs. The 8500 can scale from two nodes to 16 nodes and is aimed at demanding mixed workloads, with advanced cyber resiliency features like the Cyber Recovery Service for PowerMax.In the mid-range, PowerStore is the successor to the EMC VNX and Unity lines. The latest version of the platforms operating system is PowerStore 4.0, while array products run from the 500T to the 9200T, with incremental models between, and the recently launched 3200Q, which offers high-density quad-level cell (QLC) flash storage capacity.All hold 90-plus all-The former EMC Isilon scale-out NAS is now called PowerScale, with a model range that includes F-series (high performance, low latency), H-series (balanced performance and capacity), and A-series (long-term bulk storage and archives). The Isilon heritage still persists in the form of the OneFS operating system, or PowerScale OneFS as it is now called.F-series arrays range from F2XX to F9XX with all-flash and QLC and triple-level cell (TLC) high-density options and scaling from a few hundred terabytes to near 8PB. Meanwhile, H-series arrays offer hard disk drive (HDD)-based capacity with a solid-state drive (SSD) cache with cluster capacity up past 100PB possible, when the maximum 250-plus nodes are deployed. A-series PowerScale arrays are also HDD-equipped with maximum cluster capacities similar to the H-series.The flagship F900 is aimed at AI, machine learning (ML) and high-performance computing (HPC) workloads, media and entertainment 8K processing, genomics, algorithmic trading, and so on.The former EMC ScaleIO software-defined storage is now PowerFlex, which it dubs software-first as it is available in pre-configured rack, appliance and software-only modes. It offers file and block storage and can scale to 16PB raw capacity. PowerFlex aims at data/analytics, AI/ML, and enterprise applications such as enterprise resource planning (ERP) and customer relationship management (CRM).ECS is Dells S3-compatible object storage hardware family, which is aimed at unstructured data storage. ECS appliances come as the EX500, EX5000 and EXF900 product lines. Only the latter is all-flash, with the EX500 and 5000 taking SATA HDDs. Capacities range from the low tens of terabytes to 7.6PB, 14PB and just under 24PB in a rack.PowerVault ME5 is low-cost, scalable block storage aimed at small to medium-sized enterprises (SMEs) and remote office deployments. Suggested use cases vary hugely, from backup and archive, through virtualisation/virtual desktop infrastructure, to database operations, as well as edge deployments such as CCTV.Basic options are ME5012, which comes in a 2U chassis with up to 12 drives and 288TB; ME5024, which can take up to 24 drives and 184TB, configurable with flash or as all-flash; and ME5084, which comes in 5U form factor and 84 drives for the more data-heavy end of target workloads and maximum capacity of just over 2PB.Dell EMC storage covers all bases, from the most performance-hungry AI and HPC use cases, through database and transactional workloads, to all general workloads, including entry-level and SME storage. Block, file and object storage, and mainframe use cases can be handled by product families in the Dell EMC range.Dell EMC has long had public and private cloud connectivity from its storage hardware. This includes MultiCloud Data Services, which delivers hosting, cloud connectivity, and storage and data protection as fully managed services.Meanwhile, PowerMax, PowerStore and PowerScale storage arrays, and PowerProtect (formerly EMC Data Domain) backup appliances can access multiple public clouds. Use cases targeted here include multicloud disaster recovery, test and development, and distributed high-performance computing.Also, last year, cloud storage provider Wasabi Technologies announced a collaboration with Dell to provide customers with hybrid cloud solutions. Dell PowerProtect appliances can natively tier data to Wasabi.In 2023, Dell launched its Apex Red Hat OpenShift service to allow customers to use open source container management software in enterprise deployments.Red Hat OpenShift is the IBM-owned companys container orchestration service thats based on Kubernetes and works with Ceph open source storage.Prior to that, Dell made Container Storage Modules (CSMs) generally available in 2021. CSMs are plug-ins that provide Kubernetes storage and data protection management that go beyond basic container storage interface (CSI) functionality.CSI drivers typically help in provisioning, deleting, mapping and unmapping volumes of data. CSMs are for enterprise customers that want more automation and control via a relatively simple user interface.CSI plug-ins are available for all Dell storage hardware products.Dell EMCs consumption model of purchasing is Apex, which allows customers to select from block, file and object storage hardware, plus data protection appliances.Dell has committed to offer customers the ability to extend the Dell experience to public cloud services (ground to cloud), bring the cloud experience to on-premise environments (cloud to ground), and provide an air traffic control layer to help monitor and manage it.Apex customers work with Dell to determine a committed capacity and buffercapacity that is likely to be required in the future. Raw and usable capacity data is measured at component level, daily averages are calculated and a monthly average then derived from that.Dell also has a partnership with Equinix that offers data colocation in the UK for customers.Read more about storage suppliersNetApp maintains push to data management for AI: From data storage to intelligent data infrastructure thats the plan from NetApp, which has announced data curation for artificial intelligence as well as additions to its ASA and FAS storage arrays.Pure deepens Fusion as reorientation to storage for AI continues: Pure Storage launches Fusion storage classes across its arrays as a pool of storage for AI-centric workloads, plus AI Copilot and Evergreen//One for AI storage-as-a-service.

Production Perig - stock.adobe.cNewsNHS rolls out AI app to predict and prevent falls that could land patients in hospitalHealthtech company Cera's artificial intelligence app can also predict the onset of winter viruses, and is being keenly adopted across the NHSByCaroline Donnelly,Senior Editor, UKPublished: 05 Mar 2025 0:01 An artificial intelligence (AI) tool designed by a former NHS doctor to predict and prevent patients from suffering from falls in the home is being rolled out across the health service.The tool, provided by healthtech provider Cera, is being used in more than two million patient home care visits a month, according to NHS England, and has also been rolled out across more than two-thirds of NHS Integrated Care Systems.The technologys creator, Cera CEO Ben Maruthappu, designed the tool to minimise avoidable or unnecessary hospitalisations caused by falls in the home.AI in home care is a gamechanger; by enabling better care delivery it has the power to save countless lives while also saving the taxpayer billions, he said.Weve seen first-hand how AI can transform health outcomes for high-risk and vulnerable individuals - preventing illness and injury, radically reducing avoidable hospitalisations, and empowering people to live longer, healthier lives, in their own homes.The tool works by monitoring vital health signs that can predict the risk of a person experiencing a fall, allowing healthcare staff to intervene and take actions that will prevent the person coming to harm.Falls are the largest cause of emergency hospital admissions for older people with estimates that around 30% of people aged 65 and above, and around half of those aged 80 and above will experience a fall at least once a year, said NHS England, in a statement. These falls and fractures account for over four million bed days a year at an estimated cost of 2bn.As well as predicting and preventing falls, the AI technology can be used to detect the symptoms of winter illnesses that can also put seasonal pressure on the NHS.The technology works by allowing carers, family members and healthcare staff to record patient updates on an app which then monitors and reacts to a range of vital health signs in real time, such as blood pressure, heart rate and temperature, said NHS England.It predicts future risks of falls and health risks, and alerts healthcare professionals of those at risk so they can step in and provide patients with the care in the community necessary to prevent future emergencies.The software can also automate the process of completing paperwork for healthcare staff, such as visit schedules, so they can spend more time providing care to the patients and less on admin.Vin Diwakar, national director of transformation at NHS England, said the tool is a great example of how the NHS is using technology to improve patient outcomes and become more efficient.We know falls are the leading cause of hospital admissions in older people, causing untold suffering, affecting millions each year and costing the NHS around 2bn, so this new software has the potential to be a real gamechanger in the way we can predict, prevent and treat people in the community, he said.This AI tool is a perfect example of how the NHS can use the latest tech to keep more patients safe at home and out of hospital, two cornerstones of the upcoming 10-year Health Plan that will see shifts from analogue to digital, and from hospital to community care.The NHS is increasingly turning to AI to help improve services. Last month, the Department for Health and Social Care announced an 11m pilot project to use AI to help radiologists find breast cancer quicker. And last year, a six-month pilot at Mid and South Essex NHS Foundation Trust saw a 30% drop in missed appointments, leading to a further 10 trusts rolling out the AI software to reduce waiting times.Read more about the use of AI in the NHSAn 85m funding pot is being distributed between three projects, aiming to establish new ways of researching howartificial intelligencecan be used to target hard-to-treat diseases and develop medicines.NHS Shared Business Services is looking to deployartificial intelligence across the NHSthrough a 150m framework.A report has found that widespread use ofartificial intelligence-powered genomic health predictionin the NHS could lead to privacy and ethical issues, discrimination and dependency on the private sector.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueRelaunching Neighbourhood Watch for the Internet Age When IT Meets PoliticsSLM series - Tabnine: A working combination of SLMs, LLMs (and the case for RAG) CW Developer NetworkView All Blogs

Laurent - stock.adobe.comNewsFew UK organisations ready to seize agentic AI opportunityAgentic AI promises to automate manually intensive tasks intelligently, yet few business leaders feel their organisation is ready to deploy itByCliff Saran,Managing EditorPublished: 05 Mar 2025 0:01 Research for Microsoft conducted by Goldsmiths, University of London, has reported that the highest performing businesses and most productive public sector organisations have a clear artificial intelligence (AI) strategy and are preparing for agentic AI.The research, published in Microsofts Agents of change report, polled 1,480 UK senior leaders across the public and private sectors, as well as 1,440 UK employees.According to the report, while the majority of leaders and employees acknowledge the benefits on offer, far fewer believe their organisation is in a position to seize them. The study found that barriers of workforce readiness, strategy and regulatory uncertainty persist.Secretary of state Peter Kyle said AI agents have a key role to play in helping organisations work smarter rather than faster.Chris Brauer, director of innovation at Goldsmiths, University of London, said: Agentic AI has the potential to revolutionise operations, increase resilience and free employees from many routine tasks if organisations are front footed. There are steps high-, medium- and low-performing organisations in both the public and private sectors can take today.The report found that two-thirds (67%) of leaders and nearly half (46%) of employees believe they would be more productive if AI could autonomously handle many of their time-consuming or repetitive tasks.Microsoft defines agentic AI as an AI system with varying capabilities, including making decisions and taking actions to achieve specific goals with reduced or no direct human intervention.Microsoft UK CEO Darren Hardman said: Agentic AI can play a key role in removing digital drudgery, giving workers the opportunity to spend more time on creative and value-adding tasks.Almost three-quarters (71%) of the people who took part in the survey say they are looking for ways to create cost reductions through automation. Two-thirds (64%) say they are seeking efficiency and productivity gains through AI-led workflows and processes. The survey also found that many organisations are aiming to strengthen business resilience by using AI to improve fraud detection, forecast risks and enable real-time responses to market changes.However, the study found that just 46% of leaders say their organisation has a formal AI strategy in place. While this is a notable increase since 2024, when that figure was 29% according to previous Microsoft research, the report said the figure is still not high enough if the UK is to unlock the full potential of agentic AI.The report concluded that many UK organisations are stuck in neutral gear at the very time they should be accelerating. As well as limiting the value generated by their AI tools, this threatens their ability to future-proof for new innovations while jeopardising their aspirations for growth and competitive edge, it warned.To tie in with the study, Microsoft announced AI Accelerator for Sales, which will be available from 1 April. The accelerator programme includes access to AI experts at Microsoft to help customers migrate from legacy customer relationship management (CRM) systems and aid with seller adoption. AI Accelerator for Sales also provides what Microsoft describes as fine-tuning, which it said personalises the output of AI agents to meet specific business needs.Read more about agentic AIAlation unveils AI agents plus SDK for agentic development: Data catalog vendors new agents for documentation and data quality monitoring represent innovation among metadata management vendors and could force competitors to respond.2025 will be the year of AI agents: 2025 could bring more agentic AI developments. Enterprises could embed agents in their workflows. It could also lead to an orchestration infrastructure and better reasoning models.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueRelaunching Neighbourhood Watch for the Internet Age When IT Meets PoliticsSLM series - Tabnine: A working combination of SLMs, LLMs (and the case for RAG) CW Developer NetworkView All Blogs

CW+ Premium Content/Computer WeeklyThank you for joining!Access your Pro+ Content below.4 March 2025Cutting the costs of AIIn this weeks Computer Weekly, we analyse how the emergence of the DeepSeek AI model shows how the cost of deploying artificial intelligence is coming down. Samsung put a UK tech startup at the heart of its latest flagship smartphone launch we talk to its founder. And we look at a transport industry project looking to optimise road haulage to reduce carbon emissions. Read the issue now.Access this CW+ Content for Free!Already a member? Login hereFeaturesin this issueDeepSeek-R1: Budgeting challenges for on-premise deploymentsbyCliff SaranThe availability of the DeepSeek-R1 large language model shows its possible to deploy artificial intelligence on modest hardware. But thats only half the storyInterview: Why Samsung put a UK startup centre stagebyCliff SaranThe launch of the flagship Galaxy S25 smartphone from Samsung showcased AI innovation from a company spun out of Oxford UniversityView Computer Weekly ArchivesNext IssueMore CW+ ContentView All

A Paris court has denied bail to businessman Thomas Herdman, who faces charges over distributing encrypted phones that were used by criminals, stating that he is a flight risk and that justice needs to be carried out.The Canadian is charged with 22 offences, including laundering profits from drug trafficking by organised crime through the distribution of Sky ECC encrypted phones. He denies all charges.Belgian and Dutch police broke the encryption of Sky ECC, the worlds largest cryptophone network, and harvested millions of messages between June 2019 and March 2021, resulting in mass arrests of suspected drug gangs in France, Belgium and the Netherlands.French prosecutors have indicted more than 30 individuals who owned or worked for four companies that distributed Sky ECC phones and individual resellers. Sky Globals founder and CEO, Jean-Francois Eap, who continues to live and run businesses in Canada, is among those named on the French indictment.Herdman is understood to be the only individual charged in French custody.At a hearing in a Paris court on 27 February, Herdmans lawyer, Paul Sin-Chan told, the court his client had been cooperating with American authorities, including the Department of Justice (DoJ), the FBI and the US Marshals Service, before he was unexpectedly arrested by French police.Herdman had consistently demonstrated his willingness to work with law enforcement and should not be considered a flight risk, the court heard.Philippe Ohayon, also representing Herdman, said French police were wrong to extradite his client to France while he was working with US law enforcement investigating Sky Global in Spain.Thomas HerdmanThe court heard that the FBI ran a sting operation to trap Herdman. A Department of Justice report disclosed to the court claims that Herdman allegedly sold three Sky phones to undercover officers posing as drug traffickers.The prosecutor acknowledged both Herdmans cooperation and the fact that he had not directly communicated with anyone she said was mafia.Five judges will hear a case against 30 people accused of being involved in the distribution of encrypted mobile phones used by organised criminals at a special criminal court expected to take place in spring 2026 in Paris.The French appeal court judges rejected a petition by Herdman in December 2024 to expedite his case by hearing it in a lower court, after his lawyers argued that there was no evidence that Herman had any direct links to criminality.The defence team said their client was isolated and had lost hope after years of incarceration without trial.When Herdman addressed the court, his voice broke with emotion. He has been detained for nearly four years without trial.His daughter, Julie, who was in the courtroom for the hearing, cried as he spoke of missing four of her birthdays.Herdman asked the court to allow him to fight his case from outside prison. He assured the judges that he had a job and a place to live in France, which demonstrated his ties to the country.I am the breadwinner for my family, and this situation is weighing heavily on them, he said. He told the court that his mother suffered a stroke in December and now requires 24-hour care, further straining the familys finances.Read more about Sky ECCBelgian police raid 200 premises in drug operation linked to breach of encrypted phone network.Police crack worlds largest cryptophone network as criminals swap EncroChat for Sky ECC.Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime.Cryptophone supplier Sky Global takes legal action over US government website seizures.Sky ECC provided free cryptophones to a Canadian police force.Ex-boxer fights US government over legality of Sky ECC cryptophone intercepts.Dutch lawyers raise human rights concerns over hacked cryptophone data.He rejected allegations that he was involved in illicit activities and told the court he did not own Sky Global and was not an employee of the company.Herdman was hired by LevUp Technologies Inc in 2017 after it won a contract to distribute Sky ECC phones. He described LevUp as a failed business that had never profited from criminal activity.According to my calculations, it only had 1% of Sky Globals customers, he said.His only known link to France, Herdman argued, was a computer server used by Sky Global, which supplied Sky ECC software to resellers, in a French datacentre that he had not even been aware of.He said France was bending its own pre-trial detention rules by holding him for so long without trial. I was extradited from Spain and came here willingly, Herdman said. I am not a flight risk.After a short deliberation, the judges ruled against granting Herdman bail.As officers prepared to take him back into custody, Herdman and his daughter exchanged words I love you before he was led away in handcuffs.Speaking outside the courtroom, Julie said she was baring up given the circumstances. I didnt know what to expect, she said, but my dad and his lawyers did think the bail would be denied, so they were prepared for it.He has 10 days to appeal the decision.Read more about Thomas Herdmans legal battle2010: Jean-Francois Eap founds Sky Global which develops and markets software for use in encrypted phones.2017: Grant Persall, the owner of LevUp Technologies, which had won a contract to distribute Sky ECC phones, hires Thomas Herdman.June 2019: Herdman is first contacted by US undercover agents posing as potential clients.9 March 2021: Belgian police raid 200 premises after infiltrating the encrypted messaging service Sky ECC.11 March 2021: France launches investigation into Herdman.12 March 2021: A grand jury in the Southern District of California indicts Thomas Herdman and Jean-Francois Eap for crimes allegedly committed through Canadian telecommunications company Sky Global. Herdman is alleged to have been involved in distributing telecommunications devices to retailers, which in turn sold a number of phones to individuals who used them for criminal purposes.7 April 2021: Herdman agrees to take part in a proffer session with the US government and US federal agents. He agrees to travel from France, where he is living, to Madrid in Spain for a series of meetings with US law enforcement officials.31 May 2021: A French judge signs a warrant for Herdmans arrest.3 June 2021: Herdman is arrested by Spanish police in Madrid where he has relocated at the request of US prosecutors. He is detained at the Prison de soto del Real-Madrid V.18 June 2021: Herdman is extradited from Madrid to Paris. He is detained in Fleury-Mrogis prison south of Paris.1 August 2024: A French prosecutor recommends Herdman is released on bail of 5m.5 August 2024: Herdman is refused bail.3 September 2024: Herdman is refused bail by the Paris Court of Appeal.5 November 2024: The court orders Herdman to appear at a special criminal court of five judges expected to take place in spring 2025. Out of 30 named individuals in the indictment, Herdman is the only person to have been detained and is expected to appear as the sole defendant.12 December 2024: The appeal court refuses Herdmans application to have his case heard more quickly in the correctional court and denies a bail application.28 February 2025: A Paris court rejects a further bail application from Herdman.

More than 900 people attended the Nutanix Next Tour event in London in February. For Nutanix, many were not existing customers the majority were customer prospects, and the ongoing concerns about VMware now being owned by Broadcom means that many people including many attendees are looking for alternatives.The completion of VMwares acquisition by Broadcom at the end of 2023 signalled a refocus on VMwares largest customers. Broadcoms strategy has been to move companies from perpetual licence to software subscriptions. It also changed licensing and introduced software bundles that have made the VMware platform more expensive for some customers.During its annual VMware Explore conference in Las Vegas, Broadcom president and CEO Hock Tan said that Broadcom has simplified VMwares product lineup from 8,000 product variants down to four core offerings.Weve invested a lot to make our products easy to use and work together, he said. Were taking the software youve grown to love and trust VMware vSphere, vSAN, NSX, vRealize and making it all work better together. We enable you to deploy it as a stack to virtualise your entire datacentre to create a single platform.For years, businesses have relied on VMware to provide server virtualisation in their datacentres. The technology is so deeply embedded in many organisations that swapping out VMware for an alternative product is seen as costly and high risk. Broadcoms strategy is to get its enterprise customers to run workloads in private clouds built based on VCF, the VMware cloud foundation platform.Nutanix is effectively a rival in this market, offering a software platform that provides server virtualisation, containerisation and the ability to run workloads on-premise and in public clouds, all managed via a single admin tool. For certain workloads, containerisation is often positioned as more efficient than server virtualisation, especially in organisations that are on a cloud-native journey. However, there is a significant footprint of organisations that will remain for the foreseeable future with an IT estate where VMware plays a major role.Nutanix positions containerisation using Kubernetes as a way to enable workloads to run in multiple public clouds, A global survey conducted by Vanson Bourne of 1,500 IT and DevOps/platform engineering decision-makers around the world for Nutanix, which was recently published, reported that more than half of the organisations (54%) have containerised all their applications. According to Nutanix, this is driven in part by cloud-only organisations that are running all their applications in one or more public clouds.Given the changes Broadcom has made to VMware, which has resulted in extra costs for some users who do not want to buy the whole VCF suite, Nutanix sees an opportunity to encourage organisations to start moving virtual servers onto its own platform. Such a migration may simply start with moving VMware virtual machines onto the Nutanix platform, but over time, Nutanix is encouraging its customers to migrate these to its alternative to VMware called AHV.Discussing the turnout at the London Nutanix Next Tour event, Andrew Brinded, executive vice president and chief revenue officer at Nutanix, said : Weve had more non-customers than weve seen at these events before, which is very encouraging.Nutanix regards the situation among VMware customers as a long-term plan. The opportunity presents itself only when businesses have VMware contracts that are about to expire and decide that, given the changes Broadcom has made, it may be time to look at alternative hypervisors.Even within organisations that decide to swap out VMware, Brinded said: It takes a while for them to think about where theyre going to go with and how theyre going to move. Then they have to plan their migration strategy.Brinded said such a migration strategy involves a multi-year project. Nevertheless, Nutanix is keen to showcase customers who are migrating away from VMware to its AHV hypervisor platform.One example is Markerstudy Group, which owns insurance brands including Coop, Gadget Cover, Purely Pets and Auto Windshields. Markerstudy Group has been a long-term Nutanix customer since migrating off legacy hardware, and what is interesting about its VMware migration is that it is occurring in stages. Compliance with financial regulations initially drove the companys initial decision to move from a traditional three-tier datacentre architecture to hyperconverged infrastructure based on Nutanix.To comply with Financial Conduct Authority regulations covering a requirement to have supported IT systems when handling customer transactions, CTO Nick Ovenden said there was a small window of opportunity to move from legacy hardware onto Nutanix. We ended up flipping somewhere in the region of 1,500 to 2,000 virtual machines, he said. This was achieved in just six weeks, moving VMware from the old hardware onto Nutanix hyperconverged infrastructure.The company is now actively migrating these virtual machines onto AHV, the native hypervisor that Nutanix bundles with its hyperconverged infrastructure platform.Looking at the changes that Broadcom made to VMware licensing, Ovenden said: We had always planned to go to AHV but this gave us a mark in the calendar.If the company could achieve a full migration from VMware by the date Broadcoms new licensing measures came into force, he said it would be possible to avoid the price hikes associated with the new VMware licensing.Markerstudy Groups overall strategy is to remove VMware and move over to AHV. However, given that the business has historically expanded through acquisitions, the commercial agreements that exist within the companies Markerstudy Group takes over need to end before the acquired companies can be moved onto AHV. For instance, Markerstudy acquired BGL Group in 2022 and there is currently a project to migrate all of BGL Groups VMware systems onto AHV by August this year.There is little doubt that IT departments will continue to run VMware in their datacentre infrastructure for a very long time. But paying for functionality that is surplus to requirements is costly, which is why there are many VMware customers who want to continue using the product without the full product bundle Broadcom is selling.As Markerstudy Group has demonstrated, it is possible to continue to take a phased approach to migrate away from VMware. The fact that hundreds of people who are not its customers attended Nutanixs London event shows that there is interest in VMware alternatives and IT leaders are likely to replace VMware as contracts expire.Read more articles about VMwareVMware backup Key decision points if you migrate away from VMware: VMwares pricing changes have spurred some organisations to move to new virtualisation environments, but theyll need backing up. We look at the key points to consider.What are the options when migrating from VMware: Broadcoms changes to VMware licensing means some people are facing big price increases we look at how these can be avoided.

hamzeh - stock.adobe.comNewsTech and Global Mobility: The Impact of the New US AdministrationAs the US business community prepares for policy changes under the Trump administration tech companies are focused on the potential impact of new policies on legal immigration under the H-1B visa programmeBy William Diaz, Fragomen LLPPublished: 04 Mar 2025 13:41 Tech companies in the United States are some of the biggest beneficiaries of the H-1B visa program, which allows US companies who cannot find the people with the skills they need in the US to temporarily hire qualified people from overseas including the UK.With limited exceptions the H-1B program is restricted to a total of 85,000 new visas available annually for qualified foreign workers in specialty occupations.One of the final acts of the Biden administration, included a final regulation that made important business-friendly modifications to the H-1B program that went into effect on 17 January 2025.Specifically, the rule revises the definition of the H-1B specialty occupation, strengthens protections for student visa holders awaiting H-1B status, strengthens the US Citizenship and Immigration Services ability to audit employers on-site for immigration compliance, and codifies the agencys longstanding policy of deference to its prior approvals, among other provisions.As the US business community prepares for policy changes under the new administration, the focus for many, especially those in the tech industry, are possible impacts to legal immigration. President Trump has expressed a number of different views related to this visa category, and has show support for H-1B visas in the lead-up to his inauguration.The approach to the H-1B program has varied across different administrations. Historical data indicates that H-1B petition denial rates increased during the first Trump administration, peaking at 24% for initial employment petitions, compared to denial rates as low as 6% in the four years prior. If similar policies are reinstated, denial rates may rise again, making it harder for tech companies to hire qualified people from the UK.Workplace immigration audits may also increase under the new Trump administration. These audits typically involve a review of key aspects of H-1B petitions, including wages and work locations, to ensure compliance with regulations. Employers that hire foreign workers may benefit from conducting internal compliance reviews to prepare for potential future enforcement actions.The H-1B program includes wage requirements that vary based on profession, location and experience. If wage level requirements, increase businesses will need to evaluate the feasibility of hiring for entry-level positions under the program.The first Trump administration imposed travel restrictions against a variety of countries citing security-related grounds. Additional restrictions were introduced following the onset of the COVID-19 pandemic on health-related grounds. The administration offered limited exemptions for employees of industries engaged in support for critical US infrastructure including various tech-related fields.The current Trump administration has indicated plans to impose holds on issuing visas for certain countries as part of broader policy objectives. The degree to which those in the tech field may be exempt from future travel restrictions is unclear but any future exemptions offered would require a determination that the travel is in the US national interest.Should the H-1B programs use become more limited in the coming years, employers should also consider the following alternative US visa options: The O-1 visa is available to those able to demonstrate extraordinary ability in their area of expertise. While the visa category does require a showing that one is at or near the top of their field, the O-1 is not subject to numerical limitations and has proved largely less controversial than the H-1B program. The L-1 intracompany transfer visa type allows for the visa sponsorship of an employee who has at least one year of continuous employment within a corporate group while outside the US. It is a common strategy to park employees outside the US for a year before pursuing the L-1 visa option as an alternative to the numerically limited H-1B program. The E-2 visa is available to a limited set of nationalities (treaty countries), including the UK, while further requiring that the nationality of the visa applicant aligns with the nationality of the ultimate ownership of the US employer (e.g., a company with at least 50% British ownership may deploy a British citizen on the E-2 visa). Provided the nationality requirement is met, the E-2 is an alternative to the H-1B.Given the ongoing policy shifts, companies in the technology sector should explore the full range of available US visa options and consider a multi-jurisdictional approach to workforce management to attract and retain talent under a second Trump administration.William Diaz is a US Immigration Attorney at the global mobility advisers Fragomen.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - IBM: Why smaller AI models unlock value at the edge CW Developer NetworkDigital Disruption, the Future of Work, and the Evolving Role of Print Quocirca InsightsView All Blogs

photka - stock.adobe.comNewsFlash drive prices bump along, as SAS HDDs gain mystery bounceFlash drive prices drop again, but slowly, as they bump along after highs in late 2023. Meanwhile, spinning disk HDD prices experience a rare flutter, with SAS cost per gigabyte rising 18%ByAntony Adshead,Storage EditorPublished: 04 Mar 2025 10:33 Solid-state drive (SSD) prices per gigabyte (GB) dropped over the last two quarters since the beginning of September 2024 while SAS hard disk drive (HDD) prices increased over the same period.Flash drive prices (MLC, TLC and QLC) fell from an average of $0.085/GB to just under $0.079/GB. Thats a 7% decrease.At the same time, SAS spinning disk prices per gigabyte rose from $0.041 to $0.049, a rise of 18%. The reason isnt apparent, but there was a flurry of high-capacity HDD drive launches in 2024, including Western Digitals 32TB (terabyte) shingled drive and Toshibas 24TB and 28TB units.Prior to the recent two quarters, flash drive prices had fallen in the first three quarters of 2024 to $0.085/GB. That was a slide of just above 10% since April and followed price-per-gigabyte highs earlier in the year.Flash prices hit a recent ceiling in late 2023 and the early months of 2024 when drive makers slowed production in an attempt to raise prices and boost profitability. SSD prices per gigabyte reached an average of $0.095 by April 2024, which was a rise of 26.67% since autumn 2023.Many at the time believed SSD prices would achieve even greater highs in 2024, but while production increased, customer demand did not, and prices decreased.Meanwhile, average spinning disk (SAS and SATA) hard drive prices have hardly moved, with a rise since September 2024 from $0.039 to $0.041 now. That, however, masks the 18% increase in SAS drive prices over the same period.The figures here result from exclusive analysis by Computer Weekly that gathers drive prices weekly from Amazon.com that are aggregated byDiskprices.com(see graph). Since March 2023, more than 65,000 drive prices and specs have been amassed, with averages calculated every week for TLC, QLC and MLC/unspecified flash drives, as well asSAS and SATA spinning disk.The analysis uses Diskprices.coms collation of new drive prices that it takes from Amazon.com, with an average of more than 500 disk prices and specifications processed each week. Data is then filtered by flash and spinning disk type and average price per gigabyte calculated for each week.While the analysis is based on Amazon.com prices, which are aimed at consumers and SME customers, the volume of data gathered helps to show trends in drive pricing. We use it here as a proxy for drive prices because of the absence of price data from enterprise drive and storage array makers.Price per gigabyte is a major consideration for customers, but total cost of ownership over a drives lifecycle is also important, with purchase cost, energy usage and maintenance costs key among them.Data gathered covers drives that range in capacity from less than 1TB up to 26TB for HDDs and up to 12TB for SSDs, with an average of 3.8TB per drive offered for sale.SSD costs more per drive to buy than spinning disk, but maintenance costs are often lower. Cloud storage provider Backblaze whichpublishes reliability figuresfor the 300,000-plus drives in its estate found its SSDannual failure rate(AFR) to be 0.9% in mid-2023. Theres been no SSD AFR stats for SSDs from Backblaze since, but for HDDs the figure for 2024, reported in February 2025, was 1.57%.Read more about flash and HDDStorage technology explained flash vs HDD: In this guide, we examine the differences between flash storage and HDD, the rise of NVMe and much denser formats such as QLC, and whether or not flash will vanquish HDD in the all-flash datacentre.Flash prices drop as drive production increases but demand lags: Flash prices were high in the early part of this year as a result of manufacturer production squeezes but have since dropped because demand has been slack, with flash now costing just under $0.10 per gigabyte.In The Current Issue:An action plan for net zero compatible with budget constraintsWhat is Dunelm doing for women in tech?Download Current IssueSLM series - IBM: Why smaller AI models unlock value at the edge CW Developer NetworkDigital Disruption, the Future of Work, and the Evolving Role of Print Quocirca InsightsView All Blogs

Metropolitan Police concern puts brakes on Post Office Horizon data migration

Three months into 2025, it has already been an eventful year for artificial intelligence (AI). The Trump administration announced half a trillion dollars of investment into the sector, while Chinas DeepSeek almost tore it all down, surprising everyone with a low-cost generative AI (GenAI) model.Meanwhile, the recent AI Summit held in Paris saw lines being drawn on regulation between Europe and the UK.Given the circumstances, it's understandable that some have overlooked the UK government's AI Action Plan. It was launched in January by Keir Starmer at Queen Elizabeth Olympic Park, setting out 50 measures aimed at making the UK an irresistible destination for AI firms. With over 14bn committed to the plan, the government wants to position the UK as a global leader in the adoption of artificial intelligence.The potential rewards are vast and well documented. The International Monetary Fund estimates that if AI is fully embraced, it could boost UK productivity by as much as 1.5 percentage points per year. These gains could contribute up to 47bn annually to the UK economy over the next decade.However, a major challenge looms - time. More specifically, the time needed to effectively integrate AI into our infrastructure and businesses. According to Global Data, the AI market is projected to surpass $1tn by 2030, with AI embedded in every organisation. But will that be the case? The recent decision to delay the UKs AI Bill, set for March, by six months to align with the incoming US administration exemplifies this best - a missed opportunity.Businesses thrive on stability and clear regulatory frameworks - postponing legislation undermines confidence at a critical moment and could deter investment and adoption of the technology. The UK cannot afford to rely on broad commitments without tangible specifics.Despite the ambitious goals of the UKs AI Action Plan, questions arise around the specifics of the plan, and whether they will enable widespread adoption. Sectors such as manufacturing, healthcare, and finance have already begun integrating AI, yet the same cannot be said for other industries. With fewer than 30% of workers currently engaging with AI in their roles, the UK must accelerate its efforts to drive AI adoption at scale.The UK should go beyond mirroring US ambitions for big tech dominance. The real opportunity lies in the adoption of AI. To remain competitive, businesses will have to embrace AI as a fundamental tool for long-term success. The UK risks an AI divide - where large corporations capitalise on AIs potential while smaller businesses miss out Gavin Poole, Here EastInvesting in skills development, fostering cross-functional collaboration across the public and private sectors, and creating AI-friendly policies will be crucial in ensuring that companies of all sizes can benefit from AI innovations. Without these initiatives, the UK risks an AI divide - where large corporations capitalise on AIs potential while smaller businesses miss out.The UK should therefore prioritise the integration of frontier technologies, like AI, into its key sectors, where it can create palpable long-term growth through practical AI implementation.At our innovation campus, Here East, were speaking with leaders in AI and wider frontier technology about how we leverage the UKs existing tech strengths to drive economic growth - precisely the kind of conversation that must shape national AI policy.The governments delay in AI regulation reflects a strategic effort to align with the US, but it risks creating uncertainty in the UK. While international collaboration on AI policy is important, clear and timely domestic regulation is necessary to maintain the UKs competitive edge. Businesses need confidence in the regulatory environment to invest, innovate, and scale AI-driven solutions.AI adoption must also be grounded in sustainability and ethics.Thriving in the GenAI era requires a robust framework that respects creative freedom, ensures privacy, and fosters trust. The government continuing to deliberate, seen with the recent issues surrounding AI and copyrighting in the creative sector, will not help solve this issue.The UK has an opportunity to lead in responsible AI implementation, balancing innovation with safeguards that protect consumers and businesses alike. Collaboration between policymakers, businesses, and universities is therefore essential to fostering AI adoption that is both ambitious and sustainable.Economic projections reinforce the urgency of decisive action. AI has the potential to drive significant productivity gains, but without a clear regulatory framework, these benefits may not be fully realised. The UK must ensure that AI regulations do not stifle growth but instead create an environment where businesses can thrive while adhering to ethical and legal standards.AI has the potential to deeply embed itself across our world-beating industries and help drive a fundamental shift in UK productivity. The latest ONS UK productivity figures paint a concerning picture - only three out of 18 industries saw productivity gains, while key sectors such as retail, energy, and healthcare experienced declines of over 4%.British workers have consistently lagged behind their counterparts in other advanced economies in terms of productivity, turning what was once a long-term concern into an urgent crisis. Without intervention, this "quicksand" problem could derail the UKs broader economic growth.To combat this, the UK must proactively invest in frontier-focused education, workforce development, and AI-driven productivity enhancements to capitalise on this transformation. As new technologies such as AI agents transform our day-to-day, reskilling workers and ensuring a smooth transition for those affected by AI-driven changes will be paramount.AI alone will not solve the UKs productivity challenges. Businesses need more than broad promises - they require tangible incentives and clear guidance on AI adoption. AI-powered tools, such as automated CV screening, mean little if they do not translate into genuine productivity gains. Without decisive action, the UK risks an AI adoption gap, where only well-resourced firms reap the benefits, leaving smaller businesses behind.The UK must shift its focus from simply keeping pace with AI investments in the US and China to leading in AI adoption and application. Rather than chasing capital-heavy AI development projects dominated by larger economies, the UK should capitalise on its unique strengths - research excellence, a strong startup ecosystem, and a history of innovation.The government has laid out a promising foundation in a turbulent time for artificial intelligence. However, if it truly wants to make the UK an AI powerhouse, it must deliver at speed. The window of opportunity is open - but it will not remain so indefinitely.Read more about the UK government's AI plansGovernment opens up bidding for AI growth zones - As part of its AI opportunities action plan, the government is encouraging local authorities to put in bids for AI growth zones.UK government unveils AI-fuelled industrial strategy - Labour plans to implement the 50 recommendations set out by entrepreneur Matt Clifford to boost the use of AI in the UK.Government funding to help businesses discover AI value - The government is betting the bank on the power of artificial intelligence to fix the public sector, mend roads and boost the UK economy.

weerapat1003 - stock.adobe.comNewsCMA urged to expedite proposed targeted interventions against AWS and MicrosoftAWS has doubled-down on its claim that subjecting it to targeted curbs to bolster competition in the UK cloud market is an unwarranted step, while its rivals call on the CMA to speed up the processByCaroline Donnelly,Senior Editor, UKPublished: 03 Mar 2025 14:30 Amazon Web Services (AWS) has hit out at the UK competition watchdog for presenting no credible evidence to support its claims the public cloud giants anti-competitive behaviour is harming how the domestic cloud infrastructure market operates.The Competition and Markets Authoritys (CMA) published the provisional findings from its multi-year antitrust investigation into the inner workings of the UKs cloud infrastructure market in late January. And the CMA has now published the responses it has received from AWS, Microsoft, Google and several other market stakeholders.As previously reported by Computer Weekly, the CMAs provisional findings indicated that it could introduce targeted interventions against AWS and Microsoft so they are subject to controls to curb behaviours the CMA claims are contributing to making the UK cloud services market uncompetitive.This would involve the CMA calling on powers conferred on it through the roll-out of the Digital Markets, Competition and Consumers Act 2024 on 1 January 2025 to mark AWS and Microsoft out as suppliers with strategic market status.This would mean the CMA could impose legally binding conduct requirements or pro-competition interventions on both firms to limit and remedy the toll their activities have allegedly had on the market.At the time, AWS described the prospect of finding itself on the receiving end of targeted interventions as not warranted and has now expanded further on its reasons for feeling that way in a 30-page written response that states the CMAs provisional findings present no credible evidence to support some of its claims.Specifically, AWS said there is no interoperability issues or technical barriers preventing cloud users from switching providers, or from making use of multicloud setups, and the CMAs report has not identified any specific interoperability concerns in respect of any AWS services either.There is no interoperability problem in cloud services, and the provisional decision report presents no evidence to support its concerns either, said AWS, in its response.It also claimed data transfer fees do not hinder switching and multiclouding and that again, the PDR [provisional decision report] presents no credible evidence in supports of its concerns.AWS said it welcomed the part of the CMAs provisional decision report that acknowledged competition in the cloud services market enables innovation, investment and improved productivity among all customers for the benefit of people, businesses and the UK economy.However, AWS went on to state that the reports contents fails to reflect this reality by recommending unwarranted intervention applicable to only two players in one of the most competitive, well-functioning and fast-growing sectors of the UK economy. Its proposed interventions risk damaging the UK economys broader prospects for growth, innovation and productivity.Microsoft was similarly scathing in its 101-page response to the CMAs provisional findings, and said it should come as no surprise that we disagree with substantial portions of the report, and claims it needs deep revision.This is because, in Microsofts view, the CMA is focusing on issues that are largely peripheral to cloud computing competition today, which include egress fees, interoperability issues and Microsofts licensing tactics.It is hard to see how intervention in these three areas will meaningfully boost competition in cloud computing, said Microsoft. There is a real danger that intervening in the market based on [the CMAs] misunderstanding will backfire, leaving the UK with the opposite of the CMAs goal of a healthy, well-functioning market, rich in growth and investment.In contrast, the Google Cloud team said it was broadly supportive of what the CMA had initially concluded in its report, and stated the CMAs findings are further reinforced by customer feedback, analyst reports and the CMAs profitability assessments.No credible evidence in relation to the structure of the market and the market positions enjoyed by AWS and Microsoft has been put forward that contradicts these provisional findings, said Google.It added: The extensive data and evidence gathered as part of this CMA market investigation and the preceding Ofcom market study provides a clear and compelling evidence basis for the Digital Markets Unit to conclude quickly that AWS and Microsoft have strategic market status in the cloud infrastructure market.This is a sentiment echoed in the response of the pro-cloud market competition lobbying body, the Open Cloud Coalition, who further called for an acceleration in the time taken to confer SMS status on both Amazon and Microsoft.The CMA should work to accelerate the DMU process and explore interim measures or clear guidance to ensure public sector procurement authorities actively consider the anti-competitive impact of restrictive software licensing and excessive egress fees when awarding contracts, said the OCC.The CMA cannot impose conduct requirements until an SMS designation is in place, [but] it can take steps to ensure that regulatory intervention is as swift and effective as possible. Proactive measures are needed to prevent further entrenchment of restrictive licensing practices while the DMU process is ongoing.Read more about competition in the cloud marketMicrosofts claims that the newly formed Open Cloud Coalition is not all it seems, and merely a front for Google Cloud to mislead competition authorities over the state of the public cloud market, are being challengedThe Competition and Markets Authority (CMA) has appointed former Amazon UK boss, Doug Gurr, to chair its board on an interim basis, as the deadline for the organisation to publish the provisional findings from its long-running investigation into the UK cloud market nears.In The Current Issue:An action plan for net zero compatible with budget constraintsWhat is Dunelm doing for women in tech?Download Current IssueSLM series - IBM: Why smaller AI models unlock value at the edge CW Developer NetworkDigital Disruption, the Future of Work, and the Evolving Role of Print Quocirca InsightsView All Blogs

Podcast: S4Capitals Martin Sorrell on AI and the enterprise

The European fintech and banking industry must not follow Trumps US in cancelling workforce equality programmes and must instead continue to enforce diversity, equity and inclusion (DEI), according to Wincie Wong, co-founder of Tech She Can.During a session on women in fintech at Finovate Europe last week, Wang reflected on the direction of travel in the US, where President Donald Trump is pushing for workforce diversity programmes to be terminated.On regaining the US presidency, Trump called for an end to DEI programmes, which he described as dangerous, demeaning and immoral. Businesses in the US, including internet giant Meta, are closing DEI programmes as a result.But fintech businesses in Europe and the UK will gain an advantage if they stick to the diversity programmes they have in place, according to Wong.This is a major issue, as many major banks, mainly in the US, are responding directly to the president. I am an American and this is an issue I am paying very close attention to.She said the companies cancelling programmes were probably not committed to them in the first place and just saw them as a box-ticking exercise rather than a way to increase productivity.Those companies that get it understand its about creating pathways for people who couldnt always demonstrate their intelligence and thoughts. We know that, in the UK, if we close the gender skills gap, we can add billions of pounds to the economy.She told Computer Weekly: Europe has already made a clear stance that it doesnt want to follow this line of thought. I think its very positive in Europe.The former head of workforce technical capability Digital X at NatWest said Europe can take a different approach and gain an advantage.D&I when done correctly, embraced intentionally, yields better innovation and better products. It has been proven over and over again. Continuing to take a stand on it, to enforce all the policies we have in the EU and UK, can only be positive for productivity.She said Europe has taken a different path to data protection and artificial intelligence regulation and has, as a result, been ahead of the game.Maria Scott, founder and CEO ofTaina Technology, which helps financial services companies meet their tax regulatory requirements through automation technology, said: It has been proven beyond any doubt that more diverse organisations and boards create more value and contribute to a safer, moreinclusive world for all. The data is clear on this.She added that she hopes modern society will not allow such a step backwards into the dark ages and risk losing all the progress made in making organisations more inclusive and fairer.Clearly, everything has to be done on the merits and not as a box-ticking exercise. Anything that is done purely for box-ticking or reporting is pointless to begin with and will fizzle out eventually, said Scott. This is about substantive inclusion and fairness. It is about recognising our biases, promoting role models, changing mindsets for the sake of a happier, more inclusive and fairer world for our children.There have also been worrying signs recently that women are discriminated against when it comes to seeking investment in their fintech startups. A survey by industry body Innovate Finance found that women behind fintechs still face discrimination when seeking investment, despite the issue having been an industry talking point for years.Innovate Finances numbers unearthed the worrying detail that investment in fintechs led by women dropped by twice as much as the UK average in 2024. It reported that women-led fintechs experienced a sharp decline in investment of 78%, more than double the 37% market-wide fall, which it said underscores the need for more inclusive funding practices.Total investment in fintechs founded by women, according to Innovate Finance, was just under 100m, about 3.3% of the total.Read more about women in fintech

September 2020: An affiliate of the ransomware company REvil reveals the details of a cyber attack he carried out a few months earlier against the French company Elior. At the time, ransomware was already a significant threat, but nowhere near the scale it was about to take on. It was at this time, however, that journalists at Computer Weeklys French sister site, LeMagIT, began to monitor developments on a monthly basis.Some of the major players in this threat who are active today were already active at that time. The following account sheds new light on how they are likely to profit from their gains, as well as the level of protection they can claim - rightly or wrongly - to escape justice.On Friday 21 June 2024, on American Street in Yerevan, the adventure is about to take an unexpected turn for the man who appears to be one of them.Oleg Nefedov was arrested by the local police at 11am on the street in the Armenian capital that leads to the US embassy and runs alongside the river Hrazdan.At 1.30pm the next day, the public prosecutor requested that he be remanded in custody. In the meantime, Armenia had obtained and had translated the documents required for his extradition. He was the subject of an Interpol Red Notice - which was not made public.The hearing is scheduled for Monday 24 June at 10am. Sufficient, in theory. The Armenian media site 168.am, which reported the events, explains that the decision to remand him in custody must be made within 72 hours of the arrest - before 11am on 24 June. But the deadline was missed, for reasons that were not specified. At 4pm, Oleg Nefedov was released. The Prosecutor General's Office confirmed the facts in a press release dated 20 September.The news passed almost unnoticed. On 16 December 2024, a source contacted LeMagIT. He was positive that the man who used the pseudonym Tramp - a former member of the late Conti and one of the leaders of the Black Basta ransomware gang - was the same Oleg Nefedov who had been arrested in Yerevan at the end of the previous June: "I also know Tramp under the name Oleg Y. Nefedov", he says, adding that he used to work with him."He has the best protection in Russia. He has friends in the security services. He even pays the FSB and the GRU", this source explains. These are the Russian intelligence services. "Nobody has that kind of money or that level of security anymore," the source added.This is indeed what Tramp, also known by the pseudonyms AA and GG, told one of his partners, dd, on 14 November 2022: "I have guys from Lubyanka [FSB headquarters in Moscow] and the GRU, I've been feeding them for a long time," according to a log of private exchanges that probably took place on the encrypted messaging service Tox. These exchanges were provided to LeMagIT on 30 December 2024, as well as to colleagues at German magazine Der Spiegel (see image, below).LeMagITBut is Tramp really Oleg? Other sources have said so, on condition of anonymity. There is plenty of evidence to support these assertions.An analysis of the activity associated with the pseudonym GG in exchanges on the Matrix instance of Black Basta is troubling - it shows a total absence of activity from 21 June 2024 to 2 July inclusive.When Tramp came back online on 3 July, he said he had a new computer and had changed his Telegram account. He explained that he had lost his previous computer, "and not just that. It's a long story", he says: "it's been difficult in real life. I don't know where to start..."But, as researcher and human intelligence specialist Liontamer pointed out, Tramp confided in gang member Chuck, whom he had known for "so many years", a few hours later: "The cops caught me". He mentions a reward for "information on TR [potentially Trickbot, but the pseudonym Tramp has also been openly designated by the American justice system]. 10 million". He goes on to say that he had seen his file, "but they didn't show me everything". He had to be extradited.LeMagITThe same day, Chuck says he wants a holiday: "Don't go anywhere. Stay at home", Tramp advises him. Chuck says he has booked tickets to Kaliningrad. Tramp insists: "We have to protect everyone now". Chuck finally gives up his plans: "I'm cancelling; I'm going to Karelia". Tramp explains that he has seen all the pseudonyms of the members of Black Basta in the file presented to him.He says he benefited from very high-level protection, "at the level of our number 1": "I managed to call. I just asked for a pass. They immediately took off for me".Any further details? "I can't say anything about how I got out and who helped. But I've been told that the number 1 knows me and that, without his agreement, they wouldn't have done anything," assures Tramp. Chuck then asked: "Putin, right?" Tramp would say no more.A.Savin - travail personnel, CC BY-SA 3.0On 7 July, however, he became more talkative, indicating that his phone had been seized. He said that an unspecified "they" had "total access to Apple. They are connected to the whole planet. They know everything". As a result, "Apple is dead. [...] We have to clean everything up over there".But Chuck is worried: someone has told him that he is wanted by the US law enforcement agencies. Someone he pays every month to protect him in case the FSB come looking for him. He fears that the Russian services will "start to extort [them] or force [them] to work for them, in exchange for protection". He may have a point.On 16 September 2024, YY called Tramp. In doing so, he revealed an alias under which he was known for his activities with the late Conti: "Hi Tramp, it's bio. I've been released, sorry I couldn't warn you. The masked raiders nearly broke every bone in my body when they came in, but luckily I had time to disconnect from the server.LeMagITAccording to him, it was a cryptocurrency exchange that betrayed him: "They couldn't find anything other than my last three transactions (around 3 btc). In short, they kept me in pre-trial detention and then released me. For the time being, I feel I'm being watched, so I'm keeping a low profile. It's a shame they confiscated the car and seized the house [...], but I hope to get them back soon.Bio will then request several payments of a few hundred dollars from Tramp. On 10 November 2024, he will consolidate 20 bitcoins at Kraken.Oleg will shortly be celebrating his 35th birthday. He comes from Iochkar-Ola, a town of over 260,000 inhabitants 850km east of Moscow and 60km from the Volga, capital of the Mari Republic.Alexxx1979 - travail personnel, CC BY-SA 4.0He appears to have long had a keen interest in cryptocurrencies. An account on btc-e.com has been associated with him. This foreign exchange service suffered a data breach in 2014.In 2017, he worked at Bitsoft, which then presented itself as "the largest Russian company in the field of cloud-mining of Ethereum, Litecoin, and Zcash". He registered several domain names, including one in July 2017. LeMagIT tracked them down using historical Whois data and a phone number. The address? Iochkar-Ola.From this data, LeMagIT also found a telephone number that was, for a time, directly linked to the name Mr Tramp in TrueCaller, but also listed elsewhere as Oleg Nefedov, as well as the address associated with his Apple iCloud account.Oleg declares income from Bitsoft until 2021. Over the period, this income is hardly impressive: 60,000 roubles in 2017 and 2018, or around 900 a year. It's a little better in 2019, with more than 261,000 roubles, or around 3,600 at the average exchange rate for that year. After that, he will receive income from Polis, a company that will be wound up at the end of 2023. Bitsoft will suffer the same fate in August 2024.DAIMLER AGThat didn't stop him from driving a BMW X6 M50D in 2019. In 2021, he was caught speeding in a Mercedes AMG S63 4MATIC - more than 60km/h over the limit. He also drove a Porsche Macan.In early 2024, he had the papers replaced on his Mercedes V-class van. At that time, he also had a Mercedes GLE 400 D 4MATIC. A few months earlier, he had the address changed for his G-Class AMG G63 SUV.Since at least 2022, Oleg has been investing in top-of-the-range lounges under a brand in which it owns a share of the intellectual property. The brand is present all over the world, from Dubai and Abu Dhabi to Baku, Moscow and Bali. At the end of August 2024, he founded a charity called Rodina - Motherland in Russian.According to LeMagIT analysis, Tramp has at least 20 bitcoins to his name and controlled at least 2,000 in January 2023 - half a surprise. In autumn 2021, LeMagIT had tracked the millions of dollars in ransomware payments obtained by Conti over the preceding months. In November 2023, Elliptic and Corvus Insurance estimated that Black Basta had done no worse, collecting more than $100m in ransom payments in almost two years of activity.In France, Black Basta attacked Oralia in April 2022, followed by H-Tube, Villa Florek, Envea, Dupont Restauration and Baccarat. In all, more than 520 victims of Black Basta are publicly known, compared with more than 350 for Conti.In the exchanges provided at the end of December last year, Tramp was asked twice to make payments in bitcoins. At least one of the payments came from an address known to be controlled by Tramp.But Tramp, who is also known by the pseudonym "p1ja", didn't arrive in the world of ransomware with the appearance of Conti, the cyber-extortion business that fell apart in 2022, shortly after Russia invaded Ukraine.According to LeMagITs information, he has been involved in such activities for much longer. In extracts from private discussions between Tramp and ssd, in November 2022, there is a reference to a Windows system name: WIN-7PV24JSN83C.Red Hot Cyber noted this machine name in August 2022. LeMagIT observed it for 28 victims claiming to be LockBit - 2.0 and 3.0 - throughout that same year. Presumably corresponding to a hosted virtual machine, this name was not very widespread at the time - in August 2022, the specialist search engine Shodan counted around 200 occurrences, including more than 190 on IP addresses geolocated in Russia.And that's not all. Whether in the exchanges disclosed in February 2025 or in those sent at the end of December 2024, Tramp appears to regularly use the password 123123 to protect files that are relatively insensitive or only temporarily available. And it's pretty much the only one.LeMagIT observed this behaviour in two negotiations under the REvil banner at the beginning of 2021, then two more under the Conti brand a few months later. Prior to this, the Crysis 3 source code leaked by Egregor in 2020 had been in an archive protected by the same password.LeMagITIn May 2021, on one of the forums well known to be frequented by cyber criminals, p1ja requested arbitration for a dispute with another user: "I'm a pentester and I worked with the REvil affiliate programme". His access to the negotiation interface with his victims had just been withdrawn.On this same forum, Tramp was also active under the pseudonym "washingt0n32". He registered there in August 2020. At the time he claimed to have "more than 10 years" experience in penetration testing.LeMagIT and Der Spiegel jointly sought comment from Oleg Nefedov, without success. The Black Basta website and trading interface have been inaccessible for almost two weeks at the time of publication. According to corroborating sources, some members of the group have already moved on to Akira and Cactus, among others.BackstageIn December 2024, LeMagIT and Hakan Tanriverdi of Der Spiegel and Paper trail media were approached by an individual claiming to have information about Tramp. Since then, the editorial team has been in close contact with Hakan Tanriverdi and Hannes Munzinger, sharing and cross-checking the results of its research. On numerous occasions, LeMagIT was able to confirm that the same information had been entrusted to its journalists.To date, there is no indication that the individual who put LeMagIT on the trail of Oleg Nefedov is the same person who leaked internal conversations to Black Basta at the beginning of February, known under the pseudonym ExploitWhispers.

France is proposing a law to require encrypted messaging applications including Signal and WhatsApp and encrypted email services such as Protonmail to provide law enforcement with decrypted data on request.An amendment to Frances proposed Narcotraffic bill, which is passing through the National Assembly in the French Parliament, will require tech companies to hand over decrypted chat messages of suspected criminals within 72 hours.The law, which aims to provide French law enforcement with stronger powers to combat drug trafficking, has raised concerns among tech companies and civil society groups that it will lead to the creation of back doors in encrypted services that will be exploited by cyber criminals and hostile nation states.Individuals that fail to comply face fines of Euro 1.5 million while companies risk fines of up 2% of their annual world turnover if they fail to hand over encrypted communications demanded by French law enforcement.Back doors would be exploited by criminalsMatthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said that it was not possible to introduce back doors into encrypted services without fundamentally weakening their security.A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can and will be exploited by cybercriminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone, he said.Matthew Hodgeson, CEO of Element, a secure communications platform used by governments, said that the company was concerned that the French proposals were not technically feasible without fundamentally weakening the security of messaging and email services.We are deeply concerned by yet another potential attack on encryption, he said. Like the Online Safety Act in the UK, this French proposal shows a deep misunderstanding of what is technically possible in end-to-end encrypted systems, he said.We will keep repeating ourselves until the message sticks - there are no safe backdoors into encrypted services, he added.France led international police operations against encrypted phonesFrance has played a key role in hacking dedicated encrypted messaging services used by drug traffickers, including EncroChat, Sky ECC, and Anom, resulting in the arrests of thousands of people worldwide suspected of drugs trafficking and money laundering.But opponents of the French law argue that breaking an encryption application that is allegedly designed for use by criminals is very different from breaking the encryption of chat apps, such as WhatsApp and Signal, and encrypted emails used by billions of people for non-criminal communications.We do not see any evidence that the French proposal is necessary or proportional. To the contrary, any backdoor will sooner or later be exploited, it is only a matter of time, said Pfau.French senators, tienne Blanc and Jrme Durain, first tabled the proposed law, entitled Getting France out of the drug trafficking trap in January 2024. The bill has passed its first reading, and is due to be considered in Committee on 4 March 2025 and by the Chamber of the National Assembly on 17 March 2025.The amendment establishes an obligation for platforms to implement the necessary technical measures to allow intelligence services to access the intelligible content of correspondence and data transiting through them.It requires French intelligence agencies to consult with Frances National Oversight Commission for Intelligence-Gathering Techniques (CNTR) - an independent body that has parallels with the UKs Investigatory Powers Commissioners Office (IPCO) - to obtain authorisations to demand clear-text versions of encrypted messages from tech companies.Law permits police use of spywareThe law also permits the use of spyware such as NSO Groups Pegasus or Paragon to allow police to remotely activate microphones and cameras of mobile phones and computers, according to an analysis by the civil society group, La Quadrature Du Net.It also extends the scope of algorithms, known as black boxes, which collect data on communications over the internet with the intention of identifying people suspected of criminal activity to authorise the collection of data for combating crime and organised crime.Police will also have powers to censor or restrict access to web sites and content relating to drug trafficking reported by members of the public through the Pharos reporting system, if the material is considered illegal, without the intervention of a judge.The move has raised concerns from human rights groups that shared memes or jokes about drugs, or excerpts of films could be wrongly blocked.French law in conflict with EU and German privacy lawsTuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT security Act and Germanys Telecommunications Act (TKG) which require companies to secure their customers data.If France goes ahead with its proposals Tuta Mail, which provides services in both France and Germany, would be forced to choose between complying with French or German law.German laws like the IT Security Act and the TKG [Telecommunications Act] force us to protect data and mandate that IT systems must not be altered in a way that the security is weakened just for access by law enforcement. We at Tuta will not comply with any law requiring a backdoor, but German law also prohibits us from doing so, says Pfau.The European Data Protection Supervisor has clearly stated that any new measure restricting encryption must pass the test of necessity and proportionality, based on substantiated evidence. We do not see any evidence that the French proposal is necessary or proportional, he added.La Quadrature du Net, a non profit organisation that defends peoples rights and freedoms on the net, has urged politicians to reject the amendment when it is discussed in the National Assembly in March.The group said in a blog post in January that civil society groups, cryptography experts and the French Cyber Security Agency ANSSI, have been warning for years that accessing encrypted communications is not only technically impossible but contravenes digital security requirements.End-to-end encryption is designed so that companies themselves do not have access to messages. Introducing access (a "backdoor") would weaken the level of protection of all communications and this is not provided for anywhere in the world, it said.The Observatory of Liberties and Digital Technology (OLN), a coalition representing, the French lawyers union, the magistrates union, and human rights groups, has also called for parliamentarians to reject the bill.It has raised concerns that the bill prevents information about surveillance operations from being disclosed to defendants, making it impossible for them to challengeThe persons prosecuted would thus no longer have any way of knowing or contesting when and how they were monitored, including therefore, in the event of potential abuse by the investigation services, it said.Amendment to French law will allow access to encrypted messages and emailDrug trafficking networks, terrorist groups and, beyond that, all criminal organisations are taking advantage of the widespread use of encrypted messaging and the difficulties for intelligence services to access the information exchanged on these platforms.This amendment establishes an obligation for platforms to implement the necessary technical measures to allow intelligence services to access the intelligible content of correspondence and data transiting through them. This access would be limited to correspondence and data that have been the subject of specific authorization to implement intelligence gathering techniques, after consulting the Intelligence Techniques Control Commission( CNCTR).To ensure compliance with these cooperation requirements, it is proposed to strengthen the criminal sanctions applicable to individuals and legal entities who refuse to fulfil their obligations: a fine of EUR 1.5 million for individuals who habitually commit these offences and a fine of up to 2% of annual global turnover excluding tax for legal entities in the same situation.Read the full amendment here

.shock - stock.adobe.comNewsMajor UK banks hit by payday digital banking problems againA month after Barclays suffered online banking problems, customers at multiple banks report further issuesByKarl Flinders,Chief reporter and senior editor EMEAPublished: 28 Feb 2025 11:30 Customers of multiple banks have reported problems banking online, as they struggle to access services on payday for the second month running.The problems came two days after MPs were due to receive details of how IT failures have affected banks over the past two years.At the end of January, customers of Barclays Bank were left unable to access app and online banking services following a major IT outage that lasted three days.The latest problems, yet again on payday, have hit Lloyds Bank, Nationwide, TSB and Halifax, according to outage monitoring organisation Downdetector.One senior banking IT professional, who asked to remain anonymous, said that if a number of banks experience problems at the same time it points to a relating factor.If its lots of banks, it makes me think theres a common denominator like theyre using a supplier or software thats shared by multiple banks, because it would be coincidental for several of them to go down on the same day, he said.Further pointing to a potential problem with external IT, he added that in his experience, banks try to avoid making IT changes at the end of the month.End of the month is normally a time banks avoid making changes, he said. For example, financing departments inside the banks do not like the risk of chaos at an unprecedented end of the month because theyre month-end accounting and dont want technology problems.Read more about banking IT outagesIn contrast, he said the problems at Barclays pointed to something related to an internal change.The problems come just days after a deadline set by MPs on the Treasury Committee for UK bank bosses to provide information on the scale and impact of IT failures over the past two years.The questions set by MPs for Barclays included what caused the latest outage and how it affected customers, as well as how the bank intended to prevent such a failure from happening again.The other eight bank bosses were asked to provide an overview of the number of instances and amount of time in total services have been unavailable to customers due to IT failure over the past two years, how many customers have been affected, the amount of compensation that has been paid to their customers, and a description of the reason for the failures. You canread the letters to the bank CEOs here.Following the Barclays problems, Treasury Committee chair Meg Hillier, MP said: When a banks IT system goes down, it can be a real problem for our constituents, who were relying on accessing certain services so they can buy food or pay bills. For it to happen at a major bank such as Barclays at such a crucial time of year is either bad luck or bad planning. Either way, its important to learn what has happened and what will be done about it.She added that theclosure of high street branches in favour of online banking means bank crashes hit customers harder. The rapidly declining number of high street bank branches makes the impact of IT outages even more painful; thats why Ive decided to write to some of our biggest banks and building societies, said Hillier.In The Current Issue:An action plan for net zero compatible with budget constraintsWhat is Dunelm doing for women in tech?Download Current IssueF5 AppWorld 2025: Day #2 keynote & live show report CW Developer NetworkF5 details multi-Terabit VELOS hardware to power AI workloads CW Developer NetworkView All Blogs

The Post Office has made its first official apology to subpostmasters who used its faulty Capture accounting software and were blamed and punished for unexplained shortfalls.Ken Tooby received a letter from a senior executive who apologised sincerely and unreservedly" on behalf of the Post Office for failings and impact on Toobys late wife June, who spent years challenging the Post Office over alleged shortfalls in the accounts at her branch in the north-east of England.June Tooby, who died in 2020, was relentlessly pursued by the Post Office and never revealed to her husband the amount of pressure she was under.In the letter, Simon Recaldin, remediation unit director at the Post Office wrote: It is clear through the efforts of former postmasters and their families that there were significant failings at Post Office relating to Capture. We are truly sorry for these failings and their impact on all concerned, including your late wife, June."We deeply regret that June was not able to receive this apology herself, see these issues recognised alongside the Horizon scandal, denied the opportunity to see the truth uncovered, for justice to prevail and see her good name restored."Tooby was sued by the Post Office for more than 55,000 and taken to court in 2003, following unexplained shortfalls in branch accounts. She was declared bankrupt.Last year, an independent investigation was commissioned into Capture, which found there was a "reasonable likelihood" it had caused shortfalls in branch accounts, which ruined lives.The apology comes after campaigning by former Capture users who, until the ITV dramatisation of the Post Office Horizon scandal in January last year, had been in the dark over how IT errors could cause losses they were blamed and punished for.ThePost Office scandal was firstexposed by Computer Weekly in 2009. Thousands of subpostmasters were wrongly blamed and even prosecuted for unexplained accounting shortfalls caused by the error-prone Horizon IT system, which was implemented several years after Capture had been introduced.After years of campaigning, subpostmasters who had suffered as a result of errors in Horizon were finally put at the centre of national debate when the ITV drama Mr Bates vs the Post Office brought their stories to wider public attention.In the same month, Kevan Jones, an MP at the time who now sits in the House of Lords, highlighted evidence of injustices caused by the Capture computer system used by some Post Office branches prior to the introduction of Horizon.Jones had visited a subpostmaster who he thought may be a victim of Horizon, but when he realised the dates involved, it became clear another system could be at fault.Since the drama put the scandal at the centre of debate, successive governments have been forced to act. In May 2024, the former Conservative government introduced legislation to exonerateabout 900 former Horizon users who were convicted based on evidence from Fujitsus faulty system.Now the Criminal Cases Review Commission (CCRC) is reviewing 21 cases of potential wrongful conviction, put forward by law firm Hudgell Solicitors, where the Capture IT system could be a factor. This is an increase from 17 just weeks ago and from five in November last year.Capture was a PC-based applicationdeveloped by the Post Officeand uploaded onto a personal computer to carry out branch accounts. The software was a standalone system, unlike Horizon, which is a complex, networked system connected to centralised services.Thousands of subpostmasters used Capture and there are more and more cases coming to light with glaring similarities to those related to Horizon.A Kent subpostmistress who was convicted of theft from her branch in the 1990s is one of a new wave whose families are fighting to clear their names.Patricia Owen, who was convicted in 1998 of theft from her Post Office branch in Canterbury over a shortfall of 6,000, is one of the 21 cases Hudgell has put forward to the CCRC.Owen, who died in 2003, denied the charges against her but was found guilty on five counts of theft. She received a six-month prison sentence, suspended for two years.Owens daughter, Juliet, said her mother never recovered from the sentence:It destroyed my mum. Her world came to an end when she lost her Post Office and was prosecuted. It was awful, she said."One day I remember them sitting us down and telling us that mum was being prosecuted and that they had to go to court. We managed to get an independent computer expert to look over everything and he said there were malfunctions with the software, so we were hopeful ahead of the court case. The expert didnt turn up on the day, and we never found out why.Peter Lloyd-Holt, who died aged 75 in 2021, was sacked in 1994 from his role as a subpostmaster in Bolton after accounts at his branch showed unexplained shortfalls.His wife Agnes, who worked as an investigator for the Department of Work and Pensions at the time he was sacked, said life was never the same again: That was the beginning of the end. He was interviewed under caution without representation. I was contacted but not allowed to attend, she said.He was eventually told in March 1995 that he wasnt going to be prosecuted, but he was still held responsible for the shortfalls and we were made to pay back a considerable sum.I had to work overtime to pay the mortgage and to pay back what the Post Office alleged we owed them, and that meant we suffered financial hardship as there had to be cutbacks, she added.Lloyd-Holt's son, Paul, said: What happened to my father destroyed him. When my dad was interviewed he submitted all his documentation and evidence to clear his name, ledgers and dockets and spreadsheets, but they were never returned, so there is little evidence available to us to clear his name.Any evidence like bank statements have been lost over time, so we need the support of the solicitors to do this. He never could move on though, it always cast a shadow over his life, and our lives as a family. Now, were in a position where we only have our own memories, and we are having to contact many organisations and bodies to see what extra evidence we can uncover.The Post Office Horizon scandal wasfirst exposed by Computer Weekly in 2009, revealing the stories of seven subpostmasters and the problems they suffered due to accounting software (see below timeline of all Computer Weekly articles about the Horizon scandal, since 2009).Timeline of how Capture controversy has unravelled since Horizon scandal dramatization

Frontline and backend NHS staff alike all understand the role they have to play in protecting Britains health service from cyber threats, but only a minority believe that current safeguarding measures are sufficient, according to BT research that sheds light on cyber concerns, legacy system risks and training gaps across the NHS.BT, which works with over 200 NHS trusts around the country, polled both health service workers and members of the public.In the wake of several high-profile cyber attacks againstNHS targets andsuppliers, its study uncovered strong public awareness of how critical appropriate security measures are to keep the health service running, but also found that 60% of the public are concerned that critical systems could be disrupted or disabled, and 56% are concerned about their private medical data being exposed by malicious hackers.Among NHS staff, it found that despite the near-universal acceptance and understanding of their responsibilities, only 36% believed the health service was currently adequately able to defend itself, and just 42% trusted that existing systems were sufficiently robust to protect sensitive data.Additionally, 64% of NHS staff lamented outdated systems that they said make data hard to access and use, and 60% reported a lack of regular security training.Natasha Phillips, former chief digital nurse to NHS England, founder of Future Nurse and BT Clinical Advisory Board (CAB) member, said: In healthcare, cyber security isnt just about protecting data; its about protecting lives. Nurses are often the first point of care. To deliver life-saving and compassionate treatment, they depend on easy access to secure systems.As we embrace digital innovation, we must ensure that all clinicians have the confidence, training and tools to work safely and free from disruption. Ultimately, building a resilient NHS requires a united effort, where technology, training and trust come together.Read more about cyber security in healthcareMore cyber attacks against the health service are likely, and will succeed if something isnt done to address the increasingly elderly NHS IT estate, experts are warning.Healthcare cyber security and privacy experts predict a renewed focus on cyber-resilience, advancements in AI and additional privacy legislation going into 2025.UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies.BT director of healthcare Sultan Mahmud said: The NHS is rightly focused on saving lives, so it can be hard to stay ahead of cyber security threats with the landscape shifting so quickly.Threats targeting healthcare have grown in frequency and sophistication, endangering patient care and compromising vital services, he said. BT logs 2,000 signals of potential cyber attacks every second, totalling 200 million per day across sectors. With over 1.7 million employees, the NHS is the UKs biggest employer, so empowering this workforce is vital.Across the NHS, high awareness of cyber risk is overshadowed by a lack of preparedness. Moreover, significant frustrations with legacy systems are affecting care, exacerbating training gaps.Mahmud, who prior to joining BT worked across the NHS in various capacities most recently as chief innovation, integration and research officer at Royal Wolverhampton Hospital NHS Trust acknowledged the pressing nature of the cyber challenges faced by the health service, as well as the importance of collaboration to address them.Through initiatives like our Clinical Advisory Board and Vanguard Programme, BT Health is enabling collaboration between healthcare, policy and business to drive meaningful change, he said. A cyber-resilient NHS will be a better NHS for everyone.Drawing out more of the key themes of the report, BT said the NHS was clearly facing a critical challenge with its legacy tech systems, which often lack the levels of inbuilt security protections that one would expect to find in more modern environments, both hindering care delivery and collaboration.Respondents to the survey said they found patient data isolated and inoperable, and felt their ability to deliver safe and efficient healthcare suffered as a result.On security training, the survey found that in some areas, things may be going backwards, as despite a modest rise in training on new technologies, training on both new and existing systems had dropped almost 10%, particularly among frontline clinical staff. BT said the data strongly suggested that security training is seen as a one-off initiative, rather than an ongoing, iterative process. This is likely exacerbating both cyber risks and the impact of vulnerabilities on the NHS.On the same issue, the public-facing element of the study found that ordinary Brits are onboard with the need to beef up the NHS defences, with well over half saying they saw the need to train NHS staff in new technologies as a priority. BT spoke of a growing public understanding that equipping staff with appropriate security knowledge is crucial to improving overall healthcare delivery.The data in BTs report more information on which can be found here were drawn from an independent survey of 76 staff at 56 NHS and Integrated Care System organisations in September 2024, while the publics views were gathered by YouGov from a weighted survey of 2,159 adults taken in July 2024.