There was a small ripple around the internet this morning caused by the Home office opening up the Beta terrorist reporting tool.

To what extent the reports from this tool are monitored is unclear, but I suspect this will cause more problems that it solves.

Even before we consider the rather broad definition the government has for illegal material (which on the face of it could cover a number of science and religious texts), I can see the tool quickly becoming buried under false positives – whether through over sensitive citizens or through plain vindictiveness – which would need to be investigated.

Even if no further action is taken after the investigation, the cost in both time and resources must surely represent a significant risk that things that are actually a threat will be missed.

Anyone who has spoken to me for more than a few minutes knows that I am very much a civil libertarian at heart, and believe that the so called compromise between freedom and security is one of the worst kinds of politically motivated false dichotomy.

Having grown up under the threat of IRA bombings and soviet nuclear annihilation, I honestly don’t feel terribly threatened by a bunch of disgruntled religious fundamentalists – despite government assurances that they are they deadliest thing since the Ebola virus.

The UK government’s latest crackpot plan to spy on its population – the announcement that along with monitoring all Internet usage, phone and SMS communication (including content via deep packet inspection) that they plan to monitor social networking sites such as Facebook comes as no real surprise, but has made a bit of a splash in the tech press and even made it onto the BBC.

The government has of course made the usual assurances that it is necessary to combat the threat posed by [terrorists/criminals/paedophiles/tax dodgers (delete as appropriate)] and that they won’t be looking at the content – just who is talking to who (bringing us back into the Stalinist purge era fallacy of  “guilt by association“).

However, other than being an example of the ongoing salami slicing of the privacy and hard won freedoms necessary for the proper running of a healthy democracy, I don’t believe that Facebook monitoring or even Streetview are in themselves the greatest threats to our life and liberty. Certainly when compared to all the other countless and more sinister intrusions into our liberties that the government is undertaking.

Indeed, the coverage this is getting may start to draw people’s attention to the fact that these networks are public and indeed anything that you put on the internet should be thought of as publishing. It is quite likely that it won’t be just your friends who see that unfortunate drunken picture of you, or your iPhone reported GPS  location.

What is worrying is what the prevailing governmental attitude means for the Social media and tech industry as a whole, which seems to be “regulate and control first, think later”.

What this measure does is add another expensive regulatory overhead (in this case archiving and logging user interaction to be sent to the government) for what is one on the few potential areas of growth in the UK economy – despite the recession, lack of government support for small business, ruinously expensive cost of hosting, the UK’s crippling tax regime (both business and personal), and its hidebound attitude to innovation.

The combined effect is that anyone who is going to be hosting a social network (or even starting a business) is going to be doing so overseas – increasing the already frightening flow of capital and talent out of the UK economy. Surely what we should be doing, especially in the current economic climate, is encouraging the growth of small business and an innovation culture rather than smothering it with expensive and unnecessary regulation?

Of course this was all conceived to appear to be Doing Something, and to target the big established networks. These networks would be told that in order for them to do business in the UK they must submit to this regulation – but this too could backfire.

As Youtube’s recent decision to block UK access to music videos goes some way to illustrate, the UK market is simply too small for us to be throwing our weight around in this way.

We are not China, and many companies are perfectly prepared to forego a slice of the UK market if they can make more money elsewhere and with far smaller overheads. Therefore we will likely be destroying a much needed area of growth in the fatally crippled UK economy for no reason whatsoever.

That is unless you buy into the idea that this will catch the mystical terrorist boogeyman – at least the ones who are smart enough to pose a real threat – who I imagine would use another method of communication… like for example, sending a letter.

Image: ‘One nation under CCTV’ taken by Mayu

While I do believe some of the analogies to be somewhat erroneous, I find myself broadly agreeing with the points raised in this article about current security practices.

We in the industry often find ourselves focusing on the more technical issues – patches, penetration testing etc. These fall well within the IT department’s sphere of understanding. They are sexy issues.

Certainly more interesting than matters of staff training, but as the article points out this is likely to be a much bigger win than ensuring everyone is using 28 character passwords or that company computers get patches the second they are available.

“Employee training sometimes gets a bad rap because it doesn’t alter the behavior of every employee who takes it,” he said. “But if I can reduce the number of security incidents by 30 percent through a $10,000 security awareness program, doesn’t that make more sense than spending $1 million on an antivirus upgrade that only reduces incidents by 2 percent?”

I am a big fan of the “strength in depth” approach to IT security and I believe that one should never rely too much on one technique. It doesn’t hurt to lock things down – decent passwords are certainly not going to do any harm – but I agree the big hits are probably going to be elsewhere.

However all the fancy security software in the world is not going to stop untrained staff doing something ‘unfortunate’ like sending the bank details of 25 million people through the post on two unencrypted CDs.

Crucially, for real security I think one should plan for failure and make sure that it is not the end of the world if something does happen. Backups, encrypting confidential data, as well as ensuring you have a firewall set up and configure correctly are all parts of a consolidated defence.

In short. Make sure your doors and windows are locked, but keep valuables out of sight and make sure you’ve taken out an insurance policy… and tell your flatmate not to let dodgy masked men with “swag” written on a sack wander around your apartment.