What the Smart Metering Debacle tells us about the reality of the Irish Backstop

Last week, the UK Government finally admitted the obvious, presumably in the hope that the announcement would be lost in the Brexit noise, which is that the GB Smart Metering Programme rollout has been delayed by four years to 2024.  For those who don’t know the history, back in 2011, the Government announced that it was instigating a smart metering programme which would see 53 million domestic smart meters installed by the end of 2019.  We’re approaching that date and the latest figures show that only 2 million compliant SMETS2 meters have been installed.  Despite many of us having pointed out the issues for years, it’s only now that reality has dawned on our ministers, who have set a new target of 2024.  Many in the industry believe that’s equally fictional and are suggesting that 2030 is more realistic.  That would mean a total of nineteen years for a project that was originally meant to take less than seven years to complete.  Over the course of the project, costs have spiralled, although BEIS – the ministry now in charge of the project are still doing their best to dream up magic benefits, presumably because of a concern that if they revealed the full impact, any Minister in their right mind would cancel the project.

The announcement was hardly unexpected.  Along with many others, I have been critical of the project since its early days, when it became obvious that that it was being driven by ideology rather than practical requirements.  Countries such as Italy managed a national deployment in a couple of years at a fraction of the price.  The difference with the GB programme is that it was politically led, turning into the latest in a long line of Government IT disasters.  However, the announcement is timely, as it comes at the point when our current Ministers are promoting a technical solution to the Irish border as an alternative to the backstop.  If we assume that the same mistakes will occur, as they have done again and again in previous IT projects, it is unlikely that we would see anything workable in place before 2030.  More worryingly, it is likely to be hacked by organised crime well before that.

The British Government has a dismal track record of managing IT projects.  It’s well documented in Richard Bacon and Christopher Hope’s book “Conundrum: Why Government gets things wrong”.  From the fiascos of passport control and NHS health records, to the smart metering programme, consistent, inept Government micromanagement by people who don’t know what they’re doing has led to billions of pounds of taxpayers’ money being wasted.  Most projects start with a good idea, but nobody formulates a solid set of project requirements.  Instead, so-called experts and consultants are called in to define a specification, which typically involves promoting vested interests in untested technologies, along with a desire to constantly allow specification creep, not least because it keeps a very profitable source of income alive. 

An almost de facto decision is a desire to use the latest technology; often technologies which have not been properly tested, and in some cases barely exist.  Consultants tend to like these, as they come with the promise of new features which they can enthuse over, along with the warm feeling that you’re not just copying something else which has already been done, but you’re charting new territory which might make you a world leader.  Sadly, when it fails, it tends to make you a global laughing stock, but by that time the consultants have moved on to another new IT project, leaving the taxpayer to pick up the bill.  The consultation which accompanies the recently announced delay to 2024 claims that they are “determined for the UK to play a leading role in providing the technologies, innovation, goods, and services”, missing the fact that most countries will have managed three or four smart metering deployments by the time we finish our first.  If you want to express an opinion on their ongoing incompetence, you have until November 11th to respond to BEIS’ latest consultation.

The technology in our smart meters is already obsolete.  By 2030, the technology in our smart meters will be 18 years old.  The reason is that throughout this process, technology companies have discovered that Governments can be particularly susceptible to technical mugging, shelling out billions of pounds on technologies which would otherwise be consigned to the waste bin.  It often feels that large-scale IT projects are designed solely to prevent failing suppliers from going bust.

What little information we have on the technical solution to the Irish border plays to all of these fears.  What we do know is that it is going to use advanced video technology to identify who or what is crossing the border.  That should be deeply scary.  Not necessarily because of the privacy issues from video surveillance (although those absolutely need to be dealt with), but because video surveillance is currently the most bleeding edge, Wild West frontier in technology, which is ready to mug any Government project which it sees coming along.

At this point, I’d recommend that you have a look at the BBC’s latest thriller – “The Capture”.  Its premise is that footage from video surveillance cameras can be changed in real time by the security forces, so that they can manipulate evidence for their own ends.  I won’t spoil the plot, other than by stating that what it portrays is not technically possible.  Yet.  At least, not at the scale which is shown on screen.

To do what you see in The Capture, you would need to be able to embed considerable processing power into each surveillance camera and then be able to individually control it to process the video in real time.  Today, most surveillance cameras are dumb.  They’re just cameras which feed their video stream to a control centre.  If you want to manipulate the image to perform facial recognition or anything else, you need to feed the video stream into centralised computers and process it once it’s arrived.  That’s about to change.

Last December I spoke about “Feeding AI” as part of a Cambridge Wireless seminar on edge processing.  Edge processing is where you move some of the processing load away from the central servers to the primary devices, whether they’re IoT sensors or video cameras.  It highlighted the progress being made in incorporating complex AI processing functionality into video chips and how it was beginning to be integrated into cameras.  (You can download the slides here.)  It’s a hot area, particularly in China, where the Government is fast-tracking development of AI for facial and gait recognition.  Companies like Sensetime, Cambricon and Horizon Robotics are attracting hundreds of millions of dollars of investment to develop the chips and software that will drive the next generation of connected cameras.  Sensetime alone has raised $2.6 billion, making it the most funded tech startup ever.  The technologies that these companies are developing will make what we see in “The Capture” possible – the ability to process and change video as it’s captured.  Not today; not in five years’ time.  But probably in ten years.

Which brings us back to the issue of the Irish backstop.  The EU and both the North and South of Ireland are clear that they do not want to return to a hard border crossing.  That’s made clear in the Withdrawal Agreement, which states that “while the United Kingdom identifies and develops a mutually satisfactory technology that operates customs, excise, phytosanitary and other controls on the frontier between the UK and the EU, without any evident border infrastructure”.  What that means in practice is that Northern Ireland will need to continue to operate tariffs as if it were still part of the EU until that “mutually satisfactory technology” arrives.  That’s anathema to those pushing for a Brexit deal, as well as the DUP, hence the frantic search for a technical solution.

To address that, we’ve seen a number of proposals for what has been termed “Smart Border 2.0” (What Smart Border 1.0 was isn’t entirely clear, although it may hark back to the 443 page Technical Report on Smart Borders which PWC prepared for the EU back in 2013, although that was mostly about using biometrics to speed up entry and exit checks).  As with most Government IT projects, it always looks better to add a version number, as it gives the impression that they know what they’re doing.  In practice, it generally indicates that they’re going to jump on whatever new technology bandwagon is passing.  Which is where Smart Border 2.0 is likely to be headed.

What little we know about Smart Border 2.0 comes in extracts from policy statements.  An EU policy document states that “Although Smart Border 2.0 relies on technology to reduce the level of friction at the border, it still requires a certain level of both physical and digital infrastructure: the movement of vehicles, to be monitored using Automatic Number Plate Recognition (ANPR) at unmanned border crossings, requires cameras to read number plates (as in Norway). CCTV will also be required at border crossings.  It will also require a substantial amount of digital infrastructure”.  That has already emboldened a number of consultancies to propose solutions and lobby MPs to support them.  Back in 2018, when he was still Foreign Secretary, Boris Johnson championed an alternative, maximum facilitation, or “max fac”, proposal, relying on technology to keep border-checks to a minimum.  That prompted a rare moment of lucidity from Teresa May, who retorted that “No technology solution to address these issues has been designed yet or implemented anywhere in the world, let alone in such a unique and highly sensitive context as the Northern Ireland border”.

She was right – the technology required does not currently exist, but as I’ve explained above, it’s coming.  Which is all that BEIS or the Home Office needs to know to kick off their next IT disaster. However, in this case, they won’t be the only people interested in looking at how it might go wrong.

“The Capture” is a nice story about what could go wrong if security sources could manipulate video surveillance cameras in real time.  If trade into the EU across the Irish border could be hacked, it would be a goldmine for international crime.  What would spark their interest is that, rather ironically, the cameras which get installed to improve our security are some of the most unsecure Internet of Things devices on the market.  They’ve become a prime target for hackers, not least because their internal security is generally very basic.  When the first significant IoT virus was unleashed, it infected around 1.5 million cameras to form a denial of service botnet attack.  In the last few months security researchers have warned of up to 750,000 companies being vulnerable in one attack, and up to 5 million more cameras at risk in another.

Whilst there’s a broad spectrum of hackers, you can split them into four main categories:

  • Individuals and groups who are hacking because they can, driven by the challenge.  They include bug hunters and researchers hoping that discovering a major flaw will help their career prospects.
  • Others, who are probably best described as the petty criminal fraternity, often using existing hacking tools to phish, ransom or otherwise make money out of malicious hacking.
  • State operators, who use hacking as part of foreign policy.  Think Stuxnet and the Ukrainian power outages.
  • Organised crime.  These are people who treat hacking as a serious business, investing time and money to target specific organisations.  We don’t hear much about them, because very few of the companies that fall victim to them want to admit it.

If a Government-led solution to the Irish border is developed, it is highly likely that it will follow the same process as the Smart Metering project, (and all of the others outlined in Conundrum).  We’ll see those new AI chips being specified and designed into cameras by companies that don’t really understand the ramifications of AI or security.  GCHQ will probably not be involved until too late, because everyone working on the project will think it’s just a video camera.  But organised crime will be there.  They’ll see the opportunity of manipulating an EU border and swarm to it like bees to a honeypot.  These are people who play a long game.  They’ll be embedding people who write the specifications, design the firmware in the products and probably subvert the communications infrastructure.  On the flip side, it will probably lead to a level of investment and flow of money into Northern Ireland that they’ve been looking for for years.  Although the combination of money, mafia and terrorism is rarely a good one.

If anyone seriously thinks that this is a project which the UK Government can run, they should look at where we are with smart metering.  Nine years after the original deadline, when we were meant to have installed 53 million meters, we’ve only managed to install 2 million compliant ones.  Nobody in BEIS has the faintest idea whether smart meters are really working to help consumers save energy, or not.  Asking them, or the Home Office to solve the Irish border issue by deploying more technology they don’t understand can only be a disaster.   Ministers need to understand that asking them to solve it with another IT project is no more effective than applying a sticking plaster to a broken spine.