The secret security firm that you pay for
Why won’t the Home Office reveal more about the mysterious Vivace? Unlike the Ministry of Defence, if I could tell you I would
After a prod from the Information Commissioner’s Office, the Home Office sputtered out a response: information denied
I hate paying for something and not knowing what it is, like one of those cryptically named transactions on a bank statement. Yet, UK taxpayers, we’re all paying for a secretive consortium of IT security companies called Vivace – and the Home Office is not keen to tell us what’s going on there.
Vivace first came to my attention when it was named as one of the “industry experts” consulted for the NSPCC’s highly dubious report into end-to-end encryption, which I wrote about here a few months ago ( see issue 322, p22). I’d never heard of Vivace, and its website ( vivace.tech) left me none the wiser, offering little more than a full house in buzzword bingo (“providing innovative, agile and flexible solutions to problems in the communications data space”) – and the tantalising nugget that it was “supporting the UK police and wider law-enforcement agencies”.
Vivace didn’t even exist as far as Companies House was concerned, although this mysterious entity has a CEO and has posted job ads for various senior positions over the past few years. A little digging revealed that it was a Home Office-funded consortium of tech companies, led by the massive security and defence contractor Qinetiq. That noise you can hear is PC Pro’s libel lawyers having a little cry.
A little more information was forthcoming in a press release, which stated that Vivace provides something called the Accelerated Capability Environment, “a Home Office capability within the Office for Security and Counter Terrorism that rapidly delivers solutions to challenges facing frontline security and public safety missions”. In theory, a perfectly sensible idea.
But here’s the thing. Nobody’s telling us who’s in Vivace or how much it costs. I asked the Home Office press people for a list of members and the running costs and they declined to answer. I asked Qinetiq; its press team said “all enquiries regarding Vivace need to be referred to the Home Office”. That’s what Vivace’s IT experts would probably call an “infinite loop”. D
igging around in Qinetiq’s annual reports and other titbits online, I discovered that Vivace is a consortium of more than 250 companies, with members including Amazon Web Services, BAE, Thales and Airbus – many of whom are listed separately as Home Office contractors raking in millions of pounds of year from public funds. But there wasn’t a definitive list of Vivace members anywhere, nor any details of its budget.
So, I put in a Freedom of Information request to try to flush out this information. Alas, the Home Office evidently takes inspiration from the late Douglas Adams (“I love deadlines. I love the whooshing noise they make as they go by”); after a prod from the Information Commissioner’s Office, the Home Office eventually sputtered out a response: information denied. It couldn’t possibly tell me who the members of Vivace are because more than three quarters of them are SMEs or sole traders and “many are not from the defence or security domains”.
This raises the obvious question: what the hell are they doing then? Alas, the Freedom of Information Act has exemptions from disclosure that cover personal data, and the Home Office has decided to use this as an excuse to withhold the names of all Vivace members, big or small.
Meanwhile, the question of how much money this secret security society is costing taxpayers is also none of your business, according to the Home Office, because “the information you have requested would undermine the abilities of the Home Office to maintain the security of the UK if it were to be disclosed”. T
here’s more: “The disclosure of the information, in aggregate with other information, would reveal the magnitude of threats addressed by the Home Office’s
Accelerated Capability Environment .”
Really? The total budget afforded a consortium of private firms would instantly tip off our adversaries to the precise strength of our cyberdefences? Pull the other one. Not least because the Ministry of Defence’s own disclosures ( pcpro.
link/325mod) reveal the precise amounts spent on service and civilian personnel, equipment and even individual operations. You’re telling me disclosing the overall cost of a bunch of contractors is a bigger threat to national security than the cost of the army?
No, I’m not buying it, either. But the only route open to me now is to apply for an internal review – the Home Office marking its own homework – before a further appeal to the Information Commissioner if that bears no fruit.
In the meantime, if anyone wants to tip me off about other Vivace members, you know where to find me. I’ll be in the corner, posing a massive threat to national security.