A mysterious consortium of tech companies isn’t keen to talk about its work with the UK government
Vivace describes itself as “a consortium of the best and brightest in the security industry”. Odd, then, that this publicly-funded brains squad seems remarkably reluctant to tell us who’s in it.
Vivace first came to my attention last week, when it was named as one of the expert technologists consulted as part of the NSPCC’s hugely unbalanced report into end-to-end encryption.
I’d never heard of Vivace before, and so did a little digging to find out what this organisation actually does.
Its sparse one-page website offers few clues, beyond the “best and brightest” claim made above. There’s no list of members, no named executives, no physical address, nothing but a bland set of mission statements.
A few days later, someone claiming to be Vivace’s media representative replied to the email I sent them asking for further information.
It turns out Vivace is a consortium of private tech companies that is behind ACE — the Accelerated Capability Environment — which is described in press releases as “a Home Office capability within the Office for Security and Counter Terrorism that rapidly delivers solutions to challenges facing frontline security and public safety missions”.
Vivace is “a community of companies led by QinetiQ which won the contract to deliver ACE for the Home Office in 2017”. That contract was renewed for a further two years in 2020.
Who’s in Vivace?
Given that Vivace is benefitting from public money, and that this collection of private companies is seemingly working for the greater good of crime prevention, you’d think it would be only too willing to reveal its members. But that’s most definitely not the case.
“We don’t publish a list of Vivace members,” said the Vivace press spokesperson when I asked for its roll call. “If you wish to request a comment or further information, please go through the Home Office press office.”
So, I asked the Home Office press team for a list of Vivace members and details of how much it costs the public purse each year. The Home Office refused to comment.
I asked QinetiQ for more information, but it referred me back to the Home Office. Anyone spotting a pattern here?
What we do know
Despite their reluctance to talk, we do have some details of this mysterious tech consortium.
The ACE Annual Review 2019–20 (sent to me by Vivace’s press spokesperson) reveals that “the Vivace community is now more than 230 members strong”, according to its CEO, Simon Christoforato.
Indeed, over on Simon Christoforato’s LinkedIn page, he seems quite happy to publicly out many of Vivace’s member organisations. A slide from a recent ACE presentation, shared by Christoforato, names more than a dozen Vivace members, including big names such as Amazon Web Services, Airbus, Thales and, of course, the ringleader QinetiQ (who, incidentally, Christoforato used to work for).
What do the companies get out of it?
The answer appears to be juicy government contracts.
The slide on page 21 of the ACE annual review reveals that the “value of work through ACE” in 2019 was worth £25.9m, with 267 contracts placed.
Page 14 of the annual review lists some of the ACE commission for the 19/20 financial period. These include projects such as “AWS Feasibility — exploration of potential cloud capabilities for law enforcement data”. Amazon Web Services (AWS), you will recall from the slide above, is a Vivace member.
There are many more Vivace members named in the spreadsheets of Home Office spending over £20,000, which are published on the government website.
Between January and March 2020 — just the first quarter of the year — these spreadsheets reveal that the following Vivace companies benefited from Home Office spending to the tune of:
Amazon Web Services — £25,314,691
QinetiQ — £5,168,815
BAE — £3,841,393
Thales — £1,041,931
UK Cloud Ltd — £967,772
To be clear, there’s nothing to suggest that this spending is a direct result of Vivace membership. Many of these are big companies that you would expect to be government suppliers. Nevertheless, it makes it all the more curious why the Home Office and Vivace are so reluctant to talk about its members and how much public money they receive.
Given Vivace’s and the Home Office’s reluctance to talk about its membership, I’ll be putting a Freedom of Information request in to see if I can flush out the full membership list and true cost of this scheme.
There’s arguably nothing wrong with private-sector firms delivering IT capabilities for the security services — they undoubtedly have skills and technologies that government agencies don’t.
However, the complete lack of transparency over these arrangements should trouble us all.