Friday, 30 December 2016

@gdsteam & HMG's digital transformation strategy


Sir Jeremy Heywood is the Cabinet Secretary and the Head of the UK's Home Civil Service ... He published his review of calendar 2015 in a series of 54 tweets between 23 December 2015 and 3 January 2016 ...
That's what we wrote on 24 January 2016.

No such review of 2016 is being tweeted at the moment by Sir Jeremy.

Perhaps nothing much has happened this year.

Friday, 16 December 2016

RIP IDA – 119 years? Not many people know that.

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


GDS, the Government Digital Service, were meant to have an identity assurance service "fully operational" by March 2013.

That didn't happen but they have been testing GOV.UK Verify (RIP) since February 2014 ...

... and the system was declared to be live on 24 May 2016.

Between 23 May 2016 and 11 December 2016 237,850 GOV.UK Verify (RIP) accounts were created. That's an average of 1,172 per day.

The Office for National Statistics estimate that there were 50,908,702 people in the UK aged 18 or over in mid-2014.

At the rate of 1,177 1,172 per day, it would take 43,450 days to create 50,908,702 GOV.UK Verify (RIP) accounts. That's more than 119 years.

----------

Updated 10:43

GDS have a number of "identity providers" under contract to provide GOV.UK Verify (RIP) with identity assurance services. Relying parties like HMRC, for example, need to know that the person on the other end of the line applying for a tax rebate really is who they say they are before any money can be legitimately handed out.

These contracts are entered into under the terms of a framework agreement.

There was an early framework agreement covering the test phase of GOV.UK Verify (RIP). Then, on 25 March 2015, GDS announced that they had Framework 2 up and running. There were to be nine "identity providers". PayPal never showed up and Verizon have disappeared so, in the event, there are just seven. Those seven "identity providers" have trouble registering more than about 70% of applicants. Even where an application succeeds, it is unclear how reliable the identity is.

The contract notice for Framework 2 is available on OJEU, the Official Journal of the EU: "The Government's aim is that all the central government services that need identity assurance for individuals will be using GOV.UK Verify [RIP] by March 2016". That didn't happen.

The contracts under Framework 2 last for a maximum of four years. If the registration of adults in the UK is going to take 119 years – please see above – then we must expect it to end under Framework 30.

Updated 12:43

Framework 1 was valued at a ridiculously low £25 million + VAT.

Framework 2 was valued at £150 million: "Estimated value excluding VAT: 150 000 000 GBP". In a UK population of 50,908,702 adults, that's about £2.95 of assurance per person.

Suppose the next 28 framework agreements are valued at the same £150 million. That takes the total for all 30 frameworks to £4,375 million.

We know from the Framework 2 contract notice that: "This procurement competition is managed on behalf of the Contracting Authority by the Crown Commercial Service (CCS)".

We know from a report by the National Audit Office (NAO) that: "... This reduction in CCS’s income will be offset by an increase to an existing levy that suppliers pay when they provide services under CCS frameworks ... The levy is currently around 0.5% and will become around 0.9% of the costs of services provided under CCS frameworks" (para.3.5, p.47). So over the course of the 30 framework agreements, CCS would expect to rake off between £21.875 million commission at ½% and £39.375 million at 0.9%, call it £40 million in round numbers.

That may seem like a relatively small amount of money but, given that the NAO find that CCS add no value whatever, it's a waste: "it is not possible to show that CCS has achieved more than departments would otherwise have achieved by buying common goods and services themselves".

Sunday, 20 November 2016

The odd couple

81.6% of people are satisfied or very satisfied with how easy it is to use GOV.UK Verify (RIP). 84.5% of people feel secure registering with the system and 80.5% are comfortable with "identity providers"/certified companies.

These user satisfaction figures are taken from the GOV.UK Verify (RIP) dashboard on the Government Digital Service's GOV.UK performance platform. They are based on 11,687 responses to the ease of use question, 11,623 to the security question and 11,552 on "identity providers".

DMossEsq and other critics can carp all they like. They're wrong, GDS may say. Just look at those user satisfaction ratings. Over 80% of people are satisfied with GOV.UK Verify (RIP) or very satisfied with it. That's what counts. And "counts" is the right word. We're dealing with numbers here. And you can't argue with numbers ...

... or can you?

Friday, 18 November 2016

Untitled 3





----------

Untitled 2

Untitled 1

Tuesday, 1 November 2016

RIP IDA – other people's money

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

Selected UK local authorities are now conducting trials of the Government Digital Service's dead duck, GOV.UK Verify (RIP).

Tuesday, 11 October 2016

RIP IDA – local government, the lender of last resort

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


The Government Digital Service (GDS) have convinced 19 local authorities to conduct trials of GOV.UK Verify (RIP).

11 local authorities are going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities are going to try to use it to issue residents' parking permits.


The plan previously was to see if GOV.UK Verify (RIP) could help with issuing taxi licences as well. It was always a peculiar plan and now it's been dropped.

GDS are demanding that local authorities commit to the trials/pilot runs. Once they've started they have to finish – GDS lays down law on council Verify adoption criteria. It's expensive, conducting trials ...

... and local authorities only want to use GOV.UK Verify (RIP) if it saves them money. That plan hasn't been dropped. GDS still haven't provided a price list but they're going to have to soon.

What should we expect to see as these trials unfold?

Let's work our way through an example.

Thursday, 29 September 2016

"Stale" and "self-legitimising" public administrators

"... we foster a user-centred culture in GDS and across government by getting everyone involved in user research", it says in a Government Digital Service blog post today, Don’t forget! 2 hours every 6 weeks. "We have user researchers as part of agile teams, for example. That's part of our DNA ... Our natural state can be to look inwards [horror], towards our teams [awful], not outwards towards our users [that's better] ...".

This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".

This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.

Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?

Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?

Monday, 26 September 2016

RIP IDA – however you cut it, GOV.UK Verify (RIP) is no more. It has ceased to be. It's expired and gone to meet its maker. This is a late identity assurance scheme. It's a stiff. Bereft of life, it rests in peace. If GDS hadn't nailed it to GOV.UK, it would be pushing up the daisies. It's rung down the curtain and joined the choir invisible. This is an ex-identity assurance scheme. RIP.

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default "internet era" world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

We have seen how Safran Morpho/SecureIdentity make you download an app to your mobile phone if you want to use their GOV.UK Verify (RIP) services. Not a good idea. (Digidentity also now want their parishioners to download an app. Ditto, not a good idea.)

We have seen how GOV.UK Verify (RIP) flouts every one of the identity assurance privacy principles. Again, not a good idea.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

Sunday, 25 September 2016

RIP IDA – privacy/identity assurance principles

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

Thursday, 22 September 2016

RIP IDA – the Post Office

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays may find it impossible to access public services.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?