Friday, 12 February 2016

Trust in the Civil Service 3

Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service, wishes to increase the level of trust placed by the public in the civil service. As we have seen, here and here.

His chosen method to achieve this objective centres on перестро́йка and гла́сность, i.e. perestroika and glasnost, or innovative transformation and openness, to be delivered by the Government Digital Service (GDS).

We have identified certain problems with the strategy. Among others:
  • GDS have promised the public that we can use GOV.UK Verify (RIP), the replacement for the Home Office's failed ID cards scheme, to establish our identity on-line and that we can use that identity to access public services. GDS's business partner, OIX, the Open Identity Exchange, tell us that GOV.UK Verify (RIP) is having trouble achieving the requisite level of assurance that people are who they say they are. Which means that relying parties like the Department for Work and Pensions would be irresponsible to rely on GOV.UK Verify (RIP) when they pay benefits, for example, or pensions. GDS's false promise is more likely to destroy trust in the civil service than to inspire it.
  • In September 2012, the Information Commissioner's Office published advice on data protection which included this: "We also recommend you ... use different passwords for separate systems and devices" (p.8). That was obviously good advice then and it still is, three-and-a-bit years later. You'll find the same advice given worldwide. Here's the US organisation StaySafeOnline.org, for example: "Have a different password for each online account". GDS want you to have a single GOV.UK Verify (RIP) password for all your accounts. They're more interested in convenience than in security. Which diminishes the trust anyone can place in them.
  • "All your accounts"? Surely that should be "all your public service accounts"? No. The GOV.UK Verify (RIP) literature generally says that the system is designed to make it easier for members of the public to access public services, e.g. "GOV.UK Verify [RIP] is the new way to prove who you are online, so you can use government services like viewing your driving licence or filing your tax". Less publicised, GDS are trying to interest the private sector in GOV.UK Verify (RIP). Not a shining example of гла́сность.
Sir Jeremy's trust problems aren't limited to GDS.

Wednesday, 10 February 2016

Trust in the Civil Service 2

Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service, wishes to increase the level of trust placed by the public in the civil service. As we have seen.

His chosen method to achieve this objective centres on перестро́йка and гла́сность, i.e. perestroika and glasnost, or innovative transformation and openness, to be delivered by the Government Digital Service (GDS).

We have identified certain problems with the strategy. Among others:
  • GDS have promised the public that all the "identity providers" appointed to GOV.UK Verify (RIP), the replacement for the Home Office's failed ID cards scheme, will be certified trustworthy by independent organisations. They are now breaking that promise, thereby destroying trust in the civil service.
  • GDS offer people the option to register with the Post Office – which is not certified trustworthy – but behind the scenes those people are actually registered by a different "identity provider", digidentity. What does that say about openness?
Sir Jeremy's trust problems aren't limited to GDS.

Monday, 8 February 2016

Trust in the Civil Service 1

As Cabinet Secretary and Head of the Civil Service, Sir Jeremy Heywood is one of the most powerful people in the country and three days ago on 5 February 2016 he tackled the question of Trust in the Civil Service:

© Ipsos MORI
According to an Ipsos MORI poll, civil servants are more trusted than journalists and politicians (and estate agents and bankers) and less trusted than policemen, prelates, scientists, teachers and doctors. If you believe Ipsos MORI, or any other pollsters, trust in civil servants has been increasing since 1983 but 45% of people still don't believe a word Sir Jeremy says.

Wednesday, 3 February 2016

RIP IDA – interview tips


That's a font, don't you know. A font called "Agile", described as "a pleasurable alphabet that is suitable for both headlines and longer body text; its spirited nature is evident in small as well as in larger point sizes". Available from Village.

Sunday, 24 January 2016

"The highlights of 2015 for the [UK] Civil Service"

Sir Jeremy Heywood is the Cabinet Secretary and the Head of the UK's Home Civil Service.

He published his review of calendar 2015 in a series of 54 tweets between 23 December 2015 and 3 January 2016, a period he refers to as the 12 days of the Civil Service Christmas.

54 tweets about the highlights of the year as far as the Civil Service is concerned, month by month. The introductory tweet alongside and one for each month makes 13. 41 to go.

Wednesday, 20 January 2016

RIP IDA – the sunlight of transparency

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.


GOV.UK Verify (RIP), currently being tested, uses a combination of passport details, driving licence and credit rating information to try to enrol people onto the population registers maintained by the Government Digital Service's so-called "identity providers".

Even if a computer-literate person with access to broadband would like a GOV.UK Verify (RIP) account, there can be problems. Among others, that person may not have a passport or a driving licence or a credit history.

The solution to those problems suggested by GDS is to increase the range of data sources available for GOV.UK Verify (RIP), which is why on 1 December 2014, 13 months ago, GDS published How we’re working to increase the range of data sources available for GOV.UK Verify [RIP]:
We’re working to identify more government data sources to add to the document checking service. We’re hoping to be able to say a bit more about our plans on this in the new year.

The use of any additional official data sources would be subject to formal agreements on how the data can be used, and government data sources will only be used on the basis of informed user choice and consent.
They were looking for "more government data sources". Such as? Two days later, DMossEsq suggested personal information recorded by the government about your education, travel or health. That was a guess.

Monday, 18 January 2016

UK Digital Strategy - the next frontier in our digital revolution

It was the eve of the eve of New Year's Eve 2015 when the Department for Culture Media and Sport (DCMS) challenged the public to challenge the department:
Challenge us
Come 2020, undoubtedly the UK landscape will have changed to be firmly in the digital age. But how do you want to shape that? Government has ideas and ambitions but as Tech City UK back in 2010 shows, the ideas are out there. So challenge us - push us to do more. Let’s show the rest of the world how it’s done.
They gave us until 19 January 2016 to submit our responses.

They asked for it.

Someone had to tell them:

Friday, 8 January 2016

Digital by default and the new meaning of "choice"

Anyone who pays UK income tax one year can be required to make tax payments on account in the following year in addition to any tax deducted at source via PAYE, the standard pay-as-you-earn system. If the payment on account would be less than £1,000 or if the "relevant" amount is less than 20% of the "assessed" amount, then you are exempted from making payments on account. Not many people know that.

Those who do know that sometimes want to apply to have their payments on account reduced for which HMRC, Her Majesty's Revenue and Customs, kindly provide a form SA303.

Wednesday, 6 January 2016

Border control, gun control and biometrics in the news

The BBC's News at Ten is the UK's leading TV news programme. Last night's edition was interesting for what it did say about biometrics and what it didn't.

Monday, 14 December 2015

RIP IDA – some "identity providers" are less trustworthy than others

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.


GOV.UK Verify (RIP)
"Identity provider" GPG45 service Applied for Granted ("no. of profiles")
.
Barclays Identity Assurance and Provisioning 28 September 2015
digidentity Identity Provider Service for Verify 30 April 2015 (4)
Experian IDaaS 21 October 2014 (4)
GBGroup ID3global 12 February 2015 (2)
Morpho secureidentity 19 November 2015
PayPal
Post Office IDA 24 February 2014, lapsed February 2015
Royal Mail
Verizon UIS 11 February 2015 (5)
.
Not an "identity provider" mentioned by GDS
Equifax Identity Verifier for IdP 10 December 2014 (2)

The Government Digital Service (GDS) want to build trust in their GOV.UK Verify (RIP) identity assurance scheme by being open, "the sunlight of transparency is making things better".