Thursday, 14 December 2017

What does the BBC mean by "control"?

A charming email arrived from the BBC the other day. They want to make it easier for DMossEsq to sign in to his account. And they want him to be able to sign in orally – no more fuddy-duddy typing.

So the subject of the email is "Talk your way into the Beeb"? No. It's "Important changes to the BBC Privacy and Cookies Policy".

Bit boring. But let's take a look:
Hello,

We’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it.

You can view the updated Privacy and Cookies Policy by going to bbc.co.uk and searching for our Privacy and Cookies Policy or by clicking on the link below.

View updated Privacy & Cookies policy

...
The BBC Privacy and Cookies Policy turns out to be 5,000 words long and to comprise 20 clauses.

Wednesday, 13 December 2017

Open banking, PSD2, GOV.UK Verify (RIP) and the end of civilisation as we know it

Open banking starts in the UK in four weeks time on Saturday 13 January 2018. The competition is keen. Who will be the first little old lady to be cheated out of her life savings? And can she lose the lot by close of play on Monday 15 January 2018 or will we have to wait until Tuesday?

What, we hear you ask in your millions, is DMossEsq talking about?

Friday, 1 December 2017

RIP IDA – the Whitehall user research lab

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The Government Digital Service (GDS) have a user research lab, in which they "carry out research into all the things we deliver [?], from guidance and standards to common components, such as GOV.UK Pay and GOV.UK Verify [RIP]".

Despite the user research lab, "deliver" is just what GDS haven't done with GOV.UK Verify (RIP).

Thursday, 31 August 2017

In praise of friction

With the acceleration due to gravity standing at 9.81 ms-2, if there were no friction, you could never walk uphill. The only way would be down. Not good.

In Part 3 of his series of blog posts on the vision for the Digital Marketplace Warren Smith says that the Government Digital Service (GDS) are "enabling end-to-end buying that's as frictionless for users as possible". That can be bad for people who make a purchase in haste and then regret it. That's why we have cooling-off periods.

Again, "frictionless" doesn't always mean good.

GOV.UK is the public face of the UK administration on-line. GDS's vision for GOV.UK is like their vision for the Digital Marketplace: "Simpler, clearer, faster access to government services and information ... That means providing a single place for people to interact with government that's as frictionless as possible, and which continuously improves. And it means providing a platform that helps government understand and meet users' needs".

Open data is like a box of chocolates: "... He stressed the importance of open data as a means to 'unlock facts and evidence held in different silos, so that better local services can be realised.' This is about delivering real change for people in a frictionless way ...". Maybe silos aren't all bad.

In his blog post on what it is to be a "data-confident" government Paul Maltby regrets that "the type of frictionless internal data system we saw in Silicon Valley, even for non-sensitive data, seems a long way off". He may be wrong to regret it.

That may be a mistake.

Friday, 28 July 2017

RIP IDA – the last blip on the life support system monitor

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The signs of life are petering out:
  • GOV.UK Verify (RIP) blog posts are now collectors' pieces. Like the Cabinet Secretary's once loud expressions of support for GOV.UK Verify (RIP).
  • The GOV.UK Verify (RIP) team hardly ever tweet.
  • They never go live on a new central government service. The big departments of state look like sorting out identity assurance themselves.
  • Local government is deserting GOV.UK Verify (RIP) even before joining it.
  • The Open Identity Exchange (OIX) publishes one report after another explaining why GOV.UK Verify (RIP) has nothing much to offer the private sector in general and nothing whatever to offer the financial services sector in particular.
  • Cabinet Office ministers come, they are made to say something ridiculous about the importance of GOV.UK Verify (RIP) and then they go.
  • Two executive directors of GDS have left, there weren't even any ripples on the departure of the second one and his replacement, a director general, didn't take the opportunity of his appointment to abandon their apology for a strategy – 25 million GOV.UK Verify (RIP) users by 2013 2020.
There is still the occasional blip on the GOV.UK Verify (RIP) life support system monitor. techUK hosted an encounter between GDS and the UK's technology suppliers earlier this week, a market briefing on GDS's government transformation strategy.

Wednesday, 12 July 2017

RIP IDA – OIX to the rescue 2

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

14 June 2012, we discovered that the Government Digital Service (GDS) had joined the Open Identity Exchange (OIX) in order to help with their moribund identity assurance programme now known as "GOV.UK Verify (RIP)".

16 June 2017, OIX published Achieving frictionless customer onboarding, which "looks at the commercial business case for financial service providers to accept digital identities that meet Government standards".

Does that report help GDS?

Wednesday, 5 July 2017

The zombie stirs, the UK Home Office is on manoeuvres again …

… ID cards are back on the agenda …

Tuesday, 23 May 2017

RIP IDA – a ridiculous manifesto promise

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The Conservative Party's 2017 manifesto includes this at p.81:
... we must use common platforms across government and the wider public sector. That must start with the way we identify ourselves online, so that people have one single, common and safe way of verifying themselves to all parts of government. That is why we shall roll out Verify, so that people can identify themselves on all government online services by 2020, using their own secure data that is not held by government. We will also make this platform more widely available, so that people can safely verify their identify to access non-government services such as banking.
As DMossEsq readers know, it may be convenient for people to have "one single, common ... way of verifying themselves to all parts of government" but it isn't "safe".

Saturday, 6 May 2017

Half-baked, amateurish, technically-illiterate, misled, misinformed, …

Last Wednesday, 3 May 2017, Jerry Fishenden published a blog post, The canary that ceased to be, where he announced his resignation as co-chair of the Privacy and Consumer Advisory Group (PCAG):
The group has reviewed and commented upon a wide range of government initiatives, including predicting the disaster that become NHS care.data, the fraud risks of ill-considered “data-sharing” (under various guises), the troubled and late-running GOV.UK Verify identity assurance programme, the Office of National Statistics use of data, the “digital transformation” of the electoral roll, Home Office fraud issues, the Investigatory Powers Bill (now Act), and other proposals and ideas from across government.
PCAG is meant to be a safety device like a miner's canary, it's meant to detect officials attempting to "smuggle their often half-baked proposals past Ministers". That's what it's meant to do and that's what it does but ministers have stopped paying attention. Particularly Matt Hancock and Ben Gummer who haven't bothered even to acknowledge letters sent to them by PCAG.

Tuesday, 14 March 2017

GDS's commitment to user control of personal information

Public administration in the UK has problems which could be solved if public services became digital by default. That is the raison d'être of the Government Digital Service (GDS).

Digital by default? What does "digital" mean? According to Tom Loosemore, ex-Deputy Director of GDS, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

The reactionaries in Whitehall have hobbled GDS. That's what Jerry Fishenden and Cassian Young say: "It is convenient for institutionally conservative managers to watch the energy behind transformation dissipate harmlessly in the sandbox where the agile insurgents are left to play with their websites", please see Escaping waterfall government and the myth of ‘digital transformation’.