Wednesday, 23 April 2014

You are for sale 2



That's what it said in Friday's Guardian, 18 April 2014:
The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs [HMRC] in a move branded "dangerous" by tax professionals and "borderline insane" by a senior Conservative MP.
Her Majesty's Treasury are quoted as saying:
"HMRC is committed to protecting its customers' information ..."
If they're committed to protecting their customers' information, isn't it a little odd to sell it?

Saturday, 12 April 2014

Digital government, empowerment and the Estonian fallacy


Don't be fooled into believing that "digital government"
will automatically deliver empowerment


Last Sunday night/Monday morning DMossEsq started a post. It's a good thing he fell asleep before finishing it and you never had to read it. It wasn't getting anywhere:

The lesson today is taken from the Book of Onwurah and our text is:
Labour’s history, our roots, are in the empowerment of people. All too often government is something done to the people. Digital government must not be like that.
That is as it is recorded in the Guardian version of the Estonian Bible of Digital Government. In the Civil Service World version, it is written:
We see digital government as a way to empower citizens and enable the public sector to do more with less; the Tories see it as just another way to slim down the state and deliver a public sector which does less with less.
The "more with less" tag will be recognised of course from an earlier lesson, Less for more:
... Not so fast, said, Ian Watmore, Chief Operating Officer of ERG [the Efficiency and Reform Group], whose motto, devised by Lord Brown of Madingley, Chairman of ERG and previously Chairman of BP and the Gulf of Mexico, is "more for less" ...

Then in Thursday's Times David Aaronovitch re-kindled interest in the unfinished post. He was writing about the letter sent to the Guardian by 19 "members of the progressive community" about Labour's manifesto for the May 2015 general election here in the UK:
If it were to sell this vision, Labour required an election manifesto based on a list of principles including “prevention of the causes of our social, environmental, physical and mental health problems, which requires a holistic and long-term approach to governance”, and the “empowerment of everybody . . . to enable them to play a full role as active citizens”.

This “empowerment of everybody” would need much devolution of power, said the letter, before ending in a peroration that included the assertion that “the era of building the capacity and platforms for people to ‘do things for themselves, together’ is now upon us” ...

When you write this badly, when you are so unclear that even experts in your field cannot decipher your intention, there is a reason for it. It could, of course, simply be that you are an idiot. But two other explanations are more likely: either that you don’t really know what you mean yourself; or that you do know, but you’d rather not spell it out.
It's not just the Labour tribe hoping to win by banging on about empowerment, as Mr Aaronovitch would have known if he had only read the DMossEsq post that was never published:

The Conservative tribe – the "Tories" as the prophet Onwurah calls them – also invoke empowerment. The October 2002 Book of Carswell, for example, is actually called Direct Democracy – empowering people to make their lives better.

And the Lib-Dem tribe, too. Repeatedly.

Here is the Lib-Dem prophet Davey:
Government, business and consumer groups commit to midata vision of consumer empowerment
... Today’s announcement marks the first time globally there has been such a Government-backed initiative to empower individuals ...
And Davey's successor, the Lib-Dem Lamb:
The Government launched the consumer empowerment strategy, Better Choices Better Deals: Consumers Powering Growth, in April 2011. The strategy set out ways for Government and others to help give consumers more power in a rapidly changing and complex economy.
And Lamb's successor, the Lib-Dem Swinson, with her midata Innovation Lab. And her successor in turn, the Lib-Dem Willott, who detects "progress on the consumer empowerment strategy".

It's up to these politicians to explain clearly what they mean by "empowerment". If they can. We must be able to answer the question what is this power that our politicians are so graciously granting back to us. Only then can we the public judge their offering.

The one germane point to add here is this. Don't be fooled into believing that "digital government" will automatically deliver empowerment.

That's what many of these politicians are advocating. And they're wrong. It's the Estonian fallacy.

Digital government – the customer is always wrong 2

We noted, a couple of months back, an open letter to the Government Digital Service (GDS) and the Government Procurement Service (now the Crown Commercial Service). The letter was orchestrated by Skyscape Cloud Services, please see G-Cloud – Animal Farm, and included this suggestion:
There is little, if any, transparency of forthcoming opportunity to the supplier, which can in turn lead to negative speculation about how long-lists and shortlists are compiled. We recommend that transparency principles are applied to all areas of G-Cloud transacting:
  • That an opportunity pipeline is published so that suppliers can see who is planning to buy and when (Contracts Finder would be the logical channel);
  • That suppliers are informed if they have been long-listed – and that reasons for failing to make the shortlist are communicated to the supplier. Suppliers can then improve their products and pricing which will in turn benefit the market as a whole.
Skyscape and their 14 fellow signatories want to force prospective customers to tell suppliers what new business is available and they want to force them to explain why they rejected all the other suppliers in favour of the lucky ones who were shortlisted.

"10 out of 10 for trying", you may say, "a bit pushy, unlikely to work – what sanction do suppliers have if customers simply refuse to explain themselves? – but, who knows, they might get away with it. Someone might fall for the it's-in-your-own-best-interests argument, prices will fall and quality will rise. There again, do Skyscape and their friends really want to get into a public shouting match about why they were rejected, how bad their products are and/or how stupid the customers are for rejecting them? The customer is always right, isn't he? ..."

Never mind all that.

How could suppliers be notified of new business opportunities? "Contracts Finder would be the logical channel", say the Skyscape 15, referring to the venerable Contracts Finder website on BusinessLink.gov.uk, a domain which isn't supposed to exist any more but does, like Direct.Gov.uk, don't tell GDS.

Someone has had a better idea.

Friday, 11 April 2014

Digital government – the market in contempt

Dotted around central government and local government there are thousands of experienced and responsible buyers, among them people who buy IT hardware, software and services. They've been doing it for decades. They know what they're doing. They're not idiots.

Tuesday, 8 April 2014

RIP IDA – where is it?

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

The Government Digital Service (GDS) are trying to transform government by making it digital by default. They have chosen 25 public services as exemplars. Exemplar no.9 is a service for DVLA – the Driver and Vehicle Licensing Agency – and is described as follows:
If you are a driver you will be able to view information from your record, including what vehicles you can drive and any penalty points and disqualifications. Drivers' data will be made available via a new DVLA enquiry platform built to handle high-volume enquiries
That's point #1.

Point #2 – GDS have been trying for some time to get identity assurance working. On 11 February 2014 they told us that IDA was finally being tested behind the scenes, and that testing on exemplar no.9 would start to use IDA in public in March:
Initially we will be adding more services and users quite gradually, as we continue to get the service ready for wider use. Other services will begin to use identity assurance from March onwards, starting with DVLA’s view driving record service. The DVLA will start trialling identity assurance for some users, aiming to use it exclusively once the identity assurance service is in public beta.
Point #3, on 1 April 2014 DVLA announced that:
Yesterday, at just after midday, we launched the public beta of View Driving Record on GOV.UK.
"... after 15 months of hard work this was it", they said, "we had delivered the first part of what we had set out to achieve ...".

Can you now see "what vehicles you can drive and any penalty points and disqualifications" on-line? Yes.

And can you see IDA in action? No.

Monday, 7 April 2014

RIP IDA – long odds

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

Last Friday the Government Digital Service (GDS) announced that they would be issuing a new invitation to tender for identity assurance work (IDA), please see Identity assurance, procurement 2.

As noted, it looks as though enrolment into IDA would cost 35 times more than GDS previously told us. £30 million was meant to pay for 21 million putative registrations. In the event, it will cover only 600,000 putative registrations.

In a typically clear-headed assessment published in Computer Weekly magazine, Toby Stevens describes the difficulties GDS face with IDA. He also examines the position of suppliers considering a bid. Should they try to become "identity providers" (IDPs)? He has this to say:
... an IDP would need to run a population of 250,000 users in the first year just to have a chance of breaking even. That's going to be a problem for stretched Sales Directors who are evaluating bid risks and trying to determine where to focus their sales resources. Why bid the high-risk job with the deferred payback, when they could go for safer projects with up-front payment ...

I think I’d rather put my money on a 5-horse accumulator than an IDP bid team.
No board is going to sanction betting on the horses as a business development strategy. The equity analysts wouldn't wear it. Neither would the shareholders. The directors could kiss goodbye to their careers.

Friday, 4 April 2014

RIP IDA – registration just became 35 times more expensive

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

It seems like only yesterday but actually it was 1 March 2012 when Public Servant of the year ex-Guardian man Mike Bracken MBE published Identity: One small step for all of Government.

At that stage, the Cabinet office had "built a new team and delivery plan and a working governance structure to implement Identity Assurance solutions strategically across government", he told us. The team was starting the "exciting challenge" – progress to date unknown – of "creating a trust infrastructure", whatever that is.

Thursday, 3 April 2014

Estonia – are we nearly there?

This morning's Computer Weekly headline speaks for itself: "Parliamentary computers crash 90 minutes after IT assurances".

There was a "major incident" nine days ago on 25 March 2014 when parliamentarians and their staff had trouble with email and internet access. Joan Miller, Director of Parliamentary IT, emailed her users at 12:28 to say that the problem had been fixed. 89 minutes later at 13:57 it happened all over again, major incident #2.

That's a resilience problem. Like the Government Digital Service's CloudStore being unavailable for several days. Twice. In October and November 2013.

Then there's the security problem. Even when Parliament's IT is up and running smoothly, you will remember, Ms Miller suffers from the Government Digital Service's problem – security isn't important, usability is what matters, please see The Tragedy of the Commons.

Parliament seems to be in danger of enjoying neither resilience nor security.

"Would that work here?", BBC Radio 4 asked last night. In Estonia they seem to have iDemocracy, as recommended by Douglas Carswell. How far along the road to Estonia is the UK? Without resilience, security and identity assurance, not very.

Monday, 31 March 2014

Waterfall Wanderers 0 - 0 Agile Athletic

As we were saying:
The traditional approach to software development is often known as 'waterfall' development: that is, you plan, build, test, review and then deploy, in a relentless cascade. But some IT industry players regard this practice as the chief problem ...A rather different answer which has emerged in the last ten to fifteen years has been what are called 'Agile Systems', perhaps best described as a philosophical movement in action within the software industry.
The quotation comes, of course, from Richard Bacon MP and Christopher Hope's Conundrum: Why every government gets things wrong and what we can do about it, pp.240-1. Here we are, back again, asking why government IT systems too often go over budget and what we can do about it.

The fashionable answer is that the problem is the "waterfall" engineering of software systems and the solution is "agile" engineering. Waterfall bad, agile good. That's the idea. Let's explore it a little.

Waterfall is always associated with Winston W Royce (1929-95) and, to hear people talking about waterfall these days, you'd think he was a bit of an idiot. Actually, he was a rocket scientist who got into large-scale software engineering and ended up running IT for Lockheed.

Sunday, 30 March 2014

The Scottish on-line security experiment


On-line, you can have convenience. Or you can have security.
One or the other.
But not both.

Stolen Twitter passwords 'worth more than credit card details'.

That's what it said in the Telegraph a few days ago, 28 March 2014. Credit card details are only worth between $2 and $40 these days on the black market, whereas your Twitter password can be worth between $16 and $325. That's what Michael Callahan of Juniper Networks says. And he's a security expert.

You're probably getting bored with these stories. They appear every day in the media. And every month on the DMossEsq blog, see for example Cybersecurity, and GDS's fantasy strategy. And "When it comes to cyber security QinetiQ couldn’t grab their ass with both hands". And Hyperinflation hits the unicorn market. And ...

It's boring. But it's still important.