Wednesday, 13 July 2016

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Saturday, 9 July 2016

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

Nothing has come of it so far. Is "digital" a really unhelpful word? The jury is still out.

"data-sharing" v. "data-linking" v. "data access"
Next day, GDS, or whatever they're called now, published Data access legislation and data reform:
On Tuesday we published data access legislation as part of the Digital Economy Bill. The Bill is an important part of what we are seeking to do in GDS to transform our relationship to data and unleash the next decade of innovation and public service reform ...

Our clauses in the Digital Economy Bill are described as being about ‘data sharing’, although our preferred term is ‘data access’, because we think it better reflects the way technology and practices for handling data across government are changing.
Is data-sharing less controversial if the name is changed to "data access"?

You may remember a little spat between the Cabinet Office and the Guardian newspaper a few years ago. The Cabinet Office objected to the newspaper describing their plans as "data-sharing". They demanded an apology. They didn't want data-sharing at all and it was a calumny even to suggest that they did. No, what they wanted was "data-linking" and that's quite different.

That was four years ago in April 2012 and apparently the Cabinet Office, or at least GDS, or whatever they're called now, still think that they can overcome the problems of data-sharing just by changing the name.

"enhances" v. "impugns"
Further on in GDS's data reform blog, we read that:
... government's commitment to enabling a digital state that has privacy at its heart can be seen in the design of GOV.UK Verify [RIP]. This platform is a new way to safely and straightforwardly prove who you are online when accessing services like filing your tax return, viewing your driving licence or applying for Universal Credit. Besides being quick and simple to use it enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information. The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose.
"The company you choose to verify your identity" could be any one of GDS's first-nine-then-eight-now-seven "identity providers". Sometimes they're called "identity providers", which is an odd, science fiction-like name. And sometimes they're called "certified companies" even though three of them aren't certified. GDS really do have problems with language ...

... and not just with the correct name for "identity providers". We noted over a year ago that when they're talking about GOV.UK Verify (RIP) GDS distinguish between the first time you verify your identity with an "identity provider" and subsequent occasions. The distinction is perfectly clear. The first time is when you register with an "identity provider".

But GDS didn't want to use the word "register". Because that would remind people of the National Identity Register on which the Home Office's failed ID cards scheme depended. And obviously GDS didn't want to be associated with that. Nevertheless, registering is exactly what you're doing if and when you open a GOV.UK Verify (RIP) account.

GDS would have you believe that GOV.UK Verify (RIP) "enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information". Is your privacy really enhanced by having your personal information stored all over the world with multiple companies beyond your control? That's what happens with GOV.UK Verify (RIP).

Is "enhances" the right word here? Surely "impugns" would be more accurate – GOV.UK Verify (RIP) impugns privacy because information is quite unnecessarily stored all over the world with massive and uncontrollable sharing or linking or access ...

"The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose"? That may be true. But someone has to know. Otherwise there would be no audit trail.

That someone is GDS, and they know thanks to the GOV.UK Verify (RIP) identity hub.

"Government's commitment to enabling a digital state that has privacy at its heart"? That's not what it looks like. Never mind which words GDS use to describe it, their putative "digital state" is an utter stranger to any recognisable concept of privacy.

RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Wednesday, 6 July 2016

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

Monday, 4 July 2016

The copulation of propositions (iterating in public)

David Hume, A Treatise of Human Nature (1739):
In every system of morality, which I have hitherto met with, I have always remarked, that the author proceeds for some time in the ordinary ways of reasoning, and establishes the being of a God, or makes observations concerning human affairs; when all of a sudden I am surprised to find, that instead of the usual copulations of propositions, is, and is not, I meet with no proposition that is not connected with an ought, or an ought not. This change is imperceptible; but is however, of the last consequence. For as this ought, or ought not, expresses some new relation or affirmation, 'tis necessary that it should be observed and explained; and at the same time that a reason should be given, for what seems altogether inconceivable, how this new relation can be a deduction from others, which are entirely different from it ...

Wednesday, 29 June 2016

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.

Tuesday, 21 June 2016

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

Thursday, 16 June 2016

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Wednesday, 1 June 2016

Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).

Saturday, 28 May 2016

Government Gateway 1 - 0 GOV.UK Verify (RIP)


18 April 2016, RIP IDA – it tolls for thee:
In the lethal custody of the Department for Work and Pensions (DWP), the Government Gateway has been neglected for years. Now someone seems to have paid it a bit of attention. An innovation, it sent DMossEsq's mobile phone a one-time password when he logged in to take a look at his personal tax account.

We have suggested recently [1 April 2016] that the Government Gateway should be taken away from DWP and given to HMRC. Perhaps it has been.
24 May 2016, Don't tell the Cabinet Office: HMRC is building its own online ID system.

25 May 2016, HMRC plans extra authentication channel.