Wednesday, 29 June 2016

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.

There always has been a thriving industry in motivational tea towels. But that's not GDS's raison d'être. They're meant to be there in Whitehall to accomplish the digital transformation of government.

That's not about computers, Mr Foreshew-Cain says. What is it about then?

In a nutshell, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

That definition of "digital" comes from Tom Loosemore, deputy director at GDS until his internet "jibba jabba" caused him to be ejected last September. The internet, or at least the web, has been used to distribute pornography in industrial quantities. Presumably that isn't the culture Messrs Foreshew-Cain and Loosemore want to emulate but nothing in their definition of "digital" prevents that interpretation – "the digital transformation of government" means making pornography easily available to everyone everywhere?

Mr Loosemore doesn't advocate pornography. He's far more interested in the government compiling a single source of truth, registers of everyone's personal information, a pre-internet delusion suffered most notably by the Stasi.

Disappointingly, Mr Foreshew-Cain just seems to advocate whatever Mr Loosemore advocates. Him and Mike Bracken and Martha-now-Lady Lane Fox.

Even more disappointingly, so does the editor of Computer Weekly magazine, please see After Brexit, we have a legacy government - so let's build a new one based on digital technology: "let’s approach the post-Brexit government IT world like a tech startup wherever possible. Eliminate silos from day one. Integrate systems and processes under a common digital architecture. Start from citizens’ needs, not the needs of the Whitehall machine. Build a common data platform and make that data open. Develop a government ecosystem built on open standards and APIs ...".

Most disappointing is the case of Richard Heaton, permanent secretary at the Ministry of Justice, who has just published 5 ways we are putting data in the driving seat: "Comparing individual data against population data will help managers predict and prevent patterns of infection in hospitals, or incidents of violence or self-harm in prisons. You will all be able to think of similar examples ... Could we go further, and replace human decisions about people’s lives with machine learning and predictive analysis?".

The funny thing is that GDS aren't actually all that good at digital. Their batch application system for voter registration fell over when too many people tried to use it. Ditto their petitions system. Their payments system for farmers had to be abandoned. And so it goes, on. Quite why Whitehall would listen to GDS's walls or read their tea towels is not clear. Nor is it clear what GDS have to offer local government.

Unlike the rest of Whitehall and unlike our local authorities in the UK, GDS aren't steeped in the business of government. Their chosen special subject is front ends. They're interested in the user interface between people and websites. That's all.

And that's a problem ...

... a problem laid bare in Digital Government: overcoming the systemic failure of transformation (hat tip: David Chassels), a paper written by two academics at Brunel, Paul Waller and Professor Vishanth Weerakkody (pp.7-8):
We argue that there are (at least) three delusions associated with this approach to deploying digital technology in government and public administration. These delusions are that:
  • it is about slashing administrative costs: in fact it raises needs for resources for development, maintenance, security, cyber-defence, dealing with scam imitations (UK HM Revenue and Customs acted to shut down 1,740 illegal sites in 2013), extension/redesign to meet new channels e.g. mobile platforms, and complete redevelopment every 5-10 years,
  • everything has to be user-focused: but not much of a government or public administrative function directly involves citizens so a focus on the interface misses the point about “transforming government processes”,
  • technology can “rationalise” government and public administration: but both are rooted in nations’ constitutions, in policy and in law, and are in constant flux.
Messrs Waller and Weerakkody are adamant. The nature of public services has been misunderstood by the internet jibba jabberers. Government departments are not commercial firms. Social and political science is "a strange land for many e-government academics". Government is different (p.22):
Always, the next technological fashion — be that big data analytics, algorithmic regulation, platform government, co-creation or whatever — must be critically assessed against the distinct context of politics and government.
It's quite hard work reading the Waller and Weerakkody paper. But useful.

Easier to read one of GDS's tea towels. But why bother?



----------

Updated 30.6.16

The DMossEsq blog uses Google's Blogger platform on which, when someone kindly submits a comment, a copy is emailed to DMossEsq and the comment is displayed on the blog ...

... unless it's too long, in which case it isn't displayed ...

... as happened this morning – David Chassels submitted the following comment at 11:27 a.m. today, 30 June 2016:
The hard working folk at GDS have had very poor support from their leaders who have failed dismally as described to truly understand “digital”. Politicians like most business people are understandably confused and this ignorant of underlying complexity in building and delivering an end to end service; and wow the vendors take advantage of that! Hence the need to be the ”intelligent customer” as articulated by Bernard Jenkin chairman of PASC which reported in 2011 on Good Governance: effective use of IT and its follow up in 2013 “Public Procurement: capability and effectiveness” (link)

Reality is that driving a “digital service” is as indicated much more that a web form it is about the whole business operation to deliver effectively. Users internal and external should be the drivers and in fairness to the “IT” industry this was recognised over 15 years ago and tagged “BPM” as the required “discipline” see this forum (link).

However sadly the supporting software remained in component complexity. This was the very challenge which was recognised by many we took on in the 90s! Yes real R&D to deliver a working solution with early adopters taken over 20 years. But you know what it worked! In effect we opened that door and given the recognition of the importance of Government buyers understanding what they are actually buying, we thought now is our time! So we embarked up trying to attract attention from ”our” Government when ICT Futures was created by the then new Government and quickly followed by GDS.

Just to put into context the effectiveness of what we created we had a Government agency UK Sport as early adopters which handles the end to management of grants to support our elite athletes. Now over 15 years supporting constant change recognised as the most efficient grant body - see here in 2011 (link). Total cost including original build less than £2m yet doing the same maybe even more complex than the grant system to farmers under RPA which seems to be on second attempt with total costs over £400m and as noted GDS contributed to that failure! Just this year UKSport converts to web from client server over half of the 500 UIs converted total cost less that £50K! That is what is called “disruptive” and in UK that represents a huge challenge…..!

Now you would think all this would excite Government as proof of very significant savings and GDS with its CTO who was also responsible for ICT Futures seeking “..on how government can use innovative new technology to deliver better, cheaper solutions” . Well not so we were ignored so many times as were many invites to visit UK Sport to see just how. GDS leaders had their own agenda with a fixation on open source and doing it themselves (and sticking bits of paper on walls!) Well now we know the result as GDS failed. Time for accountability…….?

Tuesday, 21 June 2016

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

Thursday, 16 June 2016

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Wednesday, 1 June 2016

Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).

Sprint 14: 29 January 2014


"You've improved people's lives". That was taken at face value once. But now we need to know which people? How much have their lives been improved? In what way have they been improved? And has GDS really saved billions?

GDS may believe that "we've achieved so much". But, 31 May 2016, we read that the EU disagrees:
The 2016 Digital Economy and Society Index shows the UK down one place from the 15th place it achieved last year.

While the UK is the top-ranked for its open data policies, it fell short in other areas – particularly pre-filled forms on government websites.
And, 26 May 2016, we read that the Labour Party disagrees:
It is also two years since the Cabinet Office published their Digital Inclusion Strategy, setting April 2016 deadlines which have passed without fanfare or indeed any update whatsoever. One of these targets was to reduce the number of people lacking digital capability by 25%. I await their progress report, but in the meantime figures from other sources don’t fill me with hope.

Go ON UK’s Digital Exclusion Heatmap, created with the London School of Economics and the BBC in late 2015, shows that 23% of people in the UK do not possess basic digital skills.
And, 24 May 2016, it turns out that IBM disagree, too:
A wave of digital transformation has undoubtedly swept over Europe in the last decade and none have embraced this digital change at a greater rate than our Nordic cousins. While the Scandinavian countries are currently the most advanced in terms of realising a truly mature model of effective eGovernment, Great Britain is still at the 'enablement' stage of the journey.
"Still at the enablement stage" (ouch!)? Or "we've achieved so much"? Which is it?

That's a poser for Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service. Should he maybe hire some Scandinavian digital transformation people? Harder question for him, should he maybe acknowledge that we Brits don't see government the same way the Scandinavians do?



Saturday, 28 May 2016

Government Gateway 1 - 0 GOV.UK Verify (RIP)


18 April 2016, RIP IDA – it tolls for thee:
In the lethal custody of the Department for Work and Pensions (DWP), the Government Gateway has been neglected for years. Now someone seems to have paid it a bit of attention. An innovation, it sent DMossEsq's mobile phone a one-time password when he logged in to take a look at his personal tax account.

We have suggested recently [1 April 2016] that the Government Gateway should be taken away from DWP and given to HMRC. Perhaps it has been.
24 May 2016, Don't tell the Cabinet Office: HMRC is building its own online ID system.

25 May 2016, HMRC plans extra authentication channel.

The Government Gateway has provided us all with on-line access to public services in the UK for 15 years and more. From its very inception, the Government Digital Service (GDS) decided to send this decent workhorse to the knacker's yard. Happy to destroy value like this, wantonly, the identity assurance committee at GDS promptly designed a camel, GOV.UK Verify (RIP).

Her Majesty's Revenue and Customs (HMRC) can't use GOV.UK Verify (RIP) to transact their business. It doesn't work. And as we now know, HMRC are designing a successor to the Government Gateway. Call it "G2".

Let's hope that when you open a G2 account you don't find that all your personal information is broadcast to a gaggle of companies you have barely heard of. Or never heard of. Companies like Equifax, ID Checker, Zentry LLC, Techmahindra Ltd and Expert Solutions Support Centre.

You wouldn't think it was necessary to say that to a responsible department of state. But that's exactly what happens, thanks to GDS, if and when you open a GOV.UK Verify (RIP) account using Verizon as your "identity provider". All these companies and more get your personal information, goodness knows where in the world they keep it and who has access to it, but one thing's for sure, you have no control over it.

If G2 works, will there be any point in retaining GOV.UK Verify (RIP)?

You may think that the matter is debatable. GDS do not. There's nothing to debate, according to GDS. There shouldn't be multiple systems all across government putatively doing the same job, GDS say. There should just be one. Anything else is wasteful and aesthetically displeasing. Whatever you think, GDS must regard G2 as the end of GOV.UK Verify. RIP.

Thursday, 26 May 2016

RIP IDA – GOV.UK Retrench

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Kirsty Styles edits the New Statesman magazine's B2B tech site. She asks the Government Digital Service (GDS) about GOV.UK Verify (RIP). And back comes a response, possibly from an automaton, something to do with "rigorous onboarding", which looks co-operative but which doesn't answer the question.

You've got to take your hat off to the GOV.UK Verify (RIP) team. They've been doing this day in, day out, for years.

They can still say with a straight face that all their "identity providers" are certified when half of them aren't.

Even after all these years, they still claim to have eight "identity providers" while telling new applicants for a GOV.UK Verify (RIP) account that five of them "probably can't verify you".

They're still adamant that GOV.UK Verify (RIP) is secure and that it abides by all nine of the identity assurance privacy principles – it doesn't abide by a single one and everyone knows that there is no such thing as unqualified security.

And their response to the US National Institute of Standards and Technology's claim that GOV.UK Verify (RIP) doesn't do identity-proofing and offers no more than self-certification is pluckily ... to ignore it.

They look as though they could keep this up forever.

But they can't.

Saturday, 21 May 2016

"Data Science Ethical Framework" – contempt for the public

Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves.

That was Douglas Jay in 1937, writing in The Socialist Case. How much has changed 79 years later?

-----  o  O  o  -----

Friday, 20 May 2016

Furtive

The Rt Hon Matt Hancock MP, Minister for the Cabinet Office, gave a speech yesterday to launch the Data Science Ethical Framework. It got off to a wobbly start:
When Alan Turing proposed the Turing Machine and his theory of machine intelligence, he would not have imagined that his early ideas of computing and algorithms would be enhanced and evolved using the quintillions of bytes of data we generate today.
There's no telling what Alan Turing would or would not have imagined.

Wednesday, 18 May 2016

RIP IDA – worse than you thought

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The problem you already knew about ...
The point of GOV.UK Verify (RIP) is to assure central government departments like HMRC, Her Majesty's Revenue and Customs, that the person on the other end of the line is who they say they are. GOV.UK Verify (RIP) follows the good practice, we are told, set out in GPG45, Good Practice Guide 45.

Chapter 4 of GPG45, p.9, provides for four levels of assurance, 1-4.

Level 1 isn't much use to a relying party such as HMRC, the identity hasn't been proved at all.

Level 2 gets a bit more useful: "The steps taken to determine that the identity relates to a real person and that the Applicant is [the] owner of that identity might be offered in support of civil proceedings". Level 2 might support identification in a civil court. It might. It might not.

Levels 3 and 4 are successively more reliable. But that's irrelevant at the moment as GOV.UK Verify (RIP) is only offering Level 2.

What's more, it's having trouble reaching even Level 2 according to OIX, the Open Identity Exchange, the Government Digital Service's business partner. If GOV.UK Verify (RIP) could use our personal bank account information, OIX say, that "would help [to] achieve the required standards against the 5 elements of identity assurance at level of assurance 2" (p.11).

To some extent, OIX have now got their wish. GDS tell us that: "In the last few months, we've seen new data sources and methods being introduced, and we've worked with mobile network operators as they've developed a new phone contract validation service that’s now in live use in GOV.UK Verify [RIP] ... It’s also now possible to verify your identity without either a passport or driving licence, thanks to a new method introduced by one of our certified companies which allows you to use your bank account as proof of your identity".

They've got their additional data and it's not helping. The GOV.UK Verify (RIP) account creation success rate remains stuck at around 70%. Young people have trouble opening an account, so do old people and unemployed people and people on low incomes.

Hat tip someone, it's all a far cry from the 16 September 2014 GOV.UK Verify (RIP) service assessment, when the assessors' report called for GDS to "actively work with the market to grow [demographic] coverage to as close to 100% as can be achieved, as early as possible during the Beta".

... may be worse than you thought
But suppose GOV.UK Verify (RIP) achieved 100% demographic coverage and enrolled everyone into GOV.UK Verify (RIP) with a level of assurance of 2. Then what?

Saturday, 14 May 2016

Mind the gap

On the London Underground/Metro/Subway a recorded message tells us all, over the public address system, to "mind the gap". That's the gap between the train and the platform, of course, which we are all supposed to be too stupid to mind unless we're reminded.

There once was a post-nuclear holocaust film the name of which entirely escapes DMossEsq in which empty trains continued to travel the tube system following their programmed timetable, stopping to open their doors at each appointed station and the only voice heard was the PA system mindlessly repeating "mind the gap".