Sunday 30 September 2012

30 September 2012, a big day – Dame Helen Ghosh and ex-Guardian man Mike Bracken

30 September 2012. It's a big day today. Dame Helen Ghosh's last day as permanent secretary at the Home Office. What will change when she's gone?
    • Will Sarah Rapson, chief executive at the Identity & Passport Service (IPS), be allowed to carry on over-charging us Brits for passports to the tune of £300 million a year?
    • IPS has never recovered from its failure under Sir David Normington and James Hall to implement government-issue ID cards. They suffered something like a corporate nervous breakdown. Isn't it time now at last for a new name and a re-launch?
    • Will Jackie Keane be able to carry on spending money like water on IABS, the Immigration and Asylum Biometric System?
    • Will assistant commissioner Mark Rowley at the National Policing Improvement Agency stop wasting money on mobile fingerprint equipment?
    • Will Rob Whiteman, chief executive of the UK Border Agency (UKBA), be able to maintain the high standards and success rates of that organisation?
    • Will Brian Moore's successor as chief executive of the UK Border Force ditto?
    • Isn't it time now to stop hosing money at CSC and VF Worldwide Holdings for their biometrics-based visa application work abroad?
    • Will IBM be allowed to stop bashing its head against the brick wall that is eBorders?
    • Is Alex Lahood (the Director of Identity Management, no less, at UKBA, please see p.9) still testing biometrics in Croydon? If so, why?
    • Is Marek Rejman-Greene still Senior Biometrics Advisor at the Home Office Scientific Development Branch? Ditto.
    These are just some of the questions for Dame Helen's successor to ponder.

    Today is also the last day for the Government Digital Service (GDS) to announce the approved suppliers of the UK's much-touted Identity Assurance Service (IAS). It really is a big day.
    • Will GDS meet the deadline? (Six hours to go ...)
    • Will they dare appoint Google and Facebook as "identity providers" to the UK?
    • If not, will the NSTIC folk in the US cross them off the Christmas card list?
    • Will Martha Lane Fox ditto?
    • When Universal Credit fails, will DWP get the blame or GDS?
    • Will the Department for Business Innovation and Skills stop pretending to want midata?
    • If ex-Guardian man Mike Bracken (executive director of government digital services and senior responsible officer owner for the identity assurance programme) can't make Estonia come to the UK, will he go there?
    • Will GDS's dream of inserting GOV.UK into our national payment systems come true? If so, how many weeks before we are reduced to a barter economy? Two? Or one?
    • Will GOV.UK replace the Government Gateway?
    • Will GDS's IAS succeed where James Hall's ID cards failed?
    • Can GOV.UK operate successfully on a cloud service operated by Skyscape, the one-man company?
    These are just some of the questions that probably won't be answered tomorrow.

    30 September 2012, a big day – Dame Helen Ghosh and ex-Guardian man Mike Bracken

    30 September 2012. It's a big day today. Dame Helen Ghosh's last day as permanent secretary at the Home Office. What will change when she's gone?

    G-Cloud, GDS, HMRC, Skyscape and the USA PATRIOT Act

    At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK,
    gave the first admission that cloud data
    — regardless of where it is in the world —
    is not protected against the USA PATRIOT Act.

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

    ----------  o  O  o  ----------

    G-Cloud
    Whitehall's G-Cloud team have taken the baffling decision to include Skyscape Cloud Services Ltd in its Cloudstore.

    Cloudstore is an on-line shop the team have set up to display the wares of approved suppliers and from which government departments are supposed to be able to buy with confidence.

    That confidence must be limited in the case of Skyscape which has no track record in business, is so young a company that it has yet to file any accounts and has only one director, who is also the only shareholder.

    What are the G-Cloud approval procedures? Is it possible to fail them?

    HMRC
    HMRC have taken the baffling decision to stop storing data in their local offices and store it instead in the cloud with Skyscape. What data? PAYE and NI payments? VAT payments? Personal tax returns? Company tax returns? That's the kind of thing HMRC deal with.

    In the name of efficiency and greenness, HMRC think it is wise to lose control of their data – more properly, our data – and hand it over to a company owned and directed by just one man?

    GDS
    The Government Digital Service (GDS) have taken the baffling decision to host GOV.UK on Skyscape's servers.

    GDS are the people whose job it is to make all public services digital by default.

    They don't have a lot of successes to their name. They're meant to have approved the suppliers of identity assurance services by now. Today's the deadline and they still haven't got round to it. As a result, DWP's Universal Credit scheme, among others, is left twisting in the wind, unable to proceed for lack of the necessary identity assurance.

    But they have produced GOV.UK. It's still in testing, but at least there's something to show for their work. You'd think they'd look after it. But no, they're entrusting its care to a one-man business, Skyscape.

    GOV.UK is only meant to replace every single central government website + Directgov + Businesslink + (this is a guess) the Government Gateway. But what the heck, let's stick it in the cloud, that's the modern way, that's where everything's heading, in a handcart ...

    We're not just talking here about the businesslike behaviour of Whitehall, its responsible attitude and its grasp of reality. We're nibbling at Constitutional questions, including questions of sovereignty.

    Skyscape
    On their website, Skyscape say:
    SOVEREIGNTY

    Skyscape is a UK registered company owned exclusively by UK domiciled shareholders. All our secure operational centers and data centres for UK Public Sector clients are sited within the UK in highly secure IL6 data centres. A significant competitive differentiator is our focus on the integrity of our client’s data, including protection from potential access by overseas legislation including the US Patriot Act.
    Let's sweep up some of the small stuff first:
    • Skyscape only has one shareholder, so what's all this about "UK domiciled shareholders" plural?
    • Are Skyscape promising never to have any non-dom shareholders?
    • Why can't they spell "centres" the same way twice in a single sentence?
    • How secure are their data centres given that their "partner" ARK Continuity publishes a map of how to get to one of them on their website?
    • Is a "focus on the integrity of our client’s data" a "significant competitive differentiator"? Don't other cloud service suppliers focus on exactly the same thing?
    • And what do they mean by "integrity"?
    Now the big one.

    The USA PATRIOT Act 2001
    "USA PATRIOT" is an acronym standing for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. The Act was passed in the aftermath of 9/11.

    It's a long document and DMossEsq hasn't read it. Bits of it, but not all of it. Mayer Brown have. Mayer Brown are a US firm of lawyers and in their paper The USA Patriot Act and the Privacy of Data Stored in the Cloud they say:
    European consumers have expressed concern that the USA Patriot Act ... will afford the US government undue and unfettered access to their data if they choose to store it on the cloud servers of US providers (e.g., Microsoft or IBM) ...

    Two ... mechanisms that US law enforcement could use to access data in the cloud that warrant discussion are FISA [Foreign Intelligence Security Act] Orders and National Security Letters [NSLs] ...

    FISA Orders, particularly as expanded under Section 215 of the Patriot Act, have given rise to privacy concerns for several reasons. First, such orders may be granted ex parte, meaning with only the FBI presenting evidence to the court. Second, Section 215 includes a “gag” provision that prohibits the party that receives a FISA Order from disclosing that fact. This typically would prevent a cloud service provider from informing its customers that the service provider had shared their data with the FBI in response to a FISA Order ...

    ... the FBI may issue NSLs on its own initiative, without the authorization of any court. (This was true even before the Patriot Act.) Nothing in the Patriot Act provides for any judicial review of the FBI’s decision to issue an NSL. Second, the NSL statutes impose a gag requirement on persons receiving an NSL. In addition, the Attorney General Guidelines and various information sharing agreements require the FBI to share NSL information with other federal agencies and the US intelligence community ...

    ... any corporation based in the United States will be subject to US jurisdiction and, thus, can be subject to FISA Orders, NSLs, search warrants, or grand jury subpoenas. The same is generally true for a non-US corporation that has a location in the United States or that conducts continuous and systematic business in the United States ...

    ... an entity that is subject to US jurisdiction must produce not only materials located within the United States, but any data or materials it maintains in its branches or offices anywhere in the world. The entity even may be required to produce data stored at a non-US subsidiary ...

    ... US law enforcement authorities may serve FISA Orders, NSLs, warrants or subpoenas on any cloud service provider that is US based, has a US office, or conducts systematic or continuous US business—even if the data is stored outside the United States ...

    ... US law enforcement authorities may serve FISA Orders, NSLs, warrants or subpoenas on any cloud service customer that is US based, has a US branch, or conducts systematic or continuous US business—even if the data is stored outside the United States ...
    You get the message.

    In case you don't, Microsoft say the same thing more briefly, Microsoft admits Patriot Act can access EU-based cloud data:
    At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act.
    So do Google, Web freedom faces greatest threat ever, warns Google's Sergey Brin:
    Brin acknowledged that some people were anxious about the amount of their data that was now in the reach of US authorities because it sits on Google's servers. He said the company was periodically forced to hand over data and sometimes prevented by legal restrictions from even notifying users that it had done so.
    Microsoft and Google are both themselves suppliers of cloud services. They're being straight with the public.

    Skyscape can tell us till they're blue in the face that its one and only shareholder is domiciled in the UK. But as long as the company is somehow linked up in its mysterious partnership with QinetiQ, Cisco, VMware and EMC the claim to offer "protection from potential access by overseas legislation including the US Patriot Act" is arguably false.

    Whitehall has a duty to keep control of the data we entrust to its custody. Sticking our data in the cloud is a breach of that duty.

    If Whitehall, GDS, HMRC and/or the British public are relying on that claim of Skyscape's, they/we may be sadly mistaken.

    ----------

    Cribsheet
    What? Even QinetiQ? The dear old true blue DERA as was?

    Yes, even QinetiQ, because of its "conduct of a systematic and continuous US business", viz. QinetiQ North America, 7918 Jones Branch Drive, McLean, VA 20165, Tel: 703-652-9595, www.QinetiQ-NA.com, contactus@qinetiq-na.com ...

    Added 10.1.13
    U.S. Spy Law Authorizes Mass Surveillance of European Citizens

    Added 13.2.13
    Yes, U.S. authorities can spy on EU cloud data. Here's how

    Added 16.3.13
    National Security Letters ruled unconstitutional

    G-Cloud, GDS, HMRC, Skyscape and the USA PATRIOT Act

    At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK,
    gave the first admission that cloud data
    — regardless of where it is in the world —
    is not protected against the USA PATRIOT Act.

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

    ----------  o  O  o  ----------

    G-Cloud
    Whitehall's G-Cloud team have taken the baffling decision to include Skyscape Cloud Services Ltd in its Cloudstore.

    Cloudstore is an on-line shop the team have set up to display the wares of approved suppliers and from which government departments are supposed to be able to buy with confidence.

    That confidence must be limited in the case of Skyscape which has no track record in business, is so young a company that it has yet to file any accounts and has only one director, who is also the only shareholder.

    What are the G-Cloud approval procedures? Is it possible to fail them?

    Five questions for the G-Cloud team, champions of cloud computing in the 21st century skyscape of UK government

    30 September 2012, posted on the G-Cloud blog here and here. The "Eleanor" addressed here is Eleanor Stewart, the main spokesman for G-Cloud since Ian Watmore and Chris Chant left Whitehall:

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]
    dmossesq says:

    Your comment is awaiting moderation. 

    September 30, 2012 at 7:21 am

    This business about Skyscape, the Cloudstore and GDS is fascinating, Eleanor, thank you. And I note that HMRC also have contracted for cloud services with Skyscape. Just a few questions.

    Skyscape is too young to have filed any accounts yet with Companies House, so we have no idea about its P&L and its balance sheet. On the other hand, we do know from Companies House that Skyscape’s registered office is at Hartham Park, Hartham, Corsham, Wilts SN13 0RP. And that it has a paid up share capital of just £1,000. The company turns out to have just one director, a Mr JR Sanders. And just one shareholder, the same Mr JR Sanders.

    Q1: just how small does a company have to be to fall below the exacting standards for inclusion in the Cloudstore?

    Q2: GDS and HMRC seem to have contracted not so much with one company as with one man. Do you think that’s wise?

    Skyscape claim to be in some sort of an “alliance” with five other companies including ARK Continuity.

    ARK Continuity’s registered address is Hartham Park, Hartham, Corsham, Wilts SN13 0RP. One of its directors, a Mr JP Thomas, who owns £3.20 of ARK’s £16 issued share capital, used to own one share in Skyscape, but transferred it to Mr JR Sanders on 19 April 2012.

    Q3: just what does this “alliance” amount to?

    ARK is basically a property company and on its website it proudly displays its Spring Park data centre at Hartham Park, Hartham, Corsham, Wilts SN13 0RP. They provide a map of how to get there and helpfully add that the MoD have secure facilities nearby.

    Q4: GOV.UK and HMRC’s Skyscape contracts cover important national assets and if the blabbermouths at ARK have given away their current location could you arrange for them to be moved?

    Obviously you’re busy and this might be too much of an imposition in the case of a traditional data centre. But I understand that with cloud computing you just press a button and the application disappears from one virtual server and effortlessly spins up immediately on another one.

    Q5: Is that correct?
    Substantially the same comment has been posted to the Government Digital Service (GDS) blog here and here.

    Comments will only appear on the G-Cloud and GDS blogs after moderation by them and only if they want the comments to appear.

    Five questions for the G-Cloud team, champions of cloud computing in the 21st century skyscape of UK government

    30 September 2012, posted on the G-Cloud blog here and here. The "Eleanor" addressed here is Eleanor Stewart, the main spokesman for G-Cloud since Ian Watmore and Chris Chant left Whitehall:

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]
    dmossesq says:

    Your comment is awaiting moderation. 

    September 30, 2012 at 7:21 am

    This business about Skyscape, the Cloudstore and GDS is fascinating, Eleanor, thank you. And I note that HMRC also have contracted for cloud services with Skyscape. Just a few questions.

    Skyscape is too young to have filed any accounts yet with Companies House, so we have no idea about its P&L and its balance sheet. On the other hand, we do know from Companies House that Skyscape’s registered office is at Hartham Park, Hartham, Corsham, Wilts SN13 0RP. And that it has a paid up share capital of just £1,000. The company turns out to have just one director, a Mr JR Sanders. And just one shareholder, the same Mr JR Sanders.

    Q1: just how small does a company have to be to fall below the exacting standards for inclusion in the Cloudstore?

    Q2: GDS and HMRC seem to have contracted not so much with one company as with one man. Do you think that’s wise?

    Skyscape claim to be in some sort of an “alliance” with five other companies including ARK Continuity.

    ARK Continuity’s registered address is Hartham Park, Hartham, Corsham, Wilts SN13 0RP. One of its directors, a Mr JP Thomas, who owns £3.20 of ARK’s £16 issued share capital, used to own one share in Skyscape, but transferred it to Mr JR Sanders on 19 April 2012.

    Q3: just what does this “alliance” amount to?

    ARK is basically a property company and on its website it proudly displays its Spring Park data centre at Hartham Park, Hartham, Corsham, Wilts SN13 0RP. They provide a map of how to get there and helpfully add that the MoD have secure facilities nearby.

    Q4: GOV.UK and HMRC’s Skyscape contracts cover important national assets and if the blabbermouths at ARK have given away their current location could you arrange for them to be moved?

    Obviously you’re busy and this might be too much of an imposition in the case of a traditional data centre. But I understand that with cloud computing you just press a button and the application disappears from one virtual server and effortlessly spins up immediately on another one.

    Q5: Is that correct?
    Substantially the same comment has been posted to the Government Digital Service (GDS) blog here and here.

    Comments will only appear on the G-Cloud and GDS blogs after moderation by them and only if they want the comments to appear.

    G-Cloud, GDS, HMRC and Skyscape, the company with just one director, who owns all the shares – Whitehall SNAFU

    The story so far ...

    The Government Digital Service (GDS) have contracted with Skyscape Cloud Services Ltd to host the new unified central government website, GOV.UK, in the cloud.

    Episode 1, Insanity – are they mad? Skyscape is a £1,000 company. Isn't that a bit small for this monumental responsibility?

    Whitehall's G-Cloud team say this is an example of good practice, using small and medium-sized enterprises (SMEs) instead of the ponderous and expensive big boys.

    Episode 2, Mendacity – are they lying? Skyscape claims to be in alliance with five other companies whose combined turnover is £43.3 billion and who have over 100,000 staff. Isn't that a bit big for an SME?

    Now read on ...

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

    Episode 3, Confusion – what's going on?

    HMRC
    Now HMRC have signed up with Skyscape as well as GDS. Phil Pavitt, HMRC's CIO (Chief Information Officer) says that the shift to cloud ...
    ... will save over £1 million a year in running costs and will increase reliability and security of HMRC's internal IT services.

    The Skyscape contract is a major step for HMRC in moving away from traditional ways of working with large service providers. And it's a great example of how we're exploring smarter, more innovative solutions that make life simpler for us and help us provide a better deal for our customers ...
    • Will Mr Pavitt's head roll if the Skyscape contract doesn't "save over £1 million a year in running costs"?
    • Suppose Skyscape put their prices up?
    • Suppose Skyscape go bust – it's only a £1,000 company after all?
    • Suppose Skyscape's servers fall over for a fortnight like the Royal Bank of Scotland's did earlier this summer?
    • Does HMRC have good enough book-keeping systems to know if £1 million has been saved and where and why?
    • HMRC is no SME – its ASPIRE contract with Capgemini and Fujitsu is worth £8 billion over ten years. Is it worth taking the risk of using Skyscape to save one eight-thousandth eight-hundredth of the value of just one contract among many?
    • ...
    We know the answer to one of those questions. The National Audit Office have told us that when HMRC asked their suppliers to be a bit more explicit what they were charging for on their invoices, the suppliers refused. HMRC pay anyway, whatever it is they're paying for.

    God, but Lin Homer's got a lot of work to do.

    Skyscape
    Never mind all those questions for the moment, the point at issue is that Mr Pavitt thinks that Skyscape is a small company.

    How small?

    We already know that it has only £1,000 of paid up share capital. And that the company is too young to have filed any accounts yet, so we have no idea about its P&L and balance sheet. The G-Cloud team have approved Skyscape to sell its wares on HMG's Cloudstore, GDS have bought from them and so have HMRC – how did they satisfy themselves as to Skyscape's commercial health?

    They may not have filed any accounts but Skyscape have filed an annual return, as at 3 May 2012, according to which:
    • The registered address is Hartham Park, Hartham, Corsham, Wilts SN13 0RP
    • The company has one director – Mr Jeremy Robin Sanders
    • And one shareholder – Mr Jeremy Robin Sanders
    GDS and HMRC haven't signed up with one company so much as with one man. One man owns all the shares and is the only director of the company which hosts the central government website and hosts some of HMRC's data. One man. What's going on?

    GOV.UK depends on one man. Mr Sanders. Bits of HMRC depend on one man. Mr Sanders. The G-Cloud team have approved one man to sell his wares on the Cloudstore. Mr Sanders. The UK is a big, complicated, modern state with 1,000 years of democracy behind it and government contracts affecting the entire population are signed with just one man. Mr Sanders.

    While that's sinking in, en passant, note that Mr Sanders didn't always own all the shares in Skyscape. Mr Jeffery (sic) Paul Thomas used to own one share. Then on 19 April 2012 he transferred it to Mr Sanders. You won't forget that name, will you – Jeffery (sic) Paul Thomas.

    The Skyscape Cloud Alliance
    The following note appears on the Skyscape website ...
    SKYSCAPE CLOUD ALLIANCE

    The Skyscape Cloud Alliance partners; QinetiQ ,VMware, Cisco, EMC, and Ark Continuity bring together an end to end cloud solution which is Skyscape. This Alliance also provides a collaborative resource which drives innovation and our technical product development programme.
    What does it mean?

    If it means that Skyscape is a joint venture company set up by the allies, then Skyscape has the backing of £43.3 billion of annual revenue and 100,000 staff worldwide. Which means that it's not really an SME at all.

    But it doesn't say that. The five companies are called "partners". But Skyscape isn't a partnership, it's a limited company.

    Presumably Skyscape haven't just put these names on their website because it looks good. Because it's handy for marketing. If they used these names without the allies' permission, they'd be sued. There must be some sort of a commercial arrangement between Skyscape, QinetiQ and the others. But what sort of arrangement?

    Skyscape are not mentioned in the accounts of QinetiQ or VMware or any of the allies. The nature of this commercial arrangement is a mystery. A gentlemen's agreement of some sort, perhaps? Surely that's not enough for G-Cloud, GDS and HMRC to rely on.

    ARK Continuity
    ARK Continuity is the odd one out among the Skyscape allies. It's relatively tiny. According to its annual return as at 16 December 2011:
    • The registered address is Hartham Park, Hartham, Corsham, Wilts SN13 0RP, the same as Skyscape's.
    • It has a company secretary and three directors – two bankers plus Mr Jeffrey (sic) Paul Thomas, possibly the ex-shareholder of Skyscape.
    • It has two classes of 1p ordinary shares, A and B, 800 of each issued, so it has £16 of share capital, not all paid up at the date of the return.
    • Revcap Properties 25 Ltd owns all 800 A ordinaries and Mr Jeffrey (sic) Paul Thomas owns 320 of the B ordinaries.
    According to the 30 April 2011 Ark Continuity annual report and accounts, the two bankers are appointed as directors to represent the interests of Revcap Properties 25 Ltd, the 75% majority shareholder, the ultimate parent company of Revcap Properties 25 Ltd is Real Estate Venture Capital Partners LLP and:
    The principal activity of the company and the group is the design, construction and operation of data centres
    Nearly finally, on 9 August 2012, ARK Continuity appointed Baroness Elizabeth Lydia Manningham-Buller a director. The Rt Hon The Baroness Manningham-Buller was of course, formerly, the Director General of MI5.

    On their website, ARK Continuity are naturally proud of their Spring Park data centre. They're a property company. Of course they're proud.

    That's Spring Park at Hartham Park, Corsham, Wilts SN13 0RP, they provide a map of how to get there and they say that:
    Spring Park affords occupiers the opportunity to embrace best practice and sustainable principles in the design, construction, engineering and operation of their data centres

    Spring Park is one of Europe's premier data centre locations. Strategically positioned and built on a legacy of over 50 years investment in critical national infrastructure, Spring Park comprises 14.79ha of surface land, 9.29ha of underground, access to 114MVA diverse power supply and c93,000m² of consented data centre and office development

    Located one mile from the A4 and 8 miles from J17 of the M4 between Swindon and Bristol, the site is adjacent to secure MoD facilities and benefits from significant connectivity infrastructure

    To see the location map click here
    To watch the History of Spring Park click here
    The early footage of the Romans quarrying stone at Corsham to build the new town of Bath in the green belt is fascinating but someone should tell ARK about security. The Rt Hon The Baroness Manningham-Buller, perhaps?

    The MoD might prefer it if ARK Continuity didn't tell people where their secure facilities are. GDS and HMRC, too.

    And let's hope to God that that's not where GOV.UK is being hosted and where HMRC have stored their records. Because otherwise, now, thanks to ARK Continuity's website, everyone will know.

    G-Cloud, GDS, HMRC and Skyscape, the company with just one director, who owns all the shares – Whitehall SNAFU

    The story so far ...

    The Government Digital Service (GDS) have contracted with Skyscape Cloud Services Ltd to host the new unified central government website, GOV.UK, in the cloud.

    Episode 1, Insanity – are they mad? Skyscape is a £1,000 company. Isn't that a bit small for this monumental responsibility?

    Whitehall's G-Cloud team say this is an example of good practice, using small and medium-sized enterprises (SMEs) instead of the ponderous and expensive big boys.

    Episode 2, Mendacity – are they lying? Skyscape claims to be in alliance with five other companies whose combined turnover is £43.3 billion and who have over 100,000 staff. Isn't that a bit big for an SME?

    Now read on ...

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

    Friday 28 September 2012

    Whitehall, an apology – they haven't gone mad, they're just lying


    A P O L O G Y

    In common with precisely no other media outlets DMossEsq yesterday accused Whitehall of having gone mad.

    Apologies.

    Readers will be relieved to know that far from going bonkers, Whitehall are simply guilty of economy with the actualité, embroidering, gilding the lily, trying it on, stretching things a bit, terminological inexactitude and lying.

    So nothing out of the ordinary, nothing to worry about after all.

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

    Fact: GDS, the Government Digital Service, have retained Skyscape to host GOV.UK, the central government website. That's what it says on their blog.

    Fact: Skyscape is a £100 £1,000 company. That's what it says on the Companies House website.

    Fact: The G-Cloud team claimed that this purchase of website hosting services from Skyscape is an example of government using small and medium-sized enterprises. That's what it says on the G-Cloud blog:
    The purchase also shows that government is ready to embrace low cost utility cloud services and is  buying from SME’s
    In the ordinary course of events that would be unbusinesslike and irresponsible. And mad.

    What the entire journalistic team at DMossEsq missed, the editors and the in-house libel lawyer as well, is that Skyscape is no ordinary £100 £1,000 company.

    Take a look at their website. Skyscape describe themselves as an alliance, the "Skyscape Cloud Alliance", what we might normally call a "joint venture", between five companies as shown in the table below:

    Skyscape Cloud Alliance
    (£1 = $1.60)
    Revenue ($)
    Revenue (£)
    Staff
    Data source
    QinetiQ

    1,469,600,000
    10,180
    VMware
    3,767,096,000
    2,354,435,000
    11,000
    Cisco
    43,218,000,000
    27,011,250,000
    25,898
    EMC²
    20,007,600,000
    12,504,750,000
    53,600
    ARK Continuity

    2,015,696
    10
    Companies House,
    annual report and accounts
    to 30 April 2011






    43,342,050,696
    100,688

    What the G-Cloud team would have us believe is that this organisation holding itself out as being backed by over 100,000 staff and £43 billion of turnover is an SME.

    If Whitehall believe that, they're fooling themselves. That's up to them, but they can hardly expect us the public to believe it.

    Whitehall, an apology – they haven't gone mad, they're just lying


    A P O L O G Y

    In common with precisely no other media outlets DMossEsq yesterday accused Whitehall of having gone mad.

    Apologies.

    Readers will be relieved to know that far from going bonkers, Whitehall are simply guilty of economy with the actualité, embroidering, gilding the lily, trying it on, stretching things a bit, terminological inexactitude and lying.

    So nothing out of the ordinary, nothing to worry about after all.

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

    Identity assurance – the clock is ticking, your moderation is awaiting comment

    28 September 2012 and a reply to yesterday's enquiry has whizzed in from GDS, followed by a reply to the reply:

    steve #

    Thanks for your comment, David.

    Firstly, please don’t take our lack of posts as evidence of inaction. We’ve actually been incredibly busy over the summer and are expecting a bumper crop of posts in October, to share what we’ve been up to. So, watch this space.

    Secondly, DWP are still working to resolve final contractual issues. The outcome will only be made public when final contracts are signed.

    Steve

    28/09/2012

    steve #

    Furthermore, this notification will come from DWP, not Cabinet Office or GDS, as it is their framework.

    28/09/2012


    dmossesq #

    Please Note: Your comment is awaiting moderation.

    Dear Mr Wreyford

    Thank you for your reply.

    I don’t mistake the absence of posts for inactivity – as I said, surely there must have been some activity in view of the importance of Universal Credit.

    You say that “DWP are still working to resolve final contractual issues”. Ex-Guardian man Mike Bracken made it clear on 1 March 2012 that Identity Assurance belongs to the Cabinet Office and not DWP: “… this approach ensures that, ultimately, HMG-wide Identity Assurance is supplied across central departments via a common procurement portal (to HMG agreed standards) and governed by the Cabinet Office”. Presumably GDS are involved in those “final contractual issues” just as much as if not more than DWP*.

    The absence of posts does create a vacuum, though, which draws in all sorts of flotsam …

    The Department for Business Innovation and Skills (BIS) midata initiative, for example. Why are GDS using BIS to try to legislate for Personal Data Stores/Inventories (PDSs/PDIs) instead of doing it themselves?

    And GOV.UK – why waste a lot of time and money re-writing central government websites? Is it to provide consistent hooks for PDS-based identity assurance in all government communications over the web?

    A PDS is a dynamic dematerialised ID card, isn’t it. The public won’t “wear it”. Neither will the banks if the Cabinet Office try to insert PDSs into the nation’s payment systems.

    If Google and/or Facebook turn out to be on the list of GDS-approved suppliers of identity assurance services, then DWP and everyone else will have wasted their time negotiating any contractual issues, final or otherwise. Again, the public won’t wear it.

    And the GOV.UK team will have wasted their time.

    And BIS will have wasted their credibility …

    Goodness, just look at all that dust, you never can tell what the vacuum’s going to draw up, can you. The sooner GDS can tell an expectant public what you’ve come up with identity assurancewise, the better.

    ———-

    * While writing this reply of mine, your second reply popped up, trying to push responsibility back on to DWP. Too late, Mr Wreyford. The Cabinet Office burnt their bridges when they made DWP withdraw their December 2011 OJEU notice. You know that. If Universal Credit fails for lack of identity assurance, that will be the Cabinet Office’s fault now and not DWP’s.

    28/09/2012
    The last comment will only appear on the GDS blog after moderation by them and only if they want it to appear.

    Identity assurance – the clock is ticking, your moderation is awaiting comment

    28 September 2012 and a reply to yesterday's enquiry has whizzed in from GDS, followed by a reply to the reply:

    Thursday 27 September 2012

    Government Digital Service, G-Cloud, log-rolling, size matters

    ... do you think that Whitehall's gone mad?

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]
    ----------  o  O  o  ----------

    One of the ways Whitehall plans to transform itself is to retain more SMEs – small and medium-sized enterprises. The big brutes like IBM are lumbering behemoths, so it is said, they're slow and they cost a fortune. SMEs would put a spring in Whitehall's step.

    This is all tied up with G-Cloud, the plan to stick government data in the cloud, thereby making government services efficient, trusted and green. Or so it is said.

    And so it was that the G-Cloud blog was really pleased to be able to announce on 18 September 2012 that:
    We’re really pleased to be able to announce the first major sale of Infrastructure As A Service. Government Digital Service have signed a contract with Skyscape for:

    1) Compute as a service

    2) Compute as a service (test & development)

    3) Storage as a service

    This is all intended to support  the exciting work they’re doing on .gov.uk to revolutionise the way citizens access information and services online ... The purchase also shows that government is ready to embrace low cost utility cloud services and is  buying from SME’s ...
    The G-Cloud team made the public statement above about how marvellous GDS are and quite independently GDS made a public statement about how marvellous G-Cloud is, coincidentally on the very same day:
    In the past, we might have looked at dedicated servers or possibly even our own rack in a datacentre somewhere ...

    The cloud has transformed all of this. Through the G-Cloud framework we are able to simply and rapidly buy highly reliable, highly cost-effective hosting services ...

    To meet the needs of GOV.UK, we are planning to work with a number of different Infrastructure as a Service providers. We are happy to announce that the first cloud hosting provider we are working with is Skyscape ...
    GOV.UK is the replacement for every single central government website + Directgov + Businesslink, please see "Single government domain" on GDS's list of projects. They'll all go. They'll all be replaced with one single domain, GOV.UK.

    It's not as though there's any sign of GDS working on identity assurance or assisted digital. DWP are left waiting for identity assurance, Universal Credit is in limbo and millions of claimants are stuck in the poverty trap. All GDS are doing is re-writing a lot of websites that already exist.

    They haven't finished yet and it's still in testing but GOV.UK is the only output from GDS so far, it's their only visible raison d'être. And they've decided to host their baby not on servers at a government data centre or at a big brute of a lumbering behemoth, but on Skyscape's servers.

    And who, you ask, are Skyscape?

    Take a look at the "Company information" bit of the Companies House website, enter "Skyscape Cloud Services Ltd" and you, too, will discover that the company's registered office is in Corsham, that it was incorporated on 3 May 2011 as company no.07619797 and that it has yet to file any accounts. Click on "Order information on this company" and you'll find that it's a £100 £1,000 company with 10,000 100,000 1p-nominal shares to its name.

    Smaller than IBM, yes – but perhaps a little too small? GOV.UK depends on a £100 £1,000 company?

    The G-Cloud team find this exciting and revolutionary. GDS find it simple, rapid, highly reliable and cost-effective. And they're happy.

    But are you? Are you happy? Or do you think that Whitehall's gone mad?

    Government Digital Service, G-Cloud, log-rolling, size matters

    ... do you think that Whitehall's gone mad?

    [Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]
    ----------  o  O  o  ----------

    One of the ways Whitehall plans to transform itself is to retain more SMEs – small and medium-sized enterprises. The big brutes like IBM are lumbering behemoths, so it is said, they're slow and they cost a fortune. SMEs would put a spring in Whitehall's step.

    This is all tied up with G-Cloud, the plan to stick government data in the cloud, thereby making government services efficient, trusted and green. Or so it is said.

    And so it was that the G-Cloud blog was really pleased to be able to announce on 18 September 2012 that:
    We’re really pleased to be able to announce the first major sale of Infrastructure As A Service. Government Digital Service have signed a contract with Skyscape for:

    1) Compute as a service

    2) Compute as a service (test & development)

    3) Storage as a service

    This is all intended to support  the exciting work they’re doing on .gov.uk to revolutionise the way citizens access information and services online ... The purchase also shows that government is ready to embrace low cost utility cloud services and is  buying from SME’s ...

    Identity assurance – the clock is ticking, your comment is awaiting moderation

    27 September 2012 9:30-ish, posted on the Government Digital Service (GDS) blog here and here:
    dmossesq #

    Please Note: Your comment is awaiting moderation.

    Steve Wreyford’s post on OIX is the latest on the ID assurance blog and is dated 14 June 2012, three months ago.

    Has there been no activity on identity assurance since then?

    Surely there must have been some, GDS are due to announce by the end of September – 85 hours time – which bidders have been approved to provide identity assurance services as per the 1 March 2012 notice in OJEU.

    When will we be told who the winners are?

    27/09/2012

    Identity assurance – the clock is ticking, your comment is awaiting moderation

    27 September 2012 9:30-ish, posted on the Government Digital Service (GDS) blog here and here:
    dmossesq #

    Please Note: Your comment is awaiting moderation.

    Steve Wreyford’s post on OIX is the latest on the ID assurance blog and is dated 14 June 2012, three months ago.

    Has there been no activity on identity assurance since then?

    Surely there must have been some, GDS are due to announce by the end of September – 85 hours time – which bidders have been approved to provide identity assurance services as per the 1 March 2012 notice in OJEU.

    When will we be told who the winners are?

    27/09/2012

    Tuesday 25 September 2012

    What price privacy? $2.08

    With thanks to SheffieldForum.co.uk
    "For everything Sheffield"
    You have zero privacy anyway. Get over it.

    So said Scott McNealy, CEO of Sun Microsystems, and many people say they agree with him. Let's call those people "Roundheads".

    Cavaliers believe that privacy is an essential ingredient in the recipe for human beings. Miss it out, and you cook up something different, not a human being.

    Our location can be tracked by the mobile phone companies. Google records every website we visit. Our entire life history is on Facebook. Our every instantaneous emotional reaction is documented on Twitter. GCHQ want to store all our email headers. David Cameron wants to give all our medical records to researchers. The Department for Business Innovation and Skills wants us to maintain Personal Data Stores with so-called "trusted third parties" we've never met. DWP and the Cabinet Office want the same, so that we can all transact with the government on-line. The G-Cloud Puritans want to store all this data in the cloud with Amazon and others on servers that could be anywhere in the world ...

    "There's something wrong with all this", say the Cavaliers. "No there isn't", say the Roundheads, "get over it". And so the argument continues, forever unresolved.

    Except, sometimes, even the Roundheads briefly grasp the need for privacy, the importance of privacy, its value:
    Claims that the privacy of direct messages sent between Facebook users had been compromised and that the messages were appearing publicly on users' timelines are false, the social networking service has said.

    There was confusion on Monday amid reports in France that non-public messages sent in the years from 2007 onwards had started to appear in timelines, sparking many users to check back in the fear that potentially embarrassing private messages had become widely viewable.

    Facebook's share price fell 9.1% to $20.79 at the close in New York on the back of the fears, the biggest drop since 27 July. The stock has slumped 45% since its May initial public offering, and hasn't traded above its $38 IPO price since the day after the share sale.
    It is disputed whether people are right to fear that Facebook's privacy controls have failed. That's not the point.

    The point is that the fear – whether or not it's well-founded – knocked 9.1% off Facebook's share price.

    What price privacy? $2.08

    With thanks to SheffieldForum.co.uk
    "For everything Sheffield"
    You have zero privacy anyway. Get over it.

    So said Scott McNealy, CEO of Sun Microsystems, and many people say they agree with him. Let's call those people "Roundheads".

    Cavaliers believe that privacy is an essential ingredient in the recipe for human beings. Miss it out, and you cook up something different, not a human being.

    Our location can be tracked by the mobile phone companies. Google records every website we visit. Our entire life history is on Facebook. Our every instantaneous emotional reaction is documented on Twitter. GCHQ want to store all our email headers. David Cameron wants to give all our medical records to researchers. The Department for Business Innovation and Skills wants us to maintain Personal Data Stores with so-called "trusted third parties" we've never met. DWP and the Cabinet Office want the same, so that we can all transact with the government on-line. The G-Cloud Puritans want to store all this data in the cloud with Amazon and others on servers that could be anywhere in the world ...

    "There's something wrong with all this", say the Cavaliers. "No there isn't", say the Roundheads, "get over it". And so the argument continues, forever unresolved.

    Public spending 3

    Each week, writing in the Guardian, Polly Toynbee gives a master class in public finance.

    From today's lesson:
    What would fairer tax look like? Council tax is the most regressive – the more expensive the property, the lower the proportion of tax paid – so correct that first, and then turn to a mansion tax. Britain's wealth taxes have atrophied. Inheritance tax doesn't work, capital gains entirely forgiven at death. As for the 50p top tax rate, because the rich had a year's notice they took their income in the year before it was introduced. Then, as soon as the cut to 45% was announced a year ahead, they delayed their income until it came in. This two-year tax planning, says the IFS, cost the exchequer £18bn. That's the same as the £18bn cut from the poorest.

    It shows just what colossal discretionary sums float among the few at the top: a one-off levy could solve half the national debt while barely touching their lifestyles.
    The national debt stood at £1,250.3 billion on 31 December 2011. Half of that is about £625 billion. £625 billion, £18 billion, what's the difference, they're all the same, numbers.

    Can anyone think what a "one-off levy" of £625,000,000,000 that barely touched the lifestyles of the rich would look like?

    Public spending 3

    Each week, writing in the Guardian, Polly Toynbee gives a master class in public finance.

    From today's lesson:
    What would fairer tax look like? Council tax is the most regressive – the more expensive the property, the lower the proportion of tax paid – so correct that first, and then turn to a mansion tax. Britain's wealth taxes have atrophied. Inheritance tax doesn't work, capital gains entirely forgiven at death. As for the 50p top tax rate, because the rich had a year's notice they took their income in the year before it was introduced. Then, as soon as the cut to 45% was announced a year ahead, they delayed their income until it came in. This two-year tax planning, says the IFS, cost the exchequer £18bn. That's the same as the £18bn cut from the poorest.

    It shows just what colossal discretionary sums float among the few at the top: a one-off levy could solve half the national debt while barely touching their lifestyles.
    The national debt stood at £1,250.3 billion on 31 December 2011. Half of that is about £625 billion. £625 billion, £18 billion, what's the difference, they're all the same, numbers.

    Identity assurance – the clock is ticking, ex-Guardian man Mike Bracken's chickens are coming home to roost

    The Government Digital Service (GDS) is part of the Cabinet Office and has six projects on hand, including Identity Assurance:
    The ID Assurance team are working on accrediting and approving third party identity to facilitate digital transactions between citizens and government.
    If "citizens" and the government are to transact business on-line, there must be a rock solid identity assurance service so that each party knows who it's dealing with. Invitations to tender for the service were issued earlier this year.

    GDS haven't so far publicly approved any third parties to provide identity assurance, but we shouldn't have long to wait – no more than five days, in fact:
    The tendering process will run for several weeks and is expected to report successful bidders in September 2012.
    Delays are only to be expected. Identity assurance for the entire population of the UK is a big project.

    But in this case there can't be any delays. The joint GDS/DWP notice of the identity assurance project states that identity assurance is required to be ...
    ... fully operational from spring 2013.
    That's six months time if we measure to the start of next spring, or nine months if we measure to the end. Either way, DWP's Universal Credit (UC) scheme has to be up and running by October 2013 and UC depends on identity assurance as Lord Freud, the welfare reform minister, has emphasised – no identity assurance, no UC.

    Appearing before the House of Commons Work and Pensions Committee, Lord Freud was asked what is the biggest risk facing UC. His answer – identity assurance.

    Why did DWP allow this dependency/risk? Why didn't they write their own invitation to tender?

    They did. Then they withdrew it. Apparently at the command of the Cabinet Office. Because next thing, GDS announced that:
    ... this approach ensures that, ultimately, HMG-wide Identity Assurance is supplied across central departments via a common procurement portal (to HMG agreed standards) and governed by the Cabinet Office.
    "Governed by the Cabinet Office" – GDS have put themselves on the spot. If UC fails now, is it Iain Duncan Smith's fault? Or Francis Maude's?

    GDS must approve several accredited suppliers of identity assurance services in the next 120 hours. Who's likely to be on the list?

    GDS are only offering up to £30 million for the identity assurance service and they're only letting contracts for 18 months.

    The Home Office tried for eight years to issue us all with ID cards. They failed.

    Which companies can afford to assure the identities of everyone in the UK – or at least the identities of the 21 million expected claimants for UC – for only £30 million? Which companies can afford to take the risk of losing their contract to a competitor only 18 months later? Not many of them. It can only be a short list.

    The banks/credit card companies/PayPal, the phone companies, the utility companies and IBM might be big and competent enough. But they have to think about the failure of the Home Office and about reputational risk.

    They wouldn't be in control of the identity assurance service. GDS would be, and if anything went wrong, even if it wasn't the contractors' fault, the banks/phone companies/utility companies/IBM would see their brands destroyed.

    Any chief executive of a bank/phone company/... who signs up for one of these GDS identity assurance contracts would be roasted by the equity analysts and by their shareholders. Which means they won't.

    We can probably forget the insurance companies and the credit rating agencies. Who else does that leave?

    Google and Facebook.

    In no more than 118 hours now and counting, ex-Guardian man Mike Bracken, executive director of the Government Digital Service and Senior Responsible Officer Owner for the Identity Assurance programme, is going to have to host a press conference at which he announces that he thinks it's a good idea for Google and Facebook to provide the electronic identities of everyone in the UK.

    If you get an invitation, don't miss it.