Thursday 28 March 2013

GDS, the NAO, the BBC, parliament and DWP – five questions

The National Audit Office (NAO) have released a new report, Digital Britain 2: Putting users at the heart of government’s digital services, examining the Government Digital Service (GDS) plans for digital-by-default. The report's conclusions concentrate on the problems faced by people who can't or won't use on-line public services.

The same problem was examined the day before yesterday by Mark Easton, the BBC's home affairs editor.

And 52 members of parliament have put their name to an early day motion to debate the problem.

Meanwhile the Department for Work and Pensions (DWP), who were depending on digital-by-default for the introduction of Universal Credit, have published not one but two documents confirming that benefits will continue to rely on face-to-face meetings, telephone calls and letters in the post – the very opposite of digital-by-default – please see Local Support Services Framework and Universal Credit – Your claim journey.

GDS have responded to the NAO report with a post on their blog today:
Overall, this report is a really positive sign we’re moving in the right direction. But it’s also a helpful reminder of the work we still need to do to support those who are less able to use online services.
The NAO report has some ("really positive"?) comments to make on the putative savings we can look forward to from digital-by-default:
1.5 The GDS has also highlighted the possible savings from switching to digital channels. As the strategy states, central government provides more than 650 public services – which cost between £6 billion and £9 billion in 2011-12, according to GDS. The GDS has estimated total potential annual savings of £1.7 billion to £1.8 billion if all these services were operated through digital channels. More than 300 of these services have no digital channel. The savings estimate does not include the costs that may be required to create or redesign digital services. However, it also does not take into account the government’s new approach to becoming digital, set out in its strategy, which could lead to greater savings being achieved more quickly. The GDS states that the average cost of a central government digital transaction can be almost 20 times lower than by phone and 50 times lower than face-to-face.

1.6 We have not audited the estimated savings in the Government Digital Strategy, nor have we audited how government will redesign and develop its new digital services. Our future audits will evaluate the value for money of digital services as the GDS and departments work together to move more than 650 services online.
The report also mentions (without being "really positive") the need for identity assurance. Someone posted a comment on the GDS blog:
28/03/2013
dmossesq #

Please Note: Your comment is awaiting moderation.

The NAO report is available at http://www.nao.org.uk/wp-content/uploads/2013/03/10123-001-Digital-Britain-2-Book.pdf

Under the heading “Trust”, the report includes the following:

QUOTE

4.9 To use online public services people need to be able to trust the government with the information they provide online. The Government Digital Strategy recognises that users of public services often find it hard to register for online services, and that it needs to offer a more straightforward, secure way to allow users to identify themselves online while preserving their privacy. Therefore there is an Identity Assurance Programme [IDAP] under way in GDS and we were told that this is to develop a framework to enable federated identity assurance to be adopted across government services.

4.10 The government also told us that this will involve creating a simple, trusted and secure new way for people and businesses to access government services, which will provide assurance to government that the right person is accessing their own personal information.

UNQUOTE

Without IDAP, there is no digital-by-default.

DWP were led to believe that IDAP would be “fully operational” for up to 21 million claimants of Universal Credit “from March 2013″, https://online.contractsfinder.businesslink.gov.uk/Common/View%20Notice.aspx?NoticeId=797279

Here we are in March 2013. And the question the NAO almost ask is, where is IDAP?

28/03/2013
That comment has now been moderated. Has it been published? No. It's been deleted.

Tomorrow should see the publication of ex-Guardian man Mike Bracken's video diary, This week at GDS.

He's the executive director of GDS and the senior responsible officer owner for the pan-government identity assurance programme. Will he comment on:
  1. the NAO report?
  2. the BBC report?
  3. the early day motion in parliament?
  4. DWP being stranded without IDAP?
  5. the deliberations of the permanent secretaries who met at GDS's offices yesterday to consider digital-by-default?
----------
    Added 16:48:
    Following publication of the post above, DMossEsq brought it to the attention of GDS. The comment which had previously been deleted from their blog has now been published by GDS. Also, this week's edition of This week at GDS has been published, a day early, perhaps because of the bank holiday. No response to questions 2., 3. and 4. above. A passing mention of 5. and a promise to consider 1. in next week's edition.

    GDS, the NAO, the BBC, parliament and DWP – five questions

    The National Audit Office (NAO) have released a new report, Digital Britain 2: Putting users at the heart of government’s digital services, examining the Government Digital Service (GDS) plans for digital-by-default. The report's conclusions concentrate on the problems faced by people who can't or won't use on-line public services.

    The same problem was examined the day before yesterday by Mark Easton, the BBC's home affairs editor.

    And 52 members of parliament have put their name to an early day motion to debate the problem.

    Meanwhile the Department for Work and Pensions (DWP), who were depending on digital-by-default for the introduction of Universal Credit, have published not one but two documents confirming that benefits will continue to rely on face-to-face meetings, telephone calls and letters in the post – the very opposite of digital-by-default – please see Local Support Services Framework and Universal Credit – Your claim journey.

    GDS have responded to the NAO report with a post on their blog today:
    Overall, this report is a really positive sign we’re moving in the right direction. But it’s also a helpful reminder of the work we still need to do to support those who are less able to use online services.

    Monday 25 March 2013

    GDS and the doom-by-default Wednesday summit


    As usual, it's interesting what ex-Guardian man Mike Bracken doesn't talk about in his weekly diary:
    • 48 members of parliament have now signed an early day motion to debate the Government Digital Service's plans for digital-by-default. Or rather, the lack of plans for how to cope with the millions of people in the UK who have never used the web and will be excluded by default.
    • The repeated promise was that GDS would have an identity assurance service "fully operational" for 21 million DWP claimants "by March 2013". Today is Monday 25 March 2013 and there's no sign of it.
    There is no reference in the 22 March 2013 issue of the diary to either of these matters but we do learn that this week's meeting of Whitehall's permanent secretaries will take place at GDS Towers and will be concerned with the state of digital-by-default.

    Oh, to be a fly on the wall there.

    Will the permanent secretary at the Department for Work and Pensions sit quietly as first Sir Jeremy Heywood and then Sir Bob Kerslake extol the theoretical virtues of digital-by-default?

    Perhaps.

    But that won't alter the fact that, as far as Universal Credit is concerned, in practice, digital-by-default is dead.

    We knew that some time back when it was revealed that DWP's Local Support Services Framework makes no reference to GDS's Identity Assurance Programme (IDAP). In case anyone missed the point, it is emphasised again in last week's Universal Credit – Your claim journey, where DWP say that:
    • After you make your Universal Credit claim, most interactions will be face to face, by telephone or by post.
    • A telephone helpline will be available, Mon – Fri, 8.00am – 6.00pm.
    • DWP will contact you by telephone to tell you the date of your personalised work search interview and what evidence you need to bring to it.
    • ... your decision letter can be used as proof of your claim when applying for other benefits ... This letter will be posted to you.
    • You are responsible for notifying DWP of all changes to your circumstances ... you will be sent confirmation of this change by post.
    • You should report the end of any employment by telephone.
    • If you become part of a couple, both you and your partner will be required to attend an adviser interview.
    Digital-by-default is meant to cut out face-to-face meetings, telephone communications and the post.

    DWP acknowledge that the initial claim for Universal Credit will be made on GOV.UK, GDS's single government domain website. But even there they can't help adding:
    • If there are technical problems with the GOV.UK site a webpage will be displayed that gives alternative contact arrangements. This will also be the case if you are using an internet browser that cannot properly access the site.
    DWP have gone out of their way in this document to make it clear that GDS have not delivered on their IDAP promise.

    If GDS can't get DWP on the hook, how about HMRC?

    What will the permanent secretary at HMRC make of the trip to GDS Towers? Judging by DWP's experience, she's unlikely to conclude that HMRC can rely on GDS's promises.

    Is the Government Gateway going to be replaced by IDAP? How? When? Who by?

    What hope is there for Francis Maude's mission to change the way the UK census is compiled?

    The Department for Education will be feeling embarrassed, having promised to help GDS with Individual Electoral Registration. The Department for Transport and the Department of Health by contrast will be feeling relieved to have kept themselves out of that illegal data-sharing project.

    The permanent secretary at the Department for Business Innovation and Skills has been left holding GDS's midata baby/initiative. midata can't work without IDAP. BIS, like DWP, stand jilted at the altar.

    The dynamics of Wednesday's meeting promise to be fascinating. It's a shame we can't be there, we the public. And we can't be the only ones to regret it. What about the UK's eight Identity Providers?

    It's all very well for DWP to claim, as they have, that no Universal Credit contractors have been laid off but that's precisely what's happened to the IDPs, isn't it. Some of them have spent years being nice to officials – DWP prepares alternative to identity cards for Universal Credit – and now they're being cold-shouldered.

    The IDPs would no doubt like to know, just like the public, whether the permanent secretaries are minded to be realistic and pull the plug now on digital-by-default or whether wishful thinking will prevail and GDS is to be given another chance – see this coming Friday's weekly cliffhanger GDS diary.

    GDS and the doom-by-default Wednesday summit


    As usual, it's interesting what ex-Guardian man Mike Bracken doesn't talk about in his weekly diary:
    • 48 members of parliament have now signed an early day motion to debate the Government Digital Service's plans for digital-by-default. Or rather, the lack of plans for how to cope with the millions of people in the UK who have never used the web and will be excluded by default.
    • The repeated promise was that GDS would have an identity assurance service "fully operational" for 21 million DWP claimants "by March 2013". Today is Monday 25 March 2013 and there's no sign of it.
    There is no reference in the 22 March 2013 issue of the diary to either of these matters but we do learn that this week's meeting of Whitehall's permanent secretaries will take place at GDS Towers and will be concerned with the state of digital-by-default.

    Oh, to be a fly on the wall there.

    Friday 22 March 2013

    Parliament questions digital-by-default

    For some time now the Government Digital Service have behaved as though it is realistic to nudge everyone onto the web even though they know perfectly well that that will make public services inaccessible to millions of people in the UK.

    Now reality is catching up with them.

    Parliament questions digital-by-default

    For some time now the Government Digital Service have behaved as though it is realistic to nudge everyone onto the web even though they know perfectly well that that will make public services inaccessible to millions of people in the UK.

    Now reality is catching up with them.

    Thursday 21 March 2013

    Potemkin power in Whitehall

    Then ...

    Potemkin village
    The phrase Potemkin villages ... was originally used to describe a fake village, built only to impress. The phrase is now used, typically in politics and economics, to describe any construction (literal or figurative) built solely to deceive others into thinking that some situation is better than it really is. It is unclear whether the origin of the phrase is factual, an exaggeration, or a myth.

    According to the story, Russian minister Grigory Potemkin who led the Crimean military campaign erected fake settlements along the banks of the Dnieper River in order to fool Empress Catherine II during her visit to Crimea in 1787.

    Historical debate
    Modern historians are divided on the degree of truth behind the Potemkin village story.

    While tales of the fake villages are generally considered exaggerations, some historians dismiss them as malicious rumors spread by Potemkin's opponents. These historians argue that Potemkin did mount efforts to develop the Crimea and probably directed peasants to spruce up the riverfront in advance of the Empress' arrival.

    According to Simon Sebag-Montefiore, Potemkin's most comprehensive English-language biographer, the tale of elaborate, fake settlements with glowing fires designed to comfort the monarch and her entourage as they surveyed the barren territory at night, is largely fictional.

    Aleksandr Panchenko, an established specialist on 19th century Russia, used original correspondence and memoirs to conclude that the Potemkin villages are a myth. He writes: "Based on the above said we must conclude that the myth of "Potemkin villages" is exactly a myth, and not an established fact."

    Panchenko writes that "Potyomkin indeed decorated cities and villages, but made no secret that this was a decoration."

    Also, the close relationship between Potemkin and the Empress would make it difficult for him to deceive her. Thus, the deception would have been mainly directed towards the foreign ambassadors accompanying the imperial party.

    Regardless, Potemkin had in fact supervised the building of fortresses, ships of the line, and thriving settlements, and the tour – which saw real and significant accomplishments – solidified his power.

    So, even though "Potemkin village" has come to mean, especially in a political context, any hollow or false construct, physical or figurative, meant to hide an undesirable or potentially damaging situation, it's possible that the phrase cannot be applied accurately to its own original historical inspiration.

    According to a legend, in 1787, when Catherine passed through Tula on her way back from the trip, the local governor Mikhail Krechetnikov indeed attempted a deception of that kind in order to hide the effects of a bad harvest.
    ... and now

    Potemkin website
    The phrase Potemkin website was originally used to describe folders in GOV.UK, the single government domain which was meant to replace all the separate departmental and other central government websites. It is unclear how re-writing a lot of websites that already existed was deemed to be a sensible use of money and unknown how the departments of state put up with this interference.

    According to the story, ex-Guardian man Mike Bracken, executive director of the Government Digital Service, created these folders all over GOV.UK acting under the instructions of Lady (Martha) Lane Fox of Soho.

    Future debate
    Future historians will be divided on the exact nature of these Potemkin websites of GDS's.

    While GDS claimed to have replaced the Department for Transport website, for example, it was clearly still there all the time behind the façade. Ditto the HMRC website, still there for all to see. These little deceptions cannot have escaped Lady Lane Fox but she described it nevertheless as a "privilege" to watch GDS crafting GOV.UK.

    For over a year Bracken claimed that he would make an elaborate system of identity assurance available to all 21 million DWP claimants. It was due to be unveiled in March 2013 but in the event, a dark night for all concerned, the service turned out unfortunately to be entirely fictional.

    Scrutiny of contemporary source documents reveals the claim that GDS would replace the Government Gateway with a new means for people to transact with the government. Future historians may conclude that this service, too, proved to be "exactly a myth, and not an established fact".

    It is in the nature of the web, of course, in its very openness to inspection, that these lacunae could not be concealed.

    And yet the promises were repeated, budgets were agreed, frameworks were discussed and conferences were addressed. The people who remained in the dark would have been mainly the public and visiting dignitaries from Estonia.

    Despite which, GDS's Potemkin power over the other departments of state continued to grow and it took on more and more responsibilities, its qualifications for which were rarely questioned.

    At a time when virtual gurus plaited virtual trading with virtual businesses into a virtual reality, perhaps digital-by-default was no more a "hollow or false construct" than many another Whitehall initiative. Let that be a historical warning about the difference between modish wishful thinking and evidence-based policy.

    It is said that Francis Maude looked to GDS to change the way the census was conducted. And that Nick Clegg relied on GDS to bring individual electoral registration to pass. Healthy fruit both of them, but neither was harvested.

    Potemkin power in Whitehall

    Then ...

    Potemkin village
    The phrase Potemkin villages ... was originally used to describe a fake village, built only to impress. The phrase is now used, typically in politics and economics, to describe any construction (literal or figurative) built solely to deceive others into thinking that some situation is better than it really is. It is unclear whether the origin of the phrase is factual, an exaggeration, or a myth.

    According to the story, Russian minister Grigory Potemkin who led the Crimean military campaign erected fake settlements along the banks of the Dnieper River in order to fool Empress Catherine II during her visit to Crimea in 1787.

    Historical debate
    Modern historians are divided on the degree of truth behind the Potemkin village story.

    While tales of the fake villages are generally considered exaggerations, some historians dismiss them as malicious rumors spread by Potemkin's opponents. These historians argue that Potemkin did mount efforts to develop the Crimea and probably directed peasants to spruce up the riverfront in advance of the Empress' arrival.

    According to Simon Sebag-Montefiore, Potemkin's most comprehensive English-language biographer, the tale of elaborate, fake settlements with glowing fires designed to comfort the monarch and her entourage as they surveyed the barren territory at night, is largely fictional.

    Aleksandr Panchenko, an established specialist on 19th century Russia, used original correspondence and memoirs to conclude that the Potemkin villages are a myth. He writes: "Based on the above said we must conclude that the myth of "Potemkin villages" is exactly a myth, and not an established fact."

    Panchenko writes that "Potyomkin indeed decorated cities and villages, but made no secret that this was a decoration."

    Also, the close relationship between Potemkin and the Empress would make it difficult for him to deceive her. Thus, the deception would have been mainly directed towards the foreign ambassadors accompanying the imperial party.

    Regardless, Potemkin had in fact supervised the building of fortresses, ships of the line, and thriving settlements, and the tour – which saw real and significant accomplishments – solidified his power.

    So, even though "Potemkin village" has come to mean, especially in a political context, any hollow or false construct, physical or figurative, meant to hide an undesirable or potentially damaging situation, it's possible that the phrase cannot be applied accurately to its own original historical inspiration.

    According to a legend, in 1787, when Catherine passed through Tula on her way back from the trip, the local governor Mikhail Krechetnikov indeed attempted a deception of that kind in order to hide the effects of a bad harvest.
    ... and now

    Potemkin website
    The phrase Potemkin website was originally used to describe folders in GOV.UK, the single government domain which was meant to replace all the separate departmental and other central government websites. It is unclear how re-writing a lot of websites that already existed was deemed to be a sensible use of money and unknown how the departments of state put up with this interference.

    According to the story, ex-Guardian man Mike Bracken, executive director of the Government Digital Service, created these folders all over GOV.UK acting under the instructions of Lady (Martha) Lane Fox of Soho.

    Future debate
    Future historians will be divided on the exact nature of these Potemkin websites of GDS's.

    While GDS claimed to have replaced the Department for Transport website, for example, it was clearly still there all the time behind the façade. Ditto the HMRC website, still there for all to see. These little deceptions cannot have escaped Lady Lane Fox but she described it nevertheless as a "privilege" to watch GDS crafting GOV.UK.

    For over a year Bracken claimed that he would make an elaborate system of identity assurance available to all 21 million DWP claimants. It was due to be unveiled in March 2013 but in the event, a dark night for all concerned, the service turned out unfortunately to be entirely fictional.

    Scrutiny of contemporary source documents reveals the claim that GDS would replace the Government Gateway with a new means for people to transact with the government. Future historians may conclude that this service, too, proved to be "exactly a myth, and not an established fact".

    It is in the nature of the web, of course, in its very openness to inspection, that these lacunae could not be concealed.

    And yet the promises were repeated, budgets were agreed, frameworks were discussed and conferences were addressed. The people who remained in the dark would have been mainly the public and visiting dignitaries from Estonia.

    Despite which, GDS's Potemkin power over the other departments of state continued to grow and it took on more and more responsibilities, its qualifications for which were rarely questioned.

    At a time when virtual gurus plaited virtual trading with virtual businesses into a virtual reality, perhaps digital-by-default was no more a "hollow or false construct" than many another Whitehall initiative. Let that be a historical warning about the difference between modish wishful thinking and evidence-based policy.

    It is said that Francis Maude looked to GDS to change the way the census was conducted. And that Nick Clegg relied on GDS to bring individual electoral registration to pass. Healthy fruit both of them, but neither was harvested.

    Sunday 17 March 2013

    GDS falls at the first fence (Software Engineering 101)

    Like any religion, digital-by-default needs manuals for its adherents to follow and the lead story in the Government Digital Service (GDS) broadcast on 15 March 2013 is the publication of one such manual, the Digital by Default Service Standard:


    To embrace digital-by-default is to see government as the design of so many services and the question is what makes a service a good service, what is the definition here of "excellence"? This is the question to which ex-Guardian man Mike Bracken addresses himself in the clip above and the gospel answer is given in the service standard manual.

    There are four stages apparently through which you must progress in the development of a digital-by-default service:
    "The discovery phase is your chance to gain an understanding of what the users of the service need ...", it says in the manual ...

    which reveals further that "This information is found through: workshops ... simple mock ups ... paper prototypes ... [and] plenty of whiteboard diagrams" ...

    and that "A small team will be required, consisting of your stakeholders and any core team members that have been identified, including the service manager. The phase should not take longer than a week. At the end of the phase a decision should be made whether to proceed to the alpha phase".

    Click on the "small team" link above and a message is displayed saying "This web page is not available". For the moment, we can't be sure just how small a team is required. No religion is complete without its mysteries.

    Still, if you click on the other links, you can follow the steps yourself from the discovery phase all the way through to the fully operational live phase, when a service is released to the users that is so excellent that they will immediately want to use it in preference to any rival – "Build services so good that people prefer to use them", as they say at GDS, that's their motto.

    As we know, for GDS, "the people and organisations with which we work must be imbued by the culture and ethos of the web generation ... we are not just on the web, but of the web. And our culture and governance must reflect that". That is the central article of the digital-by-default faith.

    And who better to lead in its practice than GDS themselves? Who better to exemplify its efficacy?

    Exemplify?

    Consider for example the identity and assurance programme (IDAP, or sometimes just plain IDA), a service which was promised to be "fully operational" for 21 million DWP claimants "by March 2013".

    Ex-Guardian man Mike Bracken, chief executive of GDS, is the senior responsible officer owner for this pan-government digital-by-default service (a fact which he modestly fails to mention in his weekly broadcasts). We may safely assume that a small team spent a week discovering the users' requirements and then proceeded to the alpha phase.

    Actually we don't have to assume that, we know it – Identity Alphas was published on the GDS blog on 12 March 2013. A bit late, perhaps, given that IDAP was meant to be fully operational already, but remember, digital-by-default is ... agile.

    And the acid test, do "people prefer to use" GDS's IDAP?

    No. They don't:
    IDA services put on ice for Universal Credit delivery

    No mention was made of the use of IDA in the DWP's Local Support Services Framework ... Instead, the paper referenced the issuing of PIN numbers to users for their online accounts ...
    Oh God.

    #Fail.

    Back to the whiteboard.

    GDS falls at the first fence (Software Engineering 101)

    Like any religion, digital-by-default needs manuals for its adherents to follow and the lead story in the Government Digital Service (GDS) broadcast on 15 March 2013 is the publication of one such manual, the Digital by Default Service Standard:


    To embrace digital-by-default is to see government as the design of so many services and the question is what makes a service a good service, what is the definition here of "excellence"? This is the question to which ex-Guardian man Mike Bracken addresses himself in the clip above and the gospel answer is given in the service standard manual.

    Thursday 14 March 2013

    GDS's misplaced faith and the governance of Whitehall

    Today we announced some small but important changes in governance. The detail is here but the upshot is: we won’t have a cross-government Chief Information Officer (CIO) any more, nor a Head of Profession for Information and Communications Technology (ICT). We are moving responsibility for these capabilities to the Government Digital Service and we are closing some cross-government boards in various technology areas and reviewing the rest in order to make sure we are set up as efficiently as possible.
    Thus ex-Guardian man Mike Bracken writing today in a post on the Government Digital Service (GDS) blog, Of the web, not on the web. He's the executive director of GDS and the senior responsible officer owner for the pan-government identity assurance programme (IDAP, failed).

    Take a look at the quotation above:
    • We won't have either a cross-government CIO or a head of the ICT profession any more, he says. False, because he goes on to say that responsibility for these capabilities is moving to GDS. So we will have a cross-government CIO and a head of the ICT profession and they will both be GDS.
    • Some cross-government technology boards are already being closed down, he says, and the future of others is being reviewed. GDS looks like having more and more of the field to itself, the competition is being wiped out.
    • These changes in governance are described by the ex-Guardian man as small. Clearly false. Healthy plurality is dwindling. More and more power is being centralised in GDS. That is a big change.
    It's unfortunate timing, given that the death of IDAP was announced on the same day, RIP – "the challenge now is not about information technology, but about designing, developing and delivering great, user-centred digital services", a challenge which GDS could not rise to.

    Alarm bells may ring. Is GDS the right place to centralise power?

    They may ring even harder when you read this:
    ... the people and organisations with which we work must be imbued by the culture and ethos of the web generation.

    ... we have to put digital leaders and Chief Operating Officers (COOs) in the driving seat across government.

    ... we are not just on the web, but of the web. And our culture and governance must reflect that.
    This quasi-religious worship of the web is a recurring theme. Think back to 17 October 2012 when the ex-Guardian man published Why GOV.UK matters: A platform for a digital Government including his meaningless bon mot:
    GOV.UK is not Government on the Internet, but of the Internet.
    GOV.UK is neither government on the internet nor government of the internet. GOV.UK is a website. And nothing more.

    This GDS religion/culture/ethos with its digital leader apostles and its veneration of Lady Lane Fox has already failed. Despite the blessing given by Tim O'Reilly, it has failed to provide the identity assurance service that was needed to support digital by default.

    Since that was its only job we had better look elsewhere for salvation.

    GDS's misplaced faith and the governance of Whitehall

    Today we announced some small but important changes in governance. The detail is here but the upshot is: we won’t have a cross-government Chief Information Officer (CIO) any more, nor a Head of Profession for Information and Communications Technology (ICT). We are moving responsibility for these capabilities to the Government Digital Service and we are closing some cross-government boards in various technology areas and reviewing the rest in order to make sure we are set up as efficiently as possible.
    Thus ex-Guardian man Mike Bracken writing today in a post on the Government Digital Service (GDS) blog, Of the web, not on the web. He's the executive director of GDS and the senior responsible officer owner for the pan-government identity assurance programme (IDAP, failed).

    GDS's Identity Assurance Programme goes up in smoke

    Computer Weekly, 14 March 2013:
    IDA services put on ice for Universal Credit delivery
    Only the other day there we were, weren't we, asking if the Government Digital Service's pan-government Identity Assurance service is up and running yet. They had promised that it would be "fully operational" for 21 million Department for Work and Pensions claimants "by March 2013".

    Well now, thanks to Computer Weekly, we know the answer.
    No mention was made of the use of IDA in the DWP’s Local Support Services Framework ... Instead, the paper referenced the issuing of PIN numbers to users for their online accounts ...
    GDS talked a good game once. Is there any hope now for IDA?

    No. Judging by this 12 March 2013 post on their blog, Identity Alphas, GDS are innocents abroad in the world of identity management.

    "Where did it all go wrong?" You may well ask.

    GDS's Identity Assurance Programme goes up in smoke

    Computer Weekly, 14 March 2013:
    IDA services put on ice for Universal Credit delivery
    Only the other day there we were, weren't we, asking if the Government Digital Service's pan-government Identity Assurance service is up and running yet. They had promised that it would be "fully operational" for 21 million Department for Work and Pensions claimants "by March 2013".

    Well now, thanks to Computer Weekly, we know the answer.
    No mention was made of the use of IDA in the DWP’s Local Support Services Framework ... Instead, the paper referenced the issuing of PIN numbers to users for their online accounts ...
    GDS talked a good game once. Is there any hope now for IDA?

    No. Judging by this 12 March 2013 post on their blog, Identity Alphas, GDS are innocents abroad in the world of identity management.

    "Where did it all go wrong?" You may well ask.

    Tuesday 12 March 2013

    The Identity & Passport Service, biometrics and your money

    Roll up, roll up
    and watch a collection of goldfish
    set light to a £15 million pile of notes
    and reduce it to ashes.

    The Identity & Passport Service (IPS) is an executive agency of the Home Office.

    IPS were meant to issue us all with ID cards.

    ID cards were meant to solve all our problems. Terrorism, crime, border control, you name it, think of a problem, ID cards would solve it.

    And they were meant to make our lives easier. With ID cards, so it was said, it would be easier to open a bank account, easier to get a job, easier to prove your right to state benefits, easier to travel domestically and abroad, you name it, think of any transaction, ID cards would make it easier.

    The UK ID card scheme had unstinting political support from July 2002 onwards from two prime ministers (Blair and Brown), five home secretaries (Blunkett, Clarke, Reid, Smith, Johnson) and the whole of Whitehall. The scheme had unstinting assistance from the best management consultants and contractors. Asked at one stage whether the budget had been exceeded, the Home Office said no, it couldn't be, there wasn't a budget. The media were largely in favour and, to start with, so were the public.

    And yet it failed. By December 2010 when the Identity Cards Act 2006 was repealed, IPS had to admit that there was nothing to show for £292 million of public expenditure. Nothing. Absolutely nothing.

    The effect of complete failure on IPS was traumatic:
    When a laboratory rat presses button B and gets an electric shock, he stops pressing button B. Not so the goldfish of IPS. Each time they swim round the bowl it comes as a surprise to them, oh look, there's a castle.

    The distinguishing feature of IPS's ID card scheme was biometrics. Biometrics would allow people to be identified uniquely. Biometrics would allow people to have their identity verified. The scheme depended on biometrics being reliable. They're not. That's one reason why it failed.

    You'd think they'd learn. But no. Here they come round the bowl again and what's this? A castle? No. Face recognition biometrics. Just what we need.

    Hat tip to Toby Stevens, IPS today issued an invitation to tender (ITT) for a face recognition system:
    II.1.5) Short description of the contract or purchase(s)
    The Identity and Passport Service (IPS) requires a Facial Recognition System (FRS) to help determine an applicants entitlement to and eligibility for a British Passport.
    The Authority intends to deliver capability to undertake Biometric Verification and Biometric Identification (including searching against a second instance referred to as a watchlist (WL)) checks on all passport
    applications.
    The architecture will comprise a Facial Recognition Engine, and a Facial Recognition Workflow capability which includes business rules, management information, audit and a data interface from an existing application system.
    The solution will use existing IPS biographic and biometric information as part of the FR checks, with appropriate data stored with each check ...
    They're offering a five-year contract worth between £6 million and £15 million to the lucky winners. Excluding VAT.

    The ITT stipulates a number of throughput conditions that have to be met, e.g. the face recognition system has to be able to:
    o Return a result from a Biometric Verification in under 10 seconds on 99.5% of searches.
    o Return a result from a Biometric Identification search under 60 seconds on 99.5% of searches.
    o Return a result from a Biometric Verification (WL) search in under 20 seconds on 99.5% of searches.
    but there is no stated requirement for the system to be reliable. Which is lucky for the contractors. Because all the published tests of mass consumer face recognition suggest that IPS would be better off tossing a coin than using this flaky technology.

    What IPS do insist on in the ITT is:
    the capability to adjust the threshold for matching based on business drivers e.g. demand levels.
    If IPS have a lot of staff on one day, then they might turn the dial up and make it a bit harder for your face to match the photograph stored on their register. If on the other hand there's a bit of a staff shortage, then they can turn the dial down and just let everyone match. Which rather gives the lie, doesn't it, to the suggestion that this charade has got anything to do with your identity, which doesn't vary with demand levels.

    Most likely, IPS will lay off a lot of staff and then, like the UK Border Agency, re-recruit them when they re-discover that the technology that was meant to replace them doesn't work.

    Lessons learnt? None. Roll up, roll up and watch a collection of goldfish set light to a £15 million pile of notes and reduce it to ashes.

    The Identity & Passport Service, biometrics and your money

    Roll up, roll up
    and watch a collection of goldfish
    set light to a £15 million pile of notes
    and reduce it to ashes.

    The Identity & Passport Service (IPS) is an executive agency of the Home Office.

    IPS were meant to issue us all with ID cards.

    ID cards were meant to solve all our problems. Terrorism, crime, border control, you name it, think of a problem, ID cards would solve it.

    And they were meant to make our lives easier. With ID cards, so it was said, it would be easier to open a bank account, easier to get a job, easier to prove your right to state benefits, easier to travel domestically and abroad, you name it, think of any transaction, ID cards would make it easier.

    The UK ID card scheme had unstinting political support from July 2002 onwards from two prime ministers (Blair and Brown), five home secretaries (Blunkett, Clarke, Reid, Smith, Johnson) and the whole of Whitehall. The scheme had unstinting assistance from the best management consultants and contractors. Asked at one stage whether the budget had been exceeded, the Home Office said no, it couldn't be, there wasn't a budget. The media were largely in favour and, to start with, so were the public.

    And yet it failed. By December 2010 when the Identity Cards Act 2006 was repealed, IPS had to admit that there was nothing to show for £292 million of public expenditure. Nothing. Absolutely nothing.

    Universal Credit – a tricky confinement

    Universal Credit – a tricky confinement

    Monday 11 March 2013

    Full marks to midata

    You have zero privacy anyway.
    Get over it.
    Scott McNealy, CEO Sun Microsystems
    January 1999
    25 years he's been a privacy campaigner. Simon Davies knows what he's talking about.

    In August 2012 he issued a questionnaire to find out what practitioners around the world were talking about.

    And in January this year he published his findings, Predictions for Privacy, based on 181 responses.
    It looks as though 13 issues will be on the agenda in 2013. They are all explained concisely on pp.11-14 of Mr Davies's report :
    1. Mobile apps
    2. Mobile geo-location
    3. Data aggregation
    4. Online advertising
    5. Data protection reform
    6. Big Data
    7. Face recognition systems
    8. Government surveillance systems
    9. Health data for private sector us
    10. Compulsory website ownership registration and verification
    11. Ambient intelligence and the “Internet of Things”
    12. Identity architectures
    13. Export of surveillance technologies to non-democratic regimes
    His report rejects the McNealy doctrine, the defeatist belief that it's all over for privacy in the modern world.

    So?

    So look again at the Department for Business Innovation and Skills (BIS) midata initiative. It's a false prospectus. It masquerades as a protector of privacy while ticking nearly every one of Mr Davies's 13 boxes. It's almost full marks to midata.

    Re item #3 above, for example, midata asks us all to use Personal Data Stores. "Do your own data aggregation", BIS are effectively saying, "and save us the trouble".

    Re item #6 above, the UK's "big data" project is headed by Professor Nigel Shadbolt. It's his job to promote the analysis of government data to improve public administration. He's also the chairman of the midata programme, where he seems to want to expose personal data in the same way. It's as though he doesn't see the distinction between public and private.

    Mr Davies's respondents predict that Google and Facebook will catch most of the flak in 2013. They are the obvious latter-day pied pipers of Hamelin. midata threatens to become a similarly malign force.

    Full marks to midata

    You have zero privacy anyway.
    Get over it.
    Scott McNealy, CEO Sun Microsystems
    January 1999
    25 years he's been a privacy campaigner. Simon Davies knows what he's talking about.

    In August 2012 he issued a questionnaire to find out what practitioners around the world were talking about.

    And in January this year he published his findings, Predictions for Privacy, based on 181 responses.
    It looks as though 13 issues will be on the agenda in 2013. They are all explained concisely on pp.11-14 of Mr Davies's report :
    1. Mobile apps
    2. Mobile geo-location
    3. Data aggregation
    4. Online advertising
    5. Data protection reform
    6. Big Data
    7. Face recognition systems
    8. Government surveillance systems
    9. Health data for private sector us
    10. Compulsory website ownership registration and verification
    11. Ambient intelligence and the “Internet of Things”
    12. Identity architectures
    13. Export of surveillance technologies to non-democratic regimes
    His report rejects the McNealy doctrine, the defeatist belief that it's all over for privacy in the modern world.

    So?

    Monday 4 March 2013

    GDS, HMRC and IDAP – where did it all go wrong?

    You wouldn't guess it from the jocular little video diary they published but St David's Day 2013 was a terrible day of failure for the Government Digital Service(GDS).

    (For new readers: IDAP = the Identity Assurance Programme.)

    GDS, HMRC and IDAP – where did it all go wrong?

    You wouldn't guess it from the jocular little video diary they published but St David's Day 2013 was a terrible day of failure for the Government Digital Service(GDS).

    (For new readers: IDAP = the Identity Assurance Programme.)

    Friday 1 March 2013

    G-Cloud Death LATEST: was it an inside job?

    G-Cloud Death LATEST: was it an inside job?

    PRESS RELEASE: Is identity assurance fully operational in the UK today?

    The following press release has been issued:-


    PRESS RELEASE


    Is identity assurance fully operational in the UK today?

    1 March 2013


    Six weeks ago, 16 January 2013, the Department for Work and Pensions (DWP) published the details of a contract they had awarded in connection with Universal Credit.

    There are 21 million claimants on DWP's services, they all have to be identified and the contract appoints eight official so-called "identity providers" for the UK. The description of the contract includes this:
    In supporting the digital by default policy in general and the Government’s welfare reform agenda in particular, cabinet office have produced guidance for all major public service provider departments relating to the need for identity assurance of members of the public when accessing government services ...

    To support the rollout of universal credit and personal independence payments providers will be selected by June 2012 and systems will need to be fully operational from March 2013 [emphasis added].
    That's today, 1 March 2013, and the question is, are these UK identity assurance systems now fully operational as stipulated?

    If so, we live in something of a new world.

    If not, we need to know if the identity assurance programme, like the ID cards scheme before it, is going to linger on for years and then be cancelled with nothing to show for the hundreds of millions of pounds of taxpayers' money spent on it.

    ----------

    Notes to editors
    1. Although it's nominally a DWP contract the organisation really in charge of UK identity assurance is the Government Digital Service (GDS), part of the Cabinet Office, please see Universal Credit and the December putsch: "The revised DWP OJEU notice is effectively an HMG-wide framework being delivered initially using DWP as the vehicle ... This approach ensures that, ultimately, HMG-wide Identity Assurance is supplied across central departments via a common procurement portal ... and governed by the Cabinet Office".

    2. The UK's eight official so-called "identity providers" are: The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, PayPal and Verizon. C.f. The identity of the UK's eighth identity provider has now been provided, reluctantly.

    3. Digital-by-default is normally described as the Whitehall policy to make all transactions with the government take place over the web, please see Amazon, Google, Facebook et al – the latter-day pied pipers of Hamelin. GDS's model for the UK is Estonia, please see Francis Maude seeks future in Estonia.

    4. What digital-by-default involves is re-constructing Whitehall with power centralised in GDS, please see Martha Lane Fox – https://www.gov.uk/machiavelli and OBITUARY: Whitehall 1947-2012 and A Whitehall death foretold – soul control and Whitehall governance, and GDS's fantasy strategy.

    5. Identity assurance is not limited to Universal Credit. Its proposed scope includes all transactions with the government ...

    6. ... and the compilation of the electoral register, please see Identity assurance – shall we vote on it?.

    7. ... and the compilation of the census, please see Alan Travis – Whitehall, the Guardian newspaper and Lord Leveson.

    8. The Department for Business Innovation and Skills claim that consumers will be "empowered" if we adopt their midata plan and use Personal Data Stores, which are virtual ID cards stored on the web, in the cloud, please see Identity assurance. Only the future is certain – doom 4 and last (William Heath, Mydex, midata, BIS, GDS and ID cards) – which takes us into areas of transactions supposedly not involving the government.

    9. According to its Whitehall advocates, digital-by-default is modern, fit for the 21st century, inevitable and energy-efficient, and will result in high quality, trusted public services. In fact it is a re-hash of Tony Blair's call in 2005 for joined up government which led to Whitehall's failed Transformational Government initiative. Transformational Government depended on ID cards (please see para.39(7), p.13) and digital-by-default depends on identity assurance.

    10. According to its advocates, digital-by-default will save money. Given the history of Whitehall IT projects, that claim must evoke a certain scepticism, please see It's all John's fault.

    11. If it does save money, GDS say that it will be by making public servants redundant, please see The savings to be expected from digital-by-default – a clarification. They promise a minimum of 40,000 redundancies, and many more if the constraints on data-sharing can be lifted. They propose in their Digital Efficiency Report that Whitehall should keep the savings rather than pass them back to the public.

    It is important to discover whether identity assurance is, as promised, fully operational in the UK today.

    "Fully operational" is defined in DWP's description of the contract and involves identity verification, credential management, identity correction services, identity authentication, the use of a standardised data description of identity, the inclusion of attributes like bank account details, the implementation of secure organisational procedures, support for a proper privacy model and a proper consent model, multi-channel delivery, geographical reach and demographic reach.

    Tick all those boxes and perhaps we have fully operational identity assurance in the UK today. Otherwise, we haven't.



    About David Moss
    David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.

    Press contacts: David Moss, BCSL@blueyonder.co.uk

    PRESS RELEASE: Is identity assurance fully operational in the UK today?

    The following press release has been issued:-


    PRESS RELEASE


    Is identity assurance fully operational in the UK today?

    1 March 2013


    Six weeks ago, 16 January 2013, the Department for Work and Pensions (DWP) published the details of a contract they had awarded in connection with Universal Credit.

    There are 21 million claimants on DWP's services, they all have to be identified and the contract appoints eight official so-called "identity providers" for the UK. The description of the contract includes this:
    In supporting the digital by default policy in general and the Government’s welfare reform agenda in particular, cabinet office have produced guidance for all major public service provider departments relating to the need for identity assurance of members of the public when accessing government services ...

    To support the rollout of universal credit and personal independence payments providers will be selected by June 2012 and systems will need to be fully operational from March 2013 [emphasis added].
    That's today, 1 March 2013, and the question is, are these UK identity assurance systems now fully operational as stipulated?

    If so, we live in something of a new world.

    If not, we need to know if the identity assurance programme, like the ID cards scheme before it, is going to linger on for years and then be cancelled with nothing to show for the hundreds of millions of pounds of taxpayers' money spent on it.

    ----------

    Notes to editors
    1. Although it's nominally a DWP contract the organisation really in charge of UK identity assurance is the Government Digital Service (GDS), part of the Cabinet Office, please see Universal Credit and the December putsch: "The revised DWP OJEU notice is effectively an HMG-wide framework being delivered initially using DWP as the vehicle ... This approach ensures that, ultimately, HMG-wide Identity Assurance is supplied across central departments via a common procurement portal ... and governed by the Cabinet Office".

    2. The UK's eight official so-called "identity providers" are: The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, PayPal and Verizon. C.f. The identity of the UK's eighth identity provider has now been provided, reluctantly.

    3. Digital-by-default is normally described as the Whitehall policy to make all transactions with the government take place over the web, please see Amazon, Google, Facebook et al – the latter-day pied pipers of Hamelin. GDS's model for the UK is Estonia, please see Francis Maude seeks future in Estonia.

    4. What digital-by-default involves is re-constructing Whitehall with power centralised in GDS, please see Martha Lane Fox – https://www.gov.uk/machiavelli and OBITUARY: Whitehall 1947-2012 and A Whitehall death foretold – soul control and Whitehall governance, and GDS's fantasy strategy.

    5. Identity assurance is not limited to Universal Credit. Its proposed scope includes all transactions with the government ...

    6. ... and the compilation of the electoral register, please see Identity assurance – shall we vote on it?.

    7. ... and the compilation of the census, please see Alan Travis – Whitehall, the Guardian newspaper and Lord Leveson.

    8. The Department for Business Innovation and Skills claim that consumers will be "empowered" if we adopt their midata plan and use Personal Data Stores, which are virtual ID cards stored on the web, in the cloud, please see Identity assurance. Only the future is certain – doom 4 and last (William Heath, Mydex, midata, BIS, GDS and ID cards) – which takes us into areas of transactions supposedly not involving the government.

    9. According to its Whitehall advocates, digital-by-default is modern, fit for the 21st century, inevitable and energy-efficient, and will result in high quality, trusted public services. In fact it is a re-hash of Tony Blair's call in 2005 for joined up government which led to Whitehall's failed Transformational Government initiative. Transformational Government depended on ID cards (please see para.39(7), p.13) and digital-by-default depends on identity assurance.

    10. According to its advocates, digital-by-default will save money. Given the history of Whitehall IT projects, that claim must evoke a certain scepticism, please see It's all John's fault.

    11. If it does save money, GDS say that it will be by making public servants redundant, please see The savings to be expected from digital-by-default – a clarification. They promise a minimum of 40,000 redundancies, and many more if the constraints on data-sharing can be lifted. They propose in their Digital Efficiency Report that Whitehall should keep the savings rather than pass them back to the public.

    It is important to discover whether identity assurance is, as promised, fully operational in the UK today.

    "Fully operational" is defined in DWP's description of the contract and involves identity verification, credential management, identity correction services, identity authentication, the use of a standardised data description of identity, the inclusion of attributes like bank account details, the implementation of secure organisational procedures, support for a proper privacy model and a proper consent model, multi-channel delivery, geographical reach and demographic reach.

    Tick all those boxes and perhaps we have fully operational identity assurance in the UK today. Otherwise, we haven't.



    About David Moss
    David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.

    Press contacts: David Moss, BCSL@blueyonder.co.uk