Monday 29 July 2013

John Naughton, welcome to the club

(Hat tip: Philip Virgo)

John Naughton is professor of the public understanding of technology at the Open University. Writing in yesterday's Observer, 28 July 2013, he says:
... no US-based internet company can be trusted to protect our privacy or data. The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you're thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again.

... when your chief information officer proposes to use the Amazon or Google cloud as a data-store for your company's confidential documents, tell him where to file the proposal. In the shredder.
Where have you heard that before?

John Naughton, welcome to the club

(Hat tip: Philip Virgo)

John Naughton is professor of the public understanding of technology at the Open University. Writing in yesterday's Observer, 28 July 2013, he says:
... no US-based internet company can be trusted to protect our privacy or data. The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you're thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again.

... when your chief information officer proposes to use the Amazon or Google cloud as a data-store for your company's confidential documents, tell him where to file the proposal. In the shredder.

Friday 26 July 2013

Instrumenting the kettle

Exclusive: sometimes there is a difference between fiction and reality.

Steve Hewlett is presenting a report at the moment on BBC Radio 4, Privacy Under Pressure. Three episodes, Episode 2 was on Monday 22 July 2013, final episode next Monday, don't miss it, 9 a.m.

Everyone remembers Minority Report, the Tom Cruise film where the murder rate has dropped to zero because the "Precrime" unit intervenes before anyone commits a felony.

What is the use of the internet of things? That's what Steve Hewlett.wanted to know. And there was our very own Professor Sir Nigel Shadbolt to tell him.

You remember Sir Nigel. He's head of the Open Data Institute. And midata. He's the one who thinks that the economy will grow if we give all our public and personal data to innovative app-designers. Him and Stephan Shakespeare. Although neither of them can usually think what these apps might do to be useful and profitable.

And you remember the internet of things.That's when you connect every device in the world to the internet and then monitor them.

Worked a treat for the US Chamber of Commerce. They thought they were controlling the central heating in one of their flats remotely. In fact, the thermostat was busy sending stolen data to the Chinese: "months later, the chamber discovered that Internet-connected devices — a thermostat in one of its corporate apartments and a printer in its offices — were still communicating with computers in China".

All this remote monitoring is a bit intrusive, isn't it, said Steve Hewlett but Sir Nigel reckons not. He says that by "instrumenting" the fridge you'll be able to tell remotely that an old person is eating properly. "Elder care", he calls it. And if you see the kettle being turned on, you'll know that the old person is having a cup of tea.

Sir Nigel has obviously never met an elderly relative of DMossEsq's who, in his dotage, every time you served him dinner, carefully picked it up and put it in the dishwasher – to a remote "elder carer", no doubt that would mean he was doing the washing up.

A lot of people on Steve Hewlett's programme keep saying that the benefits of surveillance are undeniable, it would improve the quality of life, it's very positive. There's one old-fashioned lady who says that permanent surveillance will lead to permanent self-censorship, but what does she know?

Is it worth giving up our privacy just so that we know without taking the trouble to go round in person that some old wrinkly has opened the fridge?

Sir Nigel tackled this question head on. Here he is, delivering the coup de grâce to any demented naysayers. Just imagine, he says, a new world where you look out of the window and see the blue flashing lights, and then someone flies through the door and says "we're here to prevent you from having a heart attack".

That's Sir Nigel's charming picture of the new world he's trying to create. Or intelligently design. "Precare", anyone?

Sir Nigel has obviously never met Steven Grisales. And he's not going to meet him, because Steven Grisales is dead. He was murdered by a 15 year-old who was out on parole probation and evaded surveillance by the simple act of removing his electronic tag.

The story is told by Dominic Lawson in the Sunday TimesClarke plays a deadly game of tagging, 17 June 2012: "Last Wednesday Liz Calderbank, the chief inspector of probation, released a report on electronically monitored curfews, which deserves that overused term 'devastating' — it revealed that 59% of tagged offenders are known to have breached the terms of their curfew".

Perhaps in next Monday's episode Steve Hewlett will settle the question whether the benefits of giving up our privacy really are indubitable. Will the future look like Sir Nigel's idyllic dream? Or will it be more like the squalid nightmare which is surveillance today in the UK, as revealed by Liz Calderbank?

----------

Updated 4.8.14

iKettle: The Wi-Fi kettle review

Hat tip


Updated 24.10.16

"Global internet outages continue as second wave of hacker attacks cripples web servers" – that's what it said in the Daily Telegraph newspaper last week, with more than usual first-hand experience: "Hundreds of popular websites were taken offline for hours on Friday after a critical internet point was hit by multiple cyber attacks ... Hackers brought sites including Twitter, eBay and The Telegraph offline for millions of users after targeting Dyn, a New Hampshire-based company that is responsible for routing internet traffic".

ElReg provided some technical detail. It seems that a lot of dumb devices attached to the internet of things (IoT) were used to launch an onslaught on this company Dyn. Devices including the WiFi kettle above, possibly. Apparently it's terribly easy to do and the caper may have been undertaken by bored children.

Messrs Shadbolt and Shakespeare (please see above) may have their enthusiasm for the IoT undimmed by this episode. You may think differently, though. If bored children knock out the Government Digital Service's GOV.UK Verify (RIP) next time, and if you foolishly rely on that underwhelming identity assurance scheme, then you will cease to exist.


Updated 21.1.17

RIP: Steve Hewlett: Radio 4 presenter dies at the age of 58

Instrumenting the kettle

Exclusive: sometimes there is a difference between fiction and reality.

Steve Hewlett is presenting a report at the moment on BBC Radio 4, Privacy Under Pressure. Three episodes, Episode 2 was on Monday 22 July 2013, final episode next Monday, don't miss it, 9 a.m.

Everyone remembers Minority Report, the Tom Cruise film where the murder rate has dropped to zero because the "Precrime" unit intervenes before anyone commits a felony.

What is the use of the internet of things? That's what Steve Hewlett.wanted to know. And there was our very own Professor Sir Nigel Shadbolt to tell him.

You remember Sir Nigel. He's head of the Open Data Institute. And midata. He's the one who thinks that the economy will grow if we give all our public and personal data to innovative app-designers. Him and Stephan Shakespeare. Although neither of them can usually think what these apps might do to be useful and profitable.

And you remember the internet of things.That's when you connect every device in the world to the internet and then monitor them.

Worked a treat for the US Chamber of Commerce. They thought they were controlling the central heating in one of their flats remotely. In fact, the thermostat was busy sending stolen data to the Chinese: "months later, the chamber discovered that Internet-connected devices — a thermostat in one of its corporate apartments and a printer in its offices — were still communicating with computers in China".

Biometrics – Hollywood v. Kingston upon Thames

Exclusive: sometimes there is a difference between fiction and reality.

Steve Hewlett is presenting a report at the moment on BBC Radio 4, Privacy Under Pressure. Three episodes, Episode 2 was on Monday 22 July 2013, last episode next Monday, don't miss it, 9 a.m.

Everyone remembers Minority Report, the Tom Cruise film where people are identified by the patterns of their irises. As they walk around the shopping mall, personally tailored advertisements invite them to enjoy special offers in the shop they're just passing.

Politicians may believe that this technology already works and is available today. It isn't. Senior civil servants and journalists may believe it but they're wrong, too.

What is available, is a technology claiming to recognise your face – not your irises. Steve Hewlett interviewed James Orwell, a face recognition expert at Kingston University.

How well does face recognition work in a shopping mall today? Hundreds of times better than it used to, said Dr Orwell, but still not well enough. If we had one million people's faces on file and we searched for a match using an image caught by an overhead CCTV today, we'd probably be able to narrow it down to the nearest 5 percent.

That is, we'd know that the person who's just been filmed isn't among these 950,000, he or she is one of the remaining 50,000 people on file. Probably.

Useless. And here he is, saying it.

Minority Report-style biometrics may work in Hollywood. They don't work in Kingston.

Biometrics – Hollywood v. Kingston upon Thames

Exclusive: sometimes there is a difference between fiction and reality.

Steve Hewlett is presenting a report at the moment on BBC Radio 4, Privacy Under Pressure. Three episodes, Episode 2 was on Monday 22 July 2013, last episode next Monday, don't miss it, 9 a.m.

Everyone remembers Minority Report, the Tom Cruise film where people are identified by the patterns of their irises. As they walk around the shopping mall, personally tailored advertisements invite them to enjoy special offers in the shop they're just passing.

Politicians may believe that this technology already works and is available today. It isn't. Senior civil servants and journalists may believe it but they're wrong, too.

Thursday 25 July 2013

"Identity providers" – GDS issue the black spot

One UK citizen said:”I pay the government to identify and verify me when I am born (birth certificate), when I marry (marriage certificate), when I die (death certificate) and when I travel (passport and driving licence). Why should I then have to pay an outside private organisation to verify who I am when I transact with the government online, when I've already paid the government? Let the government – possibly the passport service that is also the national records office – be my identity provider of choice.”
The UK is the proud possessor of not just one "identity provider", not two, but no less than eight of them. Digidentity and Verizon. The Post Office and Experian. Mydex and Ingeus. Cassidian and PayPal.

It's been hard for them. Initially, the Department for Work and Pensions (DWP) offered the "identity providers" £240 million to get the Identity Assurance Programme (IDAP) up and running in the UK. Then ex-Guardian man Mike Bracken stepped in and cut the offer to £30 million. By the time contracts were awarded, that figure was down to £25 million.

The idea was to have IDAP "fully operational" for DWP by March 2013. Four months ago. It wasn't operational then, and it still isn't.

Has IDAP been shelved? Or cancelled? No. Digital by Default News tell us that HMRC will be the first public body to use IDAP.

(It may help to explain that Digital by Default News "is one of a new portfolio of Contentive websites providing critical, real-time intelligence in a wide range of niche industry verticals".)

So things are looking up for the "identity providers"? All those years of hard work negotiating the terms of IDAP and now, at last, it's paid off and they're going to get their hands on the identities of tens of millions of individual and corporate taxpayers' identities?

No.

Take another look at that Digital by Default News article, Citizens would prefer government-owned identity provider. Yes, it spends a bit of time saying that "the scheme will be run by eight private sector organisations which will hold digital ‘passports’ for enrolled UK citizens, enabling them to access online government services".

But the bulk of the article is about how no-one wants private sector "identity providers", what we really want, apparently, we "citizens", is for the old Identity & Passport Service (IPS) to be our one and only "identity provider". "Identity providers", it is saying, "we don't need you, we don't want you, we can do better without you, your presence has delighted us long enough, do not stand upon the order of your going".

The Senior Responsible Owner for IDAP is ex-Guardian man Mike Bracken, see above. He is also the chief executive of the Government Digital Service (GDS), responsible for making public services digital by default, and he's probably the de facto publisher of Digital by Default News N [please see comments below].

What is he up to? He's alienated DWP, the UK's biggest-spending department of state, he's alienated the eight "identity providers" on whom IDAP depends and now he's got no-one left to turn to – the whole point about IPS is that it failed.

He's promising to provide HMRC with identity assurance, having promised and then failed to provide it to DWP last March.

Failing with DWP is one thing. But HMRC is different. The state relies on HMRC raising about £600 billion of tax every year. Failure is unthinkable. No tax, no state.

The question was, what is he up to, and the answer is, who knows, ex-Guardian man Mike Bracken's tactics are incomprehensible, the only point that is clear is that this is the end of IDAP, the end of digital-by-default, which can't work without identity assurance, the end of GDS, the end of midata and Individual Electoral Registration and maybe the end of G-Cloud, too – on 1 June 2013 GDS took over responsibility for G-Cloud.

IDAP never was going to work. Its failure could nevertheless have been long and drawn-out, and expensive. Thanks to this latest slap in the face of the "identity providers", we taxpayers may be lucky – quicker and cheaper failure.

Who do we thank?

Step forward Neil Fisher. Mr Fisher is vice president of Global Security Solutions at Unisys Corporation. He is responsible for the opinion poll results on which the Digital by Default News article is based. They fell for it hook, line and sinker.

He is also, of course, the Cassandra who told ex-Guardian man Mike Bracken and Francis Maude that any project with the word "identity" in its name is doomed.

Thank you.

"Identity providers" – GDS issue the black spot

One UK citizen said:”I pay the government to identify and verify me when I am born (birth certificate), when I marry (marriage certificate), when I die (death certificate) and when I travel (passport and driving licence). Why should I then have to pay an outside private organisation to verify who I am when I transact with the government online, when I've already paid the government? Let the government – possibly the passport service that is also the national records office – be my identity provider of choice.”
The UK is the proud possessor of not just one "identity provider", not two, but no less than eight of them. Digidentity and Verizon. The Post Office and Experian. Mydex and Ingeus. Cassidian and PayPal.

It's been hard for them. Initially, the Department for Work and Pensions (DWP) offered the "identity providers" £240 million to get the Identity Assurance Programme (IDAP) up and running in the UK. Then ex-Guardian man Mike Bracken stepped in and cut the offer to £30 million. By the time contracts were awarded, that figure was down to £25 million.

The idea was to have IDAP "fully operational" for DWP by March 2013. Four months ago. It wasn't operational then, and it still isn't.

Has IDAP been shelved? Or cancelled? No. Digital by Default News tell us that HMRC will be the first public body to use IDAP.

(It may help to explain that Digital by Default News "is one of a new portfolio of Contentive websites providing critical, real-time intelligence in a wide range of niche industry verticals".)

Wednesday 24 July 2013

The rise of the captive cloud

• PASC should rescue the good idea of SME competition
from the clutches of G-Cloud

• PASC should look carefully at the way competition is being operated
in G-Cloud

Whitehall misfeasance
The Public Administration Select Committee (PASC) published its report on Government Procurement on 16 July 2013:
The public sector spends £227 billion each year buying a range of goods, services and works, £45 billion of which is spent by Whitehall Departments. The Ministry of Defence alone spends £20 billion a year. By improving the efficiency and effectiveness of procurement, the Government has an opportunity not only to save the taxpayer significant sums of money, but also to drive economic growth. (p.1)
 PASC say that the public is getting poor value for money and that:
There are clear shortcomings in the ability of the Civil Service to run effective and efficient procurement. The Civil Service shows a consistent lack of understanding about how to gather requirements, evaluate supplier capabilities, develop relationships or specify outcomes. (p.3)
This record of misfeasance in public office goes back at least 30 years and shows few signs of improvement:
Whilst we welcome the Government’s initiatives to centralise procurement, we note that progress so far has been painfully slow and sporadic. It is clear from our evidence that this is because, despite the centralising mandate given to the Cabinet Office by a Cabinet Committee, inter-departmental cooperation is poor. (p.4)
At worst, this soap opera is about suppliers charging the biggest number they can think of for poor quality service and about incompetent satraps paying them.

SMEs
What hope is there for the taxpayer that his or her money will stop being wasted?

One source of hope is the plan to give more government contracts to small and medium-sized enterprises (SMEs). They are more innovative than the behemoths who normally have government contracts let to them, and more competition might reduce prices and improve quality:
To help achieve this aspiration, the Cabinet Office has introduced a number of measures to remove barriers facing SMEs seeking to win government contracts. These include a policy to remove “pre-qualification questionnaires from lower value contracts, except where security is a consideration” and “the introduction of Contracts Finder” to allow “unprecedented transparency to the range of opportunities available”. (p.13)
That hope expires one page later.

Duty of care
The G Cloud/Cloudstore Framework

The G Cloud/Cloudstore framework provides an online catalogue of ICT services for the UK public sector managed centrally by the Government Procurement Service ...

The Government expects that CloudStore will help small and medium-sized businesses to contract directly with the public sector, as it has simplified the requirements for joining this framework. (p.14)
Two ideas are being conflated and PASC have, arguably, fallen for it.

Giving SMEs the chance to win government contracts is one idea. Cloud computing is a separate idea. SMEs being allowed to compete is quite independent of the introduction of cloud computing. And cloud computing is quite independent of SMEs competing – there are huge, non-SME cloud computing service suppliers like Apple and Google and Amazon and Microsoft.

"Cloud computing" means losing control of your data. It is a bad idea. It is an abdication of Whitehall's duty of care.

PASC should rescue the good idea of SME competition from the clutches of G-Cloud.

Competition
And PASC should look carefully at the way competition is being operated in G-Cloud, specifically by the Government Procurement Service and the Government Digital Service, which took over responsibility for G-Cloud on 1 June 2013.

Everyone is or should be conversant with the concept of the captive insurance company. Whitehall have created their own equivalent, in the form of the captive cloud company.

There are 458 suppliers accredited to G-Cloud according to PASC (p.14), many of them long-established SMEs with a track record that bears inspection.

So how did Skyscape, a company only incorporated on 3 May 2011, manage to be accredited by the Government Procurement Service? And how did it win four G-Cloud contracts – with HMRC, the MoD, the Home Office and the Government Digital Service – against the competition of long-established SMEs?

It looks as if Whitehall have created in Skyscape a captive cloud company. Skyscape recruited as its Commercial Director one Nicky Stewart, previously G-Cloud Head of ICT Strategy Delivery at the Cabinet Office, and Whitehall started filling this shell with valuable contracts. That looks like a distortion of the market and the opposite of the proper operation of competition.

Only separate
If Whitehall are allowed by PASC to confuse SME competition with cloud computing, the danger is that public administration will become dependent on the large cloud computing suppliers. Once dependent on them prices will go up, and a new oligopoly of contractors will exert power. Competition will be snuffed out by a cartel and we taxpayers will be back where we started, being fleeced, while the satraps look on with impunity.

The rise of the captive cloud

• PASC should rescue the good idea of SME competition
from the clutches of G-Cloud

• PASC should look carefully at the way competition is being operated
in G-Cloud

Whitehall misfeasance
The Public Administration Select Committee (PASC) published its report on Government Procurement on 16 July 2013:
The public sector spends £227 billion each year buying a range of goods, services and works, £45 billion of which is spent by Whitehall Departments. The Ministry of Defence alone spends £20 billion a year. By improving the efficiency and effectiveness of procurement, the Government has an opportunity not only to save the taxpayer significant sums of money, but also to drive economic growth. (p.1)
 PASC say that the public is getting poor value for money and that:
There are clear shortcomings in the ability of the Civil Service to run effective and efficient procurement. The Civil Service shows a consistent lack of understanding about how to gather requirements, evaluate supplier capabilities, develop relationships or specify outcomes. (p.3)
This record of misfeasance in public office goes back at least 30 years and shows few signs of improvement:
Whilst we welcome the Government’s initiatives to centralise procurement, we note that progress so far has been painfully slow and sporadic. It is clear from our evidence that this is because, despite the centralising mandate given to the Cabinet Office by a Cabinet Committee, inter-departmental cooperation is poor. (p.4)
At worst, this soap opera is about suppliers charging the biggest number they can think of for poor quality service and about incompetent satraps paying them.

Sunday 21 July 2013

The old concept of HMRC is worn out

You see Trade's plan is for every person in Ruritania to maintain a personal data store, managed by state-appointed trusted identity providers. That includes both types of person, natural persons and legal persons, i.e. corporations, trusts, and so on. Once these personal data stores are populated, where is the need for the Revenue? A tax farmer app can simply calculate the amount of tax due and make life more convenient for everyone by filing their tax returns for them and direct debiting the money from their bank accounts. It would be naïve of anyone not to see that that is the purpose of a personal data store and that that is also why the Revenue as currently constituted serves no purpose in the digital-by-default new world.
That's what DMossEsq said in his China Syndrome play. Ridiculous of course.

Except that the excellent Dave Birch promptly reported a meeting hosted by Intellect to discuss the possibility of a mobile phone app to make charitable donations and account for Gift Aid at the same time, please see You can take a gift horse to water, but you can’t make it fill out an HMRC declaration.

Certain people are looking for a knockdown argument in favour of personal data stores (PDSs).

"Holding out against PDSs condemns African children to starvation" sounds like a good candidate. Until you examine it.

Compare and contrast Stephan Shakespeare and the European Commission's plans for Public Sector Information (PSI) – "standing in the way of PSI means there will never be a cure for cancer".

Beware.

----------

Updated 20.3.14

Daily Telegraph:
Did you spot this? Budget gives HMRC power to raid your bank account – like Wonga

... At the back of the Budget book, there’s this chilling paragraph: “The Government will modernise and strengthen HMRC’s debt collection powers to recover financial assets from the bank accounts of debtors who owe over £1,000 of tax” ...
One step further along the road to Estonia.

Updated 10.5.14

Guardian
HMRC to sell taxpayers' financial data
The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs in a move branded "dangerous" by tax professionals and "borderline insane" by a senior Conservative MP.
Telegraph
David Cameron: Taxes will rise unless we can raid bank accounts
Taxes will have to rise unless officials are given new powers to raid people's bank accounts, David Cameron has said.

The Treasury select committee warned that allowing HM Revenue and Customs to remove cash from bank accounts without court orders is "very concerning" because of its history of mistakes.

The old concept of HMRC is worn out

You see Trade's plan is for every person in Ruritania to maintain a personal data store, managed by state-appointed trusted identity providers. That includes both types of person, natural persons and legal persons, i.e. corporations, trusts, and so on. Once these personal data stores are populated, where is the need for the Revenue? A tax farmer app can simply calculate the amount of tax due and make life more convenient for everyone by filing their tax returns for them and direct debiting the money from their bank accounts. It would be naïve of anyone not to see that that is the purpose of a personal data store and that that is also why the Revenue as currently constituted serves no purpose in the digital-by-default new world.
That's what DMossEsq said in his China Syndrome play. Ridiculous of course.

Except that the excellent Dave Birch promptly reported a meeting hosted by Intellect to discuss the possibility of a mobile phone app to make charitable donations and account for Gift Aid at the same time, please see You can take a gift horse to water, but you can’t make it fill out an HMRC declaration.

Certain people are looking for a knockdown argument in favour of personal data stores (PDSs).

"Holding out against PDSs condemns African children to starvation" sounds like a good candidate. Until you examine it.

Is gravity old-fashioned now?

Many people are saying the same thing but none, perhaps, as eminent as Professor Sir John Beddington CMG, FRS, Chief Scientific Adviser to HM Government and Head of the Government Office for Science:
Blurring of public and private identities:
People are now more willing to place personal information into public domains, such as on the internet, and attitudes towards privacy are changing, especially among younger people. These changes are blurring the boundaries between social and work identities. The advent of widespread mobile technology and email enables more people to remain connected to their work out of hours. At the same time, posting mobile phone photographs and videos online has led to a cultural shift where many people broadcast their daily lives and experiences, ceding control over some aspects of identity to others with potentially serious consequences for later life. (p.2)
Sir John doesn't say that the concept of privacy itself is changing.

But other people do, see for example The changing definition of privacy'Like' it or not, privacy has changed in the Facebook agePrivacy in a changing societyFacebook's Mark Zuckerberg says privacy is no longer a 'social norm' and The concept of privacy is now impossible to sustain.

Which is odd because, think about it, when first balloons and then aeroplanes started to fly, no-one said that the concept of gravity had changed.

Beware salesmen telling you that the concept of privacy has changed and you're past your sell-by date if you don't know it, these days anything goes. They're wrong. The concept of privacy is staying right where it's always been and its strictures still apply.

What the Chief Scientific Adviser is saying is that the attitude to privacy is changing. He's wrong, too. As those who give up their privacy will find when the old-fashioned concept of regret overtakes them.

Is gravity old-fashioned now?

Many people are saying the same thing but none, perhaps, as eminent as Professor Sir John Beddington CMG, FRS, Chief Scientific Adviser to HM Government and Head of the Government Office for Science:
Blurring of public and private identities:
People are now more willing to place personal information into public domains, such as on the internet, and attitudes towards privacy are changing, especially among younger people. These changes are blurring the boundaries between social and work identities. The advent of widespread mobile technology and email enables more people to remain connected to their work out of hours. At the same time, posting mobile phone photographs and videos online has led to a cultural shift where many people broadcast their daily lives and experiences, ceding control over some aspects of identity to others with potentially serious consequences for later life. (p.2)
Sir John doesn't say that the concept of privacy itself is changing.

But other people do, see for example The changing definition of privacy'Like' it or not, privacy has changed in the Facebook agePrivacy in a changing societyFacebook's Mark Zuckerberg says privacy is no longer a 'social norm' and The concept of privacy is now impossible to sustain.

Which is odd because, think about it, when first balloons and then aeroplanes started to fly, no-one said that the concept of gravity had changed.

Saturday 20 July 2013

UC and the missing £300 million

Hat tip: @Welfare__Reform

The things they say on Twitter!

Universal Credit dead? Surely not.

£300 million down the drain? No. No public administration could waste that much money. Could they?

C.f. 10 December 2012: Universal Credit – GDS's part in its downfall















UC and the missing £300 million

Hat tip: @Welfare__Reform

The things they say on Twitter!

Universal Credit dead? Surely not.

£300 million down the drain? No. No public administration could waste that much money. Could they?

C.f. 10 December 2012: Universal Credit – GDS's part in its downfall

Friday 19 July 2013

GDS – an open and shut case

The case
Ex-Guardian man Mike Bracken's Government Digital Service (GDS) is "pivoting", he says.

First GDS pioneered the concept of governments publishing data by creating the award-winning GOV.UK website. Now GDS is "pivoting", which means that it's moving on from mere publishing and it's going to pioneer two-way communication with the mob, the mobile vulgus, who are going to be allowed to undertake on-line transactions in the digital-by-default new world.

There are about 650 types of transaction between government and the public, according to GDS, and they've chosen 25 of them for starters. "Exemplars", as they call them, GDS will show the rest of the world how to do it.

We’ve started work on redesigning 25 of the biggest and most-used transactional public services – we call them exemplars, leading the way for others to follow.
There's no telling what ye Mighty think about GDS's first attempts at transactions but four professors who reviewed the Government Digital Strategy were left less than optimistic:
It is impossible with the detail provided to form any reasonable view of how this key activity [service transformation] will be performed. Similarly in Annex 3 the proposed transactional service standard is outlined. Again, in the few pages provided there is far too little to make any assessment ... (p.5)

[on the subject of (a) open source and (b) web platforms, as alternatives to the current practice of using ponderous and expensive IT contractors] ... we would strongly argue that neither case offers a direct, clear model that applies to this UK Government context: A technologically-diverse, long-lived set of transactional services to be executed in a complex cultural, political, and regulatory environment. How the lessons of these alternative models can be brought to bear on the current UK Government’s IT systems is a core question that the [Government Digital Strategy] must address, but right now it has little meaningful to say. The [Government Digital Strategy] must avoid falling into the trap of an overly-simplistic response that one approach is poor and the other is better. (p.6)
And a fifth professor gave evidence to the House of Commons Science and Technology Committee, who are keeping an eye on Whitehall's digital-by-default project, to the effect that GDS are wasting their time. Despite "heroic" amounts of testing, they won't know if their transaction systems work, it's impossible to measure the quality of software systems unless you use formal methods, and GDS don't.

Open
Undismayed, GDS are pressing ahead. "Onwards", as ex-Guardian man Mike Bracken always says. What's more, everything is out in the open:
People are seeing the live, working software that’s already making government services Digital by Default.

We are running this programme of continual iteration in the open. You can follow our progress at www.gov.uk/transformation, where we’re regularly publishing information about every exemplar. You’ll see performance data, screenshots and status reports of where each service is at, and we’re going to add more to it as each service progresses ...

Reporting in public
It’s important that we continue to publish these updates in public, that we report on the services we’re transforming, and that we blog about our progress. Publishing this means more of our colleagues can see what’s happening and what part they play in the process. It’s also the best way to make sure that we’re accountable for the things we build. As our design principles say, if we make things open, we make things better.
Shut
Take a look at https://www.gov.uk/transformation. Exemplar #1 is Electoral Registration – "rebuilding trust in our electoral system and making voter registration more convenient and secure".

Making things open makes them better. It's all about accountability. Click on the link, and what do you find?

"Live, working software that’s already making government services Digital by Default"? No.

"Performance data"? No.

"Screen shots"? No.

Dig a little deeper, click on "our original strategy statement", and you find:
To support IER [Individual Electoral Registration] and make it simpler for users, a new digital channel will be created and a method for confirming identities will be introduced.
What "new digital channel"? They don't tell us.

What "new method for confirming identities"? They don't tell us.

Will voter registration be more "convenient" and more "secure"? Who knows?

Will trust in our electoral system be "rebuilt"? An important question. And GDS aren't helping us to answer it.

For an organisation dedicated to openness and accountability, GDS are remarkably tight-lipped.

The next general election in the UK is round the corner and we're relying on GDS to provide the electoral register. Why?

----------

Updated 24 July 2013
The post above was published last Friday, 19 July 2013.

The day before yesterday, Monday 22 July 2013, the following comment (#42377) was submitted on ex-Guardian man Mike Bracken's post, The pivot: from publishing to transactions. The comment has been deleted. There have been no answers from GDS by way of response:
What GDS say
GDS say in the post above that: “People are seeing the live, working software that’s already making government services Digital by Default … We are running this programme of continual iteration in the open. You can follow our progress athttp://www.gov.uk/transformation, where we’re regularly publishing information about every exemplar. You’ll see performance data, screenshots and status reports of where each service is at, and we’re going to add more to it as each service progresses”.

Under the heading ‘Reporting In Public’, GDS add: “It’s important that we continue to publish these updates in public, that we report on the services we’re transforming, and that we blog about our progress. Publishing this means more of our colleagues can see what’s happening and what part they play in the process. It’s also the best way to make sure that we’re accountable for the things we build. As our design principles say, if we make things open, we make things better”.

What GDS do
Take a look at https://www.gov.uk/transformation. Exemplar #1 is Electoral Registration – “rebuilding trust in our electoral system and making voter registration more convenient and secure”. What do you find?

“Live, working software that’s already making government services Digital by Default”? No.

“Performance data”? No.

“Screen shots”? No.

Dig a little deeper, click on “our original strategy statement”, and you read: “To support IER and make it simpler for users, a new digital channel will be created and a method for confirming identities will be introduced”.

What “new digital channel”? GDS don’t tell us.

What “new method for confirming identities”? GDSdon’t tell us.

Will voter registration be more “convenient” and more “secure”? Who knows?

Will trust in our electoral system be “rebuilt”? An important question. And GDS aren't helping us to answer it.

For an organisation dedicated to openness and accountability, GDS are remarkably tight-lipped.

22/07/2013

Reply

Updated 27 July 2013
The following comment (#42539) was today submitted on ex-Guardian man Mike Bracken's post, The pivot: from publishing to transactions:

Please Note: Your comment is awaiting moderation.

QUOTE
People are seeing the live, working software that’s already making government services Digital by Default … We are running this programme of continual iteration in the open.
UNQUOTE

GDS may believe this but it is simply not true, please see GDS – an open and shut case.

The behaviour of GDS, which describes its 25 transactions as “exemplars”, needs itself to be exemplary.

27/07/2013

GDS – an open and shut case

The case
Ex-Guardian man Mike Bracken's Government Digital Service (GDS) is "pivoting", he says.

First GDS pioneered the concept of governments publishing data by creating the award-winning GOV.UK website. Now GDS is "pivoting", which means that it's moving on from mere publishing and it's going to pioneer two-way communication with the mob, the mobile vulgus, who are going to be allowed to undertake on-line transactions in the digital-by-default new world.

Tuesday 16 July 2013

IPS temporarily Rapsonless

The Identity & Passport Service (IPS) doesn't exist any more, of course, it's now HM Passport Office (HMPO) and the Home Office is IPSless.

The executive director of IPS between about June 2010 and March 2013 was Sarah Rapson. Her predecessor, James Hall, presided over the British public being over-charged for passports by about £300 million a year. He also presided over the disaster of Whitehall's attempted introduction of state-produced ID cards.

Ms Rapson has delivered a £5 reduction in the cost of a 10-year adult passport since then, from £77.50 to £72.50. Otherwise her tenure seems to have been without incident.

She is perhaps lucky that IPS/HMPO were banned from having anything to do with Whitehall's latest attempt to re-enact the ID cards massacre – that honour goes to the Cabinet Office (individual electoral registration and the Identity Assurance Programme) and the Department for Business Innovation and Skills (midata). If you hold futures in either organisation, sell, sell, sell.

Now her luck has broken.

Home Office press release, 16 April 2013:
New interim Directors General appointed

Two interim Directors General have been appointed to lead the new immigration commands in the Home Office that were announced by the Home Secretary on 26 March.

Sarah Rapson will lead UK Visas and Immigration, bringing her experience of managing a successful customer-focused organisation as Chief Executive of the Identity and Passport Service.

David Wood will lead Immigration Enforcement, drawing on his background with the Metropolitan Police and as Director of Operations for UKBA ...
The history of the UK Border Agency (UKBA) is spectacular and its demise under Rob Whiteman even more so. The Home Office is now UKBAless. It's shattered into three pieces – the UK Border Force, Immigration Enforcement (ambiguous name) and the piece Ms Rapson has picked up, UK Visas and Immigration (UKV&I).

Interim Director General Sarah Rapson gave evidence in front of the Home Affairs Committee on 11 June 2013:



Next day, the Times newspaper reported the session and found themselves with an over-abundance or superfluity or excess or nimiety of scoops. Too many to handle. They settled for Visa system might never be up to job, admits chief.

A month later, the Home Affairs Committee published their report, and they went with Backlogs hit half a million at immigration service. This followed Ms Rapson's revelation that there are 190,000 unresolved immigration cases that her predecessors unfortunately forgot to tell the Committee about.

The Times and the Committee and the BBC could equally well have led with Ms Rapson's management approach – she wants her staff to discover for themselves how to do the job, she doesn't intend to issue "decrees" (16:34:40 to 16:35:44), instead, she's holding "workshops". She has 7,400 staff in 150 countries and an annual budget of £450 million. There's something missing from the concept of leadership there or "command" as Ms Rapson keeps calling it.

Or they could have led with Ms Rapson's repeated claim to have only just started in the job – e.g. "I'm 54 days in" (16:59:43). According to the DMossEsq slide rule, that's nearly eight weeks. Eight weeks in, and she still doesn't know how many categories there are for the cases UKV&I deal with and didn't realise that the category with 190,000 cases in it was new to the Committee. Clearly it takes some time for a new boss to get their feet under the table, but surely eight weeks is long enough to get to grips with some of the basic metrics of the business. If eight weeks isn't long enough, is it ever going to happen?

IPS temporarily Rapsonless

The Identity & Passport Service (IPS) doesn't exist any more, of course, it's now HM Passport Office (HMPO) and the Home Office is IPSless.

The executive director of IPS between about June 2010 and March 2013 was Sarah Rapson. Her predecessor, James Hall, presided over the British public being over-charged for passports by about £300 million a year. He also presided over the disaster of Whitehall's attempted introduction of state-produced ID cards.

Ms Rapson has delivered a £5 reduction in the cost of a 10-year adult passport since then, from £77.50 to £72.50. Otherwise her tenure seems to have been without incident.

She is perhaps lucky that IPS/HMPO were banned from having anything to do with Whitehall's latest attempt to re-enact the ID cards massacre – that honour goes to the Cabinet Office (individual electoral registration and the Identity Assurance Programme) and the Department for Business Innovation and Skills (midata). If you hold futures in either organisation, sell, sell, sell.

Now her luck has broken.

UKBA soon to be Whitemanless

Home Office press release, 27 June 2013:
Rob Whiteman leaves Home Office for new Chief Executive role

Rob Whiteman, Director General of Operational Systems Transformation, is leaving the Home Office to become Chief Executive of the Chartered Institute of Public Finance and Accountancy.

Rob Whiteman, Director General of Operational Systems Transformation, is to leave his role at the Home Office to join the Chartered Institute of Public Finance and Accountancy (CIPFA) as its new Chief Executive.
When he joined in July 2011, Mr Whiteman was chief executive of the UK Border Agency (UKBA). Eight months later in March 2012 he lost the UK Border Force, which was but is no longer part of UKBA. And a year after that in March 2013, the remainder of UKBA was split in two. Leaving Mr Whiteman with nothing to be chief executive of, any more, at least at the Home Office.

Good luck CIPFA.

How many pieces will CIPFA be broken into by March 2015?

As Theresa May, the Home Secretary, says archly in the press release:
He leaves with my very best wishes for the future and I am sure he will be a great success in his important new role at CIPFA.
And what does Mark Sedwill, the Permanent Secretary at the Home Office, have to say about the trail of destruction which is Mr Whiteman's career at UKBA? He speaks in Mandarin, of course, but you can probably manage your own translation:
Rob has made a remarkable contribution to the Home Office over the past 18 months and, on behalf of the department, I would like to thank him for his dedication and leadership.
The Home Affairs Committee routinely accuse UKBA and the Home Office of withholding information and going back on their word. It's not just the lack of accountability the Committee doesn't like. In one excruciating evidence session (15 May 2012), they also unmasked Mr Whiteman as the victim of producer capture, a common Whitehall affliction:
Q151 Chair: ... over the issue of your computer system that crashed at Lunar house. Hundreds of people were turned away, and we hear that some were in tears at the fact that the system did not work. What went wrong? Have we got compensation from the IT company? Will it happen again, and have we rearranged all the appointments?

Rob Whiteman: We contacted people over the bank holiday weekend and rearranged appointments. Around 500 appointments that were cancelled were rearranged. The issues around IT are incredibly frustrating for my staff, as well as for our customers. When I meet staff, it is a constant frustration that systems do not work all the time and that some of the resilience issues do not conform to common standards. In terms of morale and other issues, it is absolutely vital that we get to the heart of these IT problems. They are complex, yes, but-

Q152 Chair: Yes, but we do not want to go into that now. Do we know why it broke down?

Rob Whiteman: We do know why it broke down. It was an error on the network that affected the way appointments were queued from the system, and therefore they could not travel properly around the network. It was an IT failure, but, to answer your question, I have discussed this several times with the Chief Executive of the IT company that is the primary IT provider.

Q153 Chair: What is the company?

Rob Whiteman: I would rather not say.

Q154 Chair: I am sorry, Mr Whiteman; this is a Select Committee of the House-

Rob Whiteman: It is Atos.

Q155 Chair: There is no need to be secret with us; we will find out. It is public money. It is not coming out of your pocket. The taxpayer is paying. What is the name of the company?

Rob Whiteman: Atos.

Q156 Chair: And what was his explanation as to why it broke down?

Rob Whiteman: The reason I was reluctant, Chairman, is that we have a contract with Atos. It is trying its best to resolve the issues, but obviously we are being a demanding client and saying that performance is not good enough.

Q157 Chair: As you should be.

Rob Whiteman: I would not want to cast aspersions on the effort that it is making. It has put an additional team in to try to analyse the problem, and I receive daily and weekly reports from them. The point I would make is that in terms of UKBA improving over the next couple of years ...
Being chief executive of UKBA as was, was probably an impossible job, beyond any human being, and Mr Whiteman is just a human being.

That conclusion is a bit mundane for some. They like something more dramatic in the Guardian. Here's an extract from an open letter they published, from David Walker to Mr Whiteman:
Congratulations on finding a safe passage out of the Whitehall jungle. Senior people at the Home Office, especially those anywhere near the borders, have proved pretty expendable of late, and the Chartered Institute of Public Finance and Accountancy (Cipfa) job came at the right time. Some say those who live by the sword die by the sword. You shafted the UK Border Force's Brodie Clark on behalf of Theresa May and you, in turn, have been shafted by the new permanent secretary, Mark Sedwill, on behalf of Theresa May. She sails on, the Tory leadership in her sights, while all around good people fall to their deaths.
"All around good people fall to their deaths"? That hasn't been reported in the Guardian. Or anywhere else.

Anyway, take your pick, mundane or murderous.

UKBA soon to be Whitemanless

Home Office press release, 27 June 2013:
Rob Whiteman leaves Home Office for new Chief Executive role

Rob Whiteman, Director General of Operational Systems Transformation, is leaving the Home Office to become Chief Executive of the Chartered Institute of Public Finance and Accountancy.

Rob Whiteman, Director General of Operational Systems Transformation, is to leave his role at the Home Office to join the Chartered Institute of Public Finance and Accountancy (CIPFA) as its new Chief Executive.
When he joined in July 2011, Mr Whiteman was chief executive of the UK Border Agency (UKBA). Eight months later in March 2012 he lost the UK Border Force, which was but is no longer part of UKBA. And a year after that in March 2013, the remainder of UKBA was split in two. Leaving Mr Whiteman with nothing to be chief executive of, any more, at least at the Home Office.

Good luck CIPFA.

How many pieces will CIPFA be broken into by March 2015?

mirelationship with midata

"Today’s most successful businesses are the ones that are creative about building customer relationships". That's what Jo Swinson says. It's not obviously true. But she's the Department for Business Innovation and Skills (BIS) minister in charge of consumer affairs and that's how BIS have chosen to try to sell midata.

The consultancy advising BIS on midata, Ctrl-Shift, reckons that these days "the challenge (and opportunity) is to start building an information sharing relationship with customers where both sides use data sharing to save time, cut costs and be more efficient – and to add new value". If you're in any doubt, just remember that "far-sighted managers recognise the ground is shifting under their feet. If they don’t adapt they risk medium to long-term isolation and marginalisation". Are you far-sighted? Or isolated and marginalised.

That message is reiterated by Mydex, the personal data store (PDS) company. Mydex is closely related to both Ctrl-Shift and BIS and they say that PDSs "transform relationships between individuals and organisations to both sides’ benefit" (p.7). And from his position on the midata strategy board, the chairman of Mydex seems to have convinced BIS that midata needs PDSs to work.

The relationship in question is generally between individuals who buy products and services and the companies that sell them. But according to the Young Foundation last November Mydex and its PDSs will also transform the relationship between "the citizen and the state" – "It is a bit like flipping a world where companies engage in ‘customer relationship management’ into one in which individuals engage in ‘vendor relationship management’. Now the citizen is in charge".

And that same promise is made by the Cabinet Office in connection with data-sharing: "Minister for the Cabinet Office Francis Maude today [25 April 2012] made a statement in response [to an article in the Guardian], pointing to the Government’s commitment to putting the citizen in charge, not the state".

Do you believe Mr Maude? Do you even understand what he's saying? You'll be "in charge", not the state – what does that mean?

Are the Young Foundation right when they suggest that the result of sharing your data with, say, Nestlé will be to put you in charge of the company? In what way will telling Nestlé that you like Gold Blend® be to your benefit? What are Mydex talking about? And do you think that Nestlé will be isolated and marginalised if you don't tell them?

Is Jo Swinson right that the most successful companies are those that build a relationship with you and that midata will make the economy grow? Before you answer, would it help to know that BIS's own economist working on midata – David Miller – isn't convinced?

Do you want to be badgered all day every day with a lot of nosy questions about your Gold Blend® consumption? If you ask Norman Lamb, Jo Swinson's predecessor at BIS, what all this relationship lark amounts to, that seems to be the intention: "midata also creates opportunities for new markets to develop where businesses help consumers use their data to make better consumption decisions and lifestyle choices" (p.10).

And how much do you think you'll have to pay for all this helpful lifestyle advice?

What we seem to have here is a concerted campaign whose stated objectives give rise to a lot of questions the answers to which are not obvious. The only effect of this campaign that is clear is that you will hand over all/a lot of your personal data to companies and government departments. Is that what you would like to do? Why?

Remember that Mydex is not just a PDS supplier – it is also one of the UK's eight appointed "identity providers". As part of Mr Maude's Identity Assurance Programme (IDAP), Mydex's job will be to confirm that you are you when you apply for Universal Credit, for example, or when you attempt any other digital-by-default on-line transaction with the government.

You don't think, do you, that a PDS is actually a sort of dematerialised ID card? And that that's actually why all the jovial souls above want you to organise all your data for them? To make IDAP work. At least that would make sense, unlike all the strange claims above.

IDAP was meant to be "fully operational" by March 2013, four months ago. That's what Mr Maude's Government Digital Service (GDS) promised, and there's no sign of it yet. Once these chaps have got used to missing deadlines it tends to become habit-forming. So there's no need to hurry. Take your time before making your mind up.

But if you do ever find yourself being tempted to sign up to midata, do remember that it's not a trivial decision, as Mydex themselves warned everyone the other day ("MIL" = midata Innovation Lab):


mirelationship with midata

"Today’s most successful businesses are the ones that are creative about building customer relationships". That's what Jo Swinson says. It's not obviously true. But she's the Department for Business Innovation and Skills (BIS) minister in charge of consumer affairs and that's how BIS have chosen to try to sell midata.

Saturday 13 July 2013

Economics made simple

The Department for Business Innovation and Skills (BIS) belatedly issued a press release about the midata Innovation Lab which includes this:
Consumer Affairs Minister Jo Swinson said:

"Today’s most successful businesses are the ones that are creative about building customer relationships. The new ’midata’ Lab is an exciting opportunity to put this to the test and explore how businesses could help customers use the data around their spending habits to make better choices.

"There is a lot to be gained from being open and using the information gathered on customers with their knowledge. Developing new and innovative ways to see data also helps improve customer service which will in turn promote growth. I would encourage businesses and developers alike to take advantage of this opportunity and establish themselves as a market leader in the digital market."
Is that true? Do you have a "customer relationship" with Unilever? If not, it doesn't seem to have stopped Unilever from becoming a pretty successful business. What is Ms Swinson talking about? What does she know about economics? Very possibly, nothing, but it doesn't stop her claiming that midata will "promote growth". Utterly unconvincing, where does this idea come from?

Does it come, perhaps, from Professor Sir Nigel Shadbolt's Open Data Institute (ODI)? He's in charge at the ODI and he's in charge of midata and he says::
The Open Data Institute is catalysing the evolution of open data culture to create economic, environmental, and social value. It helps unlock supply, generates demand, creates and disseminates knowledge to address local and global issues.
Where did the ODI get this idea from? Was it, perhaps, from the Shakespeare Review?

Famously, Stephan Shakespeare – the founder of YouGov, the political polling organisation, the man who is devising a national data strategy for the UK – believes simultaneously that (a) you can't tell how much it will cost to open up Public Sector Information (PSI) and (b) the return will be "orders of magnitude" higher than the cost. But where did he get the idea?

Was it, perhaps, from the European Commission? Yes, them again:
Europe's New PSI Directive

... The expected effect of this new set of guidelines is also to generate income, as PSI data is raw ore to developers' — public or private —gold. Neelie Kroes, Vice-President of the European Commission and head of the Digital Agenda, highlighted the potential economic value of going open with PSI: "Opening up public data means opening up commercial opportunities, creating jobs and building communities." She heralds it as a necessary transformation of European public and private culture.

Despite the welcome perspective of promoting transparency and racking up to €140bn in business and employment, critics quibble that the new directive could have gone further ...
Probably. Possibly. Who knows where these Economics for Dummies ideas come from? They're memes. It's all something to do with the hive brain. That's what the artificial intelligence people would have us believe. Neural networks can demonstrate that we bees can take concerted action, but never how we manage it.

So many experts in economics, they pop up everywhere, like mushrooms, but can you be sure that opening up PSI will help the economy to grow by €140 billion? No. You know that.

All you can be sure of is that your personal data will be harvested along with the public data, as the midata Innovation Lab have confirmed (your public education, health and travel data will all be added to your passport number and National Insurance number and bank account details), and that you will be required to store your data in a personal data store (midata), which "identity providers" will then use to confirm your identity whenever you interact with the government to access public services (IDAP/the identity assurance programme).

And don't forget – it's now illegal in the UK not to register on-line to vote.

The economic result of all the proposed data-sharing is unknown. The only thing that's certain is that you will be enrolled in a national or possibly even a pan-European identity management system.

World-class economics expert though she may be, that's what Jo Swinson's really talking about. Even if her officials haven't told her.