Saturday 21 March 2015

The system is fine. It's the users that don't work



It has fallen to Bryan Glick, the estimable editor of Computer Weekly, to perform the first post mortem on the Rural Payments Agency's (RPA) computerised Basic Payment Scheme (BPS) which was discontinued yesterday and replaced with paper – "successive software releases failed to resolve the problems with the mapping tool".

We have known for two years that Mr Mike Bracken, the executive director of the Government Digital Service (GDS), was heavily involved in the development of BPS. "I'm on the Board", as he told us, "I'm trying to help them every week ... GDS will be working very closely with them ... it's going to help us deal with Europe in a different way, and quite rightly we're building it as a platform. It's going to be another example of government as a platform".

Mr Glick reveals that in addition, Mr Liam Maxwell, the Government's Chief Technology Officer is also the senior responsible owner of BPS, "overseeing progress", and that this is a mark of "the importance of RPA to the GDS strategy".

These are highly respected people:
Highly respected, but it doesn't seem to have helped with BPS.

Perhaps the cheerleaders who voted for Messrs Bracken and Maxwell should have looked harder at that GDS strategy, which was heavily criticised at the time by at least four professors:
  • The professors deemed the strategy to be too flimsy, the detail was missing, it was going to be of no practical assistance to a large local authority or, as it turns out, to RPA.
  • The strategy underestimated the complexity of ultra-large-scale government systems, it ignored the relevant academic studies that might have helped GDS to understand the "complex cultural, political and regulatory environment" in which the "technologically diverse, long-lived set of transactional services" of government have to operate.
  • Against that, the appeal to open source, agile, the cloud and SMEs is "over-simplistic", the professors said. "There are risks that rapidly changing [agile] services will deter the takeup of digital services, not encourage it" and "the [Government Digital Strategy] is remarkably (perhaps alarmingly) silent on the issue of how to coordinate SMEs in project delivery":
  • Both of those problems have been experienced by BPS according to Mr Glick. "The iterative development process was also causing problems for farmers. “The system is frequently going down at short notice for upgrades, making it difficult for farmers and agents ...".  One of the suppliers is a "Belfast company that uses offshore developers in Gdansk, Poland", there are "hundreds of IT experts" also involved and more than 100 products that need to be integrated.
  • "We see little discussion of a concrete and practical change management process to support the 'digital by default' strategy", the professors said, back in January 2013. Two years later, that is clearly still a problem.
And what does Mr Glick say?
... the complex guidelines for the new Basic Payment Scheme (BPS) runs to 84 pages ... the situation differed considerably from the days of SPS [the predecessor system].
Clearly we're not dealing with anything "ultra-large-scale" here. That can't be the problem. Nor can the considerably different situation – there are still only 84 pages and the RPA have had at least two years and £154 million to work on BPS with the assistance of GDS's agile expertise.

"Scalability of the system had already been identified as one of the biggest challenges", according to Mr Glick:
GDS chief Mike Bracken acknowledged the complexity involved in a blog post in December 2014. “It’s not just the policy that’s complex. For this exemplar alone, we’re talking about roughly 110,000 farmers and 1,200 land agents,” he wrote.
By no stretch of the imagination is 112,200 111,200 people a large user base, 84 pages do not make for a complex policy – wait till GDS see the 15,000 pages of our tax code – and if the problem of scalability had been identified why did anyone inflict the system on the poor unfortunate users, particularly GDS, who claim to put the user uniquely first?

Mr Bracken is further quoted as saying:
Farmers themselves are a diverse group of people, whose properties can range from a smallholding to an industrial-scale business. The average age of farmers in the UK is also quite high, with many in their 60s and 70s.
Is Mr Glick complaining or being asked to complain that farmers aren't standard enough? And that they're too old, damn them? And too stupid: "There must have been question marks around how less digitally literate farmers would cope"? And even worse, that they live in the countryside?
Broadband access in remote rural areas was another issue, said ... a report in Farmers Guardian.
The system is fine? It's the users who don't work?


GDS will be working very closely with them ...
It's going to be another example of government as a platform ...

The system is fine. It's the users that don't work



It has fallen to Bryan Glick, the estimable editor of Computer Weekly, to perform the first post mortem on the Rural Payments Agency's (RPA) computerised Basic Payment Scheme (BPS) which was discontinued yesterday and replaced with paper – "successive software releases failed to resolve the problems with the mapping tool".

Friday 20 March 2015

Agile@DEFRA

Just another government IT failure, BBC news website:
A multi-million pound government IT system to process EU subsidy payments for farmers has been largely abandoned following "performance problems".

The system will be re-launched next week with farmers asked to submit Basic Payment Scheme claims on paper forms.

Farmers say they have struggled with the £154m website for months ...
Or is it?

Perhaps this government IT failure is special.

DMossEsq's millions of readers will remember that the Government Digital Service (GDS) used to entertain us once a week with their Friday Message. Here's an extract from their message of 11 January 2013, an interview with Public Servant of the Year ex-Guardian man Mike Bracken CBE CDO, executive director of GDS and senior responsible owner of the non-existent identity assurance programme:
Interviewer: Looking back at the end of 2012, what do you think about?

PSotY: I think about delivery. I think it was a brilliant year, and it was capped off in fine style by the publication of the departmental digital strategies. I think getting those departments to make that ambition statement was a tremendous achievement, because it gives us our next step of our mandate. Martha gave us our publishing mandate, and we've now got our transaction mandate. It's going to be fantastic.

Now we can get on with the job of delivering major transformation right across the government's estate: tax, land management, justice, all those departments, all the great stuff to come.

Interviewer: You've just recently come back from Reading...

PSotY: I have. I go weekly now. I go to the meeting of the Common Agricultural Policy Reform Group. It's the RPA. It's the Rural Payments Agency.

Why I'm so excited about that is because they've embraced agile completely. They're going with an agile build out of a whole new programme. That's going to affect everyone in this country, and how they deal with land management, all the farmers, all the people who deal with crops, all the data. It's going to create, I think, a data industry around some of that data.

It's going to help us deal with Europe in a different way, and quite rightly we're building it as a platform. It's going to be another example of government as a platform.

I'm on the Board, and I'm trying to help them every week, and GDS will be working very closely with them to deliver that.

I've already seen a prototype. We're going to be showing that soon. It's really, really exciting. It was created so quickly, such a small amount of money compared to some of the big IT programmes that have preceded it. It's just a new way of working, and RPA have really embraced the whole spirit, as well as the whole emphasis behind the digital strategies.
No wonder he didn't mention DEFRA in his Guardian article earlier this week, Firms still have time to adapt to the digital age – but they're cutting it fine, in which he lectures the ignorant on GDS's putative agile successes.


... they've embraced agile completely ...

Agile@DEFRA

Just another government IT failure, BBC news website:
A multi-million pound government IT system to process EU subsidy payments for farmers has been largely abandoned following "performance problems".

The system will be re-launched next week with farmers asked to submit Basic Payment Scheme claims on paper forms.

Farmers say they have struggled with the £154m website for months ...
Or is it?

Thursday 19 March 2015

Budget travel to Estonia

The UK Chancellor of the Exchequer delivered his 2015 Budget report yesterday.

The media have clocked all the good jokes, please see for example How George Osborne's Budget jokes cost Britain £81m.

A selection of press release jokes issued by the Department for Business Innovation and Skills some time ago without anyone laughing:

• 1.11.12 More than £1 billion to be invested in UK science and research
• 5.11.12 New powers for courts to improve justice for wronged consumers
• 6.11.12 Government to care homes sector: help us improve enforcement of regulation
• 8.11.12 Fallon to big businesses: Commit to paying suppliers on time, or be named
• 8.11.12 Use of Civil Sanctions Powers Contained in the Regulatory Enforcement and Sanctions Act 2008
• 9.11.12 UK space industry set to rocket with £240 million of investment
• 9.11.12 Government to invest £20 million in synthetic biology
• 13.11.12 Mums and dads will share parental leave
• 14.11.12 Business Secretary’s statement on European Commission’s proposed directive on improving gender balance on Europe’s corporate boards
• 15.11.12 Business Minister hails North East Regional Growth Fund success
• 16.11.12 Business Minister announces £40 million boost for high growth SMEs
• 17.11.12 New power to boost consumers’ access to data
• 20.11.12 £150 million for businesses to build skilled workforce
• 21.11.12 £400 million boost to England’s colleges
• 21.11.12 UK secures £1.2 billion package of space investment
• 22.11.12 Government sets out steps to change culture in UK equity markets
• 23.11.12 Bureaucracy busting boost for street traders
• 23.11.12 Emerging technologies to drive growth identified
• 26.11.12 Multi-million pound boost for UK manufacturing supply chains
• 28.11.12 Green bank opens for business
• 28.11 12 Lord Currie sets out vision for new Competition and Markets Authority
• 30.11.12 Business Secretary urges headhunters to seek out new female talent
• 3.12.12 Boost for UK automotive supply chains
• 4.12.12 Groceries Adjudicator to have new power to fine supermarkets
• 6.12.12 Vince Cable launches schemes for skills and jobs on South Coast
• 6.12.12 New £550m capital investment programme will transform FE colleges
All po-faced, they say: "While Tory MPs cheered a series of one-liners aimed at Ed Miliband and Labour, taxpayers will be covering the bills". Taxpayers cover the bills whenever politicians open their mouths. Yesterday's announcements were no different.

And while they were busy being all reproving, the Puritan press missed the bad jokes, see particularly p.27:

1.76 Budget 2015 announces that the digital ambition will extend beyond central government and arms-length bodies, to consider local services. HM Treasury, the Department for Communities and Local Government and the Government Digital Service will collaborate with partners in local government, as the sector develops a set of proposals that will enable more customer-focussed, digitally-enabled and efficient local services in time to inform future budget allocations.

1.77 In this Parliament the government has delivered significant savings from centralising the procurement of goods and services. Budget 2015 announces that, following a successful trial, the government will implement ‘GOV.UK Verify’ – a new way for people to prove their identity online when using government services – across central government. This means that departments will use the same tool for their digital services, reducing duplication. Further, to prevent individual departments paying different amounts to either build their own data centres or outsource this service, the government will create a joint venture to host departments’ non-cloud based servers, which could save up to £100 million.

And p.37:

1.108 Building on these foundations, Budget 2015 announces that the government will transform the tax system over the next Parliament by introducing digital tax accounts, removing the need for annual tax returns. By the end of the next Parliament over 50 million individuals and small businesses will be able to see and manage their tax affairs online.

We have noted this government's green ink fascination with Estonia before, please see for example Francis Maude seeks future in Estonia and RIP IDA – The Road to Estonia.

Estonia provides all or most of its public services on-line. So we are to have digital-by-default in the UK.

Estonia only needs one website. So we are to have one website in the UK for all of central government and for all of our 450 or so local authorities (para.1.76 above), never mind the fact that the entire population of Estonia is little bigger than the London Borough of Ealing.

Estonia relies on issuing everyone with a central government ID. So we are to have GOV.UK Verify (RIP) in the UK (para.1.77 above):


The UK should be more Estonian

Estonians can complete their tax returns in 19 seconds. So we are to have digital tax accounts (para.1.108 above) in the UK:



There will be all sorts of promises about the security of these systems. You can't put them in the bank but never mind, the Chancellor must have his little joke, let's go all the way, Tallinn here we come, for "Estonia", read "the UK": Estonia hit by 'Moscow cyber war'.

Budget travel to Estonia

The UK Chancellor of the Exchequer delivered his 2015 Budget report yesterday.

The media have clocked all the good jokes, please see for example How George Osborne's Budget jokes cost Britain £81m.

Tuesday 17 March 2015

The lesson of the web? There. Is. No. Such. Thing. As. A. Secure. Website.

There is no such thing as a secure website.

You know that.

You've read the papers, listened to the radio, watched TV and browsed the web. You know Sony were hacked. You know JP Morgan Chase were hacked. And Lockheed Martin and the US State Department.

You know that. They know it and so does everyone else – there is no such thing as a secure website.

Knowing that, if someone offers you a web service and promises that it's secure, how do you react?

It doesn't matter who that someone is, it doesn't matter how often they claim to take security seriously, it doesn't matter if they claim to have learnt the lessons about privacy and confidentiality and security, the promise is suspicious.

Does this someone believe that you can't read or understand the news or draw elementary logical conclusions from the unmistakable evidence?

They must do.

They must think they're marketing to cretins.

It's extraordinary that anyone in the 21st century is still offering security on the web. We all know that it's not available. That's the lesson of the web. There is no such thing as a secure website. If you don't get that, you don't understand the web.

Anyone who takes your intelligence seriously will acknowledge that when they market to you. They will say that they take all due care and they expect you to take all due care but that security breaches are inevitable and that there is a well-oiled compensation scheme in place for when they happen.

Anyone else now, today, in the 21st century, looks like nothing more than an old-fashioned mountebank.

----------
October 2010Unicorns
15.5.13"When it comes to cyber security QinetiQ couldn’t grab their ass with both hands"
22.10.13Hyperinflation hits the unicorn market
16.2.14Some people must think that the British public is a cretin
30.3.14The Scottish on-line security experiment
7.8.14Cloud computing goes up in smoke
24.2.15RIP IDA – "we're building trust by being open"
12.3.15Current and future uses of biometric data and technologies
......

The lesson of the web? There. Is. No. Such. Thing. As. A. Secure. Website.

There is no such thing as a secure website.

You know that.

You've read the papers, listened to the radio, watched TV and browsed the web. You know Sony were hacked. You know JP Morgan Chase were hacked. And Lockheed Martin and the US State Department.

You know that. They know it and so does everyone else – there is no such thing as a secure website.

Knowing that, if someone offers you a web service and promises that it's secure, how do you react?