Monday 31 August 2015

RIP IDA – as tactfully as possible, the intensive care team take the family aside and prepare them for the inevitable


No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.


OIX, the intensive care team, is well known to DMossEsq's millions of regular readers but for the rest of you:
Open Identity Exchange UK (OIXUK)

This is the UK arm of a global organisation working directly with governments and the private sector developing solutions and trust for online identity, specifically for the British citizen.

OIX UK works closely with the Cabinet Office on the Identity Assurance Programme.  This is the development of the GOV.UK Verify service.  The identity assurance process can also be applied to other, non government websites where proof of identity is wanted.

The OIX goal is to enable the expansion of online identity services and adoption of new online identity products.

We work as a broker between industries designing, testing and developing pilot projects to test real use cases.  All project results are published for the public in the form of white papers.

OIX UK is open to new members.  Non members are welcome to attend our workshops,  membership is preferred for participation in projects – contact us for further information.
OIX has just published not one but two white papers:
Jointly and severally conveyed, the message is the same – there's no hope, IDA is dead, GOV.UK Verify (RIP).

GOV.UK Verify (RIP) is designed to rely on so-called "identity providers" (IDPs). There are currently four IDPs – Experian, Digidentity, the Post Office and Verizon. Together, they are said to constitute a "market" in identity services.

According to OIX's first paper, The use of bank data for identity verification:
  • The current market for identity assurance identity services is not able to serve 100% of the population (p.4).
  • At this time of publication of this paper the GOV.UK Verify [RIP] service is a beta service. It has set a number of objectives to achieve before becoming a fully live service (p.5).
  • In this early market the supply chain of data sources to support the creation of digital identity has not yet evolved to support the GOV.UK Verify [RIP] initiative (p.5).
  • The Digital Data Deficit section below describes how many users assertions of identity cannot be digitally verified (p.5).
  • As a result, some people who don’t have credit accounts (such as a loan, mortgage or credit card) are not able to assert financial evidence (p.7).
  • ... providers are not able to refer to bank account data to establish that an identity has been active over time (p.7).
  • ... resulting in variable results for users and problems can occur when users attempt to validate money evidence (p.9).
  • ... there is insufficient evidence of activity history in currently available data sources (p.9).
  • The current market has need for more data sources to accurately verify identities across a wide demographic (p.12). 
OIX is being as diplomatic as you have to be on these occasions, dealing with the distraught family in the waiting room outside intensive care, but it is clear that as long as GOV.UK Verify (RIP) depends on the current IDPs, it's not going to get out of the beta phase and become live, it's dead.

The banks are thought by OIX to provide the solution to all the current GOV.UK Verify (RIP) problems. In that case, why bother to have the IDPs? They add nothing. They are irrelevant. Appendix B of OIX's paper is a list of the problems faced by the IDPs which can be solved by the banks. Everything that needs to be done can be done by the banks alone.

There is no reason for GOV.UK Verify (RIP) to retain the IDPs and OIX identifies two reasons not to mix them up with the banks:
  • ... digital identity services delivered by non-bank Identity Providers could erode the relationship between banks and their retail customers (p.11).
  • If a financial institution refuses to compensate a customer for the loss of funds arising from misuse of credentials because the customer granted access for an Identity Provider, then broader consumer confidence in the scheme will be undermined by adverse publicity (p.13).
We were originally told that GOV.UK Verify (RIP) would be live by Spring 2013. It wasn't and it still isn't. We are currently meant to believe that it will be live by March 2016. From what OIX tells us, that is clearly impossible.

GOV.UK Verify (RIP) will not survive the amputation of Experian, Digidentity, the Post Office and Verizon. What comes out at the other end will no longer be GOV.UK Verify (RIP). That's what OIX is telling us in its first paper.

We may look at the second paper in a later post, wherein you will discover that there is a keen desire to ignore the privacy guidelines for GOV.UK Verify (RIP), but that's quite enough for now.

----------

Updated 1.9.15

In Whitehallspeak, Experian, Digidentity, the Post Office and Verizon were part of GOV.UK Verify (RIP)'s first "framework".

Out of 80 initial expressions of interest, eight suppliers proceeded to sign a framework agreement with the Government Digital Service (GDS). Cassidian pulled out, as did Ingeus and PayPal, and despite promising repeatedly that they would, Mydex didn't become an IDP after all, which left GDS with just the four above.

A year ago, GDS launched a second framework, and six months later they'd netted five new IDPs – Barclays, GB Group, Morpho, PayPal again and Royal Mail. So now there are nine IDPs supplying GOV.UK Verify (RIP)?

No.

Just four.

The five new prospective IDPs still haven't been "on-boarded", as they say. In fact, they haven't been heard from for six months. Why? Where are they? What's going on?

RIP IDA – as tactfully as possible, the intensive care team take the family aside and prepare them for the inevitable


No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.


OIX, the intensive care team, is well known to DMossEsq's millions of regular readers but for the rest of you:
Open Identity Exchange UK (OIXUK)

This is the UK arm of a global organisation working directly with governments and the private sector developing solutions and trust for online identity, specifically for the British citizen.

OIX UK works closely with the Cabinet Office on the Identity Assurance Programme.  This is the development of the GOV.UK Verify service.  The identity assurance process can also be applied to other, non government websites where proof of identity is wanted.

The OIX goal is to enable the expansion of online identity services and adoption of new online identity products.

We work as a broker between industries designing, testing and developing pilot projects to test real use cases.  All project results are published for the public in the form of white papers.

OIX UK is open to new members.  Non members are welcome to attend our workshops,  membership is preferred for participation in projects – contact us for further information.
OIX has just published not one but two white papers:
Jointly and severally conveyed, the message is the same – there's no hope, IDA is dead, GOV.UK Verify (RIP).

Sunday 23 August 2015

iRevolutionaries firing blanks

• "From the super smart @LouiseDowne"
Ben Terrett, Director of Design, GDS
• "it's the narrative we've been lacking
about why it's vital to focus on user …"
Neil Williams, Product Lead, GOV.UK
• "I will be referring people to this often"
Neil Williams again
Two months ago on 22 June 2015 Louise Downe published Good services are verbs, bad services are nouns on the GDS design notes blog. Her point? Apparently "verbs will change the way your service works".

Ms Downe is the Head of Service Design at the Government Digital Service (GDS) and considerable effort was put into divining what she meant. To no avail. It remains unclear what her advice is how to improve the design of government services.

On 6 August 2015 she published Better services with patterns and standards on the main GDS blog. She's talking about Government as a Platform (GaaP) and she's talking about service patterns. What is a service pattern?

Service patterns, she tells us, are "consistent (but not uniform)" standards that "will provide better interoperability between services, meaning that we can more easily join them up across government" and they will give government "a way to know how to provide a particular type of service well". Also, "service patterns will be our instruction manual for using platforms and registers to build better services".

No example of a service pattern is given. What do they look like? How do they promote interoperability? How do they raise standards? How will people learn from them? And what have service patterns got to do with verbs? All the reader knows is that "we’re still working out how the creation and management of a service pattern works" and "there’s still a lot to work out".

Service design is important. What does the UK criminal justice system (CJS) need? The answer was given on 18 August 2015 by Public Servant of the Year ex-Guardian man Mike Bracken CBE CDO CDO, executive director of GDS and senior responsible owner of the pan-government identity assurance programme now known as "GOV.UK Verify (RIP)": "It needs a good dose of proper service design thinking".

To that end, a multi-disciplinary team has been assembled to examine the CJS which shows that "digital people, technology, and thinking could transform the justice system". How does it show that? The team drew "a map of the entire criminal justice system". What's more, "this is something that's not been done before":


Mr Bracken couldn't be more wrong in this instance. It's been done thousands of times. Search Google for "criminal justice system flowchart" and you get about 157,000 hits. Click on "Images" and you can see as many maps as you like including this one, for example:


You can see the multi-disciplinary team's map but you can't read it. Even the bigger version is illegible. It's impossible as a result to tell whether the team have delivered on Mr Bracken's promise and re-designed the service to replace the present alleged mess which is the UK's criminal justice system.

"Of course it was never designed to work this way", Mr Bracken tells us, "but that's because it was never actually designed. The system we have today is the result of years of accretion, ad-hoc process on top of ad-hoc process, letter by letter, form by form".

While casually debunking the efforts of thousands of law-makers, lawyers and public officials over the centuries – "it was never actually designed" – it seems that it is Mr Bracken's team who have failed to design anything.

They haven't converted the CJS from a noun to a verb. There is no sign of a service pattern, whatever a service pattern is. The one innovation Mr Bracken lays claim to is that the latest map omits mention of any "organisations or government departments. That’s because that's not how users see the system". Says who?

Ignoring the distinctions between government departments is a conceit of the GaaP School. According to Mr Bracken, what would government without departments look like? How would it work? He hasn't told us.

Instead, he has announced his resignation and the government departments will have to soldier on as best they can without a Bracken – "he admits he is tired, and seems worn down by the demands of the job". That's what Computer Weekly magazine tell us in a long report of an interview with him conducted by the editor.

The media feed us a daily diet of cybersecurity breaches. Everyone knows that digital services are not secure. GDS are promoting digital public services. That looks tantamount to luring the public into danger. Despite its great length, there is no mention in the interview of security.

What Mr Bracken did tell the editor is: "It is a matter of fact, not opinion, that despite spending over £6bn a year on technology, digital and associated operations, there isn't a government service [developed by a department] that could be considered as a platform, as in that it works for all parts of government. That is a matter of fact".

No, it's not. It's not a matter of fact. As a matter of fact, we have had the Government Gateway system, a platform which works across all departments, since the turn of the century. It was developed by the Cabinet Office and has been subsequently maintained by the Department for Work and Pensions. For Mr Bracken to ignore it is once again to debunk the efforts of his colleagues.

The Gateway has been starved of resources for years now on the basis that it would soon be replaced by Mr Bracken's GOV.UK Verify (RIP). Years late, the benefits of GOV.UK Verify (RIP) remain on the horizon.

Talking about his four-and-a-half years at GDS, Mr Bracken says "for most of this period, digital has not been an institutional challenge. Now it is". In fact, life in Whitehall did not start with the birth of GDS, Whitehall was digitising where it could for 60 years before GDS existed and digitisation remains a challenge despite the gift of four-and-a-half years of GDS. "We, as a group of public administrators, have confidence we can create digital public services – that just wasn't there when I came". Yes it was.

"We've delivered billions of pounds of savings". Mr Bracken's numbers have turned out to be wrong before. Let's wait to see what the National Audit Office say about the value of savings made thanks to GDS.

Francis Maude, Sir Gus O'Donnell and Sir Jeremy Heywood all called for a revolution in Whitehall. All gave it their active backing through the establishment and subsequent support of GDS.

Revolutions are nasty violent events in which innocent people are hurt while megalomaniacs fight for power. Thank goodness our revolutionaries were firing blanks – "be consistent, not uniform", "show, don't tell", "don't procure, commission", "putting the users first", "good services are verbs", "agile", "cloud", "same, but different", ...

Perhaps "transformation" is a more appropriate word in this case. The UK would not benefit from a revolution but we could certainly do with a major transformation of public administration.

"We have shown we have a track record of delivery". No. Despite all the support they have received, transformation has not been delivered by GDS. It will take time and dedication. Too much time and dedication for Mr Bracken, who after a mere four-and-a-half years is off to work for the Co-op three days a week.

iRevolutionaries firing blanks

• "From the super smart @LouiseDowne"
Ben Terrett, Director of Design, GDS
• "it's the narrative we've been lacking
about why it's vital to focus on user …"
Neil Williams, Product Lead, GOV.UK
• "I will be referring people to this often"
Neil Williams again
Two months ago on 22 June 2015 Louise Downe published Good services are verbs, bad services are nouns on the GDS design notes blog. Her point? Apparently "verbs will change the way your service works".

Ms Downe is the Head of Service Design at the Government Digital Service (GDS) and considerable effort was put into divining what she meant. To no avail. It remains unclear what her advice is how to improve the design of government services.

On 6 August 2015 she published Better services with patterns and standards on the main GDS blog. She's talking about Government as a Platform (GaaP) and she's talking about service patterns. What is a service pattern?

Service patterns, she tells us, are "consistent (but not uniform)" standards that "will provide better interoperability between services, meaning that we can more easily join them up across government" and they will give government "a way to know how to provide a particular type of service well". Also, "service patterns will be our instruction manual for using platforms and registers to build better services".

No example of a service pattern is given. What do they look like? How do they promote interoperability? How do they raise standards? How will people learn from them? And what have service patterns got to do with verbs? All the reader knows is that "we’re still working out how the creation and management of a service pattern works" and "there’s still a lot to work out".

Tuesday 11 August 2015

Groundhog Day

We all woke up in the UK yesterday morning to the Daily Telegraph newspaper, among others, warning us about a ...
Government crackdown on firms employing illegal immigrants

Immigration minister James Brokenshire says the government [is] determined to act against businesses denying work to British nationals and driving down wages

Rogue employers who give jobs to illegal immigrants will be hit with the "full force" of the government machine ministers have warned.

Immigration minister James Brokenshire said the Government was determined to act against businesses which were denying work to British nationals and driving down wages ...
Yesterday was 10 August 2015.

But it might has well have been 28 December 2007, when we all woke up in the UK to the BBC, among others, telling us about a new advertising campaign:
Ads target illegal migrant hiring

A government campaign will warn bosses that they face large fines and prison sentences if they are caught employing illegal migrant workers.

The Home Office will run radio and print adverts ahead of a tightening of the law on illegal labour in February.

Employers could be fined up to £10,000 for every illegal worker they negligently hire, or could face up to two years in prison.

The immigration minister said firms would have no excuse to break the law.

Liam Byrne said: "Illegal working attracts illegal migrants and undercuts British wages. That's why we're determined to shut it down.

"The message is clear for employers - we will not tolerate illegal working."
We've moved on 7½ years and Liam Byrne has been replaced by James Brokenshire but otherwise nothing has changed. The Home Office continues to fulminate about hitting employers with the full force of the government machine which will not tolerate illegal working. That may give the impression of the Home Office taking action but of course that's just what they're not doing. As usual. Nothing changes.

In December 2006, the Identity and Passport Service (IPS) published their Strategic Action Plan for the National Identity Scheme. IPS was part of the Home Office and they promised at Annex 1 (p.25) that an "enhanced employee checking service" would be "available for employers" by June 2007. It wasn't available in June 2007 and it still isn't. IPS has now become HMPO, Her Majesty's Passport Office. Otherwise, nothing has changed.

UK Border Force technology 2015
IPS promised that ID cards would solve the illegal immigration and illegal working problems. They would also stop sex offences, false asylum claims, terrorism, identity fraud and inefficient public services, all thanks to biometrics, according to their 13-page October 2006 cost report on ID cards in which they promoted biometrics as the magic solution no less than 41 times.

The biometrics didn't work, they still don't, neither does the Home Office and now it's up to the Government Digital Service (GDS), part of the Cabinet Office, to identify us all and, presumably, to provide the means for proving our right to work.

It's not ID cards this time. Now it's GOV.UK Verify. Same difference.

Groundhog Day

We all woke up in the UK yesterday morning to the Daily Telegraph newspaper, among others, warning us about a ...
Government crackdown on firms employing illegal immigrants

Immigration minister James Brokenshire says the government [is] determined to act against businesses denying work to British nationals and driving down wages

Rogue employers who give jobs to illegal immigrants will be hit with the "full force" of the government machine ministers have warned.

Immigration minister James Brokenshire said the Government was determined to act against businesses which were denying work to British nationals and driving down wages ...
Yesterday was 10 August 2015.