Thursday, 8 October 2015

GDS, blue badgeholders

There was a cri de cœur the other day on the Government Digital Service (GDS) Twitter feed.

We've been here before. The national Blue Badge Scheme, you will remember, "provides a range of parking and other motoring concessions for people who are registered blind or have severe mobility problems". And clearly the on-line application system had given Ms Haworth a hard time.

GDS never tackled Blue Badge. It isn't one of the 25 exemplars included in their grandly titled "government transformation" programme.

Blue Badge is still a Directgov application, on https://bluebadge.direct.gov.uk/directgovapply.html and we've been here before as well. GDS claimed for years that GOV.UK, the award-winning public face of the UK government on-line, had replaced both Directgov and Business Link.


That claim was false for years and it still is, as Ms Haworth among others can testify.

But there has been progress – the misleading claim to have replaced Directgov and Business Link has now at last been removed from GOV.UK's home page.

As it happens, Ms Haworth is the Group Director of Transformation and Delivery at Torus, a company that focuses on "jobs, health, transport links, digital connectivity and housing" in the UK's North West. She may wonder, as may you, why Blue Badge wasn't one of the transformation exemplars.

We don't know the answer but there is an interview in Computer Weekly with Mike Beaven, the sometime director of transformation at GDS. "Critics pointed to several services as being little more than a new web front end on a pre-existing system", says Computer Weekly, "but Beaven defends the exemplars".

Previously he has claimed that "the programme's ended ... we're only just beginning". That was when GDS had to admit that they hadn't managed to deploy all 25 exemplars.

Now he tells Computer Weekly that the question how many exemplars GDS did deploy is irrelevant: "Whether you launch one or 25, it doesn't matter". Oh yes it does.

Mr Beaven has gone now. Like the GOV.UK claim to have replaced Directgov and Business Link.

Computer Weekly say of him that: "His role at GDS was primarily about liaising with the departments responsible for those transactions and generating the sort of collaborative approach that GDS now wants to be seen as its raison d’etre".

Now? GDS now wants liaising and collaborating to be seen as its raison d'être? What was its raison d'être before, you may ask?

Good question.

And when Public Servant of the Year ex-Guardian man Mike Bracken CBE CDO CDO, executive director of GDS and senior responsible owner of the pan-government identity assurance programme now known as "GOV.UK Verify (RIP)", spoke at the October 2013 Code for America Summit he made the answer limpidly clear.

UK public administration is stuck in the 1950s, he told the Americans and anyone else listening, Whitehall is useless, so is UK local government, so are the people behind President Obama's healthcare system, only GDS understand what's needed in today's world and if they're not given their head there'll be riots in the streets.

This vigorous criticism may be undermined in your eyes by the fact that, unlike his targets, Mr Bracken has no experience of government. Nothing daunted, he repeated the message a year later, announcing that "traditional policy-making is largely broken".

Neither liaison nor collaboration was ever on the menu and now he, too, like Mike Beaven and the GOV.UK claim to have replaced Directgov and Business Link, is gone.

Gone where?

God will not be mocked – Mr Bracken has become chief digital officer at The Co-operative Group.

Richard Pope (see valedictory tweet above) is also leaving GDS. We don't know where he's going but we do know where he comes from – 6+ years with mySociety. Which is where Mr Bracken comes from, too, as he told the Code for America Summit in October 2013. And where Tom Loosemore comes from, as he told the Code for America Summit in October 2014.

Who is Tom Loosemore? He's the deputy director of GDS. At least he was. But now, like Richard Pope and Mr Bracken and Mr Beaven and the claim that GOV.UK replaces Directgov and Business Link, he's gone.

Also gone are Russell Davies (strategy director), Ben Terrett (design director) and Leisa Reichelt (head of user research).

People come and go in any organisation. It's only noteworthy when, as in this case, it's the positions at the top which are cleared out and there has duly been a plethora of "whither GDS?" articles and blog posts here, for example, here, here and here. Not to mention here.

The man left holding the parcel, the new executive director of GDS, is one Steven Stephen Foreshew-Cain. It's open season for giving the poor man advice. What would you suggest?

When GDS say something, it must be true. For example:
  • We can't have the public face of government on-line telling us that Directgov and Business Link have been replaced when they manifestly haven't been.
  • We can't have the executive director of GDS giving the impression in public or in private that GDS's government transformation work has made savings equivalent to 4% of UK GDP, as Mr Bracken did at the Code for America Summit in October 2013, ...
  • ... nor that GDS have got 45 million people up and running with on-line identity assurance. It wasn't true then, it still isn't and it never will be, GOV.UK Verify RIP.
  • GDS have got to stop promising that GOV.UK Verify is "secure". They know it isn't and so does everyone else. The same applies to personal data stores.
  • The pretence that agile development is a silver bullet must be dropped ...
  • ... as must the Pied Piper of Hamelin pretence that it is wise, prudent, responsible or green to lose control of our data and our applications by sticking them in the cloud.
  • The claim that GDS is guided entirely by "user needs" has got to be dropped as long as it conflicts, which it always will, with GDS's senior claim that public administration should be "digital by default", by which they seem to mean mandatory that public administration should be on-line and on-line only and the Devil take the hindmost.
The claim that Government as a Platform could save £30 billion a year based on making a laughable analogy between running the UK and running a community nursing scheme has got to be volubly disowned.

GDS have got to clarify their position on data-sharing. There's big data, open data, public data and personal data. GDS say that people own their personal information and that people should have control over how it is used and by whom. They don't say what they mean by "own" here, they provide no "control" and their every action promotes incontinent data-sharing and relies on it. There's a circle for Mr Foreshew-Cain to square.
And Mike Beaven is right. GDS have to liaise and collaborate with their colleagues in government, not least because it's those colleagues and not GDS who take the rap when something goes wrong, like the ignominious collapse of DEFRA's Basic Payment Scheme. Power without responsibility? GDS will get nowhere and they have got nowhere by pretending childishly that everyone else is stupid and that no-one else understands the biblical import of Amazon, Facebook, Apple, eBay and the internet.

There's a lot of work for Mr Foreshew-Cain to do ...

... which, Ms Haworth may legitimately point out, leaves us still with the Blue Badge problem.

HMRC have always been the leaders in digital transformation and they always will be. Why? Because they raise money for the government.

DWP (work and pensions), the NHS (health) and the Department for Education will always be the laggards. Why? Because, unlike Amazon, Facebook, Apple and eBay, they spend government money.

So does the Blue Badge scheme. It costs money. Cynical prediction:
  • Blue Badge application forms will consequently always be made as hard as possible to complete, ...
  • ... it will always be made as hard as possible to prove that your mother qualifies for a Blue Badge.
  • Applying for a Blue Badge will not be included in any successor to GDS's 25 exemplars programme.
  • And if you think you or your mother can get any help from GDS's assisted digital initiative, just take a look – assisted digital keeps starting and starting again but not assisting.
----------

Updated 9.10.15

Enough already

The suggestion is made above that GDS should turn over a new leaf.

Has anyone read Government as a platform for the rest of us on the GDS blog?

If that post is to be believed:
Services will be quicker, easier, and cheaper to create ... With these shared components doing all the hard work behind the scenes, service teams can focus solely on building what their service needs to do ... Another component is data ... we’ve put together design patterns and a development toolkit ... When it's so simple to create services, you can create them as experiments. They can be almost disposable ... Platforms stimulate markets, and markets drive innovation ... If we create platforms based on open standards and interoperability, we automatically create competition and drive innovation ... Services can change as policy and circumstances change ... So when policy changes, or when circumstances force change to happen, it can. Quickly, without fuss ... Everything’s built on standards and designed to interconnect ... Services are closer to policy intent ... That’s what Government as a Platform means. That’s why it matters ...
But no-one level-headed is going to believe it.

Components/objects/classes were marketed as the solution to software engineering back in the 1980s, 30 years ago. The benefits promised breathlessly by over-enthusiastic salesmen didn't arrive and there's no reason to believe that they will arrive now with the simple addition of the word "platform".

You'd have to have been born yesterday.

You'd have to be soft in the head.

"Show, don't tell" – that's one of GDS's mottos. We've had the telling for decades from GDS and its predecessors. And for decades we haven't been shown.

Enough already.

Time for GDS to turn over a new leaf.



Updated 10.10.15 #1

The suggestion is made above that GDS should turn over a new leaf.

"GDS have got to clarify their position on data-sharing", we said.

In Government as a platform for the rest of us GDS tell us that:
Right now, government data is stored in many different ways, frequently duplicated and hard to keep up-to-date. All those problems make it hard to put to good use. We have bad data, not good data.

When we start building platforms, data becomes another shared component in the system. Standards ensure it is accessible by other components. It is maintained and curated by departmental teams who understand it best. Users are given control over their personal data, so they can choose which services can see it and when.
It's never quite clear what GDS mean by a "platform" but it is clear that, whatever they mean, platforms entail massive data-sharing which, GDS somehow believe, gives users control over their personal information.

Is it the users who would have control over their own personal information in GDS's new world?

Or is it this mythical band of all-wise "departmental teams who understand it best"?

GDS's bubbly prose, all excited with the novelty and energetic certainty of "platforms", seems to have at its heart the relatively dreary and antique busted flush nostrum first articulated by Douglas Jay in 1937:

"the gentleman in Whitehall
really does know better
what is good for people
than the people know themselves"


GDS. Must try harder.


Updated 10.10.15 #2

The suggestion is made above that GDS should turn over a new leaf.

"GDS have got to clarify their position on data-sharing", we said.

In Government as a platform for the rest of us GDS tell us that:
Platforms stimulate markets, and markets drive innovation ... Government’s current siloed approach stifles innovation, and leads to various problems ... If we create platforms based on open standards and interoperability, we automatically create competition and drive innovation. That means more providers and lower costs.
GDS claim that platforms automatically drive innovation. Is that true? Who says? How do they know?

There is a cadre of open data enthusiasts including Francis-now-Lord Maude of JFDI, David Gauke MP, Professor Sir Nigel Shadbolt, Dr Kieron O'Hara, Stephan Shakespeare and Tim Kelsey (now transported to Australia). According to them, it's open data that stimulates innovation, not platforms.

They can't both be right, GDS and the open data cadre. They could both be wrong. What do they know about innovation?

Professor Sir Nigel and Dr O'Hara say in their book The spy in the coffee machine – the end of privacy as we know it that: "sharing information across government databases will dramatically increase governmental powers – otherwise the UK government wouldn't have proposed it" (p.95). That doesn't seem to have anything to do with promoting innovation.

Never mind the half-baked and contradictory reasoning, whatever the true motive, some people want us to make all our personal information public and they don't mind inverting the British Constitution to have their way.

Time was when personal information submitted to the UK government was treated by default as confidential. Her Majesty's Revenue and Customs (HMRC), for example, is governed by the Commissioners for Revenue and Customs Act 2005 (CRCA):
CRCA prohibits the disclosure of information held by HMRC in connection with its functions except in limited circumstances set out in legislation. This prohibition applies to all information held by HMRC in connection with its functions and reflects the importance placed on 'taxpayer confidentiality’ by Parliament when the department was created. There is additional protection for information that relates to an individual or legal entity whose identity is specified in the disclosure or can be deduced from it (‘identifying information’), in the form of a criminal sanction for unlawful disclosure.
We could depend on it.

Not now.

Not any more – at their 2013 Summit at Lough Erne, the G8 issued this Declaration:
We, the G8, agree that open data are an untapped resource with huge potential to encourage the building of stronger, more interconnected societies that better meet the needs of our citizens and allow innovation and prosperity to flourish ... the UK helped secure the G8’s Open Data Charter, which presumes that the data held by Governments will be publicly available unless there is good reason to withhold it.
One minute the disclosure of information is prohibited except in limited circumstances set out in legislation. Next minute it's publicly available unless there is good reason to withhold it.

What's that?

That's a Constitution being stood on its head, that's what that is, with the thoughtless assistance of GDS. Time to turn over a new leaf.


Updated 12.10.15

The suggestion is made above that GDS should turn over a new leaf.

According to GDS: "If we create platforms based on open standards and interoperability, we automatically create competition and drive innovation".

Could we have an example, please?

Yes:
For example: look at GOV.UK Verify [RIP], which is stimulating the identity services market. It is setting standards, aggregating demand across government and government services, building a whole new market for identity services in the UK. New identity services are springing up and moving from 'clever idea' to 'commercial product' very quickly.
Clever ideas and commercial products
Not a very good example, though. "New identity services are springing up and moving from 'clever idea' to 'commercial product' very quickly"? How quickly?

GOV.UK Verify (RIP) is GDS's putative identity assurance platform. What with all this competition that platforms are supposed to create and all this innovation that is supposed to be driven you might think that there are scores of clever ideas that have already become commercial products.

Not just scores. Maybe hundreds of them.

But not a single clever idea based on GOV.UK Verify (RIP) is named. Let alone a commercial product. Ask GDS to name 10 of them. Or five. Maybe they can and they just forgot to mention them. Or maybe they can't and they've confused wishful thinking with reality.

Aggregating demand across government
What's all this about "aggregating demand across government and government services"?

We are familiar with the problems people face today trying to use GOV.UK Verify (RIP) to transfer marriage allowance between spouses/civil partners. Many of them can't get GOV.UK Verify (RIP) to "provide" them with an "identity". Which means they can't get their marriage allowance transferred. Not on-line, at least. Which is embarrassing HMRC.

Transferring your marriage allowance is a statutory right. GOV.UK Verify (RIP) is coming between people and their rights.

HMRC's comment? "It’s not our IT system; it’s the Cabinet Office’s".

GDS call that "aggregating demand". They might more properly call it "failing to satisfy demand".

Your invitation to the Identity Summit held last Thursday, 8 October 2015, may have been lost in the post. DMossEsq's invitation certainly was. Luckily there is a report in Computer Weekly magazine ...

... according to which the NHS looked at GOV.UK Verify (RIP) and rejected it. They don't like the use made of the "identity providers" in GDS's framework. Unless they, the NHS, themselves become an "identity provider". The "identity providers" can't do the identity assurance job they've been appointed to do. The NHS could do it or, to put it another way, the NHS don't need GOV.UK Verify (RIP).

Once again, what GDS call "aggregating demand" might more properly be called "failing to satisfy demand". Using GOV.UK Verify (RIP) as an example of the guaranteed benefits of platforms is looking less and less like a wise choice.

And it gets less wise still ...

Basic accounts
... because next day, 9 October 2015, Janet Hughes published Basic identity accounts trial - an update on the identity assurance blog.

Ms Hughes is the director of the identity assurance programme and she tells us that GDS and the "identity providers" are currently working hard on providing "basic" accounts. A "basic" account is a non-verified account. It's there for people like the marriage allowance transfer claimants above who can't get past GOV.UK Verify (RIP).

Is this a clever idea? To an outsider that might look like a lot of hard work going into a new GOV.UK Can't Verify (RIP) service. Or it might just look like the end of the road.

Levels of assurance
GDS is "setting standards", if you remember.

What standards?

Consider. GOV.UK Verify (RIP), on those occasions when it works, verifies your identity. So they say. But how confident can a public authority like HMRC be that you are who you say you are? The answer is, according to GDS, that there are different levels of assurance. One standard that GDS have set, among others, is for the different levels of assurance.

LoA3 (level of assurance 3), for example, means that the "identity provider" has evidence good enough for a criminal court that you are who you say you are. LoA2 is good enough for a civil court. LoA1 is just self-certification and is of little value to anyone.

No-one has yet reached LoA3 with GOV.UK Verify (RIP) and, according to OIX, they haven't reached LoA2 either.

OIX is the Open Identity Exchange and they're GDS's business partner in identity assurance. They say that the current "identity providers" can't do their identity assurance job. GOV.UK Verify (RIP) needs the banks on board. Adding the banks "would help [to] achieve the required standards against the 5 elements of identity assurance at level of assurance 2", please see The use of bank data for identity verification, p.11.

Misleading the public
GDS remind us that despite these problems Ms Hughes tried to enthuse 200 entrepreneurs at the Follow the Entrepreneur conference held on 4 September 2015. GOV.UK Verify (RIP) with its sub-LoA2 identities rejected by the NHS and causing embarrassment to HMRC not to mention frustration to the civilian population is the perfect platform on which these entrepreneurs can convert "clever ideas" into "commercial products". That is presumably the GDS pitch.

And a surprising pitch it must seem not only to the entrepreneurs but also to the aforementioned civilians who have so far been led to believe that GOV.UK Verify (RIP) is only meant to allow them to transact with government – "GOV.UK Verify [RIP] is the new way to prove who you are online, so you can use government services like viewing your driving licence or filing your tax".

Not having been prepared for it, the public may be a little upset to discover that it's also meant to provide a platform for "commercial products". They may feel that they have been misled.

Couldn't GDS have chosen a better example to demonstrate the merits of platforms?

Presumably not.

Time to turn over a new leaf.


Updated 19.10.15

The suggestion is made above that GDS should turn over a new leaf.

It doesn't seem to be happening.

To mark the third birthday of the award-winning GOV.UK, the public face of the UK government on-line, the Government Digital Service (GDS) tweeted a lot of brightly-coloured numbers:


There are 60 million of us in the UK, every one of us has some sort of interaction with the government and GOV.UK is pretty well the only show in town. Is 909,309,367 a lot of views? How many views should there be? Is this a case of the more the better? Perhaps there shouldn't need to be so many views – are we perhaps looking at failure? God knows what these numbers are meant to demonstrate. DMossEsq wanted to know, too:


No answer, of course.

But then New Zealand came on the line.

New Zealand, you should know, have actually got on-line identity assurance up and running, unlike some people we could mention, no names no pack drill GOV.UK Verify (RIP). And they were impressed:


Why? Why were they impressed? What had impressed them about the brightly-coloured numbers? What did New Zealand think these numbers demonstrate? DMossEsq asked and, unlike dealing with GDS, back came the answer:


GDS used to house the UK government's chief data officer. They're supposed to be helping the Office for National Statistics (ONS) with the collection and presentation of UK metrics. And they've managed to mislead the public authority of New Zealand into believing that there have been 909 million logins to GOV.UK Verify (RIP).

A quick perusal of the GOV.UK Verify (RIP) dashboard will leave you, too, confused. There seem to have been 0.725 million "authentications" to date including 0.185 million from "basic" accounts. "Basic" accounts are accounts which GOV.UK Verify (RIP) couldn't verify. "Authentications" seems to be the sum of the number of accounts created and the number of sign-ins.

Whatever it does mean, it doesn't mean 909 million logins and New Zealand have now changed the object of their congratulations:


Good luck to the ONS.

Time for GDS to turn over a new leaf.


Updated 3.11.15

The suggestion is made above that GDS should turn over a new leaf.

Sad, but it doesn't seem to be happening, Steve Foreshew isn't getting a grip.

GDS's identity assurance service, GOV.UK Verify (RIP), is meant to verify people's identity. Thus the name, "GOV.UK Verify (RIP)". Faced with their inability to reach level of assurance 2 – verification acceptable to the civil courts – what have GDS done?

Answer, they've introduced so-called "basic" GOV.UK Verify (RIP) accounts, level 1 accounts, self-certification, unverified accounts on which neither Whitehall departments nor private sector entrepreneurs can rely.

Not only that, they've reduced the number of pieces of evidence required to verify identity from three to two, thereby diluting the assurance. And, the last refuge of the scoundrel, they've introduced face recognition biometrics into the verification process, "you can take a photo of yourself instead of answering questions based on credit history".

Mr Foreshew may also like to take a look at the progress reports which his GDS colleagues publish on GOV.UK Verify (RIP):
  • The sixth progress report was published yesterday and maintains the tradition of moving all the deadlines forward several months from the previous report without achieving any progress in between.
  • It also continues to include in the list the digital services to which GOV.UK Verify (RIP) is connected (see Table 1) digital services which don't exist (DEFRA/Claim rural payments) and digital services to which GOV.UK Verify (RIP) is not connected (HMRC/Marriage allowance).
Time for GDS to turn over a new leaf.

2 comments:

Francis Irving said...

Ummm, "open data" isn't about opening private data, but opening public data.

The difference is clearly defined in the FOI and Data Protection acts.

Not sure where you're getting the idea that the G8’s Open Data Charter is about publishing citizen's private data, rather than about publishing the internal workings of Government.

David Moss said...

Francis, thank you for your comment on the two 10.10.15 updates above.

Re "the internal workings of Government", data.gov.uk publishing monthly departmental expenditure invoice by invoice is a Good Thing and I trust that it will continue.

Those invoices are an obvious example of open data. It's not always so obvious whether a given dataset is in the class Open. If it was then David Gauke MP, the Exchequer Secretary to the Treasury, wouldn't have had to publish Sharing and publishing data for public benefit.

Where the FOIA and DPA definitions don't settle the matter, the acceptability of disclosure becomes a matter of wise and sympathetic judgement.

I see no sign of that in Stephan Shakespeare's work on PSI. And yet Mr Gauke's "consultation" on data-sharing uses the Shakespeare Report as cover.

I see no sign of good judgement in Tim Kelsey's care.data proposals. Nor in the BIS proposals for midata.

As far as I know, Nigel Shadbolt is still chairman of the midata programme as well as chairman of the ODI. And BIS now houses Francis Maude, famous for declaring the laws covering data-sharing to be "myths". Myths that he intends to "bust".

I take it on trust that Ross Anderson and Martyn Thomas are right to argue that anonymisation is either very difficult or impossible.

I doubt Nigel Shadbolt's assertion that open data causes innovation.

I question the implicit assumption that if the state knew more it would do better – that's certainly not the way it panned out for the Child Support Agency, the CSA knew everything but still managed to make its parishioners more miserable.

That's the sort of place I get the idea that the Open Data Charter is not all good news.

If the Charter does turn out be a dishonourable proposition, a critic might point out that it was pretty feeble to ignore the Shakespeares and Kelseys of this world, who have made their intentions perfectly clear, and rely for your defence on FOIA and DPA.

Post a Comment