Wednesday 20 April 2016

Insolvent solutions

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:


Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it.

Were you by chance to view the page source for the Transactions Explorer, in an idle moment, you would see the following scripts:
<script id="ga-params" type="text/javascript">
  var GOVUK = GOVUK || {};
  GOVUK.Analytics = GOVUK.Analytics || {};
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-26179049-1']);
  if(document.domain=='www.gov.uk') {
    _gaq.push(['_setDomainName', '.www.gov.uk']);
  } else {
    _gaq.push(['_setDomainName', document.domain]);
  }
  _gaq.push(['_setAllowLinker', true]);
    // track pixel density ratio
  if (window.devicePixelRatio) {
    _gaq.push(['_setCustomVar', 11, 'Pixel Ratio', String(window.devicePixelRatio), 2 ]);
  }
</script>
...
<script type="text/javascript">
  _gaq.push(['_gat._anonymizeIp']);
  _gaq.push(['_trackPageview']);
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();
</script>
What's that all about?

That's how you get Google Analytics to compile performance statistics for you. A lot of those occurrences of "ga" indicate Google Analytics. Statistics are being compiled for GDS's www.GOV.UK domain, the property ID of which is UA-26179049-1.

You stick that script into all the web pages you want to monitor. And GDS did. Until 2 June 2015, when they upgraded from Google Analytics to Universal Analytics.

Universal Analytics is much better, Google tell us. In particular:
What data does the tracking snippet capture?

When you add either of these tracking snippets to your website, you send a pageview for each page your users visit. Google Analytics processes this data and can infer a great deal of information including:
  • The total time a user spends on your site.
  • The time a user spends on each page and in what order those pages were visited.
  • What internal links were clicked (based on the URL of the next pageview).
In addition, the IP address, user agent string, and initial page inspection analytics.js does when creating a new tracker is used to determine things like the following:
  • The geographic location of the user.
  • What browser and operating system are being used.
  • Screen size and whether Flash or Java is installed.
  • The referring site.
Perfect for calculating your advertising revenue. Or maintaining the audit trail in a transactional system. Or providing circumstantial evidence to corroborate someone's alibi.

But GDS have spotted that people don't like being kept under surveillance. And so a month ago they told us that:
Analytics and performance

To gather performance data for the [GOV.UK Verify (RIP)] service we create our own logging. During the early days of private beta, we started measuring performance using our own logging system, but we now make use of Piwik, an open source web analytics system, which we host ourselves. We chose this so that we could avoid sending data to third party web analytics companies.
That's GDS being sensitive to user preferences, isn't it.

No, it isn't. Piwik collects all the same surveillance data that Google's analytics products do. Maybe more. GDS still get that surveillance data. It's just that Google don't.

Don't they?

What is there to stop Google monitoring www.GOV.UK if they want to?

Nothing.

And not just Google.

What is promoted by GDS as the solution to a problem, isn't. It might look at first blush like a solution. But it's a solution that doesn't solve the problem. It's an "insolvent solution". It doesn't work.

Piwik isn't GDS's only insolvent solution. Their adoption of agile as the exclusive software engineering methodology is another. Ditto Government as a Platform. And the list goes on.

----------

Updated 21.4.16 1

The DMossEsq leader-writers expected a storm of protest over the post above. Hundreds of irate lexicographers complaining about the phrase "insolvent solution".

We had an answer prepared. Solutions have obligations. A solution that doesn't solve the problem it was designed for cannot discharge its liabilities. Which is pretty well the definition of insolvency.

But nobody complained.

Not about that.

What did exercise hundreds of distraught callers to DMossEsq's Pyongyang call centre was GDS's blog post earlier this month, Capturing comprehensive analytics across GOV.UK:
To help us analyse and measure the performance of our content we use Google Analytics, which records the pages users visit.
Are GDS using Piwik, please see above, or are they using Google Analytics? Which is it?

The answer seems to be Piwik for GOV.UK Verify (RIP) and otherwise Google Analytics.

One way and another, don't worry – you are being properly surveilled (surveyed?) by GDS and Google.

Or actually, perhaps you should worry just a little bit. This afternoon GDS published Rebuilding GOV.UK’s publishing platform - an update.

Under the heading Why this work is such a high priority you might expect to see reasons like "to help spend the £450 million the Chancellor unexpectedly gave us" or "one of the joys of agile software engineering is that the job is never done". But, no, GDS give seven other reasons for GOV.UK being an insolvent solution, including this:
5. Querying analytics across GOV.UK

At the moment we can’t follow user journeys across different types of content because of the different applications involved. This change [the re-building of GOV.UK] will mean we’ll have a much better understanding of user journeys, and the improvements we need to make.
It seems that GDS have inadvertently created 141 silos within GOV.UK. Silos that can't communicate with each other. And can't be monitored easily from the performance platform dashboard bunker under Holborn Towers. This situation is demonstrably insufferable:

It may well be that not a single human being has ever complained about this matter in any of GDS's user experience laboratories/interrogation centres. But it's affecting "GDS efficiency". And that means it's a user need.

"We expect this work will continue to dominate our roadmap for much of the 2016 to 2017 financial year", say GDS. What will they find to dominate their roadmap in 2017-18?


Updated 21.4.16 2

Literally years before yesterday, the UK Home Office tried to introduce government-issued ID cards. The project failed spectacularly.

But Whitehall didn't give up. The National Identity Scheme (NIS) was promptly replaced with the Identity Assurance Programme (IDAP), which incorporates GOV.UK Verify (RIP), and work continued.

The problem diagnosed with the NIS was the NIR, the National Identity Register. Get rid of the NIR, and then surely Whitehall's will would prevail.

GOV.UK Verify (RIP) would succeed where the NIS had failed, as long as there was no NIR. That's why the IDAP people came up with the notion of "identity providers", now known less sinisterly as "certified companies".

Plough your way through the GOV.UK Verify (RIP) registration process, and after a while you get to a screen something like this:


You may see different "identity providers" when you try to register. GDS are forever changing their recommended list.

Click on that Why there's a choice of companies link, and this is what you see:
Why there’s a choice of companies

More certified companies means a more secure system – information is not stored in one place, but is split up in lots of different places, making it safer.

It’s your right to choose who you want to deal with from these companies. It’s also your right to change which company you deal with at any time.

When verifying your identity, these companies can use their own records, and they’re certified to access information like credit records. They do this to check information you provide from passports and driving licences is correct.

Certified companies meet strict government privacy standards, so you can trust them with your information. They won’t use your information for any other purpose without your consent.

There’s no effect on your credit score.

Choose a company
"More certified companies means a more secure system" – no it doesn't.

"... information is not stored in one place, but is split up in lots of different places, making it safer" – or less safe.

Registering with a GOV.UK Verify (RIP) "identity provider" requires you to hand over the most minute details of your passport and driving licence to total strangers. When you look into the matter, you find that your personal information is stored all over the world, beyond any possibility of your control or even the UK government's.

GDS were told to do identity assurance with no NIR. They've ended up with eight of them, one per "identity provider".

In what way is GOV.UK Verify (RIP) the solution to the NIR problem? None. It's an insolvent solution.

No comments:

Post a Comment