DMossEsq: CSC

Showing posts with label CSC. Show all posts

Monday, 12 November 2012

Whitehall governance, and GDS's fantasy strategy

For some time now, the Government Digital Service (GDS) have made the meaning of their digital-by-default agenda clear – they want the UK to be like Estonia.

It is thanks to the fact that practically every service in Estonia is delivered over the web that, back in 2007, Russia was able to bring the country to its knees in a matter of days. If GDS succeed with their "modernisation" plans, there will be nothing to stop that happening here in the UK.

GDS are in awe of the financial success and popularity of Apple, Amazon, eBay/PayPal, Google and Facebook. With no experience of government behind them, the over-promoted software engineers at the head of GDS want to bring their heroes' tricks to the delivery of public services in the UK.

Sensible people will see Facebook et al as latter-day Pied Pipers of Hamelin – sensible people, including the tens of thousands of public servants who will be laid off and replaced by GDS's computers when government is, as they say, "transformed".

Many of these organisations are famous for avoiding tax on their UK profits and for using their near-monopolies to tyrannise their suppliers and to milk their customers. But GDS somehow maintain their naïve veneration and on 6 November 2012 they published their Government Digital Strategy.

This fantasy strategy is an elaboration of Martha Lane Fox's ideas, set out in her October 2010 letter to Francis Maude, Directgov 2010 and beyond: revolution not evolution. Ms Lane Fox is the Prime Minister's digital champion, she's a historian, and when she says "revolution" she means it.

Her revolutionary fervour is carried over into last week's GDS strategy, which Sir Bob Kerslake – head of the home civil service, permanent secretary at the Department for Communities and Local Government (DCLG) and previously the chief executive of first the London Borough of Hounslow and then Sheffield City Council – has greeted with a post on GDS's blog, Welcoming the Digital Strategy:

Our reform plan also made a clear commitment to improve the quality of the government’s digital services, and to do this by publishing a Government Digital Strategy setting out how we would support the transformation of digital services [how does publishing a wishlist improve the quality of public services?].

We fulfilled that commitment yesterday with the launch of the Government Digital Strategy, Digital Efficiency Report and Digital Landscape Report and I very much welcome their publication.

But why? Why does Sir Bob "welcome" this emmental cheese of a strategy? It's full of holes. Consider the governance of Whitehall for example.

In 1952 Professor GW Keeton published his book The Passing of Parliament. Keeton was Dean of the Faculty of Laws at University College, London, and according to him:

The relentless growth in size and functions of the Department of State and the relatively high level in calibre of those who staff them, coupled with the steady decline in importance of and function of MPs, has led to a gradual transfer of power and influence from the floor of the House of Commons to the private rooms of permanent civil servants.

60 years later, there are still Whitehall outsiders who believe that politicians make policy. Mainly political journalists, deeply conservative people with a love of tradition and an antique belief in the supremacy of parliament. No-one else believes it.

A few outsiders, unpleasant cynics, the awkward squad, are convinced that policy is made by the European Commission or big business or the trades unions or the US military or the Church of England. But the nice outsiders, the majority, have caught up with Keeton and Yes Minister and for them, policy is made by Sir/Dame Humphreys with a First in Greats.

Apparently the nice outsiders are wrong. Apparently the tail is wagging the dog and policy is made by GDS website designers, who also control the purse-strings and to whom the rest of Whitehall defers.

Back in October 2010 Martha Lane Fox wrote:

[GDS] should own the citizen experience of digital public services and be tasked with driving a 'service culture' across government which could, for example, challenge any policy and practice that undermines good service design ...

It seems to me that the time is now to use the Internet to shift the lead in the design of services from the policy and legal teams to the end users ...

[GDS] SWAT teams ... should be given a remit to support and challenge departments and agencies ... We must give these SWAT teams the necessary support to challenge any policy and legal barriers which stop services being designed around user needs ...

I recommend that all digital teams in the Cabinet Office - including Digital Delivery, Digital Engagement and [GDS] - are brought together under a new CEO for Digital.

This person should have the controls and powers to gain absolute authority over the user experience across all government online services ... and the power to direct all government online spend.

The CEO for Digital should also have the controls and powers to direct set and enforce standards across government departments ...

Last week's Government Digital Strategy says:

Cabinet Office will help departments to recruit suitably skilled individuals. Newly appointed Service Managers will be supported by Cabinet Office through a specialist training programme run by the Government Digital Service. This will include the hands-on process of designing and prototyping a digital service ...

Government digital services are inconsistent and often do not meet the standards that users expect. To ensure that users receive a consistently high-quality digital experience from government, Cabinet Office will develop a service standard for all digital services. No new or redesigned service will go live unless they meet this standard ...

Cabinet Office will lead in the definition and delivery of a range of common cross-government technology platforms, in consultation with departments to ensure they meet business needs. These will underpin the new generation of digital services. Departments will be expected to use these for new and redesigned services, unless a specific case for exemption is agreed ...

The guidance and tools supporting the [digital by default] standard will help service owners to design trusted, cost-effective government services that are embraced by users and meet their needs first time. Government Digital Service will ensure there is a common understanding across government of what outcomes are required to meet the standard. This understanding must be shared by everyone involved in the development and life of a new or redesigned digital service ...

A new Digital Leaders Network was established in early 2012 to drive forward the digital agenda across government. The network is run by the Government Digital Service ...

Who, in GDS, as a matter of interest, is responsible for the nation's education policy? Or transport policy? What rank do GDS-trained "Digital Leaders" enjoy at the MoD?

Will we soon see GDS SWAT teams patrolling the Ministry of Justice and terrorising its denizens into standardisation? Will HM Treasury ring ex-Guardian man Mike Bracken and ask permission every time they want to spend a bob or two? Will the Department of Health really trust GDS to recruit staff for them? (No.) Will HMRC really hold up a web enhancement to their tax-farming implements because GDS tell them to?

The Home Office have a ruinously expensive contract with CSC to develop and maintain the nation's passport application website. What is GDS's locus there? How can they intervene? They don't have the contract – CSC do.

Suppose that GDS actually had all the power suggested by Martha Lane Fox and the Government Digital Strategy. Are they ready to accept the responsibility that comes with it? There are three references to accountability in the strategy document. But what do they amount to? Will anyone be fined? Or demoted? Or fired? Or is "accountability" just a word?

Whitehall departments were meant to co-operate with the Home Office on the ID cards scheme. They said they would co-operate. But according to BBC Radio 4's File on 4 programme on the subject, July/August 2007, when it came to it, either the departments sent someone too junior to the meetings or they sent no-one at all.

"Silo government" they call it in the BBC programme, and something similar put paid to the Cabinet Office's 2005 Transformational Government plan. Co-operation evaporated. GDS's digital-by-default agenda is Transformational Government MK 2 and the same outcome must be expected – co-operation will evaporate.

To us outsiders, Whitehall looks like a set of independent, powerful satrapies with no emperor in control in the centre. The engaging Sir Richard Mottram effectively said as much in his review of the handover from Sir-Gus-now-Lord O'Donnell to the new dispensation.

The repeated attempt to take control of the satraps has always failed, Sir Richard suggests. What reason is there to believe that the time has come now for the empire of the website designer?

Where there should be answers to these questions in the Government Digital Strategy there are just holes. Revolution is proposed with no justification. And yet Sir Bob, the head of the home civil service, welcomes this fantasy.

Whitehall governance, and GDS's fantasy strategy

Our reform plan also made a clear commitment to improve the quality of the government’s digital services, and to do this by publishing a Government Digital Strategy setting out how we would support the transformation of digital services [how does publishing a wishlist improve the quality of public services?].

We fulfilled that commitment yesterday with the launch of the Government Digital Strategy, Digital Efficiency Report and Digital Landscape Report and I very much welcome their publication.

But why? Why does Sir Bob "welcome" this emmental cheese of a strategy? It's full of holes. Consider the governance of Whitehall for example.

more ►

Sunday, 30 September 2012

30 September 2012, a big day – Dame Helen Ghosh and ex-Guardian man Mike Bracken

30 September 2012. It's a big day today. Dame Helen Ghosh's last day as permanent secretary at the Home Office. What will change when she's gone?

Will Sarah Rapson, chief executive at the Identity & Passport Service (IPS), be allowed to carry on over-charging us Brits for passports to the tune of £300 million a year?
IPS has never recovered from its failure under Sir David Normington and James Hall to implement government-issue ID cards. They suffered something like a corporate nervous breakdown. Isn't it time now at last for a new name and a re-launch?
Will Jackie Keane be able to carry on spending money like water on IABS, the Immigration and Asylum Biometric System?
Will assistant commissioner Mark Rowley at the National Policing Improvement Agency stop wasting money on mobile fingerprint equipment?
Will Rob Whiteman, chief executive of the UK Border Agency (UKBA), be able to maintain the high standards and success rates of that organisation?
Will Brian Moore's successor as chief executive of the UK Border Force ditto?
Isn't it time now to stop hosing money at CSC and VF Worldwide Holdings for their biometrics-based visa application work abroad?
Will IBM be allowed to stop bashing its head against the brick wall that is eBorders?
Is Alex Lahood (the Director of Identity Management, no less, at UKBA, please see p.9) still testing biometrics in Croydon? If so, why?
Is Marek Rejman-Greene still Senior Biometrics Advisor at the Home Office Scientific Development Branch? Ditto.

These are just some of the questions for Dame Helen's successor to ponder.

Today is also the last day for the Government Digital Service (GDS) to announce the approved suppliers of the UK's much-touted Identity Assurance Service (IAS). It really is a big day.

Will GDS meet the deadline? (Six hours to go ...)
Will they dare appoint Google and Facebook as "identity providers" to the UK?
If not, will the NSTIC folk in the US cross them off the Christmas card list?
Will Martha Lane Fox ditto?
When Universal Credit fails, will DWP get the blame or GDS?
Will the Department for Business Innovation and Skills stop pretending to want midata?
If ex-Guardian man Mike Bracken (executive director of government digital services and senior responsible ~~officer~~ owner for the identity assurance programme) can't make Estonia come to the UK, will he go there?
Will GDS's dream of inserting GOV.UK into our national payment systems come true? If so, how many weeks before we are reduced to a barter economy? Two? Or one?
Will GOV.UK replace the Government Gateway?
Will GDS's IAS succeed where James Hall's ID cards failed?
Can GOV.UK operate successfully on a cloud service operated by Skyscape, the one-man company?

These are just some of the questions that probably won't be answered tomorrow.

30 September 2012, a big day – Dame Helen Ghosh and ex-Guardian man Mike Bracken

30 September 2012. It's a big day today. Dame Helen Ghosh's last day as permanent secretary at the Home Office. What will change when she's gone?

more ►

Monday, 13 August 2012

Home Office soon to be Ghoshless

Home Office press release, 13 August 2012:

Dame Helen Ghosh to leave civil service
Dame Helen Ghosh DCB is to step down as Permanent Secretary of the Home Office to take up the role of Director General of the National Trust, she announced today.

Dame Helen will leave the department in September after a 33 year career in the civil service ...

Head of the Civil Service Sir Bob Kerslake said: 'As Permanent Secretary at Defra and the Home Office, Helen has delivered extraordinary change including departmental reform, the independent UK Border Force and support for the successful London Olympics.

'She has been an inspiring leader, who has made a very strong corporate contribution, both via the Civil Service Board, leading the capability strand of our Civil Service Reform Programme and as a vibrant role model and champion of talent and diversity. I wish her every success in her new leadership role at the National Trust.'

Helen Kilpatrick, Director General of the Financial and Commercial Group, will stand in as interim Permanent Secretary until a replacement for Helen Ghosh is appointed.

National Trust press release, 13 August 2012:

Dame Helen Ghosh DCB will be the next Director-General of the National Trust
... She will take over from Fiona Reynolds who has been at the helm for nearly 12 years ...

Fiona Reynolds ... moves on to become Master of Emmanuel College, Cambridge in 2013 ...

Emmanuel College past events, 6 March 2012:

London Drinks
Café Koha in London’s Leicester Square once again played host to informal drinks on the evening of Tuesday 6th March ...

The timing of the event meant that members were able to mark the sad passing of Lord St. John of Fawsley (which meant a wealth of affectionate anecdotes about his time as Master) and also celebrate the news from earlier in the day of the appointment of Dame Fiona Reynolds as our next Master.

Emmanuel can give six months notice of the Master's successor. The National Trust can give six weeks notice of the Director-General's successor. That is orderly and proper. The Home Office can't tell us who Dame Helen's successor will be, six weeks or so before she leaves. That looks messy – lessons there for Sir Bob from Emma and the NT.

Dame Helen's move could hardly be announced before the Olympics were over. They didn't exactly wait for long after the closing ceremony, though, did they.

The Sunday Times told us on 15 July 2012:

Originally, it was decided that 10,000 guards, including any military contingent, would be required on peak days. By December, that figure was revised up to 23,700 with G4S providing 13,700 trained guards, including 3,300 students.

Dame Helen Ghosh, the Home Office permanent secretary, admitted last December that the initial estimate had been a “finger in the air” estimate, based on information from the 2002 Commonwealth Games in Manchester and the 2006 Winter Olympic Games in Turin.

That finger in the air was Sir David Normington's, Dame Helen's slippery predecessor. He left her a mess. She didn't sort it out and the army had to be called in at undignified short notice.

The independent UK Border Force, for the creation of which Sir Bob praises Dame Helen, was the clumsy response to an absolute fiasco – the Brodie Clark affair.

Dame Helen will find it very different working with the great Simon Jenkins at the National Trust after decades of more or less biddable ministers.

Who called the shots in what looks like Dame Helen's ejection? Ministers? Maybe. Sir Bob Kerslake? Sir Jeremy Heywood? Maybe. Considerable power lies with the suppliers these days, IBM, CapGemini, HP, Northrop Grumman, Raytheon, Fujitsu, CSC, Atos and suchlike. Did they want her out? Was she standing up to them? Will we miss her as a result? None of us on the outside has a clue what's going on. We are left making convoluted surmises like this because so much of Whitehall is cloaked in secrecy. That is not, in the end, did they but know it, to the advantage of senior civil servants.

And for us, the public? Dame Helen's successor? We'll see. Let's hope for one who is more open with the Home Affairs Committee and, indeed, the public.

----------

BBC Radio 4, Profile: Dame Helen Ghosh

Home Office soon to be Ghoshless

Home Office press release, 13 August 2012:

Dame Helen Ghosh to leave civil service
Dame Helen Ghosh DCB is to step down as Permanent Secretary of the Home Office to take up the role of Director General of the National Trust, she announced today.

Dame Helen will leave the department in September after a 33 year career in the civil service ...

Head of the Civil Service Sir Bob Kerslake said: 'As Permanent Secretary at Defra and the Home Office, Helen has delivered extraordinary change including departmental reform, the independent UK Border Force and support for the successful London Olympics.

'She has been an inspiring leader, who has made a very strong corporate contribution, both via the Civil Service Board, leading the capability strand of our Civil Service Reform Programme and as a vibrant role model and champion of talent and diversity. I wish her every success in her new leadership role at the National Trust.'

Helen Kilpatrick, Director General of the Financial and Commercial Group, will stand in as interim Permanent Secretary until a replacement for Helen Ghosh is appointed.

National Trust press release, 13 August 2012:

more ►

Friday, 29 June 2012

Francis Maude, the UK government's major IT suppliers and the empty chair

Hat tip: Tony Collins, Poor IT suppliers to face ban from contracts?

The Cabinet Office minister Francis Maude is due to meet representatives of suppliers today [28 June 2012], including Accenture[,] BT, Capgemini, Capita, HP, IBM, Interserve, Logica, Serco, and Steria.

They will be warned that suppliers with poor performance may find it more difficult to secure new work with the Government ...

The suggestion is that up to now "suppliers with poor performance" haven't found it hard as a result to "secure new work with the government".

Apart from Atos, DMossEsq and Fujitsu, who's missing from that list?

CSC. Computer Sciences Corporation, share price today $23.76 compared with $37.96 a year ago, nearly 40% off, DMossEsq is not licensed to give investment advice and is not giving investment advice.

Last heard in these parts, CSC were picking up a fortune from the UK taxpayer for collecting useless biometrics on UK visa applicants, upgrading the UK passport system expensively and unnecessarily and failing to deploy the UK National Health Service National Programme for IT scheme, NPfIT. That's the good news.

We also heard that they were facing a class action brought by the Ontario Teachers' Pension Plan, they'd been docked $250 million by the US Armed Services Board and they had failed to install their Lorenzo software at Pennine Care NHS Health Trust.

Some of that news is six months old. How are they doing now?

Another hat tip: Mark Ballard, Soldiers nail data for agile offensive on $6bn cock-up:

Supplier Computer Sciences Corporation finished the US Army's 1999 Logistics Modernization Programme [LMP] last year, six years behind schedule [good job the US wasn't fighting any wars at the time].

LMP went on the record as being done on budget after the Army accepted an offer on a $2bn compensation claim it had against the supplier. After seven years of contract arbitration in which CSC filed $861m of counter claims against the Army, CSC settled the matter with a $269m payment last year. The settlement also cleared another $1.2bn of outstanding contract complaints, said the Army spokeswoman.

Six years late and $269 million down the tubes seems a fair summary.

And that's not all, as Mr Ballard tells us in CSC finance director exits as fraud probe hits UK. Their 10-K, filed with the SEC, makes absorbing reading:

On May 2, 2011, the Audit Committee commenced its investigation into certain accounting errors and irregularities, primarily in our Nordic region and in our operations in Australia. This investigation is also reviewing certain aspects of our accounting practices within our Americas Outsourcing operation and certain of our contracts that involve the percentage of completion accounting method, including our contract with the U.K. National Health Service (NHS). As a result of this investigation, we have recorded certain out of period adjustments to our historical financial statements and taken certain remedial measures. The SEC is conducting its own investigation into the foregoing areas as well as certain related disclosure matters ...

As noted above, during fiscal 2011, the Company commenced an investigation into accounting irregularities in the Nordic Region. Based upon the Company's investigation, review of the underlying documentation for certain transactions and balances, review of contract documentation and discussions with Nordic personnel, the Company attributes the majority of the $92 million pre-tax adjustments recorded in the Nordic region in fiscal 2011 to accounting irregularities arising from suspected intentional misconduct by certain former employees in our Danish subsidiaries. The Company attributes the $13 million in pre-tax adjustments recorded in the Nordic region in fiscal 2012 to miscellaneous errors and not to any accounting irregularities or intentional misconduct other than a $1 million operating lease adjustment noted in the first quarter of fiscal 2012 which was a refinement of an error previously corrected and reported in fiscal 2011 ...

In the course of the Australia investigation initiated in fiscal 2012, accounting errors and irregularities have been identified. As a result, certain personnel in Australia have been reprimanded, suspended, terminated and/or resigned. Based upon the information developed to date, and the Company’s assessment of the same, the Company has identified and recorded during fiscal 2012, $23 million of adjustments reducing income from continuing operations before taxes relating to its operations in Australia. Such adjustments have been categorized as either intentional accounting irregularities (“intentional irregularities”) or other accounting errors (“Other Errors”). Other accounting errors include both unintentional errors and errors for which the categorization is unclear ...

Between June 3, 2011, and July 21, 2011, four putative class action complaints were filed in the United States District Court for the Eastern District of Virginia, entitled City of Roseville Employee's Retirement System v. Computer Sciences Corporation, et al. (No. 1:11-cv-00610-TSE-IDD), Murphy v. Computer Sciences Corporation, et al. (No. 1:11-cv-00636-TSE-IDD), Kramer v. Computer Sciences Corporation, et al. (No. 1:11-cv-00751-TSE-IDD) and Goldman v. Computer Sciences Corporation, et al. (No. 1:11-cv-777-TSE-IDD). On August 29, 2011, the four actions were consolidated as In re Computer Sciences Corporation Securities Litigation (No. 1:11-cv-610-TSE-IDD) and Ontario Teachers' Pension Plan Board was appointed lead plaintiff ...

On September 13, 2011, a shareholder derivative action entitled Che Wu Hung v. Michael W. Laphen, et al. (CL 20110013376) was filed in Circuit Court of Fairfax County, Virginia, against Michael W. Laphen, Michael J. Mancuso, the members of the Audit Committee and the Company as a nominal defendant asserting claims for breach of fiduciary duty and contribution and indemnification relating to alleged failure by the defendants to disclose accounting and financial irregularities in the MSS segment, primarily in the Nordic region, and the Company's performance under the NHS agreement and alleged failure to maintain effective internal controls ...

CSC was informally advised by the Danish Justice Department on February 3, 2012 that the project known as POLSAG, a document and records management modernization program for the Danish police, will be abandoned, which affects CSC's contract with the Justice Department ...

In addition to the matters noted above, the Company is currently party to a number of disputes which involve or may involve litigation ...

Bit mean of Mr Maude not to invite CSC along for tea and biscuits with the other suppliers.

Francis Maude, the UK government's major IT suppliers and the empty chair

Hat tip: Tony Collins, Poor IT suppliers to face ban from contracts?

The Cabinet Office minister Francis Maude is due to meet representatives of suppliers today [28 June 2012], including Accenture[,] BT, Capgemini, Capita, HP, IBM, Interserve, Logica, Serco, and Steria.

They will be warned that suppliers with poor performance may find it more difficult to secure new work with the Government ...

more ►

Thursday, 14 June 2012

HMG's cloud computing strategy – there isn't one – and the Edgbaston Test

On 20 October 2011 Chris Chant listed 23 symptoms of the illness which Government IT suffers from. He carried on energetically repeating his diagnosis, unchallenged, and promoting cloud computing as the effective prescription. There he was, at it again, six months later on 11 April 2012, in a blog post on the G-Cloud website, #Unacceptable IT is pervasive. Two days later his resignation was announced.

The man in charge of G-Cloud is Andy Nelson, the Government's Chief Information Officer (CIO). That's only a part-time job. He is more fully occupied as CIO at the Ministry of Justice, where he's got his work cut out with Libra among other things. Libra is the £467 million Fujitsu system which is meant to produce the accounts for HM Courts and Tribunals Service. When the National Audit Office saw the 2010-11 accounts they were in such a mess that the NAO couldn't even qualify their opinion, they had to disclaim an opinion.

Under Mr Nelson, Denise McDonagh is also responsible for G-Cloud. Again, it's only a part-time job. Her day job is CIO at the Home Office. And again, there are quite a few distractions there:

There's the £385 million CSC contract with Sarah Rapson's Identity & Passport Service which is one of the reasons UK passport-holders are currently being over-charged by £300 million a year.
There's the £265 million IBM contract with the UK Border Agency to provide IABS, Jackie Keane's Immigration and Asylum Biometric System. IABS is meant to keep the UK border secure and make the 2012 Olympics safe but there's a problem – the biometrics don't work.
The same problem applies to the National Policing Improvement Agency's promotion of MobileID, a system to allow policemen on patrol to check suspects' fingerprints on the spot using mobile equipment. The idea is for MobileID to save police time. Which it will because, with a 20% failure rate, this flaky technology will cause 20% fewer criminals to be arrested.

Those distractions and others will no doubt explain her lacklustre post on 26 April 2012, Cloud Cynicism (or Dispelling the Dark Clouds) and why she hasn't been heard from since.

Not so, Eleanor Stewart. She's a trouper. She's the Assistant Director of G-Cloud and she's always good for a lively post. On 27 April 2012 she produced Crowdsourcing and a response., in which she took up some of the many questions posed in the 20 responses to Chris Chant's last post.

What the heck can we do to resolve some of the scary and largely unknown legal and policy issues that people are nervous about in a globalised world?, she asked. Good question. No answer.

And What ‘worked examples’ might we be able to provide to ... sceptics? That's in response to the simple question how cloud computing is supposed to obviate the need for long contracts to produce systems like Libra, for example, or IABS or DWP's Universal Credit. Chris Chant says it will. How? No answer.

Ms Stewart threw the post open to the crowd. And published one comment. One. The limiting case of a crowd. (I wandered lonely as a cloud?)

"Scary and largely unknown"? Hmm. Quite clearly, no-one in HMG knows the answers to some very basic questions about its cloud computing strategy. Which is odd. They keep talking about it. Andy Nelson, for example, was holding forth at the Cloud Computing World Forum only the other day. And they've been advocating it for years – the G-Cloud Overview was being touted in August 2010. But still no-one can answer the questions.

Is it all hot air? A cloud of hot air? A cloud which, when it hits some of the colder patches of reality, results in heavy precipitation and the wettest drought ever seen, which washed out the Edgbaston Test? That's certainly what it looks like at this end of the wicket.

----------

A version of this post has been kindly published by the estimable PublicTechnology.net

HMG's cloud computing strategy – there isn't one – and the Edgbaston Test

more ►

Friday, 8 June 2012

Dead fish Department of Health has lost sight of the "public" in "public service" – Sir David Nicholson KCB CBE

Key Stage 3 is that phase in the education of our children which takes place in England between the ages of 11 and 14. The syllabus is demanding and includes a course on management consultancy. No mere ivory tower training divorced from the real world, students are expected to give policy advice to Whitehall departments. Advice on procurement, for example, much needed by the Department of Health.

All procurement should be centralised, said the team from Stretchford Middle School, so that stakeholders in the NHS all pay the same price and, with the economies of scale available to the Department, currently spending about £120 billion of our money every year, that price should be a minimum, offering the best value for public money.

Similar advice was given to the Civil Service by Sir Philip Green, of course, on one of his rare visits from Monaco. Philip Green's efficiency purge recommends more centralisation, ran the headline in the Guardian, before going on to spell it out:

The government has little control over the money its own civil servants spend and is wasting billions every year by failing to negotiate the best contracts for phones, IT equipment and rent, according to the Topshop boss Sir Philip Green, who was brought in by ministers to assess efficiency in Whitehall ...

The report identifies massive variation in procurement with one department paying £73 for a box of paper and another paying £8. The most paid for printer cartridges is £398 and the least is £86 ...

As all management consultants know, you hand in your report full of tightly argued recommendations, you go back to Monaco (or Stretchford) and what does the stupid client do?

Something stupid.

Like ignore your recommendations.

Generally true, that is not the case at the NHS. Not by a long chalk. Sir David Nicholson KCB CBE, Chief Executive, runs a tight ship. The National Programme for IT (NPfIT) divides England into five regions, the contracts are held by just two organisations, (CSC-3 and BT-2), and they all come together at just one central point, CfH, Connecting for Health, as recommended.

And now, a cautionary tale.

Some poor deluded soul at the Whittington Health NHS Trust went out on his or her own and bought an electronic patient records system (EPR). They could have got it from BT, who have the NPfIT contracts for London and for the South of England. But, no, poor benighted fools that they are, lambs to the slaughter, they set out to do the procurement themselves.

BT's EPR is an American package called Cerner Millennium. In London, Cerner Millennium costs £31 million on average. And in the South of England, health trusts pay an average of £36 million for the same thing. Almost the same price. Only £5 million different.

And, wantonly ignoring all the added value of Whitehall's magisterial assistance acting energetically exclusively in the public interest, what did the naïve neophytes of Whittington Health pay?

£7.1 million.

----------

Hat tip: as so often, Tony Collins.

What the students learn at Key Stage 4 is that all the normal rules of logic, arithmetic, business and economics that govern rational open markets break down in Whitehall.

These rules melt in the heat of the close personal bonds between the Department and its suppliers. The Department of Health's friendship with BT and CSC is not a unique example. We have already seen a similar case of producer capture at the UK Border Agency where Rob Whiteman, the Chief Executive, would rather not mention Atos's name in connection with the immigration computer system breaking down for a month.

These relationships are intense. Too intense to accommodate any other loyalties. Other loyalties such as public service.

Dead fish Department of Health has lost sight of the "public" in "public service" – Sir David Nicholson KCB CBE

more ►

Sunday, 11 March 2012

Cabinet Office using cyber security budget to increase risks to the public

Can someone advise, please, is there a polite way of asking can any British government tell its arse from its elbow?

The Cabinet Office want to deliver all public services over the web. Public services should be "digital by default", as they say.

The web is a dangerous place to be if you want to maintain secrecy/privacy and if there's any money around. The web is perfectly adapted to breach confidences and to steal money. Let today's Sunday Times make the point. In Chinese steal jet secrets from BAE they tell us that:

CHINESE spies hacked into computers belonging to BAE Systems, Britain’s biggest defence company, to steal details about the design, performance and electronic systems of the West’s latest fighter jet, senior security figures have disclosed.

The Chinese have exploited vulnerabilities in BAE’s computer defences to steal vast amounts of data on the £200 billion F-35 Joint Strike Fighter (JSF), a multinational project to create a plane that will give the West air supremacy for years to come ...

Professor Anthony Glees, director of the Centre for Security and Intelligence Studies ... said: “It seems the Chinese were getting plans which allow them to undermine the defence capacity of the country. It’s deeply unsettling that GCHQ [the government eavesdropping centre in Cheltenham] didn’t spot this for so long because they are the people who are meant to be leading the fight against cyber crime.”

There's a wide selection of cock-ups to choose from here:

With £200 billion at stake, the Sunday Times reported on 12 January 2012 that Royal Navy’s new jet cannot land on aircraft carriers. Never mind, you may say, it's only £200 billion and we haven't got an aircraft carrier anyway.

And three years ago, the Sunday Times reported that BT had bought equipment from China's Huawei telecommunications equipment company despite warnings that it could be used to "shut down Britain by crippling its telecoms and utilities" and that "government departments, the intelligence services and the military will all use the new BT network". Patricia Hewitt, trade and industry secretary at the time the contract was being negotiated, declined to intervene because it was "a competitive tender between two commercial companies". How very upright of Ms Hewitt not to let security interfere with competition.

But put those cock-ups aside. For current purposes, consider instead the following.

Rt Hon Francis Maude MP is the Cabinet Office Minister and according to his entry on the Cabinet Office website:

He leads on:

• Public Sector Efficiency and Reform
• UK Statistics
• Civil Service issues
• Government transparency
• Civil Contingencies
• Cyber security
• Overall responsibility for Cabinet Office policy and the Department

With his cyber security hat on, Mr Maude disposes of a budget of £650 million. Much-needed, judging by the success of GCHQ and BAE's attempts to fend off the Chinese.

With his public sector efficiency and reform hat on, Mr Maude wants to put Whitehall on the web. That's what "digital by default " means and that requires him to ignore his cyber security hat.

But it's worse than that. Digital by default requires something called identity assurance, a service which doesn't exist yet but is supposed one day to allow us all to prove who we are, over the web, while we're busy communicating with the government. The development of this service was unfunded until 31 October 2011 when Mr Maude announced that he'd found £10 million of public money to give it.

And where did he get this cyber security-busting £10 million from?

You can have 650 million guesses.

----------

Updated 23.6.14

Whitehall considers security shake-up

The government is understood to be carrying out a review of Whitehall organisations with a remit for electronic and computer security to determine any possibility of consolidation.

Informed sources say that one of the suggestions being considered is that CESG, the government's National Technical Authority for information assurance, should be separated from GCHQ, the signals intelligence agency.

That could mean the Cabinet Office taking over responsibility for CESG, with whom it has an ongoing relationship.

"That could mean the Cabinet Office taking over responsibility for CESG". Oh God.

Cabinet Office using cyber security budget to increase risks to the public

Can someone advise, please, is there a polite way of asking can any British government tell its arse from its elbow?

more ►

Monday, 27 February 2012

The collection of people's biometrics is akin to the old-fashioned schoolboy hobby of stamp-collecting

A courtier asked the Prince [later King George V] if he had seen that "some damned fool had paid as much as £1,400 for one stamp". "Yes," came the reply. "I was that damned fool!"

George V loved stamp collecting.

The attractions of stamp collecting may elude you and me but there's something touching about the enthusiasm of a grown man for this harmless pursuit.

Harmless, at least, as long as it's not being funded by public money. That can rankle. You don't need to be a republican to find the thought distasteful that people's hard-earned money extracted from them in taxes should pay for one privileged man's hobby. Certainly, nothing like that would be acceptable today.

Except that, apparently, it is.

In the first 18 months of the coalition government, £140,023,212 was paid to Computer Sciences Corporation and £67,416,851 to VF Worldwide Holdings to collect the fingerprints of non-EEA visa applicants abroad.

Can anybody explain why? Is this a justifiable use of public money? How can it be? Note to the Home Office: justify it; either that, or please stop.

The collection of people's biometrics is akin to the old-fashioned schoolboy hobby of stamp-collecting

A courtier asked the Prince [later King George V] if he had seen that "some damned fool had paid as much as £1,400 for one stamp". "Yes," came the reply. "I was that damned fool!"

UIDAI and the textbook case study of how not to do it, one for the business schools

The Unique Identification Authority of India (UIDAI) came under attack. Its very existence was threatened. Naturally enough, UIDAI decided to defend itself.

It's worked. UIDAI survives for the moment.

But theirs is a Pyrrhic victory. The UIDAI defence could undermine the credibility of every public authority in the world which has nailed its colours to the mast of biometrics – which is most of them – and could destroy the multi-billion dollar mass consumer biometrics industry.

The job of the Unique Identification Authority of India (UIDAI) is to use biometrics to identify every resident of India and to issue them with a unique corresponding number, a so-called "Aadhaar number".

"Aadhaar" means foundation or support and the idea is that, once everyone has an identifying number, it will be easier for the various arms of government to build systems on that foundation to provide social security benefits, for example, and to facilitate national security. And beyond government, the banks will supposedly find it easier to authenticate payments.

UIDAI is not without its critics:

The Standing Committee on Finance (SCoF), a committee of the Indian Parliament, has considered the National Identification Authority of India Bill, 2010. That Bill would establish UIDAI on a statutory basis if it was ever enacted, but it hasn't been. Meanwhile, UIDAI is operating under executive order only. It's not operating very well according to the SCoF report and it's about time UIDAI came under the control of Parliament.
And then there's the Ministry of Home Affairs. They're a properly constituted body and not just a creature of the Executive. And they have a competing identity management scheme, NPR (the National Population Register). Result – a turf war, Aadhaar v. NPR.

SCoF and the Ministry of Home Affairs pressed their case with the Prime Minister but UIDAI proved too adept for them. The Chairman threatened to resign, which would be embarrassing for the prime Minister – good move no.1. Good move no.2 – UIDAI arranged some convenient PR with the compliant Economist magazine. And then they published not one but two reports making unprecedented claims for the reliability of the biometrics used in Aadhaar:

Oops. Bad move. There are five problems here:

Both reports are produced by UIDAI only. There is no sign that they have been audited by any independent expert body.
Both reports quote reliability figures. No other public authority in the world does that. Not operational figures – figures measuring the reliability of biometrics in the field, at the border, for example. They should. But they don't. Now, thanks to UIDAI, they will all come under pressure to quote independently audited figures themselves, figures for reliability, to justify their investment of public funds. It is likely that the public are going to be shocked at just how unreliable the biometrics are, that their governments are using. The public will at last understand why their governments have been so reluctant for so long to quote any figures.
Why is that likely? Because the figures quoted by UIDAI are hundreds of times better than anything anyone else has ever claimed following tests of biometrics. Hundreds.
The second report says that (a) Aadhaar uses flat print fingerprinting and iris scanning, (b) the two biometrics are fused to form one composite biometric, so-called "multi-modal" biometrics, and (c) UIDAI use not one matching algorithm, but three of them. Any large-scale identity management scheme that doesn't do the same, they say – (a), (b) and (c) – is doomed to "catastrophic failure".
The suppliers of biometric technology have never had to give public warranties before. Now they will have to.

Great. Now suppose you're the Australian Customs and Border Protection Service. You've spent millions of dollars of public money deploying smart gates at Australian airports as a security measure. These gates depend on face recognition biometrics. Not on UIDAI's list (a). The Australian (and new Zealand) border security system is doomed to "catastrophic failure". Don't take my word for it. Ask UIDAI.

You've spent years refusing to divulge any figures about the reliability of your technology:

Customs refused to disclose the rates at which the system inaccurately identified people.

"For security reasons, Customs does not disclose the false positive and false negative rates," a spokesman said.

Now UIDAI have released figures, how are you going to hold the line? You can't.

You could say that UIDAI's figures haven't been audited and may turn out to be false. Now you've got a fight with UIDAI on your hands. And what's the best result you can hope for? UIDAI's figures turn out to be a pack of lies and actually the reliability of Aadhaar is just as appalling as the Australian system. Not what you wanted. It doesn't help to explain why you've been squandering your own citizens' tax money on joke technology.

The same applies to the UK, of course, and our planned deployment of smart gates at airports. Another catastrophic failure? And all those states in the US busy incorporating face recognition biometrics into driving licences. These people – the Australian Customs and Border Protection Service, UK Border Agency, et al – are not going to be pleased with UIDAI. UIDAI have let the cat out of the bag and have almost certainly started a fresh collapse of confidence in public administration as a result.

And neither are the biometrics suppliers going to be pleased. How are Morpho going to sell their products now without giving warranties? They're not.

And how are IBM and CSC going to be able to sign any more nine-figure biometrics contracts with credulous governments? They're not.

And how are PA Consulting going to sell any more biometrics assignments? They're not.

UIDAI are going to be persona non grata worldwide. Especially in India, where the Prime Minister may yet regret his decision to carry on funding them. And stop. He may give almost any reason but the big reason, the one several people have pointed out for a long time, is that far from curtailing corruption, Aadhaar was simply going to automate it.

A tragedy with a happy ending, the only people who will be pleased is absolutely everyone else in the world, who can now keep some of their tax money and spend it themselves rather than paying public authorities to waste it for them.

UIDAI's Pyrrhic victory? From now on it's going to be known as an "Aadhaar victory". At least it will when the business schools write it up and teach it all around the world. And when the Economist faithfully report UIDAI's defence, under the heading "Poison pill – that's not the way to do it".

UIDAI and the textbook case study of how not to do it, one for the business schools

more ►

Friday, 16 December 2011

The on the spot answer

This is the (draft and subject to change) answer to a comment posted by one Mr Reader:

Dear Mr Reader

Thank you for trying to put me on the spot. I’ve been trying to put myself on the spot for years. And failing.

Assuming that that continues, when the final enquiry report is in at the end of next month, the most likely outcome is that everyone’s reputation will be tarnished – Brodie Clark, Theresa May and Helen Ghosh – but the daily round will revert to its pre-4 November 2011 pattern, the usual dismal calm will prevail in the Dark Department, there will be no more sense of sudden explosions, nasty surprises and unexpected eruptions.

That’s the 98%+ likely scenario. A dirty taste in the mouth, business as usual re-established.

The outcome with the 2%- probability of happening?

Consider the following Economist article, Friday 11 May 2012:

Brodie Clark speaks quietly and at first no-one heard him say that fingerprint verification is the ninth and lowest priority security/identity check at the border, the least reliable check and the most sensible check to suspend when the disorderly queues in Arrivals begin to threaten safety.

Well everyone’s heard him now, thanks to the alliance between Theresa May, the UK’s Home Secretary, and Helen Ghosh, Permanent Secretary at the Home Office. Their careers both shipped a lot of water in the days following 4 November 2011 and they were determined to find out why.

Clark was supposed to have endangered UK border security by suspending fingerprint checks. But May and Ghosh could find no evidence that fingerprint checks promote border security. There is none. So he hadn’t endangered anything.

True, he had arguably disobeyed his minister. She had specifically instructed that fingerprint checks were not to be relaxed for non-EEA nationals. But did that instruction refer exclusively to the new intelligence-led border security scheme being piloted? Was the suspension of fingerprint checks covered by the 2007 HOWI procedures?

Pure noise. The real question was: why did the Home Secretary instruct that fingerprint checks should not be suspended, given that they’re no use? Answer, because she had been told by her officials that the technology is reliable. Who told her that? And why?

As May and Ghosh looked deeper and deeper into the affair, the tangled web of today’s mass consumer biometrics industry began to unravel. First in the UK Border Agency, where IBM’s National Identity Assurance Service contract was cancelled. That took out Morpho at the same time. (Morpho is a subsidiary of France’s Safran Group, their answer to our BAE Systems.) And Computer Sciences Corporation and VFS Global.

The damage spread to the National Policing Improvement Agency, where they were using Morpho’s products for mobile fingerprinting by police patrols – not any more they’re not. And to the Identity & Passport Service, where they use Morpho for biometrics in ePassports. For the moment. And to DWP, who were going to use voice biometrics for their Universal Credit system, but can only be described now as tight-lipped about their plans.

Who advised the Home office on biometrics? They got internal advice from the Home Office Scientific Development Branch and external consultancy advice from PA Consulting. Not any more they don’t.

How did this fiasco persist, the Prime Minister wants to know, under the leadership of Lord O'Donnell, until last years head of the home civil service, and Sir David Normington, Dame Helen's predecessor? We await the answer with interest.

Projects that depend on these biometrics being reliable were being cancelled all over Whitehall. The taxpayer didn’t know whether to be furious about being deceived for so long by the Home Office or deliriously happy when the savings from all these cancelled projects over the next 10 years topped £20 billion.

This sort of news doesn’t respect borders. Safran Group were relying on Morpho for 20% of their turnover. Once the news had rowed across the channel, their turnover was down by 20%. Former President Sarkozy tried to blame the Anglo-Saxons but then turned on the European Commission, blaming their 2003 OSCIE specification for a pan-European biometric ID card. The European Commission blamed the US Department of Homeland Security and the DHS blamed NIST, the US National Institute of Standards and Technology.

Which was too much for Prime Minister Manmohan Singh in India, where they’re spending billions on Aadhaar, a biometrics-based identity management scheme for 1.2 billion people. At least they were.

And so the truth rolls on, bowling around the world, knocking over civil servants like ninepins wherever it fetches up. In China, one day Dr Tieniu Tan was a research professor with dozens of successful spin-off companies and, next day, he wasn’t. In Pakistan, first Brigadier Saleem Ahmed Moeen (Retd) was Chairman of NADRA, then there was no NADRA and now the Brigadier really is retired.

And all because of a quietly-spoken Glaswegian, speaking quietly on 15 November 2011, giving evidence to the Home Affairs Committee. Listen to him here. The good bit starts at 12:18.

The on the spot answer

more ►