Wednesday 17 October 2012

PRESS RELEASE: GOV.UK/digital by default – 17 questions for Mr Maude

The following press release has been issued:



PRESS RELEASE


To:

Home Office
OIG (re US-VISIT)
IDABC (re OSCIE)
China (re Golden Shield)
Pakistan (re NADRA)
FBI (re NGI)
UIDAI (re Aadhaar)
Agencies
GOV.UK/digital by default – 17 questions for Mr Maude
17 October 2012
Francis Maude, Cabinet Office Minister, has announced today that public services are in future to be delivered on-line: "... t
oday marks the start of a new way of delivering public services digitally. GOV.UK is a platform for future digital innovation".



Public services are to become “digital by default”, to use the term popularised by Martha Lane Fox, the Prime Minister’s digital champion, who first proposed the development of GOV.UK.

Digital by default is to be delivered via GOV.UK, a website developed by the Government Digital Service (GDS). The chief executive of GDS is ex-Guardian man Mike Bracken, who is also the senior responsible officer owner for identity assurance, please see below.
17 questions for Mr Maude:
1. “Digital by default” means replacing people with computers. How many public servants will be made redundant and how much money will the taxpayer save?
2. Between eight and ten million adults in the UK have still never used the web. Will they be excluded by default from public services?
3. GOV.UK is to be hosted in the cloud by Skyscape Cloud Services Ltd, a start-up which has not yet submitted any accounts to Companies House, which has no company secretary and only one director, a Mr Jeremy Robin Sanders, who also owns 100% of the £1,000 paid-up share capital in the company. What reason is there to believe that Skyscape are reliable, competent and big enough for this enormous task?
4. Starting from Skyscape’s own website it is easy to work out where its data centre is. ARK Continuity Ltd, the property company that built it, even provide a map how to get there. GOV.UK is an important national asset. How will our data be kept secure?
5. HMRC also, like GDS, intend to store our data with Skyscape. Will the Minister please comment on the professionalism of Whitehall procurement which entrusts national assets to a one-man company the location of whose servers is revealed on the web for all to see including terrorists?
6. Even with the big cloud services companies like Amazon, Google, Microsoft and Apple it is commonly understood that cloud computing entails the customer – in this case GDS and HMRC – losing control of their data. Their data may be stored on any machines anywhere in the world and managed by staff the customer has no control over. Why is Whitehall following the fashion and embracing cloud computing?
7. In connection with cloud computing, Microsoft and Google have warned the British public that under the powers of the USA PATRIOT Act and other legislation the FBI can demand to see any data stored by any US company anywhere in the world. These powers extend to non-US companies which also happen to operate a substantial business in the US, e.g. QinetiQ. Does the Minister wish to join Microsoft and Google in warning the British public that their GOV.UK data can be inspected by the US authorities?
8. Individuals and companies already have a tool for transacting with the government on-line – the Government Gateway – and have done for the past ten years and more. How can throwing away that tried and tested tool and replacing it with GOV.UK be called a saving?
9. The Government Gateway has tried and tested identity assurance procedures which minimise on-line fraud and error. Individuals and companies have user IDs issued to them by DWP, who operate the gateway. GDS are said to want to throw away that security and use Facebook, Google and Twitter user IDs instead. What reason is there to believe that these social network user IDs are as reliable as the Government Gateway’s?
10. ... and what qualifications do GDS have to make these foreign companies which pay very little UK tax, not to mention Mr Jeremy Robin Sanders, a part of the British Constitution?
11. GDS are also said to want to take advantage of the logon details the public use for on-line banking to help with identity assurance. UK banks tend to have strong security but nevertheless the problem of on-line fraud persists. Given which, what is the benefit of incorporating the banks’ identity assurance procedures into GOV.UK?
12. Operating through the Department for Business Innovation and Skills (BIS), GDS are trying to issue everyone with PDSs, personal data stores. The provisions for PDSs are part of a BIS initiative called midata and statutory powers to mandate PDSs are tucked away in the Enterprise and Regulatory Reform Bill currently going through Parliament. Would the Minister confirm that a PDS is no more than the software equivalent of an ID card and that PDSs are the real vehicle for identity assurance advocated by GDS?
13. On 5 September 2012, GDS, BIS and the Foreign Office hosted an event at which GCHQ explained how badly British companies deal with cybercrime. Why is GDS simultaneously trying to exacerbate the problem by putting all public services on-line?
14. CESG is the information assurance arm of GCHQ and has published recommendations on the requirements for the secure delivery of on-line public services (RSDOPS). Will the Minister please show the public the documentation proving that GOV.UK satisfies RSDOPS?
15. All public services are on-line in Estonia and in 2007 Russia found it easy as a result to bring the country to its knees with a simple distributed denial of service attack. What is to stop the same fate befalling the UK if digital by default succeeds?
16. This is not the first time digital by default has been tried in the UK. Back in 2005 when Tony Blair called for joined up government, Sir Gus O’Donnell and Ian Watmore devised a programme called “transformational government”. That failed principally because the other departments of state wouldn’t co-operate with the Cabinet Office. What is there to make them co-operate this time?
17. Universal Credit (UC) is an important coalition government policy designed to spring the poverty trap and make work pay, for millions of benefits claimants. The biggest risk faced by UC according to Lord Freud, the DWP Minister responsible, is the lack of identity assurance. Control over its own identity assurance was wrested away from DWP by GDS. DWP couldn’t make any progress on the matter as a result, and GDS haven’t made any progress either. It looks as though the needs of real people are being side-lined while a few senior civil servants indulge their fascination with computers. Would the Minister care to comment?
It is timely to pose these questions today, the day on which GOV.UK goes live. Or next Monday 22 October 2012 when GDS are due to make a major announcement about identity assurance. Or the following Friday 26 October 2012 when Whitehall's G-Cloud team (government cloud) also have a major announcement to make.
ARK Continuity Ltd, by the way, boast the Rt Hon The Baroness Manningham-Buller, formerly the Director General of MI5, as a non-Executive Director.

About David Moss
David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.
Press contacts: David Moss, BCSL@blueyonder.co.uk

PRESS RELEASE: GOV.UK/digital by default – 17 questions for Mr Maude

The following press release has been issued:



PRESS RELEASE


To:

Home Office
OIG (re US-VISIT)
IDABC (re OSCIE)
China (re Golden Shield)
Pakistan (re NADRA)
FBI (re NGI)
UIDAI (re Aadhaar)
Agencies
GOV.UK/digital by default – 17 questions for Mr Maude
17 October 2012

Tuesday 16 October 2012

GDS – the user experience of misfeasance in public office

Tomorrow's news
17 October 2012 – GOV.UK goes live
22 October 2012 – major announcement on IdA (identity assurance)
26 October 2012 – G-Cloud II
Who knows when? – midata

What does that all add up to?

Whitehall and others wasting your money with impunity – the disgraceful state of public administration in the UK.

You want DMossEsq to draw you a map?

OK:



A map



Transacting with the government
Top left, at the moment, if members of the public including companies want to submit their tax returns to HMRC, for example, they log on via the Government Gateway and do it. That's how we transact with government over the web. It's not a thing of beauty. You have to register separately for each of the various services offered by our public administration and they post us separate user IDs for each one.

Not beautiful, but it seems to be fairly secure. It's hard remembering the user IDs and it's a pain in the neck for the service providers because millions of people ring up every year when they forget their user IDs but perhaps that's the price of security – if you want the security, you have to live with the pain in the neck. There may be no alternative.

It's not that different transacting with the banks on-line. Except that in addition to user IDs you often have to use PINSentry-type machines.

Even with the security of user IDs and passwords and PINSentries, there is a certain level of fraud. The banks in particular and DWP who operate the Government Gateway have done a fantastic job over the years keeping a lid on the level of fraud. Fraud remains a cost of doing business and, so far, a just about bearable cost. If the cost of fraud stops being bearable, on-line business will stop.

That's at the moment.

GOV.UK
Tomorrow we will be told about GOV.UK, the new single government domain. It goes live tomorrow and replaces Directgov and Business Link. Later, GOV.UK is due to replace all central government websites. No more homeoffice.gov.uk, no more education.gov.uk, ..., just GOV.UK.

GOV.UK is the product of the Government Digital Service (GDS) and judging by the 22 posts that have been published on their blog so far this month what we will be told is that the whole project is dedicated to satisfying user needs, it's all being done for us the public, 70+ people working hard for a year, just for us.

That's true. But it's not the whole truth.

GDS aren't just trying to improve the "user experience" as they call it, repeatedly, several times in every one of their 22 posts this month, when we use government websites. They're working towards making all public services digital by default, something not mentioned in a single one of their 22 posts so far this month. They're trying to make it so that we can only transact with government on-line. They're trying to make us Estonian, as ex-Guardian man Mike Bracken among others has being telling us for some time:

Estonia’s technology economy and online service provision- back to the future?

by Mike Bracken on 04/05/2012



... Whilst we met dozens of people at breakneck speed, many of whom we hope to see in the UK soon, over the next week I will be explaining the wider points we have uncovered which reflect directly on our challenge to make public services in the UK digital by default, and how the Estonian experience links to our core principles ...
IdA
Ex-Guardian man Mike Bracken is the Chief Executive of the (UK) Government Digital Service. He is also the senior responsible officer owner for identity assurance (IdA). You can't make public services digital by default if you can't identify the people you're dealing with. GOV.UK needs IdA, please see middle of the map.

Once you've decided that public services should be digital by default you have to try to prove that it works. You need a guinea pig. DWP drew the short straw and digital by default will be tested on Universal Credit (UC).

UC is the coalition government's attempt to spring the poverty trap and make work pay. It could hardly be more important to millions of human beings in the UK. Instead, it has become a sandpit, for adults who haven't outgrown their fascination with technology, to play in.

Asked by the Select Committee on Work and Pensions what are the biggest risks faced by UC Lord Freud, the minister responsible, fingered identity assurance. With no IdA, there can be no UC.

Having wrested control over its own identity assurance from DWP and having thus made himself responsible for it, ex-Guardian man Mike Bracken was due to name the companies he has chosen as the UK's "identity providers" by 30 September 2012.

("Identity providers" may seem an odd locution at first but you've got used to "hate crime", haven't you, and by the same process "identity provider" will soon link to your Estonian core principles.)

He missed the September deadline but the announcement of the winners should finally be made next Monday 22 October 2012.

What to expect?

Facebook, Google, Twitter and the British Constitution
There have been leaks, including a very full one to the Independent newspaper on 4 October 2012, National 'virtual ID card' scheme set for launch (Is there anything that could possibly go wrong?).
If you’d like to know more the Q&A in The Independent gives a pretty good overview (the only thing we’d really quibble with is the headline).
That's what GDS say about the Independent article. It seems fair to assume that they wrote the whole thing apart from the headline.

The article mentions social media sites, mobile phone companies, banks, large retailers, the Post Office, Facebook, Microsoft, Google, PayPal, BT and Experian, the credit referencing agency – please see middle right of the map, nothing new there for DMossEsq readers. We should expect between five and 20 organisations to be appointed as identity providers next Monday, thereby becoming an unlikely part of the British Constitution.

It confirms the link between IdA, GOV.UK and UC and it sets IdA in the context of the US National Strategy for Trusted Identities in Cyberspace (NSTIC) and the Open Identity Exchange (OIX) – who are GDS trying to impress?

The Independent article also claims that IdA will "prevent login fatigue", the suggestion being that as long as you can remember your Facebook or bank login details, then you can "apply for services ranging from tax credits to fishing licences and passports".

Abandoning the Government Gateway in this way may well prevent login fatigue, you won't have to remember your Gateway user IDs and passwords any more, but it reduces security and that threatens the future of on-line business.

The Cabinet Office sandpit may be prepared to take that risk. It is hard to believe that the banks, the mobile phone companies and the major retailers are. They would see their own brands destroyed when IdA goes wrong, even if the problem is caused by Whitehall. That's not a risk worth taking. The chairmen and chief executives of these companies don't normally act against their own best interests. They won't this time. Let's see just how committed the banks, telcos and retailers are, in next Monday's announcements.

Cybercrime
CESG is the information assurance arm of GCHQ. They have issued three reports on RSDOPS – the requirements for the secure delivery of on-line public services, please see top right of the map. Let's see if GDS will show us the documentation certifying that their plans for IdA satisfy the RSDOPS conditions.

On 5 September 2012, GCHQ, the Foreign Office, the Cabinet Office and BIS, the Department for Business Innovation and Skills, got together to tell senior UK businessmen how bad they all are at cybersecurity. Why are GDS in that case entrusting IdA to them?

In the attempt to prove that you are who you say you are before the Department for Education grants you a student loan, or whatever, once we have digital by default IdA will be looking to the identity providers to confirm a selection of your "name, date of birth, address, gender, passport and driving licence numbers, financial history, electoral roll status and telephone numbers" and other such personal data. As the Independent (almost) say, what could possibly go wrong?

Losing control of the personal data in IdA is one possible mishap. Millions of us Britestonians could wake up one morning to find all our personal data for sale on a Russian website, ready to be used to clear out our bank accounts.

Losing access to public services, following an Estonian-style distributed denial of service attack, is another.

Anonymity and book-keeping
When the Department for Education checks to see that you are who you say you are and gets confirmation from the Third National Bank of Tallinn that you are, the process goes through a so-called "hub". The Cabinet Office claim that the "hub" has no memory. No details of the identity assurance transaction are recorded.

That's good, from the point of view of privacy.

But bad from the point of view of audit trail. Surely there has to be an audit trail supporting the grant of a student loan? That's just proper book-keeping and it would be remiss of Whitehall to break proper procedures.

Even if they are breaking procedures, though, there's always the Home Office and their Communications Data Bill, please see bottom right of the map. If the Bill is enacted, all web browsing will be recorded on GCHQ black boxes installed at ISPs (Internet Service Providers). So much for anonymity.

Dematerialised ID
Which brings us to the bottom middle of the map, BIS, and their midata initiative.

There is no announcement date for midata. The Cabinet Office and BIS are keeping quiet about it and hoping that they will thereby get their legislative powers rubber-stamped in the Enterprise and Regulatory Reform Bill currently going through Parliament.

midata would require us all to have one or more Personal Data Stores (PDSs) if the Bill is enacted as drafted. These PDSs would record all our personal data such as the names and addresses mentioned above plus all our transaction data and they – the PDSs – would be in continuous contact with all our suppliers including government departments keeping each one up to date with any change in our circumstances.

The Independent were clearly briefed to emphasise that the government has abandoned its plans to introduce material, plastic ID cards. No doubt that's true. No government department wants to suffer the fate of the Identity & Passport Service which seems to have had a corporate nervous breakdown when the last ID cards scheme failed.

But a PDS is an ID card. It's a dematerialised, dynamic, distributed ID card, but an ID card for all that. The government hasn't abandoned its plans. It's planning for something much more powerful. Something that really could provide identity assurance on-line. PDSs.

It will be worth pressing GDS next Monday on the subject of midata and its attendant PDSs. They can't pretend that it's nothing to do with them. William Heath is on the BIS strategy board for midata and he is the chairman of Mydex, a company which hopes one day to manage PDSs for us all, and he was demonstrating Mydex's wares at the 31 October 2011 identity assurance event where Francis Maude announced his £10 million investment in Mydex and others. And according to him:
We [Mydex] support midata. It will empower individuals and at last give real teeth to the good intentions behind the Data Protection Act subject access request. It goes hand in hand with the new UK and US approaches to ID assurance, which we also support. We think midata needs to apply also to other UK public services including health, education and job-seeking.
The unwebbed
You'd think that would be enough problems for GOV.UK. It's not clear how involving the Post Office, the banks, etc ... will help to provide identity assurance on-line. All that is clear is that GDS want to abandon the Government Gateway and lose the tried and tested security that it's provided for 10 years and more. What GDS really need is PDSs but it's unimaginable that the British people will let them have their way. Meanwhile, the Home Office's Communications Data Bill threatens the anonymity that the Cabinet Office are offering and we have yet to see if IdA has been certified by CESG.

But that's not all.

There are more problems.

Take a look at the map again. Middle left. The Public.

Between eight and ten million adult Britestonians have never used the web. What's the point of trying to make all public services digital by default if the people most likely to need public services can't access them?

And large parts of the country don't have reliable, cheap, fast broadband.

What's GDS doing about these problems?

Answer, they've started a project. It's got a name – "assisted digital". There's an assisted digital blog. It's had all of four posts on it since 28 July 2011. And that's it. We've still got eight to ten million people who can't use GOV.UK and IdA.

Far from offering savings, which is one of the benefits promised for all this playing in the sandpit, we'll end up paying for both the new on-line delivery method for public services and the old one, involving people, in offices, with telephones, and letters, and face-to-face interviews. The question isn't how much we'll save, it's how much more it will all cost.

Cloud computing – the Pied Pipers of Hamelin
And then from out of a blue sky comes another problem.

The IT industry is currently suffering one of its recurrent bouts of tulipmania and talking rubbish about the merits of cloud computing.

Don't take DMossEsq's word for it. Take the OECD's word for it and ENISA's. If you prefer your gurus to be bearded, try Richard Stallman. Otherwise, listen to Larry Ellison, the billionaire President of Oracle, talking about cloud computing:
Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?
Some 12 year-old management consultant had the bright idea of comparing IT to the utilities. Wouldn't it be good if you only paid for the IT you use. Turn on the tap and you pay, turn it off again and you don't. That way IT would be cheaper.

He or she might like to take a look at this week's newspapers, full of stories about how it's impossible to keep utility bills down, particularly energy prices.

But 12 year-olds probably don't read that bit of the newspaper.

The suppliers are talking up the merits of cloud computing and if you work in IT you can hardly hold your head up with dignity if you aren't solving all your problems by moving your applications to the cloud.

You'd better hope that your lawyers aren't following this fashion. Cloud computing amounts to losing control of your data by handing it over to other organisations like Amazon who put it on their servers which may be anywhere in the world, beyond the jurisdiction of the English courts, and under the control of staff about whose suitability you know nothing. Lawyers are meant to keep your data safe and confidential.

So is Whitehall but they've jumped on the bandwagon anyway and they just can't get enough of cloud computing. Cloud computing will make public services reliable, trusted, efficient, green, you name it, they'll believe it.

Somehow, see bottom left of the map, HMRC have agreed to put all their local office data – i.e. all our data – in the cloud. This should be impossible but when tulipmania strikes a tulip bulb really is worth ten years' salary.

HMRC's dangerous, imprudent, ill-advised, unprofessional, wrong-headed, unbusinesslike, undignified and irresponsible decision is important, but it isn't the subject of this post.

What is the subject of this post is this – not only will the public be logging on to the cloud to deal with HMRC, we will have to do the same to use GOV.UK. GOV.UK will be hosted in the cloud. To put it another way, Whitehall will have no control over the data in GOV.UK because "cloud computing" is a synonym for "no control".

There are big companies supplying cloud computing services. Notably Amazon, Apple, Microsoft and Google.

They're not very keen on paying tax in the UK. But they're big.

They're all American and so, by virtue of the USA PATRIOT Act, any data in their possession can be subpoenaed by the FBI, which may not be what you had in mind when you applied for a fishing licence. But they're big.

And being big becomes a virtue when you see who GDS and HMRC have contracted with to provide cloud computing services – a company called Skyscape Cloud Services Ltd, please see map bottom left-ish.

Skyscape Cloud Services Ltd
Skyscape is too young a start-up to have submitted any accounts to Companies House yet. But according to its annual return, it has no company secretary and just one director, a Mr Jeremy Robin Sanders. Mr Sanders is also the holder of all £1,000-worth of paid-up share capital.

HMRC and GDS have entrusted our data to the care of one man. Even in a tulipmania hospital HMRC and GDS would have to be segregated.

There's more.

When they're looking after crucial national data, the location of data centres should be kept secret for obvious security reasons. It looks as though Skyscape have inadvertently managed to announce where our data will be stored and thus where it could be attacked.

The user experience
There's a lot hanging on tomorrow's and next week's announcements.

And it's not about 70+ charming people working in the offices of GDS tirelessly in the interests of the public's needs. (They've published two more posts on their blog, by the way, since DMossEsq started this post.)

It's about GDS ignoring the fact that up to 10 million of their parishioners won't be able to experience GOV.UK at all.

It's about inviting the likes of Facebook and Google into the British Constitution.

It's about an infantile faith in technology.

It's about GDS proceeding on the unproven assumption that you can deliver on-line identity assurance for large populations. Large populations like 60 million+ Britestonians. It's not businesslike and it's not responsible to proceed on the basis of hope alone, to spend public money without first providing evidence.

And it's about holding up Universal Credit, ignoring the predicament of real people, while playing in the sand.

We're looking here at Constitutional lunacy and misfeasance in public office at the heart of Whitehall.

GDS – the user experience of misfeasance in public office

Tomorrow's news
17 October 2012 – GOV.UK goes live
22 October 2012 – major announcement on IdA (identity assurance)
26 October 2012 – G-Cloud II
Who knows when? – midata

What does that all add up to?

Whitehall and others wasting your money with impunity – the disgraceful state of public administration in the UK.

You want DMossEsq to draw you a map?

OK:

Saturday 13 October 2012

Martha Lane Fox – https://www.gov.uk/machiavelli

Something's up
It's still only 12 October as DMossEsq starts this post and the Government Digital Service (GDS) team have already published 22 posts on their blog this month. They've never done that before. Something's up:
  1. 12/10/2012 – This week at GDS
  2. 12/10/2012 – Coding in the open
  3. 12/10/2012 – Meet the finance team
  4. 11/10/2012 – No link left behind
  5. 11/10/2012 – One size does not fit all
  6. 11/10/2012 – What devices are we supporting at launch, and why?
  7. 10/10/2012 – Agile projects: the people side
  8. 10/10/2012 – Writing for a citizen isn’t the same as for a customer
  9. 09/10/2012 – Sharing the GDS approach with Code for America
  10. 09/10/2012 – Finding your way around GOV.UK
  11. 09/10/2012 – Exploring user needs
  12. 09/10/2012 – Not so special after all
  13. 08/10/2012 – Building with APIs
  14. 05/10/2012 – This week at GDS
  15. 05/10/2012 – Testing GOV.UK with real users
  16. 04/10/2012 – Less About Identity, More About Trust
  17. 03/10/2012 – Building a performance platform for GOV.UK
  18. 03/10/2012 – Where has ‘auto suggest’ gone?
  19. 03/10/2012 – SEO for GOV.UK
  20. 03/10/2012 – Why we’ve changed the homepage
  21. 02/10/2012 – Introducing today’s release
  22. 01/10/2012 – Building for inclusion
Tom Loosemore is a Deputy Director of GDS. Ex-BBC, ex-Channel 4, ex-Capital Radio, ex-Ofcom, ex-Wired magazine, he sets the tone in his latest post:
And Meri donated a little mascot for the release of GOV.UK. The role of the mascot in the launch has yet to be determined…
A cuddly gryphon donated by Meri
---------- o O o ----------

Revolution not evolution
What's up is the release of GOV.UK, the output from GDS's single government domain project.

The plan is to make all public services digital by default. Why? Ask Francis Maude, the Cabinet Office minister, ask ex-Guardian man Mike Bracken, the executive director of GDS and senior responsible officer owner for identity assurance, ask Tom Loosemore, ... and the answer is, because Martha Lane Fox told us to.

What is GOV.UK? What does it mean to have a single government domain?

Let Martha Lane Fox tell you in her own words, taken from her 14 October 2010 letter to Francis Maude. That letter proposed the development of a single government domain on the web and is headed Directgov 2010 and beyond: revolution not evolution:
Make Directgov the government front end for all departments' transactional online services to citizens and businesses, with the teeth to mandate cross government solutions, set standards and force departments to improve citizens' experience of key transactions.
A few things have changed in the intervening two years – for example, for "Directgov", read "GOV.UK". But not many. The emphasis is still on teeth and on forcing other Whitehall departments to do things, like forcing DWP to re-write its invitation to tender for the identity assurance services needed for Universal Credit.
Change the model of government online publishing, by putting a new central team in Cabinet Office in absolute control of the overall user experience across all digital channels ...
There she goes again – absolute control. The user experience turns out, you'll see, to be important. But what is a "user experience"? It remains undefined in her letter.
Appoint a new CEO for Digital in the Cabinet Office with absolute authority over the user experience across all government online services (websites and APls) and the power to direct all government online spending.
This time it's absolute authority. Over the user experience, whatever that is, across all government on-line services. And the CEO is to have power. Quite a lot of it – the power to direct all government on-line spending, e.g. spending on Skyscape, the one-man start-up company whose location has inadvertently been given away on the web and into whose care GOV.UK is being entrusted.
I strongly suggest that the core Directgov team concentrates on service quality and that it should be the "citizens' champion with sharp teeth" for transactional service delivery.
We're still only on p.3 of a ten-page letter but even at this early stage who's going to disagree? Resistance is futile.
Directgov should own the citizen experience of digital public services and be tasked with driving a 'service culture' across government which could, for example, challenge any policy and practice that undermines good service design.
You may care to read that again. By virtue of being in charge of the government website, GDS must be in charge of government policy. It's obvious. To Martha Lane Fox. Government policy, it appears, is to be challenged if it might undermine the user experience, which has now become the citizen experience, and whatever it is that experience belongs – like tomorrow? – to "Directgov", i.e. it belongs to the CEO we met above, the one with absolute authority and the power to direct all government on-line spending, the Prince who's going to drive a service culture across government, willy-nilly.
It seems to me that the time is now to use the Internet to shift the lead in the design of services from the policy and legal teams to the end users.
Forget the daft old politicians. Obviously. And the extinct volcanoes of the senior civil service. And the legal stick-in-the-muds. Now the will of the people, the public interest, as determined by GDS, will be deployed using the Internet.
Directgov SWAT teams ... should be given a remit to support and challenge departments and agencies ... We must give these SWAT teams the necessary support to challenge any policy and legal barriers which stop services being designed around user needs.
Never has the word "support", sounded so minatory. Nothing must stand in its way. No policy. And no legal barriers. Support must prevail.
A new central commissioning team should take responsibility for the overall user experience on the government web estate, and should commission content from departmental experts. This content should then be published to a single Government website with a consistently excellent user experience.
A single government website, GOV.UK. Just one of them. GOV.UK is to be the (singular) government front end for all departments' transactional on-line services, please see opening quotation.
Ultimately, departments should stop publishing to their own websites, and instead produce only content commissioned by this central commissioning team.
You see two and three and so on are decadent. And degenerate. Only one is strong and consistently excellent.

Ultimately it makes sense to the user for all Government digital services to reside under a single brand ...
Who knows what makes sense to the user? Only the CEO for Digital.
... leadership on the digital communications and services agenda in the centre is too fragmented. I recommend that all digital teams in the Cabinet Office - including Digital Delivery, Digital Engagement and Directgov - are brought together under a new CEO for Digital.

This person should have the controls and powers to gain absolute authority over the user experience across all government online services ... and the power to direct all government online spend.

The CEO for Digital should also have the controls and powers to direct set and enforce standards across government departments ...

---------- o O o ----------

Identity assurance and power
There are a few quibbles with this extraordinary document of Martha Lane Fox's to which DMossEsq may return.

For the moment, just four points.

Firstly, while GDS have been developing GOV.UK, re-writing every central government website, DWP's Universal Credit has been left high and dry. That is no doubt an example of shifting "the lead in the design of services from the policy and legal teams to the end users". The consistently excellent user experience of benefit-applicants using GOV.UK some time in the future is more important than merely springing people from the poverty trap by making work pay right now – the pre-revolutionary policy tail cannot be allowed to wag today's enlightened delivery dog.

Second, why waste a lot of time re-writing government websites? There must be a reason. Remember that the single government domain is intimately bound up with one of GDS's other projects, identity assurance – they need to know who we users are who are enjoying the GOV.UK experience, gambolling around the single government domain. Perhaps, while developing GOV.UK, the opportunity has been taken to insert consistent hooks into it for a single identity assurance service? PDSs, anyone?


Third, consider the contrast. Tom Loosemore and the other members of the GDS team paint a soft focus picture of a benign GOV.UK in their 22 posts so far this month. GOV.UK is like Meri's cuddly gryphon pictured above and butter wouldn't melt in GDS's mouth. Whereas Martha Lane Fox invests it with sharp teeth and talks of SWAT teams driving and forcing and challenging and supporting and directing and setting and enforcing with controls and powers and absolute authority. Which is it?
Martha Lane Fox

Lorenzo di Piero de' Medici
And fourth, was Martha Lane Fox's letter a job application?

Maybe.

And maybe not – after all, Machiavelli didn't want the top job and contented himself with writing FAQs* on how to enforce standards in Renaissance Tuscany for various Medicis and Borgias.
Niccolò Machiavelli

Anyway, whichever, she didn't get the job. Instead, CEO for Digital went to ex-Guardian man Mike Bracken:
----------
* E.g. Del modo tenuto dal duca Valentino nell' ammazzare Vitellozzo Vitelli, Oliverotto da Fermo, etc. (1502) – a description of the methods adopted by Duke Valentino when murdering Vitellozzo Vitelli, Oliverotto da Fermo, Signor Pagolo, and the Duke of Gravina Orsini.

Martha Lane Fox – https://www.gov.uk/machiavelli

Something's up
It's still only 12 October as DMossEsq starts this post and the Government Digital Service (GDS) team have already published 22 posts on their blog this month. They've never done that before. Something's up:

Thursday 11 October 2012

GDS and Skyscape

The following open letter has been sent by email to ex-Guardian man Mike Bracken in his capacity as Executive Director, Government Digital Service (GDS) and Senior Responsible Officer Owner for the Cabinet Office's identity assurance programme (IdA). No response has been received:

[Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

Open letter [1]


Mike Bracken

Executive Director

Government Digital Service (GDS) 11 October 2012

Dear Mr Bracken

GDS and Skyscape Cloud Services Ltd

On 18 September 2012 GDS announced in a blog post [2] that it had contracted with Skyscape Cloud Services Ltd to host its “flagship platform” GOV.UK in the cloud [3]. The process was conducted “simply and rapidly”, it was “straightforward and quick” and is deemed to have delivered a “highly reliable [and] highly cost-effective ... flexible [and] scalable” result.
“It was easy”, says the man who wrote the post, “it was cheap, go and do it!”. This facetious approach cannot be what the public expects for GOV.UK, which is meant to replace every single central government website and to support every single transaction between the government on one side and the public – individuals, companies, trusts, etc ... – on the other.
GOV.UK is a big enterprise, even bigger than the Comment is free [4] website which you developed in your previous incarnation for the Guardian newspaper. Skyscape are meant to provide “Infrastructure as a Service” to support GOV.UK. Are they up to it?
Enquiries at Companies House reveal that Skyscape was incorporated as company no. 07619797 on 3 May 2011 and hasn’t yet submitted any accounts. It is impossible for the public therefore to assess the company’s track record and its financial strength. How did GDS make its assessment?
Skyscape may not have submitted any accounts but it has submitted an annual return as at 3 May 2012 according to which:
· It has no company secretary and just one director, Mr Jeremy Robin Sanders
· Skyscape has just £1,000 of paid-up share capital
· There is only one shareholder, the same Mr Sanders
· The company’s registered office is at Hartham Park, Hartham, Corsham, Wilts SN13 0RP
Questions must arise in the public’s mind whether Skyscape – being so new and so small – is a suitable company to host web access to all business transacted between the public and the government.
One share in Skyscape was held by Mr Jeffery (sic) Paul Thomas until 29 April 2012 when it was transferred to Mr Sanders. Skyscape mention on their website [5] a company called ARK Continuity Ltd. Enquiries at Companies House reveal that ARK Continuity has three directors, one of them being Mr Jeffrey (sic) Paul Thomas.
The other two directors are bankers appointed to protect the interests of Revcap Properties 25 Ltd, a property fund. ARK Continuity has filed accounts as at 30 April 2011 according to which its ultimate parent company is Real Estate Venture Capital Partners LLP.
According to its 16 December 2011 annual return:
· ARK Continuity has £16 of issued share capital, not all paid up
· Mr Thomas’s interest in the company is a nominal £3.20
· The company’s registered office is at Hartham Park, Hartham, Corsham, Wilts SN13 0RP
The business relationship between Skyscape and ARK Continuity is unclear. It is described as an “alliance” on the Skyscape website but what is an alliance in this case? It doesn’t look like a joint venture or a partnership. The question must arise in the public’s mind just what the business relationship is and what GDS are relying on to support all transactions between the government and the public.
ARK Continuity’s principal activity is “the design, construction and operation of data centres”. They’re a property company and naturally enough they proudly describe their major product, the Spring Park data centre, on their website [6] including a map how to get there and the address – Hartham Park, Corsham, Wiltshire SN13 0RP.
Skyscape, ARK Continuity and Spring Park all have the same address. It is possible that the location of the data centre which provides the infrastructure for all transactions between the government and the public has been advertised for everyone to see on ARK Continuity’s website – everyone including terrorists and hackers. That looks like a potential breach of security.
By this stage, Mr Bracken, you will agree that the decision to contract with Skyscape and the conduct of the business relationship so far appear dangerous, imprudent, ill-advised, unprofessional, wrong-headed, unbusinesslike, undignified and irresponsible. Could I ask you please to comment on these matters of public interest.
Yours sincerely
David Moss
cc Home affairs editors – the Times, the Telegraph, the Guardian and the BBC




[1] GDS and Skyscape, http://www.dmossesq.com/2012/10/gds-and-skyscape.html
[2] Introducing a new supplier (Skyscape), http://digital.cabinetoffice.gov.uk/2012/09/18/introducing-a-new-supplier-skyscape/
[3] HMG's cloud computing strategy – there isn't one, http://www.dmossesq.com/2012/06/hmgs-cloud-computing-strategy-there.html
[4] Comment is free, http://www.guardian.co.uk/commentisfree/uk-edition
[5] Skyscape Cloud Alliance, http://www.skyscapecloud.com/about/the-skyscape-cloud-alliance
[6] Spring Park, http://www.arkcontinuity.co.uk/contact-spring-park.html

GDS and Skyscape

The following open letter has been sent by email to ex-Guardian man Mike Bracken in his capacity as Executive Director, Government Digital Service (GDS) and Senior Responsible Officer Owner for the Cabinet Office's identity assurance programme (IdA). No response has been received:

[Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]