Sunday 3 April 2016

Lotus Notes redux

So what will GOV.UK Notify do?

Government receives millions of calls every year, from people anxious to find out where their thing is at. People have to spend time on hold, and running call centres costs a lot of money.

GOV.UK Notify is going to make it easy to keep people informed, by allowing service teams across government to send text messages, emails or letters to their users, before they get anxious enough to call.
Compare https://en.wikipedia.org/wiki/IBM_Notes#History from 1989 with roots going back to 1973.

Lotus Notes redux

So what will GOV.UK Notify do?

Government receives millions of calls every year, from people anxious to find out where their thing is at. People have to spend time on hold, and running call centres costs a lot of money.

GOV.UK Notify is going to make it easy to keep people informed, by allowing service teams across government to send text messages, emails or letters to their users, before they get anxious enough to call.
Compare https://en.wikipedia.org/wiki/IBM_Notes#History from 1989 with roots going back to 1973.

Friday 1 April 2016

Faster horses

http://www.cio.co.uk/blogs/political-debate/digital-public-services-20-years-of-faster-horses-3636630/:
Those who optimistically believe they are breaking new ground by improving the online experience are often merely tracing footprints on a path already much trodden, reinventing and rediscovering anew the same things – from a common website to cross-government platforms. The result has been several generations of faster horses.

Faster horses

http://www.cio.co.uk/blogs/political-debate/digital-public-services-20-years-of-faster-horses-3636630/:
Those who optimistically believe they are breaking new ground by improving the online experience are often merely tracing footprints on a path already much trodden, reinventing and rediscovering anew the same things – from a common website to cross-government platforms. The result has been several generations of faster horses.

No-one's ever done payments before

Building GOV.UK Pay

Ian Maddison, 31 March 2016 — GOV.UK Pay

We previously introduced GOV.UK Pay, a new Government as a Platform product, to make payments more convenient and efficient. We’ve spent 6 months building our beta, and very soon we’ll be taking our first real payments with our first partner services. We wanted to give you an update on our public API, how we're making integration straightforward, security and our technical choices.

As a greenfield project ...

No-one's ever done payments before

Building GOV.UK Pay

Ian Maddison, 31 March 2016 — GOV.UK Pay

We previously introduced GOV.UK Pay, a new Government as a Platform product, to make payments more convenient and efficient. We’ve spent 6 months building our beta, and very soon we’ll be taking our first real payments with our first partner services. We wanted to give you an update on our public API, how we're making integration straightforward, security and our technical choices.

As a greenfield project ...

RIP IDA – decision time

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


It's April 2016 and some time in the next few days or hours someone has to decide whether to declare that GDS's GOV.UK Verify (RIP) system is live.

Whose decision is it? And what does "live" mean?

"Live" must mean something. We can't have another débâcle like GDS's 25 transformational exemplars, when eight exemplars had gone live 800 days after GDS gave themselves 400 days for the project but, if you added in the nine exemplars that were in public beta, then that meant 17 were live, call it a round 20.

Let's assume that "live" means no longer in beta testing, it means that GOV.UK Verify (RIP) is now in operation, it's being relied on, the relying parties are committed, the safety net's been rolled up and stowed away, GOV.UK verify (RIP) is on its own, it's out there in full view, there's no alternative, alea iacta est.

Relied on by whom?
  • Not the Scots. They've got their own identity assurance system for access to public services.
  • Not local government. They don't need GDS, who are still working on their model for local government.
  • Not the NHS. They've explicitly rejected GOV.UK Verify (RIP).
  • Not DWP. They've got enough problems with Universal Credit. And they remember the promise that identity assurance for 21 million claimants would be "fully operational from Spring 2013".
That leaves HMRC. As usual.

As we repeatedly discover, "on-line access to public services" means on-line access to HMRC.

What are the chances of anyone deciding that HMRC should depend on GOV.UK Verify (RIP)?

Nil.

GOV.UK Verify (RIP) still can't verify the identity of a company. So it can't be used to collect corporation tax, for example, nor the bulk of PAYE, NI and VAT. For that, HMRC will have to continue to rely on the Government Gateway.

But GOV.UK Verify (RIP) is meant to be able to verify the identity of individuals. What are the chances of anyone deciding that HMRC should depend on GOV.UK Verify (RIP) and switch off the Government Gateway at least for individuals?

The enormity of that decision makes it clear that it won't be taken by DCMS, who have somehow inherited nominal responsibility for the national IT digital strategy from BIS. And it won't be taken by GDS either.

GDS is in the Cabinet Office. The permanent secretary, John Manzoni, is also the CEO of the civil service. He starts to look senior enough to be involved in the decision. So does Matt Hancock, the Cabinet Office minister.

But only involved. HMRC also would have to be party to the decision. And the Treasury. Which means not just the permanent secretary at the Treasury but the Chancellor of the Exchequer as well. So now we're into the Cabinet. And the Cabinet Secretary, Sir Jeremy Heywood.

This decision is going to have to be taken by a team of senior ministers and their top officials.

It's an unenviable job.

The decision team might look at the criteria established a year ago in GOV.UK Verify [RIP]: Objectives for live. There, GDS set out six objectives that have to be achieved before GOV.UK Verify (RIP) can go live:

Criterion/objective
Outcome
1Readiness for services to adopt GOV.UK Verify (RIP)GDS claim that there are nine public services currently available through GOV.UK Verify (RIP). The true figure might generously be seven. GDS sometimes claim that there will be 50 public services available through GOV.UK Verify (RIP) this month but they also row back from that figure to some smaller, unknown number. Who knows who's ready for what?
2Demographic coverage: 90% for services using GOV.UK Verify (RIP) by April 2016Relying, as it does, on credit history information, passports and driving licences, GOV.UK Verify (RIP) has had particular trouble registering the very young and the very old. There is no sign that those problems have been solved. According to GDS, the solution lies in using more personal information to identify people. They have never said what additional personal information they have in mind and we have no idea whether people would consent to the intrusion. Who knows what the demographic coverage rate is?
3Success rate: 90%63%. Allegedly. That's the authentication success rate. Meanwhile, the authentication completion rate languishes at 33%. Neither figure is anywhere near the 90% minimum required specified.
4Everyone can use GOV.UK Verify (RIP) to access servicesNo. Some people refuse to use it. Among the willing, some don't have the IT skills. Among those willing who have the IT skills, they don't all have access to viable broadband. Not everyone has a live-looking credit history and a passport and a driving licence. GDS's assisted digital initiative has never made any headway. There is no hope whatever that everyone can use GOV.UK Verify (RIP) to access either the public services or the private sector services GDS have been vainly lobbying.
5A range of high quality certified companies for people to choose fromTheir quality is a matter of opinion. The nine "identity providers" promised fell to eight when PayPal pulled out. Verizon have been hacked and are currently out of action which takes us down to seven. Of those seven "identity providers", only three are certified and no-one's ever heard of two of them, trustworthy though they may be. All the "identity providers" want to collect colossal amounts of personal information and share it with other companies all over the world out of the owners' control. Why would people choose any of them just to check the points on their driving licence?
6The product and service are scaled, resilient and operationally ready for liveWho knows?

Quite rightly, GDS have never had to take a decision of national importance. The decision team are likely to have very different criteria. But even by GDS's own lights, the decision now can't possibly be yes, GOV.UK Verify (RIP) is ready to go live. Just look at the table above. The decision team have careers and reputations to consider. And there is something called "the national interest", to which they will not be blind.

The decision team might decide to take the traditional Whitehall route and delay the live date. But delay it for how long? A month obviously isn't long enough. Three months? Six months? GOV.UK Verify (RIP) has already been in development for four years and in beta for two. What reason is there to believe that matters will have improved in six months time? How many more "identity providers" will walk away in the meantime? What miracle or magic needs to take place? What needs to change? And if someone knows the answer to that, why hasn't it already been changed?


The decision team might even take the radical option and decide to cancel GOV.UK Verify (RIP) now. Bow to the inevitable. The first cut is the deepest. Stop-loss. TSR2. GDS set out to avoid the creation of a national identity register, as required by a feature of the disgraced ID cards scheme, and ended up trying to create nine national identity registers (or eight of them or seven, however many "identity providers" we have left).

The decision team could take the Government Gateway away from DWP, who have been poor custodians, and give it to someone else to improve, not the Home Office, maybe HMRC. Or they could give the identity assurance job to Scotland. But not Estonia. Or – think back to Taurus and Crest – they could get the Bank of England to sort something out, probably with the banks, who have on-line identity assurance systems and experience coming out of their ears.

There's face-saving to consider, of course. And not just nationally – blatant log-rolling has seen GDS celebrated abroad and credited with the creation of copycat operations in the US, Australia and now Argentina which in turn validates GDS as the hip option for the politician who wants to be seen as transformative and modern. It remains the case that, the sooner the decision team act radically, the less the loss of face.

----------

Updated 6.4.16

Hard to believe but the decision has been taken.

We know that because Neil Merrett told us yesterday GOV.UK Verify [RIP] on course for live service switchover this month.

GDS caught up today: "We and the certified companies are now working towards our next milestone - going from beta to live later this month".

Verizon have now limped back into action, registering new victims of GOV.UK Verify (RIP).

GDS say that "having a range of high quality certified companies for people to choose from is one of our objectives for live". They have these objectives, none of them have been met, please see above, but GOV.UK Verify (RIP) is to be inflicted on the public nonetheless.

Talking of all eight "identity providers", GDS are "sure their solutions are secure". Barclays, on the other hand, say "the internet is not completely secure ... we cannot guarantee the security of your data ... we will ... try to prevent unauthorised access". They can't both be right.

GDS will "continue to help GOV.UK Verify [RIP] work for more people". That's not going very well, as we were saying only this morning:
  • GOV.UK Verify (RIP) tends to exclude individuals with a low income, people outside the managerial and professional classes, the unemployed, the very young, the very old, urbanites, women and Northerners.
  • And for everyone else, even theoretically, it's still miles away from the 100% identity verification rate you might, if you're old-fashioned, associate with public provision.
What is the probability today that GOV.UK Verify (RIP) can verify your identity? According to GDS:

GDS want to go live even though they know that between 20 and 30 percent of low-paid individuals can't register for a GOV.UK Verify (RIP) account. So much for putting the user first, these people will be excluded by default from public services.


Updated 13.4.16

"... no reason for GOV.UK Verify [RIP] to be used ..."

The Privacy and Consumer Advisory Group (PCAG) have devised guidelines under nine headings for the privacy aspects of GOV.UK Verify (RIP). The Government Digital Service (GDS) claim to abide by all nine while actually abiding by none of them.

Hat tip someone, the minutes of PCAG's 10 February 2016 meeting have been published. It would be a pleasure to write several thousand words commenting on the matters arising but let's concentrate on item 2.4:
GROUP BUSINESS - ONS Census (Terry Makewell, Jo Neagus - ONS)
Following a presentation on the potential use of GOV.UK Verify [RIP] for the 2021 Census, Group members recommended that there was no reason for GOV.UK Verify [RIP] to be used on this occasion given that the Census is a count of households rather than individuals and that it would be inappropriate to do so.  However, the Group further suggested that GOV.UK Verify [RIP] could be used for other surveys run by ONS, but that this would be a separate discussion and the potential role of Verify would depend on the specific surveys under consideration.
In five years time the Office for National Statistics (ONS) will conduct the 2021 UK census. We have been prepared ever since the 2011 census to see new methods used.

Digital methods. 2021's will be a digital-by-default census. The census will be a service resting on one of GDS's data-sharing platforms, underpinned by a canonical population register compiled, surely, by GOV.UK Verify (RIP).

No. The decision has been taken. The ONS will do its census. It won't rely on GOV.UK Verify (RIP). For whatever reason, GOV.UK Verify (RIP) is out of the running.


Updated 15.4.16

GDS work tirelessly to improve everyone's lot. They tinker around with the front end of GOV.UK Verify (RIP) like top hairdressers trimming and shaping and layering, always seeking to retain a certain look while everything under their expert hands is actually alive and constantly changing.

There was Todd Anderson, for example, telling us the other day in GOV.UK Verify: [RIP] Technical delivery update, 11 April 2016 that "to improve GOV.UK Verify [RIP] and make it better for end users, since our last update we’ve … added new journeys to the hub to reflect the new features released by the certified companies".

Keen-eyed stylewatchers will have spotted some of the primping done on the registration dialogue for new victims of GOV.UK Verify (RIP). For example this screen ...

... used to ask victims to confirm that they are aged 19 or over. That was before 12 April 2016. Now it's 20. And that makes it "better for end users".

Think about it.

According to the Office for National Statistics (ONS), the breakdown of the UK population by age and by sex in mid-2014 was something like:



Source: Office for National Statistics

Notes:

Ages above 105 are not included on the population pyramid.

The ONS's data sheet estimated that there were 790,575 19 year-old victims in the UK in 2014 and that there will be 864,872 by 2039. Let's say there are roughly 800,000 of them at the moment.

What Sweeney Todd Anderson and his team have done is to reduce the GOV.UK Verify (RIP) universe by 800,000. Just like that, they've excluded 800,000 people from the possibility of getting on-line accounts which would allow them to transact with government.

GOV.UK Verify (RIP) already had a problem reaching its target 90% coverage. It's languishing at the moment around the 67% mark. GDS have just chopped another 1.2% off GOV.UK Verify (RIP)'s reach.

These are enormous decisions to take. And they're being taken -- in the modern, transformed, agile Whitehall way -- by the hairdressers of GDS.


Updated 18.4.16

An ex-maths teacher writes:
A  The Government Digital Service (GDS) say that the demographic coverage for services using GOV.UK Verify (RIP) must be 90% if the system is to go live in April 2016.
B  At the same time, GDS are trying to dissuade anyone under the age of 20 from registering:

The Office for National Statistics (ONS) estimated that there were 15,259,986 people under the age of 20 in the UK in mid-2014 and that there would be 16,647,588 of them by mid-2039. Those figures represent 23.62% and 22.41% of the ONS's estimated UK population, respectively.

B implies that it is impossible for GOV.UK Verify (RIP) to achieve a coverage of 90% and A implies that it is therefore impossible for the system to go live in April 2016.

Despite professing its virtues, GDS seem to be strangers to data science.
N The ex-maths teacher's contribution isn't very impressive, is it. GOV.UK Verify (RIP) is no use for age verification of the young. We already knew that. Otherwise, five year-olds don't need to view their driving licence details or apply for rural payments, for example, so it doesn't matter if they're excluded.

RIP IDA – decision time

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


It's April 2016 and some time in the next few days or hours someone has to decide whether to declare that GDS's GOV.UK Verify (RIP) system is live.

Whose decision is it? And what does "live" mean?

Tuesday 29 March 2016

RIP IDA – not good enough for the NHS and not good enough for you

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


This is what the Government Digital Service (GDS) have to say about the security of GOV.UK Verify (RIP). It's secure. And it stops someone pretending to be you. And it fights the growing problem of on-line identity theft.

The splash screen you see if you bravely register for one of GDS's GOV.UK Verify (RIP) accounts

HSCIC
Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
But it's not quite as clear-cut as that. According to Computer Weekly magazine, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC.

Not only that, but "The government’s Verify identity verification platform isn’t secure enough for the NHS, so Liverpool Clinical Commissioning Group and HSCIC are working to add extra levels of security".

NHS Liverpool CCG
National Health Service Liverpool Clinical Commissioning Group (CCG) is responsible for planning and buying most NHS services for the people of Liverpool …
And "Liverpool Clinical Commissioning Group (CCG) is working to make the government's identify authentication platform secure enough for the NHS to use".

Why do Computer Weekly keep banging on about security? Because Rob Shaw of HSCIC told them there is a security problem with GOV.UK Verify (RIP), "we absolutely have to make sure it’s secure enough" and "Verify is not quite there in terms of the level of security we’ll need in terms of the health services" and "we’re likely to take it to the next level in terms of security".

The Cabinet Office helpfully chimed in with "We take our users’ privacy and the security of their data very seriously and the new system is safer and more secure than previous ways of proving who you are online".

Followed by Dave Horsfield of the Liverpool CCG, "the programme is about giving patients access to their records for whatever purpose they want, securely and easily".

Apparently "the NHS is worried that Verify won’t be, or won’t come across as, secure enough for people’s health records ... we’ve got an extra layer in health where people are very worried about security".

In case you haven't been counting, that's ten 12 occurrences of the word "secure" and its cognates. Anyone would think there's a security problem with GOV.UK Verify (RIP). The sheer weight of repetition must have overwhelmed most readers into believing that.

But not Jim Gumbley. This Liverpool business is not an example of a security problem, Jim says. It's an identity-proofing problem. And that 's different.

It's wrong in that case to say that GOV.UK Verify (RIP) isn't secure enough for the NHS. Better to say that it's not good enough at stopping people from pretending to be you. Or that it's lost the fight against the growing problem of on-line identity theft.

Mr Horsfield thinks he may be able to solve the GOV.UK Verify (RIP) problem with a combination of social media and biometrics – the triumph of hope over experience.

Jim's right. As usual. Identity-proofing and security are two different things and shouldn't be confused.

It remains the case that GDS's splash screen is wrong and that GOV.UK Verify (RIP) isn't "good" enough for the NHS. So it isn't good enough for any other "relying party" like HMRC or DWP either. Or for a bank. Or for a criminal court. Or even for a civil court. And it's certainly not good enough for you.

RIP IDA – not good enough for the NHS and not good enough for you

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


This is what the Government Digital Service (GDS) have to say about the security of GOV.UK Verify (RIP). It's secure. And it stops someone pretending to be you. And it fights the growing problem of on-line identity theft.

The splash screen you see if you bravely register for one of GDS's GOV.UK Verify (RIP) accounts

HSCIC
Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
But it's not quite as clear-cut as that. According to Computer Weekly magazine, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC.