|
----------
 |
The Government Digital Service: The Happiest Place on Earth
Untitled 2
Untitled 1
Friday 18 November 2016
Untitled 3
----------
The Government Digital Service: The Happiest Place on Earth
Untitled 2
Untitled 1
Untitled 3
|
----------
|
The Government Digital Service: The Happiest Place on Earth
Untitled 2
Untitled 1
Tuesday 1 November 2016
RIP IDA – other people's money
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Selected UK local authorities are now conducting trials of the Government Digital Service's dead duck, GOV.UK Verify (RIP).
Generous to a fault with other people's money, GDS won't charge those local authorities – "GOV.UK Verify [RIP] accounts will be free to councils that participate for the duration of the pilot".
Other UK local authorities will have to pay for their use of GOV.UK Verify (RIP). How much? No-one knows. Not even GDS.
Suspend your disbelief for a moment and suppose that all UK local authorities depended on GOV.UK Verify (RIP). Some would pay for the privilege. Others wouldn't. GDS's generosity would inspire tensions.
GDS have further spiced up the recipe for tension with this little gem – there are "no plans to charge for the service being used by those outside the public sector". GDS aim to offer GOV.UK Verify (RIP) to the private sector for free.
This is the market in identity assurance that the ever-generous GDS have always said they wanted to create. While the London Borough of Merton would pay for it, the Royal Bank of Scotland would get GOV.UK Verify (RIP) for nothing.
That would be a nightmare. It is recommended that you now wake up and re-engage your disbelief. It won't happen. That's no way to run a market. It couldn't work. You know that even if GDS don't.
GDS are obviously worried about charging for GOV.UK Verify (RIP). Quite right, too.
The only way they can achieve any volume, they think, is to give the wretched service away for free. That won't work either.
Ergo GOV.UK Verify is dead. RIP.
RIP IDA – other people's money
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Selected UK local authorities are now conducting trials of the Government Digital Service's dead duck, GOV.UK Verify (RIP).
Tuesday 11 October 2016
RIP IDA – local government, the lender of last resort
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
11 local authorities are going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities are going to try to use it to issue residents' parking permits.
The plan previously was to see if GOV.UK Verify (RIP) could help with issuing taxi licences as well. It was always a peculiar plan and now it's been dropped.
GDS are demanding that local authorities commit to the trials/pilot runs. Once they've started they have to finish – GDS lays down law on council Verify adoption criteria. It's expensive, conducting trials ...
... and local authorities only want to use GOV.UK Verify (RIP) if it saves them money. That plan hasn't been dropped. GDS still haven't provided a price list but they're going to have to soon.
What should we expect to see as these trials unfold?
Let's work our way through an example.
Which local authority to choose? We've done Warwickshire County Council before. This time, let's choose Brighton & Hove City Council (B&HCC).
Which application? Residents' parking permits or concessionary travel passes? Let's go with the former. There's a form to fill in. Which kicks off with:
Standardisation v. localisation
This is quite different from the form we fill in here in the London Borough of Merton, for example. The two forms are doing one job. Why have two forms? That looks like the sort of duplication GDS normally abhor.
Getting everyone to use the same tools to do the same job is precisely the rationale for Government as a Platform. Are GDS happy to see different parking permit application systems developed in each local authority? Hundreds of different forms? Hundreds of different on-line application systems?
It seems unlikely while they are at the same time telling central government departments that they should all use the same (non-existent) payments platform, GOV.UK Pay.
Two years ago the BBC were belabouring local government. They were said to be wasting money by failing to standardise. Bull Information Systems joined in with the criticism. So did Skyscape. And the Taxpayers' Alliance. And Policy Exchange. GDS threw in their contribution by claiming that most government IT applications are about as difficult as the requirements of a medium-sized dating website.
Not a single local authority among them, of course, these critics are all confident because they've never done the job. Most attempts to share services between local authorities seem to fail. But the ignorant faith in standardisation remains.
As the pilot projects to which both GDS and the local authorities are committed unfold, expect to see an element of this tension between standardisation and localisation.
Data protection
Right at the top of the form, before any other business, there's B&HCC quite properly reassuring its parishioners about the personal information they're about to enter on the residents' parking permit application form:
That is a set of statements B&HCC can't possibly make if GOV.UK Verify (RIP) is inserted into their residents' parking permit application system. B&HCC will have no control over what information is collected, the uses to which this information is put, who can see it or where it will be stored. You can ring 01273 291207 all you like ...
Brighton & Hove City Council is the Data Controller for the purposes of the Data Protection Act 1998. This means that Brighton & Hove City Council is responsible for making decisions about how your personal data will be processed and how it may be used. The purpose(s) for which your data will be processed is Parking Permits. The information you provide may be used in detecting possible fraud. The information you provide will be treated confidentially at all times. Security safeguards apply to both manual and computerised held data, and only relevant staff/named disclosures can access your information.
If you have any queries contact the Data Protection Officer Tel: 01273 291207
... you won't get anywhere. GOV.UK Verify (RIP) is the end of privacy. In Brighton, and Hove, and anywhere else it infects. As long as that is understood, these trials may proceed smoothly. If there's any objection to local authorities abdicating their responsibilities and throwing their parishioners to the wolves, then it's going to be a bumpy ride.
Exclusion
Let's take it for granted that B&HCC need to know who is applying for a parking permit:
GOV.UK Verify (RIP) doesn't collect titles. Further, when you come to register for a GOV.UK Verify (RIP) account with one of GDS's remaining "certified companies" which often aren't certified:
But that's the least of B&HCC's problems if they rely on GOV.UK Verify (RIP) to identify applicants for parking permits.
The certified company will also ask your gender. Anyone, for any reason, can opt out of identifying themselves in this way and choose an ‘I prefer not say’ option. You’re not required to provide an answer and - even if you choose to do so - the certified company won’t verify it.
The level of assurance offered by GOV.UK UK Verify (RIP) that the applicant is who they say they are is low. The US National Institute for Standards and Technology believe that GOV.UK Verify (RIP) achieves no proof of identity whatever, it's no more than a self-certification scheme.
And that's the case for people who manage to register. Lots of people can't even self-certify.
The verification success rate with GOV.UK Verify (RIP) hovered around the 70% mark for a while until GDS stopped publishing the figures. They had previously made 90% success a condition of going live. 70% is less than 90%. GOV.UK Verify (RIP) shouldn't have gone live in May 2016. It hadn't satisfied GDS's own conditions.
If B&HCC can only use GOV.UK Verify (RIP) to get about 70% of applicants to self-certify – and it may be less than that – how is it going to save them money? They're going to need to operate other systems in addition. That looks like costing more, not less.
B&HCC may have a greater commitment to data science than GDS. Oh to be a fly on the wall when the Council discusses the merits of spending more money to automate the worthless self-certification of parking permit-holders.
Re-engineering
The B&HCC form moves on to:
It's quite a mouthful. There's a lot there. Let's take a step back.
GDS's "dream" was outlined by their ex-deputy director, Tom Loosemore.
 |
| "Just sort it all out for me" |
There should be no need for the applicant to specify the controlled parking zone they want a permit for (A, C, E, F, G, H, M, N, O, Q, R, T, U, W, Y or Z), that should be deducible from the address GOV.UK Verify (RIP) has already provided. B&HCC know the zones, they're B&HCC's zones for goodness sake, the applicant doesn't have to tell them.
Ditto, B&HCC can find out whether the application is for a low-emission vehicle as soon as they have the registration number. Certainly if it's a UK-registered car – DVLA, DVSA and the car insurance companies are already sharing this data. And even for foreign-registered cars – at least in our dreams. There's no need for the applicant to tell B&HCC.
Is the applicant a Blue Badge-holder? B&HCC probably already know the answer, they probably processed the Blue Badge application themselves, there's no need for the applicant to tell them.
GDS believe that transactions with government should be "friction-free". Asking the applicant to confirm information B&HCC already has is just friction. Out with it.
Taking into account their income from all sources, their savings and their financial commitments, an algorithm could calculate better than the applicant whether to opt for the 3, 6 or 12 month permit and even – to save inconvenience/friction – take the payment from the applicant's bank account.
There's no need to issue a material parking permit, of course. An entry on a database is quite enough by way of proof of the entitlement to park for B&HCC's digitised enforcement officers. At most, the applicant might be issued with a digital certificate to be stored on his or her mobile phone as a receipt for the payment made.
Too much to expect from B&HCC?
You may be right. Perhaps this work should be centralised in Whitehall. There's no need to duplicate these functions in each local authority.
That is the at once childish and sinister vision of GDS's Government as a Platform. A panopticon in which algorithms exercise your will for you based on what the pious Mr Loosemore calls a "single source of truth", i.e. hundreds of registers full of personal information about you.
It's quite beyond them to bring it about, of course. GDS couldn't even computerise farm payments. It's all just "internet jibba jabba", as Mr Loosemore was told, on his way out of GDS.
When B&HCC and GDS sit down to re-engineer or re-imagine or "imagineer" the new residents' parking permit application scheme, let's hope that someone remembers the benefits of friction.
----- o O o -----
GOV.UK Verify (RIP) is having trouble establishing itself with central government and with the public.
GDS approach local government now as supplicants. Local government is GOV.UK Verify (RIP)'s last hope.
No doubt local government is generally kindhearted but they are in no position to take on what everyone else has rejected. Why should they? What does GOV.UK Verify (RIP) have to offer them? What do GDS have to offer them?
GDS will tend to fight the "local" in "local government". GOV.UK Verify (RIP) will take the "protection" out of "data protection". It will exclude large chunks of B&HCC's population. And all for the sake of what? Some pie in the sky imagineering about Government as a Platform.
April 2016, Stephen Foreshew-Cain, writing in Where we’re at, and where we’re going:
Mr Foreshew-Cain took over as executive director of GDS when Mike Bracken left, at the same time as Tom Loosemore, in September 2015. Now he, too, is gone. As is Janet Hughes, GOV.UK Verify (RIP)'s sometime
Imagine being able to create a new service in hours, not months. Imagine being able to create two slightly different versions of a service, and see which one works best. And then, having done the research and iterated and improved the better one, simply killing off the one that didn’t make the cut ... Imagine being able to do that at negligible cost ...
"Wildly unrealistic expectations". That's the verdict on GOV.UK Verify (RIP) ...
... the verdict of its supporters.
Too much imagining. That's where GDS are at. It's hard to believe that that's where local government is going.
----------
Updated 4.3.17
It's been a few months since the Government Digital Service (GDS) started its GOV.UK Verify (RIP) trials with local government. How's it going?
Answer, please see Local authority use of GOV.UK Verify – Discovery case for transforming local public services using GOV.UK Verify, published by the Local Digital Coalition (LDC).
The LDC say: "This document is the first iteration of the case for local authorities to transform their digital services through the use of GOV.UK Verify [RIP] and other common components". It's a piece of sales literature. What's the pitch?
GOV.UK Verify (RIP) provides "strong online identity assurance", apparently. Local government will be able to create "secure, safe, fast and convenient" digital services thanks to GOV.UK Verify (RIP) and other GDS gifts. Their costs (i.e. staff) will be reduced and they will save billions. Privacy will be protected and trust will be ensured.
A traditional sales line, everyone's seen it before, and some people may even still believe it.
The LDC add weight to their claims by citing supporting documents:
- A combination of GDS gifts "lowers the barriers to ‘moving between suppliers’ and allows to switch from underperforming contracts4", for example, refers the reader to another document produced by the LDC.
- And something else the LDC recommend "can achieve reductions of up to 5% of savings in local authorities expenditure5" is supported by reference to a CIPFA document. (Savings will be reduced by 5%?)
The LDC give four examples (p.6) of how savings have been achieved by using GDS products, services and standards. Three of them have supporting citations ...
... and this one doesn't: "£111.44 million National Audit Office (NAO) approved savings through GOV.UK Verify [RIP]". No evidence of any such NAO approval has been found yet. This may explain the lack of a citation.
Updated 13.4.17
As noted above last October, 11 local authorities were going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities were going to try to use it to issue residents' parking permits:
| Residents’ Parking Permits | Concessionary Travel Pilot |
| Brighton and Hove City Council | Brighton and Hove City Council |
| Buckinghamshire Councty Council | Buckinghamshire Councty Council |
| Southampton City Council | Southampton City Council |
| Northumberland County Council | Northumberland County Council |
| Camden | Camden |
| Hillingdon London | Hillingdon London |
| Chelmsford City Council | Luton |
| Barnet London Borough | Central Bedfordshire |
| Oxfordshire County Council | Essex County Council |
| Canterbury City Council | Hertfordshire |
| Tunbridge Wells Borough Council | Warwickshire Councty Council |
| Wigan Council | |
| Newcastle City Council | |
| Sunderland City Council |
Next month the Local Digital Coalition (LDC) are going to lay on a showcase to "share the products we've delivered during the alpha phase of #VerifyLocal work - from prototypes to user research, and technical patterns to business case findings".
Will all 19 local authorities be there?
No.
It can be inferred from the LDC website that many local authorities have pulled out of these pilot schemes:
| Residents’ Parking Permits | Concessionary Travel Pilot |
| Buckinghamshire County Council | Buckinghamshire County Council |
| Southampton City Council | |
| Northumberland County Council | Northumberland County Council |
| Camden | |
| Oxfordshire County Council | |
| Hertfordshire | |
| Tunbridge Wells Borough Council | Warwickshire County Council |
| Sunderland City Council | |
| Cambridgeshire County Council (new entrant) |
Eight of the original 14 local authorities (57%) have pulled out of the residents' parking permits pilot scheme and six of the original 11 (55%) have pulled out of the concessionary travel scheme.
An unwary observer might believe that there are still 19 local authorities taking part in these GOV.UK Verify (RIP) pilots. Neither GDS nor the LDC have blogged to tell us that 10 of the original 19 local authorities (53%) are no longer involved.
That's a pretty hefty attrition rate that's going to be showcased.
Updated 28.4.17
There's no progress on the concessionary travel pilot that the Government Digital Service (GDS) is conducting with local authorities. Or, at least, with the five local authorities left, out of the 11 that started.
But there is progress on the residents' parking permits pilot, we learn today, please see Verify parking permit prototype to move to beta.
Eight of the original 14 local authorities have pulled out but for the survivors: "A key step has been reducing the level of assurance required for parking permit applications, reflecting the fact that permit applications are less sensitive than other services for which Verify could be used". I.e. GOV.UK Verify (RIP) is the wrong product to be using ...
... all a local authority really needs to know is that a car is registered at an address in their area. But, wait for it ...
... "Plans for the [Driver and Vehicle Licensing Agency (DVLA)] to enable checking of the vehicle registration to a given address have not been included in the current prototype as the agency is going through a transformation programme".
The residents' parking permits pilot is using the product it shouldn't be using and it isn't using the product it should be using. Good luck to the guinea pig residents of Buckinghamshire, Northampton, Sunderland, Oxfordshire, Tunbridge Wells, Sunderland and Cambridgeshire with that.
"The Theatre of the Absurd attacks the comfortable certainties of religious or political orthodoxy. It aims to shock its audience out of complacency, to bring it face to face with the harsh facts of the human situation", as we used to say.
GDS's religious/political orthodoxy has been confronted with the harsh fact that they have promised to sign up 25 million people to the unwanted moribund GOV.UK Verify (RIP) in three years time. Shocked out of their usual ineffable complacency, their absurd response is to reduce the already low level of assurance offered by GOV.UK Verify (RIP) and to ignore the essential DVLA product that is needed to meet residents' parking permit needs.
Absurd. It makes for amusing theatre. But the digital transformation of government in the UK it ain't.
Updated 11.5.17
13 April 2017, DMossEsq's millions of readers learned that over half the local authorities taking part in GDS's trials of GOV.UK Verify (RIP) had walked away.
3 May 2017 and the PublicTechnology.net (PT) readers learned the same thing, please see Local government Verify pilot hit by council departures.
PT followed up on the story. Why are the councils walking away?
We don't need GOV.UK Verify (RIP):
We've got more important things to do:
When asked by PublicTechnology for their reasons for leaving the trial, two councils - Hillingdon and Southampton - indicated that they were happy that their existing systems. Southampton said that its existing online verification service for bus passes “provides a similar functionality to the Verify solution”.
Maybe later:
Brighton and Hove - which left in February, just before the pilot entered alpha phase - said in a blogpost that it was “a great project but currently the timing isn’t right for us”, as the digital team “has a lot to deliver this year”.
Local government is hopelessly old-fashioned:
[Brighton and Hove] added that its plans for a virtual permits service “stands to benefit from a tie up with Verify at a later date”.
Camden made a similar point, saying that it had already invested in master data management, which it was looking at “fully integrating into the next phase of Verify”.
Wigan, Chelmsford and Newcastle councils all issued the same statement: “We are not participating in the current phase of the GOV.UK Verify [RIP] local authority pilots. We remain in contact with GDS on further GOV.UK Verify [RIP] developments and hope to include the system in local services in the future.”
GDS don't understand:
“Councils are used to procuring not building tech. Councils mostly lack the skills to do discovery, work in sprints and collaborate cross border,” said Adam Walther, project director at FutureGov.
Maybe it would help if GOV.UK Verify (RIP) didn't verify people's identity:
“... [GDS's Verify local team] have probably underestimated the complexity of working with this sector, and lack some of the design, delivery and political skills.
“To move beyond central government to support other parts of the public sector requires more humility, better design and reaching out to partners by everyone involved.”
... Matthew Cain was head of digital at Buckinghamshire County Council ... said that some of the initial requirements and expectations were unrealistic - for instance on the level of tech spend available to councils and in asking for roles that “didn’t even exist in the authority” ... in order to make headway, there needs to be more understanding on both sides.
Maybe it would be best if GOV.UK Verify (RIP) didn't do anything at all. That would make its use completely frictionless:
Kat Sexton from Cambridgeshire County Council - which joined the trial at a later date - told the Socitm spring conference last week that GDS was working on allowing Verify to offer a lower level of assurance that someone is who they say they are.
Good luck Cambridgeshire County Council with your starring rôle in the theatre of the absurd.
GDS have gone away and...they’re actually creating a lower level of assurance, which is great because we’ll be [keen to use] that,” Sexton said.
There's more ...
- HMRC and DWP don't want to use GOV.UK Verify (RIP).
- Why not use the Government Gateway, like "138 public services" already do?
- These trials concern residents' parking permits and concessionary travel, relatively easy applications, and yet there's no progress – suppose GOV.UK Verify (RIP) tried something difficult like the social care of vulnerable children or the victims of Alzheimer's, the sort of problems local government has to solve all day every day?
|
| Eight of the original 14 local authorities (57%) have pulled out of the residents' parking permits pilot scheme and six of the original 11 (55%) have pulled out of the concessionary travel scheme. |
Updated 18.8.17
11 local authorities started the concessionary travel pilot for GOV.UK Verify (RIP). When we last looked there were only five left. Now that Hertfordshire and Warwickshire County Council have pulled out we're down to just three survivors.
| Residents’ Parking Permits | Concessionary Travel Pilot |
| Buckinghamshire County Council | Buckinghamshire County Council |
| Southampton City Council | |
| Northumberland County Council | Northumberland County Council |
| Camden | |
| Oxfordshire County Council | |
| Tunbridge Wells Borough Council | |
| Sunderland City Council | |
| Cambridgeshire County Council (late entrant) |
The incredible shrinking band continues to shrink:
| Residents’ Parking Permits | Concessionary Travel Pilot |
| Buckinghamshire County Council | |
| Northumberland County Council | Northumberland County Council |
| Oxfordshire County Council | |
| Sunderland City Council | |
Only 3 left out of 15 starters | Only 2 left out of 11 starters |
RIP IDA – local government, the lender of last resort
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
11 local authorities are going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities are going to try to use it to issue residents' parking permits.
The plan previously was to see if GOV.UK Verify (RIP) could help with issuing taxi licences as well. It was always a peculiar plan and now it's been dropped.
GDS are demanding that local authorities commit to the trials/pilot runs. Once they've started they have to finish – GDS lays down law on council Verify adoption criteria. It's expensive, conducting trials ...
... and local authorities only want to use GOV.UK Verify (RIP) if it saves them money. That plan hasn't been dropped. GDS still haven't provided a price list but they're going to have to soon.
What should we expect to see as these trials unfold?
Let's work our way through an example.
Thursday 29 September 2016
"Stale" and "self-legitimising" public administrators
"... we foster a user-centred culture in GDS and across government by getting everyone involved in user research", it says in a Government Digital Service blog post today, Don’t forget! 2 hours every 6 weeks. "We have user researchers as part of agile teams, for example. That's part of our DNA ... Our natural state can be to look inwards [horror], towards our teams [awful], not outwards towards our users [that's better] ...".
This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".
This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.
Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?
Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?
"... remember that what [the users] ask for isn't always what they need" suggests that GDS can ignore their research data and revert to their prejudices on the grounds that the users don't know what they're talking about whereas GDS do.
We've been here before, in November 2013: "What does 'putting the user first' mean? Nothing? Whatever you want it to mean?".
We're not the only ones. See also June 2016's Digital Government: overcoming the systemic failure of transformation, where two Brunel University academics, Paul Waller and Professor Vishanth Weerakkody, point out that: "not much of a government or public administrative function directly involves citizens so a focus on the interface misses the point about 'transforming government processes' ..." (p.8).
And they're not the only ones. Our old friend Mark Thompson of the Methods Group and the Judge Business School at Cambridge University popped up in Computer Weekly magazine this month with Digital government isn’t about user needs – it’s more fundamental than that where he refers to the "stale, self-legitimising talk by public administrators about how they are building stuff to 'meet user needs' ...".
Have GDS already become stale and self-legitimising public administrators?
Are GDS part of the systemic failure of digital government transformation?
Are GDS going to be teaching the right syllabus in their new National Agile Polytechnic?
A bit of agile discovery work on the oldest rule in GDS's design principles book might help them and the rest of the world to get the user needs story straight.
This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".
This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.
Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?
Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?
"... remember that what [the users] ask for isn't always what they need" suggests that GDS can ignore their research data and revert to their prejudices on the grounds that the users don't know what they're talking about whereas GDS do.
We've been here before, in November 2013: "What does 'putting the user first' mean? Nothing? Whatever you want it to mean?".
We're not the only ones. See also June 2016's Digital Government: overcoming the systemic failure of transformation, where two Brunel University academics, Paul Waller and Professor Vishanth Weerakkody, point out that: "not much of a government or public administrative function directly involves citizens so a focus on the interface misses the point about 'transforming government processes' ..." (p.8).
And they're not the only ones. Our old friend Mark Thompson of the Methods Group and the Judge Business School at Cambridge University popped up in Computer Weekly magazine this month with Digital government isn’t about user needs – it’s more fundamental than that where he refers to the "stale, self-legitimising talk by public administrators about how they are building stuff to 'meet user needs' ...".
Have GDS already become stale and self-legitimising public administrators?
Are GDS part of the systemic failure of digital government transformation?
Are GDS going to be teaching the right syllabus in their new National Agile Polytechnic?
A bit of agile discovery work on the oldest rule in GDS's design principles book might help them and the rest of the world to get the user needs story straight.
"Stale" and "self-legitimising" public administrators
"... we foster a user-centred culture in GDS and across government by getting everyone involved in user research", it says in a Government Digital Service blog post today, Don’t forget! 2 hours every 6 weeks. "We have user researchers as part of agile teams, for example. That's part of our DNA ... Our natural state can be to look inwards [horror], towards our teams [awful], not outwards towards our users [that's better] ...".
This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".
This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.
Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?
Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?
This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".
This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.
Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?
Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?
Monday 26 September 2016
RIP IDA – however you cut it, GOV.UK Verify (RIP) is no more. It has ceased to be. It's expired and gone to meet its maker. This is a late identity assurance scheme. It's a stiff. Bereft of life, it rests in peace. If GDS hadn't nailed it to GOV.UK, it would be pushing up the daisies. It's rung down the curtain and joined the choir invisible. This is an ex-identity assurance scheme. RIP.
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default "internet era" world, with no on-line identity you won't exist.We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.
 |
| App info for Safran Morpho/SecureIdentity |
We have seen how GOV.UK Verify (RIP) flouts every one of the identity assurance privacy principles. Again, not a good idea.
Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).
Who does that leave?
It leaves CitizenSafe/GBG/GB Group plc or whatever they're calling themselves these days, Experian and the Royal Mail.
That looks like three "identity providers" but it's really only two. The Royal Mail's name is being used as a lure but GBG are doing most of the identity assurance work: "Under the terms of their agreement, GBG will manage all technology for the service, with Royal Mail handling call centre services where users may need to clarify technical issues over the phone" (please see 11.3.16).
DMossEsq can choose between GBG (who do criminal records checks and who have international expertise in postal addresses, please see Loqate) and Experian (who are a trusted FTSE-100 credit rating agency with decades of experience, some of it unfortunate). That's if he wants to access on-line public services via GOV.UK Verify (RIP).
Alternatively, he can access on-line public services using his Government Gateway accounts.
How to choose between those two? GOV.UK Verify (RIP)? Or the Government Gateway?
At first, the choice seems easy. The Government Gateway is old, it's been starved of funds for years, you have to wait for an activation code to arrive through the post before you can use the service, you need to maintain several sets of user IDs and passwords and it's fashionable to dislike it.
On the other hand, who is it convenient for, to have just one password as advocated by GDS? It's certainly convenient for hackers.
And relying on the post does act as a check of sorts that you are the person you claim to be. GOV.UK Verify (RIP) doesn't perform that check. Is it really possible to establish someone's identity entirely on-line? With how much confidence?
Can GOV.UK Verify (RIP) prove your identity?
- OIX, the Open Identity Exchange, GDS's business partner, don't think so. They say (p.11) that it's hard for GOV.UK Verify (RIP) to achieve even level of assurance 2 (civil courts), let alone the level of assurance 3 required for criminal courts.
- And the US National Institute for Standards and Technology are even more scathing. They say that GOV.UK Verify (RIP)'s registration work amounts to no more than self-certification.
- The NHS isn't impressed ...
- ... neither is DWP ...
- ... nor are the Scots.
- All sorts of demographics are excluded from GOV.UK Verify (RIP), which last seen was allegedly stuck on about 70% potential penetration, miles short of its 90% target. What use is a national identity assurance scheme that excludes 30% of the nation?
- One of its supporters says that the original plan was for GOV.UK Verify (RIP) "to provide low to medium security ID assurance for citizens, and this hasn’t changed". We should avoid "wildly unrealistic expectations", she says.
GOV.UK Verify (RIP) needs the banks. Not the other way around.
The banks do in-person identity-proofing. For know-your-customer and for anti-money laundering. It may not be very good but it's better than relying on entirely on-line proofing. The banks feed the credit rating agencies with (an extraordinarily large amount of) our personal information. GOV.UK Verify (RIP) depends on the banks.
It's circular to pretend that the banks could in turn depend on GOV.UK Verify (RIP).
Similarly there is nothing in GOV.UK Verify (RIP) to attract UK local government. Why should local authorities accept HMRC's rejects and DWP's and the Scots'?
GOV.UK Verify (RIP) requires us all to spray masses of our personal information all over the world. There must be better ways to enjoy the benefits of GDS's "internet era".
We're handing over our personal information. More and more of it. And GDS have their eyes on even more. Bank data, mobile phone data, health data, travel data, education data, social media data, ..., all in the interests of identification and attribute exchange. That's in addition to our passport data and our driving licence data and our credit rating data. And yet GDS still can't do their job and fill up GOV.UK Verify (RIP)'s population registers.
It's a privacy nightmare as noted above, a nightmare that we are to a large extent spared with the Government Gateway. Let's wake up.
The Americans have ditched connect.gov, their equivalent to GOV.UK Verify (RIP). The Australians are tying themselves in knots. And meanwhile here in the UK, for whatever reason, given the choice, millions of people are choosing the Government Gateway over GOV.UK Verify (RIP). So much for four or five years of user experience testing and agile software engineering. GDS have made the prototype of a product that no-one wants.
We can kiss goodbye to the unrealistic plans for attribute exchange. And to GDS's sinister and religiose plans for single-source-of-truth registers supporting fantasy Government as a Platform. The desperate pretence that GOV.UK Verify (RIP) is viable is understandable. But no excuse. It's still misfeasance.
That hole could be plugged by using an "internet era" system provided by Google, say. God forbid.
Or by using a descendant of the Government Gateway, best developed by the most successful digital transformation team – HMRC, and not DWP, God forbid – leaving GDS to concentrate on running the National Agile Polytechnic, as per their new director general's plan, with a syllabus set principally by HMRC.
(The bank-based Nordic alternative is not available to the UK, where we don't have the strong municipalities needed.)
Companies have identities, too, not just people. And GOV.UK Verify (RIP) doesn't even pretend to be able to prove the identity of a company. HMRC will continue to rely on the Government Gateway to collect tax from companies for the foreseeable future. The Government Gateway supports billions of transactions every year and collects the hundreds of billions of pounds of Exchequer revenue (p.6) needed to fund public services (p.5).
The Government Gateway has a future. GOV.UK Verify (RIP), by contrast, is no use to HMRC or anyone else.
In the course of five posts over the past week we have now looked at 12 "identity providers" – Barclays, Cassidian, CitizenSafe/GBG/GB Group, Digidentity, Experian, Ingeus, Mydex, PayPal, the Post Office, the Royal Mail, Safran Morpho/SecureIdentity and Verizon. Only two or three of them work. Which ones do we like? None of them. We don't like models with "identity providers" in them.
The Government Gateway may be a pretty awful system. GOV.UK Verify (RIP) is worse.
----------
Updated 20.10.16 1
Government Computing:
Government Digital Service (GDS) director general Kevin Cunnington has been laying out some of his thinking on the direction’s organisation at a briefing this morning ...
Cunnington outlined that GOV.UK Verify [RIP] remains a key element of GDS’s ambitions ...
Updated 20.10.16 2
Government Computing:
GDS new director general Kevin Cunnington has been giving further information about how he sees the organisation developing under his leadership. The overall GDS strategy is still being worked on, he said, but is expected to be out by Christmas.
He indicated that he plans to create a profession for digital, data and technology and he is also going to get a grip of the GOV.UK Verify [RIP] identity assurance scheme.
“Two things that the [GDS] Advisory Board asked us to concentrate on are sort out Verify and get it to scale and the other is to tackle the really hard data issues” ...
On the future of Verify, he indicated that GDS was beginning to think bigger about it, asking why it was necessary to limit Verify to simply government services. He suggested that banks and gambling organisations could see the benefit of using it.
The thinking behind this, Cunnington suggested, had made GDS actively look at whether it can change the business model for Verify.
He also insisted that DWP had been a strong supporter of Verify ...
RIP IDA – however you cut it, GOV.UK Verify (RIP) is no more. It has ceased to be. It's expired and gone to meet its maker. This is a late identity assurance scheme. It's a stiff. Bereft of life, it rests in peace. If GDS hadn't nailed it to GOV.UK, it would be pushing up the daisies. It's rung down the curtain and joined the choir invisible. This is an ex-identity assurance scheme. RIP.
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default "internet era" world, with no on-line identity you won't exist.We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.
|
| App info for Safran Morpho/SecureIdentity |
We have seen how GOV.UK Verify (RIP) flouts every one of the identity assurance privacy principles. Again, not a good idea.
Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).
Who does that leave?