Tuesday 16 October 2012

GDS – the user experience of misfeasance in public office

Tomorrow's news
17 October 2012 – GOV.UK goes live
22 October 2012 – major announcement on IdA (identity assurance)
26 October 2012 – G-Cloud II
Who knows when? – midata

What does that all add up to?

Whitehall and others wasting your money with impunity – the disgraceful state of public administration in the UK.

You want DMossEsq to draw you a map?

OK:



A map



Transacting with the government
Top left, at the moment, if members of the public including companies want to submit their tax returns to HMRC, for example, they log on via the Government Gateway and do it. That's how we transact with government over the web. It's not a thing of beauty. You have to register separately for each of the various services offered by our public administration and they post us separate user IDs for each one.

Not beautiful, but it seems to be fairly secure. It's hard remembering the user IDs and it's a pain in the neck for the service providers because millions of people ring up every year when they forget their user IDs but perhaps that's the price of security – if you want the security, you have to live with the pain in the neck. There may be no alternative.

It's not that different transacting with the banks on-line. Except that in addition to user IDs you often have to use PINSentry-type machines.

Even with the security of user IDs and passwords and PINSentries, there is a certain level of fraud. The banks in particular and DWP who operate the Government Gateway have done a fantastic job over the years keeping a lid on the level of fraud. Fraud remains a cost of doing business and, so far, a just about bearable cost. If the cost of fraud stops being bearable, on-line business will stop.

That's at the moment.

GOV.UK
Tomorrow we will be told about GOV.UK, the new single government domain. It goes live tomorrow and replaces Directgov and Business Link. Later, GOV.UK is due to replace all central government websites. No more homeoffice.gov.uk, no more education.gov.uk, ..., just GOV.UK.

GOV.UK is the product of the Government Digital Service (GDS) and judging by the 22 posts that have been published on their blog so far this month what we will be told is that the whole project is dedicated to satisfying user needs, it's all being done for us the public, 70+ people working hard for a year, just for us.

That's true. But it's not the whole truth.

GDS aren't just trying to improve the "user experience" as they call it, repeatedly, several times in every one of their 22 posts this month, when we use government websites. They're working towards making all public services digital by default, something not mentioned in a single one of their 22 posts so far this month. They're trying to make it so that we can only transact with government on-line. They're trying to make us Estonian, as ex-Guardian man Mike Bracken among others has being telling us for some time:

Estonia’s technology economy and online service provision- back to the future?

by Mike Bracken on 04/05/2012



... Whilst we met dozens of people at breakneck speed, many of whom we hope to see in the UK soon, over the next week I will be explaining the wider points we have uncovered which reflect directly on our challenge to make public services in the UK digital by default, and how the Estonian experience links to our core principles ...
IdA
Ex-Guardian man Mike Bracken is the Chief Executive of the (UK) Government Digital Service. He is also the senior responsible officer owner for identity assurance (IdA). You can't make public services digital by default if you can't identify the people you're dealing with. GOV.UK needs IdA, please see middle of the map.

Once you've decided that public services should be digital by default you have to try to prove that it works. You need a guinea pig. DWP drew the short straw and digital by default will be tested on Universal Credit (UC).

UC is the coalition government's attempt to spring the poverty trap and make work pay. It could hardly be more important to millions of human beings in the UK. Instead, it has become a sandpit, for adults who haven't outgrown their fascination with technology, to play in.

Asked by the Select Committee on Work and Pensions what are the biggest risks faced by UC Lord Freud, the minister responsible, fingered identity assurance. With no IdA, there can be no UC.

Having wrested control over its own identity assurance from DWP and having thus made himself responsible for it, ex-Guardian man Mike Bracken was due to name the companies he has chosen as the UK's "identity providers" by 30 September 2012.

("Identity providers" may seem an odd locution at first but you've got used to "hate crime", haven't you, and by the same process "identity provider" will soon link to your Estonian core principles.)

He missed the September deadline but the announcement of the winners should finally be made next Monday 22 October 2012.

What to expect?

Facebook, Google, Twitter and the British Constitution
There have been leaks, including a very full one to the Independent newspaper on 4 October 2012, National 'virtual ID card' scheme set for launch (Is there anything that could possibly go wrong?).
If you’d like to know more the Q&A in The Independent gives a pretty good overview (the only thing we’d really quibble with is the headline).
That's what GDS say about the Independent article. It seems fair to assume that they wrote the whole thing apart from the headline.

The article mentions social media sites, mobile phone companies, banks, large retailers, the Post Office, Facebook, Microsoft, Google, PayPal, BT and Experian, the credit referencing agency – please see middle right of the map, nothing new there for DMossEsq readers. We should expect between five and 20 organisations to be appointed as identity providers next Monday, thereby becoming an unlikely part of the British Constitution.

It confirms the link between IdA, GOV.UK and UC and it sets IdA in the context of the US National Strategy for Trusted Identities in Cyberspace (NSTIC) and the Open Identity Exchange (OIX) – who are GDS trying to impress?

The Independent article also claims that IdA will "prevent login fatigue", the suggestion being that as long as you can remember your Facebook or bank login details, then you can "apply for services ranging from tax credits to fishing licences and passports".

Abandoning the Government Gateway in this way may well prevent login fatigue, you won't have to remember your Gateway user IDs and passwords any more, but it reduces security and that threatens the future of on-line business.

The Cabinet Office sandpit may be prepared to take that risk. It is hard to believe that the banks, the mobile phone companies and the major retailers are. They would see their own brands destroyed when IdA goes wrong, even if the problem is caused by Whitehall. That's not a risk worth taking. The chairmen and chief executives of these companies don't normally act against their own best interests. They won't this time. Let's see just how committed the banks, telcos and retailers are, in next Monday's announcements.

Cybercrime
CESG is the information assurance arm of GCHQ. They have issued three reports on RSDOPS – the requirements for the secure delivery of on-line public services, please see top right of the map. Let's see if GDS will show us the documentation certifying that their plans for IdA satisfy the RSDOPS conditions.

On 5 September 2012, GCHQ, the Foreign Office, the Cabinet Office and BIS, the Department for Business Innovation and Skills, got together to tell senior UK businessmen how bad they all are at cybersecurity. Why are GDS in that case entrusting IdA to them?

In the attempt to prove that you are who you say you are before the Department for Education grants you a student loan, or whatever, once we have digital by default IdA will be looking to the identity providers to confirm a selection of your "name, date of birth, address, gender, passport and driving licence numbers, financial history, electoral roll status and telephone numbers" and other such personal data. As the Independent (almost) say, what could possibly go wrong?

Losing control of the personal data in IdA is one possible mishap. Millions of us Britestonians could wake up one morning to find all our personal data for sale on a Russian website, ready to be used to clear out our bank accounts.

Losing access to public services, following an Estonian-style distributed denial of service attack, is another.

Anonymity and book-keeping
When the Department for Education checks to see that you are who you say you are and gets confirmation from the Third National Bank of Tallinn that you are, the process goes through a so-called "hub". The Cabinet Office claim that the "hub" has no memory. No details of the identity assurance transaction are recorded.

That's good, from the point of view of privacy.

But bad from the point of view of audit trail. Surely there has to be an audit trail supporting the grant of a student loan? That's just proper book-keeping and it would be remiss of Whitehall to break proper procedures.

Even if they are breaking procedures, though, there's always the Home Office and their Communications Data Bill, please see bottom right of the map. If the Bill is enacted, all web browsing will be recorded on GCHQ black boxes installed at ISPs (Internet Service Providers). So much for anonymity.

Dematerialised ID
Which brings us to the bottom middle of the map, BIS, and their midata initiative.

There is no announcement date for midata. The Cabinet Office and BIS are keeping quiet about it and hoping that they will thereby get their legislative powers rubber-stamped in the Enterprise and Regulatory Reform Bill currently going through Parliament.

midata would require us all to have one or more Personal Data Stores (PDSs) if the Bill is enacted as drafted. These PDSs would record all our personal data such as the names and addresses mentioned above plus all our transaction data and they – the PDSs – would be in continuous contact with all our suppliers including government departments keeping each one up to date with any change in our circumstances.

The Independent were clearly briefed to emphasise that the government has abandoned its plans to introduce material, plastic ID cards. No doubt that's true. No government department wants to suffer the fate of the Identity & Passport Service which seems to have had a corporate nervous breakdown when the last ID cards scheme failed.

But a PDS is an ID card. It's a dematerialised, dynamic, distributed ID card, but an ID card for all that. The government hasn't abandoned its plans. It's planning for something much more powerful. Something that really could provide identity assurance on-line. PDSs.

It will be worth pressing GDS next Monday on the subject of midata and its attendant PDSs. They can't pretend that it's nothing to do with them. William Heath is on the BIS strategy board for midata and he is the chairman of Mydex, a company which hopes one day to manage PDSs for us all, and he was demonstrating Mydex's wares at the 31 October 2011 identity assurance event where Francis Maude announced his £10 million investment in Mydex and others. And according to him:
We [Mydex] support midata. It will empower individuals and at last give real teeth to the good intentions behind the Data Protection Act subject access request. It goes hand in hand with the new UK and US approaches to ID assurance, which we also support. We think midata needs to apply also to other UK public services including health, education and job-seeking.
The unwebbed
You'd think that would be enough problems for GOV.UK. It's not clear how involving the Post Office, the banks, etc ... will help to provide identity assurance on-line. All that is clear is that GDS want to abandon the Government Gateway and lose the tried and tested security that it's provided for 10 years and more. What GDS really need is PDSs but it's unimaginable that the British people will let them have their way. Meanwhile, the Home Office's Communications Data Bill threatens the anonymity that the Cabinet Office are offering and we have yet to see if IdA has been certified by CESG.

But that's not all.

There are more problems.

Take a look at the map again. Middle left. The Public.

Between eight and ten million adult Britestonians have never used the web. What's the point of trying to make all public services digital by default if the people most likely to need public services can't access them?

And large parts of the country don't have reliable, cheap, fast broadband.

What's GDS doing about these problems?

Answer, they've started a project. It's got a name – "assisted digital". There's an assisted digital blog. It's had all of four posts on it since 28 July 2011. And that's it. We've still got eight to ten million people who can't use GOV.UK and IdA.

Far from offering savings, which is one of the benefits promised for all this playing in the sandpit, we'll end up paying for both the new on-line delivery method for public services and the old one, involving people, in offices, with telephones, and letters, and face-to-face interviews. The question isn't how much we'll save, it's how much more it will all cost.

Cloud computing – the Pied Pipers of Hamelin
And then from out of a blue sky comes another problem.

The IT industry is currently suffering one of its recurrent bouts of tulipmania and talking rubbish about the merits of cloud computing.

Don't take DMossEsq's word for it. Take the OECD's word for it and ENISA's. If you prefer your gurus to be bearded, try Richard Stallman. Otherwise, listen to Larry Ellison, the billionaire President of Oracle, talking about cloud computing:
Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?
Some 12 year-old management consultant had the bright idea of comparing IT to the utilities. Wouldn't it be good if you only paid for the IT you use. Turn on the tap and you pay, turn it off again and you don't. That way IT would be cheaper.

He or she might like to take a look at this week's newspapers, full of stories about how it's impossible to keep utility bills down, particularly energy prices.

But 12 year-olds probably don't read that bit of the newspaper.

The suppliers are talking up the merits of cloud computing and if you work in IT you can hardly hold your head up with dignity if you aren't solving all your problems by moving your applications to the cloud.

You'd better hope that your lawyers aren't following this fashion. Cloud computing amounts to losing control of your data by handing it over to other organisations like Amazon who put it on their servers which may be anywhere in the world, beyond the jurisdiction of the English courts, and under the control of staff about whose suitability you know nothing. Lawyers are meant to keep your data safe and confidential.

So is Whitehall but they've jumped on the bandwagon anyway and they just can't get enough of cloud computing. Cloud computing will make public services reliable, trusted, efficient, green, you name it, they'll believe it.

Somehow, see bottom left of the map, HMRC have agreed to put all their local office data – i.e. all our data – in the cloud. This should be impossible but when tulipmania strikes a tulip bulb really is worth ten years' salary.

HMRC's dangerous, imprudent, ill-advised, unprofessional, wrong-headed, unbusinesslike, undignified and irresponsible decision is important, but it isn't the subject of this post.

What is the subject of this post is this – not only will the public be logging on to the cloud to deal with HMRC, we will have to do the same to use GOV.UK. GOV.UK will be hosted in the cloud. To put it another way, Whitehall will have no control over the data in GOV.UK because "cloud computing" is a synonym for "no control".

There are big companies supplying cloud computing services. Notably Amazon, Apple, Microsoft and Google.

They're not very keen on paying tax in the UK. But they're big.

They're all American and so, by virtue of the USA PATRIOT Act, any data in their possession can be subpoenaed by the FBI, which may not be what you had in mind when you applied for a fishing licence. But they're big.

And being big becomes a virtue when you see who GDS and HMRC have contracted with to provide cloud computing services – a company called Skyscape Cloud Services Ltd, please see map bottom left-ish.

Skyscape Cloud Services Ltd
Skyscape is too young a start-up to have submitted any accounts to Companies House yet. But according to its annual return, it has no company secretary and just one director, a Mr Jeremy Robin Sanders. Mr Sanders is also the holder of all £1,000-worth of paid-up share capital.

HMRC and GDS have entrusted our data to the care of one man. Even in a tulipmania hospital HMRC and GDS would have to be segregated.

There's more.

When they're looking after crucial national data, the location of data centres should be kept secret for obvious security reasons. It looks as though Skyscape have inadvertently managed to announce where our data will be stored and thus where it could be attacked.

The user experience
There's a lot hanging on tomorrow's and next week's announcements.

And it's not about 70+ charming people working in the offices of GDS tirelessly in the interests of the public's needs. (They've published two more posts on their blog, by the way, since DMossEsq started this post.)

It's about GDS ignoring the fact that up to 10 million of their parishioners won't be able to experience GOV.UK at all.

It's about inviting the likes of Facebook and Google into the British Constitution.

It's about an infantile faith in technology.

It's about GDS proceeding on the unproven assumption that you can deliver on-line identity assurance for large populations. Large populations like 60 million+ Britestonians. It's not businesslike and it's not responsible to proceed on the basis of hope alone, to spend public money without first providing evidence.

And it's about holding up Universal Credit, ignoring the predicament of real people, while playing in the sand.

We're looking here at Constitutional lunacy and misfeasance in public office at the heart of Whitehall.

1 comment:

Teyen Widdicombe said...

One assumes that the idea is a step further in the direction of depriving us of the right to speak to a human being who might make a rational decision about anything- the people who work for the bank and have the power to write off your charges and the people who work for Social Security who have the power to allow or disallow your claims have already vanished behind walls devoid of a phone number and set up call centre fronts whose job it is to tell you there's nothing they can do and divert you back out on to the street feeling slightly confused and as if your question hasn't actually be answered whilst the bank/government are sitting on monies they have stolen/deprived you of unfairly. Until of course you die as a result of the neglect or commit suicide owing to destitution, in which case you are no longer their problem and they can just un-tick the box and erase your details..

Post a Comment