Monday, 30 September 2013

GDS – next month is Identity Assurance Month

Here we are at the end of September.

Next month is Identity Assurance Month.

How often have you said that before?

Cast your mind back to 1 February 2012, Computer Weekly magazine, What the beta of Gov.uk means for public services:
GDS [the Government Digital Service] has a remit to fundamentally change public services to a "digital by default" model and Gov.uk is the first phase of delivering that goal ...

The big cost savings associated with Gov.uk will come through more citizens transacting with government online ...

Another key aspect of transactions is the work on identity assurance (IDA), which is intended to create a marketplace of private sector providers which citizens can choose to identify themselves online.

[Ex-Guardian man Mike] Bracken is now the senior responsible owner for IDA. “It’s something that I put my hand up for because it’s so important. Unless we have better and wider used security protocols, it will be hard to identify users, allow transactions and link up services ...”
That's when you discovered who's in charge. "It’s something that I put my hand up for". Ex-Guardian man Mike Bracken. The executive director of the Government Digital Service (GDS). It's his job to equip you with a selection of electronic IDs "because it's so important" – no electronic IDs, no digital-by-default.

When is he supposed to deliver?

How often have you asked that before?

Cast your mind back to 13 September 2011, Computer Weekly magazine, Identity assurance - how it will affect public services and your personal data:
Identity assurance (IDA) will play a central role for the government in delivering digital public services - seen as an important way to cut the cost of the public sector. IDA is the process citizens will need to go through to verify who they are to access public services online. Part of the government's remit under the IDA project is to create a market of private sector identity assurance services to enable access ...

The government is also eager to put as much distance as possible between IDA and the failed identity card system under Labour, as some critics have accused it of resurrecting that unpopular programme under a different name ...

The first service to be delivered using identity assurance will be the Department for Work and Pensions' Universal Credits scheme; HM Revenue & Customs' One Click and Real-Time Information; NHS HealthSpace; and the Skills Funding Agency Customer Identification project ...

A prototype for IDA will be completed by the end of the year [2011]. The first services will be developed and tested by February 2012, with IDA due to be rolled out for initial public services by autumn 2012.
"The first services will be developed and tested by February 2012, with IDA due to be rolled out for initial public services by autumn 2012" – if you were expecting electronic IDs/identity assurance (IDA) to be available by, say, October 2012, then – just to answer the first question above – this must be the twelfth time you've said "next month is Identity Assurance Month".

Despite all the protestations of being "agile", GDS are a year late with IDA.

They'd better deliver this time.

It's one thing to derail Universal Credit, which relied on IDA being "fully operational" by spring 2013 (para.12). You can do that to DWP, the Department for Work and Pensions, the biggest spender in UK government. Who cares?

But you can't do it to HMRC. And that's who's relying on IDA being ready next month. HMRC is the government's tax farmer. They raise over £500 billion a year. Threaten that revenue, and your future starts to look sticky.

What are HMRC relying on?

IDA "is intended to create a marketplace of private sector providers which citizens can choose to identify themselves online" or "a market of private sector identity assurance services to enable access [on-line public services]".

You know the sort of thing.

Sainsbury's or Tesco. Lidl or Waitrose. Morrison or the Co-op. Asda or M&S. You can go to any supermarket chain and be pretty confident of getting decent quality food at a competitive price. The choice is yours. And your choice isn't limited to just the big stores – even today, there are thousands of little grocers where you can shop. There's a real market there.

That's what IDA is meant to offer, too.

But it doesn't.

GDS have appointed eight prospective suppliers of electronic IDs in their IDA pseudo-market, three have pulled out for some unknown reason and five of them are going to take part – the Post Office, Experian, Digidentity, Mydex and Verizon.

The Post Office isn't a "private sector provider". You know that. The government are currently trying to privatise it but for the moment it's a company with just one shareholder, Vince Cable. Nothing like Tesco.

And the Post Office is nothing like Digidentity which, in turn, is nothing like Mydex. Asda and the Co-op et al are all comparable. They can all do the same job, independently. Unlike GDS's so-called "identity providers" – they need each other, they can only operate IDA in partnership.

Digidentity is Dutch and Verizon is American. What do they know about UK identity?

Experian's got all the data already, it already does identity assurance, but what data does Mydex have?

Mydex promises that if you store all your personal data in one of their PDSs (personal data stores) then you'll be able to control who sees it and the uses to which it is put. No doubt Verizon make the same promise but when the US National Security Agency demanded to see Verizon's client data they had no option but to let them.

 How can Mydex promise you control? They can't. It's not theirs to give.

Next month is Identity Assurance Month?

----------

Updated 27.6.14

"IDA due to be rolled out for initial public services by autumn 2012" – that's what we were told in September 2011. IDA is already over 18 months late.

It's just like the old days, when big IT suppliers came in years late and hundreds of millions of pounds over budget. But it's all meant to be different with GDS. Agile.

It's beginning to matter. In the interests of individual electoral registration (IER), we now have what is generally acknowledged to be a second rate on-line application system – electoral registration officers have little or no assurance that the person applying to register to vote is who they say they are.

We know what DVLA think about GDS's failure: "this authentication process ... does not provide us with the level of confidence the user is who they say they are in order to ... allow them to link to a transactional service". What do the Electoral Commission think?

The Electoral Commission don't pull their punches. What are they going to say about second rate identity assurance when they start their IER publicity campaign next month?

GDS have five so-called "identity providers" lined up to provide us all with on-line personal data stores.

Only one of them is certified trustworthy by tScheme. And that's Experian. Who are waiting to hear what the judge in a US identity fraud case has to say about them selling personal data to fraudsters.

(Not that GDS are interested in security. It's all usability with them.)

The other four "identity providers" are not certified trustworthy and the German government has just cancelled their contract with one of them, Verizon, for handing over personal data to the US authorities.

Verizon can hardly be deemed good enough for the UK but not for Germany. So now we're down to only three "identity providers", who are meant to constitute an "ecosystem", or private sector market.

But it's a funny market – any IDA payments made to them will come exclusively from the government.

Any other major Whitehall project would be monitored and reported on by the Major Projects Authority. But IDA isn't. Why not?

GDS – next month is Identity Assurance Month

Here we are at the end of September.

Next month is Identity Assurance Month.

How often have you said that before?

The answer to Mr Miliband's prayer

Why freeze energy prices? Why not halve them?

Gas and electricity prices rising fast? More and more people having to choose between keeping warm and eating?

Freeze 'em! (The prices, that is, not the people.)

That's the solution recommended by Ed Miliband, the leader of her Majesty's loyal opposition here in the UK.

Everyone knows that this solution won't work. Not if that's all there is to it. You just need to look at what's happening in Venezuela today to see that.

But that isn't all there is to it. Mr Miliband's recommendation in full is to freeze energy prices for 20 months, during which he would do something, if he was in government, to solve the fuel poverty problem sustainably. He's not relying exclusively on a price freeze.

What is that something? What is his sustainable solution?

He hasn't told us.

Look again at the problem. There are at least three elements:
  • Energy consumers have no autonomy when it comes to prices. We are in no position to negotiate with the suppliers. If that's the price they set, that's the price we pay. Either that, or we freeze.
  • Prices are rising fast despite the existence of the Department for Energy and Climate Change, the Department for Business Innovation and Skills and OFGEM.
  • The economy is suffering at the moment from high energy prices. If prices are frozen, the economy will  still suffer, Venezuela-style. Either way, the economy suffers.
What options are available to Mr Miliband? What values of something are available?

The energy sector is currently privatised. Competition doesn't seem to be keeping prices down. Not even with regulation. Mr Miliband could instigate an antitrust investigation by the Competition and Markets Authority or maybe by the EU. That's one option. Or the sector could be re-nationalised. That's another. And there are intermediate states in addition, the energy sector could be part-nationalised and part-privatised.

20 months might just be long enough to complete the investigation or to complete the partial or complete re-nationalisation.

Would any of these options work?

It would be a political decision. Ministers would be advised by officials but it would be their decision – the ministers'. They would face a number of awkward questions:
  • Why wait until 2015 to start tackling the problem?
  • Why have the price freeze at all? That is, why not go straight for the proposed solution, the something?
  • Why freeze prices? Why not halve them?
  • If the proposed solution involves re-nationalisation, what happens to the national debt? We are led to believe that the national debt will stand at £1.5 trillion by the time of the next election. Nationalisation of the energy sector can only increase it. At some point, people are going to stop lending to us at today's low rates. Higher interest payments, allied to quantitative easing, are going to send inflation through the roof and the exchange rate through the floor.
  • And what happens to the budget deficit? The present government is trying to reduce it by 1% p.a. at the moment. That microscopic reduction will be reversed if the state takes the energy sector onto its books.
  • Trickiest of all, politically, Mr Miliband happens to be the Energy Secretary who, in the last government, saddled us all with levies to pay for alternative energy and with carbon taxes. Why would anyone believe that he now knows how to reduce the bills that he increased?
The option that ministers choose would have to have economic support. Government economists would provide some supporting arguments and the think tanks would provide a few more.

That risks being unconvincing. After all, there were economic arguments in favour of nationalisation after the war and there were economic arguments in favour of privatisation during the 1980s – ask enough economists, and you'll always find one in the end who will provide the supporting arguments you need for whatever bee there is in your bonnet.

Sometimes that will be a very senior economist indeed, with a global reputation. Sir-Gus-now-Lord O'Donnell, for example:
In 2002, he co-edited a book with Ed Balls, congratulating Gordon Brown on eliminating boom and bust, Reforming Britain's Economic and Financial Policy: Towards Greater Economic Stability. A year later saw another book edited by the two of them and Joe Grice, again congratulating Gordon Brown, this time for Microeconomic Reform in Britain: Delivering Opportunities for All.
As we now know, Sir Gus was spectacularly wrong. Following the 2008 bust Sir Gus claimed to have abolished everyone has become their own economist. Instant economists are a dime a dozen.

And some of these instant economists talk a good enough game to catch the eye of government.

midata, for example, will empower consumers, or so we are told. midata, we are told, will cause the economy to grow and will succeed where the regulators have failed. So will open data/PSI (public sector information), which will boost the EU economy by €140 billion – according to economists – please see Economics made simple 13 July 2013.

midata and PSI between them address the three elements of the energy problem identified above. The perfect solution. Just what Mr Miliband is looking for. And yet we haven't heard much from the midata/ODI (Open Data Institute) pundits recently:
  • Have they lost their confidence?
  • Are they keeping their heads down, in the face of a real problem?
  • Their bluff is being called, do they have nothing to say?
  • Don't they believe their own publicity?
  • Or are they all too busy advising Mr Miliband? Perhaps they don't have time these days to publish any more of their entertaining economics essays.
  • How long before we are told that midata and PSI will make energy affordable?
  • And if they can't make energy affordable, then just what problems are midata and PSI capable of solving?

The answer to Mr Miliband's prayer

Why freeze energy prices? Why not halve them?

Gas and electricity prices rising fast? More and more people having to choose between keeping warm and eating?

Freeze 'em! (The prices, that is, not the people.)

That's the solution recommended by Ed Miliband, the leader of her Majesty's loyal opposition here in the UK.

Everyone knows that this solution won't work. Not if that's all there is to it. You just need to look at what's happening in Venezuela today to see that.

But that isn't all there is to it. Mr Miliband's recommendation in full is to freeze energy prices for 20 months, during which he would do something, if he was in government, to solve the fuel poverty problem sustainably. He's not relying exclusively on a price freeze.

What is that something? What is his sustainable solution?

He hasn't told us.

Look again at the problem. There are at least three elements:
  • Energy consumers have no autonomy when it comes to prices. We are in no position to negotiate with the suppliers. If that's the price they set, that's the price we pay. Either that, or we freeze.
  • Prices are rising fast despite the existence of the Department for Energy and Climate Change, the Department for Business Innovation and Skills and OFGEM.
  • The economy is suffering at the moment from high energy prices. If prices are frozen, the economy will  still suffer, Venezuela-style. Either way, the economy suffers.
What options are available to Mr Miliband? What values of something are available?

The energy sector is currently privatised. Competition doesn't seem to be keeping prices down. Not even with regulation. Mr Miliband could instigate an antitrust investigation by the Competition and Markets Authority or maybe by the EU. That's one option. Or the sector could be re-nationalised. That's another. And there are intermediate states in addition, the energy sector could be part-nationalised and part-privatised.

20 months might just be long enough to complete the investigation or to complete the partial or complete re-nationalisation.

Would any of these options work?

It would be a political decision. Ministers would be advised by officials but it would be their decision – the ministers'. They would face a number of awkward questions:
  • Why wait until 2015 to start tackling the problem?
  • Why have the price freeze at all? That is, why not go straight for the proposed solution, the something?
  • Why freeze prices? Why not halve them?
  • If the proposed solution involves re-nationalisation, what happens to the national debt? We are led to believe that the national debt will stand at £1.5 trillion by the time of the next election. Nationalisation of the energy sector can only increase it. At some point, people are going to stop lending to us at today's low rates. Higher interest payments, allied to quantitative easing, are going to send inflation through the roof and the exchange rate through the floor.
  • And what happens to the budget deficit? The present government is trying to reduce it by 1% p.a. at the moment. That microscopic reduction will be reversed if the state takes the energy sector onto its books.
  • Trickiest of all, politically, Mr Miliband happens to be the Energy Secretary who, in the last government, saddled us all with levies to pay for alternative energy and with carbon taxes. Why would anyone believe that he now knows how to reduce the bills that he increased?
The option that ministers choose would have to have economic support. Government economists would provide some supporting arguments and the think tanks would provide a few more.

That risks being unconvincing. After all, there were economic arguments in favour of nationalisation after the war and there were economic arguments in favour of privatisation during the 1980s – ask enough economists, and you'll always find one in the end who will provide the supporting arguments you need for whatever bee there is in your bonnet.

Sometimes that will be a very senior economist indeed, with a global reputation. Sir-Gus-now-Lord O'Donnell, for example:
In 2002, he co-edited a book with Ed Balls, congratulating Gordon Brown on eliminating boom and bust, Reforming Britain's Economic and Financial Policy: Towards Greater Economic Stability. A year later saw another book edited by the two of them and Joe Grice, again congratulating Gordon Brown, this time for Microeconomic Reform in Britain: Delivering Opportunities for All.
As we now know, Sir Gus was spectacularly wrong. Following the 2008 bust Sir Gus claimed to have abolished everyone has become their own economist. Instant economists are a dime a dozen.

Thursday, 26 September 2013

G-Cloud and lavatory paper

There are lots of utilities but let's concentrate to start with on gas and electricity.

The gas and electricity markets in the UK are in turmoil. British Gas has just announced an 8% price increase, against a background where the rate of energy poverty has already been rising steeply for years. The regulators don't seem to be able to do anything, and neither does the Prime Minister.

The problem is exacerbated by subsidies given to the alternative energy sector in the name of global warming. These subsidies are paid for in part by levies added to our gas and electricity bills.

Meanwhile, we could be taking advantage of the bucketsful of shale oil we're apparently sitting on, the way they have done in the US, to reduce energy prices, but the roundheads refuse to countenance that, in their Puritan way, and spread malicious rumours of methane coming out of our taps if we start fracking. Also, earthquakes.

Everyone knows that we ought to be developing nuclear capacity but no-one has the courage.

The effect is to drive energy-intensive industry abroad, where prices are lower.

It's all a bit of a mess and now the leader of the opposition has proposed that, if we vote him into power at the 2015 general election, he will freeze energy prices.

Job done. Genius. Why didn't anyone else think of that?

Unless you were born yesterday, you might remember that we did. And last time we had a prices and incomes policy in the UK, in the 1970s, it all went horribly wrong and we had to rediscover the hard way that utility prices should be set by markets. Do we have to go through that again?

If you want a reminder of the good old days, take a look at Venezuela today, where the army has had to be called in to guarantee supplies of lavatory paper, Troops move in as shortages prompt new roll for Venezuela:
Critics of President Nicolas Maduro say the nagging shortages of products ranging from bathroom tissue to milk are a sign his socialist government’s rigid price and currency controls are failing. They have also used the situation to poke fun at his administration on social media networks.

A national agency called Sundecop, which enforces price controls, said in a statement it would occupy one of the factories belonging to paper producer Manpa for 15 days, adding that National Guard troops would “safeguard” the facility.

“The action in the producer of toilet paper, sanitary napkins and disposable diapers responds to the state’s obligation to ensure a steady supply of basic goods for the people,” Sundecop said, adding it had observed“the violation of the right” to access such products.
All of which is way outside the remit of this blog.

Or at least it would be if it wasn't for the exceptionally inept decision of Whitehall to market cloud computing as a utility. It's not just gas and electricity. Computing also is a utility, according to the G-Cloud people.

"Cloud Computing offers utility services that are cheaper, better and faster to provision", as they tell us, and "Cloud computing is: ICT services, or ICT enabled business services supplied on a utility basis" – please see Cloud computing turns IT into a utility, and that's a good thing?, 19 October 2012.

Cloud computing is supposed by Whitehall to be attractive because it turns computing into a utility. Really? To make a rare descent into the demotic, yeah right!

Anyone who wants the price of their computing set by "the gentleman in Whitehall", roll up, roll up, step this way, cloud computing is for you:
Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves.

Douglas Jay, 1937, The Socialist Case
Soon G-Cloud could bring all the virtues of the gas and electricity markets to a computer near you. Overseen by the army, until all the suppliers disappear overseas, and delivered along with your lavatory paper.

G-Cloud and lavatory paper

There are lots of utilities but let's concentrate to start with on gas and electricity.

The gas and electricity markets in the UK are in turmoil. British Gas has just announced an 8% price increase, against a background where the rate of energy poverty has already been rising steeply for years. The regulators don't seem to be able to do anything, and neither does the Prime Minister.

The problem is exacerbated by subsidies given to the alternative energy sector in the name of global warming. These subsidies are paid for in part by levies added to our gas and electricity bills.

Meanwhile, we could be taking advantage of the bucketsful of shale oil we're apparently sitting on, the way they have done in the US, to reduce energy prices, but the roundheads refuse to countenance that, in their Puritan way, and spread malicious rumours of methane coming out of our taps if we start fracking. Also, earthquakes.

Everyone knows that we ought to be developing nuclear capacity but no-one has the courage.

The effect is to drive energy-intensive industry abroad, where prices are lower.

It's all a bit of a mess and now the leader of the opposition has proposed that, if we vote him into power at the 2015 general election, he will freeze energy prices.

Job done. Genius. Why didn't anyone else think of that?

Unless you were born yesterday, you might remember that we did. And last time we had a prices and incomes policy in the UK, in the 1970s, it all went horribly wrong and we had to rediscover the hard way that utility prices should be set by markets. Do we have to go through that again?

If you want a reminder of the good old days, take a look at Venezuela today, where the army has had to be called in to guarantee supplies of lavatory paper, Troops move in as shortages prompt new roll for Venezuela:
Critics of President Nicolas Maduro say the nagging shortages of products ranging from bathroom tissue to milk are a sign his socialist government’s rigid price and currency controls are failing. They have also used the situation to poke fun at his administration on social media networks.

A national agency called Sundecop, which enforces price controls, said in a statement it would occupy one of the factories belonging to paper producer Manpa for 15 days, adding that National Guard troops would “safeguard” the facility.

“The action in the producer of toilet paper, sanitary napkins and disposable diapers responds to the state’s obligation to ensure a steady supply of basic goods for the people,” Sundecop said, adding it had observed“the violation of the right” to access such products.
All of which is way outside the remit of this blog.

Wednesday, 25 September 2013

G-Cloud pan-government accreditation

What is pan-government accreditation?

The UK government proposes to make public services more efficient by using cloud computing. The G-Cloud project – government cloud – operates the CloudStore, an on-line shop for cloud computing services. Central government departments and local government, too, can buy whatever they need from the CloudStore quickly and cheaply.

Quickly, cheaply and with confidence, because these cloud computing services have all been accredited.

And some of them have pan-government accreditation. 72 of them, to be precise:
Any services procured which have not achieved pan government accreditation are purchased at the risk to [sic] the consumer. The Pan Government Accreditation service (PGA), Public Sector Accreditation Board (PSAB) and the G-Cloud SIRO shall not be accountable for any such decision. The preference of the G-Cloud programme is that BIL 11x/22x and 33x should have pan government security accreditation before they are bought from the Cloud Store.
Nine of the pan-government accredited services are provided by Lockheed Martin, 18 of them by Microsoft and two by QinetiQ. These are big companies that everyone has heard of, just the sort of suppliers you would expect to be worthy of this valuable accolade, pan-government accreditation.

There are smaller companies, too, including our old friend Skyscape (now UKCloud Ltd, added 11.9.17), the captive cloud company, which offers 14 pan-government accredited services. Quite extraordinary, when you remember that Skyscape didn't even exist until 3 May 2011.

And then there's MDS Technologies, with two services on offer.

Who are MDS?

Take a look at their team. It includes one Gordon Liddle, who "joined MDS in 2003 and has responsibility from the point a customer has signed a contract. His role is to ensure that all implementations and ongoing services delight our customers and business continuity is a reality". Except that that's not his rôle. He doesn't work at MDS any more. He's a marine research & conservation volunteer now, at the Tropical Research and Conservation Centre, Borneo.

Bit odd.

Time to get onto Companies House and take a look at MDS.

It turns out to be a £104 company. Tiny. Like Skyscape, with its £1,000 of share capital.

It's a bit odd banging on about share capital but Skyscape and MDS are unquoted companies. QinetiQ has a market capitalisation of $2.0 billion, Lockheed Martin $41.1 billion and Microsoft $274.5 billion. We know what the markets think of them. All we know about Skyscape and MDS is that their investors were prepared to risk £1,000 and £104, respectively.

That seems to have been enough for the Government Procurement Service, or whoever conducts accreditation for G-Cloud. Pan-government accreditation has been given to a company with 10,400 1p shares.

MDS's annual return was received at Companies House on 11 September 2012 and shows that its five directors hold 9,678 shares between them.

MDS's accounts had been received at Companies House one month earlier, on 9 August 2012. The accounts are unaudited. Pan-government accreditation has been given to a company without the benefit even of audited accounts.

(Trainspotters will remember that Skyscape was accredited when it was so young that it hadn't submitted any accounts at all to Companies House. None. How did they do it?)

Unquoted and unaudited, nothing much happened for a few months at MDS according to Companies House except that by 12 March 2013 the appointment of four of the five directors had been terminated.

Bit worrying. Losing 80% of the Board. Or maybe not, given that six months later MDS retains its pan-government accreditation. Presumably the G-Cloud people believe that those four directors weren't doing anything and their loss makes no difference.

"Any services procured which have not achieved pan government accreditation are purchased at the risk to [sic] the consumer", it says on the G-Cloud website. That's true. In the cloud. But here on terror firmer, the same applies to services procured which do have pan-government accreditation – they, too, are procured "at the risk to [sic] the consumer".

Four out of five directors gone, leaving just one.

Guess who.

Phil Dawson.

You don't remember Phil Dawson, but we have met him before. Not only is he the managing director of MDS. He is also the CEO of Skyscape. Not that that coincidence is mentioned in the self-congratulatory press release issued on 24 May 2013, 'MDS congratulate partner, Skyscape for winning public cloud project of the year award'.

It's the least MDS could do. They're a helpful partner, Skyscape. On 9 April 2013 Companies House registered a charge against MDS's assets in respect of a £250,000 loan. From Skyscape.

And on 22 April 2013, Companies House registered that MDS had adopted new articles of association.

By this stage, MDS is a brand new company. But it still retains its old pan-government accreditation.

There are two other charges against MDS's assets, both registered at Companies House on 22 January 2013, £125,000 each, in respect of the deposits held by MDS's landlords, Ark (A9) Ltd and Ark (SQ17) Ltd.

Ark.

Ring a bell?

It should. Skyscape's landlord is ARK Continuity Ltd, the company with Jeffrey Paul Thomas as a director, the man who used to own a share in Skyscape but gave it up, leaving Jeremy Robin Sanders as the sole shareholder, the company (ARK) with Baroness Elizabeth Lydia Manningham-Buller as a director, the lady who used to be the Director General of MI5.

Skyscape is now controlled by Virtual Infrastructure Group Ltd, not Jeremy Robin Sanders.

And Virtual Infrastructure Group Ltd?

The company has four directors. Including Jeremy Robin Sanders. And Philip Michael Dawson.

And that – just to go back to the original question – is pan-government accreditation, Whitehall-style.

----------

Updated 10.9.17

Last week Her Majesty's Revenue & Customs issued a press release, Jacky Wright appointed as New Chief Digital and Information Officer: "HMRC has appointed Jacky Wright as their new Chief Digital and Information Officer (CDIO) to take forward its ambitious digital transformation agenda".

Not many people could do this job. With 28 years in the industry, 8½ of them in senior positions with General Electric, three years with British Petroleum and six years with Microsoft, HMRC think Jacky Wright can do it. You never know. They might be right.

Microsoft is a major supplier to the UK government in general and to HMRC in particular. Lots of IT fashionistas hate Microsoft in a way that for some reason they don't hate Apple or Google or Amazon or Facebook or ... No accounting for taste, it's just a fact. Ms Wright won't be leaving Microsoft to take up her position at HMRC, she'll be on extended leave from the company.

Follow that recipe and you cook up a maelstrom of bad publicity for Ms Wright's appointment. She won't be able to do the job, the critics say, her loyalty to Microsoft will conflict with her duty to HMRC, she won't be able to be objective and independent.

She can't come from nowhere. She's got to come from somewhere. It just happens to be Microsoft and BP and GE. Wherever the holder of this job comes from, there will be conflicts.

If you live under a stone, like DMossEsq, you might be able to avoid these conflicts of interest. But no-one's going to appoint DMossEsq to CDIO of HMRC or of anywhere else. Anyone who can do the job is going to have conflicts. HMRC must recognise the problem and believe that Ms Wright is still the best person for the job.

Bryan Glick, the esteemed editor of Computer Weekly magazine, said yesterday that: "HM Revenue & Customs’ (HMRC) new chief digital and information officer (CDIO), Jacky Wright, appears  to be an excellent appointment".

Is he right?

You be the judge.

Tariq Rashid (who?) is quoted by Mr Glick as saying that the appointment of Ms Wright "stinks of corruption".

And Phil Dawson (who?) claims to be speechless but is nevertheless quoted as asking: "In what alternate universe is this good governance?".

Actually you know who Phil Dawson is. He's the Skyscape-now-UKCloud man featured in the blog post above.

Nicky Stewart is a member of Mr Dawson's universe. "I have over 20 years of experience in the civil service, all in IT facing roles", Ms Stewart says. "[At one stage I acquired] a thorough grounding in strategic sourcing, and the issues associated with large PFI [public finance initiative] deals. I then moved to Cabinet Office, eventually leading the commercial work strand of the G-Cloud programme".

That's quite useful public sector expertise for Skyscape/UKCloud, who hired her as their commercial director. It may or may not explain how Skyscape won central government contracts from HMRC among others when the company was so young that it still hadn't submitted its first set of accounts to Companies House and it still had only one shareholder.

That was then, back in 2011. And now? "I also spend quite a lot of time in London, at meetings and events, in order to try and influence government policy that could impact UKCloud and its market". Dreadful in one stinkingly corrupt universe, laudable in another.

Choose your universe.

We have yet to hear from the identity politics universe. Ms Wright is a woman, you know. And black. And American. And last year she contributed $2,700 to the Hillary Victory Fund. And she's a trustee of Prostate Cancer UK (click on the link and it says "The page you requested was removed"?) – when are we going to learn what the prostate cancer universe thinks about her appointment to HMRC?

Explore all the universes you like, but you still have to decide if Ms Wright is Ms Right for HMRC and, if not, who is.

G-Cloud pan-government accreditation

What is pan-government accreditation?

The UK government proposes to make public services more efficient by using cloud computing. The G-Cloud project – government cloud – operates the CloudStore, an on-line shop for cloud computing services. Central government departments and local government, too, can buy whatever they need from the CloudStore quickly and cheaply.

Quickly, cheaply and with confidence, because these cloud computing services have all been accredited.

And some of them have pan-government accreditation. 72 of them, to be precise:
Any services procured which have not achieved pan government accreditation are purchased at the risk to [sic] the consumer. The Pan Government Accreditation service (PGA), Public Sector Accreditation Board (PSAB) and the G-Cloud SIRO shall not be accountable for any such decision. The preference of the G-Cloud programme is that BIL 11x/22x and 33x should have pan government security accreditation before they are bought from the Cloud Store.
Nine of the pan-government accredited services are provided by Lockheed Martin, 18 of them by Microsoft and two by QinetiQ. These are big companies that everyone has heard of, just the sort of suppliers you would expect to be worthy of this valuable accolade, pan-government accreditation.

There are smaller companies, too, including our old friend Skyscape (now UKCloud Ltd, added 11.9.17), the captive cloud company, which offers 14 pan-government accredited services. Quite extraordinary, when you remember that Skyscape didn't even exist until 3 May 2011.

And then there's MDS Technologies, with two services on offer.

Who are MDS?

G-Cloud buries its head in the sand

Mark Zuckerberg founded Facebook and became the youngest self-made billionaire on the planet. He's still young, he's still rich and he's not pleased:
Zuckerberg recently criticised the Obama administration's surveillance apparatus. "Frankly I think the government blew it," he told TechCrunch Disrupt conference in San Francisco.

The Facebook founder was particularly damning of government claims that they were only spying on "foreigners".

"Oh, wonderful: that's really helpful to companies trying to serve people around the world, and that's really going to inspire confidence in American internet companies," said Zuckerberg.
Never mind privacy and security, the activities of the US National Security Agency (NSA) could reduce the size of the market for Facebook. They could cost money. This is serious.

And not just for Facebook:
If businesses or governments think they might be spied on, they will have less reason to trust the cloud and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally and providers will miss out on a great opportunity.
Who said that? Neelie Kroes. And just because she's the European Commissioner for the Digital Agenda doesn't mean she's wrong. The activities of the NSA and our own dear GCHQ here in the UK raise two more big question marks about cloud computing, which already suffered from a lot of unanswered questions before Edward Snowden started leaking.

The Observer reminded us the other day that the cloud computing industry was predicted soon to be worth $200 billion worldwide. If Ms Kroes is right, then the industry can forget about $200 billion. It's just pie in the sky. No wonder Mr Zuckerberg is sounding worried.

The UK government has a major commitment to the cloud – they are promoting G-Cloud (the government cloud) as the way to deliver public services efficiently.

Ms Kroes has had her say and Mr Zuckerberg his.

What do the G-Cloud people have to say? Nothing.

What is their response to the obvious problems with cloud computing? Silence.

"Oh wonderful. That's really helpful."

G-Cloud buries its head in the sand

Mark Zuckerberg founded Facebook and became the youngest self-made billionaire on the planet. He's still young, he's still rich and he's not pleased:
Zuckerberg recently criticised the Obama administration's surveillance apparatus. "Frankly I think the government blew it," he told TechCrunch Disrupt conference in San Francisco.

The Facebook founder was particularly damning of government claims that they were only spying on "foreigners".

"Oh, wonderful: that's really helpful to companies trying to serve people around the world, and that's really going to inspire confidence in American internet companies," said Zuckerberg.
Never mind privacy and security, the activities of the US National Security Agency (NSA) could reduce the size of the market for Facebook. They could cost money. This is serious.

Thursday, 19 September 2013

"The digital beauty of GDS"

"When was the last time you got all choked up about a website or app? Can you recall a transformative digital experience? Have you felt the beauty of digital?"
Ashley Friedlein's consultancy offers Digital Marketing Excellence™ and in that capacity he has "spoken at numerous international conferences, from the USA to Croatia, as well as trade events in the UK, on a range of digital marketing and e-commerce topics".

Today he shares his views with us on The digital beauty of GDS (Government Digital Service). On marketing, he says that "businesses can charge for the value of the "transformation", of the “feeling”, that an experience offers". And as to beauty, he associates it with the experience of being hit in the solar plexus.

"We believe that the experiences themselves are marketing." The customer experience is the marketing?

Today the death of Ken Norton was announced. Not only did Norton hit Muhammad Ali in the solar plexus, he went on to break his jaw. That cracking sound we all heard, that was the sound of marketing.

Judging by the picture, the experience wasn't beautiful at all and you may agree that, perhaps, Mr Friedlein needs to refine the new philosophical concept of beauty he's working on before he brings it to market.

Ken Norton,
the heavyweight who broke Muhammad Ali’s jaw,
dies at 70
The question arises in the course of his meditation whether a digital customer experience could ever give you that Ken Norton experience.

Good question.

And good answer – yes, he says, "I think GDS (Government Digital Service) is a shining example".

Why? How does he come to that conclusion?

Answer, not only "does GDS have a digital strategy, it has digital and design principles, all of which make a lot of sense", but also "US digital sage Tim O’Reilly described the GDS digital strategy ... as the ‘new Bible for anyone working in Government ...'".

"I asked my wife last night whether she’d had any digital experiences which hit her in the solar plexus, which she physically felt as beauty. She thought for a second and replied, in all seriousness, 'renewing my car tax online'."
GDS's digital strategy has been examined by four professors. None of them identified the beauty which Mr Friedlein sees in it. More fool them, eh?

And as to Tim O'Reilly, we have come across him before. Him and his religiose cult of the web. Him and his sermon about GDS's digital strategy being the new Bible. Unlikely, we thought. But then, we missed the beauty. More fool us.

In the interests of market research, why don't we all ask our partner tonight whether they've had a digital experience which hit them in the solar plexus and let Mr Friedlein know the result on his blog? Especially if it's "renewing my car tax online".

"The digital beauty of GDS"

"When was the last time you got all choked up about a website or app? Can you recall a transformative digital experience? Have you felt the beauty of digital?"
Ashley Friedlein's consultancy offers Digital Marketing Excellence™ and in that capacity he has "spoken at numerous international conferences, from the USA to Croatia, as well as trade events in the UK, on a range of digital marketing and e-commerce topics".

Today he shares his views with us on The digital beauty of GDS (Government Digital Service). On marketing, he says that "businesses can charge for the value of the "transformation", of the “feeling”, that an experience offers". And as to beauty, he associates it with the experience of being hit in the solar plexus.

"We believe that the experiences themselves are marketing." The customer experience is the marketing?

Today the death of Ken Norton was announced. Not only did Norton hit Muhammad Ali in the solar plexus, he went on to break his jaw. That cracking sound we all heard, that was the sound of marketing.

Public administration page-turners

Two more books for the bedside table:
Published in 1952 and still essential reading:
Why would anyone want to read these books?

Here's one reason.

The UK National Health Service (NHS) used to boast the biggest computer project in the world. That was their National Programme for IT (NPfIT), a project started in 2002.

In September 2011 the coalition government decided to cancel (or "dismantle") NPfIT, see for example Labour fury as £12bn NHS IT project ditched. By that stage NPfIT had cost £6.4 billion and the expectation of any commensurate benefits had evaporated.

Two years later what do the National Audit Office (NAO) tell us about this cancelled/dismantled failure?
The full cost of the National Programme is still not certain. The Department's most recent statement reported a total forecast cost of £9.8 billion. However, this figure did not include ... 

Public administration page-turners

Two more books for the bedside table:
Published in 1952 and still essential reading:
Why would anyone want to read these books?

Monday, 16 September 2013

Biometrics, Aadhaar and the Apple iPhone 5S

(Hat tip: Ram Krishnaswamy)

For seven years DMossEsq has been boring the world with scare stories about biometrics. "Biometrics don't work", he's been telling anyone not agile enough to get away from him first, "not well enough to do the job they're meant to do, not in the mass market, not with large populations".

Even the other day when those fashionable and lovable exploiters of third world labour Apple announced details of the iPhone 5S, with its fingerprint verification, he couldn't stop himself writing about the problems of false non-matches.

These warnings just wash over people. It's all theoretical. "Computer says no" is a line in a very rude TV comedy show, it doesn't happen in real life.

Really?

Try this.

The much-lauded biometric ration card system is believed to be fool proof and expected to bring the public distribution system (PDS) in step with the digital era. However, ironically, the feedback from the ground indicates that it is rejecting the poor and the impoverished it was intended to benefit.

The biometric authentication system installed at the PDS outlets fails to establish the identity of many genuine beneficiaries, mostly workers, as their daily grind in the agricultural fields, construction sites or as domestic help have eroded the lines on their thumb resulting in distorted impressions.

‘MATCH NOT FOUND’

The ridges and the patterns that are unique to each individual cannot be detected by the scanner and the screen repeatedly blinks a message stating “match not found”.
India is gradually introducing Aadhaar, a biometrics-based identity management scheme which is meant among other things to reduce corruption in the food security system. "PDS outlets" can give subsidised rice to genuine claimants, who use Aadhaar to prove their entitlement, and withhold it from scammers.

At least they can if the biometrics work.

But they don't.

So the PDS shops initially refuse rice to genuine claimants. And then, like normal human beings, they relent, give them the rice anyway, otherwise they'd starve to death or start a riot, and damn the system – "Mr. Vombatkere said that if the beneficiary has to depend on the munificence of the officials to get their quota and not as their right, then the purpose of introducing the biometric system is defeated".

All that money spent on Aadhaar.

Wasted.

That's not a theoretical PDS agent, in the picture alongside, giving theoretical rice to a theoretical claimant. They're all real. Like the failure of mass market biometrics.

Remember, you're entitled to the money in your bank account. It's yours.

But suppose you had to use biometrics to prove that. And suppose the iPhone said "no". Or rather "match not found". Then maybe it wouldn't be so theoretical after all.

----------

The trainspotters and stamp collectors among you will remember that the strength of Aadhaar is derived, according to the Unique Identification Authority of India (UIDAI), from using not one but two biometrics – fingerprints and iris scans.

How come the match-not-found people whose fingerprints fail the biometric test for rice can't be identified by their iris scans instead?

You didn't seriously suppose, did you, that the UIDAI were going to waste money installing iris scanners in tens of thousands of outlets?

----------

As DMossEsq says, "you can solve the false non-matching problem, all you have to do is reduce the matching threshold. But then you get a false matching problem, impostors are able to claim your rice or use your bank account".

Would you like to know more?

How high is your boredom threshold?

Biometrics, Aadhaar and the Apple iPhone 5S

(Hat tip: Ram Krishnaswamy)

For seven years DMossEsq has been boring the world with scare stories about biometrics. "Biometrics don't work", he's been telling anyone not agile enough to get away from him first, "not well enough to do the job they're meant to do, not in the mass market, not with large populations".

Even the other day when those fashionable and lovable exploiters of third world labour Apple announced details of the iPhone 5S, with its fingerprint verification, he couldn't stop himself writing about the problems of false non-matches.

These warnings just wash over people. It's all theoretical. "Computer says no" is a line in a very rude TV comedy show, it doesn't happen in real life.

Really?

Sunday, 15 September 2013

Universal Credit – one for The Old Vic

Last Wednesday, 11 September 2013, the Public Accounts Committee took evidence on Universal Credit from DWP, the NAO and the Cabinet Office.

Media coverage of this electric event has been minimal. We know all about the different colours available for the Apple iPhone 5S. Nothing about the unmasking of misfeasance in public office on a monumental scale.

Where the media fail, perhaps another institution could succeed?


From: David Moss
Sent: 15 September 2013 10:34
To: Kevin Spacey CBE
Subject: Universal Credit – one for The Old Vic?

Attachments: uncorrected transcript - universal credit (223 KB)

Artistic Director

15 September 2013

Dear Mr Spacey


I attach a script for your consideration.

It’s 52 pages long.

52 pages of insight into how the Legislature in the UK is subverted by the unaccountable Executive. The politicians want to spring the poverty trap created by a dysfunctional welfare system. Their will is converted into stratospheric payments to IT contractors. All in the name of public service.

It’s a story of misfeasance in public office. Incompetence. And insouciance about hundreds of millions of pounds of taxpayers’ money going up in smoke. Why bother to pay tax?

It’s an epic business failure. It’s a whodunnit. It’s a courtroom drama. It’s a gladiatorial contest.

52 pages of drama. All paid for already by the taxpayer – no additional cost to the Old Vic for the script. And there’s plenty more where that came from. Masses more.

The set is simple. The characters are complex. Public interest could/should be huge.

One for The Old Vic?

Yours sincerely

David Moss

Universal Credit – one for The Old Vic

Last Wednesday, 11 September 2013, the Public Accounts Committee took evidence on Universal Credit from DWP, the NAO and the Cabinet Office.

Media coverage of this electric event has been minimal. We know all about the different colours available for the Apple iPhone 5S. Nothing about the unmasking of misfeasance in public office on a monumental scale.

Where the media fail, perhaps another institution could succeed?


Wednesday, 11 September 2013

Public services under a cloud

Cloud computing is like a utility. Cheap. Think of your gas and electricity and phone and water bills.

Like the internet, it's always available. Resilient. Disaster-proof. No power cuts. Ever.

Except for the past two days, when some suppliers accredited to the UK government CloudStore found they couldn't log on, see below.

CloudStore is hosted by Memset. And since 1 June 2013, it's been the responsibility of the Government Digital Service, who promise that cloud computing is the key to the future of public services delivered efficiently by innovative SMEs. If they can log on, at least.

Does anyone know how this impossible-to-happen service interruption happened?






Public services under a cloud

Cloud computing is like a utility. Cheap. Think of your gas and electricity and phone and water bills.

Like the internet, it's always available. Resilient. Disaster-proof. No power cuts. Ever.

Except for the past two days, when some suppliers accredited to the UK government CloudStore found they couldn't log on, see below.

iPhone 5S fingerprint technology – eye-catching

Apple unveils two iPhones — and a password at your fingertip, it says in the Times today. According to the Telegraph, Apple iPhone 5S and 5C: fingerprint sensor and plastic make iPhone 5 debut. Etcetera, throughout the media.

You could have announced the end of the world yesterday. No-one would have noticed.

In fact, Sir David Attenborough did. "I think that we've stopped evolving", he told the Radio Times. And all anyone wanted to know is how easily they can photograph themselves with the iPhone 5C.

No matter how trivial the detail, media coverage was breathlessly serious.

Except, perhaps, for Murad Ahmed in the Times. For him, maybe there is some sign of a sense of humour. Maybe there is hope:
At events held at the company’s headquarters in Cupertino, California, and Berlin yesterday, analysts said the new fingerprint technology was the most eye-catching advance.
Which brings us to biometrics.

Suppose the fingerprint recognition in the iPhone 5S doesn't work. Suppose that 20 percent of 5S owners queue up outside Phones4U, complaining that they've bought a product that won't let them use it – the computer says I'm not me and it won't let me unlock the home screen – and they all want their contracts cancelled and their money back.

Suppose someone finds a way to steal your fingerprints from the iPhone 5S and use them to authenticate their own purchases, fraudulently. It's not as though you can just go out and get a new set of fingerprints ...

That's not a disaster for Apple alone.

What will the news footage of those queues do for US-VISIT, the US border control system that relies on fingerprint recognition? What will it do for Aadhaar, the Indian identity management scheme that ditto? What will it do for Safran's share price? What will it do for payments systems which rely on fingerprint recognition to authenticate transactions?

Sweaty fingers and scared eyes. It's in their DNA. That's the evolutionary response that will be shared by all the owners with a horse in the Apple Stakes.

If the fingerprint technology is up to the job and can authenticate you as the legitimate user of this iPhone 5S, then it can also allow you to open the front door to your house. As the Wall Street Journal said in Apple's Latest iPhone Puts Focus Back on Fingerprint Security. Last word to them:
"If I go jogging with my iPhone and I come back to my house and my thumb is all sweaty and I can't get in my apartment door, that would kind of suck".

iPhone 5S fingerprint technology – eye-catching

Apple unveils two iPhones — and a password at your fingertip, it says in the Times today. According to the Telegraph, Apple iPhone 5S and 5C: fingerprint sensor and plastic make iPhone 5 debut. Etcetera, throughout the media.

You could have announced the end of the world yesterday. No-one would have noticed.

In fact, Sir David Attenborough did. "I think that we've stopped evolving", he told the Radio Times. And all anyone wanted to know is how easily they can photograph themselves with the iPhone 5C.

Tuesday, 10 September 2013

Edward Snowden – déjà vu all over again

Come to think of it, this debate about the security services having cracked all our codes is not entirely new.

For what it's worth, back in August 2010, on the No2ID forum, we were discussing the latest revelations about BlackBerry mobile phones. Someone posted the following extracts from a Nic Fildes article in the Times newspaper, BlackBerry ‘near deal to open messages to Saudis’. The debate remains relevant three years later:
The makers of BlackBerry mobile phones appear to have backed down in the face of demands from Saudi Arabia to allow the state to monitor messages sent on its devices ...

The Saudi-backed television station Al-Arabiya quoted unnamed sources as saying RIM [Research In Motion, the people behind the BlackBerry] had agreed in principle to grant the Saudi authorities access to its messages.

Bandar al-Mohammed, of the Saudi Communications and Information Technology Commission, said RIM had expressed its “intention…to place a server inside Saudi Arabia”, allowing the kingdom to inspect communications and data exchanged between BlackBerry handsets ...

The United Arab Emirates intends to ban BlackBerry e-mail, messaging and web browsing on October 11 ...

The company then issued a statement on Thursday denying that it had already allowed some governments access to BlackBerry data.

The US and Canadian governments have also offered to hold talks with countries concerned about the security implications of BlackBerry usage.
Not just Saudi Arabia, but the UAE, too, and India and Indonesia and France – it seemed as if no country would allow people to use BlackBerrys until its security services had found out how to listen in. There are obvious implications for industrial and other espionage.

Then Justin found a Babbage article in the Economist magazine, Spies, secrets and smart-phones, and someone posted this, adding a reference to Sir Richard Dearlove, the former head of MI6 ...
From the Economist article usefully brought to our attention by Justin:
A security pundit interviewed on BBC television's "Newsnight" a few days ago speculated that the American authorities are only pretending when they claim they still can't tap into Skype calls. This was then put to Lord West, a former British security minister. His response was fascinating:
When I come on a programme like this I'm always very nervous, ‘cos I know so much. And also people…don’t necessarily always tell the truth. That sounds an awful thing to say but do you want anyone to know that you can get into very high-encrypted stuff? No, you can say "we don’t, we can’t do it".
He then went on to say how "mind-boggling" are the capabilities of America's National Security Agency and its British counterpart, GCHQ. To this blogger, that sounded like: "Yes of course we can hack Skype calls and all the rest, but we have to pretend we can't".
Lord West is not the only one playing this game. At 9.30 a.m. on Saturday 26 September 2009 Sir Richard Dearlove lectured several hundred of us on the security risks the world faces and the international response [p.15]. At one point he said that there are many good encryption systems available but maybe "we" have cracked them. (I paraphrase.) (Andrew Watson turned out to be at the lecture, too – Andrew, can you confirm this is at least roughly right?)

Let's take it, from Sir Richard's lecture and Lord West's appearance on Newsnight, that the commonly available encryption systems are a busted flush. So what?

The implications are legion.

One of them is that part of the case for long periods of detention without charge [remember Admiral Lord West, the once court-martialled and then reinstated "simple sailor"] collapses. That case is based on the large number of computer files that often have to be checked for evidence and on the difficulty of deciphering them. If that difficulty doesn't exist, ... etc.
... followed by wise words from Andrew Watson:
I have to admit that I don't remember what he said on that topic - having lived through all the fuss surrounding PGP export from the USA in the 90s [see Phil Zimmermann, Why I wrote PGP, pp.227-31], I'm afraid I tend to tune-out speculation about whether the NSA can or cannot read any particular form of encryption. I agree that there doesn't seem to be any publicly-available hard data on this point, and one can spend a lifetime speculating about the possibilities for bluff, double-bluff, triple-bluff etc by those who may know but aren't telling.

Here's the one bit of hard data I have seen recently -

http://www.theregister.co.uk/2010/06/28 ... _lock_out/

... but again, one could speculate that the NSA could break this crypto if they wanted to, but choose not to release this information to the FBI for fear of revealing the secret (etc, etc).
That ElReg article referred to by Andrew, Brazilian banker's crypto baffles FBI, is all about TrueCrypt, the open source encryption facility which was exercising Mydex the other day, "Waaaaat? A backdoor is available for truecrypt too?".

Mydex, and the rest of us – we're all exercised by the Edward Snowden revelations that began on 6 June 2013.

In the atmosphere of "bluff, double-bluff, triple-bluff etc" we're not going to get any sensible answers.

So here's a flippant point.

England staged its revolution over a century before the Americans and the French got round to holding theirs. Edward Snowden was beaten to it by Sir Richard and Lord West by three or four years. Late again!