Friday, 24 January 2014

RIP IDA – Strange Life of Ida

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


In his serious youth DMossEsq read Strange Life of Ivan Osokin: A Novel by PD Ouspensky. Chapter 1 opens with:
ON THE SCREEN a scene at Kursk station in Moscow. A bright April day of 1902. A group of friends, who came to see Zinaida Krutitsky and her mother off to the Crimea, stand on the platform by the sleeping-car. Among them Ivan Osokin, a young man about twenty­-six ...
Chapter 26, The Turn of the Wheel, opens with:.
ON THE SCREEN a scene at Kursk Station in Moscow. A bright April day of 1902. A group of friends who came to see Zinaida Krutitsky and her mother off to the Crimea stand by the sleeping car. Among them is Osokin ...
You get the idea. There's no need to read the intervening chapters. The wheel keeps turning. It's one of hundreds of drearily portentous novels ideal for a certain sort of moody and ignorant teenager. The last words are, predictably:
Osokin looks round, and suddenly an extraordinarily vivid sensation sweeps over him that, if he were not there, everything would be exactly the same.
Profoundly ignorant of course, but not moody enough, DMossEsq had forgotten all about the ghastly Ivan until yesterday, and the publication on the Government Digital Service blog of What is identity assurance? by Janet Hughes.

Here we go again:

Wednesday, 22 January 2014

GreenInk 10: Private Eye Crook of the Year 2014 awards

(Hat tip: No2ID)

Sadly, there seems to have been no space in the latest edition of Private Eye for the following letter:
From: David Moss
Sent: 10 January 2014 14:05
To: Letters to the editor
Subject: The Gnome Business Awards for 2013, p.32, Eye #1357


Gnome awards Crook of the Year 2013 to James McCormick. He bought novelty golf ball-finders and sold them as explosives detectors to governments whose gullibility or corruption must also be award-winning.

When it comes to the 2014 awards, perhaps Gnome's panel would like to consider the McCormicks selling mass consumer biometrics technology which is meant to identify us uniquely and verify our identity.

Three world-class experts reviewed the literature and determined that biometrics is "out of statistical control". I.e. it's not a science [1]. By way of a practical example, they cite the charade at the US National Institute of Standards and Technology (NIST).

Under the terms of the USA PATRIOT Act 2001 section 403(c)(1), NIST have to certify all biometrics systems before they are deployed to federal law-enforcement agencies. What the scientists at NIST say in their certificates is: "This evaluation does not certify that any of the systems tested meet the requirements of any specific government application". By issuing certificates, NIST abide by the Act even if the certificates say that they haven't got a clue whether the biometrics systems work.

It's not just the USA. The panel will be spoilt for choice [2]. Governments all over the world are handing over public money to McCormicks talking biometricsballs.


David Moss

If only they had seen ENISA's latest report.

Tuesday, 21 January 2014

RIP IDA – Obama fails to consult Maude

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


Last week, the US Identity Ecosystem Steering Group (IDESG) held a three-day conference, 14-16 January 2014 at the Georgia Tech Research Institute. It's all very international and there was a one-hour slot on the Wednesday for An Overview of 2014 Plans for the UK Identity Assurance Program. The talk was given by David Rennie of the Government Digital Service (GDS). The sound recording below is for any Brits who might also be interested in our government's plans for us:

The subject matter is identity assurance (IDA), not everyone's cup of tea, and you don't have to listen to all 55'44". There is a summary appended below.

But you might consider sampling odd snatches. Between 21'10" and 21'35", for example, Mr Rennie states that GDS are working with OIX, the Open Identity Exchange, to draft the rules for the trust framework within which the UK's "identity providers" (IDPs) will have to work.

We hoi polloi need to know that we can trust the IDPs. Otherwise we would be imprudent to use them in our on-line dealings with government. And if we don't, then GDS's digital-by-default initiative is a dead duck (RIP).

Thursday, 16 January 2014

"The cloud is a giant security and reliability disaster waiting to happen"

Computer Weekly magazine:
Banks should never use the cloud

By Karl Flinders on January 15, 2014 2:44 PM

I have been working on a feature today and going through my interviews have found some interesting stuff.

This one comes from an unnamed source within banking IT. This is what he said when asked about the cloud's role in banking.

"None at all hopefully. The cloud is a giant security and reliability disaster waiting to happen. Banks should keep their systems safely locked away in their own data centres and do all they can to protect the infrastructure and physical security. I hope the cloud is only used for holiday snaps and music. Banks should not go there. We have to remember there are bad guys out there trying to crack into these systems millions of times a day around the world. And they only have to get it right once to cause a major disaster! I would not bank with a firm using the cloud to operate my account or hold my details."

So that's pretty clear then.

I recently wrote this article after an event about the cloud in banking: Is cloud computing almost too good to be true for banks?.
So who should use the cloud? For whom doesn't it matter that the cloud is a giant security and reliability disaster waiting to happen?

Tuesday, 14 January 2014

Whitehall schizophrenia – the cartoon

We have noted before that Whitehall is at one and the same time advising individuals and businesses (a) that the web is dangerous and (b) that we should put all our personal data on-line in the cloud. Please see The on-line safety of the mooncalves, 4 July 2013.

Six months later and it's happening again.

The nice Dr Jekyll at the Home Office issued a press release the other day, New campaign urges people to be 'Cyber Streetwise':
A new campaign to change the way people protect themselves from falling victim to cyber criminals has been launched by the government.

The ‘Cyber Streetwise’ campaign aims to change the way people view online safety and provide the public and businesses with the skills and knowledge they need to take control of their cyber security. The campaign includes a new easy-to-use website and online videos.
Meanwhile, thanks to all the nasty Mr Hydes, Whitehall departments are shunting their systems into the cloud as fast as possible with our data in them. No more efficient way of losing control of our data has yet been discovered.

We're used to the schizophrenia.

That's now been joined by infantilism.

Seven professors and a virtuous circle

Interoperability between central and local government identity assurance schemes

The project highlighted the issue of accurate data matching, specifically the matching of names and addresses originating from different sources. (p.9)

The complexity of data matching may present a significant barrier to implementation by Service Providers. (p.10)

The project has highlighted shortcomings in the user journey arising from the technical implementation of the IDA Scheme. (p.10)

... considerably more thought needs to be applied in this area [stepping up from LoA1 to LoA2] if it is to become a viable proposition going forward. (p.10)

... at the time of this project, the functionality required to deliver user data directly within the IDA Scheme [to create a new account] had yet to be developed ... The consequence is that the user is faced with a convoluted process when using the IDA Scheme for the first time. (p.11)

User experience testing was performed in a laboratory environment and involved 5 [sic] users on a one-to-one basis with an experienced research facilitator provided by GDS. Each user had extensive experience of online services including internet banking, government services and social media such as Facebook and Twitter ... The feedback from the small sample of users was generally fairly consistent. (p.12)

Most users would be very reluctant to use their social media accounts with a government site, the prevailing view being that their social life is distinctly separate to doing “business” with government. The issue of privacy and the feeling that government would be able to “see my social life”, or that government transactions would appear in their social media profiles, was of concern. (p.12)

The Hub ... users often struggled as they sought to understand how this method of signing in to government services worked. The Hub service provided the user with a link to a video clip that described the scheme and its purpose ... (pp.12-3)

Users were not clear why private sector companies were being used to carry out identity assurance on behalf of government. (p.13)

Some aspects of the registration processes proved annoying to the users ... (p.13)
GDS, the Government Digital Service, used Warwickshire County Council to alpha test IDA, the identity assurance system they have been putting together for some years now.

The alpha was reported on by OIX, the Open Identity Exchange. A selection of their findings is reproduced alongside.

Certain words and phrases stand out. "Significant barrier", for example, and "shortcomings". "Considerably more thought needs to be applied", "convoluted process", "reluctant" and "struggled". "Not clear" and "annoying".

The alpha was also reported on by David Rennie, a member of GDS, in Steering Collaboration, 26 November 2013. He says:
The alpha project was used to test integration between identity providers and the identity assurance hub and provides insights about how users of local authority services respond to the concept. The alpha found that identity assurance will support the move to digital by default, simplify and improve the customer experience and make service providers more efficient. In short, a virtuous circle of reduced effort, reduced cost and improved customer satisfaction.
You wouldn't know he was talking about the same test, would you?

The disconnect is total.

What's going on?

In their book The Blunders of Our Governments Professors Anthony King and Ivor Crewe talk about several of the causes of failure in government projects. Among them, group-think, which they blame for the Poll Tax, for example.

Group-think was given its first academic treatment apparently by Irving J Janis, a US psychology professor. Messrs King and Crewe have this to say about it (pp.255-6):

According to Janis, whose views are now almost universally accepted, group-think is liable to occur when the members of any face-to-face group feel under pressure to maintain the group's cohesion or are anyway inclined to want to do that.

It is also liable to occur when the group in question feels threatened by an outside group or comes, for whatever reason, to regard one or more outside individuals or groups as alien or hostile.

RIP IDA – Warwickshire County Council

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


"Happy new you", says Steve Wreyford.

He's the Government Digital Service man (GDS), you'll remember, the sexton, digging the grave for IDA, GDS's identity assurance programme.

"Identity Assurance gets closer to market", he told us over 18 months ago, on 25 May 2012. Four days later we learned from him that "Identity Assurance goes to Washington", which is all very well, but was IDA coming to the UK?

The answer wasn't clear but, next best thing, OIX – "Cabinet Office joins the Open Identity Exchange". That was 14 June 2012. Then there were months of silence before Mr Wreyford claimed that IDA was "Less About Identity, More About Trust" (4 October 2012). Our privacy would be respected by IDA and we would be in control of our data. How? No answer.

Sunday, 12 January 2014

Agile is the opposite of waterfall – no

The Iguazu Falls (healthy/agile)
The Department for Work and Pensions have written off millions of pounds spent on developing IT for Universal Credit and we expect the write-off to rise into the hundreds of millions.

How can we stop intelligent organisations from wasting money like this?

Over and over again we are told that the answer is "agile".

Use "agile" software engineering methods and the waste will be minimised.

How? What problem is "agile" solving?

Over and over again we are told that "agile" is to be contrasted with "waterfall". Waste is endemic in "waterfall" software engineering methods. That's the problem. And "agile" will solve it – that's the suggestion.

Thursday, 9 January 2014

What do you think about Parliament holding the government to account? It would be a good idea

The Blunders of Our Governments by Anthony King and Ivor Crewe

If you have to choose between reading this book and Conundrum by Richard Bacon and Christopher Hope, don't. Read them both.

Messrs King and Crewe start, like Bacon and Hope, with the descriptions of a dozen examples of UK government blunders. They then diagnose the problems and write out their eminently sensible prescriptions.

Private Eye get just one citation in Blunders and no citation at all in Conundrum. Which is odd – not much seems to get past Private Eye. If there's a bit of public maladministration going on, they seem to hear about it and they report it.

The same cannot be said of other media outlets, whether printed, broadcast or on-line. Many blunders simply do not get picked up. They fail to become scandals, as Messrs King and Crewe point out, even when they're huge.

Parisians call it the "Metro" and new Yorkers call it the "Subway". We Londoners call it the "tube". And when Labour came to power in 1997 the tube was falling to pieces. Gordon Brown and John Prescott set about fixing it.

Wednesday, 8 January 2014

A Conundrum for the Electoral Commission

This morning the UK woke up to be told that the Electoral Commission proposes to introduce photo-ID for voting. It's one of those ideas that sound sensible until you investigate them.

How best to get this point across?

Sunday, 5 January 2014

Bacon and Hope's faith is a mystery

Conundrum: Why every government gets things wrong and what we can do about it
by Richard Bacon MP and Christopher Hope

As a member of the Public Accounts Committee, Richard Bacon has been an observer for years of the scandalous failures of our government in the UK. Not just an observer. An energetic and noble investigator as well.

In the first 12 chapters, he and Mr Hope tackle the gruesome Child Support Agency, the UK Passport Agency that couldn't issue passports, HM Treasury's tax credits fiasco, and nine more government failures.

They write clearly and authoritatively and it would be a pleasure to read their prose if it weren't for the fact that what we're reading is the story of how billions of pounds of public money have been wasted by the Executive – by Whitehall and the Ministers in political charge of Whitehall.

With 12 sets of raw material to work on, they then give themselves five chapters to do what it says in the title. That is, to explain why governments get things wrong and to suggest what we can do about it.

Messrs Bacon and Hope quote from a large number of studies of the problem. Again, they write very well. And it's a valuable service, hugely appreciated, to bring together so much of the literature in one place.

The many solutions proposed over the past 30 years or so are analysed with philosophical rigour, touching on the constraints of politics in a democracy. None of these proposals has worked – the same lurid mistakes carry on being made, Whitehall remains too often unbusinesslike and irresponsible.

Can Messrs Bacon and Hope succeed where everyone else has failed?