Monday, 31 March 2014

Waterfall Wanderers 0 - 0 Agile Athletic

As we were saying:
The traditional approach to software development is often known as 'waterfall' development: that is, you plan, build, test, review and then deploy, in a relentless cascade. But some IT industry players regard this practice as the chief problem ...A rather different answer which has emerged in the last ten to fifteen years has been what are called 'Agile Systems', perhaps best described as a philosophical movement in action within the software industry.
The quotation comes, of course, from Richard Bacon MP and Christopher Hope's Conundrum: Why every government gets things wrong and what we can do about it, pp.240-1. Here we are, back again, asking why government IT systems too often go over budget and what we can do about it.

The fashionable answer is that the problem is the "waterfall" engineering of software systems and the solution is "agile" engineering. Waterfall bad, agile good. That's the idea. Let's explore it a little.

Waterfall is always associated with Winston W Royce (1929-95) and, to hear people talking about waterfall these days, you'd think he was a bit of an idiot. Actually, he was a rocket scientist who got into large-scale software engineering and ended up running IT for Lockheed.

Sunday, 30 March 2014

The Scottish on-line security experiment

On-line, you can have convenience. Or you can have security.
One or the other.
But not both.

Stolen Twitter passwords 'worth more than credit card details'.

That's what it said in the Telegraph a few days ago, 28 March 2014. Credit card details are only worth between $2 and $40 these days on the black market, whereas your Twitter password can be worth between $16 and $325. That's what Michael Callahan of Juniper Networks says. And he's a security expert.

You're probably getting bored with these stories. They appear every day in the media. And every month on the DMossEsq blog, see for example Cybersecurity, and GDS's fantasy strategy. And "When it comes to cyber security QinetiQ couldn’t grab their ass with both hands". And Hyperinflation hits the unicorn market. And ...

It's boring. But it's still important.

Friday, 28 March 2014

Time for someone to take the personal information economy seriously

1938 Sears Spring/Summer Catalog
"The roots of mail order date back to the middle ages. In 1498, Aldus Manutius of Venice, a publisher, brought out a catalog of 15 texts which he had published, which were precursors of the paperback books of today" – so says Bonnie Unsworth in her A Brief History of Mail Order Catalogs.

Rather more recently, "the real beginning of mail order was the result of the experiences of a traveling salesman in the mid west, named Montgomery Ward. He published a catalog sheet that listed 163 items right after the Civil War. Within two years, the catalog grew to 8 pages, and then to 72 pages. By 1884, the catalog contained 240 pages with thousands of items, almost everyone of which was illustrated with a woodcut".

While they had Montgomery Ward and Sears Roebuck in the US, here in the UK we had Great Universal Stores, always known affectionately as "GUS".

Mail order was big business and the philanthropic Sir Isaac Wolfson amassed a fortune at GUS. The Wolfson Foundation has awarded charitable grants worth over £1 billion since 1955.

Not just big business, mail order was a credit business. There was no point Mr Ward repeatedly sending the products they had ordered to people who didn't subsequently pay for them. Ditto Sir Isaac. They needed to know before despatch that a given customer wasn't too likely not to pay.

The Manchester Guardian Society was established as a credit rating agency in 1826 in the UK. 1897 saw the formation of the Merchants' Credit Association in the US. The Ramo-Wooldridge Corporation and Thompson Products merged to form TRW in the 1960s. TRW's leading light, Simon Ramo, predicted the cashless society as early as 1961 – enter the credit card. GUS created Commercial Credit Nottingham in 1980, injected TRW into it in 1996 and the whole lot became Experian.

Wednesday, 26 March 2014

The magic of modern public administration

Here's a new TLA for you (three-letter acronym) – "VRA".

"VRA" is voice risk analysis. VRA software listens in on phone calls and tells you whether someone is lying.

If you'll believe that, you'll believe anything.

As the Guardian tell us:
Voice risk analysis has been mired in controversy since scientists raised doubts over the technology soon after it reached the market. In 2007 two Swedish researchers, Anders Eriksson and Francisco Lacerda, published their own analysis of VRA in the International Journal of Speech, Language and Law. They found no scientific evidence to support claims for the device made by the manufacturer.

Lacerda, head of linguistics at Stockholm University, told the Guardian that VRA "does nothing. That is the short answer. There's no scientific basis for this method. From the output it generates this analysis is closer to astrology than science. There was very good work done by the DWP [the Department for Work and Pensions] in the UK showing it did not work ...".
So what?

Monday, 24 March 2014

RIP IDA – April is the cruellest month

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


Anyone remember this?
Press release
Providers announced for online identity scheme

13 November 2012

Successful providers chosen to design and deliver a secure online identity registration service.

The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon are the successful providers chosen to design and deliver a secure online identity registration service for the Department for Work and Pensions.

The identity registration service will enable benefit claimants to choose who will validate their identity by automatically checking their authenticity with the provider before processing online benefit claims ...

Notes to Editors:

2. In May 2012 DWP issued an invitation to tender to 44 suppliers.

3. The value of the 18-month framework contracts is £25m.

4. The Identity Assurance programme is a Government-wide initiative led by the Cabinet Office which will in time be available to all UK citizens who need to access online public services.


6. Universal Credit, which will go live nationally in October 2013, replaces the current complicated paper based benefits payment system we have now with a new online application that meets the needs of claimants and employers in today’s digital world.

7. One further provider is expected to sign up in the next few weeks - completing the eight chosen to design and deliver a secure online IDA service for Universal Credit.
Once upon a time there were seven "identity providers" – the Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon. Then there were eight – as per note 7, PayPal signed up later. Then there were five – Cassidian, Ingeus and PayPal pulled out. 39 of the original 44 (note 2) aspitants are gone.

Universal Credit did not go live in October 2013 (note 6). To date, no benefit claimants can choose an "identity provider" to verify their identity and there are no online benefit claims services. No sign of it so far, how long before the Cabinet Office provide identity assurance across all Government departments to all UK citizens (note 4)? They haven't said.

RIP IDA – 16 June 2014

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


Hat tip-and-a-half: Brian Krebs

Operating until recently sometimes out of New Zealand and sometimes out of Vietnam, Mr Hieu Minh Ngo is currently locked up in New Hampshire as a guest of the Justice Department and looks like spending the next 45 years in prison in the US.

An entrepreneurial young man – he's only 24 now, 69 when he gets out – Mr Ngo had two illicit web-based businesses, and, which have between them sold the personal details of more than half a million Americans. Their 1,300 customers make money fraudulently by using this information to take out loans in the victim's name, for example, or to make false tax refund requests.

Mr Ngo's companies bought this information from a legitimate company, Court Ventures, which, in turn, bought it from another legitimate company, US Info Search.

How did the information cross the line between the legitimacy of Court Ventures and the criminality of and Rather suspiciously – Mr Ngo paid Court Ventures with monthly wire transfers from Singapore.

So far we've had new Zealand, Vietnam, Singapore and the US. We can throw in Guam, too – the US Secret Service contacted Mr Ngo and offered him some illegal business which required him to leave Vietnam, where they couldn't arrest him, and come to Guam, where they could and did.

It's all quite exotic for us Brits. Interesting in its way. But nothing to do with us, surely.


Sunday, 23 March 2014

Who says Public Servant of the Year ex-Guardian man Mike Bracken CBE doesn't have a sense of humour?

Sunday, 16 March 2014

RIP IDA – what we shan't be told on 10 June 2014

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


Individual electoral registration (IER) was passed into law last year and will start in England and Wales in a few months time on 10 June 2014. In the weeks leading up to that date the Electoral Commission will conduct a publicity campaign to tell people how it works and to remind us of the benefits we can expect.

Thursday, 13 March 2014

EXCLUSIVE: GDS and the 2015 general election – SCOOP

"Central plank of the 2015 UK election campaign temporarily unavailable", we said, back in November 2013.

That was when CloudStore went down for a week. Twice. Just after Public Servant of the Year ex-Guardian man Mike Bracken CBE had been allowed to make a presentation to the full Cabinet of the UK government.

Clearly GDS – the Government Digital Service – was going to form part of the Conservative Party May 2015 general election campaign and manifesto, and maybe the Liberal Democrats', too.

But what of UKIP?

Don't know.

And what of Labour?

Sunday, 9 March 2014

Something for the weekend, Sir?

"We wanted to try something new", said GDS four Saturdays ago, 15 February 2014, "sharing the things we've liked over the past week in a blog post".

That was followed by links to stories about the National Archives, ways to write clearly, "an unlikely cause for squeaky brakes" and other matters.

You get the idea. GDS are proposing a frothy Saturday magazine features series. Nothing too serious. A touch of humour. The emphasis is on good news for a change. Which is fine. Utterly harmless. If you're a frothy Saturday magazine.

But they're not. They're the Government Digital Service. This Weekend Links series appears on the GDS blog. And GDS's job is, to quote them, "to be the unequivocal owner of high quality user experience between people and government by being the architect and the engine room of government digital service provision".

Tuesday, 4 March 2014

RIP IDA – The Road to Estonia

Come off it, Sten.

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.


Has it sunk in yet just how important Estonia is to all of us here in the UK?

According to Google there are 45 instances of the word "estonia" on the DMossEsq blog, stretching all the way from Anonymous demonstration of foolproof Cabinet Office plans back in April 2012 and Francis Maude seeks future in Estonia in May 2012, via the Government Digital Service (GDS) "fantasy strategy" series later that year, all the way through to November 2013 and GDS and international relations.

Then in January this year Public Servant of the year ex-Guardian man Mike Bracken CBE, executive director of GDS and senior responsible owner of the pan-government identity assurance programme (IDA), emitted this tweet:

That's the penny that needs to drop: "Estonia is a model for all of us".