@gdsteam & HMG's digital transformation strategy

Sir Jeremy Heywood is the Cabinet Secretary and the Head of the UK's Home Civil Service ... He published his review of calendar 2015 in a series of 54 tweets between 23 December 2015 and 3 January 2016 ...

That's what we wrote on 24 January 2016.

No such review of 2016 is being tweeted at the moment by Sir Jeremy.

Perhaps nothing much has happened this year.

RIP IDA – 119 years? Not many people know that.

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

GDS, the Government Digital Service, were meant to have an identity assurance service "fully operational" by March 2013.

That didn't happen but they have been testing GOV.UK Verify (RIP) since February 2014 ...

... and the system was declared to be live on 24 May 2016.

Between 23 May 2016 and 11 December 2016 237,850 GOV.UK Verify (RIP) accounts were created. That's an average of 1,172 per day.

The Office for National Statistics estimate that there were 50,908,702 people in the UK aged 18 or over in mid-2014.

At the rate of 1,177 1,172 per day, it would take 43,450 days to create 50,908,702 GOV.UK Verify (RIP) accounts. That's more than 119 years.

----------

Updated 10:43

The odd couple

81.6% of people are satisfied or very satisfied with how easy it is to use GOV.UK Verify (RIP). 84.5% of people feel secure registering with the system and 80.5% are comfortable with "identity providers"/certified companies.

These user satisfaction figures are taken from the GOV.UK Verify (RIP) dashboard on the Government Digital Service's GOV.UK performance platform. They are based on 11,687 responses to the ease of use question, 11,623 to the security question and 11,552 on "identity providers".

DMossEsq and other critics can carp all they like. They're wrong, GDS may say. Just look at those user satisfaction ratings. Over 80% of people are satisfied with GOV.UK Verify (RIP) or very satisfied with it. That's what counts. And "counts" is the right word. We're dealing with numbers here. And you can't argue with numbers ...

... or can you?

Untitled 3

We help make better public services. For everyone. pic.twitter.com/Vnh6hXud3D — GDS (@gdsteam) 17 November 2016

----------

The Government Digital Service: The Happiest Place on Earth

Untitled 2

Untitled 1

RIP IDA – other people's money

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

Selected UK local authorities are now conducting trials of the Government Digital Service's dead duck, GOV.UK Verify (RIP).

RIP IDA – local government, the lender of last resort

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

The Government Digital Service (GDS) have convinced 19 local authorities to conduct trials of GOV.UK Verify (RIP).

11 local authorities are going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities are going to try to use it to issue residents' parking permits.

The plan previously was to see if GOV.UK Verify (RIP) could help with issuing taxi licences as well. It was always a peculiar plan and now it's been dropped.

GDS are demanding that local authorities commit to the trials/pilot runs. Once they've started they have to finish – GDS lays down law on council Verify adoption criteria. It's expensive, conducting trials ...

... and local authorities only want to use GOV.UK Verify (RIP) if it saves them money. That plan hasn't been dropped. GDS still haven't provided a price list but they're going to have to soon.

What should we expect to see as these trials unfold?

Let's work our way through an example.

"Stale" and "self-legitimising" public administrators

"... we foster a user-centred culture in GDS and across government by getting everyone involved in user research", it says in a Government Digital Service blog post today, Don’t forget! 2 hours every 6 weeks. "We have user researchers as part of agile teams, for example. That's part of our DNA ... Our natural state can be to look inwards [horror], towards our teams [awful], not outwards towards our users [that's better] ...".

This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".

This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.

Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?

Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?

RIP IDA – however you cut it, GOV.UK Verify (RIP) is no more. It has ceased to be. It's expired and gone to meet its maker. This is a late identity assurance scheme. It's a stiff. Bereft of life, it rests in peace. If GDS hadn't nailed it to GOV.UK, it would be pushing up the daisies. It's rung down the curtain and joined the choir invisible. This is an ex-identity assurance scheme. RIP.

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default "internet era" world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

App info for
Safran Morpho/SecureIdentity

We have seen how Safran Morpho/SecureIdentity make you download an app/virus to your mobile phone if you want to use their GOV.UK Verify (RIP) services. Not a good idea. (Digidentity also now want their parishioners to download an app. Ditto, not a good idea.)

We have seen how GOV.UK Verify (RIP) flouts every one of the identity assurance privacy principles. Again, not a good idea.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

RIP IDA – privacy/identity assurance principles

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

RIP IDA – the Post Office

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays may find it impossible to access public services.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

RIP IDA – Ingeus, Cassidian, Mydex, Paypal, Verizon, Digidentity and Barclays

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

In the remaining months of your existence, let's take a look at the other "identity providers". Are they behaving like Digidentity?

Ingeus – one of GDS's early "identity providers", they never provided anyone with a GOV.UK Verify (RIP) on-line identity. Ditto Cassidian. And Mydex. And PayPal. They all pulled out before they could do any harm. Verizon stayed a while, but now they, too, have pulled out. So that's five "identity providers" we don't need to worry about.

RIP IDA – agile identity, now you are you, now you're not

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

"Congratulations!", they said in the email, "You have completed the registration process":

There he was, DMossEsq, all kitted up with a brand new on-line identity, provided by GOV.UK Verify (RIP) via Digidentity, one of the Government Digital Service's "identity providers".

Digidentity had collected all the details of DMossEsq's passport and driving licence, among other things, and here they were confirming that he is him, the person he claims to be. "Your registration has been completed" – that's what the email says. And polite to a fault, Digidentity even said: "Thank you for registering".

Ruminating about process

It's over two years since we looked at the achievements of the Government Digital Service (GDS). It looked to us then as though the big achievers digitalwise were not GDS at all, despite their noisy claims, but Her Majesty's Revenue and Customs (HMRC).

GDS aim one day to deliver something called "Government as a Platform (GaaP)". They have a publishing platform and a performance platform already up and running. They're working on at least three other platforms:

• GOV.UK Verify (RIP) is meant to be a standard cross-government platform for identity assurance.
• GOV.UK Notify is meant to be a standard way for government to send texts, emails and letters.
• GOV.UK Pay is meant to be a standard way for government to collect payments.

Why no-one can devise @gdsteam's strategy

“It reminds me of that old joke – you know, a guy walks into a psychiatrist's office and says, hey doc, my brother's crazy! He thinks he's a chicken. Then the doc says, why don't you turn him in? Then the guy says, I would but I need the eggs.

Woody Allen

Last heard, the Government Digital Service (GDS) were due to publish their strategy yesterday, 15 September 2016. That was the deadline. Not for the first time, they missed it.

Instead of a strategy explaining what GDS are going to do with £450 million we were treated to a press release, Government Digital Service announces plans to run a national digital academy, which includes this:

GDS director general Kevin Cunnington said: " More and more we are going to make the work from GDS about transformation - not just digital. " We have a superb team and I want our UK strategy to not only reflect the bold ambition that we have across Government, but the new challenges that now face us. We will have an updated and complete Digital Transformation Strategy before the end of the year."

What's all this about "the new challenges that now face us"?

According to the press release:

The Government’s Digital Transformation Strategy is also going to be updated to match the new and larger remit of GDS and to take into account the EU referendum vote and the challenges that the Civil Service now face.

Someone would have us believe that GDS, who couldn't even computerise farm payments, have a transformative rôle to play in bringing about the UK's exit from the European Union.

You may find that unlikely ...

RIP IDA – "wildly unrealistic expectations"

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

Take a look at New GOV.UK Verify [RIP] chief sets out stall after departure of Janet Hughes. That's a Civil Service World (CSW) article, 23 August 2016, and there's something in there for everyone.

"If there's a tricky job facing the Government Digital Service (GDS), or indeed an impossible job, what do they do? Call for Janet Hughes". That's what we said. Several times. Now the heroic Janet has left GDS.

Can she be replaced?

GDS, the data centre for government

"The Government Digital Service [GDS] is the digital, technology and data centre for government ... Over the next 5 years, together with departments, we will be building new digital, technology and data platforms for the whole of government ... We will make better use of data to drive continuous improvement, ensure government has the right technology and that spending is controlled".

That's what it says in the job description for a new head of service design required at GDS. You've got until 13 September 2016 to apply.

GDS & the banshees 3

The system is not set up to do stuff.

It’s set up, frankly,

to have an intellectual pissing match

around how its things should be.

Mike Bracken on Whitehall

On 1 August 2016 one man replaced another man as head of the Government Digital Service (GDS). Kevin Cunnington came. Stephen Foreshew-Cain left. People come and people go. It's not unusual but on this occasion there was an exorbitant keening and wailing and moaning from an international class of banshees.

The banshees failed to make it clear why they were upset. What would it matter if GDS had its terms of reference changed? Transformation begins at home. Come to that, what would it matter if GDS disappeared? The banshees couldn't tell us.

GDS & the banshees 2

The system is not set up to do stuff.

It’s set up, frankly,

to have an intellectual pissing match

around how its things should be.

Mike Bracken on Whitehall

On 1 August 2016 one man replaced another man as head of the Government Digital Service (GDS). Kevin Cunnington came. Stephen Foreshew-Cain left. People come and people go. It's not unusual but on this occasion there was an exorbitant keening and wailing and moaning from an international class of banshees.

GDS & the banshees 1

The system is not set up to do stuff.

It’s set up, frankly,

to have an intellectual pissing match

around how its things should be.

Mike Bracken on Whitehall

Proper journalists have sources and on Sunday 31 August July 2016 Bryan Glick, editor of Computer Weekly magazine, published DWP director Kevin Cunnington set to take over as new head of Government Digital Service. Next day he turned out to be right, John Manzoni: Changes at the Government Digital Service.

The Government Digital Service (GDS) has a budget – £450 million to tide them over to 31 March 2020 – but no published strategy. Mr Glick's sources seem to have been able to give him the date of the overdue announcement of GDS's strategy – 15 September 2016 – and some insight into official thinking: "Our sources say the Cabinet Office hopes to use the launch of the new strategy to 'nullify any coverage around GDS being in confusion or disarray' ...".

What else don't they know?

Government as a Platform (GaaP) is rumoured to be at the heart of the Government Digital Service's strategy.

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

The copulation of propositions (iterating in public)

David Hume, A Treatise of Human Nature (1739):

In every system of morality, which I have hitherto met with, I have always remarked, that the author proceeds for some time in the ordinary ways of reasoning, and establishes the being of a God, or makes observations concerning human affairs; when all of a sudden I am surprised to find, that instead of the usual copulations of propositions, is, and is not, I meet with no proposition that is not connected with an ought, or an ought not. This change is imperceptible; but is however, of the last consequence. For as this ought, or ought not, expresses some new relation or affirmation, 'tis necessary that it should be observed and explained; and at the same time that a reason should be given, for what seems altogether inconceivable, how this new relation can be a deduction from others, which are entirely different from it ...

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).

Government Gateway 1 - 0 GOV.UK Verify (RIP)

A camel is a horse designed by a committee

18 April 2016, RIP IDA – it tolls for thee:

In the lethal custody of the Department for Work and Pensions (DWP), the Government Gateway has been neglected for years. Now someone seems to have paid it a bit of attention. An innovation, it sent DMossEsq's mobile phone a one-time password when he logged in to take a look at his personal tax account. We have suggested recently [1 April 2016] that the Government Gateway should be taken away from DWP and given to HMRC. Perhaps it has been.

24 May 2016, Don't tell the Cabinet Office: HMRC is building its own online ID system.

25 May 2016, HMRC plans extra authentication channel.

RIP IDA – GOV.UK Retrench

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

@GOVUKverify can you tell me why PayPal didn't make the cut? — Kirsty Styles (@kirstystyles1) May 20, 2016

@kirstystyles1 Hi Kirsty, we've blogged about the certified companies that joined us after completing a rigorous onboarding process (1/2) — GOV UK Verify (@GOVUKverify) May 20, 2016

@kirstystyles1 https://t.co/S0g3SJZxvq Please direct any questions you have about that to Cabinet Office Press Office, thanks (2/2) — GOV UK Verify (@GOVUKverify) May 20, 2016

Kirsty Styles edits the New Statesman magazine's B2B tech site. She asks the Government Digital Service (GDS) about GOV.UK Verify (RIP). And back comes a response, possibly from an automaton, something to do with "rigorous onboarding", which looks co-operative but which doesn't answer the question.

You've got to take your hat off to the GOV.UK Verify (RIP) team. They've been doing this day in, day out, for years.

They can still say with a straight face that all their "identity providers" are certified when half of them aren't.

Even after all these years, they still claim to have eight "identity providers" while telling new applicants for a GOV.UK Verify (RIP) account that five of them "probably can't verify you".

They're still adamant that GOV.UK Verify (RIP) is secure and that it abides by all nine of the identity assurance privacy principles – it doesn't abide by a single one and everyone knows that there is no such thing as unqualified security.

And their response to the US National Institute of Standards and Technology's claim that GOV.UK Verify (RIP) doesn't do identity-proofing and offers no more than self-certification is pluckily ... to ignore it.

They look as though they could keep this up forever.

But they can't.

"Data Science Ethical Framework" – contempt for the public

Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves.

That was Douglas Jay in 1937, writing in The Socialist Case. How much has changed 79 years later?

-----  o  O  o  -----

Furtive

The Rt Hon Matt Hancock MP, Minister for the Cabinet Office, gave a speech yesterday to launch the Data Science Ethical Framework. It got off to a wobbly start:

When Alan Turing proposed the Turing Machine and his theory of machine intelligence, he would not have imagined that his early ideas of computing and algorithms would be enhanced and evolved using the quintillions of bytes of data we generate today.

There's no telling what Alan Turing would or would not have imagined.

RIP IDA – worse than you thought

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

The problem you already knew about ...
The point of GOV.UK Verify (RIP) is to assure central government departments like HMRC, Her Majesty's Revenue and Customs, that the person on the other end of the line is who they say they are. GOV.UK Verify (RIP) follows the good practice, we are told, set out in GPG45, Good Practice Guide 45.

Chapter 4 of GPG45, p.9, provides for four levels of assurance, 1-4.

Level 1 isn't much use to a relying party such as HMRC, the identity hasn't been proved at all.

Level 2 gets a bit more useful: "The steps taken to determine that the identity relates to a real person and that the Applicant is [the] owner of that identity might be offered in support of civil proceedings". Level 2 might support identification in a civil court. It might. It might not.

Levels 3 and 4 are successively more reliable. But that's irrelevant at the moment as GOV.UK Verify (RIP) is only offering Level 2.

What's more, it's having trouble reaching even Level 2 according to OIX, the Open Identity Exchange, the Government Digital Service's business partner. If GOV.UK Verify (RIP) could use our personal bank account information, OIX say, that "would help [to] achieve the required standards against the 5 elements of identity assurance at level of assurance 2" (p.11).

To some extent, OIX have now got their wish. GDS tell us that: "In the last few months, we've seen new data sources and methods being introduced, and we've worked with mobile network operators as they've developed a new phone contract validation service that’s now in live use in GOV.UK Verify [RIP] ... It’s also now possible to verify your identity without either a passport or driving licence, thanks to a new method introduced by one of our certified companies which allows you to use your bank account as proof of your identity".

They've got their additional data and it's not helping. The GOV.UK Verify (RIP) account creation success rate remains stuck at around 70%. Young people have trouble opening an account, so do old people and unemployed people and people on low incomes.

Hat tip someone, it's all a far cry from the 16 September 2014 GOV.UK Verify (RIP) service assessment, when the assessors' report called for GDS to "actively work with the market to grow [demographic] coverage to as close to 100% as can be achieved, as early as possible during the Beta".

... may be worse than you thought
But suppose GOV.UK Verify (RIP) achieved 100% demographic coverage and enrolled everyone into GOV.UK Verify (RIP) with a level of assurance of 2. Then what?

Mind the gap

On the London Underground/Metro/Subway a recorded message tells us all, over the public address system, to "mind the gap". That's the gap between the train and the platform, of course, which we are all supposed to be too stupid to mind unless we're reminded.

There once was a post-nuclear holocaust film the name of which entirely escapes DMossEsq in which empty trains continued to travel the tube system following their programmed timetable, stopping to open their doors at each appointed station and the only voice heard was the PA system mindlessly repeating "mind the gap".

RIP IDA – the last rites

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

We can make a meal of it. Or we can do it the quick way.

Let's try the quick way first. Three steps.

RIP IDA – are GDS talking to themselves?

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

Every week, the Government Digital Service (GDS) publish statistics about GOV.UK Verify (RIP) on their performance platform. A degree of academic rigour is called for. Without that, GDS are just talking to themselves.

As we speak, some of these statistics are complete to the week 11-17 April 2016 while others include the week 18-24 April 2016. We ignore the latter in the paragraphs below.

Willing enthusiasm isn't enough

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:

Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it ...

... until recently.

You will notice that GDS were trying to measure how digital central government is, department by department. The data they used is repeated below. You won't be surprised which department wins ...

Openness should include farmers

One of the standing jokes about the Government Digital Service's identity assurance scheme, GOV.UK Verify (RIP), is the list of public services using it:

How can DEFRA's Rural Payments service be connected by GOV.UK Verify (RIP)? DEFRA don't have a rural payments service, as we always point out, at least not a computerised one – the computerised system GDS tried to build collapsed and farmers are all applying for their money using pencil and paper now, as a result of GDS's failure. There's nothing for GOV.UK Verify (RIP) to connect farmers to.

The gateway to openness

"The annual end submission date for tax self assessment in January is one of the critical events in the year for the Government Gateway, HMRC and government IT systems as a whole". So said David Hargreaves on 25 February 2016 in Managing the self assessment tsunami:

This year was the largest yet. The Government Gateway processed over 2.9 million self assessment submissions in January. This was just part of almost 7.5 million transactions it handled over the whole month, and the 10 million online self assessments processed in 2015. The volumes topped 400,000 on Friday 29 January. That’s the equivalent of 8.5 submissions per second.

The Government Gateway is clearly quite a substantial cross-government platform. And these are notable transaction volumes.

And yet, if you try to find anything out about the Government Gateway on the Government Digital Service's performance platform, look what you get:

Insolvent solutions

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:

Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it.

RIP IDA – it tolls for thee

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

"Hi, Richard James here to give you an update on the Personal Tax Account".

Couldn't be more jovial, could it. That's the opening line in a charming little blog post published by Her Majesty's Revenue and Customs (HMRC) the other day, One million customers using the Personal Tax Account.

They're very proud of their new personal tax account. "34 different actions ... That’s how many things you can already do in the Personal Tax Account that would have previously meant a letter or phone to call to us".

One million customers? Everything HMRC does is in the millions. Apart from the things they do by the billion. One million HMRC customers for anything isn't news. It's reassuringly dull. Like the worthy little video they've released, reminiscent of the old Central Office of Information blockbusters on food hygiene or road safety.

But part way through this little gem of a post, what's this we read? "Have you tried it yet? ... From the Personal Tax Account sign in page you can now log in by setting up a Government Gateway account".

That shouldn't be there, should it?

Remember dear old GOV.UK? The award-winning public face of the UK administration on-line? Here's what it looks like today:

Spot anything?

They've stopped claiming falsely that GOV.UK replaces Directgov and Business Link?

Yes. Anything else?

They're still claiming falsely that you can use GOV.UK to register to vote?

Yes. Anything else?

They're suggesting falsely that Universal Jobmatch is a GOV.UK service when in fact it's still on Directgov?

Yes. Anything else?

No.

What about that quite large reference to the EU referendum which occupies a not inconsiderable amount of the prime acreage on the screen? And the link to Find out why the Government believes we should remain.

Oh yes. Bit odd. That shouldn't be there, should it?

"Where we’re at, and where we’re going"

You never know where you are with the Government Digital Service (GDS). Except you do.

-----  o  O  o  -----

Confidence limits

4 April 2014 (600,000):

Identity assurance, procurement 2 Janet Hughes and David Rennie, 4 April 2014 — Industry and market engagement ... Identity providers are paid each time a user registers with them. The initial contracts cover the first 600,000 registrations. We’re expecting to use all of these this year ...

3 April 2016 (478,000):

Safe spaces

An open letter to our new Advisory Board Stephen Foreshew-Cain, 31 March 2016 — GDS team Dear Advisory Board members, ... We've asked you to help us because you believe in the same things that we believe ...

October – Civil Service Diversity & Inclusion Awards recognise those who #ChampionDifference https://t.co/NfGOxHRh7h #12daysofCSmas — Sir Jeremy Heywood (@HeadUKCivServ) January 1, 2016

"Diversity and inclusion is everyone’s issue to move forward and to help solve." https://t.co/SiqUsyuQ2E — Steve Foreshew-Cain (@s_foreshew_cain) March 22, 2016

Lotus Notes redux

So what will GOV.UK Notify do? Government receives millions of calls every year, from people anxious to find out where their thing is at. People have to spend time on hold, and running call centres costs a lot of money. GOV.UK Notify is going to make it easy to keep people informed, by allowing service teams across government to send text messages, emails or letters to their users, before they get anxious enough to call.

Compare https://en.wikipedia.org/wiki/IBM_Notes#History from 1989 with roots going back to 1973.

Faster horses

http://www.cio.co.uk/blogs/political-debate/digital-public-services-20-years-of-faster-horses-3636630/:

Those who optimistically believe they are breaking new ground by improving the online experience are often merely tracing footprints on a path already much trodden, reinventing and rediscovering anew the same things – from a common website to cross-government platforms. The result has been several generations of faster horses.

No-one's ever done payments before

Building GOV.UK Pay Ian Maddison, 31 March 2016 — GOV.UK Pay We previously introduced GOV.UK Pay, a new Government as a Platform product, to make payments more convenient and efficient. We’ve spent 6 months building our beta, and very soon we’ll be taking our first real payments with our first partner services. We wanted to give you an update on our public API, how we're making integration straightforward, security and our technical choices. As a greenfield project ...

RIP IDA – decision time

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

It's April 2016 and some time in the next few days or hours someone has to decide whether to declare that GDS's GOV.UK Verify (RIP) system is live.

Whose decision is it? And what does "live" mean?

RIP IDA – not good enough for the NHS and not good enough for you

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

This is what the Government Digital Service (GDS) have to say about the security of GOV.UK Verify (RIP). It's secure. And it stops someone pretending to be you. And it fights the growing problem of on-line identity theft.

The splash screen you see if you bravely register for one of GDS's GOV.UK Verify (RIP) accounts

HSCIC
Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.

But it's not quite as clear-cut as that. According to Computer Weekly magazine, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC.

RIP IDA – Verizon

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

The Government Digital Service (GDS) claimed until recently that they had nine "identity providers" through whom we proles could register an account with GOV.UK Verify (RIP).

Then PayPal bolted. One minute you see them. Next minute they're gone.

PayPal gave no explanation. Neither did GDS.

Whatever, GDS were then down from nine to eight "identity providers". Or should that be seven?

An open address register

First he was the director of open data and transparency. Then director of open data and government innovation. Now Paul Maltby is director of data at the Government Digital Service (GDS) and yesterday he blogged about An open address register:

The UK government is regularly recognised for being a global leader in making public data openly available. Ministers have committed to being the most transparent government ever. We are determined to make sure that we keep producing high quality data and that we make it as accessible as possible ... Data has become a part of our core national infrastructure, and a huge driver of innovation ... Registers, canonical lists of core reference data, are at the forefront of the government’s effort ... GDS Data Group and the Department for Business, Innovation and Skills (BIS) are working in conjunction with a range of other stakeholders to explore how to fully exploit the benefits of open and freely available address data ...

All these predicates may have disappeared from his job title but Mr Maltby wants us to know that he's still in favour of openness and transparency and that he still sees a connection between making data open and inspiring innovation, which in turn will cause the economy to grow. That reference to registers also alerts us to his support for Government as a Platform (GaaP).

RIP IDA – UK First Government to Offer U2F-Secured Digital ID

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

We told them. On 16 April 2015. Please see RIP IDA – what they omitted from the obituary:

Where's the nationwide information campaign? Normal people have never heard of GOV.UK Verify (RIP). GDS want the system to be live in a year's time, by April 2016. Some time soon GDS are going to have to tell 60 million people what GOV.UK Verify (RIP) is. And how it works. And why they should use it.

GOV.UK Verify (RIP) is due to go live next month. April 2016. Maybe nine days away. And still there's no attempt to tell the public what's going on.

Why this reticence?

Google never mounts a campaign to launch a new service. So the Government Digital Service (GDS) shouldn't either. But GDS isn't Google.

-----  o  O  o  -----

RIP IDA – to lose one "identity provider" may be regarded as a misfortune

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

Why did PayPal jump ship?

And when will Verizon climb back aboard?

The Government Digital Service (GDS) operate GOV.UK Verify (RIP) under a framework agreement. First there was Framework 1. Then there was Framework 2.

@gdsteam & the search for doctrinal authority

Icon depicting the Emperor Constantine,
accompanied by the bishops of
the First Council of Nicaea (Sprint325),
holding the Niceno–Constantinopolitan Creed
of Sprint381.

Wikipedia:

The purpose of a creed is to provide a doctrinal statement of correct belief, or Orthodoxy. The creeds of Christianity have been drawn up at times of conflict about doctrine: acceptance or rejection of a creed served to distinguish believers and deniers of a particular doctrine or set of doctrines.

Twice we have recently drawn attention to the troubled creed of the Government Digital Service (GDS).

On 3 March 2016 we noted the article of faith in the primacy of user needs and how that is no match for the superior faith in digital-by-default, please see RIP IDA – users and their expressed, tacit and created needs for the truth.

In the same text, we recorded the inability of the assisted digital sect to get off the ground and suggested that the same fate may befall the interoperabilitarians.

Many creeds believe that they are uniquely open, even when they manifestly aren't. GDS are no exception.

RIP IDA – reciting the creed

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

What are the Government Digital Service (GDS) up to? Making GOV.UK Verify [RIP] the default way to access digital services. That's what they're up to. So they say.

"GOV.UK Verify [RIP] is for everyone". So they say.

Not right now it isn't. Right now, at most 62% of people who try to register with GOV.UK Verify (RIP) succeed in doing so – at least 38% fail:

So it's not "for everyone". Even though GDS say it is.

RIP IDA – what is the point of GOV.UK Verify (RIP)?

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

In a few weeks time, in April 2016, according to the Government Digital Service (GDS), GOV.UK Verify (RIP) will go live.

Time for someone at last to summarise the implications.

A spreadsheet has been prepared summarising the terms and conditions of business of the GOV.UK Verify (RIP) services offered by each of GDS's nine "identity providers". Not just the business terms but the privacy policy also:

GOV.UK Verify (RIP) summary spreadsheet

It's too wide to display properly on this blog. Readers are asked kindly to take a look here. [Added 12.5.16: updated version of spreadsheet now available. [Added 3.7.16: updated version of spreadsheet now available. [Added 4.1.17: updated version of spreadsheet now available. [Added 24.9.17: updated version of spreadsheet now available.]]]] The effort is worthwhile. It reveals that GOV.UK Verify (RIP) is a machine for collecting and storing your personal information and sharing it widely in the UK and abroad.

What is the point of GOV.UK Verify (RIP)? Answer, it's a personal information publishing service. That's what the summary spreadsheet shows.

-----  o  O  o  -----

RIP IDA – GBGroup/ID3global

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

The Government Digital Service (GDS) have contracted with nine so-called "identity providers" or "certified companies" to register all us Brits and to supply us with on-line identities, ready for the brave new digital-by-default world.

Armed with these on-line identities, 90% of us will be able one day (in April 2016?) to use public services via GOV.UK Verify (RIP). That's the idea.

GDS are more diffident about this but, later on, these on-line identities may allow us to use private sector services, too.

GBGroup is one of GDS's "identity providers", although you won't see their name when you try to sign up for GOV.UK Verify (RIP) – there they aren't:

RIP IDA – Safran Morpho/SecureIdentity

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

The Government Digital Service (GDS) have contracted with nine so-called "identity providers" or "certified companies" to register all us Brits and to supply us with on-line identities, ready for the brave new digital-by-default world.

Armed with these on-line identities, 90% of us will be able one day (in April 2016?) to use public services via GOV.UK Verify (RIP). That's the idea.

GDS are more diffident about this but, later on, these on-line identities may allow us to use private sector services, too.

Safran Morpho is one of GDS's "identity providers":

Safran Morpho offer a product called "SecureIdentity".

GDS promised in the past that all "identity providers" would be certified by tScheme, an independent body, expert in measuring trustworthiness. That's meant to give the public confidence in GOV.UK Verify (RIP).

Safran Morpho applied for certification for SecureIdentity on 19 November 2015. These things take time. SecureIdentity may or may not be certified in the end but it doesn't appear on tScheme's roll of trust yet.

RIP IDA – users and their expressed, tacit and created needs for the truth

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

Last heard of, Stephen Dunn wrote a blog post with Janet Hughes, please see RIP IDA – what they omitted from the obituary. That was about GOV.UK Verify (RIP) and so is his latest contribution, Meeting user needs:

The GDS Design Principles state that services should start with user needs. To pass the Digital by Default Service Assessment for a live service, the service manager must demonstrate that the team building [the] service understands user needs and has undertaken research to develop a deep knowledge of who the service users are and what that means for the design of the service.