Sunday 24 January 2016

"The highlights of 2015 for the [UK] Civil Service"

Sir Jeremy Heywood is the Cabinet Secretary and the Head of the UK's Home Civil Service.

He published his review of calendar 2015 in a series of 54 tweets between 23 December 2015 and 3 January 2016, a period he refers to as the 12 days of the Civil Service Christmas.

54 tweets about the highlights of the year as far as the Civil Service is concerned, month by month. The introductory tweet alongside and one for each month makes 13. 41 to go.

Some initiatives have Sir Jeremy's name obviously on them:
Sir Jeremy (5) set out his priorities in January 2015 sent his first tweet (in March 2015), launched a Leadership Statement, launched a Shadow Board and launched new Implementation Task Forces to drive the delivery of top cross-department priorities.

2015 was a successful year for the Civil Service ...
Achievements (18) The rate of employment reached a record high, the Americans followed the UK example and introduced Civil Service exams, the government carried on functioning despite the general election, the Civil Service celebrated its 160th birthday and Magna Carta its 800th, Scotland's will be one of the most powerful devolved parliaments in the world, a historic deal was reached with Iran, the government was still in power 100 days after the election, HM the Queen became our longest-reigning monarch, the Chancellor of the Exchequer asked the Civil Service for ideas on how to make the Civil Service more efficient, the government will invest a record amount in digital transformation, thousands of Civil Servants attended "fantastic" Civil Service Live events all over the country, the Civil Service was lectured to on the subject of fraud by the fraudster Frank Abagnale, Sierra Leone was declared ebola-free, the award-winning face of the UK government on-line – GOV.UK – had its two billionth hit, public servants worked around the clock to limit flood damage, the Paris Agreement on global climate change was signed and Britain's first official astronaut was launched into space.

... which attracted condign recognition:
Praise (9) Ipsos MORI said the public trust the Civil Service, the Queen praised the Civil Service in a speech at the Home Office, the Times newspaper declared the Civil Service a good place for (a) graduates and (b) women to work, the Major Projects Authority said there had been a "range" of improvements in 188 government projects, the OECD said the UK Civil Service is above average in open data and social media, the Chancellor of the Exchequer thanked the "brilliant officials" of the Civil Service for working on the Spending Review, the Civil Service Awards recognised the "fantastic" work completed by the Civil Service and the Civil Service Diversity & Inclusion Awards recognised those who champion difference.

Sir Jeremy's Civil Service is its people:
Appointments (9) A new Gender Champion was appointed at the Civil Service, there will be nearly four times as many Civil Service apprenticeships, the Civil Service Talent Plan was "refreshed" to help under-represented groups, the Civil Service Disability Champion will increase support for disabled civil servants, a Diversity Champion was appointed and a Social Mobility Champion, more quangos have women on the board, the Civil Service has hired a record number of ethnic minority graduates, four expert diversity advisers were appointed to make the Civil Service more representative and Stephen Foreshew-Cain was appointed head of the Government Digital Service.

The Civil Service has a job to do. It provides the permanent government of the UK, while politicians come and go. Sir Jeremy could have chosen any number of ways to demonstrate that the Executive is doing its job. He chose these 41. Why? What message are they meant to convey? And to whom?

Those 18 achievements. They raise questions. Is it thanks to the Civil Service that employment is at a record high? Or that 2015 is 800 years after 1215? Is there no achievement of the MOD, say, worthy of mention or the NHS?

The nine tweets of praise. Do they stand up to inspection? Is the Major Projects Authority, for example, saying that Civil Service project management is now impeccable? Is there no room to acknowledge failings/areas that need to improve? Shouldn't Sir Jeremy be preparing us for the storm clouds approaching Universal Credit and GOV.UK Verify (RIP), among others?

There must have been hundreds of people recruited to the Civil Service in 2015, maybe thousands. And hundreds or even thousands of promotions. Why are just nine of them mentioned? Why are the rest excluded?

Perhaps it's just us, with our idée fixe here at DMossEsq about the Government Digital Service (GDS), but:

And has Sir Jeremy read GDS's Style Guide?

Under W for Words to avoid, the entry for "deliver" says that pizzas can be delivered, as can the post and public services, but not "abstract concepts" like improvements or priorities.

GDS also recommend that metaphors should be avoided and give as one example "drive" – you can only drive vehicles, according to GDS, not schemes and not people.

Was there really nothing else Sir Jeremy could have tweeted? 12 days of the Civil Service Christmas makes a surprisingly poor fist of it if the idea was to enhance the standing of the Civil Service and to boost morale.

"The highlights of 2015 for the [UK] Civil Service"

Sir Jeremy Heywood is the Cabinet Secretary and the Head of the UK's Home Civil Service.

He published his review of calendar 2015 in a series of 54 tweets between 23 December 2015 and 3 January 2016, a period he refers to as the 12 days of the Civil Service Christmas.

54 tweets about the highlights of the year as far as the Civil Service is concerned, month by month. The introductory tweet alongside and one for each month makes 13. 41 to go.

Wednesday 20 January 2016

RIP IDA – the sunlight of transparency

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.


GOV.UK Verify (RIP), currently being tested, uses a combination of passport details, driving licence and credit rating information to try to enrol people onto the population registers maintained by the Government Digital Service's so-called "identity providers".

Even if a computer-literate person with access to broadband would like a GOV.UK Verify (RIP) account, there can be problems. Among others, that person may not have a passport or a driving licence or a credit history.

The solution to those problems suggested by GDS is to increase the range of data sources available for GOV.UK Verify (RIP), which is why on 1 December 2014, 13 months ago, GDS published How we’re working to increase the range of data sources available for GOV.UK Verify [RIP]:
We’re working to identify more government data sources to add to the document checking service. We’re hoping to be able to say a bit more about our plans on this in the new year.

The use of any additional official data sources would be subject to formal agreements on how the data can be used, and government data sources will only be used on the basis of informed user choice and consent.
They were looking for "more government data sources". Such as? Two days later, DMossEsq suggested personal information recorded by the government about your education, travel or health. That was a guess.

It wasn't a wild guess. It was based on proposals made by the Department for Business Innovation and Skills for its midata project, a close cousin of GOV.UK Verify (RIP), in this video for mooncalves:



But it was a guess nevertheless.

What is the correct answer?

That should have been known shortly. Remember: "We’re hoping to be able to say a bit more about our plans on this in the new year [i.e. January 2015, a year ago]". Remember, too, that the Cabinet Office Minister at the time, Francis "JFDI" Maude, had promised:
Surprising and disappointing, in the event, GDS still haven't told us what additional government records will be pressed into service to populate their identity registers.

Their business partner OIX, the Open Identity Exchange, has floated an alternative solution. Rather than records held by the government, why don't the "identity providers" leaf through our bank accounts instead? Please see their August 2015 white paper, The use of bank data for identity verification.
The primary benefit for Identity Providers is the availability of an additional source of data to validate user-entered data ..., establish a link between the identity and the person ... and establish activity history ..., which would help them achieve ... identity assurance at level of assurance 2. [Please see p.11]
Level of assurance 2 is acceptable in a civil court but inadequate for a criminal court, where you need level 3. OIX are telling us that GOV.UK Verify (RIP) is having trouble reaching even level 2 and that adding our bank details might help.

GDS have neither confirmed nor denied wanting access to our bank accounts. The sunlight of transparency has been dimmed.

Until the day before yesterday when Neil Merrett, read him early, read him often, wrote Experian vows to expand GOV.UK Verify data sources. Experian, remember, are one of the four "identity providers" you can register with if you want a GOV.UK Verify (RIP) account.

Would we finally discover the answer? Educational attainments? Foreign travel history? Medical records? Current account transactions? Mobile phone logs? Don't get your hopes up:
Experian said it would not be providing further details on the nature of these data sets at this time.
Are Experian embarrassed to tell us what new data sources they intend to use? That might explain their reluctance to tell us. In which case, why are they embarrassed? Do they think that it's wrong to use these data sources? Do they fear that the public might object? And that Experian's reputation might suffer?

Come to that, why have GDS kept quiet for over a year now about the "government data sources" they were "working to identify" way back in December 2014?

We don't know.

The only thing that is clear is that the claim that GOV.UK Verify (RIP) will put us all in control of our own data is empty. Remember the "informed user choice and consent" mentioned by GDS in the opening quotation above? Forget it.

Meanwhile, others are looking on and, like us, wondering. More than just wondering, they're doing something about it – DWP building a separate ID tool as Verify can’t cut it, whisper sources, says the tireless Kat Hall in ElReg:
The Department for Work and Pensions looks to be developing its own version of an online identity tool intended as a way to ensure a secure transaction with government services, according to several sources.
And it's not just the Department for Work and Pensions. Her Majesty's Revenue and Customs, too:
A number of sources have told The Register that both the DWP and HMRC are building their own separate online identity systems due to the issues related to getting Verify off the ground.
These service providers have a job to do. HMRC, for example, has to raise the tax revenue on which the state depends. They can't hang around waiting on the off-chance that GDS might get their GOV.UK Verify (RIP) act together.

DWP and HMRC between them must account for the vast majority of GOV.UK Verify (RIP)'s accountholders. The other huge service provider is the National Health Service. But they've already rejected GOV.UK Verify (RIP) on the basis that they're a better "identity provider" than Experian and the other three members of GDS's team, digidentity (Dutch), the Post Office (uncertified) and Verizon (American and banned from any government contracts in Germany).

There's always the private sector, of course. Perhaps they might like to use GOV.UK Verify (RIP)?

No.

Back to Neil Merrett and his June 2015 article, GOV.UK Verify potential in focus as private sector talks begin. GOV.UK Verify (RIP) is no use to the UK finance sector, who are building their own "digital passport". It's no use to merchants who need to conduct on-line age verification. It's even been rejected by the on-line adult entertainment/pornography sector.

The sunlight of transparency reveals an identity assurance scheme with no suppliers and no customers and a data source that dare not speak its name. RIP.

----------

Updated 26.1.16

Yesterday saw the publication of GOV.UK Verify [RIP]: understanding who can be verified and Estimating what proportion of the public will be able to use GOV.UK Verify [RIP].

The Government Digital Service (GDS) have got their slide rule out and used a mathematical model to predict what percentage of its target population – us – can in theory be enrolled onto the registers maintained by its "identity providers".

This is the picture of their prediction, categorising us by age:


Will GDS's model prove more accurate than, say, Her Majesty's Treasury's models of the UK economy? The massed brains of the Treasury assured us in 2002 and 2003, you will remember, that we had now seen the end of boom and bust. It didn't work out that way.

"Our next piece of analysis will be conducting logistic regressions and correlation matrices to gain further insights across demographic groups", they say at GDS. Good. Just like the political pollsters who predicted a dead heat between the Labour and Conservative parties at the May 2015 general election. The Conservatives won 99 more seats than Labour.

While we're waiting to see the outcome, take a look at the graph above. It shows a large increase in "verification rates" over the next few weeks.

It needs to if GDS are to meet their April 2016 target of 90 percent coverage.

The "verification rate" for orange people is due to rise from about about 40 percent to about 80 percent. Is there anything more than wishful thinking to support that large increase?

Are GDS expecting their new "identity providers" to provide that increase? No new approvals have been granted by tScheme. So there can't be any new "identity providers". Their services all have to be approved before they're let loose on the unsuspecting public.

If the expected increase isn't predicated on new "identity providers", then have the existing ones gained access to new data sources? And if so, which data sources? What personal information of ours are we about to discover that we have given permission for Verizon et al to access? For all their claims to openness, GDS still haven't told us.


Updated 29.2.16

GDS have added a fifth "identity provider", Safran Morpho, to their identity assurance platform, GOV.UK Verify (RIP). The registers underlying GDS's platforms provide a "single source of truth" according to Tom Loosemore.

Turn to the GOV.UK Verify (RIP) dashboard on the GOV.UK Performance platform, and what do we see under Certified companies? Digidentity, Experian, the Post Office and Verizon. But no Safran Morpho.

Presumably this single source of truth has to be updated manually from another single source of truth. That would explain the absence of Safran Morpho and the absence further down the dashboard page of any statistics for the week ending 28 February 2016, yesterday.

The GOV.UK Verify (RIP) Account creation success rate, all services stood at 74% on 3 January 2016.

That is consonant with the figures on the graph produced by GDS's new mathematical model.

The model predicted that "verification rates" would climb over 80% soon after 16 January 2016, please see the thick pale blue line for "total verified", i.e. everyone over the age of 16.

In the event, according to the dashboard, the single source of truth, the "verification rate" had fallen to 72% by 21 February 2016. It's going the wrong way.


Even with Safran Morpho's unregistered assistance, what chance the "verification rate" will exceed 90% in June/July 2016 as predicted by the model?


Updated 8.3.16

Another week, and another fall in the Account creation success rate, all services, down from 72% to 67% when, according to GDS's mathematical model, it was meant to be heading up through 80% towards 90%:



Updated 15.3.16

Another week, and another fall in the Account creation success rate, all services, down from 67% to 62% when, according to GDS's mathematical model, it was meant to be heading up through 80% towards 90%:



Updated 22.3.16

The dead cat bounce

It's been a goof week for GOV.UK Verify (RIP). It's in remission. The Account creation success rate, all services is up, at last.

To 90%, as predicted?

No. 66%.

Take a look at our favourite graph from GOV.UK Verify [RIP]: understanding who can be verified:


By now, late March, pink people – age 75 and over – should have a success rate over 70% according to GDS's mathematical model and for everyone else the success rate should be over 80%.

66% is off the scale. Lower than the lowest projection.

In the charming terminology of the securities world, this week's increase from 62% to 66% is a "dead cat bounce".


Updated 6.4.16

Week ending 20 March 2016, the GOV.UK Verify (RIP) dead cat account creation success rate bounced up to 66%, as noted above. A week later it was falling again, to 63% (27 March 2016) and last week it fell further, to 62% (3 April 2016). Not a good sign for a moggy that's meant to be dancing around the 90% mark.

Looking back at 25 January 2016 and Estimating what proportion of the public will be able to use GOV.UK Verify [RIP], someone spotted that there'd been an update on 29 March 2016:
Update, 29 March 2016: We are now able to publish a CSV file (663 kb) containing the data used for the web tool for 7 of the 9 demographic variables provided by the ONS omnibus survey. This is combined with our model's estimate of the individual's probability of being verified by certified companies over time. This is the maximum number of variables we could make public, whilst preserving the anonymity of respondents.
Take a look at the CSV file linked to in that update.

What you'll see is that GDS's own model predicts that:
  • GOV.UK Verify (RIP) tends to exclude individuals with a low income, people outside the managerial and professional classes, the unemployed, the very young, the very old, urbanites, women and Northerners.
  • And for everyone else, even theoretically, it's still miles away from the 100% identity verification rate you might, if you're old-fashioned, associate with a public service public provision.
The logistic regressions and correlation matrices team in GDS have estimated the probability of GOV.UK Verify (RIP)'s "identity providers" being able to verify people's identity on four different dates as follows:

Date
Verification probability
13 October 2014
71.49%
3 December 2015
73.96%
1 March 2016
86.77%
1 July 2016
93.36%

There is no indication how those probabilities were calculated. Or what assumption is made to achieve that huge increase from the 70s to the 90s. Or whether the model is wrong or maybe it's the world that's wrong, with its limp 62% account creation success rate last week.

The data in GDS's model is analysed by geographical region of Great Britain and if you calculate the average verification probability across all four dates you get:

Region
Verification probability
North West
75.62%
Scotland
77.11%
North East
78.03%
London
78.36%
West Midlands
80.90%
South East
83.37%
Wales
83.69%
Yorkshire and Humberside
83.75%
Eastern England
84.23%
South West
84.45%
East Midlands
85.32%

Something in GDS's model suggests that GOV.UK Verify (RIP) should be more successful in the South West and the East Midlands than it is in the North West and Scotland.

The data is also analysed by age:

Age
Verification probability
16 to 24
63.58%
75 and over
69.71%
65 to 74
82.72%
25 to 44
83.89%
55 to 64
84.84%
45 to 54
88.53%

GDS's model predicts significantly greater success with 25 to 74 year-olds than with the under-25s and the over-74s.

The model has four categories of employment status:

Employment status
Verification probability
unemployed
73.46%
economically inactive
73.59%
unpaid family worker
85.90%
in employment
87.36%

GOV.UK Verify (RIP) doesn't look much good for the unemployed and the economically inactive.

Analysing by socio-economic status, we get:

Socio-economic status
Verification probability
not classified 
68.85%
routine and manual
79.19%
intermediate
86.86%
managerial and professional
91.77%

GOV.UK Verify (RIP) works best for the managerial and professional classes – senior civil servants? – and steeply worse for everyone else.

It's supposed to work better in rural areas (86.46%) than urban areas (80.53%) according to GDS's model. It's supposed to work better for males (83.21%) than for females (79.96%). And the more income an individual has, the better GOV.UK Verify (RIP) can verify his or her identity:

Individual income
Verification probability
up to £10,399 
70.09%
no source of income
71.12%
don't know
74.04%
refused
78.74%
£10,400 to £19,759
80.62%
£19,760 to £28,599
89.71%
£28,600 and over
94.17%


Updated 12.4.16

Last week the dead cat bounced up from 62% to 67%. An account creation success rate of 67% is lower than the worst verification probability predicted (Foreshewn?) by GDS for any UK income group.

GOV.UK Verify (RIP) is meant to be able to verify the identity of 70.09% of individuals with an annual income up to £10,339, please see immediately above. That would exclude 29.91% of these people from public services if the UK relied on GOV.UK Verify (RIP).

That's bad enough but it looks as if the exclusion rate may be more like 33%.

Anyway, nothing like the 10% exclusion rate GDS said was acceptable for GOV.UK Verify (RIP) going live this month, April 2016, 18 days left.


Updated 18 April 2016

Last week, 11-17 April 2016, the GOV.UK Verify (RIP) account creation success rate went up to 71%, just under the 72% peak reached in the last fortnight of February 2016.

This increase could be the result of GDS herding people away from the poorly-performing "identity providers" – Barclays, GB Group/CitizenSafe, Royal Mail, Safran Morpho/SecureIdentity and Verizon.

It could also be the result of increasing the minimum age of registration from 19 to 20, thereby excluding another 1.2% of the UK population from getting one of GDS's on-line identities to transact with public services.

The success rate of 71% is bought at the expense of five "identity providers" and all the under-20s.

It's an increase, but 71% is still miles away from the 90% GDS require before GOV.UK Verify (RIP) can go live. It's not going to be achieved this month. Meanwhile, the outside world isn't standing still.


Updated 25.4.16

In the week to 24 April 2016, the account creation success rate fell to 70% from 71% the previous week. There's nothing much to be said about that except that it remains well below the 90% threshold required to declare GOV.UK Verify (RIP) live but GDS may declare it to be live later this week anyway and hang the consequences.


Updated 3.5.16

In the week to 1 May 2016, the account creation success rate rose to 71% from 70% the previous week. There's nothing much to be said about that except that it remains well below the 90% threshold required to declare GOV.UK Verify (RIP) live. GDS claimed to be "nearly there" last week, but sensibly delayed the live announcement. Another day, another deadline missed.


Updated 9.5.16 1

Has the account creation success rate surged to 90%+ in the past week?

We don't know.

At midday 12 noon on Monday 9 May 2016, the Government Digital Service's performance platform dashboard for GOV.UK Verify (RIP) still hasn't been updated. We're left looking at the statistics up to 1 May 2016, eight days ago:


You might think that the Government Digital Service is digital. And that dashboards on the performance platform get updated automatically and at the speed of light.

Clearly not.

Are GDS waiting for the sign-writers to turn up? Do they have to doctor the figures before publication in some way that can't be encoded in an algorithm?


Updated 9.5.16 2

Whatever you do, don't look down

Gravity is a harsh mistress
Since about 2 p.m. we now know that in the week to 8 May 2016, the GOV.UK Verify (RIP) account creation success rate fell from 71% the previous week to 68% .

There's nothing much to be said about that except that it remains well below the 90% threshold required to declare GOV.UK Verify (RIP) live.

In the same week, the authentication completion rate fell from 40% to 36%.

GDS claim to be "nearly there" but what they mean is that they're a bit further away.


Updated 16.5.16

2:19 p.m. Monday afternoon here in the metropolis and the only question is how did GOV.UK Verify (RIP) do last week? As at 8 May 2016, a week ago, 64% of attempted authentications failed. I.e. the authentication completion rate was a princely 36%.

GOV.UK Verify (RIP) is meant to replace the Government Gateway by the end of March 2018. 22½ months time. The Government Gateway is the system HMRC depends on to raise the revenue to pay for public services in the UK. A 64% failure rate for authentications in GOV.UK Verify (RIP) could induce an uncomfortable clammy feeling here and there in Whitehall.

So has the rate improved this week?

We don't know. The GOV.UK Verify (RIP) dashboard on GDS's performance platform still hasn't been updated.

So much for digital by default.


Updated 3.6.16

It will come as news to nobody that today is Friday.

Friday 3 June 2016.

That's four days after Monday 30 May 2016, which is when we might all have expected to see the updated figures on the performance of GOV.UK Verify (RIP) for the week ending Sunday 29 May 2016.

Well hard luck us. The figures weren't available then and they still aren't now (10:00). We are left with the antique performance figures to 22 May 2016 – account creation success rate 68% (not 100%) and authentication completion rate 34% (not 100%).

We have noted that ever since GOV.UK Verify (RIP) was declared live on 24 May 2016 the Government Digital Service (GDS) immediately went into retrenchment mode. The will gone, their energy sapped, is this silence on the system's performance more of the same? Have GDS simply lost interest?


Updated 23.62016

For the week ending 29 May 2016, we finally discovered, the GOV.UK Verify (RIP) account creation success rate was 69%. A week later it rose to 72% (5 June 2016), then fell again to 71% a week after that (12 June 2016).  And for the week ending 19 June 2016? We would normally expect to have the figure some time on Monday 20 June 2016. But no. Here we are on Thursday 23 June 2016 and we still don't know how GOV.UK Verify (RIP) account creation fared last week.

It's not just you losing interest. Clearly, GDS couldn't care either.


Updated 27.6.16 10:55 a.m.

What was the GOV.UK Verify (RIP) account creation success rate for the week ending 19 June 2016? That's what we were asking last week.

We now know that it fell from 71% to 69%. We also know that it fell again, to 68%, for the week ending yesterday.

We were assured that GOV.UK Verify (RIP) could not be declared live until the account creation success rate reached at least 90%. It has missed that low target by at least 20% and yet the system has nevertheless been declared live.

The GOV.UK Verify (RIP) authentication completion rate was 33% in the week ending 12 June 2016. I.e. 67% of attempted authentications failed. Not good. Has that performance improved? We don't know. The performance figures haven't been updated for a fortnight now.

Ditto the certified company completion rate and the certified company choice rate. Ditto, not surprisingly, all three measures of user satisfaction.


Updated 19.8.16

Seven months on from where we started, and GDS have published Improving GOV.UK Verify’s demographic coverage - an update.

Coverage of the UK population by GOV.UK Verify (RIP) may or may not have improved. Either way, it's still below the 90% GDS said they needed for the system to go live and yet go live it did back in May.

What's more, in July, GDS stopped publishing statistics for the account creation success rate on the dashboard, claiming that they don't "tell us or the user much about how well GOV.UK Verify [RIP] is performing". Actually, these statistics speak volumes. Here's GDS's latest graphic:
There's no vertical axis and GDS, supposedly the custodians of data analysis in the UK, don't tell us in their blog post what the different colours mean, but GOV.UK Verify (RIP) clearly has problems authenticating people's identity outside the age range 25 to 44. That is a matter of great interest to the users, pace GDS.

And don't forget, according to the US National Institute of Standards and Technology, even when GOV.UK Verify (RIP) does claim to have proved someone's identity, it hasn't. It's merely recorded an act of self-certification.

RIP IDA – the sunlight of transparency

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.


GOV.UK Verify (RIP), currently being tested, uses a combination of passport details, driving licence and credit rating information to try to enrol people onto the population registers maintained by the Government Digital Service's so-called "identity providers".

Even if a computer-literate person with access to broadband would like a GOV.UK Verify (RIP) account, there can be problems. Among others, that person may not have a passport or a driving licence or a credit history.

The solution to those problems suggested by GDS is to increase the range of data sources available for GOV.UK Verify (RIP), which is why on 1 December 2014, 13 months ago, GDS published How we’re working to increase the range of data sources available for GOV.UK Verify [RIP]:
We’re working to identify more government data sources to add to the document checking service. We’re hoping to be able to say a bit more about our plans on this in the new year.

The use of any additional official data sources would be subject to formal agreements on how the data can be used, and government data sources will only be used on the basis of informed user choice and consent.
They were looking for "more government data sources". Such as? Two days later, DMossEsq suggested personal information recorded by the government about your education, travel or health. That was a guess.

Monday 18 January 2016

UK Digital Strategy - the next frontier in our digital revolution

It was the eve of the eve of New Year's Eve 2015 when the Department for Culture Media and Sport (DCMS) challenged the public to challenge the department:
Challenge us
Come 2020, undoubtedly the UK landscape will have changed to be firmly in the digital age. But how do you want to shape that? Government has ideas and ambitions but as Tech City UK back in 2010 shows, the ideas are out there. So challenge us - push us to do more. Let’s show the rest of the world how it’s done.
They gave us until 19 January 2016 to submit our responses.

They asked for it.

Someone had to tell them:


From: David Moss
Sent: 18 January 2016 12:49
To: 'digitalstrategy@culture.gov.uk'
Subject: UK Digital Strategy - the next frontier in our digital revolution

1. This is a response to the DCMS request for comments on the Secretary of State's 29 December 2015 press release [1] which we can be sure was written by his officials and not by him. Wrong. Please see note below.

2. "In 2010, a revolution began", we are told. Why 2010? Computerisation started in the 1950s, the internet in the 1960s, micro-computers in the 1970s, graphical screens and relational databases in the 1980s, the web and mobile phones in the 1990s and social media in the 2000s. What revolution occurred in 2010? None. Where it isn't simply false, much of this press release is excitable. It sounds credulous, ingenuous and childish, unconvincing and confidence-sapping.

3. "... we want the UK to be synonymous with digital". Synonymous? Are you sure?

4. "Matt Hancock is ... driving a transformation", it says, "to create what he calls a 'smartphone state' ...". Why? What is a "smartphone state"? Who wants one?

Unlocking digital growth
5. To the extent that the UK's digital strategy affects the private sector, best practice is well-established – minimum regulation and a government that keeps out of the way. That seems to be the message being sent by BIS in their UK Government Response to EU public consultation on Digital Platforms [2]. It would be coherent/joined up for DCMS to send the same message and not to pretend that they can pick winners or that they are better than the market at allocating resources.

Transforming government
6. To the extent that it affects central government, a lot can be usefully learned by re-reading the last report on the UK's digital strategy written by people who know what they're talking about, January 2013's A Perspective on the Government Digital Strategy (GDS): Balancing agility and efficiency in UK Government IT delivery [3].

7. The four professors who drafted that report demolished the proposed strategy. Using agile software engineering methodologies, iterating and calling on open source software is not enough. National IT strategies need to be devised by people who know a lot more about IT, a lot more about public administration and a lot more about commerce and inducing cultural change.

8. The professors were right. The former deputy director of the Government Digital Service (GDS) describes years of his own hard work trying to implement that strategy as no more valuable than putting lipstick on pigs [4]. That is no platform for a UK digital strategy.

Transforming day to day life
9. The 2015-20 Spending Review doubled the GDS budget to £450 million to cover the next four years. It is not clear why.

10. Interviewed by PublicTechnology.net[5], their executive director said that GDS would be "going wholesale" in 2016, "iterating" and working on "Government as a Platform". At a 12 January 2016 conference on government IT/ICT in 2016, he tweeted[6]:"Awesome morning at Government ICT 2016 speaking about recasting the relationship between citizens and the state". The day before that, the Cabinet Secretary published a blog post, Civil Service priorities - what we’ve achieved, and what’s ahead [7], in which he said that one of those achievements is that: "at the Spending Review, an additional £1.8 billion investment in digital transformation, as well as £450 million specifically for GDS, was announced". The uses to which that £450 million is to be put remain unclear.

11. Unclear or not, the allocation has been made. In that sense the strategy has been decided upon and it's too late for DCMS or anyone else to be asking for comments. Unless DCMS can force the Cabinet Office/GDS and other departments to change their mind. Can it? Does DCMS have the weight to force a re-think?

12. That seems unlikely. £450 million over four years is more than 50 times as much as DCMS's budget for Tech City UK [8]. GDS's "going wholesale" has got nothing to do with DCMS and neither have the NHS's "amazing doctors and nurses", nor the "MOOCs" referred to in the press release, the driverless cars and the drones. What has the national IT strategy got to do with DCMS? And, given their interest in our quotidian existence, why aren't they asking us about the post-revolutionary survival of newspaper- and book-publishers?

Building the foundations
13. DCMS: "As more of our lives are conducted online, the need to keep ourselves safe from criminals and terrorists increases ... That’s why we’re spending £1.9 billion over the next five years through the National Cyber Security Programme". There goes another £1,900 million. Roughly what JP Morgan have spent on cybersecurity. Not that it did them much good, please see JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever [9]. That's according to Bloomberg. Who were also hacked [10]. Like Sony[11] and everyone else. Including cyber security experts and defence contractors, please see "When it comes to cyber security QinetiQ couldn’t grab their ass with both hands" [12].

14. GDS say[13]:"We want departments across government to adopt GOV.UK Verify increasingly as it progresses from beta to live because it’s secure, straightforward and meets the needs of their users". Such an unqualified promise of security is unrealistic, impractical and not deliverable. DCMS could usefully promote a cultural change in the understanding of the unavoidable risks of living in a "smartphone state". DCMS will have succeeded when the public read that promise of GDS's, assume that it's a joke and laugh.

15. A related cultural change, DCMS could usefully warn the public that downloading "apps" is synonymous with deliberately inserting viruses into our computers/tablets/phones. Also related, DCMS could work to make the public understand that they should be wary if there is no provision for compensation when cyber security is breached, whether in the case of government systems like GOV.UK Verify or "apps" from Tech City UK start-ups. The banks offer compensation. That keeps their noses clean, securitywise at least. By contrast, the compensation GDS and its "identity providers" offer when GOV.UK Verify is hacked is derisory.

Government as a Platform
16. DCMS's postbag in response to their press release will be full of "agile", "iterate", "pivot", "recast", "transform", "revolution" and "ecosystem" but the highest-frequency buzzword is likely to be "Government as a Platform"/"GaaP".

17. If all the departments of central government used the same payments platform, for example, that would be better than them all having their own. It would be cheaper, less risky and easier for us users. That's the GaaP pitch. It's just obviously right, isn't it.

18. No. How much cheaper? Suppose it's more expensive? When will the benefits start to accrue? Tomorrow or in ten years time? What problem would be solved? Just how difficult is it for users to use different payment systems? Is it more secure to put all your eggs in one payments platform or less? Why has Whitehall starved the pre-eminent platform we already have – the Government Gateway [14]? Starved it of resources, that is. For years. Can GDS be relied on to deliver new platforms? GOV.UK Verify, the identity assurance platform, is already years late, it is still not live, it can't assure anyone of the identity of a company or a partnership or a trust, only people and even then not all people, and it appears to be breaking all its own rules on privacy[15]. GOV.UK Notify may or may not soon be released for initial testing and GOV.UK Pay is still no more than a gleam in the ancien régime's eye.

19. There may be convincing arguments in favour of the massive centralisation, standardisation and personal information-sharing that are built into GaaP. The former deputy director of GDS paints a fantastic picture of public administration in the "smartphone state" based on a "single source of truth" [16, 20'50"-21'00"]. That's the weird biblical language of a bewildered prophet who may have spent a little too much time on his own in the desert.

20. DCMS could make the point that the virtues of GaaP are not obvious and that GaaP is the opposite of today's popular cultural moves towards more localism and more choice.

Conclusion
21. From the DCMS press release: "Every part of the UK economy and our lives has been digitised ... This digital fever exploded from the [Tech City UK] cluster in east London, and has spread to every part of the country, making the UK truly a ‘Tech Nation’ ...". This is simply fatuous. It may sound exciting in a juvenile way. But there's so much of this thoughtless vapourware about these days that what would truly be exciting is to read a realistic contribution that takes the UK's public administration and its economy seriously.

----------

16 https://www.youtube.com/watch?v=VjE_zj-7A7A&feature=youtu.be

----------
Updated 23:00
Para.1 in the post above is wrong in that the press release was issued by the Minister of State, Ed Vaizey MP, and not by the Secretary of State, the Rt Hon John Whittingdale MP. It remains the case that the press release will have been written by officials and not by either politician.


Updated 16.1.17

It seems like a whole year since we wrote the blog post above but actually it's only 364 days.

The next frontier in our digital revolution needs a UK digital strategy according to the Department for Culture Media and Sport (DCMS). You'd think that was pretty obvious and pretty important but 364 days later we're still waiting – there's no strategy.

Having described the DCMS consultation on a UK digital strategy as "simply false ... excitable ... credulous, ingenuous ... childish, unconvincing and confidence-sapping ... simply fatuous ... exciting in a juvenile way ... thoughtless vapourware ...", DMossEsq can face the absence of this strategy with equanimity.

Not so the House of Commons Science and Technology Committee. They're getting a bit fed up. Their chairman isn't pleased and he's written to Matt Hancock MP at DCMS to ask what's going on:


"Our disappointment over such a long delay is compounded by the continued absence of the Government's long-promised 'Digital Strategy' ..." – ouch.

Mr Hancock must be getting used to this sort of wigging. His previous berth before DCMS was at the Government Digital Service (GDS) where – guess what – there's no strategy.

His replacement at GDS is Ben Gummer MP, an expert in the Black Death.

Given any organisation plagued with a lack of strategy, will it be known in future as a "gummer" or, more likely, a "hancock"?


Updated 22.1.17

20 January 2017: "The Government's digital strategy was due last summer, six months later than expected, and we are still waiting. I hope this means that it will coincide and be consistent with the wider Government Industrial Strategy, but I'm not going to hold my breath on that one.".

Is that Stephen Metcalfe MP speaking? The chairman of the House of Commons Science and Technology Committee? Once again expressing his dissatisfaction with the government?

No.

It's Iain Wright MP, the chairman of another select committee, the Business Energy and Industrial Strategy Committee.

29 December 2015, the Department for Culture Media and Sport (DCMS) said: "Early next year, we’ll set out a new Digital Strategy for the UK". It's now early 2017, a year later than early 2016, and still no strategy. Not at DCMS. And not at the Government Digital Service.

Back in 2015, DCMS said "challenge us - push us to do more. Let’s show the rest of the world how it’s done". The select committees are challenging DCMS and GDS and pushing them. The rest of the world remains mystified.

UK Digital Strategy - the next frontier in our digital revolution

It was the eve of the eve of New Year's Eve 2015 when the Department for Culture Media and Sport (DCMS) challenged the public to challenge the department:
Challenge us
Come 2020, undoubtedly the UK landscape will have changed to be firmly in the digital age. But how do you want to shape that? Government has ideas and ambitions but as Tech City UK back in 2010 shows, the ideas are out there. So challenge us - push us to do more. Let’s show the rest of the world how it’s done.
They gave us until 19 January 2016 to submit our responses.

They asked for it.

Someone had to tell them:

Friday 8 January 2016

Digital by default and the new meaning of "choice"

Anyone who pays UK income tax one year can be required to make tax payments on account in the following year in addition to any tax deducted at source via PAYE, the standard pay-as-you-earn system. If the payment on account would be less than £1,000 or if the "relevant" amount is less than 20% of the "assessed" amount, then you are exempted from making payments on account. Not many people know that.

Those who do know that sometimes want to apply to have their payments on account reduced for which HMRC, Her Majesty's Revenue and Customs, kindly provide a form SA303.

There's a copy of the SA303 still available in the National Archives but that's all old hat now. These days, in the new world, you want to go to Self Assessment: claim to reduce payments on account (SA303) on the web, where you're presented with a choice:

The choice is either to log on using your trusty GOV.UK Verify (RIP) account and fill in the SA303 on-line or ...

... what? You can choose the the Postal form option in which case two clicks later you're asked to complete the following form on screen:

No old-fashioned form to print out on paper and complete with black ink, you're filling in the SA303 on-line just as much as if you'd chosen the other option. Henry Ford-style, HMRC are giving you a choice of filling in the form on-line or filling in the form on-line.

It's your choice.

Digital by default and the new meaning of "choice"

Anyone who pays UK income tax one year can be required to make tax payments on account in the following year in addition to any tax deducted at source via PAYE, the standard pay-as-you-earn system. If the payment on account would be less than £1,000 or if the "relevant" amount is less than 20% of the "assessed" amount, then you are exempted from making payments on account. Not many people know that.

Those who do know that sometimes want to apply to have their payments on account reduced for which HMRC, Her Majesty's Revenue and Customs, kindly provide a form SA303.

Wednesday 6 January 2016

Border control, gun control and biometrics in the news

The BBC's News at Ten is the UK's leading TV news programme. Last night's edition was interesting for what it did say about biometrics and what it didn't.

On 3 January 2016 all news media carried reports of the latest atrocity committed by the psychopaths of ISIS. Here is the Times newspaper, for example, on the subject:

The Isis terror group in Syria has released a new propaganda video purporting to show the ritualised killing of five “British spies” in revenge for British airstrikes on Syria.

The ten minute footage begins with five men of Middle Eastern appearance, each dressed in orange jumpsuits, talking to the camera one by one and “confessing” to spying on behalf of the UK security services.

The men appear to be wearing handcuffs, and occasionally seem to shake, but do not appear to be under any duress.

This video switches to the desert, where five men are seen on their knees in front of masked militants in winter camouflage uniform.

One of the militants, wearing a balaclava, speaks in Arabic and then switches to English with a London accent. The man addresses Mr Cameron, describing him as “insignificant” and a “slave of the White House” and “mule of the Jews”.
Who is the psychopath who "switches to English with a London accent" and who refers to our Prime Minister as a "mule of the Jews"?

He is thought to be one Siddhartha Dhar, a bouncy castle salesman from Walthamstow, East London.

Mr Dhar was arrested in the UK, released on police bail and asked to hand in his passport to his nearest police station which he didn't. Instead, he left the country with his wife and their children, went to Paris and mocked the UK authorities in a blog post, exulting in how easy it had been to escape.

We are supposed to have exit controls now in the UK. They clearly don't work, as the National Audit Office were telling us a month ago. We've spent £830 million on our eBorders system and "there are some early signs that the Department is beginning to grip this vital programme", the NAO tell us at para.23 on p.12 of their report.

Be that as it may, the question remains is Mr Dhar the psychopath in the ISIS video or isn't he? Mr Dhar sounds to some people like the psychopath. And on the News at Ten last night we were treated to this:


A voice biometrics expert was called in and said that on the basis of his voice biometrics expertise Mr Dhar sounds like the psychopath. We knew that. That's why the voice biometrics expert was called in. What he's confirmed is that the reason he was called in is that he was called in. The biometrics has added nothing whatever.

Biometrics has not identified the psychopath. The reverential treatment of biometrics is akin to the credulous acquiescence in astrology. Next time you're kneeling in the desert in an orange suit with a pistol stuck in the back of your head, remember that – biometrics is no defence, it doesn't provide security.

That's what last night's TV news did tell us.

It shouldn't come as a surprise.

Cast your mind back to the riots in the UK in the summer of 2011 and to Operation Withern:
Public asked to name rioters on internet ‘rogues gallery’

... Photographs, video and CCTV images will be examined by 450 detectives involved in Operation Withern. Simon Foy, a Metropolitan Police Commander, said: “We will be remorseless in our pursuit of these individuals.”
450 detectives had to review all the photographs, video and CCTV images available and the public had to help to identify the rioters. We have national databases of passport photographs and driving licence photographs and how much help was the face recognition biometrics industry? About as much help as the voice recognition biometrics industry was yesterday. None.

Later on, the TV news moved to President Obama's latest effort to increase gun control in the US:


The biometrics industry will tell you that the solution to the problems of gun control is ... biometrics. For example:
A Biometric Gun Lock That Even the NRA Might Like

Yes, he [Omer Kiyani, a gun victim] believes in making guns safer, but he’s not your typical safety advocate. He’s a gun owner himself, and he wants to control firearms in the most practical of ways. That’s why he founded Sentinl, a Detroit-based startup that’s designing a biometric gun lock called Identilock. Attaching to a gun’s trigger, it unlocks only when the owner applies a fingerprint.
Why didn't the BBC or the President mention that?

Because it wouldn't work.

The false negative rate with flat print fingerprinting is about 20 percent. About 20 percent of the time, a policeman trying to shoot a psychopath in Paris, say, would be refused permission by his Identilock-controlled gun. Would you go into action against odds like that? Neither would anyone else. So that's useless.

You can improve the odds by relaxing the matching threshold required. That would make it more likely that the police could be effective. But false negatives are in inverse proportion to false positives. 20 percent of the time, a person not the owner of the gun could then make it fire. Which negates the point of Identilock and its peer technologies like Apple Touch ID.

In its own way, the News at Ten's silence on this point was just as telling as its exciting visuals on voice biometrics, right up there with the beguiling artwork of astrology.

----------

Updated 7.1.16

The BBC news website has just published:
Charlie Hebdo anniversary: Suspect shot by Paris police

French police have shot dead a man who was apparently trying to attack a police station, on the anniversary of the Charlie Hebdo attacks.
Just as well the police weren't hampered by biometrics-controlled guns, isn't it.

Remember that, next time someone tries to convince you that "biometrics" means security.

Border control, gun control and biometrics in the news

The BBC's News at Ten is the UK's leading TV news programme. Last night's edition was interesting for what it did say about biometrics and what it didn't.