Friday 12 February 2016

Trust in the Civil Service 3

Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service, wishes to increase the level of trust placed by the public in the civil service. As we have seen, here and here.

His chosen method to achieve this objective centres on перестро́йка and гла́сность, i.e. perestroika and glasnost, or innovative transformation and openness, to be delivered by the Government Digital Service (GDS).

We have identified certain problems with the strategy. Among others:
  • GDS have promised the public that we can use GOV.UK Verify (RIP), the replacement for the Home Office's failed ID cards scheme, to establish our identity on-line and that we can use that identity to access public services. GDS's business partner, OIX, the Open Identity Exchange, tell us that GOV.UK Verify (RIP) is having trouble achieving the requisite level of assurance that people are who they say they are. Which means that relying parties like the Department for Work and Pensions would be irresponsible to rely on GOV.UK Verify (RIP) when they pay benefits, for example, or pensions. GDS's false promise is more likely to destroy trust in the civil service than to inspire it.
  • In September 2012, the Information Commissioner's Office published advice on data protection which included this: "We also recommend you ... use different passwords for separate systems and devices" (p.8). That was obviously good advice then and it still is, three-and-a-bit years later. You'll find the same advice given worldwide. Here's the US organisation StaySafeOnline.org, for example: "Have a different password for each online account". GDS want you to have a single GOV.UK Verify (RIP) password for all your accounts. They're more interested in convenience than in security. Which diminishes the trust anyone can place in them.
  • "All your accounts"? Surely that should be "all your public service accounts"? No. The GOV.UK Verify (RIP) literature generally says that the system is designed to make it easier for members of the public to access public services, e.g. "GOV.UK Verify [RIP] is the new way to prove who you are online, so you can use government services like viewing your driving licence or filing your tax". Less publicised, GDS are trying to interest the private sector in GOV.UK Verify (RIP). Not a shining example of гла́сность.
Sir Jeremy's trust problems aren't limited to GDS.

Her Majesty's Revenue and Customs (HMRC) want to maintain tax accounts for us all, on-line. The idea is that we should be able to check these accounts, having logged on with our GOV.UK Verify (RIP) identities, and then quickly confirm them, thereby cutting out the old-fashioned need to submit tax returns. As the Chancellor said in his November 2015 spending review:
1.8 A modern and reformed state

Building on the progress made over the last Parliament in public services, the government will introduce far-reaching reforms to create a more productive state, fit for the modern world. The Spending Review and Autumn Statement is taking action to:
  • ...
  • make the government simple to deal with by investing £1.8 billion in digital transformation, replacing tax returns with digital tax accounts, and building one simple payment mechanism for all central government services
  • ...
They do it in Estonia, where it takes a person only 19 seconds to complete their tax return because the Estonian Revenue already know everything about their financial affairs anyway:


Should you invest four minutes of your time in watching this BBC film? Yes.

So surely we can do the same in the UK, if only we trust our tax authority as implicitly as the Estonians trust theirs.

The Chancellor has been advised that this is simply a matter of "building on the progress made over the last Parliament in public services".

Let's look at a relevant example – HMRC's introduction in the 2010-15 parliament of RTI, the real-time information system for PAYE/NI, i.e. pay-as-you-earn/national insurance. And let's look at the case of a company well known to DMossEsq which made a mistake one month.

This company, call it "X Limited", calculated the tax due for PAYE/NI Month 2, 6 May 2015 to 5 June 2015, submitted its RTI return on-line and paid the money due to HMRC on-line. All very modern. X Limited paid the money into the correct HMRC bank account. Good. Unfortunately, X Limited specified the wrong reference number.

HMRC had the money. But HMRC is a big place. And as a result of X Limited using the wrong reference number, the PAYE/NI people thought they didn't have the money. So they marked it down as a debt and started accruing interest on it. And five months later, X Limited received a letter telling them they owed HMRC lots of money.

X Limited telephoned HMRC, who agreed to re-allocate the money to the correct reference number.

End of problem?

No.

Two months later, another letter arrived saying X Limited still owed HMRC money. There followed another telephone call, on which HMRC said:
  1. Yes, it can take two months to re-allocate money. Don't worry.
  2. And don't worry about the threatening letters you're about to receive, we can't stop them going out.
  3. And please don't look at your on-line RTI Current Position tax dashboard, the figures are all wrong, we're not letting any new companies see that account, we work from a snapshot.
  4. X Limited don't seem to have claimed their 2015-16 Employment Allowance to date. You should use HMRC's Basic PAYE Tools, which deducts the allowance automatically.
  5. Goodbye.
It turns out that X Limited do use HMRC's Basic PAYE Tools and that the company is flagged as eligible for Employment Allowance and that the entitlement is not automatically deducted from the PAYE/NI payable. So 4. is wrong.

5. is right.

1. is a big dent in the trust shield and needs to be sorted out by HMRC if Sir Jeremy is not to be embarrassed. It shouldn't take two months not to re-allocate money between two reference numbers in the same account. Nor should it take five months to notify the company of a debt. Not in the administration of a "productive state" that's been through years of перестро́йка to make it "fit for the modern world".

2. is another big dent, and it's also a lesson for the team working on GDS's new "platform", GOV.UK Notify. We don't want that turning into an out of control robot in whose processes no human can intervene, gaily accruing interest on non-existent debts while sending out threatening letters, emails, texts, tweets, ...

What about 3., you ask?

Here is X Limited's Current Position account for its n employees, maintained by HMRC, accessed on-line by X Limited, logged on through the Government Gateway because, of course, GOV.UK Verify (RIP) is incapable of identifying companies, which is an embarrassment Sir Jeremy is just going to have to live with:


There's an Amount due in period column. You'd think that that would match up with X Limited's RTI returns. Three of the non-zero figures shown match up and six don't. Ditto for the Amount paid in period column, three match, six don't and the £1,844.78 figure is particularly noteworthy as nothing was paid in that month, which is where we came in some time back.

Clearly, when HMRC's RTI people say "amount due", they don't mean amount due. And when they say "amount paid", they don't mean amount paid. Quite what they do mean is unclear ...

... but it wouldn't take you even 19 seconds to spot that the account is wrong. You wouldn't confirm the figures. And you wouldn't experience that Estonian rush of trust in HMRC that the Chancellor promises.

GDS have been promised £450 million over the next four years, no-one knows why, but it's unlikely they can help HMRC.

"The government will introduce far-reaching reforms to create a more productive state, fit for the modern world". The problems for Sir Jeremy are mounting up. What can he tell the Chancellor? HMRC. Companies House. GDS. They're all threatening the public's trust in the civil service.

----------

Updated 18.2.16

Somewhere under its calm, elegant, swan-like exterior DMossEsq's webbed feet are paddling away. HMRC's, too.

The temptation to compare HMRC to GDS is strong. Too strong to resist.

Unlike GDS, HMRC actually respond to critical comment. We've seen that before. Now, once again, there have been helpful HMRC responses, this time in connection with X Limited's RTI problems, which may turn out to be quite substantially self-inflicted. Dénouement next week, possibly.

Meanwhile, GDS remain openly silent on the matter of their GOV.UK Verify (RIP) problems. They, and their business partner OIX, please see above.

Deaf to criticism, they now claim that GOV.UK Verify (RIP) could help the banks, rather than the other way round. Try this from Don Thibeau, the head of OIX, Digital Identity Across Borders:
Currently, around 50% of bank accounts opened in the UK are by people who ... lack sufficient footprint in the UK to open an account.
Come again?

GDS and OIX have somehow got the British Bankers' Association on board, please see Guest post: GOV.UK Verify [RIP], OIX and the future of banking. Let's see how long that lasts.


Updated 29.2.16
Good luck, Chancellor

We have a Budget coming up, on Wednesday 16 March 2016. The Chancellor may be expected to repeat his objective to "make the government simple to deal with by investing £1.8 billion in digital transformation, replacing tax returns with digital tax accounts, and building one simple payment mechanism for all central government services".

When it comes to "digital transformation in government", we were told two years ago by ex-Public Servant of the Year ex-Guardian man Mike Bracken CBE ex-CDO ex-CDO, ex-executive director of the Government Digital Service and ex-senior responsible owner of the pan-government identity assurance programme now known as "GOV.UK Verify (RIP)", "Estonia is a model for all of us".

Is it? Is Estonia a model for all of us? Are we really, all of us here in the UK, on the road to Estonia? Francis-now-Lord Maude went to Estonia, looking for the future. It is not clear that he found it, nor that the Chancellor will either. The latter might be well-advised to soft pedal on the virtues of "digital tax accounts" in his Budget speech.

The charming BBC film above may attract the Chancellor. The Estonian revenue service may be able to fill in people's tax returns for them and Estonians may be able to confirm their calculations in 19 seconds flat. You may have your doubts about that. But even after "the progress made over the last Parliament in public services" we are nowhere near achieving the 19 second tax return here in Blighty.

Nothing can alter the fact that at the moment HMRC's Current Position account, for example, please see above, does not reflect the current position. The Amount due shown is not always the amount due and the Amount paid shown is not always the amount paid. HMRC know that. The Chancellor should know it, too.

What can be altered is your apprehension of the problem, which began one month when X Limited paid its PAYE/NI bill into the right HMRC account with the wrong reference number.

Firstly, there is HMRC's response, which has been swift and effective. The large debt that HMRC thought was owed by X Limited has been extinguished. In fact, HMRC have informed X Limited that by Month 10 they had paid £2,010.40 more than HMRC thought was due.

Sorting it out required people to talk to each other. There is no provision for that in GDS's Estonian model for public services. GDS regard service providers and their parishioners talking to each other as failure. That doesn't work – the gap between the digital Current Position and the actual current position just gets bigger. HMRC understand that. GDS and the Chancellor should, too.

Second, there is the taxpayer. It's not all HMRC's fault. X Limited, in this case, made several spectacular mistakes. Among others:
  • Their Month 2 RTI payment was made 35 days after their Month 3 payment because it was only then that they realised that they hadn't paid the Month 2 salaries which they had notified HMRC about with their RTI return 63 days before.
  • Their Month 3 RTI payment is the one that had the wrong reference, it went into X Limited's Corporation Tax account instead of its RTI account. HMRC's Corporation Tax people knew that there was no Corporation Tax due so they immediately sent a cheque back to X Limited which X Limited immediately put in a file because they knew that HMRC didn't owe them any money. They then forgot about the cheque. It was never cashed. HMRC didn't realise that, which is why they thought that there was a debt and which is why the payment at first couldn't be re-allocated, please see above, ... and so the soap opera goes on.
The GDS stance is that we need more centralised and standardised computer systems. They want a centralised and standardised payment platform, GOV.UK Pay, and a centralised and standardised notification platform, GOV.UK Notify:
  • How is GDS's GOV.UK Pay going to stop X Limited paying money to HMRC with the wrong reference?
  • Ms Y at HMRC sorted out the whole goulash X Limited had created in no time.
  • How is GDS's GOV.UK Notify going to sort out this sort of problem on its own, with no human intervention?
HMRC have a century of experience dealing with the likes of X Limited. GDS don't. HMRC have seen it all before. GDS haven't.

"Good services are verbs", say GDS. And "punctuation can slow people down". Quite which problems these aphorisms of GDS's are the solution to is a matter of ludic debate but they're unlikely to get the Current Position account reconciled.

HMRC are interested in collecting revenue to fund public services.

And GDS?

GOV.UK Verify (RIP), GDS's identity assurance platform on which digital tax accounts (and much else) depend, is due to go live in a month's time, in April 2016. So what are GDS doing? They're re-writing it. They've found a new software engineering methodology, mob programming: "All the brilliant people working on the same thing, at the same time, in the same space, and on the same computer". That's what they're interested in. Good luck, Chancellor.

Trust in the Civil Service 3

Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service, wishes to increase the level of trust placed by the public in the civil service. As we have seen, here and here.

His chosen method to achieve this objective centres on перестро́йка and гла́сность, i.e. perestroika and glasnost, or innovative transformation and openness, to be delivered by the Government Digital Service (GDS).

We have identified certain problems with the strategy. Among others:
  • GDS have promised the public that we can use GOV.UK Verify (RIP), the replacement for the Home Office's failed ID cards scheme, to establish our identity on-line and that we can use that identity to access public services. GDS's business partner, OIX, the Open Identity Exchange, tell us that GOV.UK Verify (RIP) is having trouble achieving the requisite level of assurance that people are who they say they are. Which means that relying parties like the Department for Work and Pensions would be irresponsible to rely on GOV.UK Verify (RIP) when they pay benefits, for example, or pensions. GDS's false promise is more likely to destroy trust in the civil service than to inspire it.
  • In September 2012, the Information Commissioner's Office published advice on data protection which included this: "We also recommend you ... use different passwords for separate systems and devices" (p.8). That was obviously good advice then and it still is, three-and-a-bit years later. You'll find the same advice given worldwide. Here's the US organisation StaySafeOnline.org, for example: "Have a different password for each online account". GDS want you to have a single GOV.UK Verify (RIP) password for all your accounts. They're more interested in convenience than in security. Which diminishes the trust anyone can place in them.
  • "All your accounts"? Surely that should be "all your public service accounts"? No. The GOV.UK Verify (RIP) literature generally says that the system is designed to make it easier for members of the public to access public services, e.g. "GOV.UK Verify [RIP] is the new way to prove who you are online, so you can use government services like viewing your driving licence or filing your tax". Less publicised, GDS are trying to interest the private sector in GOV.UK Verify (RIP). Not a shining example of гла́сность.
Sir Jeremy's trust problems aren't limited to GDS.

Wednesday 10 February 2016

Trust in the Civil Service 2

Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service, wishes to increase the level of trust placed by the public in the civil service. As we have seen.

His chosen method to achieve this objective centres on перестро́йка and гла́сность, i.e. perestroika and glasnost, or innovative transformation and openness, to be delivered by the Government Digital Service (GDS).

We have identified certain problems with the strategy. Among others:
  • GDS have promised the public that all the "identity providers" appointed to GOV.UK Verify (RIP), the replacement for the Home Office's failed ID cards scheme, will be certified trustworthy by independent organisations. They are now breaking that promise, thereby destroying trust in the civil service.
  • GDS offer people the option to register with the Post Office – which is not certified trustworthy – but behind the scenes those people are actually registered by a different "identity provider", digidentity. What does that say about openness?
Sir Jeremy's trust problems aren't limited to GDS.

Companies House have been argued into making access to their data available for free, please see Free Companies House data to boost UK economy from July 2014. The case rests on the unproven hypothesis that doing so would cause the UK economy to grow. Why? Because free access will inspire innovation. Such is the putative magic of open data.

On their live website, you can already download Companies House documents. You have been able to for years. They charge £1 per document, you have to pay before seeing it and it takes some time before the document is available to inspect.

All that Companies House had to do was remove the charging step in the download process.

Instead, they chose to create a brand new website, which is currently being tested. That's the more expensive option, it opens the way to introducing errors and it costs more than just amending the existing website. The test website still hasn't caught up with the facilities available in the live one. Meanwhile, the live website is being deprived of the maintenance attention that it needs. None of which can inspire public trust in the civil service's decision-making.

Although Companies House's test website lags behind the old one in some ways, in others it introduces new facilities. For example, you can choose a particular person and find all the companies which that person is a director or company secretary of.

There's nothing innovative about that. You've been able to do it for years on the DueDil website. Companies House have simply pinched the idea. In doing so, Companies House threaten the viability of DueDil – the Companies House data is free, whereas you have to pay for DueDil.

"Embrace the change", you may say, "it's all for the greater good". But there is no sign of an avalanche of innovation and Companies House can't claim to have caused the UK economy to expand. What the public see is the civil service spoiling a private company's business for no good reason. Quite the opposite of what Sir Jeremy seeks, this is a disincentive to innovation – come up with a good idea, and watch the civil service pinch it. Why bother?

It was August 2014 when DMossEsq warned that making the personal information about millions of company directors available for free, quickly, in bulk increases the risk of identity theft. Undeterred, Companies House went ahead anyway with their little bid for перестро́йка. And now, in the spirit of гла́сность, they have acknowledged the wholly foreseeable problem, please see their blog post Our register: advice on protecting your personal information.

They have acknowledged it and devised a laughable mitigation. They will "suppress the day of the date of birth from [their] output data services for filings from October". Which October is being referred to here is not clear but the day of the date of birth has not been suppressed from the hundreds of millions of returns already available and now you can check as many as you like quickly and for free to discover it.

We know that Companies House aren't fools and it doesn't inspire trust when they pretend that they are ...

... which they do not only in the matter of the day of the date of birth but also in the matter of the £1 fee: "Companies House does not consider that information is more readily available as the result of the removal of the £1 fee to access it. We do not consider that a fee of £1 would deter anyone who wants to access a piece of information".

They know perfectly well that that £1 fee was a deterrent and so does everyone else.

Three people in addition to DMossEsq have commented on the Companies House blog post, expressing their worries about the free companies register becoming a valuable aid to fraud. One commentator has actually been defrauded. It's not just hypothetical. That person compares the Companies House service to Facebook. Unfavourably.

And the result?

The end of openness. Companies House have stopped responding.

"Companies House is an executive agency, sponsored by the Department for Business, Innovation & Skills" – that's what they say on GOV.UK, the award-winning on-line open face of innovatively transformed government in the UK. It's part of the civil service. And its recent initiatives, like GDS's, risk achieving the exact opposite of what Sir Jeremy wants.

----------

Updated 12.1.17 1

Companies House proudly announce today that Encompass Corporation UK Limited are using free access to Companies House information to provide a know-your-customer service to their fee-paying clients, please see Using Companies House data: Encompass.

"We integrate content from ... providers of company, property and person information into Encompass products", say Encompass, "see the full list on our information providers page":

see full list ... no results found
In the old days, DueDil or whoever would have paid Companies House for this information. Now Companies House receive nothing. That's progress, the open data way.


Updated 12.1.17 2

Surprisingly, the new Companies House company information website is still "in beta", as they say, it's still regarded as a test, it's not technically a "live" service yet:

BETA This is a trial service — your feedback will help us to improve it.

You can't rush the digital transformation revolution. You know that.

You also know that Companies House make all their information available for free. Except they don't:

This document is currently unavailable, a copy can be ordered from the Contact Centre. Telephone +44 (0)303 1234 500. There is a £3.00 charge per document.

Some information is free, some isn't. Why the difference? There is no explanation.

The digital transformation of UK public services makes everything on-line by default. You know that.

Except it doesn't. You have to ring up Companies House and explain what you want to a human being who then takes your credit card details (so much for the GOV.UK Pay platform) and your email address and some time later the document turns up in your inbox ...

... followed by a hard copy invoice that arrives in the post after a few days (so much for the GOV.UK Notify platform), addressed – in the case of invoice no. PS907646 – to D Moff instead of D Moss, such are the perils of using the telephone.

The revolution clearly faces a reaction.

Still, at least you know that all new public service websites are on GOV.UK, the Government Digital Service's award-winning and revolutionary new face of the UK government on-line.

Except that they're not. Companies House's company information website is on https://beta.companieshouse.gov.uk, and not https://www.gov.uk/companieshouse. And the feedback you might be tempted to provide on their trial beta service is on https://www.research.net, the US SurveyMonkey company, and not https://www.gov.uk/research.

Five years GDS have been around. They still haven't got all the old public service websites onto GOV.UK, not even the most popular ones, and they still can't get all the new ones onto this supposed single solitary exclusive publishing platform.


Updated St Patrick's Day 2017

"... all new public service websites are on GOV.UK, the Government Digital Service's award-winning and revolutionary new face of the UK government on-line", as we were saying the other day, "Except that they're not".

Companies House's website isn't on GOV.UK and neither is the Civil Service Jobs website. It's on http://www.civilservicejobs.service.gov.uk and not http://www.gov.uk/civilservicejobs.

The claim that all government websites are on the single domain GOV.UK looks tattier and tattier by the day.


Trust in the Civil Service 2

Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service, wishes to increase the level of trust placed by the public in the civil service. As we have seen.

His chosen method to achieve this objective centres on перестро́йка and гла́сность, i.e. perestroika and glasnost, or innovative transformation and openness, to be delivered by the Government Digital Service (GDS).

We have identified certain problems with the strategy. Among others:
  • GDS have promised the public that all the "identity providers" appointed to GOV.UK Verify (RIP), the replacement for the Home Office's failed ID cards scheme, will be certified trustworthy by independent organisations. They are now breaking that promise, thereby destroying trust in the civil service.
  • GDS offer people the option to register with the Post Office – which is not certified trustworthy – but behind the scenes those people are actually registered by a different "identity provider", digidentity. What does that say about openness?
Sir Jeremy's trust problems aren't limited to GDS.

Monday 8 February 2016

Trust in the Civil Service 1

As Cabinet Secretary and Head of the Civil Service, Sir Jeremy Heywood is one of the most powerful people in the country and three days ago on 5 February 2016 he tackled the question of Trust in the Civil Service:

© Ipsos MORI
According to an Ipsos MORI poll, civil servants are more trusted than journalists and politicians (and estate agents and bankers) and less trusted than policemen, prelates, scientists, teachers and doctors. If you believe Ipsos MORI, or any other pollsters, trust in civil servants has been increasing since 1983 but 45% of people still don't believe a word Sir Jeremy says.
Contents:
On the hook

Cosmetic change
Agile farmers
NPfIT & UC
HMRC
Exemplary
GOV.UK Verify (RIP)
digidentity & the Post Office
GBGroup & the Royal Mail
Privacy
Security
Sir Jeremy's wager

YouGov v. Ipsos MORI

Quis assessiet ipsos assessores?
Or as a real classicist would ask
Quis iudicet ipsos iudicos?
On the hook
There's a long way to go, 45% of the way, before the "integrity, honesty, impartiality and objectivity" of the civil service are reflected in undiluted public trust. How to get there?

Sir Jeremy suggests that among other things openness, efficiency and innovation may help:
We have also become more innovative. Digital has been at the forefront of this, allowing us to provide services that are more efficient, but also shaped around the needs of users. The New Zealand Government has used GOV.UK source code for their own online presence and the Obama Administration has created a US digital service borrowing from our own Government Digital Service (GDS).
He keeps coming back to "digital". On 11 January 2016 he wrote, in Civil Service priorities - what we’ve achieved, and what’s ahead:
World leaders
Our digital capability has continued to go from strength to strength, and Britain is now undoubtedly one of the world leaders in digital government. We have adopted new ideas and a new agile way of working to try to make everything we do more efficient and better for users. The award-winning GOV.UK has received 2 billion visits and reduced running costs by over half. Departments such as HMRC and DWP are becoming truly digital organisations, transformed from where they were only a few years ago. And at the Spending Review, an additional £1.8 billion investment in digital transformation, as well as £450 million specifically for GDS, was announced.
Not just in his blog posts, but in his tweets as well, Sir Jeremy can't keep away from the importance of the digital transformation of government by GDS.

In his review of 2015, there was no room to mention the successes scored by the Ministry of Defence, for example, or the Department of Health or the Department for Work and Pensions or the Department for Education or Her Majesty's Revenue and Customs but there was room for three tweets about GDS:


He's on the hook. He's committed. They've got each other over a barrel. He has deliberately linked his fate and GDS's. Was that wise?

Cosmetic change
Sir Jeremy describes the "award-winning GOV.UK" as a "huge success story". That's not how Tom Loosemore, the ex-deputy director of GDS, sees it:


Agile farmers
Under the heading World leaders, Sir Jeremy endorses agile software engineering as a way to try to "make everything we do more efficient and better for users". He's on thin ice.

The Department for the Environment, Food and Rural Affairs used agile to develop their new Basic Payment Scheme (BPS) for farmers. Mike Bracken, the ex-executive director of GDS said:
I go weekly now. I go to the meeting of the Common Agricultural Policy Reform Group. It's the RPA. It's the Rural Payments Agency.

Why I'm so excited about that is because they've embraced agile completely. They're going with an agile build out of a whole new programme. That's going to affect everyone in this country, and how they deal with land management, all the farmers, all the people who deal with crops, all the data. It's going to create, I think, a data industry around some of that data.

It's going to help us deal with Europe in a different way, and quite rightly we're building it as a platform. It's going to be another example of government as a platform.

I'm on the Board, and I'm trying to help them every week, and GDS will be working very closely with them to deliver that.
BPS failed nonetheless:
A multi-million pound government IT system to process EU subsidy payments for farmers has been largely abandoned following "performance problems".

The system will be re-launched next week with farmers asked to submit Basic Payment Scheme claims on paper forms.

Farmers say they have struggled with the £154m website for months ...
NPfIT & UC
"Departments such as HMRC and DWP are becoming truly digital organisations, transformed from where they were only a few years ago", according to Sir Jeremy.

Is it an accident that he failed to mention the Department of Health and their National Programme for Information Technology (NPfIT)? That really was a world-leading transformation project and when it failed we taxpayers sat quietly by, warming our hands at the bonfire of £11 billion+ wasted.

NPfIT was pre-GDS and pre-agile but we taxpayers are getting ready for another world-leading celebration when we can warm our hands at the Department for Works and Pensions's Universal Credit bonfire. DWP show no signs whatever of becoming a "truly digital organisation".

HMRC
Which makes it so odd that Sir Jeremy places DWP in the same basket as HMRC ...

... because Her Majesty's Revenue and Customs already are on the way to becoming a truly digital organisation.

Pre-GDS and pre-agile, HMRC have had millions of individuals and companies submitting digital returns for 15 years or more using the Government Gateway. HMRC have managed to get all companies submitting their accounts in iXBRL (inline extensible business reporting language, since you ask). And HMRC have managed to deploy RTI, Real Time Information.

Meanwhile GDS couldn't even computerise BPS's 100,000 farmers.

Exemplary
BPS was just one of the 25 public services GDS chose to develop as exemplars. How about the others?

According to Mike Beaven, just before he became the ex-director of transformation at GDS, eight of these exemplar services went live on time. Or 17 of them, if you count services that are still in beta testing as live. Or 20, according to the Conservative Party Manifesto 2015 (p.49) ... It's not easy counting things. As Mr Beaven explained, just before leaving: "The [transformation] programme has ended ... We’re only just beginning" (please see final paragraph).

How did Sir Jeremy choose to make himself dependent on GDS, rather than HMRC? How are GDS supposed to increase trust in the civil service?

GOV.UK Verify (RIP)
It's not just that GDS can't count. They can't even get their lipstick on straight.

HMRC: "It’s not our IT system; it’s the Cabinet Office’s"
Look at GOV.UK Verify (RIP), the national identity management scheme that GDS are trying to foist on the public. So-called "identity providers" will provide us all with an on-line identity and that's what we'll use to transact with government. That's the idea, at least.

First GDS told us that all "identity providers" (also known as "certified companies") must be certified trustworthy before they can work for GOV.UK Verify (RIP), please see Delivering Identity Assurance: You must be certified. Now we're told Some ID providers may not be accredited by GOV.UK Verify [RIP] go live.

If you try to register with GOV.UK Verify (RIP), after a few clicks, you will see this screen:


"There's no charge for this service"? Why do GDS need £450 million then?

"A certified company will verify your identity. They've all met security standards set by government"? No.

Experian and digidentity have been certified. So have Verizon, although they're not deemed trustworthy enough in Germany, where they're banned from any government contract..

But the Post Office haven't been certified. Their application for certification was registered in February 2014 and lapsed a year later in February 2015. Here we are in February 2016 and GDS are still suggesting that the Post Office have been certified.

That is no way to inspire trust.

digidentity & the Post Office
NHS: "People said I don't trust my bank, I don't trust the Post Office, I trust the NHS"
You may choose to be registered by the Post Office. GDS offer you that option. But behind the scenes what actually happens without telling you is that you are registered by digidentity:


Again, no way to inspire trust.

GBGroup & the Royal Mail
DWP: "building a separate ID tool as Verify can’t cut it, whisper sources"
GDS have five other "identity providers" up their sleeve – Barclays, GBGroup, Morpho, Royal Mail and PayPal. GBGroup have a lowly certification, the other four have none.

The GBGroup service that's been certified is called "ID3global" but the service they're offering the public is called "CitizenSafe". Are they the same?

GBGroup are pleased to announce that "the CitizenSafe engine will be embedded into the Royal Mail’s identity assurance process, also accessible as an alternative via GOV.UK Verify [RIP]". Register with the Royal Mail, and you get GBGroup?

No. You get Avoco Secure:
Royal Mail and GBGroup have been chosen to partner with GOV.UK’s Verify service, to provide verification of individuals so that they can access Government services online, safely and easily. The UK’s Identity Assurance market is taking shape thanks in part to the Government’s Digital Services Identity Assurance Programme. The goal is to enable trust in the Digital economy and this key win of two e-verification contracts places Avoco and their partners, in a strong position to capitalize on this fast developing market.
Who?

Never mind, it doesn't matter, the point is once again that this is no way to inspire trust.

Privacy
The adult entertainment industry and the Digital Policy Alliance: "looking for more innovative means to verify customers, where possible allowing for the potential for anonymised checks that could remove any possible abuse of confidential and personal details"
"GOV.UK Verify [RIP] is being built by Government Digital Service (GDS), working with government departments, private sector and the Privacy and Consumer Advisory Group", GDS tell us in Introducing GOV.UK Verify [RIP].

PCAG have produced nine Identity Assurance Principles and GDS are committed to abiding by all of them – "GOV.UK Verify [RIP] protects users' privacy. It has been designed to meet the principles developed by our privacy and consumer advisory group", please see GOV.UK Verify hub [RIP] - privacy aspects.

GOV.UK Verify (RIP) clearly doesn't abide by principle #7: "I can have confidence in the Identity Assurance Service because all the participants have to be certified against common governance requirements". And if you care to check, you'll find that it doesn't abide by the other eight either, please see The non-existent personal-data control-shift (Updated 14.11.14).

Security
Scotland not using GOV.UK Verify (RIP), the Scottish government has its own scheme, myaccount
And then there's the small matter of the security of GOV.UK Verify (RIP). If you've got the heart, you can read about it here, RIP IDA – who knows what they're talking about?, but ...

Sir Jeremy's wager
... the list goes on and that's quite enough to give you some idea just how sticky a wicket Sir Jeremy has chosen to bat on. He says:
To be trusted I believe we must demonstrate to the public who pay our salaries that we are open and accountable, that we are effective and efficient, and that we deliver excellent public services to citizens across the UK.
If that's what he believes, and if he wants the civil service to be more trusted, how on earth in all of his £743 billion empire (p.6) did he light on GDS as his champion?

... would you generally trust them to tell the truth, or not?

----------

Updated 11:20

The Institute for Government have published Trust in time: Trust in civil servants has increased, according to which some pollsters broadly agree with Ipsos MORI's 55% or so figures but YouGov found that trust in senior civil servants in November 2014 stood at only 19%.

The Institute doesn't tackle the question how GDS can provide a platform for trust in the civil service.


Updated 19.2.16

We are indebted to Kainos Software for bringing to everyone's attention an article published 10 days ago by Mark Say, the editor of UKAuthority.com, Verify [RIP] team expects 15 services for go live.

Straight bat throughout, the article does nothing but list the claims made for GOV.UK Verify (RIP). It is what negotiators call a "schedule of representations", a list of claims made by the salesmen during the sales process.

The supplier – in this case the Government Digital Service (GDS) – can be held to that list when it comes to signing the contract, at which point the representations become warranties, with contractual penalties for subsequent non-performance. Or, if the sales director feels that his or her team has perhaps been a little over-enthusiastic, items on the list can be dropped in exchange for a reduction in the consideration.

Kainos are well-placed to spot one area of contention. Mark Say includes the Rural Payments Agency's Basic Payment Scheme in the list of 15 public services that GDS say will be using GOV.UK Verify (RIP) by April 2016.

"Common Agricultural Policy (CAP) digital mapping solution, co-developed by Kainos, wins praise from Defra", as we were all saying back in April 2014. Then it all went pear-shaped, the computer system was withdrawn and now farmers apply on paper for their basic payments. Perhaps GDS would like to reduce "15" in their claim to "14"?

According to Mark Say's article:
Before it goes live, Verify [RIP] will have to pass the service standard assessment in the Government Service Design Manual, but the forecast of the number of services to go live suggests the team is confident of it passing. [Janet] Hughes says the service has already met many of the 18 points of the digital by default service standard.
GOV.UK Verify (RIP) will be uniquely assisted in its assessment. Janet Hughes is not only the Identity Assurance Programme Director. She is also the "Lead assessor for Digital by Default Service Standard Assessments".

"Four companies are already certified", according to the article, repeating what GDS say, "Digidentity, Experian, Post Offfice and Verizon". The Post Office, of course, isn't certified, please see above. Perhaps GDS would like to reduce "four" in their claim to "three"?

The certification in question is for trustworthiness. And it's not just the Post Office which isn't certified trustworthy. The Royal Mail isn't certified either. Neither is Barclays or Morpho. And PayPal hasn't even applied for certification.

"Hughes also reiterates an earlier forecast that the demographic coverage of Verify – the percentage of people expected to use it being able to do so – should hit 90% by April".

This forecast is based on the output from a mathematical model developed by GDS which heroically predicts that the percentage of 16 to 24 year-olds covered by GOV.UK Verify (RIP) will rise from about 40% late last year to about 80% more or less now. Has that happened? Perhaps GDS would like to reduce "80" in their claim?

Over-enthusiastic sales pitches can only dent trust in the civil service. There's a lot for Mark Say to investigate if he cares to. Even if he chooses not to, just recording GDS's schedule of representations is a valuable public service. He is to be thanked. As are Kainos.

Trust in the Civil Service 1

As Cabinet Secretary and Head of the Civil Service, Sir Jeremy Heywood is one of the most powerful people in the country and three days ago on 5 February 2016 he tackled the question of Trust in the Civil Service:

© Ipsos MORI
According to an Ipsos MORI poll, civil servants are more trusted than journalists and politicians (and estate agents and bankers) and less trusted than policemen, prelates, scientists, teachers and doctors. If you believe Ipsos MORI, or any other pollsters, trust in civil servants has been increasing since 1983 but 45% of people still don't believe a word Sir Jeremy says.

Wednesday 3 February 2016

RIP IDA – interview tips


That's a font, don't you know. A font called "Agile", described as "a pleasurable alphabet that is suitable for both headlines and longer body text; its spirited nature is evident in small as well as in larger point sizes". Available from Village.

In view of the Government Digital Service's love of all things agile, anyone responding to the tweet below is advised to apply with this Village font:


But which style of Agile to go for?

That would be a difficult question to answer if it weren't for GDS's recent discovery of the merits of boldness. Perfectly apposite, that epiphany was experienced by the GOV.UK Verify (RIP) Programme Director herself – so Agile Extrabold Italic on your application!

Candidates should know that the Aviation House day starts with a community rendering of the GDS corporate song, standing up by a wall and shouting it out while the traditional Post-it® notes are run up the flagpole in front of the digital-by-default icon. Learning the lyrics before your interview is an obvious user need.

There will be a certain amount of conversation at the interview. Probably best to avoid the pre-history of GOV.UK Verify (RIP). There's nothing bold about embarrassing the panel, even if you do want to demonstrate that you were born before yesterday.

You could ask the odd question about privacy and security but, in the end, no-one's interested and you don't want to look like a loser so keep it light. Extralight, even.

Far better to concentrate on the commercial aspects of GOV.UK Verify (RIP).

Do not be embarrassed by the fact that you have never created an ecosystem in your life and do not be embarrassed by the fact that you don't have a clue how to regulate a market. Your interviewers won't ask you about that and you shouldn't ask them about their experience either.

No, by "concentrate on the commercial aspects" we mean that you should ask for clarification about GOV.UK Verify (RIP)'s "identity providers".

GOV.UK Verify (RIP) had nine "identity providers" two months ago and the picture looked like this:

GOV.UK Verify (RIP)
"Identity provider" GPG45 service Applied for Granted ("no. of profiles")
.
Barclays Identity Assurance and Provisioning 28 September 2015
digidentity Identity Provider Service for Verify 30 April 2015 (4)
Experian IDaaS 21 October 2014 (4)
GBGroup ID3global 12 February 2015 (2)
Morpho secureidentity 19 November 2015
PayPal
Post Office IDA 24 February 2014, lapsed February 2015
Royal Mail
Verizon UIS 11 February 2015 (5)
.
Not an "identity provider" mentioned by GDS
Equifax Identity Verifier for IdP 10 December 2014 (2)

Now it looks more like this:

GOV.UK Verify (RIP)
"Identity provider" GPG45 service Applied for Granted ("no. of profiles")
.
Barclays Identity Assurance and Provisioning 28 September 2015
.
digidentity Identity Provider Service for Verify 30 April 2015 (4)
Post Office IDA 24 February 2014, lapsed February 2015
CallCredit?
.
Experian IDaaS 21 October 2014 (4)
.
GBGroup ID3global/CitizenSafe? 12 February 2015 (2)
Royal Mail IdP service 21 December 2015
Avoco?
.
Morpho secureidentity 19 November 2015
.
PayPal
.
Verizon UIS 11 February 2015 (5)
.
Not an "identity provider" mentioned by GDS
Equifax Identity Verifier for IdP 10 December 2014 (2)

We're down from nine "identity providers" to just seven, only four of whom are certified by tScheme.

Do not ask if the public are being properly informed. If a punter chooses Royal Mail as their "identity provider" and actually gets Avoco, that doesn't matter. Do not ask why PayPal haven't even applied yet for certification. Go-live date is April 2016, just a few weeks away admittedly, but you're agile and "you don’t have to go far to see digital teams doing the do".

GDS are being perfectly open about all this, please see Some ID providers may not be accredited by GOV.UK Verify go live. They want us all neatly registered for their revolutionary Government as a Platform and we consent to that every time we use GOV.UK Verify (RIP):


The point to make at interview is simply that GOV.UK Verify (RIP) is free. Agile Fat Italic free.

That is how to demonstrate your commercial acumen and that is how to get the GOV.UK Verify (RIP) job so that you can "help change the way citizens interact with government services":

Courtesy Companies House

RIP IDA – interview tips


That's a font, don't you know. A font called "Agile", described as "a pleasurable alphabet that is suitable for both headlines and longer body text; its spirited nature is evident in small as well as in larger point sizes". Available from Village.