Wednesday, 29 June 2016

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.


There always has been a thriving industry in motivational tea towels. But that's not GDS's raison d'être. They're meant to be there in Whitehall to accomplish the digital transformation of government.

That's not about computers, Mr Foreshew-Cain says. What is it about then?

In a nutshell, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

That definition of "digital" comes from Tom Loosemore, deputy director at GDS until his internet "jibba jabba" caused him to be ejected last September. The internet, or at least the web, has been used to distribute pornography in industrial quantities. Presumably that isn't the culture Messrs Foreshew-Cain and Loosemore want to emulate but nothing in their definition of "digital" prevents that interpretation – "the digital transformation of government" means making pornography easily available to everyone everywhere?

Mr Loosemore doesn't advocate pornography. He's far more interested in the government compiling a single source of truth, registers of everyone's personal information, a pre-internet delusion suffered most notably by the Stasi.

Disappointingly, Mr Foreshew-Cain just seems to advocate whatever Mr Loosemore advocates. Him and Mike Bracken and Martha-now-Lady Lane Fox.

Even more disappointingly, so does the editor of Computer Weekly magazine, please see After Brexit, we have a legacy government - so let's build a new one based on digital technology: "let’s approach the post-Brexit government IT world like a tech startup wherever possible. Eliminate silos from day one. Integrate systems and processes under a common digital architecture. Start from citizens’ needs, not the needs of the Whitehall machine. Build a common data platform and make that data open. Develop a government ecosystem built on open standards and APIs ...".

Most disappointing is the case of Richard Heaton, permanent secretary at the Ministry of Justice, who has just published 5 ways we are putting data in the driving seat: "Comparing individual data against population data will help managers predict and prevent patterns of infection in hospitals, or incidents of violence or self-harm in prisons. You will all be able to think of similar examples ... Could we go further, and replace human decisions about people’s lives with machine learning and predictive analysis?".

The funny thing is that GDS aren't actually all that good at digital. Their batch application system for voter registration fell over when too many people tried to use it. Ditto their petitions system. Their payments system for farmers had to be abandoned. And so it goes, on. Quite why Whitehall would listen to GDS's walls or read their tea towels is not clear. Nor is it clear what GDS have to offer local government.

Unlike the rest of Whitehall and unlike our local authorities in the UK, GDS aren't steeped in the business of government. Their chosen special subject is front ends. They're interested in the user interface between people and websites. That's all.

And that's a problem ...

... a problem laid bare in Digital Government: overcoming the systemic failure of transformation (hat tip: David Chassels), a paper written by two academics at Brunel, Paul Waller and Professor Vishanth Weerakkody (pp.7-8):
We argue that there are (at least) three delusions associated with this approach to deploying digital technology in government and public administration. These delusions are that:
  • it is about slashing administrative costs: in fact it raises needs for resources for development, maintenance, security, cyber-defence, dealing with scam imitations (UK HM Revenue and Customs acted to shut down 1,740 illegal sites in 2013), extension/redesign to meet new channels e.g. mobile platforms, and complete redevelopment every 5-10 years,
  • everything has to be user-focused: but not much of a government or public administrative function directly involves citizens so a focus on the interface misses the point about “transforming government processes”,
  • technology can “rationalise” government and public administration: but both are rooted in nations’ constitutions, in policy and in law, and are in constant flux.
Messrs Waller and Weerakkody are adamant. The nature of public services has been misunderstood by the internet jibba jabberers. Government departments are not commercial firms. Social and political science is "a strange land for many e-government academics". Government is different (p.22):
Always, the next technological fashion — be that big data analytics, algorithmic regulation, platform government, co-creation or whatever — must be critically assessed against the distinct context of politics and government.
It's quite hard work reading the Waller and Weerakkody paper. But useful.

Easier to read one of GDS's tea towels. But why bother?



----------

Updated 30.6.16

The DMossEsq blog uses Google's Blogger platform on which, when someone kindly submits a comment, a copy is emailed to DMossEsq and the comment is displayed on the blog ...

... unless it's too long, in which case it isn't displayed ...

... as happened this morning – David Chassels submitted the following comment at 11:27 a.m. today, 30 June 2016 [24.11.166: Google updated Blogger the other day. Longer comments are now supported and Mr Chassels's comment is now displayed below]:
The hard working folk at GDS have had very poor support from their leaders who have failed dismally as described to truly understand “digital”. Politicians like most business people are understandably confused and this ignorant of underlying complexity in building and delivering an end to end service; and wow the vendors take advantage of that! Hence the need to be the ”intelligent customer” as articulated by Bernard Jenkin chairman of PASC which reported in 2011 on Good Governance: effective use of IT and its follow up in 2013 “Public Procurement: capability and effectiveness” (link)

Reality is that driving a “digital service” is as indicated much more that a web form it is about the whole business operation to deliver effectively. Users internal and external should be the drivers and in fairness to the “IT” industry this was recognised over 15 years ago and tagged “BPM” as the required “discipline” see this forum (link).

However sadly the supporting software remained in component complexity. This was the very challenge which was recognised by many we took on in the 90s! Yes real R&D to deliver a working solution with early adopters taken over 20 years. But you know what it worked! In effect we opened that door and given the recognition of the importance of Government buyers understanding what they are actually buying, we thought now is our time! So we embarked up trying to attract attention from ”our” Government when ICT Futures was created by the then new Government and quickly followed by GDS.

Just to put into context the effectiveness of what we created we had a Government agency UK Sport as early adopters which handles the end to management of grants to support our elite athletes. Now over 15 years supporting constant change recognised as the most efficient grant body - see here in 2011 (link). Total cost including original build less than £2m yet doing the same maybe even more complex than the grant system to farmers under RPA which seems to be on second attempt with total costs over £400m and as noted GDS contributed to that failure! Just this year UKSport converts to web from client server over half of the 500 UIs converted total cost less that £50K! That is what is called “disruptive” and in UK that represents a huge challenge…..!

Now you would think all this would excite Government as proof of very significant savings and GDS with its CTO who was also responsible for ICT Futures seeking “..on how government can use innovative new technology to deliver better, cheaper solutions” . Well not so we were ignored so many times as were many invites to visit UK Sport to see just how. GDS leaders had their own agenda with a fixation on open source and doing it themselves (and sticking bits of paper on walls!) Well now we know the result as GDS failed. Time for accountability…….?

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.

Tuesday, 21 June 2016

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

It's in a precarious position. We've never needed GOV.UK Verify (RIP). Once we've got a new Government Gateway and new age verification systems and new payments systems, we'll need it even less.

In the meantime, GDS are holding out for a rôle for GOV.UK Verify (RIP) in 10 vaguely specified systems:
  • Register a child’s birth in Northern Ireland – TBC (to be confirmed).
  • File for uncontested divorce – TBC.
  • Inheritance tax online – TBC.
  • View your medical benefit – TBC.
  • Voluntary dissolution of a company – TBC.
  • Amend your driver record – TBC.
  • Sign your mortgage deed – TBC.
  • Apply for the Personal Independence Payment – TBC.
  • Child maintenance – TBC.
  • Bereavement support – TBC ...
GDS's case is undermined by repeatedly claiming that all eight of their "identity providers" are certified trustworthy. They're not.

And by repeatedly claiming that GOV.UK Verify (RIP) abides by all nine identity assurance principles specified by the Privacy and Consumer Advisory group. It doesn't.

And by repeatedly asserting, without qualification, that GOV.UK Verify (RIP) is secure. It can't be. Nothing is.

GDS are undermining the case for Government as a Platform – instead of GOV.UK Verify (RIP) being the single pan-government identity assurance platform, it will be just one among many. Ditto GOV.UK Pay if that platform ever sees the light of day.

And they are undermining the case for data as a public service/evidence-based policy-making, please see Matt Hancock: 83 + 83 = 71.

Exploring the need for GOV.UK Verify [RIP] in local government - get involved was published on 1 June 2016. GDS sound like a supplicant. Will local government intercede on GDS's behalf, where HMRC and others have refused?

Most government in the UK is local government. Mostly, it is local authorities who have to deliver public services. It is local authorities, most of the time, who have to deal with people in person. It is local authorities and not the theoreticians in GDS who have the practical experience of government.

It is possible that local government will come to GDS's rescue. But a 19 June 2016 article on the Government Computing website makes it clear how unlikely that is.

Money is one problem. GDS can't tell the local authorities how much GOV.UK Verify (RIP) would cost them:
Another key consideration for any potential ID solution for local authorities making use of GOV.UK Verify [RIP] is expected to be around finalising a financial businesses case for who will pay private ID suppliers for the service. Delegates at a Socitm [the Society of Information Technology Management] conference held in Leicester last October raised concerns around a lack of a financial plan over how Verify may be adapted and run.
Three times we are told that local authorities need "highly assured" on-line identities but that's just what GOV.UK Verify (RIP) can't provide. The US National Institute of Standards and Technology say that GOV.UK Verify (RIP) doesn't prove people's identities, it just collects a lot of self-certifications.

What is the supposed attraction for local authorities? Why should they use GOV.UK Verify (RIP), according to GDS?

The Blue Badge project is trotted out again. Years of hard work on it, and still no sign of a transformed, digital-by-default service.

Apart from that, what are the "high priorities requiring a system to check individual user eligibility"? Answer apparently, "local authority taxi licensing and parking permit functions".

Opening a GOV.UK Verify (RIP) account requires you to hand over reams of personal information to companies in countries all over the world. GDS may believe that people are prepared to do that just to get a resident's parking permit. Local authorities may believe that that is questionable.

It's out of proportion. It's an unnecessary risk for residents. And who would be liable in the case of losses following a security breach? GDS? Or would it be the local authorities?

That is not the rôle of local government.

And GOV.UK Verify (RIP) will have to try elsewhere to discover its rôle.

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

Thursday, 16 June 2016

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Go through the early stages of the GDS process of opening a GOV.UK Verify (RIP) account and after some preliminaries you get to a screen that says "based on your answers, 3 companies can verify you now" and then "we’ve filtered out 5 companies, as they’re unlikely to be able to verify you based on your answers".

That doesn't sound as though "these companies provide services that meet the needs of our users".

This is the graphic accompanying GDS's self-congratulatory blog post:


"A certified company will verify your identity", it says, and then names eight companies. Four of them are certified trustworthy by tScheme – Verizon, CitizenSafe, digidentity and Experian. The other four aren't. GDS are in danger of misleading their users on that point ...

... and with their claim that "there's no charge for this service". Is the GOV.UK Verify (RIP) team working for free? Does the landlord charge no rent for their office space? Are these eight so-called "identity providers" being paid nothing for their GOV.UK Verify (RIP) work?

"A certified company will verify your identity", it says, but the US National Institute for Standards and Technology (NIST) disagree. NIST say that GOV.UK Verify (RIP) provides a platform for no more than self-certification.

GDS don't tell their users that these aren't the only companies involved. Our personal information is shared with several other companies, in the UK and abroad.

GDS do tell us that we have control over our personal information. But that's not true. Try closing a GOV.UK Verify (RIP) account and you'll be told that your personal information must be retained for at least seven years. So much for "these companies provide services that meet the needs of our users".

Users do have needs and GOV.UK Verify (RIP) can't meet them. GDS have failed. That's why Her Majesty's Revenue and Customs, among others, are having to develop their own identity authentication procedures ...

... and yet as far as GDS are concerned "we’re really happy with what we’ve achieved".

It's not just GDS. Their political boss, Matt Hancock MP, Cabinet Office Minister, suffers from the same delusion. He gave a speech on 14 June 2016, Building the nation's digital DNA. "Take GOV.UK/Verify [RIP]", he said, "the new service allowing you [to] prove who [you] are online ... It’s now live [since 24 May 2016], and already over half a million identities have been verified securely online".

You might assume that those half a million identities have been verified since 24 May 2016. No. Misleading. It's taken since 13 October 2014. You won't fall for the claim that GOV.UK Verify (RIP) is secure. Not secure without qualification. But that's what Mr Hancock says. GDS say it, too:


"GDS have carried [out] fortnightly user research, including in their user lab and in citizens’ homes as they use the service", says Mr Hancock. "This has led to improvements that mean a new GOV.UK Verify [RIP] user is almost twice as likely to successfully complete the process than they were a year ago".

What do you make of that? You want some figures, don't you.

The GOV.UK Verify (RIP) account creation success rate was 71% as at 12 June 2016. So was it 35.5% as at 12 June 2015? No. According to GDS's performance platform, it was 83%.

So why does Mr Hancock say that "a new GOV.UK Verify [RIP] user is almost twice as likely to successfully complete the process than they were a year ago"? Goodness knows. Maybe he mistakenly relied on GDS to give him the facts. Maybe he doesn't care what he says. Perhaps he's just not very good with figures.

But that can't be right. He went on to tell his audience that "underpinning any transformation is the central role of data".

He's talking about the transformation of government. He wants to transform not just government but also the relationship between us Brits and the state. And he relies on computers to accomplish this transformation – "digital by default", that's GDS's motto.

How's he going to do it? Mr Hancock has "three guiding principles, based on what we’ve learnt from the last six years of digital transformation in central government".

Principle #1 is to start small and then scale up. GDS started small with 25 "exemplar" services. That transformation programme was a bit of a fiasco. It was described by the now departed deputy director of GDS as putting "lipstick on pigs". Worst of all was the failure of the rural payments scheme, which was overseen by the executive director of GDS himself. He, too, is now departed, as is GDS's director of transformation.

You might think that the transformation programme was a fiasco but, according to Mr Hancock, "its [it's?] delivered 20, usually, brilliant digital public services, and it’s also proved our point ... GDS has been backed with £450 million in the Spending Review to drive forward the next phase of transformation over this Parliament".

Principle #2 states that "digital transformation is business transformation". That could mean anything. In this case, it means (central) Government as a Platform (GaaP). And what does GaaP mean? It means cutting the central government departments down to size, taking their data away from them, centralising it in a shared pool of registers, a "single source of truth", and giving them access to it via common platforms.

That's where we came in. GOV.UK Verify (RIP) is GDS's identity assurance platform. It doesn't work. Then there's the payments platform, which the public haven't seen yet. Ditto the notification platform. Let's hope that GOV.UK Pay and GOV.UK Notify work better than GDS's digital marketplace platform. And their voter registration platform, which collapsed the other day because people tried to register to vote.

3 November 2015
The Minister for Cabinet Office Matt Hancock spoke about data-driven government at the Open Data Institute (ODI) summit

The digital platforms we’re building, led by the brilliant GDS, will depend on strong data foundations.
Mr Hancock asserts that GaaP will solve all the traditional government IT problems. More than that, in a series of old canards, he says that sharing all our personal information in the single source of truth will (a) inspire innovation and expand the economy and (b) it will make government rational and scientific. Thus principle #3. What Mr Hancock calls "data as a public service".

You may remember that we have been capable of innovation before. And that the East German authorities had everyone's personal information but their economy collapsed anyway. And that data wasn't invented by GDS. But according to Mr Hancock this is a new world:
  • "We’ve spoken for many years about evidence-based policymaking, but modern data science is making this a reality".
  • A new world in which technology "frees people up to focus on the most fulfilling parts of human experience".
  • A new world in which "we can digitise the drudgery and make public service more rewarding" ...
  • ... and in which "we can automate work and humanise jobs".
  • A new world in which 83 is half of 71.
Some people doubt that the evidence supports Mr Hancock's policy but you may be convinced. 450 million times over.

You may feel the socially responsible need to hand over all your personal information to the central state single-source-of-truth authority.

You may be happy to know that your personal information is being shared hither and thither, beyond your control, the way it is with GOV.UK Verify (RIP).

You may believe that the transformational result will be perfect public services.

You may have been born yesterday.

----------

Updated 17:25

"90 is less than 71".
True?
Or false?

As noted above, the GOV.UK Verify (RIP) account creation success rate is currently about 71%.

On 26 March 2015 the Government Digital Service published six conditions that had to be satisfied before GOV.UK Verify (RIP) could be declared live. Condition #3 was "Success rate: 90%".

Matthew Hancock MP, Cabinet Office Minister, advocates evidence-based policy-making. The suggestion is that the administration should now behave rationally in a way that it hasn't before.

Mr Hancock has allowed GOV.UK Verify (RIP) to be declared live despite failing to satisfy at least one of the conditions set by its own developers. What kind of an example of rational behaviour is that?


Updated 9.7.16

What will turn out not to have happened next?

On 16 June 2016, just over three weeks ago, please see above, we said:
The GOV.UK Verify (RIP) account creation success rate was 71% as at 12 June 2016. So was it 35.5% as at 12 June 2015? No. According to GDS's performance platform, it was 83%.
That 83% figure was taken from a table of account creation success rates published by GDS on their performance platform, https://www.gov.uk/performance/govuk-verify/account-creation/account-creation-success-rate. Click on the link now and you get the message Page not found. The data has been deleted.

The past has been changed.

It's happened before with GDS – to demonstrate how successful their 25 exemplars of government transformation had been, GDS deleted the transformation page.

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Wednesday, 1 June 2016

Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).

Sprint 14: 29 January 2014


"You've improved people's lives". That was taken at face value once. But now we need to know which people? How much have their lives been improved? In what way have they been improved? And has GDS really saved billions?

GDS may believe that "we've achieved so much". But, 31 May 2016, we read that the EU disagrees:
The 2016 Digital Economy and Society Index shows the UK down one place from the 15th place it achieved last year.

While the UK is the top-ranked for its open data policies, it fell short in other areas – particularly pre-filled forms on government websites.
And, 26 May 2016, we read that the Labour Party disagrees:
It is also two years since the Cabinet Office published their Digital Inclusion Strategy, setting April 2016 deadlines which have passed without fanfare or indeed any update whatsoever. One of these targets was to reduce the number of people lacking digital capability by 25%. I await their progress report, but in the meantime figures from other sources don’t fill me with hope.

Go ON UK’s Digital Exclusion Heatmap, created with the London School of Economics and the BBC in late 2015, shows that 23% of people in the UK do not possess basic digital skills.
And, 24 May 2016, it turns out that IBM disagree, too:
A wave of digital transformation has undoubtedly swept over Europe in the last decade and none have embraced this digital change at a greater rate than our Nordic cousins. While the Scandinavian countries are currently the most advanced in terms of realising a truly mature model of effective eGovernment, Great Britain is still at the 'enablement' stage of the journey.
"Still at the enablement stage" (ouch!)? Or "we've achieved so much"? Which is it?

That's a poser for Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service. Should he maybe hire some Scandinavian digital transformation people? Harder question for him, should he maybe acknowledge that we Brits don't see government the same way the Scandinavians do?



Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).