Wednesday 13 July 2016

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Over in the US, they had Connect.Gov: "Connect.Gov, creates a secure, privacy-enhancing service that conveniently connects people to government services and applications online using a digital credential they may already have and trust ... Connect.Gov partners with Sign-In Partners – private sector organizations (e.g., Verizon, ID.me, Banks, Social Media companies) that offer government approved, digital credentials for millions of individuals across the United States ...".

For Connect.Gov's "Sign-In Partners", read GOV.UK Verify (RIP)'s "identity providers".

The two systems are similar.

You knew that already:
  • Just over a year ago on 23 June 2015 DMossEsq reported on the findings of four academics who reviewed the security of GOV.UK Verify (RIP): "It's not just GOV.UK Verify (RIP) that they criticise but also the US equivalent, the Federal Cloud Credential Exchange (FCCX), recently rebranded as Connect.GOV".
  • And those of you endowed with a cryptic crossword mind will have spotted the connection via NSTIC nearly four years ago.
Hat tip an anonymous commentator, Connect.Gov is now on the way out. According to the SecureIDNews website, 5 July 2016: "It was supposed to be a government-wide identity platform, but it appears the project is being scrapped. In its place, GSA [the US General Services Administration] is planning to build its own platform from scratch". Connexit?

Maybe GOV.UK Verify (RIP) is now unique, as GDS falsely claimed last year. But for how long? Will it, too, like Connect.Gov, soon disappear? Verexit?

It would require uncommon boldness for GDS to follow the US example and cancel GOV.UK Verify (RIP). But that's precisely what they claim to be famous for aspire to. Boldness.

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Saturday 9 July 2016

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

Nothing has come of it so far. Is "digital" a really unhelpful word? The jury is still out.

"data-sharing" v. "data-linking" v. "data access"
Next day, GDS, or whatever they're called now, published Data access legislation and data reform:
On Tuesday we published data access legislation as part of the Digital Economy Bill. The Bill is an important part of what we are seeking to do in GDS to transform our relationship to data and unleash the next decade of innovation and public service reform ...

Our clauses in the Digital Economy Bill are described as being about ‘data sharing’, although our preferred term is ‘data access’, because we think it better reflects the way technology and practices for handling data across government are changing.
Is data-sharing less controversial if the name is changed to "data access"?

You may remember a little spat between the Cabinet Office and the Guardian newspaper a few years ago. The Cabinet Office objected to the newspaper describing their plans as "data-sharing". They demanded an apology. They didn't want data-sharing at all and it was a calumny even to suggest that they did. No, what they wanted was "data-linking" and that's quite different.

That was four years ago in April 2012 and apparently the Cabinet Office, or at least GDS, or whatever they're called now, still think that they can overcome the problems of data-sharing just by changing the name.

"enhances" v. "impugns"
Further on in GDS's data reform blog, we read that:
... government's commitment to enabling a digital state that has privacy at its heart can be seen in the design of GOV.UK Verify [RIP]. This platform is a new way to safely and straightforwardly prove who you are online when accessing services like filing your tax return, viewing your driving licence or applying for Universal Credit. Besides being quick and simple to use it enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information. The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose.
"The company you choose to verify your identity" could be any one of GDS's first-nine-then-eight-now-seven "identity providers". Sometimes they're called "identity providers", which is an odd, science fiction-like name. And sometimes they're called "certified companies" even though three of them aren't certified. GDS really do have problems with language ...

... and not just with the correct name for "identity providers". We noted over a year ago that when they're talking about GOV.UK Verify (RIP) GDS distinguish between the first time you verify your identity with an "identity provider" and subsequent occasions. The distinction is perfectly clear. The first time is when you register with an "identity provider".

But GDS didn't want to use the word "register". Because that would remind people of the National Identity Register on which the Home Office's failed ID cards scheme depended. And obviously GDS didn't want to be associated with that. Nevertheless, registering is exactly what you're doing if and when you open a GOV.UK Verify (RIP) account.

GDS would have you believe that GOV.UK Verify (RIP) "enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information". Is your privacy really enhanced by having your personal information stored all over the world with multiple companies beyond your control? That's what happens with GOV.UK Verify (RIP).

Is "enhances" the right word here? Surely "impugns" would be more accurate – GOV.UK Verify (RIP) impugns privacy because information is quite unnecessarily stored all over the world with massive and uncontrollable sharing or linking or access ...

"The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose"? That may be true. But someone has to know. Otherwise there would be no audit trail.

That someone is GDS, and they know thanks to the GOV.UK Verify (RIP) identity hub.

"Government's commitment to enabling a digital state that has privacy at its heart"? That's not what it looks like. Never mind which words GDS use to describe it, their putative "digital state" is an utter stranger to any recognisable concept of privacy.

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Openness
The GOV.UK Verify (RIP) dashboard has always listed the "identity providers" contracted to GDS. In the name of "improving our reporting", that list has been dropped. Its omission is not mentioned in the Things we’ve removed section of yesterday's blog post.

Why not?

Possibly because GDS have lost one of their "identity providers". Verizon have gone missing again. If you tried to create a GOV.UK Verify (RIP) account for yourself at 00:30 this morning you were advised by GDS that "3 companies can verify you now" – digidentity, Experian and the Post Office. You were also advised that "we’ve filtered out 4 companies, as they’re unlikely to be able to verify you" – Barclays, CitizenSafe, the Royal Mail and SecureIdentity.

What confidence can central and local government and the private sector have in GOV.UK Verify (RIP) when GDS themselves tell applicants that only three of their "identity providers" work? And when GDS fail to make an announcement that one of their "identity providers" has gone missing.

Penetration
GDS have always maintained that their objective is for GOV.UK Verify (RIP) to be capable of registering at least 90% of the population. That was one of their conditions for declaring GOV.UK Verify (RIP) to be "live".

The goalposts were moved in May 2016 when GOV.UK Verify (RIP) was declared "live" even though the account creation success rate still languished 20% adrift on about 70%.

The goalposts have now been entirely removed – "We’ve taken 3 measures off the service dashboard: ‘Authentication success rate’; ‘Account creation’; and ‘User sign in’ ... None of these measures tell us or the user much about how well GOV.UK Verify [RIP] is performing ...".

Central government, local government and the private sector may disagree. GDS were right the first time. The account creation success rate is an important indicator. It told everyone a lot about "how well GOV.UK Verify [RIP] is performing" and its omission from the dashboard now, far from improving GDS's reporting, is a serious warning.


RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Wednesday 6 July 2016

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

That press release refers to a briefing they have prepared on identity and authentication which includes several questionable claims. Among others (p.7):
  • "The UK Government has adopted GOV.UK Verify [RIP] for central government service providers such as HM Revenue & Customs (HMRC) and, of particular interest for local public services, the Department for Work and Pensions (DWP)." – neither HMRC nor DWP is relying on GOV.UK Verify (RIP), and neither are the NHS nor the nation's payments industry.
  • "GOV.UK Verify [RIP] ... uses a range of identity providers ... to check that users are who they say they are. Currently, four companies are connected: Digidentity, Experian, Post Office and Verizon. It is planned that they will be joined by five more (Barclays, Paypal, Morpho, Royal Mail and GB Group) before GOV.UK Verify goes live in April 2016." – Paypal have pulled out, GOV.UK Verify (RIP) was declared live in May 2016, the Post Office, Morpho and the Royal Mail have yet to be certified trustworthy by tScheme.
  • "The infrastructure of GOV.UK Verify [RIP] is built to meet the privacy principles developed by PCAG and will ensure a greater degree of privacy than is likely through a locally developed solution." – GOV.UK Verify (RIP) doesn't abide by a single one of PCAG's identity assurance principles and accountholders find their personal information sprayed all over the world beyond their control.
  • "At the current time, GOV.UK Verify [RIP] is in public beta for the following seven services ... A further 30 government services are planned to be implemented by April 2016." – in the event, GDS claim that there are just nine government services using GOV.UK Verify (RIP) today, not 37.
  • "And it’s fast: it takes about 15 minutes the first time you verify your identity, and less than a minute each time after that." – the first time you verify your identity is what we would normally call "registration", it's not a race, it's hard and unwise to evaluate the terms and conditions of business of eight "identity providers" before registering in 15 minutes flat.
  • ...
The Socitm/ADASS/LGA briefing mentions the level of assurance that can be achieved on-line as to whether someone is who they say they are (p.4). The US National Institute of Standards and Technology say that GOV.UK Verify (RIP) only achieves Level 1, which is no good to a local authority trying to decide whether to pay for someone's social care.

The briefing also mentions attribute exchange (p.5) and calls yet again on the Warwickshire County Council attempt to automate applications for Blue Badges. Three years ago Ian Litton's prototype was just a prototype and three years later it's still just a prototype. There's a warning there for local authorities.

The briefing was published in December 2015, six months ago. It had faults then and it's got more now. Issuing a press release the day before yesterday suggesting that the briefing is up to date could cause confusion – local authorities, beware.

----------

* In case you don't know, the Antiques Roadshow is a BBC TV programme in which members of the public bring along an ancient artefact to a swanky venue and experts decide whether it's unexpectedly valuable or just yet another old mass produced identity and authentication briefing.

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

Monday 4 July 2016

The copulation of propositions (iterating in public)

David Hume, A Treatise of Human Nature (1739):
In every system of morality, which I have hitherto met with, I have always remarked, that the author proceeds for some time in the ordinary ways of reasoning, and establishes the being of a God, or makes observations concerning human affairs; when all of a sudden I am surprised to find, that instead of the usual copulations of propositions, is, and is not, I meet with no proposition that is not connected with an ought, or an ought not. This change is imperceptible; but is however, of the last consequence. For as this ought, or ought not, expresses some new relation or affirmation, 'tis necessary that it should be observed and explained; and at the same time that a reason should be given, for what seems altogether inconceivable, how this new relation can be a deduction from others, which are entirely different from it ...
The Government Digital Service (GDS) have several times recently served up a gem of an example of Hume's is-ought problem, most recently in What GDS is for:
By 2030, policy making will be service design. Ideas and implementation will be so closely tied, you won’t be able to have one without the other. Thinking in code, iterating in public - these will be the norm.

Policy making will be minimally designed and built as a framework which allows flexibility and feedback, not as a conclusion.

The way that the law is made will have changed ...
GDS may believe that the way UK law is made ought to change. They are in no position to say that it will change. There is no discernible popular outcry demanding that the law should in future be made by GDS manipulating data. Where did GDS get the laughable idea that anyone would ask them about legislation or policy-making?

They made the same suggestion in What government might look like in 2030. But that's just not what GDS is for. They seem to have convinced the Cabinet Office Minister. That's a worry. They should all go out for a walk and get some fresh air.

According to What GDS is for:
Lots of the government services we have today evolved over a very long time. The service itself - the thing that the user experiences - cuts across organisational boundaries. Boundaries that users don’t care about, and shouldn’t be expected to understand.

For example: think about how benefits are divided between DWP and HMRC. Or how offenders and other people dealing with the criminal justice system have to be in touch with the police and the courts, prisons and probation staff. Or how complicated it is to start a business, because you have to get in touch with BIS, HMRC and Companies House, at least ...
Who says that users don't care or that it's expecting too much of them to understand? GDS.

What is the alternative for offenders to being in touch with several different services? GDS don't say.

What they do say is that you can't start a business without contacting BIS, the Department for Business Innovation and Skills. And there, they're just wrong. They've obviously never started a business, they're guessing and, bad luck, they've guessed wrong.

Communicating via walls – and tea towels – is no substitute for experience. Neither is calling in the consultants which is what GDS appear to have done. Because here they are again promoting Simon Wardley and Mark Thompson's natty pictures of value chains with their ubiquity and certainty:

"This diagram is my attempt to explain that a bit",
says Stephen Foreshew-Cain, once a consultant
and now the executive director of GDS

GDS have been trying to explain "where they're at and where they're going" for some months now. It's obviously difficult. We still don't know what GDS is for. And quite clearly neither do they. They ought to but they don't.

The copulation of propositions (iterating in public)

David Hume, A Treatise of Human Nature (1739):
In every system of morality, which I have hitherto met with, I have always remarked, that the author proceeds for some time in the ordinary ways of reasoning, and establishes the being of a God, or makes observations concerning human affairs; when all of a sudden I am surprised to find, that instead of the usual copulations of propositions, is, and is not, I meet with no proposition that is not connected with an ought, or an ought not. This change is imperceptible; but is however, of the last consequence. For as this ought, or ought not, expresses some new relation or affirmation, 'tis necessary that it should be observed and explained; and at the same time that a reason should be given, for what seems altogether inconceivable, how this new relation can be a deduction from others, which are entirely different from it ...