Tuesday 14 March 2017

GDS's commitment to user control of personal information

Public administration in the UK has problems which could be solved if public services became digital by default. That is the raison d'être of the Government Digital Service (GDS).

Digital by default? What does "digital" mean? According to Tom Loosemore, ex-Deputy Director of GDS, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

The reactionaries in Whitehall have hobbled GDS. That's what Jerry Fishenden and Cassian Young say: "It is convenient for institutionally conservative managers to watch the energy behind transformation dissipate harmlessly in the sandbox where the agile insurgents are left to play with their websites", please see Escaping waterfall government and the myth of ‘digital transformation’.

Messrs Fishenden and Young accept Mr Loosemore's questionable prescription. They think GDS have failed to deliver. But they still think it's the right objective – the model for public administration should be changed radically just as "Netflix, Flickr and Airbnb" have changed the dynamics of their markets.

Are they right?

Sir Tim Berners-Lee, inventor of the web, has serious reservations, please see Tim Berners-Lee says privacy needs fixing – and calls for 'algorithmic transparency'. The culture of the internet era has blemishes: "over the past 12 months, I’ve become increasingly worried about three new trends, which I believe we must tackle in order for the web to fulfill its true potential as a tool which serves all of humanity":
The first is control of personal data. Berners-Lee thinks we don't have it any more and that's a bad thing because “As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data, and chose when and with whom to share it.”

“What’s more,” he says, “we often do not have any way of feeding back to companies what data we’d rather not share – especially with third parties – the T&Cs are all or nothing.”

He also worries that government surveillance is “increasingly watching our every move online, and passing extreme laws that trample on our rights to privacy”. Repressive regimes use that surveillance to harass opponents, but even benevolent governments have “a chilling effect on free speech and stops the web from being used as a space to explore important topics, like sensitive health issues, sexuality or religion ...”
Embrace the culture of the internet era – as Messrs Loosemore, Fishenden and Young want you to – and as things stand, Sir Tim warns you, you lose control of your personal information. That's how Facebook came to report $27.6 billion of revenue for 2016. That's how Google (Alphabet) came to report revenue of $27.1 billion, not for the whole of 2016, just for the fourth quarter.

Sir Tim is working on a project called Solid to try to "decouple data from web applications (and by extension social networks) so that users can decide where their data resides and how it can be accessed". It might work. We'll see in five years.

In the meantime, any promises to put you in control of your own personal information are false. The Privacy and Consumer Advisory Group (PCAG) is co-chaired by Jerry Fishenden. PCAG insist that any identity assurance scheme should put the user in control. GDS promise that their GOV.UK Verify (RIP) identity assurance scheme complies with PCAG's principles. That promise is false. The inventor of the web says so and he should know.

While claiming to put the user in control, GDS like us to spray our personal information all over the world when we register with GOV.UK Verify (RIP). Their heart really isn't in this privacy lark, is it. They use Eventbrite to organise events. They use Zendesk for user support. They use StatusPage for network monitoring. They use Survey Monkey for user feedback. All the personal information involved is stored and used beyond your control and now GDS want you to upload your CV to Jobvite.


Take a step back.

GDS have got a lot of situations vacant. For example, they were tweeting yesterday, saying: "We have a fantastic opportunity for a Lead Product Manager to work across the @GOVUKverify product teams https://jobs.jobvite.com/gds/job/oksV4fwv":


GDS warn prospective recruits: "If you do not wish for your data to be transferred outside the UK, please click the back button below and check the job description for an email address to send your application to". Click that back button and there is no sign of an email address for prospective recruits to use. Welcome to the culture of the internet era GDS-style.

The Jobvite privacy policy is worth a read. Any problems and you can just write to them at:
Jobvite, Inc.
Attn: Privacy Policy
1300 S El Camino Real, Ste 400
San Mateo, CA 94402

Updated 6.4.17

30 March 2017, and Government Computing tell us Summer launch planned for GOV.UK Verify [RIP] private sector testing: "Three companies are set to provide identity hub services to support the Cabinet Office’s ambitions to link its GOV.UK Verify [RIP] platform with the private sector in a test environment designed to inform a potential live service at a later date".

No idea what that means, but the three companies are Mvine, SiteKit and Safran. An identity hub has a lot of data pass through it and needs to store that data to provide an audit trail. Are they fit companies to provide identity hub services? No idea.

It will take a lot of effort to conduct this GOV.UK Verify (RIP) test. The three companies will have an interest in its success. On cue, three days later, 3 April 2017, Government Computing publish You want my digital identity, I want something in return: "Approaching digital identity as a ‘this for that’ arrangement is the only way the private sector and Government can live in cyber harmony, argues Frank Joshi".

Frank Joshi is "director of Mvine Ltd , an established UK SME specialising in distributed digital identity technologies". "Cyber harmony" is not defined in his article.

The conclusion of Mr Joshi's argument is:
... And that is why for GOV.UK Verify [RIP] to be trusted everyday by us the people, it has to expand to be an everyday part of our lives not just something we use when interfacing with Government for public services.
GOV.UK Verify (RIP) will only become a part of our everyday lives if we trust it. Mr Joshi has got it the wrong way round.

His argument rests on the fact that people hand over a lot of personal information to various private sector suppliers on-line, and we ought to be equally happy to hand it over to public sector suppliers: "So if it’s alright giving information about yourself to commercial firms, why not to those who provide public services?".

The Government Digital Service (GDS) have spent five years and more telling us that GOV.UK Verify (RIP) ensures that our personal information is not collected by the public sector. Instead, it is verified for the public sector by private sector "identity providers". That is the opposite of what Mr Joshi advocates.

"You see", says Mr Joshi, "as people we are willing to consent to certain organisations knowing certain things about us. And that’s perfectly reasonable and normal ... We divulge information about ourselves usually in a something-for-something exchange. Think of it as a 'this for that' or quid pro quo". You should expect to pay the right price for goods and services. Agreed. But what is the right price? Mr Joshi doesn't tell us.

Sir Tim Berners-Lee thinks we're over-paying, please see above. We're handing over too much personal information. Instead of tackling that issue, Mr Joshi goes on to say:
Without turning theoretical on you, it’s helpful to understand why [there is a quid pro quo] with a quick recap of the context. Citizens are free to do whatever we want. In the social contract, as citizens we cede a portion of our freedoms to Government in exchange for them keeping us safe. And we cede a further portion of our freedoms to the rule of law in exchange for protecting us and giving us justice.
Don't know about you, but that looks pretty theoretical to DMossEsq. First "citizens are free". Then, next sentence, "we cede a portion of our freedoms". And next sentence "we cede a further portion of our freedoms". So we're not free according to Mr Joshi and presumably he was just kidding when he said we are.

"A digital footprint is pretty much inescapable. But it should be down to you to give your consent to anyone, supplier or authority, who wants to know attributes about you". That's what Mr Joshi says but if there's no alternative to GOV.UK Verify (RIP), then we will be forced to use it. That's not consent. If Mr Joshi and GDS were to level with us, they would say "it should be down to you to give your consent but it isn't. Sign up or, quid pro quo, go without public services".

The bulk of Mr Joshi's article lists cases where we already manage to use on-line services. So why do we need GOV.UK Verify (RIP)? He doesn't tell us.

Summer launch planned for GOV.UK Verify (RIP) private sector testing? Should be interesting ...

Updated 10.4.17

"Wondering what makes @GOVUKverify different? Watch this 1 min explanatory @gdsteam video: https://www.youtube.com/watch?v=Vtu7eKc6QpY&feature=youtu.be" – that's Safran Morpho's repeated advice on Twitter:

DMossEsq readers, of course, will have watched the video last November when it first appeared on our CretinNet (26.11.16) service.

Our personal information is said to be safer because GOV.UK Verify (RIP) doesn't store it all on a central database.

But GOV.UK Verify (RIP)'s document checking service uses central databases of passport information and driving licence information. And GOV.UK Verify (RIP)'s identity hub must maintain a central database, if only to provide an audit trail.

The video goes on to tell us that we choose a certified company to verify our identity. There are seven "identity providers" to choose from – Barclays, Digidentity, Experian, GB Group, Post Office, Royal Mail and Safran Morpho. Three of them aren't certified – Post Office, Royal Mail and Safran Morpho.

No-one has all the information, according to the video. And of course that's right – depending on what is meant by "all the information", that could be impossible. So to tell us that "no-one has all the information" doesn't add to our knowledge.

What would add to our knowledge would be if the Government Digital Service (GDS) made a video explaining how it's safe for our personal information to be spread around the document checking service, the identity hub and seven "identity providers" plus assorted credit referencing agencies, ISPs, third party fraud prevention agencies, tax authorities, law enforcement agencies, ID Checker, WorldPay, Morpho sub-contractors, Morpho head office, unspecified Barclays companies, business partners, suppliers, sub-contractors and Verizon and thus Zentry LLC, Techmahindra Ltd and Expert Solutions Support Centre, and unspecified analytics and search engine providers.

That list is compiled from the terms and conditions of business and the privacy policies of GOV.UK Verify (RIP)'s "identity providers". It doesn't include the uncertified Mvine and SiteKit, please see above. Nor does it include the uncertified Timpson.

Our personal information is sprayed around all these organisations, it has to be stored for a minimum of seven years, we can't just delete it whenever we want, and it can be stored anywhere in the world. And yet somehow GDS want us to believe that our GOV.UK Verify (RIP) personal information is under our control.

The parting shot on the video is a claim that GOV.UK Verify (RIP) keeps our personal information and our identity secure. What does "secure" mean here? Shared with all and sundry anywhere in the world out of our control?

Wondering what makes @GOVUKverify different? Now you know.

Updated 27.6.17

Nothing changes.

GDS continue to invite job applicants to send their CVs to Jobvite, please see the two tweets alongside, emitted this morning.

And they continue to define "digital" as the embrace of the "culture, practices, processes and technologies of the internet era" even when we learn, as we did this morning, Google hit with record antitrust fine of €2.4bn by Europe: "The regulator found that Google had abused its market dominance as a search engine ...".

Later today we learned that Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down: "In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network have all been paralysed by the hack ... In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning".

That definition of "digital" – it needs to be improved. Its faults are evident but GDS never change. They never learn.

That's a lesson for local government. A lesson they've already learned. More than half of the local authorities who started trials of GOV.UK Verify (RIP) have pulled out.

What kind of recruits will be attracted to these two vacant situations at GDS? Who wants to work for an organisation that can't learn?

Updated 6.7.17

It is three months since Mvine hove into view, please see above.

Mvine are supposed to demonstrate that people can use GOV.UK Verify (RIP) to access private sector services even if they can't use the wretched system to access public services:
Mvine is set up and ready now to offer these services to the private sector using and leveraging its secure distributed digital identity exchange whilst conforming to the standards rules and principles of the Verify digital identity framework.

Once the initial trials and test are over, Mvine aims to go live with these services from June 2017 onwards.
That's what it said on the Mvine website when DMossEsq took a copy on 22 June 2017: "Mvine aims to go live with these services from June 2017 onwards".

Take a look now, and the reference to June 2017 has disappeared.

Not another GOV.UK Verify (RIP) deadline missed, surely?

No comments:

Post a Comment