Tuesday 23 May 2017

RIP IDA – a ridiculous manifesto promise

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The Conservative Party's 2017 manifesto includes this at p.81:
... we must use common platforms across government and the wider public sector. That must start with the way we identify ourselves online, so that people have one single, common and safe way of verifying themselves to all parts of government. That is why we shall roll out Verify, so that people can identify themselves on all government online services by 2020, using their own secure data that is not held by government. We will also make this platform more widely available, so that people can safely verify their identify to access non-government services such as banking.
As DMossEsq readers know, it may be convenient for people to have "one single, common ... way of verifying themselves to all parts of government" but it isn't "safe".

DMossEsq readers also know that millions of people prefer to use the Government Gateway to access on-line government services, not GOV.UK Verify (RIP).

They know that there are currently only about 12 on-line government services that can be accessed using GOV.UK Verify (RIP) and that the chances that they will all be accessible using GOV.UK Verify (RIP) by 2020 are small.

And they know that their personal information is sprayed all over the world, out of their control, if they open an account with GOV.UK Verify (RIP).


Suppose that you have your accounts with Lloyds bank and that you access them on-line using your GOV.UK Verify (RIP) credentials which you created through the Royal Mail because that's a brand you recognise and trust.

Unbeknownst to you, that means that you have actually been registered by GB Group plc, whom you've never heard of.

GB Group share your personal information with a wide variety of other organisations, which the Royal Mail didn't tell you when you registered.

Suppose that one of them is hacked [Equifax, for example, added 9.9.17] and, for safety's sake, your GOV.UK Verify (RIP) account has to be suspended [if your account isn't suspended, despite the Equifax breach, why isn't it? Surely it should be]. Yours, and millions hundreds of other people's GOV.UK Verify (RIP) accounts.

There's nothing the Royal Mail can do about GB Group suspending you and nothing GDS can do about it either. There's nothing Lloyds can do about it and now you can't access your bank accounts on-line.

Nor can you access any of the on-line government services you need, because you foolishly use the same GOV.UK Verify (RIP) credentials for everything.

That's one risk of inserting GOV.UK Verify (RIP) into the access control processes for banking.

Can anyone remember what the benefit is?
GOV.UK Verify (RIP) is not an attractive prospect and not one single bank anywhere in the world currently allows people to use GOV.UK Verify (RIP) to log on to their on-line accounts.

Millions of us can already log on to on-line banking. We accountholders don't need GOV.UK Verify (RIP) for that ...

... and neither do the banks.

And why would the banks want to risk their relationship with us by dislocating the whole process of authorising access to our accounts just to insert the Government Digital Service into it?

And not just GDS but all of GDS's seven "identity providers" (IDPs), too. And all of the IDPs' uncounted subsidiaries and business partners and suppliers and sub-contractors in the UK and overseas.

It may sound sensible and modern for the Conservatives and any other political party to promise to deploy GOV.UK Verify (RIP) nationwide. It isn't.

----------

Updated 9.9.17

Up to 44m Britons at risk in Equifax cyberattack
Equifax hack: 44 million Britons' personal details feared stolen in major US data breach
The Equifax Hack Didn't Have to Be This Bad
Breach at Equifax May Impact 143M Americans
Equifax Breach Response Turns Dumpster Fire
Equifax: Hackers Gained Access to Sensitive Data, Affecting 143 Million People
Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone
Equifax mega-leak: Security wonks smack firm over breach notification plan
Surprising nobody, lawyers line up to sue the crap out of Equifax
...

Equifax Hack Exposes Peril of Credit Bureau Model


Updated 9.11.17

It remains a psychiatric mystery how the Government Digital Service (GDS) continue to assure the public that the hopeless identity assurance scheme, GOV.UK Verify (RIP), costs nothing, that it is secure without qualification, that our privacy is maintained, that we have control over our personal information and that the system operates under an ethical framework.

That is presumably the conclusion that McKinsey came to in their investigation of GOV.UK Verify (RIP) in their report to John Manzoni, chief executive of the UK home civil service. The McKinsey report has not been published, though, so we can't be certain.

GOV.UK Verify (RIP) depends for its hesitant and occasional operation [1] on credit rating agencies/data brokers, including Equifax, who were so spectacularly hacked on 13 May 2017, please see above.

DMossEsq can make the point until he, she, it or they is or are blue in the face that GOV.UK Verify (RIP) accountholders have no control over what happens to their personal information once they have handed it over but it has no effect. Absolutely no control. And absolutely no effect.

The great Bruce Schneier has now published his Equifax evidence to the House Committee on Energy and Commerce.

"These data brokers deliberately hide their actions, and make it difficult for consumers to learn about or control their data", he says. Also, "there is no way for consumers to protect themselves. Their data has been harvested and analyzed by these companies without their knowledge or consent. They cannot improve the security of their personal data, and have no control over how vulnerable it is".

Perhaps the Schneier testimony will register with GDS and Mr Manzoni more effectively than DMossEsq's.

Whatever, the public show no enthusiasm for signing up with GOV.UK Verify (RIP) [2], nor do HMRC nor NHS England. We and they don't believe that GOV.UK Verify (RIP) is free, secure, etc ... Only GDS believe that.

Refs.
1. Average failure rate: 62%.
2. Average number of times a GOV.UK Verify (RIP) account is used: 1.5.

RIP IDA – a ridiculous manifesto promise

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The Conservative Party's 2017 manifesto includes this at p.81:
... we must use common platforms across government and the wider public sector. That must start with the way we identify ourselves online, so that people have one single, common and safe way of verifying themselves to all parts of government. That is why we shall roll out Verify, so that people can identify themselves on all government online services by 2020, using their own secure data that is not held by government. We will also make this platform more widely available, so that people can safely verify their identify to access non-government services such as banking.
As DMossEsq readers know, it may be convenient for people to have "one single, common ... way of verifying themselves to all parts of government" but it isn't "safe".

Saturday 6 May 2017

Half-baked, amateurish, technically-illiterate, misled, misinformed, …

Last Wednesday, 3 May 2017, Jerry Fishenden published a blog post, The canary that ceased to be, where he announced his resignation as co-chair of the Privacy and Consumer Advisory Group (PCAG):
The group has reviewed and commented upon a wide range of government initiatives, including predicting the disaster that become NHS care.data, the fraud risks of ill-considered “data-sharing” (under various guises), the troubled and late-running GOV.UK Verify identity assurance programme, the Office of National Statistics use of data, the “digital transformation” of the electoral roll, Home Office fraud issues, the Investigatory Powers Bill (now Act), and other proposals and ideas from across government.
PCAG is meant to be a safety device like a miner's canary, it's meant to detect officials attempting to "smuggle their often half-baked proposals past Ministers". That's what it's meant to do and that's what it does but ministers have stopped paying attention. Particularly Matt Hancock and Ben Gummer who haven't bothered even to acknowledge letters sent to them by PCAG.

The "disappointingly amateurish and technically-illiterate" Digital Economy Act was the last straw. Mr Fishenden had to resign. PCAG's advice was "repeatedly ignored by officials who should know better" and those officials "repeatedly misled and misinformed" PCAG.

No doubt honest and able people like Mr Fishenden resign all the time, infuriated by official mendacity and incompetence, but it's rare to see them speak out like this ...

... and rarer still to see them loose off another shot a day or two later, please see Gov.uk Verify and identity assurance - it's time for a rethink, in which Mr Fishenden confirms and amplifies DMossEsq's contention that GOV.UK Verify is dead, RIP.

Who knows but there may be yet more to come.

----------

Updated 7.5.17

Jerry Fishenden Comment
The canary that ceased to be Government Computing:
Independent privacy body co-chair resigns over Whitehall engagement
UKAuthority:
Cabinet Office privacy adviser resigns
Campaign4Change:
Some officials “smuggle their often half-baked proposals past ministers” says Cabinet Office adviser who quits
Diginomica:
How the canary fell off its perch down the privacy policy mine – and nobody cared
Civil Service World:
Government privacy advisor quits after officials ‘repeatedly ignored’ guidance
Gov.uk Verify and identity assurance - it's time for a rethink Computer Weekly:
Ex-government privacy advisor calls for 'fundamental review' of Gov.uk Verify identity scheme
Government Computing:
Privacy and identity expert Fishenden calls for Verify rethink
Alan Mather
The identity/data divide "Who knows but there may be yet more to come", we said above and on 23.5.17, lo, happily there was.


Updated 8.5.17

When Jerry Fishenden gave evidence last October, one member of the Digital Economy Bill Committee said: "Dr Fishenden, your exasperation with what is in the Bill is shared by other witnesses".

In fact, his exasperation was more with what was not in the Bill. Control over our personal information is due to be taken out of our hands and given to officials. This is in the interests of data-sharing. But "data-sharing" was not defined in the Bill. The management of our personal information will depend on codes of practice to be followed by officials. But these codes of practice were not included in the Bill.

The Digital Economy Bill has now been enacted and given royal assent. It is a dreadful piece of legislation and it seems to have been the final straw for Mr Fishenden.

"In Francis Maude’s day, the problems with Part 5 (PDF) of the Digital Economy Bill and its associated codes of practice would have been highlighted and fixed with the help of the [Privacy and Consumer Advisory Group], rather than causing Ministerial embarrassment and confusion when they were published in a disappointingly amateurish and technically-illiterate state", says Mr Fishenden in his canary article.

The same claim is repeated by Diginomica*: "Not for the first time, diginomica laments the loss of Lord Maude". And by Campaign4Change: "Fishenden’s departure is further confirmation that since Maude’s departure, the Cabinet Office – apart from the Government Digital Service – has settled back into the decades-old Whitehall culture of tinkering with the system while opposing radical change".

This is not what it looks like from the outside. Francis Maude is on record as saying: "I want to bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone".

He wanted the government to "deliver more effective, joined-up and personalised public services, through effective data-linking", which he said was not the same as "data-sharing" but he never explained the difference ...

... reminiscent of the Dark Department's (the Home Office's) Paul Maltby, who tried to make the ethical problems of data-sharing go away by changing the name to "data access".

From the outside, to the public, it looks as though Mr-now-Lord Maude was part of the personal information problem, and not the solution.

In his Verify article, Mr Fishenden points out that the Government Digital Service's GOV.UK Verify (RIP) identity assurance scheme stands many of GDS's principles on their head. True, but don't forget, it was designed and developed while Lord Maude was GDS's political boss.

Mr Fishenden's suggestion that the problems of the Digital Economy Act and GOV.UK Verify (RIP) would have been solved if only Lord Maude was still Minister for the Cabinet Office is a baffling distraction from the main point, which is the "half-baked proposals" of "disappointingly amateurish and technically-illiterate" officials who "repeatedly misled and misinformed" the Privacy and Consumer Advisory Group.

Notes
* "The loss of Lord Maude"? It should be made clear that Diginomica are not suggesting that Lord Maude is dead, simply that he is no longer Cabinet Office Minister.


Updated 12.10.17

"Who knows", we said, back in May, please see above, "but there may be yet more to come".

And how.

Jerry Fishenden has published another long essay in Computer Weekly magazine, Will the review of Gov.uk Verify [RIP] fix the UK's digital identity problems?.

"What review?", you ask. The McKinsey review. Manzoni calls in McKinsey to conduct review of online identities for public services. That was David Bicknell's scoop, writing on the Government Computing website nine days ago: "The review ... is believed to have been instituted by Civil Service chief executive and Cabinet Office permanent secretary John Manzoni".

900 staff in the Government Digital Service (GDS), all supposed to advise the rest of the civil service how to be innovative and effective in public administration, and the CEO has to call in external consultants to advise on the central pillar of digital-by-default, GOV.UK Verify (RIP)? It's not a good look, is it.

As do we all, Mr Fishenden wants to help McKinsey with their review. Thus his excellent Computer Weekly article.

It's a long article. What it says is that GDS have been wasting our time and theirs with GOV.UK Verify for six years. RIP.


Updated 13.11.17

Another month, another excellent Jerry Fishenden article in Computer Weekly magazine, Will the review of Gov.uk Verify [RIP] fix the UK's digital identity problems?.

Good question.

They're all good questions.

Many of us have been asking the same questions for years.

It's quite boring repeating yourself. Why the need to repeat ourselves for years at a time?

Because the Government Digital Service never answer.

Do they know the answers? Or are they lost, in over their heads, overcome, submerged, helpless, drowning, rudderless, confused, in need of help, "not up to it" (© Clement Attlee), baffled, over-promoted, out of ideas, stymied, inhibited, directionless, broken down, demotivated, demoralised, guilty, truculent, nervous, defensive, ...?

If people have good answers, they tend to tell you.

The first cut is the deepest. The longer this head-in-the-sand psychopathology is allowed to fester, the more traumatic the eventual confession will be.

Half-baked, amateurish, technically-illiterate, misled, misinformed, …

Last Wednesday, 3 May 2017, Jerry Fishenden published a blog post, The canary that ceased to be, where he announced his resignation as co-chair of the Privacy and Consumer Advisory Group (PCAG):
The group has reviewed and commented upon a wide range of government initiatives, including predicting the disaster that become NHS care.data, the fraud risks of ill-considered “data-sharing” (under various guises), the troubled and late-running GOV.UK Verify identity assurance programme, the Office of National Statistics use of data, the “digital transformation” of the electoral roll, Home Office fraud issues, the Investigatory Powers Bill (now Act), and other proposals and ideas from across government.
PCAG is meant to be a safety device like a miner's canary, it's meant to detect officials attempting to "smuggle their often half-baked proposals past Ministers". That's what it's meant to do and that's what it does but ministers have stopped paying attention. Particularly Matt Hancock and Ben Gummer who haven't bothered even to acknowledge letters sent to them by PCAG.