tag:blogger.com,1999:blog-30484496681509684122024-03-14T11:31:15.995+00:00DMossEsqDavid Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.comBlogger1257125tag:blogger.com,1999:blog-3048449668150968412.post-60634739801088801132019-09-21T18:46:00.001+01:002019-09-23T15:53:11.899+01:00RIP IDA – Johnson and Cummings are in for a shock<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<i>No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="text-align: center;">
<i>IDA is dead.</i></div>
<div style="text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br />
<i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div>
<br />
<br />
<i><a href="https://www.buzzfeed.com/alexspence/boris-johnson-dominic-cummings-voter-data"><b><span style="font-size: x-large;">Boris Johnson Secretly Asked For A Massive Amount Of User Data To Be Tracked. Dominic Cummings Said It’s “TOP PRIORITY”</span></b></a></i>.<br />
<br />
That's what it says in 24-point bold capitals on the relatively public <i>Buzzfeed</i> website. So much for "secretly".<br />
<br />
"In a move that has alarmed Whitehall officials, the prime minister has instructed departments to share data they collect about usage of the GOV.UK portal so that it can feed into preparations for leaving the European Union at the end of next month". These Whitehall officials must exist in a permanent state of alarm – GOV.UK usage data is already collected and shared on the Government Digital Service's <a href="http://www.dmossesq.com/2015/11/ear-tags-for-goats-and-case-of-missing.html">rickety</a> <a href="https://www.gov.uk/performance">performance platform</a> and has been for years:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.gov.uk/performance" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="625" data-original-width="855" height="466" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_N2NOFCZs8gFkBcQL5VkSOSN0oV94s3SZASQ1q_A0I59RxoHZE_C42c5oO38Wmg_5dzKLaFmMzGJBIVhi9goypYXxGhpVtcmm9TPQ83zRXz6RvX2JXUR013aAefi5bd3Ksw1eOFRWFu4/s640/alarm.JPG" width="640" /></a></div>
<br />
<a name='more'></a>The performance platform tells you for example that there were 44,300 <a href="https://www.gov.uk/performance/defra-pig-movement-reporting">pig movement reports</a> submitted between June and September 2017. Nothing alarming about that, surely. What has upset the Whitehall officials? Is it possibly the fact that the performance statistics are two years out of date?<br />
<br />
Not according to <i>Buzzfeed </i>it isn't, no. <i>Buzzfeed </i>are worried about “targeted and personalised information to be gathered in the run-up to Brexit" on the say-so of Boris Johnson, our current Prime Minister, and Dominic Cummings, his mastermind.<br />
<br />
This is more sinister than pig movements.<br />
<br />
Or is it?<br />
<br />
"Johnson said centralised data was also necessary to accelerate his ambitions for a digital revolution in public services". Can you think of a Prime Minister in the past 20 years who hasn't said the same thing? No. And the revolution still hasn't happened. There are entire blogs devoted to this matter. Have been for years. It's not news.<br />
<br />
Nevertheless, according to <i>Buzzfeed </i>"some officials in Whitehall are concerned about such an enormous transfer of data being done at speed, behind closed doors, at a time of national crisis". What data? <i>Buzzfeed </i>don't say.<br />
<br />
But according to a government spokesperson "Individual government departments currently collect anonymised user data when people use GOV.UK ... No personal data is collected at any point during the process ...". So what's the problem if no personal data is collected at any point?<br />
<br />
You've got to get up pretty early in the morning to fool "Privacy campaigners, policy experts, and opposition politicians", they're not falling for this no-personal-data-is-collected line and they say that "Pooling the user data [that isn't collected] from across government would give GDS [the government digital service] a detailed picture of people’s online interactions with government".<br />
<br />
What they're thinking of perhaps is the enormous databases of health information, work and pensions information, education and tax information that Whitehall have always maintained. Various <a href="http://www.dmossesq.com/2013/06/is-data-sharing-between-consenting.html">dreadful people</a> have suggested over the years that this information should be shared almost without limit all over Whitehall in the hope that this sharing would improve government services.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://twitter.com/s_foreshew_cain/status/715795818914168833?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E715795818914168833&ref_url=http%3A%2F%2Fwww.dmossesq.com%2F2016%2F03%2Fan-open-address-register.html" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="618" data-original-width="462" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiBnEnTX8u94_sqsdyvPwzFHTNnK1jdUk4PQl9Ro1yz0Xpb3UyJOpUNUdUc4uN6Pn_WW-Y1ezyZsQwbf_kRLkjfZWNqwGIIOvEiAdjSrFh5ZR5F_2K7uz1pVn_MXJI8l8CJrzoquPQdew/s640/SmashTheSilos.JPG" width="478" /></a></div>
<br />
"Smash the silos", say GDS, please see above, share personal information widely, <a href="http://www.dmossesq.com/2016/05/data-science-ethical-framework-contempt.html">we know what's best for everyone</a>, <a href="http://www.dmossesq.com/2014/08/the-magic-of-open-data-1.html">all personal information should be shared by default</a>, says David Gauke MP, and only withheld in exceptional circumstances. Thank goodness, for years, Whitehall officials have been alarmed by these initiatives and somehow the silos remain, and personal information remains officially confidential and reserved to the purposes for which it was collected.<br />
<br />
"How does profiling citizens help with no deal preparation?", asks Tom Watson, Labour's Deputy Leader at the time of writing, "Given Dominic Cummings’ focus on data science in the Vote Leave campaign this sudden urgent need for big data collection is extremely concerning".<br />
<br />
Extremely concerning? Not at all, it's positively thrilling, it's an effervescent cocktail of evil Bond villain Cummings and two shots of credulous science fiction.<br />
<br />
It's childish fantasy. It may well be that Messrs Johnson and Cummings themselves believe that they can design persuasive material to control people's opinions by analysing all their personal information. But, as the Prime Minister himself says, "At the heart of that is our approach to UK digital identity ... XO has tasked GDS with developing – in cooperation with others – a digital identity accelerated implementation plan".<br />
<br />
XO is a secret world domination committee the existence of which the Prime Minister has foolishly revealed. But the real tomfoolery is to believe that GDS are capable of delivering on an accelerated implementation plan for anything to do with UK digital identity. <a href="https://www.google.com/search?q=%22rip+ida%22+site%3Admossesq.com&rlz=1C1CHBF_en-GBGB742GB742&oq=%22rip+ida%22&aqs=chrome.3.69i57j0l2j69i59.10959j0j4&sourceid=chrome&ie=UTF-8">Just look at their record</a>.<br />
<br />
It probably hasn't occurred to Johnson and Cummings that GDS could spend so long on GOV.UK Verify (RIP) and come up with so little. But they're about to find out. And they're not going to be pleased.</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-60054967235652011662019-01-12T23:22:00.002+00:002021-04-11T22:40:54.834+01:00RIP IDA – 12 years after promising a way for employers to check the right of a prospective recruit to work in the UK, the Home Office introduces a partial service based on unproven technology<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: center;"><i>No need to say it, it goes without saying, it should be obvious to all but,</i></div><div style="text-align: center;"><i>just in case it isn't obvious to all,</i></div><div style="text-align: center;"><i>IDA is dead.</i></div><div style="text-align: center;"><i><br /></i></div><div style="text-align: center;"><i>IDA, now known as "GOV.UK Verify (RIP)",</i></div><div style="text-align: center;"><i>is the Cabinet Office Identity Assurance programme.</i></div><div style="text-align: center;"><i>And it's dead.</i><br /><i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br /><i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br /><i>is in fact the person he or she is purporting to be;</i><br /><i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div><div style="text-align: left;"><br /></div><br /><i><a href="https://www.gov.uk/government/news/online-right-to-work-checks">Online right to work checks</a></i> – that's a press release, by the Home Office, 14 December 2018: "Employers will be able to rely on an online Right to Work Checking Service to demonstrate compliance with illegal working legislation".<br /><br />Pretty good, you may say, well done the Home Office, very 21st century, faced with a prospective recruit how does an employer establish their right to work in the UK? Answer, on-line.<br /><br />Modern. Quick. Efficient. Definitive.<br /><br />Or is it?<br /><br />Cast your mind back. Cast it back before yesterday. And even before 14 December 2018. Cast it back exactly 12 years, all the way back to 14 December 2006, when the Home Office published their first so-called <i><a href="http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf">Strategic Action Plan for the National Identity Scheme</a></i>.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="861" data-original-width="279" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY9NoEChLWvAbBdxbfYqlOiGRInwtduqh7WU2kCU3SWn_ExpChR25-IeM7BOBLVaBBJKCf3vollbmnqt5AMp1MhpP9CDm1bT0ykk0bGt_Wyd3gSwq73WPqyXAjCgJFSESes0TxvP5BA94/s1600/IND.JPG" /></a></div>Turn to <i>Annex 1</i> on p.25 and you'll see that the Home Office planned strategically for the <a href="http://www.dematerialisedid.com/BCSL/eOdyssey.html">Immigration and Nationality Directorate</a> to have an "enhanced employee checking service available for employers" six months later, in June 2007.<br /><br />In the event it took 12 years. Not six months. 12 years.<br /><br />It's 11 years since DMossEsq wrote about this matter, <i><a href="http://www.dematerialisedid.com/BCSL/NotWorking.html">Not working in the UK</a></i>. "Why hasn't this strategic action been performed by IPS [the Identity and Passport Service as was, now <a href="https://www.gov.uk/government/organisations/hm-passport-office">Her Majesty's Passport Office</a>]?", he asked in January 2008, and "Is there perhaps a problem with the biometrics?".<br /><br />The Home Office have given us <a href="https://www.dmossesq.com/2015/09/so-where-are-we-on-astrology-13-years.html">no reason</a> in the interim to believe that the biometrics their employee checking service depends on are reliable ...<br /><br />... but rely on them they do, as they told us in <a href="https://www.gov.uk/government/news/online-right-to-work-checks">last month's press release</a>: "The online Right to Work Checking Service can be used by non-EEA nationals who hold biometric residence permits or biometric residence cards ...".<br /><br />Even after 12 years that little matter remains outstanding, we're not quite there yet, there's an on-line service but we can't be sure that it identifies prospective employees reliably.<br /><br />And the service isn't universal.<br /><br />It doesn't handle any non-EEA nationals who don't have these cards, it doesn't handle all EEA nationals and UK nationals without a passport can supposedly demonstrate their right to work by producing "short birth or adoption certificates, which they can get for free, instead of the long versions".<br /><br />Surely GOV.UK Verify (RIP) could help to assure employers that the person in front of them is who the birth certificate or plastic card says they are and has the right to work in the UK?<br /><br />Apparently not.<br /><br />Maybe in another 12 years.<br /><br />Good job (<i>sic</i>) there's no hurry.</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-89110685306847247162019-01-12T23:22:00.001+00:002019-01-17T01:17:18.290+00:00RIP IDA – 12 years after promising an on-line way for employers to check the right of a prospective recruit to work in the UK, the Home Office introduces a partial service based on unproven technology<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<i>No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="text-align: center;">
<i>IDA is dead.</i></div>
<div style="text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br />
<i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div>
<div style="text-align: left;">
<br /></div>
<br />
<i><a href="https://www.gov.uk/government/news/online-right-to-work-checks">Online right to work checks</a></i> – that's a press release, by the Home Office, 14 December 2018: "Employers will be able to rely on an online Right to Work Checking Service to demonstrate compliance with illegal working legislation".<br />
<br />
Pretty good, you may say, well done the Home Office, very 21st century, faced with a prospective recruit how does an employer establish their right to work in the UK? Answer, on-line.<br />
<br />
Modern. Quick. Efficient. Definitive.<br />
<br />
Or is it?<br />
<br />
<a name='more'></a>Cast your mind back. Cast it back before yesterday. And even before 14 December 2018. Cast it back exactly 12 years, all the way back to 14 December 2006, when the Home Office published their first so-called <i><a href="http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf">Strategic Action Plan for the National Identity Scheme</a></i>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://dematerialisedid.com/PDFs/Strategic_Action_Plan.pdf" imageanchor="1" style="clear: right; float: right; margin-left: 1em;"><img border="0" data-original-height="861" data-original-width="279" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY9NoEChLWvAbBdxbfYqlOiGRInwtduqh7WU2kCU3SWn_ExpChR25-IeM7BOBLVaBBJKCf3vollbmnqt5AMp1MhpP9CDm1bT0ykk0bGt_Wyd3gSwq73WPqyXAjCgJFSESes0TxvP5BA94/s1600/IND.JPG" /></a></div>
Turn to <i>Annex 1</i> on p.25 and you'll see that the Home Office planned strategically for the <a href="http://www.dematerialisedid.com/BCSL/eOdyssey.html">Immigration and Nationality Directorate</a> to have an "enhanced employee checking service available for employers" six months later, in June 2007.<br />
<br />
In the event it took 12 years. Not six months. 12 years.<br />
<br />
It's 11 years since DMossEsq wrote about this matter, <i><a href="http://www.dematerialisedid.com/BCSL/NotWorking.html">Not working in the UK</a></i>. "Why hasn't this strategic action been performed by IPS [the Identity and Passport Service as was, now <a href="https://www.gov.uk/government/organisations/hm-passport-office">Her Majesty's Passport Office</a>]?", he asked in January 2008, and "Is there perhaps a problem with the biometrics?".<br />
<br />
The Home Office have given us <a href="https://www.dmossesq.com/2015/09/so-where-are-we-on-astrology-13-years.html">no reason</a> in the interim to believe that the biometrics their employee checking service depends on are reliable ...<br />
<br />
... but rely on them they do, as they told us in <a href="https://www.gov.uk/government/news/online-right-to-work-checks">last month's press release</a>: "The online Right to Work Checking Service can be used by non-EEA nationals who hold biometric residence permits or biometric residence cards ...".<br />
<br />
Even after 12 years that little matter remains outstanding, we're not quite there yet, there's an on-line service but we can't be sure that it identifies prospective employees reliably.<br />
<br />
And the service isn't universal.<br />
<br />
It doesn't handle any non-EEA nationals who don't have these cards, it doesn't handle all EEA nationals and UK nationals without a passport can supposedly demonstrate their right to work by producing "short birth or adoption certificates, which they can get for free, instead of the long versions".<br />
<br />
Surely GOV.UK Verify (RIP) could help to assure employers that the person in front of them is who the birth certificate or plastic card or permit or passport says they are and has the right to work in the UK? Apparently not.<br />
<br />
Maybe in another 12 years.<br />
<br />
In the meantime, <i><a href="https://www.gov.uk/penalties-for-employing-illegal-workers">Penalties for employing illegal workers</a></i>: "You can be sent to jail for 5 years and pay an unlimited fine if you’re found guilty of employing someone who you knew or had ‘reasonable cause to believe’ didn’t have the right to work in the UK".<br />
<br />
Good job (<i>sic</i>) there's no hurry.</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-2370646492631150842018-12-21T12:34:00.001+00:002021-04-11T22:40:54.928+01:00Brexit – "Why I don’t, never have, and never will trust the people"<div dir="ltr" style="text-align: left;" trbidi="on">Matthew Parris, writing in the <i><a href="https://www.spectator.co.uk/2018/12/why-i-dont-never-have-and-never-will-trust-the-people/">Spectator</a></i> magazine, 15 December 2018:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://www.spectator.co.uk/2018/12/why-i-dont-never-have-and-never-will-trust-the-people/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="383" data-original-width="577" height="424" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipiW4S4byh-VYxdD_i0jg7voPkjLtxglSqz5_dzvMEBxx0BMemPvrHXxnQxQ2h2VZrb0Ou-GrWzaXreRPlW_nrWD4Uw11oG9dRZ4_xRmvY9QXq60_cy2SsAUSus4_LcYxCQmjOQ3hdPyM/s640/DailyBasis.JPG" width="640" /></a></div><br />This is his reason for supporting those politicians of all parties, civil servants and media persons who want to ignore the Brexit referendum result.<br /><br />Mr Parris has done us a great service, <a href="https://www.thetimes.co.uk/article/theresa-may-has-become-detached-from-reality-lgllszc39">as he always does</a>, by being so clear and open. And amusing – he quotes <a href="https://en.wikipedia.org/wiki/Arthur_Balfour">Arthur Balfour</a>: "I have the greatest respect for the Conservative party conference, but I would no more consult it on a matter of high policy than I would my valet".<br /><br /><a name='more'></a>Mr Parris has done us an even greater service by pin-pointing the mistake in this line of reasoning as it applies to Brexit.<br /><br />"... at the idea that the people should dictate the policies of government on a daily basis, we shudder"?<br /><br />Yes, quite right, but in this case Parliament explicitly handed the problem over to us plebs, it was up to us to solve it and our decision would be an instruction to be executed by Parliament.<br /><br />We're not talking about <i>daily </i>plebiscites, which God forbid. We're talking about a one-off.<br /><br />We're talking about Parliament making a promise (the decision is yours) and then reneging on their promise (the decision is ours). Do that, in this case, and we plebs will never trust Parliament.<br /><br />----------<br /><br /><a href="https://www.blogger.com/null" name="update1"></a><b>Updated later that same day</b><br /><br />"Chary" of referendums as he was by 15 December 2018, on 20 October 2018 Mr Parris advocated ... a second referendum, please see <i><a href="https://www.thetimes.co.uk/article/we-must-march-and-demand-to-vote-again-hjh37bl5h">We must march and demand to vote again</a></i>.<br /><br />Brexit is the enemy of his usual logical coherence.<br /><br />This is not the only example. On 11 December 2018 Mr Parris told us <i><a href="https://www.thetimes.co.uk/article/im-disgusted-by-baying-mob-of-hypocrites-attacking-theresa-may-qr9vdkxw8">I’m disgusted by baying mob of hypocrites attacking Theresa May</a></i>:<br /><ul style="text-align: left;"><li>Two days later on <a href="https://www.thetimes.co.uk/article/she-won-confidence-vote-but-exasperating-theresa-may-is-running-on-empty-wfxq33c7b">13 December 2018</a>: "My last encounter with [Theresa May] was not long after she became prime minister. Being regarded as a 'friendly' journalist, I was invited to Downing Street for coffee. It was appalling ... I kissed her as I left. She looked a little alarmed. But the truth is I had arrived as a supporter, and departed dismayed". (Dismayed? See what he did there?)</li><li>And on 14 December 2018, in <i><a href="https://www.thetimes.co.uk/article/theresa-may-has-become-detached-from-reality-lgllszc39">Theresa May has become detached from reality</a></i>: "At what point does tenacity become rigidity become mulishness become a frozen panic? ... Does she hear? Does she see? Does she know? Is there anyone at home?" Etc ...</li></ul>It's a nimble reader who can keep up.</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-75883987765867429782018-12-21T12:34:00.000+00:002019-10-31T10:11:08.501+00:00Brexit – "Why I don’t, never have, and never will trust the people"<div dir="ltr" style="text-align: left;" trbidi="on">
Matthew Parris, writing in the <i><a href="https://www.spectator.co.uk/2018/12/why-i-dont-never-have-and-never-will-trust-the-people/">Spectator</a></i> magazine, 15 December 2018:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.spectator.co.uk/2018/12/why-i-dont-never-have-and-never-will-trust-the-people/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="383" data-original-width="577" height="424" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipiW4S4byh-VYxdD_i0jg7voPkjLtxglSqz5_dzvMEBxx0BMemPvrHXxnQxQ2h2VZrb0Ou-GrWzaXreRPlW_nrWD4Uw11oG9dRZ4_xRmvY9QXq60_cy2SsAUSus4_LcYxCQmjOQ3hdPyM/s640/DailyBasis.JPG" width="640" /></a></div>
<br />
This is his reason for supporting those politicians of all parties, civil servants and media persons who want to ignore the Brexit referendum result.<br />
<br />
Mr Parris has done us a great service, <a href="https://www.thetimes.co.uk/article/theresa-may-has-become-detached-from-reality-lgllszc39">as he always does</a>, by being so clear and open. And amusing – he quotes <a href="https://en.wikipedia.org/wiki/Arthur_Balfour">Arthur Balfour</a>: "I have the greatest respect for the Conservative party conference, but I would no more consult it on a matter of high policy than I would my valet".<br />
<br />
<a name='more'></a>Mr Parris has done us an even greater service by pin-pointing the mistake in this line of reasoning as it applies to Brexit.<br />
<br />
"... at the idea that the people should dictate the policies of government on a daily basis, we shudder"?<br />
<br />
Yes, quite right, but in this case Parliament explicitly handed the problem over to us plebs, it was up to us to solve it and our decision would be an instruction to be executed by Parliament.<br />
<br />
We're not talking about <i>daily </i>plebiscites, which God forbid. We're talking about a one-off.<br />
<br />
We're talking about Parliament making a promise (the decision is yours) and then reneging on their promise (the decision is ours). Do that, in this case, and we plebs will never trust Parliament.<br />
<br />
----------<br />
<br />
<a href="https://www.blogger.com/null" name="update1"></a><b>Updated later that same day</b><br />
<br />
"Chary" of referendums as he was by 15 December 2018, on 20 October 2018 Mr Parris advocated ... a second referendum, please see <i><a href="https://www.thetimes.co.uk/article/we-must-march-and-demand-to-vote-again-hjh37bl5h">We must march and demand to vote again</a></i>.<br />
<br />
Brexit is the enemy of his usual logical coherence.<br />
<br />
This is not the only example. On 11 December 2018 Mr Parris told us <i><a href="https://www.thetimes.co.uk/article/im-disgusted-by-baying-mob-of-hypocrites-attacking-theresa-may-qr9vdkxw8">I’m disgusted by baying mob of hypocrites attacking Theresa May</a></i>:<br />
<ul style="text-align: left;">
<li>Two days later on <a href="https://www.thetimes.co.uk/article/she-won-confidence-vote-but-exasperating-theresa-may-is-running-on-empty-wfxq33c7b">13 December 2018</a>: "My last encounter with [Theresa May] was not long after she became prime minister. Being regarded as a 'friendly' journalist, I was invited to Downing Street for coffee. It was appalling ... I kissed her as I left. She looked a little alarmed. But the truth is I had arrived as a supporter, and departed dismayed". (Dismayed? See what he did there?)</li>
<li>And on 14 December 2018, in <i><a href="https://www.thetimes.co.uk/article/theresa-may-has-become-detached-from-reality-lgllszc39">Theresa May has become detached from reality</a></i>: "At what point does tenacity become rigidity become mulishness become a frozen panic? ... Does she hear? Does she see? Does she know? Is there anyone at home?" Etc ...</li>
</ul>
It's a nimble reader who can keep up.<br />
<br />
<br />
<a href="https://www.blogger.com/null" name="update2"></a><b>Updated 7.3.19</b><br />
<br />
Late last year there was Matthew Parris disgusted, please see above, by the braying mob of hypocrites attacking Theresa May.<br />
<br />
No more.<br />
<br />
22 February 2019 saw the publication of his <i><a href="https://www.thetimes.co.uk/article/theresa-may-has-turned-conservative-discord-into-aschism-0btbdk80q">Theresa May is the Death Star of British politics</a></i>: "Theresa May, [my informants] tell me (in a couple of cases actually shouting) is the Death Star of modern British politics. She’s the theory of anti-matter, made flesh. She’s a political black hole because nothing, not even light, can escape ...".<br />
<br />
There's more where that came from. Leading up to: "she, and all who wait upon her and have surrounded her, must be hounded out of the party’s cockpit, and every trace of the era of her leadership expunged".<br />
<br />
<br />
<a href="https://www.blogger.com/null" name="update3"></a><b>Updated 31.10.19</b><br />
<br />
Matthew Parris is convinced that the UK must have a second Brexit referendum and in the 26 October 2019 edition of the <i>Spectator </i>he turns his attention to the wording of the question or questions that people should answer, please see <i><a href="https://www.spectator.co.uk/2019/10/the-question-a-second-referendum-must-ask/">The question a second referendum must ask</a></i>.<br />
<br />
Is this the same Matthew Parris who told us on 15 December 2018 <i><a href="https://www.spectator.co.uk/2018/12/why-i-dont-never-have-and-never-will-trust-the-people/">Why I don’t, never have, and never will trust the people</a></i>? That's the question DMossEsq posed to the editor but his letter unaccountably <a href="https://www.spectator.co.uk/2019/11/letters-what-would-be-the-point-of-a-second-referendum/">hasn't been published</a>:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td><b>From</b>: David Moss<br />
<b>Sent</b>: 27 October 2019 19:08<br />
<b>To</b>: 'letters@spectator.co.uk'<br />
Subject: Can this be the same Matthew Parris? Let the people decide<br />
<br />
Matthew Parris, 26 October 2019, <i><a href="https://www.spectator.co.uk/2019/10/the-question-a-second-referendum-must-ask/">The question a second referendum must ask</a></i><br />
<br />
Sir<br />
<br />
In the latest edition of the <i>Spectator</i>, Matthew Parris advocates a second Brexit referendum and suggests how the questions should be phrased. Is this the same Matthew Parris who wrote <i><a href="https://www.spectator.co.uk/2018/12/why-i-dont-never-have-and-never-will-trust-the-people/">Why I don’t, never have, and never will trust the people</a></i>, published in the <i>Spectator </i>on 15 December 2018?<br />
<br />
Yours<br />
David Moss</td></tr>
</tbody></table>
</blockquote>
<br />
<br /></div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-40310327083285137192018-12-18T18:32:00.003+00:002021-04-11T22:40:54.947+01:00Brexit – cast your mind back 212 years to Napoleon and the continental system<div dir="ltr" style="text-align: left;" trbidi="on">According to today's <i>Times</i> newspaper:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHdJvojt0HDA1ZE1PP97lePf5eFrtDAfgAxTRzoY3tas02eXd8BrzG1q9qday5WeQuFXbv4U9GXO1EIZjG1eBwCv28F9H-qk5gTjdFLJOqjGMCqaAQgw-t8x9TegLLpNEyM4hzs92Twwk/s1600/WarFooting.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="292" data-original-width="472" height="394" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHdJvojt0HDA1ZE1PP97lePf5eFrtDAfgAxTRzoY3tas02eXd8BrzG1q9qday5WeQuFXbv4U9GXO1EIZjG1eBwCv28F9H-qk5gTjdFLJOqjGMCqaAQgw-t8x9TegLLpNEyM4hzs92Twwk/s640/WarFooting.JPG" width="640" /></a></div><br />2½ years late, as they say in <a href="https://www.thetimes.co.uk/edition/news/cabinet-moves-to-war-footing-for-no-deal-s0npmsh3j">the accompanying article</a>, "Colin Clark, a Scottish Conservative MP, has said contingency planning should have started immediately after the vote in 2016", but better late than never.<br /><br />Mr Clark is not alone in his views, several respectable people believe that is and always has been the obvious approach ...<br /><br />... but the Chancellor of the Exchequer, Philip Hammond, is quoted <a href="https://blogs.spectator.co.uk/2018/12/the-cabinet-steps-up-planning-for-no-deal/">elsewhere</a> as saying that "what they were doing must be seen as a precaution, not a policy challenge. He warned that the idea of a managed no deal was a ‘unicorn’ ...".<br /><br />Who's right?<br /><br />The respectable people or the Chancellor?<br /><br /><a name='more'></a>Cast your mind back 212 years and you be the judge.<br /><br />According to Andrew Roberts’s 2014 <i><a href="https://www.amazon.co.uk/Napoleon-Great-Andrew-Roberts-ebook/dp/B01G8V1TMW/ref=sr_1_1_twi_kin_1?ie=UTF8&qid=1545149721&sr=8-1&keywords=napoleon+the+great">Napoleon the Great</a></i>, starting around p.427, 212 years ago in 1806 Napoleon instituted the “continental system”, which included these articles among others: <br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>1. The British Isles are in a state of blockade.<br />2. All trade and all correspondence with the British Isles is forbidden.<br />3. Every British subject, of whatever state or condition he may be … will be made a prisoner of war.<br />4. All warehouses, all merchandise, all property, of whatever nature it might be, belonging to a subject of England will be declared a valid prize …<br />7. No ship coming directly from England or the English colonies, or having been there since the publication of the present decree, will be received in any port.</td></tr></tbody></table></blockquote>Napoleon reckoned that would soon settle our hash ...<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>Since one-third of Britain’s direct exports and three-quarters of her re-exports went to continental Europe, Napoleon intended the decrees to put huge political pressure on the British government to restart the peace negotiations broken off in August …</td></tr></tbody></table></blockquote>... but, according to Mr Roberts:<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>Although Napoleon believed that the Berlin Decrees would be popular with French businessmen, who he hoped would pick up the trade that previously went to Britain, he was soon disabused by the reports from his own chambers of commerce. As early as December that of Bordeaux reported a dangerous downturn of business … By March 1807 he had to authorize special industrial loans from the reserve funds to offset the crises that were resulting …</td></tr></tbody></table></blockquote><i>Plus ça change</i>, the regional prefect of the area that includes Calais is already demanding extra funds to ensure that UK business is not lost to dastardly Belgian and Dutch ports.<br /><br />Further:<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>… the British government managed to ride out domestic criticism. By contrast, the Continental System damaged precisely those people who had done well from Napoleon’s regime and had hitherto been his strongest supporters: the middle classes, tradesmen, merchants and better-off peasantry … ‘Shopkeepers of all countries were complaining about the state of affairs,’ recalled the treasury minister Mollien, but Napoleon was in no mood to listen, let alone compromise.</td></tr></tbody></table></blockquote><i>Plus ça change</i>, President Macron, convinced that he is actually Jupiter, and not merely Napoleon, won't compromise. Just like he didn't compromise the other day with the <i>gilets jaunes</i>.<br /><br /><i>Plus ça change</i>, "domestic criticism", in the person of Anna Soubry and the BBC and the unicorn expert, Philip Hammond, has duly reappeared:<br /><ul style="text-align: left;"><li>They want us to stay linked to a collapsing financial system, the Euro, which beggars Greece and Spain and Portugal in order to underwrite German exports and which caused years of hardship to Ireland after its asset price bubble burst.</li><li>They want us to stay in the friendly partnership which sees Italy at loggerheads with Brussels ...</li><li>... not to mention the friendly partnership between Hungary and Brussels.</li><li>They want us to have our tax rates harmonised.</li><li>They want our armed forces to come under President Juncker's control.</li><li>They want to keep charging huge protectionist tariffs on poor countries trying to export sugar to us.</li><li>They want our legislature to be dictated to by the European Court of Justice ...</li></ul>For some reason the "domestic critics" find this imperial prospect attractive. Your highest ambition may not be for the UK to become a colony. You may hope that the government once again "rides it out".<br /><br />The huge volume of our exports to the EU is a problem for them as well as us:<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>One major problem with the Continental System was that it could not be imposed universally. In 1807, for example, because Hamburg and the Hanseatic towns such as Lübeck, Lüneburg, Rostock, Stralsund and Bremen couldn’t manufacture the 200,000 pairs of shoes, 50,000 greatcoats, 37,000 vests and so on that the <i>Grande Armée</i> required, their governors were forced to buy them from British manufacturers under special licences allowing them through the blockade. Many of Napoleon’s soldiers in the coming battles of the Polish campaign wore uniforms made in Halifax and Leeds ...</td></tr></tbody></table></blockquote>Fluctuations in the exchange rate? Financial innovation in the City? Expanding into new markets? They've all happened before. And <i>pace </i>the miserable remainers, they could all happen again:<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>When French customs officials did capture contraband a proportion of it was often returnable for a bribe, and in due course it became possible to take out insurance against seizures at Lloyd’s of London. Meanwhile, French imperial customs revenues collapsed from 51 million francs in 1806 to 11.5 million in 1809, when Napoleon allowed the export of grain to the British at high price when their harvest was weak – some 74 per cent of all British imported wheat came from France that year – in order to deplete British bullion reserves. The Continental System failed to work because merchants continued to accept British bills-of-exchange, so London continued to see net capital inflows. Much to Napoleon’s frustration, the British currency depreciated against European currencies by 15 per cent between 1808 and 1810, making British exports cheaper. The Continental System also forced British merchants to become more flexible and to diversify, investing in Asia, Africa, the Near East and Latin America much more than before, so exports that had been running at an average of £25.4 million per annum between 1800 and 1809 rose to £35 million between 1810 and 1819. By contrast, imports fell significantly, so Britain’s balance of trade was positive, which it hadn’t been since 1780.</td></tr></tbody></table></blockquote></div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-47885543026042326722018-12-18T18:32:00.002+00:002018-12-20T19:59:56.389+00:00Brexit – cast your mind back 212 years to Napoleon and the continental system<div dir="ltr" style="text-align: left;" trbidi="on">
According to today's <i>Times</i> newspaper:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHdJvojt0HDA1ZE1PP97lePf5eFrtDAfgAxTRzoY3tas02eXd8BrzG1q9qday5WeQuFXbv4U9GXO1EIZjG1eBwCv28F9H-qk5gTjdFLJOqjGMCqaAQgw-t8x9TegLLpNEyM4hzs92Twwk/s1600/WarFooting.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="292" data-original-width="472" height="394" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHdJvojt0HDA1ZE1PP97lePf5eFrtDAfgAxTRzoY3tas02eXd8BrzG1q9qday5WeQuFXbv4U9GXO1EIZjG1eBwCv28F9H-qk5gTjdFLJOqjGMCqaAQgw-t8x9TegLLpNEyM4hzs92Twwk/s640/WarFooting.JPG" width="640" /></a></div>
<br />
2½ years late, as they say in <a href="https://www.thetimes.co.uk/edition/news/cabinet-moves-to-war-footing-for-no-deal-s0npmsh3j">the accompanying article</a>, "Colin Clark, a Scottish Conservative MP, has said contingency planning should have started immediately after the vote in 2016", but better late than never.<br />
<br />
Mr Clark is not alone in his views, several respectable people believe that is and always has been the obvious approach ...<br />
<br />
... but the Chancellor of the Exchequer, Philip Hammond, is quoted <a href="https://blogs.spectator.co.uk/2018/12/the-cabinet-steps-up-planning-for-no-deal/">elsewhere</a> as saying that "what they were doing must be seen as a precaution, not a policy challenge. He warned that the idea of a managed no deal was a ‘unicorn’ ...".<br />
<br />
Who's right?<br />
<br />
The respectable people or the Chancellor?<br />
<br />
<a name='more'></a>Cast your mind back 212 years and you be the judge.<br />
<br />
According to Andrew Roberts’s 2014 <i><a href="https://www.amazon.co.uk/Napoleon-Great-Andrew-Roberts-ebook/dp/B01G8V1TMW/ref=sr_1_1_twi_kin_1?ie=UTF8&qid=1545149721&sr=8-1&keywords=napoleon+the+great">Napoleon the Great</a></i>, starting around p.427, 212 years ago in 1806 Napoleon instituted the “continental system”, which included these articles among others:
<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>1. The British Isles are in a state of blockade.<br />
2. All trade and all correspondence with the British Isles is forbidden.<br />
3. Every British subject, of whatever state or condition he may be … will be made a prisoner of war.<br />
4. All warehouses, all merchandise, all property, of whatever nature it might be, belonging to a subject of England will be declared a valid prize …<br />
7. No ship coming directly from England or the English colonies, or having been there since the publication of the present decree, will be received in any port.</td></tr>
</tbody></table>
</blockquote>
Napoleon reckoned that would soon settle our hash ...<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>Since one-third of Britain’s direct exports and three-quarters of her re-exports went to continental Europe, Napoleon intended the decrees to put huge political pressure on the British government to restart the peace negotiations broken off in August …</td></tr>
</tbody></table>
</blockquote>
... but, according to Mr Roberts:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>Although Napoleon believed that the Berlin Decrees would be popular with French businessmen, who he hoped would pick up the trade that previously went to Britain, he was soon disabused by the reports from his own chambers of commerce. As early as December that of Bordeaux reported a dangerous downturn of business … By March 1807 he had to authorize special industrial loans from the reserve funds to offset the crises that were resulting …</td></tr>
</tbody></table>
</blockquote>
<i>Plus ça change</i>, the regional prefect of the area that includes Calais is already demanding extra funds to ensure that UK business is not lost to dastardly Belgian and Dutch ports.<br />
<br />
Further:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>… the British government managed to ride out domestic criticism. By contrast, the Continental System damaged precisely those people who had done well from Napoleon’s regime and had hitherto been his strongest supporters: the middle classes, tradesmen, merchants and better-off peasantry … ‘Shopkeepers of all countries were complaining about the state of affairs,’ recalled the treasury minister Mollien, but Napoleon was in no mood to listen, let alone compromise.</td></tr>
</tbody></table>
</blockquote>
<i>Plus ça change</i>, President Macron, convinced that he is actually Jupiter, and not merely Napoleon, won't compromise. Just like he didn't compromise the other day with the <i>gilets jaunes</i>.<br />
<br />
<i>Plus ça change</i>, "domestic criticism", in the person of Anna Soubry and the BBC and the unicorn expert, Philip Hammond, has duly reappeared:<br />
<ul style="text-align: left;">
<li>They want us to stay linked to a collapsing financial system, the Euro, which beggars Greece and Spain and Portugal in order to underwrite German exports and which caused years of hardship to Ireland after its asset price bubble burst.</li>
<li>They want us to stay in the friendly partnership which sees Italy at loggerheads with Brussels ...</li>
<li>... not to mention the friendly partnership between Hungary and Brussels.</li>
<li>They want us to have our tax rates harmonised.</li>
<li>They want our armed forces to come under President Juncker's control.</li>
<li>They want to keep charging huge protectionist tariffs on poor countries trying to export sugar to us.</li>
<li>They want our legislature to be dictated to by the European Court of Justice ...</li>
</ul>
For some reason the "domestic critics" find this imperial prospect attractive. Your highest ambition may not be for the UK to become a colony. You may hope that the government once again "rides it out".<br />
<br />
The huge volume of our exports to the EU is a problem for them as well as us:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>One major problem with the Continental System was that it could not be imposed universally. In 1807, for example, because Hamburg and the Hanseatic towns such as Lübeck, Lüneburg, Rostock, Stralsund and Bremen couldn’t manufacture the 200,000 pairs of shoes, 50,000 greatcoats, 37,000 vests and so on that the <i>Grande Armée</i> required, their governors were forced to buy them from British manufacturers under special licences allowing them through the blockade. Many of Napoleon’s soldiers in the coming battles of the Polish campaign wore uniforms made in Halifax and Leeds ...</td></tr>
</tbody></table>
</blockquote>
Fluctuations in the exchange rate? Financial innovation in the City? Expanding into new markets? They've all happened before. And <i>pace </i>the miserable remainers, they could all happen again:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>When French customs officials did capture contraband a proportion of it was often returnable for a bribe, and in due course it became possible to take out insurance against seizures at Lloyd’s of London. Meanwhile, French imperial customs revenues collapsed from 51 million francs in 1806 to 11.5 million in 1809, when Napoleon allowed the export of grain to the British at high price when their harvest was weak – some 74 per cent of all British imported wheat came from France that year – in order to deplete British bullion reserves. The Continental System failed to work because merchants continued to accept British bills-of-exchange, so London continued to see net capital inflows. Much to Napoleon’s frustration, the British currency depreciated against European currencies by 15 per cent between 1808 and 1810, making British exports cheaper. The Continental System also forced British merchants to become more flexible and to diversify, investing in Asia, Africa, the Near East and Latin America much more than before, so exports that had been running at an average of £25.4 million per annum between 1800 and 1809 rose to £35 million between 1810 and 1819. By contrast, imports fell significantly, so Britain’s balance of trade was positive, which it hadn’t been since 1780.</td></tr>
</tbody></table>
</blockquote>
</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-53736987086718831532018-12-13T21:08:00.001+00:002021-04-11T22:40:54.982+01:00RIP IDA – LSE Prof sells CGD a pup<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: center;"><i>No need to say it, it goes without saying, it should be obvious to all but,</i></div><div style="text-align: center;"><i>just in case it isn't obvious to all,</i></div><div style="text-align: center;"><i>IDA is dead.</i></div><div style="text-align: center;"><i><br /></i></div><div style="text-align: center;"><i>IDA, now known as "GOV.UK Verify (RIP)",</i></div><div style="text-align: center;"><i>is the Cabinet Office Identity Assurance programme.</i></div><div style="text-align: center;"><i>And it's dead.</i><br /><i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br /><i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br /><i>is in fact the person he or she is purporting to be;</i><br /><i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div><div style="text-align: left;"><br /></div><br />May 2013, and Alan Gelb and Julia Clark of <a href="https://www.cgdev.org/">the Center for Global Development</a> publish <a href="http://www.dmossesq.com/2013/05/will-centre-for-global-development.html">a report on biometrics</a>. Not so much a report as an uncritical re-hash of the marketing material used by the biometrics industry. The industry that owes so much to <a href="https://www.dmossesq.com/2015/09/so-where-are-we-on-astrology-13-years.html">astrology</a>.<br /><br />It is possible that you had forgotten.<br /><br />November 2018, and the CGD publish <a href="https://www.cgdev.org/sites/default/files/Trusted-Digital-ID-Provision-govuk.pdf">an odd report on GOV.UK Verify (RIP)</a> with a preface by the same Alan Gelb. At least, one assumes that it's the same Alan Gelb.<br /><br /><a name='more'></a>The report is written by Dr Edgar A Whitley, "an Associate Professor (Reader) in Information Systems in the Department of Management at the London School of Economics and Political Science". That doesn't seem to have helped:<br /><br /><div style="border-color: #0000ff; border-style: solid; border-width: 1px; float: center; margin: 0 0 4px 8px; padding: 5px;"><table border="0" style="width: 100%px;"> <tbody><tr> <td><blockquote class="twitter-tweet" data-partner="tweetdeck"><div dir="ltr" lang="en">Edgar Whitley - no fan of ID systems - v good, surprisingly positive review of <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@GOVUKverify</a>, with guidance on how other systems can embed privacy principles too, and stacking it up against the 10 principles for ID at the end. <a href="https://t.co/JTawvgXIv1">https://t.co/JTawvgXIv1</a> … <a href="https://twitter.com/hashtag/ID4D?src=hash&ref_src=twsrc%5Etfw">#ID4D</a> <a href="https://twitter.com/hashtag/GoodID?src=hash&ref_src=twsrc%5Etfw">#GoodID</a></div>— Andrew Kramer 🦉 (@andrewmkramer) <a href="https://twitter.com/andrewmkramer/status/1072882042310979587?ref_src=twsrc%5Etfw">December 12, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">“… in fact it was recently reported that the 100th round of user experience research had been completed” (p.41)<br /><br />Recently? That was 2 August 2016.<br /><br />Published 7 November 2018, when was this peculiar report written?<a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> <a href="https://twitter.com/AlanHGelb?ref_src=twsrc%5Etfw">@AlanHGelb</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073165644294643712?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">"Verify is an exemplar of how live systems can be built with<br />privacy principles incorporated from the start" (p.50)<br /><br />No it isn't.<a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> (RIP) flouts all nine of its governing privacy principles, <a href="https://t.co/MMqe9iV4Vu">https://t.co/MMqe9iV4Vu</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073173818552795136?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">The privacy principles were proposed by PCAG, an organisation co-chaired by Edgar Whitley, who is the author of this <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> report.<br /><br />His co-chair <a href="https://twitter.com/ntouk?ref_src=twsrc%5Etfw">@ntouk</a> resigned in disgust at officials ignoring, misleading and misinforming PCAG,<a href="https://t.co/LvWgd72CIx">https://t.co/LvWgd72CIx</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073174956886974464?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">Section D, Verify's Governance Arrangements (pp.43-55), weirdly ignores the fact that <a href="https://twitter.com/GDSTeam?ref_src=twsrc%5Etfw">@gdsteam</a> lost control of national identity policy six months ago to <a href="https://twitter.com/DCMS?ref_src=twsrc%5Etfw">@DCMS</a>, <a href="https://t.co/UE45q7qwPI">https://t.co/UE45q7qwPI</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073184315851374592?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">"Nineteen local authorities have signed up for the <a href="https://twitter.com/hashtag/VerifyLocal?src=hash&ref_src=twsrc%5Etfw">#VerifyLocal</a> pilots, six of whom will pilot both services [concessionary travel and parking permits]" (p.47)<br /><br />By 27 November 2017, over a year ago, there were just 4 local authorities left and no progress, <a href="https://t.co/awBoHRvleG">https://t.co/awBoHRvleG</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073186814133985280?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">"a recent <a href="https://twitter.com/OIXUK?ref_src=twsrc%5Etfw">@OIXUK</a> report …highlighted industry’s needs for identity related attributes …" (p.58)<a href="https://t.co/1TQbnR1SS5">https://t.co/1TQbnR1SS5</a><br /><br />Recent? That was 28 June 2016.<br /><br />Published 7 November 2018, when was this peculiar report written?</div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073219495144120321?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">Under the heading 'Private Sector Use of Verify’d Identities' (pp.57-8), the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report mentions <a href="https://twitter.com/OIXUK?ref_src=twsrc%5Etfw">@oixuk</a> reports without noting their conclusions – that <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP has little or nothing to offer the private sector,<a href="https://t.co/1ZwsssZp6A">https://t.co/1ZwsssZp6A</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073220385771012097?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">Under the heading 'Future Government Services Using Verify' (pp.60-2), the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> report reprints <a href="https://twitter.com/GDSTeam?ref_src=twsrc%5Etfw">@gdsteam</a>'s Walter Mitty predictions 2½ years ago for <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP's progress without noting that it never happened,<a href="https://t.co/75ypFitAv2">https://t.co/75ypFitAv2</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073221492866015233?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">Under the heading'Limitations and Critiques' (pp.63-5), the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report mentions <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP's failure to cover all demographics.<br /><br />This problem has been acknowledged since March 2016,<a href="https://t.co/a5PIaGuwFJ">https://t.co/a5PIaGuwFJ</a><br /><br />No progress has been made.<br /><br />Agile ≠ continuous improvement.</div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073226969502883840?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">The lesson drawn by some in local government is that <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP "has failed most people",<a href="https://t.co/oj89giLxc5">https://t.co/oj89giLxc5</a><br /><br />The <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report gives no reason to believe that they're wrong.</div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073228146600787969?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">The suggestion throughout the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report is that <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP is unique.<br /><br />It is.<br /><br />Now.<br /><br />Now that the US have canned <a href="https://t.co/XD67AKIA0t">https://t.co/XD67AKIA0t</a>,<a href="https://t.co/2XKGEGfoIX">https://t.co/2XKGEGfoIX</a><br /><br />(Everyone else has known that since at least 5 July 2016,<a href="https://t.co/FeDdSCGbVP">https://t.co/FeDdSCGbVP</a>)</div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073229507396538368?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">Given the wall-to-wall failure of <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@GOVUKverify</a> RIP, <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> and others may wonder how we Brits access on-line public services.<br /><br />For the past 18 years 50 million of us have used the Government Gateway to connect to 123 services 406 million times a year,<a href="https://t.co/juU7kZLrpJ">https://t.co/juU7kZLrpJ</a></div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073232491018944512?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr><tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck"><div dir="ltr" lang="en">Under the heading 'Learning from Verify' (pp.65-72) no mention is made of the lesson drawn by the UK – Government projects watchdog recommends terminating <a href="https://t.co/57JbIoDT81">https://t.co/57JbIoDT81</a> Verify identity project,<a href="https://t.co/4xVzOzeGpm">https://t.co/4xVzOzeGpm</a><br /><br />Credibility deficit.</div>— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073237408139931648?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote><script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></td> </tr></tbody></table></div></div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-77755339654793135692018-12-13T21:08:00.000+00:002018-12-13T23:11:30.593+00:00RIP IDA – LSE Prof sells CGD a pup<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<i>No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="text-align: center;">
<i>IDA is dead.</i></div>
<div style="text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br />
<i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div>
<div style="text-align: left;">
<br /></div>
<br />
May 2013, and Alan Gelb and Julia Clark of <a href="https://www.cgdev.org/">the Center for Global Development</a> publish <a href="http://www.dmossesq.com/2013/05/will-centre-for-global-development.html">a report on biometrics</a>. Not so much a report as an uncritical re-hash of the marketing material used by the biometrics industry. The industry that owes so much to <a href="https://www.dmossesq.com/2015/09/so-where-are-we-on-astrology-13-years.html">astrology</a>.<br />
<br />
It is possible that you had forgotten.<br />
<br />
November 2018, and the CGD publish <a href="https://www.cgdev.org/sites/default/files/Trusted-Digital-ID-Provision-govuk.pdf">an odd report on GOV.UK Verify (RIP)</a> with a preface by the same Alan Gelb. At least, one assumes that it's the same Alan Gelb.<br />
<br />
<a name='more'></a>The report is written by Dr Edgar A Whitley, "an Associate Professor (Reader) in Information Systems in the Department of Management at the London School of Economics and Political Science". That doesn't seem to have helped:<br />
<br />
<div style="border-color: #0000ff; border-style: solid; border-width: 1px; float: center; margin: 0 0 4px 8px; padding: 5px;">
<table border="0" style="width: 100%px;"> <tbody>
<tr> <td><blockquote class="twitter-tweet" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Edgar Whitley - no fan of ID systems - v good, surprisingly positive review of <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@GOVUKverify</a>, with guidance on how other systems can embed privacy principles too, and stacking it up against the 10 principles for ID at the end. <a href="https://t.co/JTawvgXIv1">https://t.co/JTawvgXIv1</a> … <a href="https://twitter.com/hashtag/ID4D?src=hash&ref_src=twsrc%5Etfw">#ID4D</a> <a href="https://twitter.com/hashtag/GoodID?src=hash&ref_src=twsrc%5Etfw">#GoodID</a></div>
— Andrew Kramer 🦉 (@andrewmkramer) <a href="https://twitter.com/andrewmkramer/status/1072882042310979587?ref_src=twsrc%5Etfw">December 12, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
“… in fact it was recently reported that the 100th round of user experience research had been completed” (p.41)<br />
<br />
Recently? That was 2 August 2016.<br />
<br />
Published 7 November 2018, when was this peculiar report written?<a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> <a href="https://twitter.com/AlanHGelb?ref_src=twsrc%5Etfw">@AlanHGelb</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073165644294643712?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
"Verify is an exemplar of how live systems can be built with<br />
privacy principles incorporated from the start" (p.50)<br />
<br />
No it isn't.<a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> (RIP) flouts all nine of its governing privacy principles, <a href="https://t.co/MMqe9iV4Vu">https://t.co/MMqe9iV4Vu</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073173818552795136?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
The privacy principles were proposed by PCAG, an organisation co-chaired by Edgar Whitley, who is the author of this <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> report.<br />
<br />
His co-chair <a href="https://twitter.com/ntouk?ref_src=twsrc%5Etfw">@ntouk</a> resigned in disgust at officials ignoring, misleading and misinforming PCAG,<a href="https://t.co/LvWgd72CIx">https://t.co/LvWgd72CIx</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073174956886974464?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Section D, Verify's Governance Arrangements (pp.43-55), weirdly ignores the fact that <a href="https://twitter.com/GDSTeam?ref_src=twsrc%5Etfw">@gdsteam</a> lost control of national identity policy six months ago to <a href="https://twitter.com/DCMS?ref_src=twsrc%5Etfw">@DCMS</a>, <a href="https://t.co/UE45q7qwPI">https://t.co/UE45q7qwPI</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073184315851374592?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
"Nineteen local authorities have signed up for the <a href="https://twitter.com/hashtag/VerifyLocal?src=hash&ref_src=twsrc%5Etfw">#VerifyLocal</a> pilots, six of whom will pilot both services [concessionary travel and parking permits]" (p.47)<br />
<br />
By 27 November 2017, over a year ago, there were just 4 local authorities left and no progress, <a href="https://t.co/awBoHRvleG">https://t.co/awBoHRvleG</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073186814133985280?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
"a recent <a href="https://twitter.com/OIXUK?ref_src=twsrc%5Etfw">@OIXUK</a> report …highlighted industry’s needs for identity related attributes …" (p.58)<a href="https://t.co/1TQbnR1SS5">https://t.co/1TQbnR1SS5</a><br />
<br />
Recent? That was 28 June 2016.<br />
<br />
Published 7 November 2018, when was this peculiar report written?</div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073219495144120321?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Under the heading 'Private Sector Use of Verify’d Identities' (pp.57-8), the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report mentions <a href="https://twitter.com/OIXUK?ref_src=twsrc%5Etfw">@oixuk</a> reports without noting their conclusions – that <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP has little or nothing to offer the private sector,<a href="https://t.co/1ZwsssZp6A">https://t.co/1ZwsssZp6A</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073220385771012097?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Under the heading 'Future Government Services Using Verify' (pp.60-2), the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> report reprints <a href="https://twitter.com/GDSTeam?ref_src=twsrc%5Etfw">@gdsteam</a>'s Walter Mitty predictions 2½ years ago for <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP's progress without noting that it never happened,<a href="https://t.co/75ypFitAv2">https://t.co/75ypFitAv2</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073221492866015233?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Under the heading'Limitations and Critiques' (pp.63-5), the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report mentions <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP's failure to cover all demographics.<br />
<br />
This problem has been acknowledged since March 2016,<a href="https://t.co/a5PIaGuwFJ">https://t.co/a5PIaGuwFJ</a><br />
<br />
No progress has been made.<br />
<br />
Agile ≠ continuous improvement.</div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073226969502883840?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
The lesson drawn by some in local government is that <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP "has failed most people",<a href="https://t.co/oj89giLxc5">https://t.co/oj89giLxc5</a><br />
<br />
The <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report gives no reason to believe that they're wrong.</div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073228146600787969?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
The suggestion throughout the <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@cgdev</a> report is that <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@govukverify</a> RIP is unique.<br />
<br />
It is.<br />
<br />
Now.<br />
<br />
Now that the US have canned <a href="https://t.co/XD67AKIA0t">https://t.co/XD67AKIA0t</a>,<a href="https://t.co/2XKGEGfoIX">https://t.co/2XKGEGfoIX</a><br />
<br />
(Everyone else has known that since at least 5 July 2016,<a href="https://t.co/FeDdSCGbVP">https://t.co/FeDdSCGbVP</a>)</div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073229507396538368?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Given the wall-to-wall failure of <a href="https://twitter.com/GOVUKverify?ref_src=twsrc%5Etfw">@GOVUKverify</a> RIP, <a href="https://twitter.com/CGDev?ref_src=twsrc%5Etfw">@CGDev</a> and others may wonder how we Brits access on-line public services.<br />
<br />
For the past 18 years 50 million of us have used the Government Gateway to connect to 123 services 406 million times a year,<a href="https://t.co/juU7kZLrpJ">https://t.co/juU7kZLrpJ</a></div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073232491018944512?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
<tr> <td><blockquote class="twitter-tweet" data-cards="hidden" data-conversation="none" data-partner="tweetdeck">
<div dir="ltr" lang="en">
Under the heading 'Learning from Verify' (pp.65-72) no mention is made of the lesson drawn by the UK – Government projects watchdog recommends terminating <a href="https://t.co/57JbIoDT81">https://t.co/57JbIoDT81</a> Verify identity project,<a href="https://t.co/4xVzOzeGpm">https://t.co/4xVzOzeGpm</a><br />
<br />
Credibility deficit.</div>
— Brother Big (@gdsw9) <a href="https://twitter.com/gdsw9/status/1073237408139931648?ref_src=twsrc%5Etfw">December 13, 2018</a></blockquote>
<script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script>
</td> </tr>
</tbody></table>
</div>
</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-42965141117290598232018-10-17T15:36:00.002+01:002021-04-11T22:40:55.003+01:00RIP IDA – international ID slapstick, that's the way to do it<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: center;"><i>No need to say it, it goes without saying, it should be obvious to all but,</i></div><div style="text-align: center;"><i>just in case it isn't obvious to all,</i></div><div style="text-align: center;"><i>IDA is dead.</i></div><div style="text-align: center;"><i><br /></i></div><div style="text-align: center;"><i>IDA, now known as "GOV.UK Verify (RIP)",</i></div><div style="text-align: center;"><i>is the Cabinet Office Identity Assurance programme.</i></div><div style="text-align: center;"><i>And it's dead.</i><br /><i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br /><i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br /><i>is in fact the person he or she is purporting to be;</i><br /><i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div><div style="text-align: left;"><br /></div>A week ago we learnt that people with a German electronic ID are now able to use it to log on to HMRC:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://twitter.com/Martin_Jordan/status/1049980425291087872" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="525" height="484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjERkbxBKtZ681ulz9rDw1uVoqHCAhTROhSMpBTBsn-4YOrzOSJYhibVlQpKELI3dZymJw5OuirljYQvo7bT8A1WKW13t6gp-71MnTiYpNjHQb_ZDQ2p3pYWwvrHedERudKhwdLeNrOzXE/s640/eIDAS+Germany.JPG" width="640" /></a></div><br /><a name='more'></a>This has been on the cards, so to speak, for over 10 years now, ever since the inception of the European Union's <a href="http://www.dematerialisedid.com/BCSL/Hall.html">Project STORK</a>. German students studying at UK universities should be able to access UK public services while they're over here using trusted German identity assurance. Ditto UK students in Germany. And not just Germany and the UK, any EU citizens in any EU country.<br /><br />Over the years, Project STORK became <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN">eIDAS</a>, EU Regulation 910/2014. The German <a href="https://www.bsi.bund.de/EN/Topics/ElectrIDDocuments/German-eID/eIDAS-notification/eIDAS_notification_node.html">Federal Office for Information Security</a> jumped through all the eIDAS hoops to "notify" their <i>Ausweis </i>identity assurance scheme, it's passed all the tests and, as noted in the Martin Jordan tweet above, Her Majesty's Revenue and Customs now have to accept <i>Ausweis </i>identities.<br /><br />That's the theory.<br /><br />In practice, this is the response a German currently gets:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://www.gov.uk/personal-tax-account/sign-in/prove-identity" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="235" data-original-width="657" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYZsZEh0XflFLeEyFaUzD0-lstinVPQ9_WCiMSqvxoGh6GtFjvn3H6K7cwDgx8s7qzWKWTUd53vl6m1tSO8wXsf-jDE_oRgJhwk0qx8Ld8cKPtWupPh7_ErSIAt_HUbrigyzMqPZ0MEw0/s640/Delivered.JPG" width="640" /></a></div><br />That's the way to do it.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://www.bbc.co.uk/news/entertainment-arts-17895716" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="196" data-original-width="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaEZ7NsKzFPZtNN6d79ZQu0of5ynLct8E1inSe_hL2JyHiivIdnPO1UWwyAlXxI2l1yP_2G0T0QlTyOx3fHG2zEPmhzT-Ggr-ikbJHurdz6xUxmKdZaj-m-6k08IBk_GDa8VgIcEVYOeI/s1600/Mr+Punch.jpg" /></a></div>"Something went wrong".<br /><br />It certainly did.<br /><br />But where?<br /><br />Germany? HMRC?<br /><br />Apparently not. The error message is branded GOV.UK Verify (RIP). Their logo. Their problem.<br /><br />Speaking of which, GOV.UK Verify (RIP) has been put up for eIDAS membership. It's been "pre-notified" in the lingo:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://twitter.com/Eichholtzer/status/1035188774463045634" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="495" data-original-width="600" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixRi_Ftm4ifVILohgjJD1glrBtrD0z9OIBGy05QPEf0rTyp3ruQdn6-cppln2zDSQueKXs5QYt7HuEzu5gQoBD3W7Me3nVo6l1iss4SVQjRAXu9iDoJhmCE80rJFyBRQ4pnDW_9P3IHns/s640/eIDAS+UK.JPG" width="640" /></a></div><br />Will it be as successful as the Germans' <i>Ausweis</i>? Will it be deemed to provide a low level of assurance that the owner of the GOV.UK Verify (RIP) identity is who they say they are? Or a substantial level of assurance or even a high one?<br /><br />Our EU partners will not be impressed at the rejection of GOV.UK Verify (RIP) by <a href="http://www.dmossesq.com/2016/04/rip-ida-le-coup-de-grace.html#update6">HMRC</a>, DWP (<a href="https://t.co/UDU2Qgppiy">para.3.21</a>), the <a href="https://www.dmossesq.com/2016/03/rip-ida-not-good-enough-for-nhs.html">NHS</a>, <a href="https://www.mygov.scot/myaccount/">Scotland</a>, <a href="https://www.dmossesq.com/2016/10/rip-ida-local-government-lender-of-last.html#update6">UK local government</a> and others. Nor will they be mollified when they see US NIST's opinion that GOV.UK Verify (RIP) provides nothing better than <a href="https://www.dmossesq.com/2016/05/rip-ida-worse-then-you-thought.html">self-certification</a>.<br /><br />It's all about trust, and what are our partners supposed to make of the fact that the Post Office are treated as an "identity provider" (IDP) even though <a href="http://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html#note5">they're not certified by tScheme</a>? It looks underhand making people think they're dealing with the Post Office when really all the identity proofing work is carried out behind the scenes by Digidentity. It undermines trust.<br /><br />Has GOV.UK Verify (RIP) been pre-notified by the Government Digital Service? That would seem strange:<br /><ul style="text-align: left;"><li>Partly because it is the Department for Digital Culture Media and Sport that has responsibility for <a href="https://www.gov.uk/government/speeches/machinery-of-government-changes-1-june-2015">the digital economy</a> and for <a href="https://www.computerweekly.com/news/252442712/GDS-loses-digital-identity-policy-to-DCMS">identity policy</a>, not GDS.</li><li>And partly because it has recently been announced that the UK government will <a href="https://www.parliament.uk/business/publications/written-questions-answers-statements/written-statement/Commons/2018-10-09/HCWS978/">cease funding</a> GOV.UK Verify (RIP) in 18 months' time.</li></ul>Who will underwrite GOV.UK Verify (RIP) identities after that?<br /><br />No-one knows. Certainly not the 27 other members of the EU.<br /><br />As things stand, the probability of GOV.UK Verify (RIP) getting through the eIDAS vetting procedure is not high, not substantial but, if it's lucky, maybe low. Low-to-non-existent.<br /><br />That's the way to do it.<br /><br />----------<br /><br /><a href="https://www.blogger.com/null" name="update1"></a><b>Updated 23:52</b><br /><br />Our European partners may recall that early last month the UK's Infrastructure and Projects Authority recommended that GOV.UK Verify (RIP) be <a href="https://www.computerweekly.com/news/252448116/Government-projects-watchdog-recommends-terminating-Govuk-Verify-identity-project">terminated</a>. That's the same GOV.UK Verify (RIP) that we're trying to get approved for use in eIDAS, please see above.<br /><br />Not confidence-inspiring.<br /><br /><a href="https://www.dmossesq.com/2018/05/rip-ida-reality-bites.html">Reality bites</a>. But instead of terminating the scheme, the Senior Responsible Owner is <a href="https://www.computerweekly.com/news/252447498/Govuk-Verify-chief-to-leave-Government-Digital-Service">abandoning ship</a> and GDS are <a href="https://www.computerweekly.com/news/252440934/GDS-wants-to-take-hands-off-control-on-digital-identity-says-Govuk-Verify-boss">letting go of the controls</a> and <a href="https://www.computerweekly.com/news/252450313/Government-to-end-investment-in-Govuk-Verify-digital-identity-system">handing it over to the private sector</a>. Perhaps the private sector will prove better at terminating it.<br /><br />Not confidence-inspiring.<br /><br />GOV.UK Verify (RIP) boasted seven "identity providers" until recently – Barclays Bank, CitizenSafe/GB Group plc, Digidentity, Experian, the Post Office, the Royal Mail and SecureIdentity/Morpho.<br /><br />During the handover to the private sector two of those "identity providers" are dropping out – CitizenSafe/GB Group plc and the Royal Mail.<br /><br />In reality, the Royal Mail was never a true "identity provider", they just provided a <a href="https://www.dmossesq.com/2016/09/rip-ida-govuk-verify-is-no-more-it-has.html">call centre service</a> and all the identity proofing and verification work done in its name was really conducted behind the scenes by CitizenSafe/GB Group plc, another example of GDS's duplicity like the Post Office/Digidentity charade, please see above.<br /><br />Not confidence-inspiring.<br /><br />What happens to all the <a href="http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20v6.html#personal">personal information</a> that the Royal Mail and CitizenSafe/GB Group plc amassed while they were still operational? Them and their <a href="http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20v6.html#share">subsidiaries and partners and contractors</a>? Where's the information gone now? What control do we citizens have over our own personal information? What happens when GDS and DCMS are no longer involved?<br /><br />Come to that, what's happened to all the personal information <a href="http://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html#note4">Verizon</a> amassed while they were an "identity provider"?<br /><br />Even for the continuing "identity providers" – Barclays Bank, Digidentity, Experian, the Post Office and SecureIdentity/Morpho – GOV.UK Verify (RIP) doesn't abide by a single one of the <a href="https://www.dmossesq.com/2016/09/rip-ida-privacyidentity-assurance.html#pcag">identity assurance principles</a> that are meant to govern it.<br /><br />Not confidence-inspiring.<br /><br />GDS never answer questions posed by us, the public. Maybe they'll answer the eIDAS authorities.<br /><br /><br /><a href="https://www.blogger.com/null" name="update2"></a><b>Updated 18.10.18</b><br /><br />Certification of the GOV.UK Verify (RIP) services supplied by "identity providers" is carried out by <a href="https://www.tscheme.org/">tScheme</a>. The summary of their certification has now been <a href="http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20tScheme%20approval%20v2.html">updated</a>.<br /><br />The Post Office is most notable as the only "identity provider" to have no tScheme approval whatever.<br /><br />None of the "identity providers" is certified by tScheme as having any expertise with digital certificates – something of a gap <i>vis-à-vis</i> eIDAS, which is all about trust services.</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-20741055434460219962018-10-17T15:36:00.001+01:002020-05-15T18:21:54.419+01:00RIP IDA – international ID slapstick, that's the way to do it<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<i>No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="text-align: center;">
<i>IDA is dead.</i></div>
<div style="text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br />
<i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div>
<div style="text-align: left;">
<br /></div>
A week ago we learnt that people with a German electronic ID are now able to use it to log on to HMRC:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://twitter.com/Martin_Jordan/status/1049980425291087872" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="525" height="484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjERkbxBKtZ681ulz9rDw1uVoqHCAhTROhSMpBTBsn-4YOrzOSJYhibVlQpKELI3dZymJw5OuirljYQvo7bT8A1WKW13t6gp-71MnTiYpNjHQb_ZDQ2p3pYWwvrHedERudKhwdLeNrOzXE/s640/eIDAS+Germany.JPG" width="640" /></a></div>
<br />
<a name='more'></a>This has been on the cards, so to speak, for over 10 years now, ever since the inception of the European Union's <a href="http://www.dematerialisedid.com/BCSL/Hall.html">Project STORK</a>. German students studying at UK universities should be able to access UK public services while they're over here using trusted German identity assurance. Ditto UK students in Germany. And not just Germany and the UK, any EU citizens in any EU country.<br />
<br />
Over the years, Project STORK became <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN">eIDAS</a>, EU Regulation 910/2014. The German <a href="https://www.bsi.bund.de/EN/Topics/ElectrIDDocuments/German-eID/eIDAS-notification/eIDAS_notification_node.html">Federal Office for Information Security</a> jumped through all the eIDAS hoops to "notify" their <i>Ausweis </i>identity assurance scheme, it's passed all the tests and, as noted in the Martin Jordan tweet above, Her Majesty's Revenue and Customs now have to accept <i>Ausweis </i>identities.<br />
<br />
That's the theory.<br />
<br />
In practice, this is the response a German currently gets:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.gov.uk/personal-tax-account/sign-in/prove-identity" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="235" data-original-width="657" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYZsZEh0XflFLeEyFaUzD0-lstinVPQ9_WCiMSqvxoGh6GtFjvn3H6K7cwDgx8s7qzWKWTUd53vl6m1tSO8wXsf-jDE_oRgJhwk0qx8Ld8cKPtWupPh7_ErSIAt_HUbrigyzMqPZ0MEw0/s640/Delivered.JPG" width="640" /></a></div>
<br />
That's the way to do it.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.bbc.co.uk/news/entertainment-arts-17895716" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="196" data-original-width="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaEZ7NsKzFPZtNN6d79ZQu0of5ynLct8E1inSe_hL2JyHiivIdnPO1UWwyAlXxI2l1yP_2G0T0QlTyOx3fHG2zEPmhzT-Ggr-ikbJHurdz6xUxmKdZaj-m-6k08IBk_GDa8VgIcEVYOeI/s1600/Mr+Punch.jpg" /></a></div>
"Something went wrong".<br />
<br />
It certainly did.<br />
<br />
But where?<br />
<br />
Germany? HMRC?<br />
<br />
Apparently not. The error message is branded GOV.UK Verify (RIP). Their logo. Their problem.<br />
<br />
Speaking of which, GOV.UK Verify (RIP) has been put up for eIDAS membership. It's been "pre-notified" in the lingo:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://twitter.com/Eichholtzer/status/1035188774463045634" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="495" data-original-width="600" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixRi_Ftm4ifVILohgjJD1glrBtrD0z9OIBGy05QPEf0rTyp3ruQdn6-cppln2zDSQueKXs5QYt7HuEzu5gQoBD3W7Me3nVo6l1iss4SVQjRAXu9iDoJhmCE80rJFyBRQ4pnDW_9P3IHns/s640/eIDAS+UK.JPG" width="640" /></a></div>
<br />
Will it be as successful as the Germans' <i>Ausweis</i>? Will it be deemed to provide a low level of assurance that the owner of the GOV.UK Verify (RIP) identity is who they say they are? Or a substantial level of assurance or even a high one?<br />
<br />
Our EU partners will not be impressed at the rejection of GOV.UK Verify (RIP) by <a href="http://www.dmossesq.com/2016/04/rip-ida-le-coup-de-grace.html#update6">HMRC</a>, DWP (<a href="https://t.co/UDU2Qgppiy">para.3.21</a>), the <a href="https://www.dmossesq.com/2016/03/rip-ida-not-good-enough-for-nhs.html">NHS</a>, <a href="https://www.mygov.scot/myaccount/">Scotland</a>, <a href="https://www.dmossesq.com/2016/10/rip-ida-local-government-lender-of-last.html#update6">UK local government</a> and others. Nor will they be mollified when they see US NIST's opinion that GOV.UK Verify (RIP) provides nothing better than <a href="https://www.dmossesq.com/2016/05/rip-ida-worse-then-you-thought.html">self-certification</a>.<br />
<br />
It's all about trust, and what are our partners supposed to make of the fact that the Post Office are treated as an "identity provider" (IDP) even though <a href="http://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html#note5">they're not certified by tScheme</a>? It looks underhand making people think they're dealing with the Post Office when really all the identity proofing work is carried out behind the scenes by Digidentity. It undermines trust.<br />
<br />
<a href="https://www.blogger.com/null" name="notify"></a>Has GOV.UK Verify (RIP) been pre-notified by the Government Digital Service? That would seem strange:<br />
<ul style="text-align: left;">
<li>Partly because it is the Department for Digital Culture Media and Sport that has responsibility for <a href="https://www.gov.uk/government/speeches/machinery-of-government-changes-1-june-2015">the digital economy</a> and for <a href="https://www.computerweekly.com/news/252442712/GDS-loses-digital-identity-policy-to-DCMS">identity policy</a>, not GDS.</li>
<li>And partly because it has recently been announced that the UK government will <a href="https://www.parliament.uk/business/publications/written-questions-answers-statements/written-statement/Commons/2018-10-09/HCWS978/">cease funding</a> GOV.UK Verify (RIP) in 18 months' time.</li>
</ul>
Who will underwrite GOV.UK Verify (RIP) identities after that?<br />
<br />
No-one knows. Certainly not the 27 other members of the EU.<br />
<br />
As things stand, the probability of GOV.UK Verify (RIP) getting through the eIDAS vetting procedure is not high, not substantial but, if it's lucky, maybe low. Low-to-non-existent.<br />
<br />
That's the way to do it.<br />
<br />
----------<br />
<br />
<a href="https://www.blogger.com/null" name="update1"></a><b>Updated 23:52</b><br />
<br />
Our European partners may recall that early last month the UK's Infrastructure and Projects Authority recommended that GOV.UK Verify (RIP) be <a href="https://www.computerweekly.com/news/252448116/Government-projects-watchdog-recommends-terminating-Govuk-Verify-identity-project">terminated</a>. That's the same GOV.UK Verify (RIP) that we're trying to get approved for use in eIDAS, please see above.<br />
<br />
Not confidence-inspiring.<br />
<br />
<a href="https://www.dmossesq.com/2018/05/rip-ida-reality-bites.html">Reality bites</a>. But instead of terminating the scheme, the Senior Responsible Owner is <a href="https://www.computerweekly.com/news/252447498/Govuk-Verify-chief-to-leave-Government-Digital-Service">abandoning ship</a> and GDS are <a href="https://www.computerweekly.com/news/252440934/GDS-wants-to-take-hands-off-control-on-digital-identity-says-Govuk-Verify-boss">letting go of the controls</a> and <a href="https://www.computerweekly.com/news/252450313/Government-to-end-investment-in-Govuk-Verify-digital-identity-system">handing it over to the private sector</a>. Perhaps the private sector will prove better at terminating it.<br />
<br />
Not confidence-inspiring.<br />
<br />
GOV.UK Verify (RIP) boasted seven "identity providers" until recently – Barclays Bank, CitizenSafe/GB Group plc, Digidentity, Experian, the Post Office, the Royal Mail and SecureIdentity/Morpho.<br />
<br />
During the handover to the private sector two of those "identity providers" are dropping out – CitizenSafe/GB Group plc and the Royal Mail.<br />
<br />
In reality, the Royal Mail was never a true "identity provider", they just provided a <a href="https://www.dmossesq.com/2016/09/rip-ida-govuk-verify-is-no-more-it-has.html">call centre service</a> and all the identity proofing and verification work done in its name was really conducted behind the scenes by CitizenSafe/GB Group plc, another example of GDS's duplicity like the Post Office/Digidentity charade, please see above.<br />
<br />
Not confidence-inspiring.<br />
<br />
<a name="whathappens"></a>What happens to all the <a href="http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20v6.html#personal">personal information</a> that the Royal Mail and CitizenSafe/GB Group plc amassed while they were still operational? Them and their <a href="http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20v6.html#share">subsidiaries and partners and contractors</a>? Where's the information gone now? What control do we citizens have over our own personal information? What happens when GDS and DCMS are no longer involved?<br />
<br />
Come to that, what's happened to all the personal information <a href="http://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html#note4">Verizon</a> amassed while they were an "identity provider"?<br />
<br />
Even for the continuing "identity providers" – Barclays Bank, Digidentity, Experian, the Post Office and SecureIdentity/Morpho – GOV.UK Verify (RIP) doesn't abide by a single one of the <a href="https://www.dmossesq.com/2016/09/rip-ida-privacyidentity-assurance.html#pcag">identity assurance principles</a> that are meant to govern it.<br />
<br />
Not confidence-inspiring.<br />
<br />
GDS never answer questions posed by us, the public. Maybe they'll answer the eIDAS authorities.<br />
<br />
<br />
<a href="https://www.blogger.com/null" name="update2"></a><b>Updated 18.10.18</b><br />
<br />
Certification of the GOV.UK Verify (RIP) services supplied by "identity providers" is carried out by <a href="https://www.tscheme.org/">tScheme</a>. The summary of their certification has now been <a href="http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20tScheme%20approval%20v2.html">updated</a>.<br />
<br />
The Post Office is most notable as the only "identity provider" to have no tScheme approval whatever.<br />
<br />
None of the "identity providers" is certified by tScheme as having any expertise with digital certificates – something of a gap <i>vis-à-vis</i> eIDAS, which is all about trust services.</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-63529231403550488692018-09-20T01:31:00.001+01:002021-04-11T22:40:55.024+01:00The Digital Ape: how to live (in peace) with smart machines by Nigel Shadbolt and Roger Hampson<div dir="ltr" style="text-align: left;" trbidi="on"><b><a href="https://www.amazon.co.uk/Digital-Ape-peace-smart-machines-ebook/dp/B07BLJWZDZ/ref=sr_1_1?ie=UTF8&qid=1537316070&sr=8-1&keywords=digital+ape+shadbolt">The Digital Ape: how to live (in peace) with smart machines</a></b><br />by Nigel Shadbolt and Roger Hampson<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://www.amazon.co.uk/Digital-Ape-peace-smart-machines-ebook/dp/B07BLJWZDZ/ref=sr_1_1?ie=UTF8&qid=1537316070&sr=8-1&keywords=digital+ape+shadbolt" imageanchor="1" style="clear: left; float: left; margin-right: 1em;"><img border="0" data-original-height="500" data-original-width="325" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTJ1m-zgjlflSXs_spWiurPhr6QH1vkSg3DkCFQez4BtA3onWP-voWMl9HY4L1nwzHEBnKDhhi3Ap5Pc5sZ-2moJZM6wWo87K-sR8FApTYZKj1b7lXb5XO6WtsMVs7xCzKjtBl1YvJSWQ/s320/DigitalApe.jpg" width="208" /></a></div>Professor Sir Nigel Shadbolt is well known to <i>DMossEsq</i>'s millions of readers as the prophet of <a href="https://www.dmossesq.com/2014/08/the-magic-of-open-data-1.html">the magic of open data</a>. He's the chairman and co-founder of the Open Data Institute and Roger Hampson is one of the ODI's four non-executive directors.<br /><br />The title "The Digital Ape" is inspired by Desmond Morris's <i><a href="https://www.amazon.co.uk/dp/B004C055A4/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1">The Naked Ape</a></i> and extends his evolutionary approach to artificial intelligence. Man has always used tools to overcome his original shortcomings. First there was <a href="https://en.wikipedia.org/wiki/Hand_axe">the hand axe</a>. Now there's artificial intelligence. Messrs Shadbolt and Hampson's argument is that the hand axe didn't destroy the human race, so artificial intelligence won't either.<br /><br />What can we digital apes look forward to in the brave new artificial intelligence world where we are at peace with our smart machines?<br /><br />This is a question Professor Sir Nigel has tackled before in conversation with the much lamented journalist, <a href="https://www.dmossesq.com/2013/07/instrumenting-kettle.html">Steve Hewlett</a>:<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>Just imagine a new world where you look out of the window and see the blue flashing lights, and then someone flies through the door and says "<a href="http://dematerialisedid.com/Privacy%20Under%20Pressure%2022.7.13%20Shadbolt.mp3">we're here to prevent you from having a heart attack</a>".</td></tr></tbody></table></blockquote><a name='more'></a><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody><tr><td style="text-align: center;"><a href="https://en.wikipedia.org/wiki/Hand_axe" imageanchor="1" style="clear: right; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="322" data-original-width="220" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSq2voSha1apyTCQ4EibIq-JlcX0ECQh44PK5u__7IPWlYNKBB0IKPBWJcCdDkTkvppkDUC-Uv5qCJUMOlXRSuR3LsJ2x78RWMQwcOWe3LlF_NcYDOOSAhxFjqdBe5NPGczETD2r1D2Vw/s200/Handaxe.JPG" width="135" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Flint hand axe</i> <i>found in Winchester</i></td></tr></tbody></table>Nothing as exciting as that in <i>The Digital Ape</i>, where Messrs Shadbolt and Hampson content themselves instead with a relatively dull vision of the fridge automatically ordering butter for you when stocks run low. Also, "the floor will phone social services if Granny has a fall [but will social services answer?]". (This is at Loc 3052 of the Kindle edition of the book which doesn't have page numbers, just Locs/locations.)<br /><br />Professor Sir Nigel is or at least was in charge of the government's <b><a href="https://www.dmossesq.com/2012/11/midata-false-prospectus-every-time-you.html">midata</a></b> programme which he amusingly claimed, five years ago, would allow us to "<a href="https://www.dmossesq.com/2013/12/curtains-for-midata.html">get to the future more quickly</a>". No sign of that. The apps haven't been developed ...<br /><br />... and the obvious problems remain unsolved. In a digital ape world where we're permanently under surveillance and all data is open including personal information, Steve Hewlett wanted to know, what happens to privacy? We look to our eminent authors for guidance. In vain:<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>On the face of it, open data is an idea too simple and right to fail. Assuming that the correct safeguards around private and personal information are in place ... (Loc 3802)</td></tr></tbody></table></blockquote>What are the "correct safeguards"? No answer.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>Public datasets should definitely be open to all comers, subject to privacy and security concerns ... (Loc 3919)</td></tr></tbody></table></blockquote>How "definitely"? What is a "public dataset"? Which datasets would be "subject to privacy and security concerns"? What access if any would there be to these concerning datasets? No answers.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>The digital ape needs urgently to debate and define the reasonable boundaries for the collection and analysis of information by government agencies in the age of terror. Restraints and accountability are essential ... (Loc 4023)</td></tr></tbody></table></blockquote>Surely this book is the place for that debate. This is the debate that the leaders of the Open Data Institute should be ideally placed to contribute to. What "restraints and accountability"? No answer.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>... we badly need conventions that curb the continued weaponisation of the digital realm ... (Loc 4032)</td></tr></tbody></table></blockquote>What "conventions"? No answer.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>There is no contradiction between the desire to live in a society that is open and secure, and the desire to protect privacy. Open and private apply to different content, handled in appropriately different ways ... (Loc 4069)</td></tr></tbody></table></blockquote>What "appropriately different ways"? No answer.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>The personal data model is one way to produce a viable alternative [to the Orwellian implications of building one huge public database]. There are obviously problems ... We are certain these are solvable problems ... (Loc 4081)</td></tr></tbody></table></blockquote>Why are the authors "certain"? Their certainty doesn't make the reader certain. What are the solutions? No answer.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>If we want people to pay the tax they owe, we need some system of collecting it [<a href="https://www.gov.uk/government/organisations/hm-revenue-customs/services-information">we already have one</a>, courtesy HMRC, quite an extensive one], and some way of knowing collectively that we have done so. Imagination will be needed to turn all these into data stores held by individuals ... (Loc 4139)</td></tr></tbody></table></blockquote>"Some system"? What system? "Some way"? What way? <a href="https://www.dmossesq.com/2015/09/lack-of-control-insecurity-irrelevance.html">"Imagination" is no answer</a>.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>There need to be clear rules for the transparency of algorithmic decision-making, the principles and procedures on which choices about the lives of individuals and groups are being made ... (Loc 4512)</td></tr></tbody></table></blockquote>What "clear rules"? What "principles and procedures"? No answers.<br /><blockquote><table bgcolor="#fff2cc"><tbody><tr><td>We need a new framework to govern the innovations, which might enable individuals, en masse, to temper the continued concentration of ownership and power ... (Loc 4582)</td></tr></tbody></table></blockquote>What "new framework"? No answer.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKwSHrDq9IgE05xaJ4NKltSkqZKxxTeK6lziaXWZYoDJEu8VusFWpox2ZU1aSkGKRbmhdgP4kbRcipHbCxh_Qh8NGeNrS2cH73P1DwLedqq0cJ__Iaa5W8vYikGHEAwdz3B3ZA50B_-Bg/s1600/empty.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="360" data-original-width="480" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKwSHrDq9IgE05xaJ4NKltSkqZKxxTeK6lziaXWZYoDJEu8VusFWpox2ZU1aSkGKRbmhdgP4kbRcipHbCxh_Qh8NGeNrS2cH73P1DwLedqq0cJ__Iaa5W8vYikGHEAwdz3B3ZA50B_-Bg/s200/empty.jpg" width="200" /></a></div>All these questions. We all knew them. That's why we bought the book. To benefit from the experts' ideas. But no. No answers.<br /><br />So much for "on the face of it, open data is an idea too simple and right to fail ... (Loc 3802)". Nothing "simple" about it. Nothing obviously "right" about it.<br /><br />How to live (in peace) with smart machines? No idea. Not a clue.<br /><br /><a href="https://www.dmossesq.com/2016/05/data-science-ethical-framework-contempt.html" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="69" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1nVPEKspX1VlwCvqZUKRO0hHB8mY4Uj1WJjComKGGbGWR1SYTenmpsyWQ0EPgA-_ezzm3gBUVGHqBXbJX-TnIpxiJogieA-ep5-MnaaVEGZavT0q2KTimcnxTU9vLdpLDOgyuJZswSmU/s320/previously.jpg" width="135" /></a></div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-7056210753443047912018-09-20T01:31:00.000+01:002018-10-08T10:25:46.628+01:00The Digital Ape: how to live (in peace) with smart machines by Nigel Shadbolt and Roger Hampson<div dir="ltr" style="text-align: left;" trbidi="on">
<b><a href="https://www.amazon.co.uk/Digital-Ape-peace-smart-machines-ebook/dp/B07BLJWZDZ/ref=sr_1_1?ie=UTF8&qid=1537316070&sr=8-1&keywords=digital+ape+shadbolt">The Digital Ape: how to live (in peace) with smart machines</a></b><br />
by Nigel Shadbolt and Roger Hampson<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.amazon.co.uk/Digital-Ape-peace-smart-machines-ebook/dp/B07BLJWZDZ/ref=sr_1_1?ie=UTF8&qid=1537316070&sr=8-1&keywords=digital+ape+shadbolt" imageanchor="1" style="clear: left; float: left; margin-right: 1em;"><img border="0" data-original-height="500" data-original-width="325" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTJ1m-zgjlflSXs_spWiurPhr6QH1vkSg3DkCFQez4BtA3onWP-voWMl9HY4L1nwzHEBnKDhhi3Ap5Pc5sZ-2moJZM6wWo87K-sR8FApTYZKj1b7lXb5XO6WtsMVs7xCzKjtBl1YvJSWQ/s320/DigitalApe.jpg" width="208" /></a></div>
Professor Sir Nigel Shadbolt is well known to <i>DMossEsq</i>'s millions of readers as the prophet of <a href="https://www.dmossesq.com/2014/08/the-magic-of-open-data-1.html">the magic of open data</a>. He's the chairman and co-founder of the Open Data Institute and Roger Hampson is one of the ODI's four non-executive directors.<br />
<br />
The title "The Digital Ape" is inspired by Desmond Morris's <i><a href="https://www.amazon.co.uk/dp/B004C055A4/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1">The Naked Ape</a></i> and extends his evolutionary approach to artificial intelligence. Man has always used tools to overcome his original shortcomings. First there was <a href="https://en.wikipedia.org/wiki/Hand_axe">the hand axe</a>. Now there's artificial intelligence. Messrs Shadbolt and Hampson's argument is that the hand axe didn't destroy the human race, so artificial intelligence won't either.<br />
<br />
What can we digital apes look forward to in the brave new artificial intelligence world where we are at peace with our smart machines?<br />
<br />
This is a question Professor Sir Nigel has tackled before in conversation with the much lamented journalist, <a href="https://www.dmossesq.com/2013/07/instrumenting-kettle.html">Steve Hewlett</a>:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>Just imagine a new world where you look out of the window and see the blue flashing lights, and then someone flies through the door and says "<a href="http://dematerialisedid.com/Privacy%20Under%20Pressure%2022.7.13%20Shadbolt.mp3">we're here to prevent you from having a heart attack</a>".</td></tr>
</tbody></table>
</blockquote>
<a name='more'></a><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://en.wikipedia.org/wiki/Hand_axe" imageanchor="1" style="clear: right; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="322" data-original-width="220" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSq2voSha1apyTCQ4EibIq-JlcX0ECQh44PK5u__7IPWlYNKBB0IKPBWJcCdDkTkvppkDUC-Uv5qCJUMOlXRSuR3LsJ2x78RWMQwcOWe3LlF_NcYDOOSAhxFjqdBe5NPGczETD2r1D2Vw/s200/Handaxe.JPG" width="135" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><i>Flint hand axe</i> <i>found in Winchester</i></td></tr>
</tbody></table>
Nothing as exciting as that in <i>The Digital Ape</i>, where Messrs Shadbolt and Hampson content themselves instead with a relatively dull vision of the fridge automatically ordering butter for you when stocks run low. Also, "the floor will phone social services if Granny has a fall [but will social services answer?]". (This is at Loc 3052 of the Kindle edition of the book which doesn't have page numbers, just Locs/locations.)<br />
<br />
Professor Sir Nigel is or at least was in charge of the government's <b><a href="https://www.dmossesq.com/2012/11/midata-false-prospectus-every-time-you.html">midata</a></b> programme which he amusingly claimed, five years ago, would allow us to "<a href="https://www.dmossesq.com/2013/12/curtains-for-midata.html">get to the future more quickly</a>". No sign of that. The apps haven't been developed ...<br />
<br />
... and the obvious problems remain unsolved. In a digital ape world where we're permanently under surveillance and all data is open including personal information, Steve Hewlett wanted to know, what happens to privacy? We look to our eminent authors for guidance. In vain:<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>On the face of it, open data is an idea too simple and right to fail. Assuming that the correct safeguards around private and personal information are in place ... (Loc 3802)</td></tr>
</tbody></table>
</blockquote>
What are the "correct safeguards"? No answer.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>Public datasets should definitely be open to all comers, subject to privacy and security concerns ... (Loc 3919)</td></tr>
</tbody></table>
</blockquote>
How "definitely"? What is a "public dataset"? Which datasets would be "subject to privacy and security concerns"? What access if any would there be to these concerning datasets? No answers.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>The digital ape needs urgently to debate and define the reasonable boundaries for the collection and analysis of information by government agencies in the age of terror. Restraints and accountability are essential ... (Loc 4023)</td></tr>
</tbody></table>
</blockquote>
Surely this book is the place for that debate. This is the debate that the leaders of the Open Data Institute should be ideally placed to contribute to. What "restraints and accountability"? No answer.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>... we badly need conventions that curb the continued weaponisation of the digital realm ... (Loc 4032)</td></tr>
</tbody></table>
</blockquote>
What "conventions"? No answer.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>There is no contradiction between the desire to live in a society that is open and secure, and the desire to protect privacy. Open and private apply to different content, handled in appropriately different ways ... (Loc 4069)</td></tr>
</tbody></table>
</blockquote>
What "appropriately different ways"? No answer.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>The personal data model is one way to produce a viable alternative [to the Orwellian implications of building one huge public database]. There are obviously problems ... We are certain these are solvable problems ... (Loc 4081)</td></tr>
</tbody></table>
</blockquote>
Why are the authors "certain"? Their certainty doesn't make the reader certain. What are the solutions? No answer.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>If we want people to pay the tax they owe, we need some system of collecting it [<a href="https://www.gov.uk/government/organisations/hm-revenue-customs/services-information">we already have one</a>, courtesy HMRC, quite an extensive one], and some way of knowing collectively that we have done so. Imagination will be needed to turn all these into data stores held by individuals ... (Loc 4139)</td></tr>
</tbody></table>
</blockquote>
"Some system"? What system? "Some way"? What way? <a href="https://www.dmossesq.com/2015/09/lack-of-control-insecurity-irrelevance.html">"Imagination" is no answer</a>.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>There need to be clear rules for the transparency of algorithmic decision-making, the principles and procedures on which choices about the lives of individuals and groups are being made ... (Loc 4512)</td></tr>
</tbody></table>
</blockquote>
What "clear rules"? What "principles and procedures"? No answers.<br />
<blockquote>
<table bgcolor="#fff2cc"><tbody>
<tr><td>We need a new framework to govern the innovations, which might enable individuals, en masse, to temper the continued concentration of ownership and power ... (Loc 4582)</td></tr>
</tbody></table>
</blockquote>
What "new framework"? No answer.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKwSHrDq9IgE05xaJ4NKltSkqZKxxTeK6lziaXWZYoDJEu8VusFWpox2ZU1aSkGKRbmhdgP4kbRcipHbCxh_Qh8NGeNrS2cH73P1DwLedqq0cJ__Iaa5W8vYikGHEAwdz3B3ZA50B_-Bg/s1600/empty.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="360" data-original-width="480" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKwSHrDq9IgE05xaJ4NKltSkqZKxxTeK6lziaXWZYoDJEu8VusFWpox2ZU1aSkGKRbmhdgP4kbRcipHbCxh_Qh8NGeNrS2cH73P1DwLedqq0cJ__Iaa5W8vYikGHEAwdz3B3ZA50B_-Bg/s200/empty.jpg" width="200" /></a></div>
All these questions. We all knew them. That's why we bought the book. To benefit from the experts' ideas. But no. No answers.<br />
<br />
So much for "on the face of it, open data is an idea too simple and right to fail ... (Loc 3802)". Nothing "simple" about it. Nothing obviously "right" about it.<br />
<br />
How to live (in peace) with smart machines? No idea. Not a clue.<br />
<br />
<a href="https://www.dmossesq.com/2016/05/data-science-ethical-framework-contempt.html" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="69" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1nVPEKspX1VlwCvqZUKRO0hHB8mY4Uj1WJjComKGGbGWR1SYTenmpsyWQ0EPgA-_ezzm3gBUVGHqBXbJX-TnIpxiJogieA-ep5-MnaaVEGZavT0q2KTimcnxTU9vLdpLDOgyuJZswSmU/s320/previously.jpg" width="135" /></a></div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-17379153804221445652018-09-01T21:05:00.003+01:002021-04-11T22:40:55.047+01:00The Sham ID, called 'Aadhaar': Hoax of the Century<div dir="ltr" style="text-align: left;" trbidi="on"><b><a href="https://www.amazon.co.uk/Sham-ID-called-Aadhaar-Century/dp/1643249096/ref=sr_1_2?ie=UTF8&qid=1535773504&sr=8-2&keywords=aadhaar+sham+id">The Sham ID, called 'Aadhaar': Hoax of the Century</a></b><br />by Mathew Thomas<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://www.amazon.co.uk/Sham-ID-called-Aadhaar-Century/dp/1643249096/ref=sr_1_2?ie=UTF8&qid=1535773504&sr=8-2&keywords=aadhaar+sham+id" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="499" data-original-width="333" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIoXV-sjY79OefCKzMBxydFe7eViTle6AMEv-SgoHHdahVRsia2fjly3EiAtUXmTI3SSoyTDyrNQkHtec5cMrgKgr5_OpEREKnEY084lHZVWBiB-EvtwGjUSgfBq-Vf1vx1lCqF8tHPqk/s320/51Sq9vmKUkL._SX331_BO1%252C204%252C203%252C200_.jpg" width="213" /></a></div>"Achche din is finally here", says the condemned man on the front cover of Mathew Thomas's book.<br /><br />"Achhe din aane waale hain" was the campaign slogan of Narendra Modi's BJP party in India's 2014 election, "happy days are coming".<br /><br />For years Mr Modi had opposed Aadhaar. Bad news. That's while he was in opposition. Then he became Prime Minister and now he's a fan. Happy days are here again.<br /><br />"Stop! He has no Aadhaar card", says the lawyer on the front cover of Mathew Thomas's book.<br /><br />The funny thing is, no-one does. There is no such thing as an Aadhaar card. Aadhaar cards are part of the extraordinary Indian delusion that is the subject of Mr Thomas's book.<br /><br />UIDAI, the Unique Identification Authority of India, the people in charge of Aadhaar, have pulled off "the hoax of the century". Not only are there no Aadhaar cards, there is no unique identification either.<br /><br />Aadhaar doesn't work. One big broken promise, it was meant to help the poor to claim state benefits and it doesn't. It can't.<br /><br /><a name='more'></a>The politicians know that. The civil servants know that. The media know that. So do the lawyers and so does everyone else. Not least because Mathew Thomas has spent 10 years or so patiently telling them.<br /><br />And yet ...<br /><br />... UIDAI goes from strength to strength.<br /><br />Aadhaar was meant to be a voluntary scheme. First it morphed into being mandatory for state benefits and now it's trying to insert itself into more and more walks of life. You want a passport? Give us your Aadhaar number. You want a mobile phone? Give us your Aadhaar number. You want a bank account? Give us your Aadhaar number. Etc ...<br /><br />What's going on?<br /><br />It's baffling.<br /><br />The politicians and the civil servants <i>et al</i> aren't stupid. And yet they connive in funding Aadhaar.<br /><br />Alice in Wonderland? The emperor's new clothes? Tulipmania? Pick your metaphor. Whichever you choose, India is undeniably in the grip of some sort of of an extraordinary delusion, a nightmare from which it will finally wake up.<br /><br />For years, India's Supreme Court has been hearing the tireless Mathew Thomas's cases asserting that Aadhaar is unconstitutional. The court is due to promulgate its latest decision soon. Independent of political parties and of business interests, the judges have the opportunity to rouse India from its slumbers, to say <i>achhe din aane waale hain</i> and to put an authoritative stop to this Aadhaar nonsense.</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-57204815737274085532018-09-01T21:05:00.002+01:002018-09-03T04:34:00.999+01:00The Sham ID, called 'Aadhaar': Hoax of the Century<div dir="ltr" style="text-align: left;" trbidi="on">
<b><a href="https://www.amazon.co.uk/Sham-ID-called-Aadhaar-Century/dp/1643249096/ref=sr_1_2?ie=UTF8&qid=1535773504&sr=8-2&keywords=aadhaar+sham+id">The Sham ID, called 'Aadhaar': Hoax of the Century</a></b><br />
by Mathew Thomas<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.amazon.co.uk/Sham-ID-called-Aadhaar-Century/dp/1643249096/ref=sr_1_2?ie=UTF8&qid=1535773504&sr=8-2&keywords=aadhaar+sham+id" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="499" data-original-width="333" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIoXV-sjY79OefCKzMBxydFe7eViTle6AMEv-SgoHHdahVRsia2fjly3EiAtUXmTI3SSoyTDyrNQkHtec5cMrgKgr5_OpEREKnEY084lHZVWBiB-EvtwGjUSgfBq-Vf1vx1lCqF8tHPqk/s320/51Sq9vmKUkL._SX331_BO1%252C204%252C203%252C200_.jpg" width="213" /></a></div>
"Achche din is finally here", says the condemned man on the front cover of Mathew Thomas's book.<br />
<br />
"Achhe din aane waale hain" was the campaign slogan of Narendra Modi's BJP party in India's 2014 election, "happy days are coming".<br />
<br />
For years Mr Modi had opposed Aadhaar. Bad news. That's while he was in opposition. Then he became Prime Minister and now he's a fan. Happy days are here again.<br />
<br />
"Stop! He has no Aadhaar card", says the lawyer on the front cover of Mathew Thomas's book.<br />
<br />
The funny thing is, no-one does. There is no such thing as an Aadhaar card. Aadhaar cards are part of the extraordinary Indian delusion that is the subject of Mr Thomas's book.<br />
<br />
UIDAI, the Unique Identification Authority of India, the people in charge of Aadhaar, have pulled off "the hoax of the century". Not only are there no Aadhaar cards, there is no unique identification either.<br />
<br />
Aadhaar doesn't work. One big broken promise, it was meant to help the poor to claim state benefits and it doesn't. It can't.<br />
<br />
<a name='more'></a>The politicians know that. The civil servants know that. The media know that. So do the lawyers and so does everyone else. Not least because Mathew Thomas has spent 10 years or so patiently telling them.<br />
<br />
And yet ...<br />
<br />
... UIDAI goes from strength to strength.<br />
<br />
Aadhaar was meant to be a voluntary scheme. First it morphed into being mandatory for state benefits and now it's trying to insert itself into more and more walks of life. You want a passport? Give us your Aadhaar number. You want a mobile phone? Give us your Aadhaar number. You want a bank account? Give us your Aadhaar number. Etc ...<br />
<br />
What's going on?<br />
<br />
It's baffling.<br />
<br />
The politicians and the civil servants <i>et al</i> aren't stupid. And yet they connive in funding Aadhaar.<br />
<br />
Alice in Wonderland? The emperor's new clothes? Tulipmania? Pick your metaphor. Whichever you choose, India is undeniably in the grip of some sort of of an extraordinary delusion, a nightmare from which it will finally wake up.<br />
<br />
For years, India's Supreme Court has been hearing the tireless Mathew Thomas's cases asserting that Aadhaar is unconstitutional. The court is due to promulgate its latest decision soon. Independent of political parties and of business interests, the judges have the opportunity to rouse India from its slumbers, to say <i>achhe din aane waale hain</i> and to put an authoritative stop to this Aadhaar nonsense.</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-16289444315628032232018-06-02T09:02:00.001+01:002021-04-11T22:40:55.070+01:00Untitled 5<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://twitter.com/tomskitomski/status/1002561778222534656" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="317" data-original-width="580" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmIUrXMHrVrL-A9HDxGMjr46_iwfCbPs3xw5qOb_5W69I3k14upOAjof3t95CQ2CGFwbeVrIHNYHIsHM0ejAKasnKD5oRmF2gwv7_hdknpx3t2tSVrCF0sIKZqj3vMgTQf5x0v6xzZ2xY/s640/Notify1.JPG" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://twitter.com/yahoo_pete/status/1002588390435573762" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="530" data-original-width="509" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKIzJZmOQHiKZc7OwzHYZxR_mewhsjw2axAAY9CayhbmygVfGiMYYWr4-dGWrm1TjBx1OsNfCIuU7Rii8LBjq5DLKdsv4-_hNXwKHakA3d5aqUv1EOrC02zVmIO7HXo0DpbynN8FgrxuM/s640/Notify2.JPG" width="614" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><a href="https://www.dmossesq.com/2018/02/untitled-4.html">Untitled 4</a><br /><br /><a href="http://www.dmossesq.com/2016/11/untitled-3.html">Untitled 3</a><br /><br /><a href="http://www.dmossesq.com/2013/03/untitled-2.html">Untitled 2</a><br /><br /><a href="http://www.dmossesq.com/2013/02/untitled-1.html">Untitled 1</a></div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-36545378002893205732018-06-02T09:02:00.000+01:002018-06-02T09:02:42.624+01:00Untitled 5<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://twitter.com/tomskitomski/status/1002561778222534656" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="317" data-original-width="580" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmIUrXMHrVrL-A9HDxGMjr46_iwfCbPs3xw5qOb_5W69I3k14upOAjof3t95CQ2CGFwbeVrIHNYHIsHM0ejAKasnKD5oRmF2gwv7_hdknpx3t2tSVrCF0sIKZqj3vMgTQf5x0v6xzZ2xY/s640/Notify1.JPG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://twitter.com/yahoo_pete/status/1002588390435573762" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="530" data-original-width="509" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKIzJZmOQHiKZc7OwzHYZxR_mewhsjw2axAAY9CayhbmygVfGiMYYWr4-dGWrm1TjBx1OsNfCIuU7Rii8LBjq5DLKdsv4-_hNXwKHakA3d5aqUv1EOrC02zVmIO7HXo0DpbynN8FgrxuM/s640/Notify2.JPG" width="614" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<a href="https://www.dmossesq.com/2018/02/untitled-4.html">Untitled 4</a><br />
<br />
<a href="http://www.dmossesq.com/2016/11/untitled-3.html">Untitled 3</a><br />
<br />
<a href="http://www.dmossesq.com/2013/03/untitled-2.html">Untitled 2</a><br />
<br />
<a href="http://www.dmossesq.com/2013/02/untitled-1.html">Untitled 1</a></div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-77324083240137808362018-05-24T23:24:00.002+01:002023-08-10T01:01:27.562+01:00Understanding the ethos and ethics of identity in public services<div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-size: large;">Last Friday 18 May 2018 was the Think.Digital <i><a href="http://www.thinkdigitalidentityforgovernment.com/">Identity for government</a></i> conference. The following speech was prepared but not delivered:</span><br /><br />It's been 17 years since we've seen any progress<br />in identity<br />in on-line public services in the UK.<br />The U-bend is blocked.<br />And it’s our job as the plumbers here at this conference today<br />to see if we can unblock it.<br /><br /><a name='more'></a>Some people would have us believe<br />that we have a major problem in the UK<br />identifying ourselves adequately<br />to access on-line public services.<br /><br />Those gloomy people are not obviously right.<br /><br />We're already identifying ourselves to on-line UK <a href="https://hmrcdigital.blog.gov.uk/2017/02/13/green-light-for-government-gateway-transformation/">central government</a> services<br />over 400 million times a year<br />using the Government Gateway.<br /><br />The Gateway has been in operation since 2001,<br />it maintains over 50 million active accounts<br />and it allows us to access 123 public services<br />400 million times a year.<br /><br />We don't have any trouble applying for planning permission on-line<br />with our local authority<br />and we don’t have any trouble paying their parking fines on-line.<br /><br />In the private sector,<br />we Brits participate in a vast and growing on-line economy.<br />We’ve been able for years to press a few buttons and,<br />without leaving the house,<br />pay to have a new dishwasher delivered and installed<br />and the old one taken away.<br /><br />Think twice before agreeing that on-line identity in the UK is nothing but problems.<br /><br />----------<br /><br />We’re in the internet era now<br />and that’s the justification given for all sorts of nonsense.<br />Some people say that the internet era ethos<br />dictates that we should use the same on-line identity assurance system<br />in both the public sector and the private sector.<br /><br />Why?<br /> <br />What’s wrong with having multiple systems?<br />Nature is our model<br />and it happens in nature all the time,<br />where the badly adapted loser species get killed off<br />while plurality promotes survival.<br /><br />HMRC have been happy enough with the Government Gateway for 17 years now.<br />But if the NHS can't use the Gateway and need a different system for their purposes,<br />fine – let them develop their own.<br />DWP, too.<br />And Scotland.<br />And above all,<br />because that's where most government takes place,<br />local government – let local government adopt its own identity assurance systems.<br /><br />To insist that there should be one and only one identity assurance system<br />is an ideological neurosis blocking the U-bend.<br /><br />----------<br /><br />Some people assert that establishing our credentials to use any on-line service<br />should be <a href="https://www.dmossesq.com/2017/08/in-praise-of-friction.html">frictionless</a>.<br />It should be as easy,<br />they say,<br />to sign up for on-line government services<br />as it is to open an account with Amazon.<br /><br />Piffle.<br /><br />The only reason it's so easy to open an account with Amazon<br />is that we've already got a bank account.<br /><br />And the only reason we've already got a bank account<br />is that we and our bank overcame the friction<br />and put in the effort to open it.<br /><br />Getting a bank account is important.<br />We would expect the process to involve friction.<br />It would be suspicious if it didn't.<br /><br />----------<br /><br />Some people offer us <a href="https://www.dmossesq.com/2016/09/rip-ida-privacyidentity-assurance.html#pcag">control over our personal information</a><br />when it’s stored in their snazzy innovative identity assurance system.<br />The suppliers of personal data stores make that offer.<br />They can't deliver.<br />It's not in their gift.<br />The purveyors of open banking offer us that control.<br />Open banking was supposed to start in the UK on 13 January 2018.<br />Four months later there's still no sign of it.<br />The BBC ask us to create an account to use their services<br />and they, too, promise us control over our personal information.<br />So does the UK government's identity assurance programme,<br />popularly known as “GOV.UK Verify (RIP)”.<br /><br />In the event,<br />once we've handed it over to these strangers,<br />it turns out that we have no control whatever over our personal information.<br />Our personal information can be stored anywhere in the world,<br />and we haven’t got a clue who’s got access to it<br />or what they’re doing with it.<br />These strangers could trash our privacy<br />and misuse our personal information.<br />We can't rely on their corporate conscience to stop them from doing so.<br />This isn’t a question of ethics.<br />That’s wrong.<br />We need laws to step in and take control where we can’t because it’s beyond us.<br /><br />----------<br /><br />The word "control",<br />like the word "friction-free",<br />should be a trigger warning.<br /><br /><a name="sosecure"></a>Ditto "<a href="https://www.dmossesq.com/2013/10/hyperinflation-hits-unicorn-market.html">secure</a>".<br />That’s another trigger warning.<br />It is unethical to promise security without qualification<br />as some identity assurance systems do.<br />That promise can no more be delivered on<br />than the promise to give us control over our own personal information.<br /><br />Better to be like the lumbering old retail banks<br />who promise in their privacy statements to do what they can,<br />securitywise,<br />but warn us that the internet is not a safe space,<br />there will be breaches.<br /><br />And that's another thing.<br />The retail banks are legally obliged to take on liability.<br />If our bank account is emptied by a fraudster and it's not our fault,<br />then the banks compensate us.<br />"Liability" is a word we don't often hear from the internet era promoters.<br />That's a shame.<br />Liability is what keeps the retail banks' noses clean.<br />Always remember,<br />when presented with a proposed identity assurance system,<br />to get an answer to the question who’s liable.<br /><br />----------<br /><br />Some people place their faith in <a href="https://www.dmossesq.com/2015/09/so-where-are-we-on-astrology-13-years.html">mass consumer biometrics</a><br />to bind us to our digital identities.<br /><br />Demand proof before joining the faith yourself.<br /><br />Large-scale field trials used to reveal this flaky technology<br />to be laughably unreliable.<br /><br />That gave the biometrics salesmen a problem,<br />a problem they have solved by not conducting any more large-scale field trials.<br /><br />Don't fall for it.<br />"Biometrics"?<br />Trigger warning.<br /><br />----------<br /><br />With no progress in 17 years we've got a growing list<br />of new and not-so-new<br />requirements for identity assurance.<br />Age verification.<br />Registering to vote.<br />Voting at elections.<br />Proof of UK residence rights.<br />Access to health records.<br />And more.<br /><br />We know we can crack these problems.<br />Despite what the gloom merchants tell us,<br />we have a good record –<br />400 million transactions a year is not to be sneezed at.<br /><br />----------<br /><br />In unblocking the U-bend,<br />expect the retail banks to be involved.<br />It's not going too far to say that their business is identity assurance.<br />They're good at it.<br /><br />Expect the mobile phone industry to be involved.<br />Your ticket to the Royal Academy Summer Exhibition<br />doesn't have to be a material piece of card<br />posted to your house.<br />It could just as easily be a dematerialised digital certificate<br />transmitted by the Academy<br />to your phone<br />using public key infrastructure to authenticate every step of the transaction.<br /><br />----------<br /><br />To sum up:<br /><ol style="text-align: left;"><li>Make the most of the mobile phone industry ...</li><li>... and the banks.</li><li>Remember that mass consumer biometrics is pitifully unreliable.</li><li>Check where the liability lies in any proposed identity assurance system.</li><li>Beware of offers of security without qualification ...</li><li>... and offers of control over our personal information.</li><li>Embrace friction ...</li><li>... and don't get trussed up in fatuous claims that there must be one and only one identity assurance system – the more the merrier.</li></ol>That’s my advice<br />if we want an unbunged-up U-bend in the internet era.<br /><br />----------<br /><br /><a href="https://www.blogger.com/null" name="update1"></a><b>Updated 6.12.18</b><br /><br />Think.Digital's 18 May 2018 conference on <i>Identity for Government</i> was followed by Think.Digital's 29 November 2018 conference on <i>Identity for Government</i>.<br /><br />Any progress in between?<br /><br />Yes.<br /><br />In May, despite being dead, GOV.UK Verify (RIP) somehow held the ring. By November the conference was saying <i><a href="https://www.thinkdigitalpartners.com/news/2018/11/30/turns-much-life-beyond-verify/">Turns out there is very much 'life beyond verify' ...</a></i><br /><br /><a href="https://www.google.co.uk/search?q=%22rip+ida%22+site%3Admossesq.com&rlz=1C1CHBF_en-GBGB742GB742&oq=%22rip+ida%22+site%3Admossesq.com&aqs=chrome..69i57.14028j0j7&sourceid=chrome&ie=UTF-8">Where have you heard that before?</a><br /><br />In May, despite being silly, the received wisdom was that there should be one national digital ID scheme and only one. But there are other numbers and by November the conference was saying <i><a href="https://www.thinkdigitalpartners.com/news/2018/12/06/hmg-needs-pantry-full-good-id-solutions/">Why HMG needs a 'pantry' full of good ID solutions</a></i>.<br /><br />Ring a bell? Please see "to insist that there should be one and only one identity assurance system is an ideological neurosis blocking the U-bend" above and "don't get trussed up in fatuous claims that there must be one and only one identity assurance system – the more the merrier".</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-8791980513054717382018-05-24T23:24:00.001+01:002020-02-09T18:28:50.666+00:00Understanding the ethos and ethics of identity in public services<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-size: large;">Last Friday 18 May 2018 was the Think.Digital <i><a href="http://www.thinkdigitalidentityforgovernment.com/">Identity for government</a></i> conference. The following speech was prepared but not delivered:</span><br />
<br />
It's been 17 years since we've seen any progress<br />
in identity<br />
in on-line public services in the UK.<br />
The U-bend is blocked.<br />
And it’s our job as the plumbers here at this conference today<br />
to see if we can unblock it.<br />
<br />
<a name='more'></a>Some people would have us believe<br />
that we have a major problem in the UK<br />
identifying ourselves adequately<br />
to access on-line public services.<br />
<br />
Those gloomy people are not obviously right.<br />
<br />
We're already identifying ourselves to on-line UK <a href="https://hmrcdigital.blog.gov.uk/2017/02/13/green-light-for-government-gateway-transformation/">central government</a> services<br />
over 400 million times a year<br />
using the Government Gateway.<br />
<br />
The Gateway has been in operation since 2001,<br />
it maintains over 50 million active accounts<br />
and it allows us to access 123 public services<br />
400 million times a year.<br />
<br />
We don't have any trouble applying for planning permission on-line<br />
with our local authority<br />
and we don’t have any trouble paying their parking fines on-line.<br />
<br />
In the private sector,<br />
we Brits participate in a vast and growing on-line economy.<br />
We’ve been able for years to press a few buttons and,<br />
without leaving the house,<br />
pay to have a new dishwasher delivered and installed<br />
and the old one taken away.<br />
<br />
Think twice before agreeing that on-line identity in the UK is nothing but problems.<br />
<br />
----------<br />
<br />
We’re in the internet era now<br />
and that’s the justification given for all sorts of nonsense.<br />
Some people say that the internet era ethos<br />
dictates that we should use the same on-line identity assurance system<br />
in both the public sector and the private sector.<br />
<br />
Why?<br />
<br />
What’s wrong with having multiple systems?<br />
Nature is our model<br />
and it happens in nature all the time,<br />
where the badly adapted loser species get killed off<br />
while plurality promotes survival.<br />
<br />
HMRC have been happy enough with the Government Gateway for 17 years now.<br />
But if the NHS can't use the Gateway and need a different system for their purposes,<br />
fine – let them develop their own.<br />
DWP, too.<br />
And Scotland.<br />
And above all,<br />
because that's where most government takes place,<br />
local government – let local government adopt its own identity assurance systems.<br />
<br />
To insist that there should be one and only one identity assurance system<br />
is an ideological neurosis blocking the U-bend.<br />
<br />
----------<br />
<br />
Some people assert that establishing our credentials to use any on-line service<br />
should be <a href="https://www.dmossesq.com/2017/08/in-praise-of-friction.html">frictionless</a>.<br />
It should be as easy,<br />
they say,<br />
to sign up for on-line government services<br />
as it is to open an account with Amazon.<br />
<br />
Piffle.<br />
<br />
The only reason it's so easy to open an account with Amazon<br />
is that we've already got a bank account.<br />
<br />
And the only reason we've already got a bank account<br />
is that we and our bank overcame the friction<br />
and put in the effort to open it.<br />
<br />
Getting a bank account is important.<br />
We would expect the process to involve friction.<br />
It would be suspicious if it didn't.<br />
<br />
----------<br />
<br />
Some people offer us <a href="https://www.dmossesq.com/2016/09/rip-ida-privacyidentity-assurance.html#pcag">control over our personal information</a><br />
when it’s stored in their snazzy innovative identity assurance system.<br />
The suppliers of personal data stores make that offer.<br />
They can't deliver.<br />
It's not in their gift.<br />
The purveyors of open banking offer us that control.<br />
Open banking was supposed to start in the UK on 13 January 2018.<br />
Four months later there's still no sign of it.<br />
The <a href="https://www.dmossesq.com/2017/12/what-does-bbc-mean-by-control.html">BBC</a> ask us to create an account to use their services<br />
and they, too, promise us control over our personal information.<br />
So does the UK government's identity assurance programme,<br />
popularly known as “GOV.UK Verify (RIP)”.<br />
<br />
In the event,<br />
once we've handed it over to these strangers,<br />
it turns out that we have no control whatever over our personal information.<br />
Our personal information can be stored anywhere in the world,<br />
and we haven’t got a clue who’s got access to it<br />
or what they’re doing with it.<br />
These strangers could trash our privacy<br />
and misuse our personal information.<br />
We can't rely on their corporate conscience to stop them from doing so.<br />
This isn’t a question of ethics.<br />
That’s wrong.<br />
We need laws to step in and take control where we can’t because it’s beyond us.<br />
<br />
----------<br />
<br />
The word "control",<br />
like the word "friction-free",<br />
should be a trigger warning.<br />
<br />
Ditto "<a href="https://www.dmossesq.com/2013/10/hyperinflation-hits-unicorn-market.html">secure</a>".<br />
That’s another trigger warning.<br />
It is unethical to promise security without qualification<br />
as some identity assurance systems do.<br />
That promise can no more be delivered on<br />
than the promise to give us control over our own personal information.<br />
<br />
Better to be like the lumbering old retail banks<br />
who promise in their privacy statements to do what they can,<br />
securitywise,<br />
but warn us that the internet is not a safe space,<br />
there will be breaches.<br />
<br />
And that's another thing.<br />
The retail banks are legally obliged to take on liability.<br />
If our bank account is emptied by a fraudster and it's not our fault,<br />
then the banks compensate us.<br />
"Liability" is a word we don't often hear from the internet era promoters.<br />
That's a shame.<br />
Liability is what keeps the retail banks' noses clean.<br />
Always remember,<br />
when presented with a proposed identity assurance system,<br />
to get an answer to the question who’s liable.<br />
<br />
----------<br />
<br />
Some people place their faith in <a href="https://www.dmossesq.com/2015/09/so-where-are-we-on-astrology-13-years.html">mass consumer biometrics</a><br />
to bind us to our digital identities.<br />
<br />
Demand proof before joining the faith yourself.<br />
<br />
Large-scale field trials used to reveal this flaky technology<br />
to be laughably unreliable.<br />
<br />
That gave the biometrics salesmen a problem,<br />
a problem they have solved by not conducting any more large-scale field trials.<br />
<br />
Don't fall for it.<br />
"Biometrics"?<br />
Trigger warning.<br />
<br />
----------<br />
<br />
With no progress in 17 years we've got a growing list<br />
of new and not-so-new<br />
requirements for identity assurance.<br />
Age verification.<br />
Registering to vote.<br />
Voting at elections.<br />
Proof of UK residence rights.<br />
Access to health records.<br />
And more.<br />
<br />
We know we can crack these problems.<br />
Despite what the gloom merchants tell us,<br />
we have a good record –<br />
400 million transactions a year is not to be sneezed at.<br />
<br />
----------<br />
<br />
In unblocking the U-bend,<br />
expect the retail banks to be involved.<br />
It's not going too far to say that their business is identity assurance.<br />
They're good at it.<br />
<br />
Expect the mobile phone industry to be involved.<br />
Your ticket to the Royal Academy Summer Exhibition<br />
doesn't have to be a material piece of card<br />
posted to your house.<br />
It could just as easily be <a href="http://www.dematerialisedid.com/Dematerialisation.html">a dematerialised digital certificate</a><br />
transmitted by the Academy<br />
to your phone<br />
using public key infrastructure to authenticate every step of the transaction.<br />
<br />
----------<br />
<br />
To sum up:<br />
<ol style="text-align: left;">
<li>Make the most of the mobile phone industry ...</li>
<li>... and the banks.</li>
<li>Remember that mass consumer biometrics is pitifully unreliable.</li>
<li>Check where the liability lies in any proposed identity assurance system.</li>
<li>Beware of offers of security without qualification ...</li>
<li>... and offers of control over our personal information.</li>
<li>Embrace friction ...</li>
<li>... and don't get trussed up in fatuous claims that there must be one and only one identity assurance system – the more the merrier.</li>
</ol>
That’s my advice<br />
if we want an unbunged-up U-bend in the internet era.<br />
<br />
----------<br />
<br />
<a href="https://www.blogger.com/null" name="update1"></a><b>Updated 6.12.18</b><br />
<br />
Think.Digital's 18 May 2018 conference on <i>Identity for Government</i> was followed by Think.Digital's 29 November 2018 conference on <i>Identity for Government</i>.<br />
<br />
Any progress in between?<br />
<br />
Yes.<br />
<br />
In May, despite being dead, GOV.UK Verify (RIP) somehow held the ring. By November the conference was saying <i><a href="https://www.thinkdigitalpartners.com/news/2018/11/30/turns-much-life-beyond-verify/">Turns out there is very much 'life beyond verify' ...</a></i><br />
<br />
<a href="https://www.google.co.uk/search?q=%22rip+ida%22+site%3Admossesq.com&rlz=1C1CHBF_en-GBGB742GB742&oq=%22rip+ida%22+site%3Admossesq.com&aqs=chrome..69i57.14028j0j7&sourceid=chrome&ie=UTF-8">Where have you heard that before?</a><br />
<br />
In May, despite being silly, the received wisdom was that there should be one national digital ID scheme and only one. But there are other numbers and by November the conference was saying <i><a href="https://www.thinkdigitalpartners.com/news/2018/12/06/hmg-needs-pantry-full-good-id-solutions/">Why HMG needs a 'pantry' full of good ID solutions</a></i>.<br />
<br />
Ring a bell? Please see "to insist that there should be one and only one identity assurance system is an ideological neurosis blocking the U-bend" above and "don't get trussed up in fatuous claims that there must be one and only one identity assurance system – the more the merrier".</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-4747560318369417242018-05-15T18:10:00.002+01:002021-04-11T22:40:55.113+01:00RIP IDA – "Reality bites"<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: center;"><i>No need to say it, it goes without saying, it should be obvious to all but,</i></div><div style="text-align: center;"><i>just in case it isn't obvious to all,</i></div><div style="text-align: center;"><i>IDA is dead.</i></div><div style="text-align: center;"><i><br /></i></div><div style="text-align: center;"><i>IDA, now known as "GOV.UK Verify (RIP)",</i></div><div style="text-align: center;"><i>is the Cabinet Office Identity Assurance programme.</i></div><div style="text-align: center;"><i>And it's dead.</i><br /><i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br /><i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br /><i>is in fact the person he or she is purporting to be;</i><br /><i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div><div style="text-align: left;"><br /></div>Finally.<br /><br />At their annual jamboree, Sprint 18, on Thursday 10 May 2018 the Government Digital Service (GDS) finally signed <a href="https://www.governmentcomputing.com/brexit-eu/news/brexit-brake-verify-progress-spurs-gds-woo-private-sector-digital-identity">the GOV.UK Verify (RIP) death certificate</a>.<br /><br />"Reality bites", said Nic Harrison, GDS's director of service design and assurance, "we are, frankly, just not going to get hundreds of new services being digitised in the next year to bring on Verify".<br /><br /><a name='more'></a><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIDFc5Omc-bnBhXduDU1zg-ir7PE-KaN8pf-2BzZMyVHJKYahZBwDbrZ_Lqj7tUQIWA4zc5ZAnDjrFYBzdGwohPz8CGl2WxuPWxIFKUMVbnwajcxek4P1TgMv-Z1sSU2B_LD7BDCqHWqI/s1600/RIP.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="222" data-original-width="226" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIDFc5Omc-bnBhXduDU1zg-ir7PE-KaN8pf-2BzZMyVHJKYahZBwDbrZ_Lqj7tUQIWA4zc5ZAnDjrFYBzdGwohPz8CGl2WxuPWxIFKUMVbnwajcxek4P1TgMv-Z1sSU2B_LD7BDCqHWqI/s200/RIP.gif" width="200" /></a></div>By 6 May 2018 there were just 17 on-line public services using GOV.UK Verify (RIP) whereas over 100 had once long ago been expected.<br /><br />And just <a href="https://www.gov.uk/performance/govuk-verify/users-accessing-services#from=2014-09-01T00:00:00Z&to=2018-05-01T00:00:00Z">2,237,857 GOV.UK Verify (RIP) accounts</a> have been created since 13 October 2014. At that rate it will take until 28 July 2054 to create 25 million accounts, whereas GDS's target is 2020. Not feasible. 34 years late.<br /><br />100? No, 17.<br /><br />2020? No, 2054.<br /><br />Meanwhile, the <a href="https://hmrcdigital.blog.gov.uk/2017/02/13/green-light-for-government-gateway-transformation/">Government Gateway</a> is already used to access 123 on-line public services, it already has over 50 million active accounts and it is already used over 400 million times a year.<br /><br />GOV.UK Verify (RIP) has only been used <a href="https://www.gov.uk/performance/govuk-verify/users-accessing-services#from=2014-09-01T00:00:00Z&to=2018-05-01T00:00:00Z">3.9 million times</a> since 13 October 2014. The Government Gateway takes just 3½ days on average to achieve the same usage as GOV.UK Verify (RIP) in 1,300 days. Roughly, one Government Gateway day is a GOV.UK Verify (RIP) year.<br /><br />There's a lot of reality to bite. And it has now well and truly bitten. GDS's job was to provide access to on-line public services. The problem had already been solved by the Government Gateway. Why spend six years trying to solve it again with GOV.UK Verify (RIP)?<br /><br />There never was a good answer to that question.<br /><br />And now GDS agree. GOV.UK Verify? RIP.<br /><br />There is a rearguard action.<br /><br />GDS now want GOV.UK Verify (RIP) to be taken up by the private sector.<br /><br />But private sector interest so far is nil. There are no private sector on-line services using GOV.UK Verify (RIP). None.<br /><br />We all of us use private sector services on-line. It's another problem that's already been solved. We don't need GOV.UK Verify (RIP). GDS's non-performing little cartel of "identity providers" offers us nothing.<br /><br />And the reality is that that's what the rearguard action will come to. Nothing.<br /><br />----------<br /><br /><a href="https://www.blogger.com/null" name="update1"></a><b>Updated 3&4.6.18</b><br /><br />At Sprint 18, 10 May 2018, while Kevin Cunnington delivered sweet nothings from the stage, in the wings Nic Harrison briefed journalists on the mortal effect of reality on GOV.UK Verify (RIP), please see above. Mr Cunnington is the director general of GDS, the Government Digital Service, and it is odd that he delegated this briefing rôle.<br /><br /><a href="https://www.computerweekly.com/news/252440934/GDS-wants-to-take-hands-off-control-on-digital-identity-says-Govuk-Verify-boss"><i>GDS wants to take 'hands off control' on digital identity, says Gov.uk Verify boss</i></a>. That was <i>Computer Weekly</i> magazine. In the words of the UKAuthority.com website, <i><a href="http://www.ukauthority.com/news/8183/gds-looks-to-private-sector-to-boost-verify-take-up">GDS looks to private sector to boost Verify take-up</a></i>. Or, as <i>Government Computing</i> put it, <i><a href="https://www.governmentcomputing.com/brexit-eu/news/brexit-brake-verify-progress-spurs-gds-woo-private-sector-digital-identity">Brexit brake on Verify spurs GDS to woo private sector on digital identity</a></i>.<br /><br />What would "GDS taking its hands off control" mean? How could the private sector "boost" take-up? In what way would the private sector be "wooed"? And how can a brake be a spur?<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.thinkdigitalidentityforgovernment.com/" imageanchor="1" style="clear: left; float: left; margin-right: 1em;"><img border="0" data-original-height="167" data-original-width="300" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha-qMv1UkntgFq7leuQx21HV8CvyOGb-y6HY3mUSSZwSWShpDr0RF_l_IfLoD49hn-yA-uBQoDMcF_-PAVwLZP1MgsoXDQ3MWP5ZnEGwLzuyxL0Ypsz9Z7RdBLKgdRjo6FBUYh0R-q8Ac/s200/18.5.18.png" width="200" /></a></div>Not long to wait for the answers, the Think.Digital conference on <i><a href="http://www.thinkdigitalidentityforgovernment.com/">Understanding the ethos and ethics of identity in public services</a></i> was coming up on 18 May 2018 and this time we were going to hear from <a href="http://www.thinkdigitalpartners.com/news/2018/01/08/major-government-identity-event-confirmed-may-18/">the boss himself</a>: "Speakers already confirmed include the GDS Director General Kevin Cunnington, who will be talking about the next phase of Gov Verify" ...<br /><br />... except that it's all turning into a French farce, you never know who's going to come out of which door. In the event Mr Cunnington scratched so that once again, when the door opened, with DMossEsq in the audience, it was <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/nic-harrison/">Nic "reality bites" Harrison</a> who came out on stage.<br /><br />GOV.UK Verify (RIP) will eliminate fraud, he said, and it will reduce operating costs. Also, GDS is transforming government from end to end step by step and privacy is the cornerstone of everything GDS does. And the Government Gateway will be closed by March 2019 implying, although Mr Harrison didn't make this obvious point, that HMG (Her Majesty's Government) won't be able to collect any tax thereafter. Reality has a bit more biting to do yet.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://twitter.com/KantaraColin/status/998498672311783426" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="365" data-original-width="530" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIei73iuyBIi77d13vy4Ig72w_Venwc6wYUShkda_sqXKGijwL5rB07Hf-1UVMvrpGNW7IoGNQf7ahAbOV-auf0B1YHndMqGnwHv-fQB0jyOTVpq5Ea2vldhilzlNICLU5YjjpTmDRDEo/s320/Adoption.JPG" width="320" /></a> <a href="https://twitter.com/KantaraColin/status/998501160993611777" imageanchor="1" style="clear: right; float: right; margin-left: 1em;"><img border="0" data-original-height="329" data-original-width="539" height="195" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEQ8We5V_cj4YSjjs__PdSE4sA6m5fuKMLFViPYjTi3V86JvI_GVX90SIgkpQr7Eq5EYyO2kpdihDO6VzRyxJHIsirylSK7m0U2zAm0PDBBucyZevUmrOEtDuwpjmtCbjuB_Czefgl_fQ/s320/Patience.JPG" width="320" /></a></div>On the other hand, Mr Harrison did acknowledge for the first time that GOV.UK Verify (RIP) is not unique. Other identity assurance schemes around the world have taken six years to achieve 50% adoption so really we ought to look at GOV.UK Verify (RIP) as a very young system and <a href="https://www.governmentcomputing.com/central-government/news/harrison-calls-patience-verify-take">your patience is called for</a>. This is a first for GDS. Reality has at least nibbled. The pretence of exceptionalism has been dropped.<br /><br />The completion rate (now "verification success rate") for GOV.UK Verify (RIP) is complicated. It is hard to explain. It stands at 40% or so, i.e. the failure rate is something like 60% but that's not really what it means, Mr Harrison said. You can have too much reality – this may be the prelude to removing the completion rate from GOV.UK Verify (RIP)'s dashboard on <a href="https://www.gov.uk/performance/govuk-verify">the GDS performance platform</a>.<br /><br />There was some perfunctory vapour about including level-of-assurance-1 self-certified, unverified identities in the statistics for GOV.UK Verify (RIP) – you can see why <a href="https://www.dmossesq.com/2018/04/gds-banshees-4-in-defence-of-silos.html">GDS lost the responsibility for government "data"</a> – and everyone should use one and only one electronic identity and government standards and federated systems and the GOV.UK Verify (RIP) brand and stepping stones to an ecosystem and it all depends on the private sector ...<br /><br />... but there was no explanation how this will work. The questions raised by Sprint 18 remain unanswered and GOV.UK Verify (RIP) remains dead.<br /><br />Mr Harrison finished by saying that he looked forward to hearing what the next speaker, Don Thibeau, had to say. Then he sat down. Mr Thibeau got up to speak. Mr Harrison promptly left the building. It's the way he tells 'em.<br /><br /><br /><a href="https://www.blogger.com/null" name="update2"></a><b>Updated 4.6.18</b><br /><br />Don Thibeau is the head of OIX, the Open Identity Exchange, GDS's business partner on GOV.UK Verify (RIP) and, according to him, speaking at the Think.Digital conference on <i><a href="http://www.thinkdigitalidentityforgovernment.com/">Identity for government</a></i>, OIX should lead the public-private partnership (PPP) between GDS and the private sector.<br /><br />That's a bit confusing when you consider that no organisation has done more than OIX to explain the problems with GOV.UK Verify (RIP) and its inability to attract a single user in the private sector, please see <a href="https://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html">here</a>, <a href="https://www.dmossesq.com/2017/07/rip-ida-oix-to-rescue-2.html">here</a> and <a href="https://www.dmossesq.com/2018/05/rip-ida-oix-to-rescue-3.html">here</a> for example. And of course Mr Thibeau offered no explanation how this PPP would work.<br /><br />In a whirlwind tour of the identity assurance world Mr Thibeau told us that:<br /><ul style="text-align: left;"><li>The US have cancelled their GOV.UK Verify (RIP) lookalike system, connect.gov (a fact which <i>DMossEsq </i>readers have been apprised of for nearly <a href="https://www.dmossesq.com/2016/07/rip-ida-connectgov-goes-down-tubes.html">two years</a> now).</li><li>The nasty authoritarian Chinese are using identity assurance systems to keep the population under constant surveillance. They maintain social credit accounts for everyone and woe betide you if your balance/score goes into the red (<i><a href="https://www.governmentcomputing.com/central-government/news/think-tank-wants-gds-take-creation-single-digital-government-account">Think tank wants GDS to take on creation of single Digital Government Account</a></i>).</li><li>The nasty authoritarian Russians want access to the personal records of all passengers overflying the mother country (that hasn't been news for at least nine years now, everyone wants that data, please see <a href="http://www.dematerialisedid.com/BCSL/eBorders.html">question 7</a>).</li><li>There is a queue of African states outside the doors of the World Bank all trying to raise loans to deploy identity assurance schemes to promote economic growth (any sign of that working?).</li><li>Open banking and PSD2 could be big (if they ever get started, we've been expecting them in the UK since <a href="https://www.dmossesq.com/2017/12/open-banking-psd2-govuk-verify-rip-and.html">13 January 2018</a> and there's no sign yet).</li><li>Blockchain.</li></ul><div class="separator" style="clear: both; text-align: center;"><a href="http://www.thinkdigitalidentityforgovernment.com/" imageanchor="1" style="clear: right; float: right; margin-left: 1em;"><img border="0" data-original-height="167" data-original-width="300" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSkjIOT3KM0cxEy980vwU69p-6hT_uBfeU04hCUZj8M-apgAnc1Yx5G78aRcXGe2RXx-cu6XMTM6VuWNf0rwauzALTd00g687PGzYGYQW0Twz-kWSG8GnkY2BF3GUOp6JKslcoT1b_0rw/s200/18.5.18.png" width="200" /></a></div>None of that explains how a GOV.UK Verify (RIP) PPP would work, we are no further forward, the ethos of identity in public services is decidedly other-worldly, reality has yet to bite and the ethics can get nasty – "aggressive data capitalism", Mr Thibeau called it, referring to governments just as much as Facebook and Google.<br /><br />Make of it what you will, Mr Thibeau agreed to take questions at the end of his talk on one condition: "keep the microphone away from David Moss".<br /><br /><br /><a href="https://www.blogger.com/null" name="update3"></a><b>Updated 6.6.18</b><br /><br />Two presentations at the Think.Digital <a href="http://www.thinkdigitalidentityforgovernment.com/">conference on identity in public services</a> were given by practitioners actually trying to get identity assurance schemes to work:<br /><ul style="text-align: left;"><li><a href="http://www.thinkdigitalidentityforgovernment.com/speaker/adam-lewis/">Adam Lewis</a> is the Programme director, Citizen Identity & Personal Health Records at NHS Digital. The NHS (National Health Service) for some purposes ("Comparison" purposes) needs level of assurance 3 digital identities and GOV.UK Verify (RIP) only offers level of assurance 2. So for those purposes GOV.UK Verify (RIP) is no use to the NHS.</li><br /><li><a href="http://www.thinkdigitalidentityforgovernment.com/speaker/stuart-young/" name="fail">Stuart Young</a> is the managing director of Etive Technologies, a company which has worked on identity assurance with Birmingham City Council, the Greater London Authority, the London Borough of Tower Hamlets, Hackney Council and GDS themselves, the Government Digital Service. Mr Young said that in his experience of identity assurance for local authorities:</li><ul><li>GOV.UK Verify (RIP) has "failed most people".</li><li>Local authorities are better at identity proofing and <strike>validation</strike> verification (IPV) than banks.</li></ul></ul>That's what reality biting looks like, according to DMossEsq's contemporaneous notes of the conference.<br /><br />GDS can ignore reality and advocate a public-private partnership all they like but the fact remains, according to Messrs Lewis and Young and others, that GOV.UK Verify (RIP) is useless to the NHS and to local authorities.<br /><br /><b>Level of assurance? Low</b><br />OIX have told us in the past that, with millions of people, GOV.UK Verify (RIP) has trouble reaching even level of assurance 2 (<a href="http://oixuk.org/wp-content/uploads/2016/11/THE-USE-OF-BANK-DATA-FOR-IDENTITY-VERIFICATION-OIX-White-Paper-FINAL-August-2015.pdf">p.11</a>). The problem is GOV.UK Verify (RIP)'s reliance on credit records. Millions of people don't have a comprehensive and up to date credit record and as a result the credit rating agencies can't help with IPV. These people exist. But they can't be added to GOV.UK Verify (RIP)'s population registers. From that point of view, they may as well not exist.<br /><br />The US National Institute of Standards and Technology (NIST), by the way, consider that GOV.UK Verify (RIP) doesn't really offer level of assurance 2 – NIST reckon it only amounts to level of assurance 1, <a href="https://www.dmossesq.com/2016/05/rip-ida-worse-then-you-thought.html#nist">self-certification</a>. Self-certification has its uses but there's no need to pay "identity providers" to populate GOV.UK Verify (RIP) with unverified identities ...<br /><br />... and the Law Commission, of course, please see above, consider that GOV.UK Verify (RIP) fails to prove that the person on the end of the line is who they claim to be. After a while you have to ask yourself whether entirely on-line registration is feasible, reality may suggest that GDS are simply attempting the impossible.<br /><br /><b>Penetration? Limited</b><br />GDS used to publish statistics on GOV.UK Verify (RIP)'s <a href="https://www.dmossesq.com/2016/01/the-sunlight-of-transparency.html#update5">account creation success rate</a>. The rate hovered around the 70% mark, i.e. about 30% of the population could not be reached by GOV.UK Verify (RIP). GDS stipulated that GOV.UK Verify (RIP) would not go live until the account creation success rate had reached 90%. It never did, <a href="https://www.dmossesq.com/2016/06/matt-hancock-83-83-71.html#update2">they stopped publishing the statistics</a> and <a href="https://www.dmossesq.com/2016/06/matt-hancock-83-83-71.html#update1">GOV.UK Verify (RIP) went live anyway</a>.<br /><br />In public administration you can't just ignore millions of people. GOV.UK Verify (RIP) just won't do. Not if it's meant to be the <i>only </i>identity assurance system which is what Nic Harrison wants, please see above, and so do other ideologues.<br /><br />The public sector needs "universal" coverage, the NHS has to be able to offer services to anyone, DWP (the Department for Work and Pensions) has to be able to pay Universal Credit to anyone and Tower Hamlets has to be able to contribute to the social care costs of anyone. The ideologues need to listen to the practitioners.<br /><br />The private sector can pick and choose. They don't need "universal" coverage, they can be content with a sub-set of the population. But they do need more than level of assurance 2 for their digital identities. In <a href="https://www.dmossesq.com/2017/07/rip-ida-last-blip-on-lifesupport-system.html#polite">the finance sector</a> they need more like 4 and even higher.<br /><br /><b>Partner? Sleeping</b><br />When reality really bites, when they confront the real world, GDS will finally have to acknowledge that, to repeat, GOV.UK Verify (RIP) just won't do. GOV.UK Verify (RIP) has nothing to bring to any supposed partnership with the private sector.<br /><br /><b>Legal persons? None</b><br />Both the public sector and the private sector need companies and trusts and partnerships to have electronic identities in addition to natural persons (you and me). GOV.UK Verify (RIP) can't provide them. It can only register natural persons, not legal persons. If they relied on GOV.UK Verify (RIP) HMRC (Her Majesty's Revenue and Customs) couldn't collect corporation tax, PAYE, NI or VAT from companies because GOV.UK Verify (RIP) doesn't know what a company is. No good.<br /><br /><b>Combustion? Spontaneous</b><br />GOV.UK Verify (RIP) has been dying since it went into its public beta phase in <a href="https://identityassurance.blog.gov.uk/2014/10/14/gov-uk-verify-public-beta/">October 2014</a>. It's not the young system Nic Harrison pretends, please see above. One problem that has come to light over the years is that your GOV.UK Verify (RIP) identity can <a href="https://www.dmossesq.com/2016/09/agile-identity.html">spontaneously disappear</a>, you can unpredictably cease to exist – now you are you, now you're not. No good to the NHS. No good to local authorities. No good to the private sector. No good.<br /><br /><br /><a href="https://www.blogger.com/null" name="update4"></a><b>Updated 12.11.18</b><br /><br />We have recorded above some of the points made at Think.Digital's 18 May 2018 conference on identity in public services.<br /><br />Now Think.Digital are holding a second conference, this time on '<a href="http://www.thinkdigitalidentityforgovernment.com/">Understanding the Policy, Practice and Delivery of Public Sector Identity</a>', 29 November 2018.<br /><br />No DMossEsq speaking this time. No Kevin Cunnington, of course. And no Nic Harrison – reality has bitten and <a href="https://www.publictechnology.net/articles/news/gds-verify-chief-harrison-move-back-dwp">he's left the Government Digital Service</a> (GDS).<br /><br /><a href="http://www.thinkdigitalidentityforgovernment.com/speaker/anthony-wilson/">Anthony Wilson</a> will be there. He is a colleague at NHS Digital of Adam Lewis, who spoke at the 18 May event when he explained how GOV.UK Verify RIP can't meet the National Health Service's level of assurance requirements. Mr Wilson will no doubt expand on 29 November on <a href="https://digital.nhs.uk/blog/transformation-blog/2018/nhs-login---improving-access-to-digital-health-and-care-services">NHS Digital's plans to develop its own identity assurance scheme</a>.<br /><br />And of course Lawrence Hopper will be there on 29 November.<br /><br />Who?<br /><br />Lawrence. You know Lawrence. The <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/lawrence-hopper/">Head of Policy and Strategy for GOV.UK Verify RIP at GDS</a>.<br /><br />What does he know about national identity assurance?<br /><br />Almost entirely anonymous, Google is silent on the question but that doesn't matter because, famously, GDS are handing GOV.UK Verify RIP over to the private sector, please see for example <i><a href="https://www.governmentcomputing.com/identity/news/dowden-details-verifys-private-sector-future-signals-end-direct-whitehall-funding-identity-programme">Dowden details Verify’s private sector future and signals end of direct Whitehall funding for identity programme</a></i>.<br /><br />Also, GDS haven't been in charge of national identity policy since June 2018, please see for example <i><a href="https://www.computerweekly.com/news/252442712/GDS-loses-digital-identity-policy-to-DCMS">GDS loses digital identity policy to DCMS</a></i>. Luckily Andrew Elliot will be there to resolve this mystery. He's the <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/andrew-elliot/">deputy director for digital identity at DCMS</a>, the Department for Digital Culture Media and Sport.<br /><br />David Alexander will be there, he's <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/david-alexander/">Chief Executive of Mydex</a>, the company still flying the flag for <a href="https://www.dmossesq.com/2014/05/the-non-existent-personal-data-control.html">personal data stores</a>. <a href="https://www.dmossesq.com/2015/04/rip-ida-mydex-flies-over-cuckoos-next.html">Why did Mydex never sign up as "identity providers" to GOV.UK Verify RIP</a>? Perhaps Mr Alexander will tell the audience on 29 November.<br /><br />How do you protect your personal information? According to Mydex, by collecting it all together in a personal data store in the cloud. That puts you in control, by some new definition of the word "control", the opposite of what is normally understood by it. Never mind the daily diet of <a href="https://www.dmossesq.com/2013/10/hyperinflation-hits-unicorn-market.html">cyber breaches</a> which we feed on. And never mind that <a href="https://www.dmossesq.com/2015/09/lack-of-control-insecurity-irrelevance.html">personal data stores can't support attribute exchange</a>.<br /><br /><a href="http://www.dmossesq.com/2017/12/what-does-bbc-mean-by-control.html">The BBC have the same problem</a>. When you hand over all your personal information to a stranger in the cloud the BBC, too, call that "being in control". Attendees could take that up with <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/colin-brown/">Colin Brown</a>, lead identity and access management architect at the BBC, another organisation that sees no need to use GOV.UK Verify RIP.<br /><br />HMRC are having to modernise the Government Gateway to continue to support on-line transactions, as it has for 18 years now, as <a href="http://www.dmossesq.com/2016/05/government-gateway-1-0-govuk-verify-rip.html">GOV.UK Verify RIP can't verify the identity of companies</a>. The new version of the Gateway is thought to be going live in March 2019. Will it? Attendees could ask <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/alison-walsh/">Alison Walsh</a>, the business readiness lead for external government departments, Government Gateway program at Her Majesty's Revenue and Customs. Let's hope the answer is yes, otherwise reality really will bite, we won't be able to pay any tax and there won't be any public services left in the UK, not even GDS.</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-73166101124432203082018-05-15T18:10:00.001+01:002018-11-12T14:44:43.806+00:00RIP IDA – "Reality bites"<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<i>No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="text-align: center;">
<i>IDA is dead.</i></div>
<div style="text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html">If Verify is the answer, what was the question?</a>"</i><br />
<i><br /></i><i><a href="https://www.lawcom.gov.uk/">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf">para.6.67/p.119</a>)</i></div>
<div style="text-align: left;">
<br /></div>
Finally.<br />
<br />
At their annual jamboree, Sprint 18, on Thursday 10 May 2018 the Government Digital Service (GDS) finally signed <a href="https://www.governmentcomputing.com/brexit-eu/news/brexit-brake-verify-progress-spurs-gds-woo-private-sector-digital-identity">the GOV.UK Verify (RIP) death certificate</a>.<br />
<br />
"Reality bites", said Nic Harrison, GDS's director of service design and assurance, "we are, frankly, just not going to get hundreds of new services being digitised in the next year to bring on Verify".<br />
<br />
<a name='more'></a><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIDFc5Omc-bnBhXduDU1zg-ir7PE-KaN8pf-2BzZMyVHJKYahZBwDbrZ_Lqj7tUQIWA4zc5ZAnDjrFYBzdGwohPz8CGl2WxuPWxIFKUMVbnwajcxek4P1TgMv-Z1sSU2B_LD7BDCqHWqI/s1600/RIP.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="222" data-original-width="226" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIDFc5Omc-bnBhXduDU1zg-ir7PE-KaN8pf-2BzZMyVHJKYahZBwDbrZ_Lqj7tUQIWA4zc5ZAnDjrFYBzdGwohPz8CGl2WxuPWxIFKUMVbnwajcxek4P1TgMv-Z1sSU2B_LD7BDCqHWqI/s200/RIP.gif" width="200" /></a></div>
By 6 May 2018 there were just 17 on-line public services using GOV.UK Verify (RIP) whereas over 100 had once long ago been expected.<br />
<br />
And just <a href="https://www.gov.uk/performance/govuk-verify/users-accessing-services#from=2014-09-01T00:00:00Z&to=2018-05-01T00:00:00Z">2,237,857 GOV.UK Verify (RIP) accounts</a> have been created since 13 October 2014. At that rate it will take until 28 July 2054 to create 25 million accounts, whereas GDS's target is 2020. Not feasible. 34 years late.<br />
<br />
100? No, 17.<br />
<br />
2020? No, 2054.<br />
<br />
Meanwhile, the <a href="https://hmrcdigital.blog.gov.uk/2017/02/13/green-light-for-government-gateway-transformation/">Government Gateway</a> is already used to access 123 on-line public services, it already has over 50 million active accounts and it is already used over 400 million times a year.<br />
<br />
GOV.UK Verify (RIP) has only been used <a href="https://www.gov.uk/performance/govuk-verify/users-accessing-services#from=2014-09-01T00:00:00Z&to=2018-05-01T00:00:00Z">3.9 million times</a> since 13 October 2014. The Government Gateway takes just 3½ days on average to achieve the same usage as GOV.UK Verify (RIP) in 1,300 days. Roughly, one Government Gateway day is a GOV.UK Verify (RIP) year.<br />
<br />
There's a lot of reality to bite. And it has now well and truly bitten. GDS's job was to provide access to on-line public services. The problem had already been solved by the Government Gateway. Why spend six years trying to solve it again with GOV.UK Verify (RIP)?<br />
<br />
There never was a good answer to that question.<br />
<br />
And now GDS agree. GOV.UK Verify? RIP.<br />
<br />
There is a rearguard action.<br />
<br />
GDS now want GOV.UK Verify (RIP) to be taken up by the private sector.<br />
<br />
But private sector interest so far is nil. There are no private sector on-line services using GOV.UK Verify (RIP). None.<br />
<br />
We all of us use private sector services on-line. It's another problem that's already been solved. We don't need GOV.UK Verify (RIP). GDS's non-performing little cartel of "identity providers" offers us nothing.<br />
<br />
And the reality is that that's what the rearguard action will come to. Nothing.<br />
<br />
----------<br />
<br />
<a href="https://www.blogger.com/null" name="update1"></a><b>Updated 3&4.6.18</b><br />
<br />
At Sprint 18, 10 May 2018, while Kevin Cunnington delivered sweet nothings from the stage, in the wings Nic Harrison briefed journalists on the mortal effect of reality on GOV.UK Verify (RIP), please see above. Mr Cunnington is the director general of GDS, the Government Digital Service, and it is odd that he delegated this briefing rôle.<br />
<br />
<a href="https://www.computerweekly.com/news/252440934/GDS-wants-to-take-hands-off-control-on-digital-identity-says-Govuk-Verify-boss"><i>GDS wants to take 'hands off control' on digital identity, says Gov.uk Verify boss</i></a>. That was <i>Computer Weekly</i> magazine. In the words of the UKAuthority.com website, <i><a href="http://www.ukauthority.com/news/8183/gds-looks-to-private-sector-to-boost-verify-take-up">GDS looks to private sector to boost Verify take-up</a></i>. Or, as <i>Government Computing</i> put it, <i><a href="https://www.governmentcomputing.com/brexit-eu/news/brexit-brake-verify-progress-spurs-gds-woo-private-sector-digital-identity">Brexit brake on Verify spurs GDS to woo private sector on digital identity</a></i>.<br />
<br />
What would "GDS taking its hands off control" mean? How could the private sector "boost" take-up? In what way would the private sector be "wooed"? And how can a brake be a spur?<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.thinkdigitalidentityforgovernment.com/" imageanchor="1" style="clear: left; float: left; margin-right: 1em;"><img border="0" data-original-height="167" data-original-width="300" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha-qMv1UkntgFq7leuQx21HV8CvyOGb-y6HY3mUSSZwSWShpDr0RF_l_IfLoD49hn-yA-uBQoDMcF_-PAVwLZP1MgsoXDQ3MWP5ZnEGwLzuyxL0Ypsz9Z7RdBLKgdRjo6FBUYh0R-q8Ac/s200/18.5.18.png" width="200" /></a></div>
Not long to wait for the answers, the Think.Digital conference on <i><a href="http://www.thinkdigitalidentityforgovernment.com/">Understanding the ethos and ethics of identity in public services</a></i> was coming up on 18 May 2018 and this time we were going to hear from <a href="http://www.thinkdigitalpartners.com/news/2018/01/08/major-government-identity-event-confirmed-may-18/">the boss himself</a>: "Speakers already confirmed include the GDS Director General Kevin Cunnington, who will be talking about the next phase of Gov Verify" ...<br />
<br />
... except that it's all turning into a French farce, you never know who's going to come out of which door. In the event Mr Cunnington scratched so that once again, when the door opened, with DMossEsq in the audience, it was <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/nic-harrison/">Nic "reality bites" Harrison</a> who came out on stage.<br />
<br />
GOV.UK Verify (RIP) will eliminate fraud, he said, and it will reduce operating costs. Also, GDS is transforming government from end to end step by step and privacy is the cornerstone of everything GDS does. And the Government Gateway will be closed by March 2019 implying, although Mr Harrison didn't make this obvious point, that HMG (Her Majesty's Government) won't be able to collect any tax thereafter. Reality has a bit more biting to do yet.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://twitter.com/KantaraColin/status/998498672311783426" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="365" data-original-width="530" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIei73iuyBIi77d13vy4Ig72w_Venwc6wYUShkda_sqXKGijwL5rB07Hf-1UVMvrpGNW7IoGNQf7ahAbOV-auf0B1YHndMqGnwHv-fQB0jyOTVpq5Ea2vldhilzlNICLU5YjjpTmDRDEo/s320/Adoption.JPG" width="320" /></a>
<a href="https://twitter.com/KantaraColin/status/998501160993611777" imageanchor="1" style="clear: right; float: right; margin-left: 1em;"><img border="0" data-original-height="329" data-original-width="539" height="195" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEQ8We5V_cj4YSjjs__PdSE4sA6m5fuKMLFViPYjTi3V86JvI_GVX90SIgkpQr7Eq5EYyO2kpdihDO6VzRyxJHIsirylSK7m0U2zAm0PDBBucyZevUmrOEtDuwpjmtCbjuB_Czefgl_fQ/s320/Patience.JPG" width="320" /></a></div>
On the other hand, Mr Harrison did acknowledge for the first time that GOV.UK Verify (RIP) is not unique. Other identity assurance schemes around the world have taken six years to achieve 50% adoption so really we ought to look at GOV.UK Verify (RIP) as a very young system and <a href="https://www.governmentcomputing.com/central-government/news/harrison-calls-patience-verify-take">your patience is called for</a>. This is a first for GDS. Reality has at least nibbled. The pretence of exceptionalism has been dropped.<br />
<br />
The completion rate (now "verification success rate") for GOV.UK Verify (RIP) is complicated. It is hard to explain. It stands at 40% or so, i.e. the failure rate is something like 60% but that's not really what it means, Mr Harrison said. You can have too much reality – this may be the prelude to removing the completion rate from GOV.UK Verify (RIP)'s dashboard on <a href="https://www.gov.uk/performance/govuk-verify">the GDS performance platform</a>.<br />
<br />
There was some perfunctory vapour about including level-of-assurance-1 self-certified, unverified identities in the statistics for GOV.UK Verify (RIP) – you can see why <a href="https://www.dmossesq.com/2018/04/gds-banshees-4-in-defence-of-silos.html">GDS lost the responsibility for government "data"</a> – and everyone should use one and only one electronic identity and government standards and federated systems and the GOV.UK Verify (RIP) brand and stepping stones to an ecosystem and it all depends on the private sector ...<br />
<br />
... but there was no explanation how this will work. The questions raised by Sprint 18 remain unanswered and GOV.UK Verify (RIP) remains dead.<br />
<br />
Mr Harrison finished by saying that he looked forward to hearing what the next speaker, Don Thibeau, had to say. Then he sat down. Mr Thibeau got up to speak. Mr Harrison promptly left the building. It's the way he tells 'em.<br />
<br />
<br />
<a href="https://www.blogger.com/null" name="update2"></a><b>Updated 4.6.18</b><br />
<br />
Don Thibeau is the head of OIX, the Open Identity Exchange, GDS's business partner on GOV.UK Verify (RIP) and, according to him, speaking at the Think.Digital conference on <i><a href="http://www.thinkdigitalidentityforgovernment.com/">Identity for government</a></i>, OIX should lead the public-private partnership (PPP) between GDS and the private sector.<br />
<br />
That's a bit confusing when you consider that no organisation has done more than OIX to explain the problems with GOV.UK Verify (RIP) and its inability to attract a single user in the private sector, please see <a href="https://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html">here</a>, <a href="https://www.dmossesq.com/2017/07/rip-ida-oix-to-rescue-2.html">here</a> and <a href="https://www.dmossesq.com/2018/05/rip-ida-oix-to-rescue-3.html">here</a> for example. And of course Mr Thibeau offered no explanation how this PPP would work.<br />
<br />
In a whirlwind tour of the identity assurance world Mr Thibeau told us that:<br />
<ul style="text-align: left;">
<li>The US have cancelled their GOV.UK Verify (RIP) lookalike system, connect.gov (a fact which <i>DMossEsq </i>readers have been apprised of for nearly <a href="https://www.dmossesq.com/2016/07/rip-ida-connectgov-goes-down-tubes.html">two years</a> now).</li>
<li>The nasty authoritarian Chinese are using identity assurance systems to keep the population under constant surveillance. They maintain social credit accounts for everyone and woe betide you if your balance/score goes into the red (<i><a href="https://www.governmentcomputing.com/central-government/news/think-tank-wants-gds-take-creation-single-digital-government-account">Think tank wants GDS to take on creation of single Digital Government Account</a></i>).</li>
<li>The nasty authoritarian Russians want access to the personal records of all passengers overflying the mother country (that hasn't been news for at least nine years now, everyone wants that data, please see <a href="http://www.dematerialisedid.com/BCSL/eBorders.html">question 7</a>).</li>
<li>There is a queue of African states outside the doors of the World Bank all trying to raise loans to deploy identity assurance schemes to promote economic growth (any sign of that working?).</li>
<li>Open banking and PSD2 could be big (if they ever get started, we've been expecting them in the UK since <a href="https://www.dmossesq.com/2017/12/open-banking-psd2-govuk-verify-rip-and.html">13 January 2018</a> and there's no sign yet).</li>
<li>Blockchain.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.thinkdigitalidentityforgovernment.com/" imageanchor="1" style="clear: right; float: right; margin-left: 1em;"><img border="0" data-original-height="167" data-original-width="300" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSkjIOT3KM0cxEy980vwU69p-6hT_uBfeU04hCUZj8M-apgAnc1Yx5G78aRcXGe2RXx-cu6XMTM6VuWNf0rwauzALTd00g687PGzYGYQW0Twz-kWSG8GnkY2BF3GUOp6JKslcoT1b_0rw/s200/18.5.18.png" width="200" /></a></div>
None of that explains how a GOV.UK Verify (RIP) PPP would work, we are no further forward, the ethos of identity in public services is decidedly other-worldly, reality has yet to bite and the ethics can get nasty – "aggressive data capitalism", Mr Thibeau called it, referring to governments just as much as Facebook and Google.<br />
<br />
Make of it what you will, Mr Thibeau agreed to take questions at the end of his talk on one condition: "keep the microphone away from David Moss".<br />
<br />
<br />
<a href="https://www.blogger.com/null" name="update3"></a><b>Updated 6.6.18</b><br />
<br />
Two presentations at the Think.Digital <a href="http://www.thinkdigitalidentityforgovernment.com/">conference on identity in public services</a> were given by practitioners actually trying to get identity assurance schemes to work:<br />
<ul style="text-align: left;">
<li><a href="http://www.thinkdigitalidentityforgovernment.com/speaker/adam-lewis/">Adam Lewis</a> is the Programme director, Citizen Identity & Personal Health Records at NHS Digital. The NHS (National Health Service) for some purposes ("Comparison" purposes) needs level of assurance 3 digital identities and GOV.UK Verify (RIP) only offers level of assurance 2. So for those purposes GOV.UK Verify (RIP) is no use to the NHS.</li>
<br />
<li><a href="http://www.thinkdigitalidentityforgovernment.com/speaker/stuart-young/" name="fail">Stuart Young</a> is the managing director of Etive Technologies, a company which has worked on identity assurance with Birmingham City Council, the Greater London Authority, the London Borough of Tower Hamlets, Hackney Council and GDS themselves, the Government Digital Service. Mr Young said that in his experience of identity assurance for local authorities:</li>
<ul>
<li>GOV.UK Verify (RIP) has "failed most people".</li>
<li>Local authorities are better at identity proofing and <strike>validation</strike> verification (IPV) than banks.</li>
</ul>
</ul>
That's what reality biting looks like, according to DMossEsq's contemporaneous notes of the conference.<br />
<br />
GDS can ignore reality and advocate a public-private partnership all they like but the fact remains, according to Messrs Lewis and Young and others, that GOV.UK Verify (RIP) is useless to the NHS and to local authorities.<br />
<br />
<b>Level of assurance? Low</b><br />
OIX have told us in the past that, with millions of people, GOV.UK Verify (RIP) has trouble reaching even level of assurance 2 (<a href="http://oixuk.org/wp-content/uploads/2016/11/THE-USE-OF-BANK-DATA-FOR-IDENTITY-VERIFICATION-OIX-White-Paper-FINAL-August-2015.pdf">p.11</a>). The problem is GOV.UK Verify (RIP)'s reliance on credit records. Millions of people don't have a comprehensive and up to date credit record and as a result the credit rating agencies can't help with IPV. These people exist. But they can't be added to GOV.UK Verify (RIP)'s population registers. From that point of view, they may as well not exist.<br />
<br />
The US National Institute of Standards and Technology (NIST), by the way, consider that GOV.UK Verify (RIP) doesn't really offer level of assurance 2 – NIST reckon it only amounts to level of assurance 1, <a href="https://www.dmossesq.com/2016/05/rip-ida-worse-then-you-thought.html#nist">self-certification</a>. Self-certification has its uses but there's no need to pay "identity providers" to populate GOV.UK Verify (RIP) with unverified identities ...<br />
<br />
... and the Law Commission, of course, please see above, consider that GOV.UK Verify (RIP) fails to prove that the person on the end of the line is who they claim to be. After a while you have to ask yourself whether entirely on-line registration is feasible, reality may suggest that GDS are simply attempting the impossible.<br />
<br />
<b>Penetration? Limited</b><br />
GDS used to publish statistics on GOV.UK Verify (RIP)'s <a href="https://www.dmossesq.com/2016/01/the-sunlight-of-transparency.html#update5">account creation success rate</a>. The rate hovered around the 70% mark, i.e. about 30% of the population could not be reached by GOV.UK Verify (RIP). GDS stipulated that GOV.UK Verify (RIP) would not go live until the account creation success rate had reached 90%. It never did, <a href="https://www.dmossesq.com/2016/06/matt-hancock-83-83-71.html#update2">they stopped publishing the statistics</a> and <a href="https://www.dmossesq.com/2016/06/matt-hancock-83-83-71.html#update1">GOV.UK Verify (RIP) went live anyway</a>.<br />
<br />
In public administration you can't just ignore millions of people. GOV.UK Verify (RIP) just won't do. Not if it's meant to be the <i>only </i>identity assurance system which is what Nic Harrison wants, please see above, and so do other ideologues.<br />
<br />
The public sector needs "universal" coverage, the NHS has to be able to offer services to anyone, DWP (the Department for Work and Pensions) has to be able to pay Universal Credit to anyone and Tower Hamlets has to be able to contribute to the social care costs of anyone. The ideologues need to listen to the practitioners.<br />
<br />
The private sector can pick and choose. They don't need "universal" coverage, they can be content with a sub-set of the population. But they do need more than level of assurance 2 for their digital identities. In <a href="https://www.dmossesq.com/2017/07/rip-ida-last-blip-on-lifesupport-system.html#polite">the finance sector</a> they need more like 4 and even higher.<br />
<br />
<b>Partner? Sleeping</b><br />
When reality really bites, when they confront the real world, GDS will finally have to acknowledge that, to repeat, GOV.UK Verify (RIP) just won't do. GOV.UK Verify (RIP) has nothing to bring to any supposed partnership with the private sector.<br />
<br />
<b>Legal persons? None</b><br />
Both the public sector and the private sector need companies and trusts and partnerships to have electronic identities in addition to natural persons (you and me). GOV.UK Verify (RIP) can't provide them. It can only register natural persons, not legal persons. If they relied on GOV.UK Verify (RIP) HMRC (Her Majesty's Revenue and Customs) couldn't collect corporation tax, PAYE, NI or VAT from companies because GOV.UK Verify (RIP) doesn't know what a company is. No good.<br />
<br />
<b>Combustion? Spontaneous</b><br />
GOV.UK Verify (RIP) has been dying since it went into its public beta phase in <a href="https://identityassurance.blog.gov.uk/2014/10/14/gov-uk-verify-public-beta/">October 2014</a>. It's not the young system Nic Harrison pretends, please see above. One problem that has come to light over the years is that your GOV.UK Verify (RIP) identity can <a href="https://www.dmossesq.com/2016/09/agile-identity.html">spontaneously disappear</a>, you can unpredictably cease to exist – now you are you, now you're not. No good to the NHS. No good to local authorities. No good to the private sector. No good.<br />
<br />
<br />
<a href="https://www.blogger.com/null" name="update4"></a><b>Updated 12.11.18</b><br />
<br />
We have recorded above some of the points made at Think.Digital's 18 May 2018 conference on identity in public services.<br />
<br />
Now Think.Digital are holding a second conference, this time on '<a href="http://www.thinkdigitalidentityforgovernment.com/">Understanding the Policy, Practice and Delivery of Public Sector Identity</a>', 29 November 2018.<br />
<br />
No DMossEsq speaking this time. No Kevin Cunnington, of course. And no Nic Harrison – reality has bitten and <a href="https://www.publictechnology.net/articles/news/gds-verify-chief-harrison-move-back-dwp">he's left the Government Digital Service</a> (GDS).<br />
<br />
<a href="http://www.thinkdigitalidentityforgovernment.com/speaker/anthony-wilson/">Anthony Wilson</a> will be there. He is a colleague at NHS Digital of Adam Lewis, who spoke at the 18 May event when he explained how GOV.UK Verify RIP can't meet the National Health Service's level of assurance requirements. Mr Wilson will no doubt expand on 29 November on <a href="https://digital.nhs.uk/blog/transformation-blog/2018/nhs-login---improving-access-to-digital-health-and-care-services">NHS Digital's plans to develop its own identity assurance scheme</a>.<br />
<br />
And of course Lawrence Hopper will be there on 29 November.<br />
<br />
Who?<br />
<br />
Lawrence. You know Lawrence. The <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/lawrence-hopper/">Head of Policy and Strategy for GOV.UK Verify RIP at GDS</a>.<br />
<br />
What does he know about national identity assurance?<br />
<br />
Almost entirely anonymous, Google is silent on the question but that doesn't matter because, famously, GDS are handing GOV.UK Verify RIP over to the private sector, please see for example <i><a href="https://www.governmentcomputing.com/identity/news/dowden-details-verifys-private-sector-future-signals-end-direct-whitehall-funding-identity-programme">Dowden details Verify’s private sector future and signals end of direct Whitehall funding for identity programme</a></i>.<br />
<br />
Also, GDS haven't been in charge of national identity policy since June 2018, please see for example <i><a href="https://www.computerweekly.com/news/252442712/GDS-loses-digital-identity-policy-to-DCMS">GDS loses digital identity policy to DCMS</a></i>. Luckily Andrew Elliot will be there to resolve this mystery. He's the <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/andrew-elliot/">deputy director for digital identity at DCMS</a>, the Department for Digital Culture Media and Sport.<br />
<br />
David Alexander will be there, he's <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/david-alexander/">Chief Executive of Mydex</a>, the company still flying the flag for <a href="https://www.dmossesq.com/2014/05/the-non-existent-personal-data-control.html">personal data stores</a>. <a href="https://www.dmossesq.com/2015/04/rip-ida-mydex-flies-over-cuckoos-next.html">Why did Mydex never sign up as "identity providers" to GOV.UK Verify RIP</a>? Perhaps Mr Alexander will tell the audience on 29 November.<br />
<br />
How do you protect your personal information? According to Mydex, by collecting it all together in a personal data store in the cloud. That puts you in control, by some new definition of the word "control", the opposite of what is normally understood by it. Never mind the daily diet of <a href="https://www.dmossesq.com/2013/10/hyperinflation-hits-unicorn-market.html">cyber breaches</a> which we feed on. And never mind that <a href="https://www.dmossesq.com/2015/09/lack-of-control-insecurity-irrelevance.html">personal data stores can't support attribute exchange</a>.<br />
<br />
<a href="http://www.dmossesq.com/2017/12/what-does-bbc-mean-by-control.html">The BBC have the same problem</a>. When you hand over all your personal information to a stranger in the cloud the BBC, too, call that "being in control". Attendees could take that up with <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/colin-brown/">Colin Brown</a>, lead identity and access management architect at the BBC, another organisation that sees no need to use GOV.UK Verify RIP.<br />
<br />
HMRC are having to modernise the Government Gateway to continue to support on-line transactions, as it has for 18 years now, as <a href="http://www.dmossesq.com/2016/05/government-gateway-1-0-govuk-verify-rip.html">GOV.UK Verify RIP can't verify the identity of companies</a>. The new version of the Gateway is thought to be going live in March 2019. Will it? Attendees could ask <a href="http://www.thinkdigitalidentityforgovernment.com/speaker/alison-walsh/">Alison Walsh</a>, the business readiness lead for external government departments, Government Gateway program at Her Majesty's Revenue and Customs. Let's hope the answer is yes, otherwise reality really will bite, we won't be able to pay any tax and there won't be any public services left in the UK, not even GDS.</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-81792539809557528652018-05-09T01:00:00.001+01:002021-04-11T22:40:55.134+01:00RIP IDA – OIX to the rescue 3<div dir="ltr" style="text-align: left;" trbidi="on"><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>No need to say it, it goes without saying, it should be obvious to all but,</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>just in case it isn't obvious to all,</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>IDA is dead.</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i><br /></i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>IDA, now known as "GOV.UK Verify (RIP)",</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>is the Cabinet Office Identity Assurance programme.</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>And it's dead.</i><br /><i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html" style="color: #335d6e; text-decoration-line: none;">If Verify is the answer, what was the question?</a>"</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i><br /></i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><div style="font-size: 15.4px;"><i><a href="https://www.lawcom.gov.uk/" style="color: #335d6e; text-decoration-line: none;">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br /><i>is in fact the person he or she is purporting to be;</i><br /><i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf" style="color: #335d6e; text-decoration-line: none;">para.6.67/p.119</a>)</i></div></div><div style="background-color: white;"><br /><a href="https://gds.blog.gov.uk/2012/06/14/cabinet-office-joins-open-identity-exchange/" style="color: #335d6e; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-decoration-line: none;">14 June 2012</a><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">, we discovered that the Government Digital Service (GDS) had joined the Open Identity Exchange (OIX) in order to help with their moribund identity assurance programme now known as "GOV.UK Verify (RIP)".</span></span><br /><br /><a href="http://oixuk.org/blog/2018/04/19/cost-of-doing-nothing/" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px;"><span style="color: #335d6e;">1</span>9 April 2018</a><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">, OIX published </span></span><span style="color: #335d6e; font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;"><i><u><a href="http://oixuk.org/wp-content/uploads/2018/04/Cost-of-Doing-Nothing-FINAL3v3b.pdf">Digital Identity in the UK: The cost of doing nothing</a></u></i></span></span><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">, a report by <a href="http://www.innovateidentity.com/services/">Innovate Identity</a>, a consultancy which predictably enough attempts to convince the reader that the benefits of a national digital identity scheme are so great that it doesn't matter what it costs to develop.</span></span><br /><br /><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">Does that report help GDS?</span></span><br /><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;"></span></span><br /><a name='more'></a><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">Put it this way:</span></span></div><div style="background-color: white;"><ul style="text-align: left;"><li><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">On p.1 they say: "T</span></span><span style="background-color: transparent; font-size: 15.4px;"><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;">he UK is amongst an ever-smaller group of developed nations without a national digital identity infrastructure. The UK has few identity standards, and the market remains fragmented</span></span><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">" – not altogether helpful <a href="https://www.dmossesq.com/2013/09/gds-next-month-is-identity-assurance.html">six years or so</a> after GDS started work on GOV.UK Verify (RIP).</span></li><li>P.3 opens with: "T<span style="background-color: transparent; font-size: 15.4px;"><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;">he relatively under-developed digital identity ecosystem in the UK has been the topic of a long and increasingly frustrated discussion</span></span><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">".</span></li><li><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">P.7 is headed "Inertia in the UK".</span></li><li><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">P.8 lists a small sub-set of GDS's missed targets and blames GDS for the low levels of public adoption of </span>GOV.UK Verify (RIP), its limited utility and its failure to be adopted anywhere in the private sector.</li><li>By p.10 you're still less than half way through the report and you read: "The provision of only four attributes by GOV.UK Verify [RIP] ... can alone only satisfy a small part of the data needs that many uses would require".</li></ul><a name="failings"></a>The report has many failings. For example it ...<br /><ul style="text-align: left;"><li>... asserts that GOV.UK Verify (RIP) could help with age verification (p.22). GDS say explicitly that <a href="https://www.dmossesq.com/2016/05/rip-ida-govuk-retrench.html#age">age verification</a> is not one of their objectives for GOV.UK Verify (RIP).</li><li>... gives the impression throughout that open banking is up and running (pp.1, 5, 6, 10, 22). It isn't. <a href="https://www.dmossesq.com/2017/12/open-banking-psd2-govuk-verify-rip-and.html">Open banking</a> was due to start in the UK on 13 January 2018. There has been no sign of it yet.</li><li>... makes it sound as though Aadhaar, the Indian identity assurance scheme, is an unqualified success (p.19). It isn't, please see for example <i><a href="https://findbiometrics.com/uidai-defensive-amid-aadhaar-fraud-claims-505071/">UIDAI On the Defensive Again Amid Aadhaar Fraud Claims</a></i>. Also <i><a href="https://www.moneylife.in/article/enormous-number-of-complaints-of-corruption-and-enrolment-process-violations-against-aadhaar-enrolment-and-update-centres-under-csc-e-gov-says-uidai-while-asking-its-sibling-to-close-aadhaar-services-business/53017.html">Enormous number of complaints of corruption and enrolment process violations against Aadhaar enrolment and update centres under CSC e-Gov, says UIDAI while asking its sibling to close Aadhaar services business</a></i> (1 crore = 10,000,000).</li></ul>On the other hand, p.21 is good. You are enjoined to read p.21. It's no help to GDS. But it's important:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://oixuk.org/wp-content/uploads/2018/04/Cost-of-Doing-Nothing-FINAL3v3b.pdf" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1057" data-original-width="713" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjffo5IDnCp7Wde9H7alzaoySeMBl9kGrrCstvCEQQYOfatLJPmDIpMbz-hwktjrDf1sRSnmgszzPgHAxWE3tJuIfrcnOZU2Tf1Rf3nPYX41dlTCzb0sXNC8HbM3ztOYrORG7EZREW_40c/s1600/p21.jpg" /></a></div><div class="separator" style="clear: both; text-align: center;"></div><br /><a href="https://www.dmossesq.com/2017/07/rip-ida-oix-to-rescue-2.html" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="69" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1nVPEKspX1VlwCvqZUKRO0hHB8mY4Uj1WJjComKGGbGWR1SYTenmpsyWQ0EPgA-_ezzm3gBUVGHqBXbJX-TnIpxiJogieA-ep5-MnaaVEGZavT0q2KTimcnxTU9vLdpLDOgyuJZswSmU/s320/previously.jpg" width="135" /></a></div></div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-124938882483433532018-05-09T01:00:00.000+01:002018-05-12T11:00:35.173+01:00RIP IDA – OIX to the rescue 3<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>IDA is dead.</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i><br /></i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html" style="color: #335d6e; text-decoration-line: none;">If Verify is the answer, what was the question?</a>"</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i><br /></i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<div style="font-size: 15.4px;">
<i><a href="https://www.lawcom.gov.uk/" style="color: #335d6e; text-decoration-line: none;">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf" style="color: #335d6e; text-decoration-line: none;">para.6.67/p.119</a>)</i></div>
</div>
<div style="background-color: white;">
<br />
<a href="https://gds.blog.gov.uk/2012/06/14/cabinet-office-joins-open-identity-exchange/" style="color: #335d6e; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-decoration-line: none;">14 June 2012</a><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">, we discovered that the Government Digital Service (GDS) had joined the Open Identity Exchange (OIX) in order to help with their moribund identity assurance programme now known as "GOV.UK Verify (RIP)".</span></span><br />
<br />
<a href="http://oixuk.org/blog/2018/04/19/cost-of-doing-nothing/" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px;"><span style="color: #335d6e;">1</span>9 April 2018</a><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">, OIX published </span></span><span style="color: #335d6e; font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;"><i><u><a href="http://oixuk.org/wp-content/uploads/2018/04/Cost-of-Doing-Nothing-FINAL3v3b.pdf">Digital Identity in the UK: The cost of doing nothing</a></u></i></span></span><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">, a report by <a href="http://www.innovateidentity.com/services/">Innovate Identity</a>, a consultancy which predictably enough attempts to convince the reader that the benefits of a national digital identity scheme are so great that it doesn't matter what it costs to develop.</span></span><br />
<br />
<span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">Does that report help GDS?</span></span><br />
<span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;"></span></span><br />
<a name='more'></a><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">Put it this way:</span></span></div>
<div style="background-color: white;">
<ul style="text-align: left;">
<li><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 15.4px;">On p.1 they say: "T</span></span><span style="background-color: transparent; font-size: 15.4px;"><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;">he UK is amongst an ever-smaller group of developed nations without a national digital identity infrastructure. The UK has few identity standards, and the market remains fragmented</span></span><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">" – not altogether helpful <a href="https://www.dmossesq.com/2013/09/gds-next-month-is-identity-assurance.html">six years or so</a> after GDS started work on GOV.UK Verify (RIP).</span></li>
<li>P.3 opens with: "T<span style="background-color: transparent; font-size: 15.4px;"><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;">he relatively under-developed digital identity ecosystem in the UK has been the topic of a long and increasingly frustrated discussion</span></span><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">".</span></li>
<li><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">P.7 is headed "Inertia in the UK".</span></li>
<li><span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 15.4px;">P.8 lists a small sub-set of GDS's missed targets and blames GDS for the low levels of public adoption of </span>GOV.UK Verify (RIP), its limited utility and its failure to be adopted anywhere in the private sector.</li>
<li>By p.10 you're still less than half way through the report and you read: "The provision of only four attributes by GOV.UK Verify [RIP] ... can alone only satisfy a small part of the data needs that many uses would require".</li>
</ul>
<a name="failings"></a>The report has many failings. For example it ...<br />
<ul style="text-align: left;">
<li>... asserts that GOV.UK Verify (RIP) could help with age verification (p.22). GDS say explicitly that <a href="https://www.dmossesq.com/2016/05/rip-ida-govuk-retrench.html#age">age verification</a> is not one of their objectives for GOV.UK Verify (RIP).</li>
<li>... gives the impression throughout that open banking is up and running (pp.1, 5, 6, 10, 22). It isn't. <a href="https://www.dmossesq.com/2017/12/open-banking-psd2-govuk-verify-rip-and.html">Open banking</a> was due to start in the UK on 13 January 2018. There has been no sign of it yet.</li>
<li>... makes it sound as though Aadhaar, the Indian identity assurance scheme, is an unqualified success (p.19). It isn't, please see for example <i><a href="https://findbiometrics.com/uidai-defensive-amid-aadhaar-fraud-claims-505071/">UIDAI On the Defensive Again Amid Aadhaar Fraud Claims</a></i>. Also <i><a href="https://www.moneylife.in/article/enormous-number-of-complaints-of-corruption-and-enrolment-process-violations-against-aadhaar-enrolment-and-update-centres-under-csc-e-gov-says-uidai-while-asking-its-sibling-to-close-aadhaar-services-business/53017.html">Enormous number of complaints of corruption and enrolment process violations against Aadhaar enrolment and update centres under CSC e-Gov, says UIDAI while asking its sibling to close Aadhaar services business</a></i> (1 crore = 10,000,000).</li>
</ul>
On the other hand, p.21 is good. You are enjoined to read p.21. It's no help to GDS. But it's important:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://oixuk.org/wp-content/uploads/2018/04/Cost-of-Doing-Nothing-FINAL3v3b.pdf" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1057" data-original-width="713" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjffo5IDnCp7Wde9H7alzaoySeMBl9kGrrCstvCEQQYOfatLJPmDIpMbz-hwktjrDf1sRSnmgszzPgHAxWE3tJuIfrcnOZU2Tf1Rf3nPYX41dlTCzb0sXNC8HbM3ztOYrORG7EZREW_40c/s1600/p21.jpg" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<a href="https://www.dmossesq.com/2017/07/rip-ida-oix-to-rescue-2.html" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="69" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1nVPEKspX1VlwCvqZUKRO0hHB8mY4Uj1WJjComKGGbGWR1SYTenmpsyWQ0EPgA-_ezzm3gBUVGHqBXbJX-TnIpxiJogieA-ep5-MnaaVEGZavT0q2KTimcnxTU9vLdpLDOgyuJZswSmU/s320/previously.jpg" width="135" /></a></div>
</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-32221758498324936032018-05-07T00:04:00.002+01:002021-04-11T22:40:55.153+01:00RIP IDA – Windrush & ID cards<div dir="ltr" style="text-align: left;" trbidi="on"><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i style="font-size: 15.4px;">No need to say it, it goes without saying, it should be obvious to all but,</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>just in case it isn't obvious to all,</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>IDA is dead.</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i><br /></i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>IDA, now known as "GOV.UK Verify (RIP)",</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>is the Cabinet Office Identity Assurance programme.</i></div><div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;"><i>And it's dead.</i><br /><i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html" style="color: #335d6e; text-decoration-line: none;">If Verify is the answer, what was the question?</a>"</i><br /><i><br /></i><i><a href="https://www.lawcom.gov.uk/" style="color: #335d6e; text-decoration-line: none;">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br /><i>is in fact the person he or she is purporting to be;</i><br /><i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf" style="color: #335d6e; text-decoration-line: none;">para.6.67/p.119</a>)</i></div><br />4 May 2018 <i><a href="https://www.theguardian.com/uk-news/2018/may/04/windrush-scandal-no-passport-for-thousands-who-moved-to-britain">Windrush scandal: no passport for thousands who moved to Britain</a>.</i> That article and hundreds more like it describe the outrageous Windrush generation problem we have in the UK. Home Office officials are threatening some of these British citizens from overseas with deportation. Some of them have lost their jobs. Some their rented homes. Others have been denied the free state healthcare which they are entitled to.<br /><br /><a name='more'></a>Many commentators have had the same reaction. If only we had ID cards, these disgraceful injustices could have been avoided. Please see for example:<br /><ul style="text-align: left;"><li>21 April 2018 <i><a href="https://www.telegraph.co.uk/news/2018/04/21/thewindrush-scandal-makes-case-cards/">The Windrush scandal makes the case for ID cards</a></i></li><li>24 April 2018 <a href="https://www.telegraph.co.uk/news/2018/04/24/no-cards-please-british-wouldnt-mind-unique-personal-number/"><i>No ID cards, please, I'm British... But I wouldn't mind a unique personal number</i></a></li><li>26 April 2018 <i><a href="https://www.thetimes.co.uk/article/id-cards-are-best-way-to-tackle-immigration-hb28svqz0">ID cards are best way to tackle immigration</a></i></li><li>30 April 2018 <i><a href="https://www.thetimes.co.uk/article/it-s-time-to-reconsider-identity-cards-say-ex-home-secretaries-2p66gcbqq">Reconsider ID cards, say ex-home secretaries</a></i></li><li>1 May 2018 <i><a href="https://www.thetimes.co.uk/edition/comment/home-truths-tcn53hqq3">Home Truths</a></i></li><li>1 May 2018 <i><a href="https://capx.co/why-our-suspicion-of-id-cards-is-out-of-date/">Why our suspicion of ID cards is out of date</a></i></li></ul>Politicians and their officials spent eight years in the UK from 2002 to 2010 trying to introduce government-issued ID cards and failing. Nothing daunted, the delusion that ID cards would solve all sorts of problems persists, even though it is perfectly obvious that people who have trouble proving their British citizenship would have the same trouble proving their right to an ID card.<br /><br />Noticeably, although lots of people's minds turned automatically to ID cards, absolutely no-one's first thought was "this is a job for GOV.UK Verify (RIP), what we all need is a GOV.UK Verify (RIP) account". Whatever the problem, GOV.UK Verify (RIP) is the solution that occurs to no-one.</div>David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0tag:blogger.com,1999:blog-3048449668150968412.post-36590850382629016202018-05-07T00:04:00.001+01:002018-05-07T00:23:56.561+01:00RIP IDA – Windrush & ID cards<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i style="font-size: 15.4px;">No need to say it, it goes without saying, it should be obvious to all but,</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>just in case it isn't obvious to all,</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>IDA is dead.</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i><br /></i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>IDA, now known as "GOV.UK Verify (RIP)",</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>is the Cabinet Office Identity Assurance programme.</i></div>
<div style="background-color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15.4px; text-align: center;">
<i>And it's dead.</i><br />
<i><br /></i><i>"<a href="http://www.computerweekly.com/blogs/when-it-meets-politics/2016/03/if-verify-is-the-answer--what.html" style="color: #335d6e; text-decoration-line: none;">If Verify is the answer, what was the question?</a>"</i><br />
<i><br /></i><i><a href="https://www.lawcom.gov.uk/" style="color: #335d6e; text-decoration-line: none;">The Law Commission</a>: "Verify does not currently ensure that the person entering the information</i><br />
<i>is in fact the person he or she is purporting to be;</i><br />
<i>rather it focuses on verifying that the person exists" (<a href="https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf" style="color: #335d6e; text-decoration-line: none;">para.6.67/p.119</a>)</i></div>
<br />
4 May 2018 <i><a href="https://www.theguardian.com/uk-news/2018/may/04/windrush-scandal-no-passport-for-thousands-who-moved-to-britain">Windrush scandal: no passport for thousands who moved to Britain</a>.</i> That article and hundreds more like it describe the outrageous Windrush generation problem we have in the UK. Home Office officials are threatening some of these British citizens from overseas with deportation. Some of them have lost their jobs. Some their rented homes. Others have been denied the free state healthcare which they are entitled to.<br />
<br />
<a name='more'></a>Many commentators have had the same reaction. If only we had ID cards, these disgraceful injustices could have been avoided. Please see for example:<br />
<ul style="text-align: left;">
<li>21 April 2018 <i><a href="https://www.telegraph.co.uk/news/2018/04/21/thewindrush-scandal-makes-case-cards/">The Windrush scandal makes the case for ID cards</a></i></li>
<li>24 April 2018 <a href="https://www.telegraph.co.uk/news/2018/04/24/no-cards-please-british-wouldnt-mind-unique-personal-number/"><i>No ID cards, please, I'm British... But I wouldn't mind a unique personal number</i></a></li>
<li>26 April 2018 <i><a href="https://www.thetimes.co.uk/article/id-cards-are-best-way-to-tackle-immigration-hb28svqz0">ID cards are best way to tackle immigration</a></i></li>
<li>30 April 2018 <i><a href="https://www.thetimes.co.uk/article/it-s-time-to-reconsider-identity-cards-say-ex-home-secretaries-2p66gcbqq">Reconsider ID cards, say ex-home secretaries</a></i></li>
<li>1 May 2018 <i><a href="https://www.thetimes.co.uk/edition/comment/home-truths-tcn53hqq3">Home Truths</a></i></li>
<li>1 May 2018 <i><a href="https://capx.co/why-our-suspicion-of-id-cards-is-out-of-date/">Why our suspicion of ID cards is out of date</a></i></li>
</ul>
Politicians and their officials spent eight years in the UK from 2002 to 2010 trying to introduce government-issued ID cards and failing. Nothing daunted, the delusion that ID cards would solve all sorts of problems persists, even though it is perfectly obvious that people who have trouble proving their British citizenship would have the same trouble proving their right to an ID card.<br />
<br />
Noticeably, although lots of people's minds turned automatically to ID cards, absolutely no-one's first thought was "this is a job for GOV.UK Verify (RIP), what we all need is a GOV.UK Verify (RIP) account". Whatever the problem, GOV.UK Verify (RIP) is the solution that occurs to no-one.</div>
David Mosshttp://www.blogger.com/profile/12345636878071983416noreply@blogger.com0