DMossEsq

Monday, 10 September 2012

midata, the loneliest initiative in Whitehall – 12 and last

Today is the deadline for submitting responses to the Department for Business Innovation and Skills (BIS) consultation on midata. That doesn't make it an important day. BIS will not be dissuaded by any adverse comment in the responses. But for what it's worth:

midata 2012 review and Consultation - response form
Consultation on legislating to give consumers access to data in an electronic, machine readable form
For your ease, you can reply to this consultation online at: https://www.surveymonkey.com/s/midata
Alternatively you can email, post or fax this completed response form to:
Email
midata@bis.gsi.gov.uk
Postal address
Craig Belsham,
Head of Consumer Empowerment,
Department for Business, Innovation and Skills,
1 Victoria Street,
London,
SW1H 0ET
Fax
020 7217 2234
A copy of this consultation can be found at:
http:/www.bis.gov.uk/consultations
The Department may, in accordance with the Code of Practice on Access to Government Information, make available, on public request, individual responses.
The closing date for this consultation is 10 September 2012.

Your details
Name: David Moss
Organisation (if applicable): Not applicable
Address: xxxxxxxxxx
Telephone:    xxxxxxxxxx
Fax:    xxxxxxxxxx
email: BCSL@blueyonder.co.uk
Please tick a box below that best describes you as a respondent to this consultation:



Business representative organisation/trade body

Central government

Charity or social enterprise

ü

Individual

Large business (over 250 staff)

Legal representative

Local Government

Medium business (50 to 250 staff)

Micro business (up to 9 staff)

Small business (10 to 49 staff)

Trade union or staff association

Other (please describe)

Question 1: Do you agree with the principles of midata?
No
Have you any comments on the proposed approach?

The Department for Business Innovation and Skills (BIS) say that midata would force suppliers to make transaction data available to consumers. They already make that data available and have done for decades. midata is unnecessary.

BIS say that midata will make the economy grow. They give no reason to believe that and provide no figures. What is the target? How would BIS know if midata had succeeded?

They say that midata would empower consumers. The examples of empowerment given concern switching between mobile phone suppliers and between energy suppliers. There are already applications which support this switching and BIS themselves describe the energy companies as already blazing the trail. Again, midata is unnecessary.

Even its promoters have trouble explaining what midata is for. Professor Shadbolt, chair of the midata programme, was interviewed on BBC Radio 4’s You and Yours on 5 September 2012 and cheerfully announced that he couldn’t give examples of any other applications.

We already have Ofcom and Ofgem. Why do we need midata as well? Are BIS saying that Ofcom and Ofgem don’t do their job properly?

BIS still can’t answer the questions raised by Rory Cellan-Jones of the BBCon 3 November 2011: “what's the catch for consumers and why is the government getting involved?”.

Which may in turn explain the lack of take-up by suppliers, not a single new adherent having been announced since BIS’s 3 November 2011 press release.

Which leaves this respondent to the consultation wondering why BIS want midata, and want it so much that they have switched from midata being a voluntary scheme to proposing to make it compulsory.

And wondering what the rôle of the Behavioural Insights Team is in midata – they’re meant to nudge, not legislate.

And wondering how BIS can describe this proposed additional regulation of UK business as having a deregulatory effect.

The practical effect of midata on the public would be to require us all to maintain a number of PDIs, personal data inventories, each recording sufficient data to identify us.

The PDIs would be maintained on the web, we are told, in the cloud, by trusted third parties – i.e. complete strangers – and they would be in permanent contact with all our suppliers, disseminating changes to our data automatically, without our being involved, to everyone who needs to know about the changes, and occasionally making recommendations to change our phone contract or energy contract.

It takes years to inspire trust and BIS provide no reason to trust these suppliers. They don’t even name them. If midata was a company, no reputable broker would sponsor it and no reputable stock exchange would list it.

The web is an inherently dangerous place to store personal data. BIS and the Cabinet Office, together with the Foreign Office/GCHQ, held an event on 5 September 2012 advising businesses to take effective precautions against cyber threats. At that event BIS promoted a set of GCHQmanuals, in which they give it as their opinion that most businesses have failed to implement cyber security properly.

ENISA, the EU’s information security arm, advise that no valuable data should be entrusted to the cloud and that cloud computing should only be embarked on with a clear exit strategy. The OECD also have their reservations about cloud computing: “cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties”.

If BIS believe GCHQ, ENISA and the OECD, their simultaneous advice to consumers to entrust our personal data to cyberspace is inconsistent and irresponsible.

The Cabinet Office make the unlikely claim that cloud computing is the key to transforming government by making all public services digital by default and delivering them through the G-Cloud, the government cloud, and a number of public clouds, P-Clouds.

For that, they need identity assurance, they need to be able to identify the consumers of public services online. They need the equivalent of the Home Office’s failed National Identity Service. They need us all to have PDIs. That’s what the Cabinet Office say, even while simultaneously acknowledging how dangerous it is and warning people against it.

It’s all very well BIS telling us consumers that we are hopeless at making choices and that we need midata apps to improve our lives. But BIS and the Cabinet Office might do well, equally, to ask themselves how on earth they decided to adopt PDIs, against their own advice, ignoring GCHQ’s advice, ENISA’s and the OECD’s. Better decision-making begins at home, in this case at No.1 Victoria St London SW1.

BIS should drop the ill-thought out midata initiative forthwith, it would do nothing for the economy and it would not empower consumers. Instead, it would expose us all to the risks of identity theft. If the Cabinet Office want us all to have PDIs, let them argue their confused case themselves. There is no good reason for BIS to do the Cabinet Office’s dirty work for them.

Question 2: Do you have a view on whether particular sectors or types of business should or should not be covered?
Yes
Comments:
The question doesn’t arise, midata should be abandoned.

Question 3: What is your view on the likely impact of the proposed approach on privacy, consent and information security and the implication for data protection

It would be disastrous. It courts all the dangers that BIS/the Cabinet Office/GCHQ/ENISA/the OECD warn against.

Question 4: What is your view on who should have the right to request data?
Consumers should and already do have the right to request data, midata is unnecessary.

Question 5: Some consumers already shop around, though may not always switch to the best deal for them. What additional proportion of consumers is likely to become empowered by this data?
None.

Question 6: What types of new services might be offered by intermediaries (such as, price comparison websites) and what could be the value of this new market?
The question doesn’t arise, midata should be abandoned.

Question 7:Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?
No
Comments:
It is irresponsible of BIS to incite people to hand over control of our personal data to third parties.

Question 8:Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?
No
Comments:
The consumer is being cut out of his own life in the midata scenario BIS suggest. A number of computers would be exchanging reams of information about the consumer without him or her being involved. Anybody naïve enough to embrace this potty vision of the future should be protected from themselves and not exploited by BIS.

Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?
The question doesn’t arise, midata should be abandoned.

Question 10:The Government is minded to require businesses to give their customers access to transaction and consumption data, in order to help them better understand their behaviour.

a)         What types of data would be most helpful? Customers already have access to their transaction data, the question is wrong-headed.

b)         Over what period should the data refer to? That is a matter for the market to decide. It already has decided. Where the period is too short, wise suppliers will heed their customers’ requests to lengthen it.

Question 11: Should other types of information, such as warranties or terms and conditions, be included?
No
Comments: The question doesn’t arise, midata should be abandoned.

Question 12: Should the Government specify a particular electronic format beyond a machine readable open standard format in which the data has to be supplied?
No
Comments: The question doesn’t arise, midata should be abandoned.

Question 13: Should the Government specify a period within which data must be released electronically following a consumer’s request?
No
Comments: The question doesn’t arise, midata should be abandoned.
b) If so, what would be a reasonable period within which data must be released?

Question 14: Please provide information about cost:
- Where your business already collects the relevant data, please estimate:
a) Additional one- off costs of making the data available in an open standard format (such as, purchasing new IT, hiring IT staff) – not applicable.
b) Additional ongoing costs (such as of additional staff) – not applicable.
c) If not already stated, please state here the approximate number of customer accounts that these costs are estimated for. For example, number of UK accounts – not applicable.

Question 15: Should businesses be permitted to charge a consumer for providing them with the data in electronic format?
Yes
Comments: If midata were deployed, then yes, of course, but the question doesn’t arise, midata should be abandoned.

Question 16: Should any such charges be constrained by the legislation?
No
If so, do you have a view on how a maximum charge should be set or adjusted?
The question doesn’t arise, midata should be abandoned.

Question 17:Which body/bodies is/are best placed to perform the enforcement role for this right?
The question doesn’t arise, midata should be abandoned.

Question 18:Should the Government specify a lead enforcement body?
No
If yes, who:

Question 19: How should the right be enforced by any such body? Will they need any new powers to enable them to enforce it?
The questions don’t arise, midata should be abandoned.

Question 20: What examples of existing regulatory actions could be reduced or removed if the power being consulted on was exercised?
The question doesn’t arise, midata should be abandoned.

Question 21: Should a consumer be able to launch independent action (and, if so, what sort of action) in relation to non-compliance with the duty?
No
Comments: the questions don’t arise, midata should be abandoned.

Question 22: Do you foresee any risks or undesirable consequences from exercising a power to require certain data to be released electronically?
Yes
Comments: please see answer to Questions 1 and 8.

© Crown copyright 2012
You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit www.nationalarchives.gov.uk/doc/open-government-licence, write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gsi.gov.uk.This publication is also available on our website at www.bis.gov.uk
Any enquiries regarding this publication should be sent to:
Department for Business, Innovation and Skills
1 Victoria Street
London SW1H 0ET
Tel: 020 7215 5000

If you require this publication in an alternative format, email enquiries@bis.gsi.gov.uk, or call 020 7215 5000.
URN 12/943RF

midata, the loneliest initiative in Whitehall – 12 and last

more ►

Sunday, 9 September 2012

Andrew Dilnot and honest political debate in the UK – 2

Whitehall officials are impervious to all requests to explain their mistaken choices.

And yet they are happy to tell us that we need midata to correct our errors.

After you, Whitehall.

After you.

--- o O o ---

We all make mistakes.

That's what the Department for Business Innovation and Skills (BIS) say. Faced with a choice, we make the wrong decision. We need help. Computerised help. And BIS aim to provide that help, through their midata initiative. Applications will process our historical transaction data, they will take into account the products and services currently available from the suppliers, and the right transaction will be brokered for us.

It's not just us proletarians. We all make mistakes. Even Whitehall officials.

It's 10 years since the Home Office published their consultation on what became known as "ID cards", Entitlement Cards and Identity Fraud – A Consultation Paper. Crucial to the system was the belief that all 60 million of us in the UK could be identified by various biometrics, specifically facial geometry and flat print fingerprints.

Utter cockpoppy, the technology's simply not up to it. But the choice had been made. By December 2010, when the Identity Cards Act 2006 was repealed, the Home Office confessed to £292 million of our money having been wasted on the scheme, with nothing to show for it.

The waste goes on. We're wasting money on biometrics in Sarah Rapson's ePassports. We're wasting money on Jackie Keane's Immigration and Asylum Biometric System. That takes in eGates that don't work at UK airports and UK visa application checking systems that don't work all over the world. As part of Project Lantern, the police are deploying mobile fingerprinting equipment that doesn't work. And DWP are threatening to use voice biometrics that don't work for their new Universal Credit system.

It goes on because of one wrong choice made 10 years ago. The reliability of the products wasn't checked properly and adverse evidence was ignored. Typical headstrong proletarian behaviour, no idea what's in anyone's best interests, naïve consumers, too much money burning a hole in their pocket, just buy it because it looks good on TV and sounds modern.

How can you help?

You can write to ministers and their officials. That doesn't help. You can write magazine articles and letters to newspapers and comments on blogs and you can write your own blog. You can speak at public meetings and on the radio. That doesn't help. You can have meetings at the Home Office and ditto. You can respond to government consultations and attend government briefings. Fat lot of good it'll do you. You can write to your MP. He or she will get an answer for you. But it won't help. Whitehall wants biometrics and Whitehall's jolly well going to have biometrics, never mind if they don't work.

So then you have another idea. Get reinforcements. Call on organisations that have institutional power.

When the Home Office start advertising their misbegotten ID cards scheme and making unrealistic claims for the reliability of today's mass consumer biometrics, you report them to the Advertising Standards Authority. Brilliant. Except that there's nothing the ASA can do in this case.

So then you submit a freedom of information request asking what justification the Home Office have for investing public money in expensive systems which depend for their success on biometrics being reliable which they aren't and the Home Office know that perfectly well and therefore know that all or some of our money will be wasted. 2½ years later, thanks to the First-Tier Tribunal (Information Rights), you're 2½ years older and none the wiser, Whitehall continue bone-headedly against all the evidence to waste our money on biometrics.

Then Sir Michael Scholar, chair of the UK Statistics Authority, makes an important point:

One of the reasons I took this job is that having good statistics is like having clean water and clean air. It’s the fundamental material that we depend on for an honest political debate.

Honest political debate? Maybe the UKSA can help. Maybe if they or the Office for National Statistics said that the biometrics technology being considered is not reliable enough, then the Home Office would stop wasting our money? No good. The UKSA can only comment on official statistics. And the statistics adduced from the UK Passport Service biometrics enrolment trial aren't official.

This attempt to help the Home Office to make evidence-based policy and to face up to their mistake – choosing to rely on flaky biometrics – clearly goes back years. Lots of effort. No results. The fundamental material that we depend on for an honest political debate still eludes us.

And then Andrew Watson succeeds through a freedom of information request in getting the National Policing Improvement Agency's own internal report on mobile fingerprinting equipment published.

The report is full of statistics, it's marked "Restricted-Commercial", it's got Northrop Grumman's logo on it and it's been prepared for the Police Information Technology Organisation (the old name for the National Policing improvement Agency). Official, or what?

By this stage, Sir Michael Scholar has been replaced by Andrew Dilnot as chair of the UKSA. Can Mr Dilnot comment on the reliability of mass consumer biometrics? No. The statistics still aren't official enough:

From: xxxxxxxxxx On Behalf Of authority enquiries
Sent: 01 August 2012 23:19
To: 'David Moss'
Subject: Re: Misleading use by the Home Office and others of statistics associated with biometrics

Dear Mr Moss

Thank you for your email to Andrew Dilnot regarding biometric information. I am replying on Andrew's behalf. We have considered this matter in discussion with David Blunt, the Head of Profession for Statistics at the Home Office. We share Mr Blunt's view that the studies to which you refer are not official statistics, and we understand from the Home Office that there are no current plans for official statistics in this area to be produced. As you will be aware from our earlier replies, the Authority's statutory remit covers official statistics as set out in the Statistics and Registration Service Act 2007. Our view therefore is that this remains a matter about which we would continue to encourage you to maintain a dialogue with relevant Home Office officials directly. We understand that you attended a meeting with Home Office officials in spring 2010 and, following further correspondence, you received a reply from the National Policing Improvement Agency in June 2010 regarding the specifics of the issues that concerned you.

I am sorry that we are unable to assist you further at the present time.

Kind regards

xxxxxxxxxx
Private Secretary to Andrew Dilnot, Chair of the UK Statistics Authority

UK Border Force staff are laid off in the expectation that they can be replaced by biometric technology, then the queues at the airport get too long because the technology doesn't work and the staff have to be re-hired, but still Whitehall remains incapable of justifying its investment of public money in biometric technology which is too unreliable to do the jobs demanded of it. Incapable and unwilling.

Whitehall officials are impervious to all requests to explain their mistaken choices. And yet they are happy to tell us that we need midata to correct our errors.

Andrew Dilnot and honest political debate in the UK – 2

Whitehall officials are impervious to all requests to explain their mistaken choices.

And yet they are happy to tell us that we need midata to correct our errors.

After you, Whitehall.

After you.

--- o O o ---

more ►

Saturday, 8 September 2012

midata, the loneliest initiative in Whitehall – 11

Unable to make its case,
BIS's response
– to legislate to make midata compulsory –
is unprincipled.

Lonely old midata, not a single organisation is known to have hitched their wagon to it since 3 November 2011.

Extracts from the midata company briefing pack
July 2012

p.4:

This data enabled world has been referred¹ to as the third industrial revolution – where the size of the IT industry will be increasingly dwarfed by complementary information-enabled innovations throughout the economy. A recent report has estimated the size of the UK market for personal information at £20bn by 2020² ...

----------
1 MIT economist Erik Brynjolfsson
2 The new Personal Communication model: The rise of Volunteered Personal Information, Ctrl-Shift

p.6:

In the UK, the Information Commissioner stated in January 2011 that 80% of individuals are now concerned about protecting their personal data online,⁶ and research from Mydex showed that 76% believe their personal information has significant commercial value.⁷ ...

----------
6 http://www.ico.gov.uk/~/...
7 Available from Mydex to project sponsors.

p.10:

Under this 'subscribe to me' approach to My Details⁹, the benefits to both sides multiply greatly. Individuals have a single convenient 'dashboard', which remains under their own control, where they can undertake core relationship management tasks quickly and simply ...

----------
9 A working prototype of a personal data store-based ‘subscribe to me’ service was tested in the Mydex Community Prototype in early 2011

p.28:

The EU is working on a commitment to equip Europeans with secure online access to their medical data.¹⁵ The House of Commons Public Administration Select Committee is endorsing the need to experiment with services that help “citizens maintain their own personal data”.¹⁶ The Cabinet Office is working on an ID Assurance framework for the UK¹⁷ ...

Empowering individuals to control and manage their own data is changing the consumer /personal data environment in two important ways. Firstly, it is creating what the World Economic Forum is calling a 'new asset class': "a valuable resource for the 21st century that will touch all aspects of society".²⁰ Secondly, it is creating opportunities for 'win-win' trust-based information-sharing relationships between organisations and customers, where the routine sharing of structured information between the two parties becomes the norm. This information sharing may include previously untapped dimensions of personal data such as 'changes to my circumstances', 'my current priorities and preferences', and 'my future plans'²¹ ...

----------
15 http://ec.europa.eu/information_society/newsroom/cf/fiche-dae.cfm?action_id=233
16 “Moving to a model where the citizen maintains their own personal data with an independent, trusted provider and then can choose whether to authorise the sharing of that information with other organisations is an ambitious vision that will need to be trialled extensively.” House of Commons Public Administration Select Committee’s report on Government’s use of IT
17 http://ctrl-shift.co.uk/shop/product/55
20 World Economic Forum, 2011 Personal Data: The Emergence of a New Asset Class
21 Mydex, 2010 The Case for Personal Information Empowerment

p.39:

How big is this market for personal information management services (PIMS)?
It could be huge²⁷ ...

----------
27 According to Ctrl-Shift’s research, the market for Volunteered Personal Information (VPI)
will be worth £20bn in the UK by 2020. The World Economic Forum’s report 'Personal Data – The Emergence of a New Asset Class' describes personal data as 'the new oil', a key resource for 21^st economies.

If you are a supplier of goods or services and if you hitch your wagon to midata, the Department for Business Innovation and Skills (BIS) will send you a copy of the midata company briefing pack, wherein you will read about the exciting new "data-enabled" world, please see extracts opposite.

Wagon-hitching requires a convincing argument with independent supporting evidence and a measure of openness.

The evidence in support of midata comes, in many cases, from Mydex and Ctrl-Shift:

BIS is a fee-paying client of Ctrl-Shift
Ctrl-Shift has one shared director with Mydex and has had two
Ctrl-Shift recommends the products of Mydex
Mydex is partly funded by the Technology Strategy Board and as they tell us on their website "the activities of the Technology Strategy Board are jointly supported and funded by BIS and other government departments ..."
and the chairman of Mydex sits on the midata strategy board at BIS.

BIS is paying a consultancy to say something and then presenting it as independent advice. It's incestuous and circular.

There is a lack of independence here and a lack of openness. Ctrl-Shift do not acknowledge in their reports that they share directors with Mydex and BIS do not acknowledge either that, or the fact that they, too, share directors with Mydex.

Perhaps more companies would join BIS's midata initiative if there were better arguments in favour of personal information management systems like Mydex, if there was some independent research and if BIS and its minions were more open about their cross-pollination.

Absent that, it seems commercially prudent for suppliers to avoid midata. And they have.

Unable to make its case and get suppliers to sign up voluntarily, BIS's response – to legislate to make midata compulsory – is unprincipled.

midata, the loneliest initiative in Whitehall – 11

Unable to make its case,
BIS's response
– to legislate to make midata compulsory –
is unprincipled.

Lonely old midata, not a single organisation is known to have hitched their wagon to it since 3 November 2011.

more ►

Thursday, 6 September 2012

Probably not the last victim of Sir David Normington's success

Sometimes it seems as if half the senior decision-makers in Whitehall are former Accenture partners.

But no-one writes "there must be something rotten at Accenture, when so many of their partners are on a veritable stampede for the exit".

Unlike Accenture, the UK public sector employs about six million people. (Six million!) But when one of them announced her departure last month, Dame Helen Ghosh, permanent secretary at the Home Office, what did Sue Cameron write in the Telegraph?

Why are Whitehall's top mandarins running for the exit?
There must be something rotten in the Coalition, when so many of our top civil servants are on a veritable stampede for the exit. Right across government the mandarins are shaking the dust of Whitehall from their feet and moving on to bigger, better jobs elsewhere. They include senior officials at Education, the Cabinet Office, the Ministry of Justice, International Development, Energy, and the Home Office ...

The BBC profile of her reminds listeners of the time when Dame Helen was called before the Public Accounts Committee (PAC) to explain various mishaps that took place at DEFRA while she was permanent secretary there. With "the public interest" striped into her very bones like a stick of seaside rock, Dame Helen refused to attend and had to be ordered.

She was there again yesterday, up in front of the beak, Margaret Hodge, trying to explain why she had had to hire back UK Border Agency staff and UK Border Force staff who had been previously laid off with tens of thousands of pounds in severance pay in the name of government cuts. According to Martin Beckford in the Telegraph:

Dame Helen ... defended the arrangements by saying that all of the returnees had to wait at least six months before going back to work, otherwise they would have had to repay the lump sums.

Simon Jenkins isn't going to put up with a non sequitur like that when Dame Helen is working for the real National Trust and apparently the PAC wasn't having any truck with it either:

She did however admit that the Border Agency – which has faced repeated criticism for losing track of illegal immigrants, allowing in bogus students and causing delays at airports – had got rid of too many people too quickly since the election as it tried to cut costs.

Maybe the Home Office will survive her loss after all. There could even be an article in it for Sue Cameron. And this time maybe she'll pay a bit of attention to Sir David Normington.

----------

Televised proceedings of yesterday's PAC:

See also:
Nicholas Watt, 6 March 2011, The Guardian, David Cameron calls civil servants 'enemies of enterprise'
Jill Sherman and Richard Ford, 15 November 2011, The Times, Borders row blocks first woman from top Civil Service job
Editorial, 15 March 2012, The Guardian, Civil servants and MPs: settling accounts
Patrick Wintour, 13 April 2012, The Guardian, Civil service exodus sees one third of senior officials leave
Christopher Hope, 13 April 2012, The Telegraph, A quarter of senior civil servants quit Whitehall under Coalition
Jill Sherman, 18 June 2012, The Times, Ministers demand right to sack Whitehall mandarins

Probably not the last victim of Sir David Normington's success

more ►

midata, the loneliest initiative in Whitehall – 10

Governing people is difficult. Too difficult.

Whitehall have given up.

midata is part of their alternative plan.

Governing personal data stores will be much easier.

--- o O o ---

Why is billmonitor called "billmonitor"?

billmonitor, if you remember, is a service which advises consumers what the best mobile phone tariff is for them to be on. The company behind this service is a keen supporter of midata, the Department for Business Innovation and Skills initiative, and is "Part of the government Midata board". midata is dedicated to getting the best deal for consumers, whether we're talking about mobile phone contracts or choosing the right gas and electricity suppliers or any other decision including health, education and employment decisions.

It all seems to make sense.

Until you notice that billmonitor has been in business for seven years or so and seems to have survived and maybe even thrived for all that time without needing midata.

Let's leave that for the moment, and try another question.

BIS are currently conducting a consultation on midata. They're interested in our answers to 22 questions. Questions 7, 8 and 9 are as follows:

Question 7: Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?

Question 8: Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?

Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?

Third parties? Secondary users? What on earth are they talking about?

And another thing. Who do you think wrote the following?

Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. Are you confident that your cyber security governance regime minimises the risks of this happening to your business? My experience suggests that in practice, few companies have got this right.

Answer – Iain Lobban, the Director of GCHQ, in the Foreword to 10 steps to cyber security, one of the documents referred to in yesterday's 5 September 2012 press release issued by BIS, Business leaders urged to step up response to cyber threats, in which Vince Cable, Secretary of State at BIS, announces a new initiative to get business leaders to take the threat of cyber attacks seriously.

Few companies have got cyber security right, according to GCHQ, and yet there's the same Secretary of State, Vince Cable, promoting midata and urging us all to store our personal data on the web. It seems confused. Schizophrenic even. What's going on?

Last question. Professor Shadbolt was on You and Yours yesterday, the BBC Radio 4 consumer affairs programme (16'21" to 22'35"), chatting amiably about midata, the benefits of which would be legion but he couldn't name any. He's an intelligent man. What's he doing giving such a vapid interview?

billmonitor is called "billmonitor" because it monitors your bills. You don't just hand over your last few months' mobile phone bills, once-off, billmonitor recommends that you switch from tariff X to tariff Y and that's the end of the relationship. No, you hand over your mobile phone no., your user ID and your password, and billmonitor logs on to your phone company and sits there monitoring your phone usage until Doomsday, occasionally issuing recommendations to switch from this contract to that.

billmonitor is one of these "third parties" referred to in the BIS consultation whom you authorise to access data from your suppliers. And when billmonitor processes your mobile phone consumption data they become, in the terminology of BIS's consultation, "secondary users" of the data.

You the consumer have to be very trusting to give a stranger, billmonitor, access to your phone account. Particularly in light of GCHQ's claim that most companies have faulty cyber security, including perhaps billmonitor and all the telcos they are logged in to.

BIS want us all to take that risk. For midata. There must be something in midata that BIS prize so highly, they are even prepared to recommend that we run the associated risks of cyber-crime, the financial risks and the loss of privacy.

Whatever that something is, that BIS prize so highly, it's too embarrassing for Professor Shadbolt to tell us what it is.

So it's a good job that William Heath now has told us.

William Heath, remember, is the Mydex and Ctrl-Shift man, and a few hours ago he published To understand BIS’ midata proposal it helps to understand Mydex on the Mydex blog:

The Government’s midata consultation to give consumers a statutory right to their data in electronic format affects every individual, and every major company holding customer data in the UK. But it cannot be properly understood in isolation of wider imminent changes in how personal data is managed, shared, controlled and valued.

Mydex is all about that bigger picture. So we’ve drafted a briefing note particularly for organisations responding to the midata consultation.

We support midata. It will empower individuals and at last give real teeth to the good intentions behind the Data Protection Act subject access request. It goes hand in hand with the new UK and US approaches to ID assurance [emphasis added], which we also support. We think midata needs to apply also to other UK public services including health, education and job-seeking.

The Mydex "briefing note" referred to above, Making midata work for you, explains the benefits of a Mydex PDS (personal data store). Among others:

Digital by default. If the individual agrees, organisations can establish live, permanent links to key fields (such as home address and contact details) in the individual’s data store, receiving live status updates ...

Empowering. Mydex has a distributed cloudbased [oh good] hyper-secure [see GCHQ above] architecture ...

billmonitor just collects data from your suppliers. Mydex goes one step further – after collecting the data, Mydex distributes updates from one supplier to all the other suppliers who might need to know what's changed.

Having once given your permission, you're no longer involved. You're no longer needed. "Empowered" by midata, in "control" of your data, you've become digital by default.

Which is lucky, because the government wants all public services to become digital by default, too.

And with the identity assurance provided by Mydex, they can. If everyone has a PDS and if the PDS is a requirement of every transaction, then Government can at last be transformed.

As the BBC tell us, a few clauses in the Enterprise and Regulatory Reform Bill so worthy and dull that it won't be scrutinised by many people will arm BIS with order-making powers. Thereafter, statutory instruments can be quietly laid down, unscrutinised by anyone, and midata will have all the powers of identity assurance that the Government Digital Service could wish for.

Governing people is difficult. Too difficult. Whitehall have given up. midata is part of their alternative plan. That's what the bashful Professor Shadbolt didn't want to say. Governing PDSs will be much easier.