DMossEsq

Tuesday, 4 September 2012

midata, the loneliest initiative in Whitehall – 9

BIS prove that midata is unnecessary.
Would you give a complete list of your acquaintance to a stranger?
Do you believe there is such a thing as a secure website?
Why keep a regulator and bark yourself?

--- o O o ---

Talk about lonely.

On 3 November 2011, Ed Davey MP posted 'Giving consumers the midata touch' on the the Department for Business Innovation and Skills blog and that was it – for 305 days, Mr Davey's post sat there all on its own.

Then yesterday, 3 September 2012, a second post was delivered, 'Why my data is important data', written by Stelios Koundouros, the "founder and director of billmonitor.com".

Mr Koundouros describes a number of his company's achievements, helping people since 2005 to choose the right mobile phone tariff. These successes have been achieved without there being any midata. They have been achieved using the mobile phone operators' tariffs and people's mobile phone consumption data both of which are released by the Telcos without there being any midata.

billmonitor.com's success is the neatest proof BIS could possibly have offered that midata is unnecessary.

So why does Mr Koundouros write the following, given that his story proves the exact opposite?

The implementation of the ‘midata’ vision is without doubt a prerequisite for ending confusion facing UK consumers about how much they pay for goods and services.

We are told that:

Stelios Koundouros is founder and director of billmonitor.com, and has led the company’s efforts since 2005. He holds a PhD in mathematics from Cambridge University and has carried out research at the Mathematical Institute at Oxford.

We are not told – but it is the case – that billmonitor.com is one of the 19 companies which initially expressed interest in midata, and that it is "Part of the government Midata board", according to the billmonitor.com home page. Perhaps that is why Mr Koundouros writes as he does.

There's nothing wrong with Mr Koundouros expressing his support for midata, even if he does undermine his own case. Just don't let BIS give you the impression that his is independent support.

The billmonitor.com website says:

Only you can make spending decisions
Bank level data encryption

Why this level of security?

Because, remember, in order to use the billmonitor.com service, you have to give them months and months of your detailed phone bills, they will know who you call, how often, for how long, and who you text. That personal data needs to be protected, and thus the "bank level data encryption".

Do you mind telling a total stranger as a result, who your friends and colleagues are? The people you call? Might they mind?

Do you trust Mr Koundouros's security measures?

The US Government trusted HBGary Federal's security, and just look what happened when the hackers decided to drive a coach and horses through it:

... A second example is Anonymous’ perhaps most striking operation, a devastating assault on HBGary Federal, a technology security company. HBGary’s clients included the US government and companies like McAfee.

The firm with the tag-line detecting tomorrow’s malware today had analyzed GhostNet and Aurora, two of the most sophisticated known threats. In early February 2011, Aaron Barr, then its chief executive officer (CEO), wanted more public visibility and announced that his company had infiltrated Anonymous and planned to disclose details soon.

In reaction, Anonymous hackers:
infiltrated HBGary’s servers,
erased data,
defaced its website with a letter ridiculing the firm ...
... with a download link to a leak of more than 40,000 of its emails to The Pirate Bay,
took down the company’s phone system,
usurped the CEO’s twitter stream,
posted his social security number,
and clogged up fax machines.
Anonymous activists had used a number of methods, including SQL injection, a code injection technique that exploits faulty database requests. ‘You brought this upon yourself. You’ve tried to bite the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face’, said the letter posted on the firm’s website.

The attack badly pummeled the security company’s reputation.

Stories like that are two-a-penny and you can read about 25 penceworth here. After which, you may wonder how secure billmonitor.com or any other website is.

Iran, which has suffered a number of cyber-attacks, has given up the ghost and decided to "move key ministries and state bodies off the worldwide internet". Meanwhile, in the name of midata, here's BIS luring you into storing your personal data in the custody of complete strangers on servers which could be anywhere in the world, much of which is beyond the jurisdiction of English law and emphatically out of your control.

The billmonitor.com website also says:

billmonitor was the first mobile comparison site approved by Ofcom in 2009

No doubt it was. It is Ofcom's job to regulate the Telcos. Why do we need billmonitor.com as well? And midata? If Ofcom can't do the job, why should midata be able to? Why keep a regulator and bark yourself? Surely the public interest is served by having the regulator do its job properly, and not by expensively doubling up on regulation.

midata, the loneliest initiative in Whitehall – 9

more ►

Monday, 3 September 2012

midata, the loneliest initiative in Whitehall – 8

BIS's midata initiative raises two questions for you.

Would you trust a complete stranger to store all your personal data?

And would you trust a lot of other complete strangers

(BIS's currently non-existent applications developers)

to process that data?

You might. If you're mad.

--- o O o ---

Coverage in the media of the Department for Business Innovation and Skills's lonely midata initiative remains scant.

The BBC reported on 22 August 2012, in 'Midata project plan for compulsory customer data', that ...

Consumer Minister Norman Lamb said: "It's clear to me that giving consumers the right to access their own transaction data promises huge opportunities for both consumers themselves and UK businesses."

... without pausing to ask how it's clear to Norman Lamb when it isn't clear to anyone else.

On 23 August 2012 ComputerWorldUK published 'Government threatens legal action against midata laggards'. Clearly the days of midata being a friendly voluntary initiative are long gone.

Retail Gazette carried an odd article on 30 August 2012, 'Why are retailers so afraid of Midata?' – odd, because there's no evidence that retailers are afraid of midata. Why would they be?

And then there's this week's Economist, 'Shameless self-promotion – Britain wants to lead the world in exploiting consumer data':

Britain is already “streets ahead” of most countries in liberating consumer data, says Liz Brandt of Ctrl-Shift, a marketing consultancy ...

Ctrl-Shift? Ring a bell? It should, please see 'The case for midata – the answer is a mooncalf'. Someone has posted a comment on the Economist website advising the magazine and its readers who Ctrl-Shift are:

The point of quoting Ctrl-Shift here is presumably to introduce an element of independent objectivity.

Ctrl-Shift Ltd was incorporated on 26 January 2009, according to Companies House. Alan Mitchell was appointed a Director on 13 May 2009 and William Heath on 16 July 2010. Mr Heath's appointment was terminated on 10 May 2012.

Mydex Ltd was incorporated on 18 February 2008 according to Companies House. Alan Mitchell is Head of Strategy and William Heath is Chairman, according to the Mydex website.

In their report The new personal data landscape Ctrl-Shift discuss the Personal Data Stores (PDSs) that would be needed for midata and recommend the PDS supplier Mydex.

In their 3 November 2011 press release about midata, the Department for Business Innovation and Skills (BIS) list the 19 commercial organisations that have agreed to collaborate with them on midata. The list includes Mydex.

At the 9 August 2012 open forum on midata held by BIS, Kirstin Green, a Deputy Director at BIS, said that William Heath (ex of Ctrl-Shift and still Chairman of Mydex) is on the BIS Strategy Board for midata.

In this case, no element of independence has been introduced. The Economist find themselves effectively quoting midata saying that midata is a Good Thing.

The fact that William Heath is on the midata strategy board is news but nothing else is, not for long-time DMossEsq readers.

In their 3 November 2011 press release, BIS listed 19 commercial organisations who had signed up to midata. No-one else has signed up since to this lonely initiative, even after the government threats of legal action reported by ComputerWorldUK.

Among those 19 was Mydex, Mr Heath's company, the company promoted by Ctrl-Shift, Mr Heath's ex-company, which is a paid consultant to BIS.

What readers may not know is that the Technology Strategy Board (TSB) have invested in a number of companies including Mydex, please see p.24 of their document, 'Ensuring trust in digital services'. Pump-priming, fine, funding R&D, government "picking winners", no problem with that.

The TSB organised an exhibition of the products of these R&D companies on 31 October 2011, just a few days before the BIS press release. The event is reported by ex-Guardian man Mike Bracken on the Cabinet Office's Government Digital Service blog, 'Establishing trust in digital services'. We attendees were treated at the same time to a number of talks given by GDS, including a talk by Francis Maude himself.

The subject of these talks was identity assurance or "IdA", as the Cabinet Office call it.

HMRC want to make all their services available on-line and preferably only on-line, said Joan Wood, Director, Online Service & Digital Development at HMRC. DWP want to make the Universal Credit system on-line only, said Steve Dover, DWP Corporate Director Universal Credit Business and IT Solutions.

But how can HMRC and DWP achieve that if they don't know who they're dealing with at the other end of the line? Where does the IdA come from? The same question could be asked of midata. And the same answer could be given – what IdA needs is for everyone in the UK to have a "Personal Data Inventory" (the BIS name for it) or "Personal Data Store" (everyone else's name for it).

Putting all public services on-line is the old Tony Blair/Cabinet Office/Gus O'Donnell/Ian Watmore Transformational Government/joined-up government plan. That plan collapsed years ago, partly because it depended on ID cards and the Home Office's misbegotten ID card scheme failed.

The Cabinet Office are trying to breathe new life into Transformational Government through the G-Cloud and GDS initiatives much discussed on DMossEsq and, it seems, through midata. We may not have ID cards but the idea is that we should have PDIs/PDSs instead, please see para.2.19, p.24 of BIS's midata 2012 review and consultation:

A ‘Personal Data Inventory’ has been proposed, with the aim of giving consumers clear information about the types of data which organisations hold about them. This work is still in development by the midata programme participants, but broadly the proposal is that to gain access to their Personal Data Inventory, the customer would have to log-in to a secure website where the Personal Data Inventory would contain a simple explanation of each category of data and if, and how, the data can be accessed by the consumer. The Personal Data Inventory is likely to contain data such as address and contact details, existing tariffs/contracts, payment methods, items purchased, when, value, amount spent per year, usage data.

The midata question was posed by Rory Cellan-Jones of the BBC, "why is the government getting involved?". Professor Shadbolt couldn't answer it. Not even Norman Lamb MP can answer it. Not so far. But do we perhaps see an answer now – midata is the ID cards scheme resurrected? That might explain why BIS want to take powers to implement a scheme whose stated benefits are some of them footling and others no more than wishful thinking, neither of which provides a sound basis on which to invest public money.

Take a look at BIS's 'A midata future: 10 ways it could shape your choices', particularly at example #2, Getting a new job:

midata' could allow individuals to have access to information held about them by various organisations. When getting a new job, an individual could use verification programmes to send necessary proofs to a new employer. For example, instead of making copies and going to the post office, a new employee could get their driving licence, educational qualifications, CRB check and personal identity all by ticking a set of boxes and clicking 'send'.

This would save money for employers who won't have to deal with lengthy and expensive hiring processes.

"Establishing trust in digital services" is the Cabinet Office's apt name for the problem. And midata is not the solution.

Would you trust a complete stranger (Mydex, or whoever) to store all your personal data?

And would you trust a lot of other complete strangers (BIS's currently non-existent applications developers) to process that data?

You might. If you're mad. The rest of us will "make copies and go to the post office" and any sensible employer will retain his or her "expensive hiring processes" – otherwise they won't have a clue who they've just hired.

midata, the loneliest initiative in Whitehall – 8

BIS's midata initiative raises two questions for you.

Would you trust a complete stranger to store all your personal data?

And would you trust a lot of other complete strangers

(BIS's currently non-existent applications developers)

to process that data?

You might. If you're mad.

--- o O o ---

Consumer Minister Norman Lamb said: "It's clear to me that giving consumers the right to access their own transaction data promises huge opportunities for both consumers themselves and UK businesses."

... without pausing to ask how it's clear to Norman Lamb when it isn't clear to anyone else.

more ►

Sunday, 2 September 2012

midata, the loneliest initiative in Whitehall – 7

... why is the government getting involved in midata,

an initiative which can't deliver any of its stated aims

but which will expose everyone to identity theft?

It's up to the department for Business Innovation and Skills (BIS)
to answer that question.

There are two more open forums left in the BIS midata consultation programme

on Tuesday 4th (10 a.m. to 12 p.m.) and Thursday 6th (11:30 a.m. to 1:30 p.m.)
September 2012.

Just email midata@bis.gsi.gov.uk to attend
1 Victoria Street London SW1H 0ET

Let's get an answer

On 3 November 2011, when the Department for Business Innovation and Skills (BIS) issued their midata press release, the BBC's technology correspondent Rory Cellan-Jones interviewed Professor Nigel Shadbolt.

Professor Shadbolt is an expert in artificial intelligence. He and his colleague at the University of Southampton, Professor Sir Tim Berners-Lee, are co-directors of the Open Data Institute (ODI) ...

... established by the UK Government to innovate, exploit and research Open Data opportunities ...

The new Institute is one of a number of measures that the Government announced ... as part of a larger initiative to boost UK economic growth.

Professor Shadbolt is also chair of the midata programme, related to the ODI, but different.

Mr Cellan-Jones has been around the block a few times and he cut straight to the chase:

Two questions spring to mind - what's the catch for consumers and why is the government getting involved?

He poses that question to Professor Shadbolt at 2'15" in the televised BBC interview and the answer given, with his midata hat on, is that the government wants to encourage the development of an environment in which data is shared.

But the private sector already releases transaction data back to consumers. It doesn't obviously need any more encouragement or legislation.

Entrepreneurs can already develop applications which process that data if they want to. At the start, midata was supposed to be a voluntary scheme. Now BIS have gone beyond trying to "encourage the development of an environment in which data is shared" and moved on to legislation. Why? There's no reason to believe that BIS can create a market in personal data transactions after legislation is introduced any more than they have done in the 400 years of their existence so far.

BIS give no reason to believe that this legislation would expand the economy.

They initially offered consumers control over their personal transaction data, in addition to access to it, but that was a false prospectus and BIS have now had to renege on that offer. Consumers will have no more control over their data after BIS have taken their midata order-making powers than before.

And the benefits of a midata future pictured by BIS seem peculiarly footling. Example #1 of the future offered by midata concerns, of all things, warranties. midata could provide us with a "contracts and warranties dashboard".

For goodness sake, we can already monitor the warranties we have bought with our washing machines if we want to. Do we really need legislation to make that easier? If we don't monitor these warranties now, why would we monitor them any more after BIS have involved themselves?

midata really is lonely. It has no economic argument to support it. It is unaccompanied by any cogent benefits to consumers or the economy. Private sector suppliers and their customers/clients have got on perfectly well without midata for the past 5,000 years. Government ministers can't explain why they are wedded to midata and neither can their officials.

BIS aren't stupid. They know just as well as the rest of us that they haven't answered Mr Cellan-Jones's question, why the government is getting involved. It can't just be to help us monitor our warranties.

We're none the wiser. All we know is that BIS are sufficiently motivated to enact legislation to make midata a reality while being completely incapable of saying why. What really impels BIS in this case?

When, as here, there is a gap between what the government is doing and what it says the temptation is to fill it with all sorts of conspiracy theories.

Let's give ourselves a limit of 13 paragraphs to see what kind of a conspiracy theory we can cook up.

Faced with making a decision, we all have problems. We're no good at getting utilitarian choices right. So says Norman Lamb, minister responsible for midata, in his Foreword to the midata 2012 review and consultation (p.8):

Technology has allowed businesses to understand their customers’ needs and buying patterns to an unprecedented degree. At the moment consumers are at a disadvantage because the vast majority of them do not have the ability to use that same data to help their own decisions. The midata programme aims to redress this imbalance.

If midata ever comes to pass, everyone will have a Personal Data Inventory (PDI) which includes all our transaction data, please see the consultation document, para.2.19, p.24:

A ‘Personal Data Inventory’ has been proposed, with the aim of giving consumers clear information about the types of data which organisations hold about them. This work is still in development by the midata programme participants, but broadly the proposal is that to gain access to their Personal Data Inventory, the customer would have to log-in to a secure website where the Personal Data Inventory would contain a simple explanation of each category of data and if, and how, the data can be accessed by the consumer. The Personal Data Inventory is likely to contain data such as address and contact details, existing tariffs/contracts, payment methods, items purchased, when, value, amount spent per year, usage data.

And thanks to BIS we will have the benefit of a thriving applications industry which processes the data in the PDI to make the right decisions for us.

All that's needed, it seems, is the data. And a wise application. That's all that's missing when we currently try to choose. Only supply the data, and a computer application can make the right decision. Notice what happens here. The pathetically irrational human being in between is cancelled out of the equation.

This imaginary world in which electronic Mary Poppinses run our lives for us is coherent with the picture BIS provide of a midata future in which, for example, an application decides whether we should go out one evening or not, please see A midata future: 10 ways it could shape your choices, example #10, Going out:

So where your favourite restaurant has deals or offers, you could be alerted in advance to take advantage and make a booking. Combined with other services, the programme could also indicate where you could save money or improve your health by eating elsewhere, drinking less or going out less.

Has BIS been infiltrated by mad scientists who believe in the perfectability of human beings by computer? If so, which mad scientists?

You may suspect Professor Shadbolt in the library, with his eerie and recondite expertise in artificial intelligence. Perhaps he is the manipulative genius plotting to bring about a worldwide nightmare utilitarian tyranny?

There is no evidence of that. If anything, Professor Sir Tim Berners-Lee, inventor of the World Wide Web, is more likely to be the guilty party. Here he is, being quoted by the Guardian in their Battle for the Internet debate:

... individual users were not yet being allowed to exploit all the information relating to them to make their lives easier. Armed with the information that social networks and other web giants hold about us, he said, computers will be able to "help me run my life, to guess what I need next, to guess what I should read in the morning, because it will know not only what's happening out there but also what I've read already, and also what my mood is, and who I'm meeting later on".

A mooncalf may believe that twaddle but, unless they've gone completely mad, BIS won't.

Conspiracy theory over, obviously we can forget the mad scientists and the subjugation of the human race worldwide. But we have come up with something. The PDI. BIS seem to recommend that we should all have a PDI, stored somewhere on the web – in the cloud – and containing all our transaction data. And they seem to recommend that third party computer applications should be given access to that data to help us to make the best decisions for ourselves.

This is strange coming from the UK government, or any other reputable body.

Identity theft is a major problem on the web. CIFAS, the Home Office, Financial Fraud Action UK, the UK Cards Association, Equifax, Experian, the Royal Mail, Callcredit, HM Revenue & Customs, DVLA, the Identity & Passport Service, the Serious Organised Crime Agency, the Metropolitan Police, the City of London Police, the Scotish Business Crime Centre, the Financial Services Authority, the British Bankers' Association, BSIA and NFA have all come together to form IdentityTheft.org.uk to make people more aware of the problems of identity theft and to help them to avoid it.

And yet here's BIS suggesting that we should collect our transaction data together in one place, store it with one set of complete strangers in a PDI somewhere on the web and then let another set of complete strangers access it – exactly the opposite of what IdentityTheft.org.uk recommend.

Once again, with feeling, and Rory Cellan-Jones, why is the government getting involved in midata, an initiative which can't deliver any of its stated aims but which will expose everyone to identity theft?

It's up to BIS to answer that question. There are two more open forums left in their midata consultation, on 4 and 6 September 2012. Just email midata@bis.gsi.gov.uk to attend. Let's get an answer at last to Mr Cellan-Jones's question.

midata, the loneliest initiative in Whitehall – 7

... why is the government getting involved in midata,

an initiative which can't deliver any of its stated aims

but which will expose everyone to identity theft?

It's up to the department for Business Innovation and Skills (BIS)
to answer that question.

There are two more open forums left in the BIS midata consultation programme

on Tuesday 4th (10 a.m. to 12 p.m.) and Thursday 6th (11:30 a.m. to 1:30 p.m.)
September 2012.

Just email midata@bis.gsi.gov.uk to attend
1 Victoria Street London SW1H 0ET

Let's get an answer

... established by the UK Government to innovate, exploit and research Open Data opportunities ...

The new Institute is one of a number of measures that the Government announced ... as part of a larger initiative to boost UK economic growth.

Professor Shadbolt is also chair of the midata programme, related to the ODI, but different.

Mr Cellan-Jones has been around the block a few times and he cut straight to the chase:

Two questions spring to mind - what's the catch for consumers and why is the government getting involved?

more ►

Thursday, 30 August 2012

midata, the loneliest initiative in Whitehall – 6

On 3 November 2011, the department of Business Innovation and Skills (BIS) issued a press release about midata, their "exciting" plan to empower people and make the economy grow.

On or about 26 July 2012 BIS and the Cabinet Office's Behavioural Insights Team jointly issued their midata 2012 review and consultation.

Question – in the intervening 266 days, what did BIS make?

Answer – progress.

How do we know?

Because they tell us. Norman Lamb, the minister responsible, tells us on p.8 of the review that:

I am pleased to be publishing an update on progress on midata and consulting on proposals to provide it with a statutory underpinning.

Only two paragraphs later, there's been more progress:

Under Professor Shadbolt’s Chairmanship progress has been made, with businesses, consumer groups, regulators and Government agreeing core principles about data release, commissioning research into customer attitudes and beginning work on important questions about privacy and security.

It's all go. By p.11:

Progress has been made on establishing a vision and principles. We understand better the current consumer and business perceptions and the need for safeguards when consumers use their data. And we have started to see data made available.

BIS are really quite insistent, p.27:

As this review shows, there has been progress in moving midata from a concept towards reality.

It's clearly been a hectic 266 days, in some ways, for BIS and Professor Shadbolt. What with establishing the vision. And the principles.

They've had to chat with all those businesses and consumer groups and regulators and government departments. And they've had to commission research. Exhausting.

The discovery of the need for safeguards for people's privacy, and the need for security, when you're shunting personal data around must have come as a shock.

It is inevitable in this maelstrom that a few wheels fall off the initial vision. midata was meant to give us control over our own data, as well as access to it, but now control has been dropped. midata was going to be a voluntary scheme but now, perhaps at the suggestion of the Behavioural Insights Team, the idea is to legislate and make it compulsory.

The drafting of that legislation, and generally turning the midata concept into reality, will be a struggle. How will BIS force the banks, for example, to start issuing us all with statements? Professor Shadbolt may well have to hold more discussions and commission more research to crack that one.

And someone still has to come up with a reason to believe that midata would make the UK economy grow – despite all the progress already made, there's a lot of work still to be done.

Let's finish on a positive note with some incontrovertible progress made by the midata team.

Once we've all got all our transactions with every supplier we deal with safely stored in our "personal data inventory (PDI)", as BIS call it, we're supposed to be able to process the PDI in some beneficial way using applications which the market has failed so far to deliver but which, now somehow inspired by BIS, will at last appear.

What sort of applications? This question was posed to Kirstin Green at the 9 August 2012 open forum and the answer seemed a little extempore. The "midators" have obviously thought about the question since then and on 22 August 2012 the top story on the BIS news website was Next steps making midata a reality, which includes a link to A midata future: 10 ways it could shape your choices.

The reader will enjoy all the examples given, of how midata would offer otherwise unattainable benefits which empower the consumer and expand the economy. It is invidious to choose between them.

The first example of the midata future suggests that you could use your PDI to monitor the warranties on all the equipment in your house:

Instead of losing receipts and forgetting when guarantees expire, customers can use a ‘contracts and warranties dashboard’ to keep track of their purchases.

Hard to beat but somehow the tenth example is even more cogent – you can almost feel the economy expanding as you read it, this is why the state has to take order-making powers to promote midata. It's called "Going out" and it reads, in full, as follows:

midata service providers could use an individuals purchase data to look at which restaurants and bars that user like. Taking this data, they could offer you a unique service, alerting you to new or recommended restaurants that suit your taste and location.

So where your favourite restaurant has deals or offers, you could be alerted in advance to take advantage and make a booking. Combined with other services, the programme could also indicate where you could save money or improve your health by eating elsewhere, drinking less or going out less.

midata, the loneliest initiative in Whitehall – 6

more ►

Wednesday, 29 August 2012

midata, the loneliest initiative in Whitehall – 5

BIS have no communicable reason whatever
to support their contention that midata would expand the economy

Giving people access to their transaction data will cause the UK economy to grow. That is the logic behind midata according to the department of Business Innovation and Skills (BIS).

It may seem obvious to you that the argument is valid. If you're a mooncalf.

But it isn't obvious to David Miller.

David Miller is an economist at BIS. He attended the 9 August 2012 open forum on midata and was asked what reason there is to believe that accessing our transaction data would result in an expanded economy.

Properly brought up, he answered truthfully: "obviously there would be costs at first, setting up midata, and running costs thereafter, and the expected competition could have the effect of driving prices down but the general feeling is that in the end the economy would grow as a result". By how much? "It's very difficult if not impossible to say what the macroeconomic effect would be."

No notes were taken and Mr Miller's words here are paraphrased but the implication is clear – they're flying blind. BIS have no communicable reason whatever to support their contention that midata would expand the economy.

midata, the loneliest initiative in Whitehall – 5

BIS have no communicable reason whatever
to support their contention that midata would expand the economy

more ►

midata, the loneliest initiative in Whitehall – 4

In short, BIS want the power to force companies to do something
that they're already doing.

Some readers may by now have forgotten what the point is of midata. In their own words, with a view to empowering consumers and growing the economy, the Department of Business Innovation and Skills (BIS) say, in their midata consultation document (para.6, p.11):

... we are consulting on the possibility of taking an order making power. If utilised, this will compel suppliers of services and goods to provide to their customers, upon request, historic transaction data in a machine readable format.

The banks already provide us with "historic transaction data". We've had bank statements for as long as anyone can remember and they're already available on the web "in a machine readable format". The energy companies ditto. And the phone companies. And Amazon. And ...

Futile inanity
In short, BIS want the order-making power to force companies to do something that they're already doing.

They're holding a number of open forums as part of the midata consultation process. Anyone can go. It's easy. As BIS say, "... please email midata@bis.gsi.gov.uk to attend".

Anyone who can get along to the 4 and 6 September 2012 sessions may care to ask BIS what the difference is between midata and futile inanity.

Cribsheet – deregulation
By taking powers to make companies do something it may seem that midata increases the regulatory burden on UK business. Nothing could be further from the truth. As BIS tell us (para.4, p.11):

Increased data transparency and greater consumer choice will help promote innovation and competition and could also have a deregulatory effect. By giving people access to their data in a format which is machine readable it may be possible to avoid the need for some types of regulation, for example, specifying product characteristics.

midata, the loneliest initiative in Whitehall – 4

In short, BIS want the power to force companies to do something
that they're already doing.

... we are consulting on the possibility of taking an order making power. If utilised, this will compel suppliers of services and goods to provide to their customers, upon request, historic transaction data in a machine readable format.

more ►

Monday, 27 August 2012

Andrew Dilnot and honest political debate in the UK – 1

Time was when Sir Michael Scholar was the chairman of the UK Statistics Authority (UKSA) and he said, among other things:

“One of the reasons I took this job is that having good statistics is like having clean water and clean air. It’s the fundamental material that we depend on for an honest political debate ...”

You may want to tweak Sir Michael's point a bit. You may prefer to say that there are many fundamental materials, not just "good statistics", whatever "good" means. But if you're interested in honest political debate it's hard to gainsay him, Sir Michael is onto something.

Now he has passed the baton, and it is Andrew Dilnot who is chairman of the UKSA and who leads the Government Statistical Service and thus the Office for National Statistics (ONS).

Mr Dilnot has investigated the problem of social care for the elderly and recommended to the government that there should be a cap of £35,000 on the amount anyone is expected to pay for their care. Thereafter, the government should pay for it, he says, even if the elderly person has assets of their own, such as a house which could be sold to pay for their care.

It is impossible now in the UK to get insurance cover for social care in your old age. Mr Dilnot recently described that to the BBC as a "market failure". He's wrong, isn't he? If the market values your house at £350,000, say, then thanks to the market you can afford about 100 months in a decent old people's home. The market has not failed and Mr Dilnot is wrong to say that it has.

In the same BBC interview, Mr Dilnot describes the state stepping in and taking over the payment of your social care as you "taking control of your life". Surely it's the opposite. It's the state taking control.

The cost of implementing Mr Dilnot's £35,000 cap is estimated – very possibly by the ONS – to be £750 million p.a. That is just over one one-thousandth of current public expenditure ("one per mil" or "1‰") and so, Mr Dilnot says, his plan should be adopted as government policy.

An annual contribution of £750 million to the DMossEsq executive pension plan would also represent only about 1‰ of public expenditure. Is that a reason to make such a contribution?

It's all very well chatting about what individuals can afford but there are other questions:

How much can the state afford?
Public spending in the UK stands at about £700 billion p.a. at the moment, of which about £150 billion is borrowed. Is it sustainable to continue increasing the tax burden and the level of borrowing? How long can we go on printing money, through quantitative easing or any other technique? What happens to inflation? And interest rates? And exchange rates?
With our £2 trillion national debt*, aren't we supposed to be looking for ways to cut public spending, and not increase it? When do we have to confront reality?
If we can raise another £750 million in tax, or borrow it, why spend it on social care for the elderly who own a house? Why not eye care? Or dental care? Or subsidised taxies? Why not reduce the excise duty on tobacco?
Why spend the money on a problem that doesn't need solving? People just need to sell their house and then they're in funds. Why not try to solve a real problem?
Is social care for the elderly who can afford to pay for it themselves a legitimate matter for the state to involve itself in? If so, is there any limit to state involvement?
Could the budget on some other less vital public services be cut by £750 million to pay for Mr Dilnot's dream?
The standards of some care homes for the elderly are exemplary and in other cases the standards fall below the level we expect of a zoo. How does Mr Dilnot propose to ensure that public funds will provide dignified care and not sub-zoo care?
Mr Dilnot considers individuals on the one hand and the state on the other. That doesn't exhaust the cast of actors in this play. Among others, there are families in between. Are families avoiding their responsibilities? Is the problem of social care for the elderly a failure of families? What does Mr Dilnot propose to do about that?

He doesn't burden the BBC with any of these questions. Or any answers to them.

With Mr Dilnot now in charge, the water is just a little cloudier and the air just a little less Swiss – what price "honest political debate" in the UK?

----------

* The Times, 27 August 2012, Confusion reigns over the state of British debt:

A poll for the Centre for Policy Studies found that far more people wrongly believed that the coalition intended to cut debt over the next few years than correctly believed that it expected to increase it ...

While planning to bring down the annual deficit — the difference between what the Government spends and the money it receives and the amount of extra borrowing it incurs each year — the coalition nevertheless expects to lift total government debt by £600 billion between 2010 and 2015 ...

Total government debt is £1.03 trillion, equivalent to 65.7 per cent of Britain’s total national output. Add in liabilities kept off the balance sheet and it doubles to more than £2 trillion ...

Andrew Dilnot and honest political debate in the UK – 1

Time was when Sir Michael Scholar was the chairman of the UK Statistics Authority (UKSA) and he said, among other things:

“One of the reasons I took this job is that having good statistics is like having clean water and clean air. It’s the fundamental material that we depend on for an honest political debate ...”

more ►

Monday, 20 August 2012

Civil servants are accountable to ministers ... or is it the other way round?

Whitehall is flying a kite in today's Times:

Whitehall looks to Labour as coalition tensions grow
Senior civil servants want closer links with Labour before the next general election, including helping with the party’s manifesto, The Times has learnt.

Informal discussions have taken place at the top of Whitehall on how to ease the Opposition’s possible transition to government and avoid a repeat of the policy fiascos and U-turns that senior mandarins believe have hampered the coalition since the election.

One option being considered is whether officials should be seconded to work with Labour as part of their career development. The move coincides with fears in Whitehall that the coalition is breaking up, with the two parties in government pursuing different paths over the next two years.

Civil servants argue privately that climbdowns on NHS reform, forestry privatisation, tax measures and the Lords could have been avoided if Whitehall had been involved earlier in some of the decisions ...

The polite myth is that civil servants are accountable to ministers and ministers are accountable to parliament.

No-one believes that, of course.

Civil servants don't seem to be accountable to anyone. Not to parliament, not to the common law, and not to any of the conventions of rational and responsible and dignified businesslike behaviour.

Nevertheless, it is as well to maintain the myth and avoid any Constitutional quibbling. Lady Jay and her House of Lords committee on the constitution are currently conducting an enquiry into the accountability of civil servants. No less than four former cabinet secretaries have appeared before the Committee and reaffirmed the doctrine.

If this kite flies, Lady Jay may have to invite their lordships back to clarify the position.

Civil servants are accountable to ministers ... or is it the other way round?

Whitehall is flying a kite in today's Times:

Whitehall looks to Labour as coalition tensions grow
Senior civil servants want closer links with Labour before the next general election, including helping with the party’s manifesto, The Times has learnt.

Informal discussions have taken place at the top of Whitehall on how to ease the Opposition’s possible transition to government and avoid a repeat of the policy fiascos and U-turns that senior mandarins believe have hampered the coalition since the election.

One option being considered is whether officials should be seconded to work with Labour as part of their career development. The move coincides with fears in Whitehall that the coalition is breaking up, with the two parties in government pursuing different paths over the next two years.

Civil servants argue privately that climbdowns on NHS reform, forestry privatisation, tax measures and the Lords could have been avoided if Whitehall had been involved earlier in some of the decisions ...

The polite myth is that civil servants are accountable to ministers and ministers are accountable to parliament.

No-one believes that, of course.

more ►

midata, the loneliest initiative in Whitehall – 3

The prospectus for midata, the new stock being touted around the market by the department of Business Innovation and Skills (BIS), offers consumers not just access to their transaction data but also control of it. Due diligence reveals that this is just hot air. Control of your data is not on the menu. This sort of deception annoys subscribers. No reputable stockbroker would back the issue and no stock exchange would list it.

There's not much more than that to say – BIS is trying to float a wrong 'un – but for train-spotters, chapter and verse are quoted below:

On 3 November 2011 the Department of Business Innovation and Skills (BIS) issued a press release about midata:

The Government today announced a ground-breaking partnership with 26 major organisations that will see them working together to deliver a new era of consumer empowerment ...

Today’s announcement marks the first time globally there has been such a Government-backed initiative to empower individuals with so much control over the use of their own data ...

Heady stuff. midata was going to empower us. What does "empower" mean?

Control. We were going to get unprecedented control over our data.

But what does that mean?

Take an example. When you book a flight, for example, the travel agent/website passes on your data to the airline. Your name and address, starting point and destination, dates and times, credit card number, expiry date and security number, your passport number, your date of birth and so on. Obviously. They have to.

• ALON, the Airline Liaison Officer Network, operated by UKBA, Airline Liaison Officers' "main tasks include the provision of comprehensive training for airline staff on the United Kingdom's passport and visa requirements as well as basic techniques of passenger profiling and forgery awareness"
• ATC, the Authority To Carry scheme operated by UKBA, based on API/PNR and watchlists, airlines and other carriers can have their authority to carry refused
• BERR, the Department of Business, Enterprise and Regulatory Reform, previously the DTI, Department of Trade and Industry
• BIODEV, an EU project to study the use of biometrics in visa applications
• Business Express, a registered traveller scheme like IRIS and miSense Plus
• CTA, the Common Travel Area = the UK + the Channel Islands + the Isle of Man + the Republic of Ireland
• DCMS, the Department of Culture, Media and Sport
• DCSF, the Department of Children, Schools and Families
• DfT, the Department for Transport
• DIUS, the Department of Innovation, Universities and Skills
• Eurodac, the "European fingerprint database designed solely to identify asylum seekers"
• FCO, the Foreign and Commonwealth Office
• Frontex, an intelligence driven "EU agency [which] complements and provides particular added value to the national border management systems of the Member States"
• HMRC, Her Majesty's Revenue and Customs
• IATA, the International Air Transport Association = 265 airlines
• Interpol, "the world’s largest international police organization, with 187 member countries"
• IPS, the Identity and Passport Service, an executive agency of the Home Office
• IRIS, the Iris Recognition Immigration System, a registered traveller scheme like Business Express and miSense Plus
• J-BOC, the Joint e-Borders Operations Centre, part of UKBA
• members of the travel, tourism and hospitality sectors
• miSense Plus, a registered traveller scheme like Business Express and IRIS
• NDFU, the National Document Fraud Unit, part of UKBA
• other organisations, professional, educational and NGOs with an interest in migration and border and visa issues
• overseas law enforcement and security agencies
• Project Semaphore, the database system operated under contract by IBM to collect and disseminate advance passenger information and passenger name records (API/PNR), this is presumably the database that will now be sited in Wythenshawe, as Jacqui Smith inadvertently told everyone, and used by J-BOC
• Registered Traveller Schemes, including Business Express, miSense Plus and IRIS, any accelerated entry scheme, often biometrics-based
• Sea Carrier Liaison, an equivalent to ALON, being considered, may never exist
• SISII, the Schengen Information System II, "a database containing alerts on stolen objects and persons who are wanted for extradition, who are missing or who are subject to an entry ban for a particular country", the UK failed to connect to SIS for several years and may similarly fail with SISII
• SOCA, the Serious Organised Crime Agency
• SPT, Simplifying Passenger Travel, "a joint initiative amongst a number of key parties involved in the passenger's journey: passengers, airlines, airports, control authorities, and technological suppliers"
• the EU
• the Four Countries Group = UK + US + Canada + Australia
• the Islamabad Consular Immigration Link Team
• the police
• the Risk Assessment Unit (RAU) in Accra, RAUs process 90% of visa applications at FCO overseas posts on behalf of UKVisas
• the Sponsored Family Visitor scheme, one of four categories of visa, the other three being tourist, business and student
• the Welcome to Britain Group, brings together "representatives from transport, travel, hospitality, border processes and public diplomacy organisations" under the aegis of VisitBritain
• UKBA, the UK Border Agency, previously the Immigration and Nationality Directorate (IND), = Home Office + FCO + HMRC
• UKTI, UK Trade and Investment, part of BERR, "can help you rise to the exciting opportunities and challenges that globalisation offers"
• UKvisas, previously a joint venture between the Home Office and the Foreign and Commonwealth Office, now part of UKBA
• VisitBritain, "Britain's national tourism agency"

But it doesn't stop there. Your data goes further. We live in a big and complicated world and if you care to read the joint Home Office and FCO paper on eBorders, you'll find that your travel data is passed on to all or some of the hundreds of organisations listed alongside.

If you had control over your personal data, you'd be able to delete it from ALON's database. If ATC had made a mistake in recording your personal data, you'd be able to correct it. You could say which individuals at BERR could see your personal data and which individuals couldn't. At BIODEV, you could say that you only want people to see if you're over 21, yes or no, not your actual birthday.

That sort of control would be revolutionary – as things stand, you have no control whatsoever over your personal data once you've handed it over. It would take a worldwide change of the law to give you control. That would be a revolution. Without that revolution, you can't properly be said to have control. Was midata intended to be a revolution?

Several of us asked Ed Davey, the minister responsible for midata at the time. There was no answer.

That was back in 2011. Now roll forward to the joint BIS/Behavioural Insights Team document, midata 2012 review and consultation.

Norman Lamb has replaced Ed Davey as the minister responsible for midata, and in his Foreword he says (p.8):

A key project in the [consumer empowerment/economic growth] strategy is ‘midata’ which aims to give consumers more control and access to their personal data.

There it is again. "Control". And this time there's an explanation (p.23):

The programme defined the initial vision and principles and adopted “TACT” (Transparency, Access, Control and Transfer) as key stages in the sharing of data ...

where "control" is defined as:

Providers give consumers the ability to correct, update, change settings, preferences, permissions etc.

Those quotations seem to suggest that a revolution is on offer.

Against that, the midata consultation issued by BIS (pp.10-19) makes no reference to consumers being able to correct or delete the data held on them by suppliers and there is no hint that the laws concerning access to that data by consumers are about to be changed in the UK or anywhere else. Despite all the talk, control does not seem really to be on offer, midata is arguably a false prospectus.

At the midata open forum held on 9 August 2012, Kirstin Green seemed to confirm that point – access is on offer but not control. If anyone is going to the 23 August 2012 open forum, or the newly arranged forums on 4 and 6 September 2012, perhaps they could check this point with her. You can invite yourself. As BIS say, "... please email midata@bis.gsi.gov.uk to attend").

midata, the loneliest initiative in Whitehall – 3

more ►

Tuesday, 14 August 2012

Cloud computing – we hold these truths to be self-evident ... and we're plumb wrong

Much of government IT is a mess.

That's the problem.

And cloud computing is the solution. What the UK Constitution needs is a government cloud, a G-Cloud.

Is that true? You know it is – it's a no-brainer.

Cloud computing is cheaper than the alternative and it always will be. You know that. It's more flexible – you can spin up new capacity whenever volumes rise, just like that, and switch it off at no cost the minute it's not needed. You don't need to worry, the level of security is higher than could be achieved in-house, someone else does the backups for you and keeps all the applications you have licences for up to date.

That's the sales pitch of the big suppliers of cloud computing services – Amazon, Google, Microsoft, Apple, ... And coincidentally it's the UK government's IT strategy. There can be no doubt.

Now consider this 6 August 2012 article in Wired magazine by Mat Honan:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s ...

Where was Apple's security? And Amazon's? Where were their backups? Why can't they just go to their backups and retrieve Mr Honan's digital life?

Still. Don't let this dent your confidence in G-Cloud.

Cloud computing – we hold these truths to be self-evident ... and we're plumb wrong

more ►