DMossEsq

Thursday, 6 December 2012

The savings to be expected from digital-by-default – a clarification

You thought you knew what savings are?

You thought you knew the point of digital-by-default?

Francis Maude said in his Foreword to the Government Digital Strategy that: "By going digital by default, the government could save between £1.7 and £1.8 billion each year ...".

Then in yesterday's Autumn Statement ("AS2012") the Chancellor said: "The recently published Digital Efficiency Report sets out how departments could save approximately £1.2 billion over the remainder of the current spending review period by continuing to move their transactional services online and become ‘digital by default’ ...".

So which is it? 1.2, 1.7 or 1.8? And are we talking about annual figures or the cumulative total over a period of years?

Time for some clarification.

We have tackled this matter before in Cutting costs/making savings, and GDS's fantasy strategy, where we made it clear that the £1.7/1.8 billion of estimated savings ...

represent annual figures,
exclude the cost of introducing digitisation (which might amount to £several billion),
exclude additional savings which could be made (or not), and
will be largely retained by the government (£1.1/1.3 billiion) ...
... so don't go running away with the notion that tax rates might be reduced.

So what's the £1.2 billion? Where did that figure come from?

That's the amount that could be saved by digitisation "during the current spending review period" ("SR2010"), i.e. the five years 2010-11 to 2015-16. That's what the Government Digital Service (GDS) tell us in the Digital Efficiency Report, (p.2). They then promptly confuse the matter again by telling us on p.4 that the £1.7/1.8 billion figures quoted include savings that have already been made by digitisation – it's not all new money.

At which point you may start to feel that you're never going to see any of these savings even if they do materialise. But that's not the half of it. Even more savings you never get the benefit of could be made if only "legislative blockers" were swept away (p.3), those pesky laws of the land/cultural barriers/myths that stand between us and the new world of frictionless data-sharing, please see Alan Travis – Whitehall, the Guardian newspaper and Lord Leveson.

Digitisation has been going on in Whitehall for decades. Despite which, public spending rose by 59% in real terms between 2000-01 (£443.7 billion) and 2009-10 (£705.6 billion). Saving the odd billion by introducing a bit more digitisation is neither here nor there and it certainly isn't worth losing the wisdom of the anti-data-sharing laws which we currently have on the statute book for our protection.

As things stand, with those fusty old laws still in place, GDS reckon that Whitehall can get rid of about 40,000 public servants once digital-by-default is up and running (p.19). That's based on the example of the Driving Standards Agency (p.14) who have gone from 400 staff booking driving tests in 2003 to just 75 in 2012. And on the example of HMRC (p.15) who have got rid of 2,700 staff over the past five years as so many of us have taken to submitting our VAT returns et al on-line.

Has this mass redundancy programme been cleared with the unions?

And while we're waiting for an answer to that, how long do GDS intend to take over this digital-by-default project? The magic figure they're looking at is 82%.

That's the percentage of transactions with the state undertaken by people and companies digitally. And they reckon it could take 11 years or so to get there, long enough for several changes of permanent secretary, Cabinet Office Minister and government.

And if GDS have burned their way through billions by then and there are still no savings trickling down to the public, what then?

And if all our data gets hacked in cyberspace, what then?

The Minister is accountable to parliament. Not the officials. Not GDS.

The savings to be expected from digital-by-default – a clarification

You thought you knew what savings are?

You thought you knew the point of digital-by-default?

more ►

Wednesday, 5 December 2012

Ooh, wow! GDS and The Interpretation of Tweets (Die Tweetdeutung)

What an awful job IDAP is.

No wonder the subject wishes he were somewhere –

or someone –

else.

Sigmund Freud published The Interpretation of Dreams (Die Tramdeutung) in 1900 and laid bare for all to see the precise workings of the psyche.

What would Freud have made of tweets? If only he had written it, what secrets of public administration would have been revealed by Die Tweetdeutung?

No need to guess, here are the answers.

The cleaning lady tells me that this tweet indicates that the subject prefers not to engage with anyone who disagrees with him. I cannot believe this.

The subject is chief executive of the Government Digital Service (GDS) and senior responsible ~~officer~~ owner for the UK government's Identity Assurance Programme (IDAP). He is a dedicated public servant who is clearly intent on forging a strong and pure national cultural identity.

And they say that just anyone could practise psychoanalysis, even a cleaning lady – ha!.

No. The clue lies in the food. What do trolls eat? Where do they buy it? How much of it do they need? More research needed. It is perfectly clear that the subject wishes to conserve supplies of this resource for the greater good of the nation.

One minute (19 July) the subject is the severe public servant conserving national resources (troll food).

Next minute (17 November) he is the exuberant champion of all that is modern and best (multi-coloured interactive graphics) for his parishioners (including context-sensitive advertisements for flats and houses to rent and buy).

The coltish excitement of that "Wow!" – truly a man of 140 characters!

Mapumental is an application that displays the geographical area from which it is possible to travel to a specified destination, by public transport, in a specified time. Monumental!

But will the subject's enthusiasm be reciprocated by an ungrateful public? No. When I click on the Hire us button, I find: "Mapumental's main funder was the – sadly now defunct – 4iP project, from Channel 4".

Strangely, this tweet, which was not even created by the subject, and which was merely re-tweeted by him, has given me the most pause for thought. The link takes the browser to 18 photographs of the opening ceremony of the Estonian consulate in Liverpool, mainly a lot of public officials in suits standing round a table with the statue of a bull on it.

It is always sad to see someone who feels out of place and wishes he were somewhere else. It is rare for that other place to be Estonia. (No disrespect to that no doubt fine country.)

Here we are, back again with the exuberant subject, "Ooh" look, another multi-coloured must-have?

No.

This is altogether darker than the 17 November "Wow!" tweet.

The subject has once again been attracted by a colourful icon. But this time he is luring his readers into signing up with AccountChooser, a service which invites you to log on to all of your suppliers and each time stores the log-on details in one "convenient" place so that you can effortlessly choose who you want to be on any given occasion.

Inadvisable. GDS's "identity providers" should be avoided. I may be only a psychoanalyst but it seems to me that on the web and in Estonia, and even in real life here on terror firmer, handing over the keys to your identity, to parties unknown, is imprudent. Beware.

And the subject? He's just doing his IDAP job when he recommends that people relinquish control of their own identity. His super-ego must be in overdrive, manufacturing guilt in industrial quantities. What an awful job IDAP is. No wonder the subject wishes he were somewhere – or someone – else.

S Freud (translated)

----------

Updated 14 December 2013:

'Remember, our forefathers came on foot. A very long journey, a hard one over the mountains, and taking a very long time. But, as we all know, it was worth it. It gave them all time to reflect and organize. But, above all, it gave them time to cleanse themselves of Yakawow.'

He was using a shorthand, derisive term, which encapsulated for us all the empty hedonism of the Others: even at the time of the Exodus, they had reduced their reactions to whatever they encountered to either a simple reflex negative or positive response: 'Yuck' or 'Wow' – Yakawow.

That's Susan Greenfield in 2121: A Tale From the Next Century (1 July 2013, not recommended) pursuing her idea that the excessive use of computers stops the large networks of neurons which characterise the adult brain from forming. The derivation of "Yakawow" and its early history are interesting, to a certain sort of mind at least ...

... just as maps appeal to a certain sort of mind, see Mapumental above. See also Tim Harford on maps in the second series of his Pop-Up Ideas on BBC Radio 4.

Ooh, wow! GDS and The Interpretation of Tweets (Die Tweetdeutung)

What an awful job IDAP is.

No wonder the subject wishes he were somewhere –

or someone –

else.

more ►

Monday, 3 December 2012

Alan Travis – Whitehall, the Guardian newspaper and Lord Leveson

The 25 April 2012 L Notice issued by the Cabinet Office complains about an article in the Guardian newspaper published the day before. A little detective work reveals that the article they are talking about is Government revives plan for greater data-sharing between agencies by Alan Travis, home affairs editor.

That article refers to a "recent speech" made by Francis Maude, Cabinet Office Minister. Neither the Guardian nor the Cabinet Office identifies the speech. A little detective work suggests that it is Mr Maude's keynote speech given to the Information Commissioner's Conference on 6 March 2012. That, at least, is the assumption on which we proceed here.

If the Leveson Rules are to look like anything more than the whimsical exercise of power by the Executive then perhaps we could see a few guidelines on identifying the evidence in disputes more precisely.

In his speech, Mr Maude says:

In May we will publish proposals that will make data sharing easier ... It’s my mission to get Whitehall sharing data much more effectively ... The National Fraud Authority and Cabinet Office will shortly set out the design for a counter fraud checking service as the first step to improving our intelligence sharing architecture ... the Fraud, Error and Debt Taskforce is committed to continuing to remove barriers to sharing information ... Sharing data is a key enabler in our ambition to see public services provided digitally by default ...the census is another area where I want to bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone ...

It follows that the claim made in the L Notice that "this is not a question of increasing the volume of data-sharing that takes place across government" is simply untenable – the Guardian didn't misrepresent Whitehall's policy.

The L Notice states that because the coalition government "scrapped ID cards" they can't be accused of attempting to legislate for a "database state". That doesn't follow. Mr Maude's proposal to remove the legal barriers to data-sharing – also referred to as "old-fashioned assumptions", "cultural barriers", "complexities" and "muddled myths" – would precisely result in a database state. As Mr Maude says:

... the technology has moved on and so can we. There is now an option to share data momentarily allowing us to check for matches – with no Big Brother database in sight ... In a world of dispersed data sets, we can bring fragments together instantaneously and momentarily to corroborate – without ever creating a central database ... It’s about bringing together the data at a point in time - to provide the necessary confidence - and then disaggregating it again. At no point does information need be held on the same server to be correlated ...

Same effect. A database state.

The L Notice is entitled Digital public services: putting the citizen in charge, not the state. It is not clear why. Mr Maude's speech provides no support whatever for that contention – nothing in the speech suggests that citizens will be put in charge.

Examination of the evidence suggests that the Guardian misreported nothing and that the L Notice is simply wrong.

Sometimes, though, you need to stand back, otherwise you can't see the wood for the trees, the issues need to be judged on principle, and all things considered, particularly the need for the Guardian to keep its Leveson Publication Licence, the ineluctable conclusion must be that the case stated in the L Notice is upheld and triumphantly vindicated, and Mr Travis should perhaps undergo a brief and voluntary period of re-education to assist him in his stated desire to practise his chosen profession respectfully and humbly.

Alan Travis – Whitehall, the Guardian newspaper and Lord Leveson

more ►

Saturday, 1 December 2012

Francis Maude – Whitehall, the Guardian newspaper and Lord Leveson

The accusation against the Guardian is that it misrepresented Whitehall's policy on digital public services. Explanations later, but let's get straight to the nub of the matter now – Francis Maude says in the Cabinet Office L notice:

This is not a question of increasing the volume of data-sharing that takes place across government, but ensuring an appropriate framework is in place so that government can deliver more effective, joined-up and personalised public services, through effective data-linking.

Even to a reader who knows nothing about Cabinet Office frameworks for appropriately effective, joined-up and personalised digital public services, it should be clear that the Guardian allegedly wrongly described data-linking as "data-sharing".

If the distinction eludes you, you'll just have to take Francis Maude's word for it that data-linking is Whitehall policy and a good thing, whereas data-sharing is a disgraceful slur on him personally and a bad thing, and the two should never be confused by any newspaper hoping to hold on to its publication licence.

The preceding paragraphs in the L Notice provide the background:

This dispute is all something to do with the previous government's failed ID cards scheme which Mr Maude is proud to have terminated, he is the friend of civil liberties and the friend of many other friends of civil liberties such as Which? magazine.
What Mr Maude is trying to achieve – and what the Guardian culpably misunderstood – is "the citizen in charge". Citizens need a way to identify themselves on-line so that they can apply for disabled parking permits using Mr Maude's "quick, easy and secure" digital public services. No new legislation is envisaged, it's all going to be voluntary and stakeholders will be consulted proactively.

Data-linking is the method chosen by Mr Maude, libertarian, to put the citizen in charge, and not data-sharing. That is now so clear that, come to think of it, it is impossible to understand how the Guardian made its reprehensible mistake.

Francis Maude – Whitehall, the Guardian newspaper and Lord Leveson

This is not a question of increasing the volume of data-sharing that takes place across government, but ensuring an appropriate framework is in place so that government can deliver more effective, joined-up and personalised public services, through effective data-linking.

more ►

Introduction – Whitehall, the Guardian newspaper and Lord Leveson

It is our intention in this report of our findings on the affaire Guardian to follow the example of the Guardian themselves. Now rehabilitated after their contretemps with the Leveson Rules, following some months of intensive re-education, they say of Lord Leveson's report that:

The press should treat it with respect – and not a little humility.

There speaks the voice of a truly free press. We humbly and respectfully agree.

That is the principle but what about the practice? What does it mean to report with respectful humility? How do you do it?

By way of response, the Guardian have just this to say:

The press urgently needs to find a substantial figure above the immediate fray who can approach Leveson's proposals with something like an objective eye and who can make convincing responses on merit. Nothing else, at this late hour, will command respect from the party leaders, who have embarked on a cross-party endeavour to avoid a damaging clash between politics and press.

And there is nothing more to say.

They're right.

Aristotle would agree (see Nicomachean Ethics).

We shall abide by the high standards of journalism enshrined in the Leveson Rules most definitively exemplified by today's greatest political philosopher in his colossal contributions to Twitter:

----------

Updated 10.4.14

Senior David Cameron aide 'threatened' Daily Telegraph over Maria Miller expenses

Tony Gallagher, the former editor of The Daily Telegraph, has said that David Cameron’s director of communications “threatened” the newspaper over Maria Miller’s expenses claims.

Mr Gallagher said that Craig Oliver, one of Mr Cameron’s most senior aides, phoned him to say that Mrs Miller was “looking at Leveson” after The Telegraph made inquiries about the Culture Secretary’s expenses.

Mrs Miller is the Cabinet minister responsible for the future of press regulation and the response to the Leveson inquiry into press standards ...

“Maria Miller's special adviser rang one of the reporters concerned - Holly Watt - and said to her that Maria has obviously been having quite a lot of meetings around Leveson, I'm just going to flag up that connection for you to think about and you may wish to talk to people higher up your organisation.

“The special adviser in question, Joanna Hindley, rang a senior executive at the Telegraph to make precisely that point. I then got a third call from [David Cameron's director of communication] Craig Oliver pointing out that she's looking at Leveson and implying the call was badly timed...

“When you get phone calls from a special adviser flagging up a connection to Leveson and saying you should take this up with people higher up the organisation, it can hardly be construed as anything other than a threat.”

He added: “Bear in mind this story came to light just after the Leveson inquiry was published, and bear in mind the menacing way the minister, her special advisor and Downing Street reacted to that story, and threatened me, the newspaper and the reporter in question.

"It's actually a clear example of why MPs and politicians in general should have no locus over a free press. Ironically you would know nothing about this story were it not for a free press."

Mr Oliver said Mr Gallagher’s comments were “utterly false” ...

Introduction – Whitehall, the Guardian newspaper and Lord Leveson

The press should treat it with respect – and not a little humility.

more ►

Whitehall, the Guardian newspaper and Lord Leveson – darkness at noon

On 25 April 2012 the Cabinet Office issued what we might take to be a sample L Notice, a rebuke of the press issued under the Leveson Rules:

Digital public services: putting the citizen in charge, not the state

25 April 2012

On its front page on 24 April, the Guardian ran an article on government data sharing plans which misrepresented statements the Government has made concerning existing data sharing arrangements.

Minister for the Cabinet Office Francis Maude today made a statement in response, pointing to the Government’s commitment to putting the citizen in charge, not the state ...

It would be extraordinary if the Guardian newspaper, of all newspapers, were to be the victim – and the first victim at that – of the movement for probity and compassion in the press which marches with Lord Leveson at its head.

Extraordinary because the Guardian, after all, is a centre of excellence in world journalism, with its measured and impeccably high-minded comments always supported by the responsible and dispassionate reports on world events with which its journalists fill the pages of the newspaper.

If even they, even the Guardian, can misreport Cabinet Office policy so culpably as to be issued with an L Notice, then veritably we have seen darkness at noon.

The important word there is "if". Can it be true? Did the Guardian fall from grace? Or is it just possible that actually the newspaper reported the Cabinet Office's plans to "put the citizen in charge" correctly?

This matter calls for minute investigation ...

... an investigation which has been undertaken in the public interest and which has now been completed. As soon as we receive permission, our findings will be published.

----------

Added 12.12.12:

The minister and a warning to The Telegraph before expenses story
Maria Miller's advisers warned The Telegraph to consider the minister’s role in implementing the Leveson Report before this newspaper published details of her expenses ...

Whitehall, the Guardian newspaper and Lord Leveson – darkness at noon

On 25 April 2012 the Cabinet Office issued what we might take to be a sample L Notice, a rebuke of the press issued under the Leveson Rules:

Digital public services: putting the citizen in charge, not the state

25 April 2012

On its front page on 24 April, the Guardian ran an article on government data sharing plans which misrepresented statements the Government has made concerning existing data sharing arrangements.

Minister for the Cabinet Office Francis Maude today made a statement in response, pointing to the Government’s commitment to putting the citizen in charge, not the state ...

more ►

Friday, 30 November 2012

midata – the false prospectus. Every time you look, you see another mendacious argument

There is a peril in conflating the concepts of open data and personal data

Sometimes you sit down to write a post and you get to work on it, only to find that someone else has done it first – and what's more, in 22 words flat.

How Midata will affect business and consumers

Kathleen Hall
Tuesday 20 November 2012 12:47

As the government pushes private companies to release customer data under its Midata initiative, Computer Weekly looks at what this means for the digital economy and who stands to benefit most from this new form of "consumer empowerment".

The government's Department for Business, Innovation and Skills has singled out energy companies, mobile phone firms, banks and payment companies as key organisations that should release customer data to allow consumers to make more informed decisions under its Midata initiative ...

Ms Hall goes on to describe how midata will force suppliers who already provide us with a record of our transactions to provide us with a record of our transactions.

She introduces the reader to Professor Nigel Shadbolt, co-director with Professor Sir Tim Berners-Lee of the Open Data Institute (ODI). He believes that there is money to be made by people writing apps to process personal data and help them to make better decisions.

She interviews Nick Pickles, the director of Big Brother Watch, who has reservations about midata.

And she interviews Owen Boswarva:

Owen Boswarva, open data activist, warned there is a danger of consumers being blasé about their information being passed on to third parties. He said the potential risks were in danger of being de-emphasised.

“On the face of it, this is presented as being an unalloyed good thing, and you can’t argue with having more access to data. But it will depend on the checks and balances in how this is implemented,” he said.

Boswarva said he would like to see additional processes built in to ensure data is handled properly.

“There is a peril in conflating the concepts of open data and personal data, which I feel the government may be doing,” he said.

(Boswarva links added by DMossEsq,
not in Computer Weekly article)

And there it is. In 22 words. Admirable conciseness: "There is a peril in conflating the concepts of open data and personal data, which I feel the government may be doing". That's all that needs to be said.

Glutton for punishment?

Here's the DMossEsq 1,000-word version.

25 September 2012, and the Guardian publish Time for online users to devise a transparent internet we all could trust by Alastair Crawford, the founder of 192.com.

First we get:

... consumers have much to gain through sharing personal data and by understanding what data exists on them, either for making smarter purchases or exploring commercial opportunities – the government's Midata project, being debated in the enterprise and regulatory reform bill, enables consumers to demand the transaction data companies store on them. This will allow consumers to understand their spending patterns better and become smarter shoppers.

Followed by:

... a post-Wikileaks world requires accountability – if we are not accountable, someone will account for us. Perhaps this is the thinking behind the UK government's Open Data initiative, which makes public data available so we can better understand policy decisions and see the "raw data driving government forward".

And finally:.

It's particularly important that the biggest player in this equation remains the individual. The individual must be empowered to take greater control over the use of data created by and about him. As more data is created on people, there must be an ever more sensitive balance between privacy and accountability

Never mind the fact that equations don't normally have players in them, you see what's happened there?

Against a background of transparency, trust, understanding, smart shopping, accountability, empowerment and control, the argument moves from personal data to public data and back to personal as though they should both be open, as though they're comparable.

They're not.

It is not just legitimate but essential that Whitehall expose as much data as possible showing how they spend 700 billion of our pounds every year so that we can look for ways to get better value for money. There is no such imperative for individuals to expose their personal data – which is what midata would do – and there is every reason to reveal as little of it as possible.

On that basis, Professor Shadbolt's involvement with the ODI seems nothing but benign. But why is he involved with midata? Why is the co-director of the ODI (public data) also the chairman of the quite different midata (personal data)?

The answer centres on Garlik Ltd, a company the professor collaborated with (or founded) and which has now been sold to Experian, the credit referencing agency, which is one of the UK's seven appointed "identity providers".

Garlik helps people to avoid identity theft/fraud. So Professor Shadbolt has some relevant expertise in fighting fraud. Good. But then why would he promote midata, an initiative which can only increase the incidence of identity theft/fraud as people record more and more of their personal data, including logon IDs and passwords, in their personal data stores, on the web?

Every time you look at midata you see these contradictions:

midata promises to make suppliers provide statements. But they already do.
midata promises to give consumers control over their data. But that control is not midata's to give ...
... and anyway, midata looks more like giving up control than gaining it ...
... because the way midata works is that you hand over all your data to a trusted third party you have no reason to trust ...
... who stores it on the web, which you know is a dangerous place to store it.
The advocates of midata promise loudly that it will boost the UK economy but admit that it might not ...
... while staying very quiet about the way the scheme would work in practice and particularly the dangerous need to create a personal data store on the web.
midata is supposed to help people make better decisions, but the only examples given are switching applications – switch mobile phone suppliers, switch gas and electricity suppliers, ... – and those applications already exist. We don't need new legislation.
midata involved introducing new regulations. The department for Business Innovation and Skills say it will have a de-regulatory effect.
...

It's a false prospectus. One mendacious argument after another. Of which the elision of public and personal data is just one more.

----------

Added 27.12.12:

Government revives plan for greater data-sharing between agencies
... Guy Herbert, of the No2ID campaign, said he was alarmed to see the revival of the Blair government's database state policies. "There has been a consistent – and it can only be deliberate – habit in Whitehall of conflating 'public information', which most people take to mean information about the state, with information on the public held by state agencies. This has now been hooked on to the new administration's modish transparency, and is used to suggest that 'open data' implies opening us all up to inspection at official whim. It doesn't."

midata – the false prospectus. Every time you look, you see another mendacious argument

There is a peril in conflating the concepts of open data and personal data

Sometimes you sit down to write a post and you get to work on it, only to find that someone else has done it first – and what's more, in 22 words flat.

How Midata will affect business and consumers

Kathleen Hall
Tuesday 20 November 2012 12:47

As the government pushes private companies to release customer data under its Midata initiative, Computer Weekly looks at what this means for the digital economy and who stands to benefit most from this new form of "consumer empowerment".

The government's Department for Business, Innovation and Skills has singled out energy companies, mobile phone firms, banks and payment companies as key organisations that should release customer data to allow consumers to make more informed decisions under its Midata initiative ...

Owen Boswarva, open data activist, warned there is a danger of consumers being blasé about their information being passed on to third parties. He said the potential risks were in danger of being de-emphasised.

“On the face of it, this is presented as being an unalloyed good thing, and you can’t argue with having more access to data. But it will depend on the checks and balances in how this is implemented,” he said.

Boswarva said he would like to see additional processes built in to ensure data is handled properly.

“There is a peril in conflating the concepts of open data and personal data, which I feel the government may be doing,” he said.

(Boswarva links added by DMossEsq,
not in Computer Weekly article)

more ►

Wednesday, 28 November 2012

HMRC, Skyscape and a 2nd response from Phil Pavitt

30 September 2012	G-Cloud, GDS, HMRC and Skyscape, the company with just one director, who owns all the shares – Whitehall SNAFU
11 October 2012	Open letter to Lin Homer, Chief Executive, HMRC, asking about the wisdom of entrusting their data (our data) to the cloud with Skyscape Cloud Services Ltd.
22 October 2012	Response from Phil Pavitt, Director General Change, Security and Information, HMRC, on behalf of Lin Homer.
24 October 2012	Open letter to Phil Pavitt.
28 November 2012	Response dated 26 November 2012 from Phil Pavitt, please see below:

[Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

HMRC and Skyscape Cloud Services Ltd

Dear Mr Moss

Thank you for your letter of 24 October 2012 expressing your concerns in respect of Skyscape Cloud Services Ltd suitability to host HMRC data. I apologise for the delay in responding to you.

Further to my reply of 22 October, I wanted to provide you with some more information to alleviate your concerns. I must reiterate our assurance that using Skyscape HMRC data will continue to be kept in accordance with existing legislation and HMRC security policies.

When fully operational, Skyscape Cloud Services Ltd will securely host all HMRC data currently held on office File and Print Servers (FAPS). FAPS support the work of many HMRC offices and hold data for a wide range business purposes e.g. administrative and customer related. FAPS do not hold the definitive tax records for the UK and these records remain distributed across a number of secure systems.

HMRC routinely risk assesses and tests the security of our solutions and services. Our secure connection to Skyscape will be delivered in line with HM Government standards to protect our data, with ongoing assurance checks throughout the life of this service.

As emphasised in my letter of 24 October, in order to deliver through G-Cloud, Skyscape were required to meet a set of mandatory criteria set out by Government Procurement Services (GPS) including financial standing and Experian risk assessments. Additionally, HMRC carried out its own standard taxation and financial compliance checks before awarding the contract and Skyscape passed the standards set by HMRC and Government.

All G Cloud contracts are let on a one year basis, with exit provisions agreed to transfer the data to a new supplier should this prove necessary.

Data security remains integral to HMRC and a pre-requisite of any of our data being migrated to Skyscape is for their solution, including all the constituent parts, to be formally accredited by CESG (the Communications-Electronics Security Group) to Impact Level 3 (IL3). All security aspects of the service will have to be proven in line with HM Government security standards. This will include the need to ensure the ‘cloud’ is hosted in a UK domiciled, secure data centre(s) and operated by staff with appropriate security clearance. We are also carrying out internal accreditations including Internal Risk Management and Accreditation Document Set (RMADS) and PSN risk assessments.

I trust that this answers your concerns and you are able to appreciate our decision to contract with Skyscape.

Yours sincerely

Regards

Phil Pavitt
HMRC Director General Change, Security and Information

HMRC, Skyscape and a 2nd response from Phil Pavitt

30 September 2012	G-Cloud, GDS, HMRC and Skyscape, the company with just one director, who owns all the shares – Whitehall SNAFU
11 October 2012	Open letter to Lin Homer, Chief Executive, HMRC, asking about the wisdom of entrusting their data (our data) to the cloud with Skyscape Cloud Services Ltd.
22 October 2012	Response from Phil Pavitt, Director General Change, Security and Information, HMRC, on behalf of Lin Homer.
24 October 2012	Open letter to Phil Pavitt.
28 November 2012	Response dated 26 November 2012 from Phil Pavitt, please see below:

HMRC and Skyscape Cloud Services Ltd

Dear Mr Moss

Thank you for your letter of 24 October 2012 expressing your concerns in respect of Skyscape Cloud Services Ltd suitability to host HMRC data. I apologise for the delay in responding to you.

Further to my reply of 22 October, I wanted to provide you with some more information to alleviate your concerns. I must reiterate our assurance that using Skyscape HMRC data will continue to be kept in accordance with existing legislation and HMRC security policies.

When fully operational, Skyscape Cloud Services Ltd will securely host all HMRC data currently held on office File and Print Servers (FAPS). FAPS support the work of many HMRC offices and hold data for a wide range business purposes e.g. administrative and customer related. FAPS do not hold the definitive tax records for the UK and these records remain distributed across a number of secure systems.

HMRC routinely risk assesses and tests the security of our solutions and services. Our secure connection to Skyscape will be delivered in line with HM Government standards to protect our data, with ongoing assurance checks throughout the life of this service.

As emphasised in my letter of 24 October, in order to deliver through G-Cloud, Skyscape were required to meet a set of mandatory criteria set out by Government Procurement Services (GPS) including financial standing and Experian risk assessments. Additionally, HMRC carried out its own standard taxation and financial compliance checks before awarding the contract and Skyscape passed the standards set by HMRC and Government.

All G Cloud contracts are let on a one year basis, with exit provisions agreed to transfer the data to a new supplier should this prove necessary.

Data security remains integral to HMRC and a pre-requisite of any of our data being migrated to Skyscape is for their solution, including all the constituent parts, to be formally accredited by CESG (the Communications-Electronics Security Group) to Impact Level 3 (IL3). All security aspects of the service will have to be proven in line with HM Government security standards. This will include the need to ensure the ‘cloud’ is hosted in a UK domiciled, secure data centre(s) and operated by staff with appropriate security clearance. We are also carrying out internal accreditations including Internal Risk Management and Accreditation Document Set (RMADS) and PSN risk assessments.

I trust that this answers your concerns and you are able to appreciate our decision to contract with Skyscape.

Yours sincerely

Regards

Phil Pavitt
HMRC Director General Change, Security and Information

Monday, 26 November 2012

HMRC soon to be Pavittless

Computer Weekly, 22 November 2012:

Phil Pavitt has stepped down as HMRC’s CIO to join insurance giant Aviva as global director of IT transformation ...

Under his role at Aviva Pavitt will be tasked with simplifying the firm’s IT services, and modernising and digitising its business.

DMossEsq readers have met Mr Pavitt a couple of times.

Back in May he forgot that the UK already has a Government Gateway and doesn't need GDS – the Government Digital Service – to develop a new one, even if they could.

More recently, he was deputed by Lin Homer, Chief Executive of HMRC, to explain why HMRC have decided to store all our tax records with a one-man company, Skyscape Cloud Services Ltd:

Let's hope he has time to explain this transformational decision to the public before he leaves HMRC.
And let's see if Aviva, in the name of "modernisation", will store all their insurance records in the cloud and instantly lose control of them.

HMRC soon to be Pavittless

Computer Weekly, 22 November 2012:

Phil Pavitt has stepped down as HMRC’s CIO to join insurance giant Aviva as global director of IT transformation ...

Under his role at Aviva Pavitt will be tasked with simplifying the firm’s IT services, and modernising and digitising its business.

DMossEsq readers have met Mr Pavitt a couple of times.

more ►

Identity assurance – one under the eight

On 13 November 2012 the Department for Work and pensions (DWP) announced the appointment of seven so-called "identity providers" for the new digital-by-default UK – the Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon.

We were previously led to believe that the announcement would be made on 22 October 2012. And before that we were supposed to have the news by 30 September 2012.

Publication slipped. And we still don't know who the eighth "identity provider" will be.

Two things we do know:

Whoever the eighth one is, there is clearly some reluctance somewhere, some friction. Maybe DWP aren't sure about the credentials of this eighth supplier. Maybe the eighth supplier isn't sure that it wants to be involved with IDAP, the government's tottering Identity Assurance Programme. Either way, they will start with their credibility impugned.
It's not really DWP doing the appointing. It's GDS, the Government Digital Service. GDS may be very good at designing websites. But what credentials, if any, do they have for identity assurance? The appointment is clearly giving them an embarrassing problem. More to the point, there are 21 million prospective claimants for Universal Credit in the UK. Identity assurance is meant to be operational by the Spring of 2013 for all 21 million of them. The chances of that happening are now nil. GDS's failure is extending the imprisonment in the poverty trap of millions of claimants who could be released by Universal Credit. Putting the wrong people in charge of identity assurance has miserable social consequences.

Identity assurance – one under the eight

more ►