Thursday 15 March 2012

The whiff of cordite in Whitehall

Rt Hon Margaret Hodge MBE MP is making a speech today at Policy Exchange. This is the latest battle in her war to make Whitehall accountable to Parliament. Whitehall wastes our money with impunity, as it says at the head of this page. In the attempt to put a stop to this state of affairs, traditionally, Whitehall has always won hands down. Perhaps we should expect history to repeat itself.

Or perhaps not. Never has the ancien régime been led by a general as vulnerable as Sir Gus now Lord O'Donnell, the man to whom we owe the present parlous state of our national finances.

The whiff of cordite in Whitehall

Rt Hon Margaret Hodge MBE MP is making a speech today at Policy Exchange. This is the latest battle in her war to make Whitehall accountable to Parliament. Whitehall wastes our money with impunity, as it says at the head of this page. In the attempt to put a stop to this state of affairs, traditionally, Whitehall has always won hands down. Perhaps we should expect history to repeat itself.

Or perhaps not. Never has the ancien régime been led by a general as vulnerable as Sir Gus now Lord O'Donnell, the man to whom we owe the present parlous state of our national finances.

Sunday 11 March 2012

Cabinet Office using cyber security budget to increase risks to the public

Can someone advise, please, is there a polite way of asking can any British government tell its arse from its elbow?

The Cabinet Office want to deliver all public services over the web. Public services should be "digital by default", as they say.

The web is a dangerous place to be if you want to maintain secrecy/privacy and if there's any money around. The web is perfectly adapted to breach confidences and to steal money. Let today's Sunday Times make the point. In Chinese steal jet secrets from BAE they tell us that:
CHINESE spies hacked into computers belonging to BAE Systems, Britain’s biggest defence company, to steal details about the design, performance and electronic systems of the West’s latest fighter jet, senior security figures have disclosed.

The Chinese have exploited vulnerabilities in BAE’s computer defences to steal vast amounts of data on the £200 billion F-35 Joint Strike Fighter (JSF), a multinational project to create a plane that will give the West air supremacy for years to come ...

Professor Anthony Glees, director of the Centre for Security and Intelligence Studies ... said: “It seems the Chinese were getting plans which allow them to undermine the defence capacity of the country. It’s deeply unsettling that GCHQ [the government eavesdropping centre in Cheltenham] didn’t spot this for so long because they are the people who are meant to be leading the fight against cyber crime.”
There's a wide selection of cock-ups to choose from here:
  • With £200 billion at stake, the Sunday Times reported on 12 January 2012 that Royal Navy’s new jet cannot land on aircraft carriers. Never mind, you may say, it's only £200 billion and we haven't got an aircraft carrier anyway.
  • And three years ago, the Sunday Times reported that BT had bought equipment from China's Huawei telecommunications equipment company despite warnings that it could be used to "shut down Britain by crippling its telecoms and utilities" and that "government departments, the intelligence services and the military will all use the new BT network". Patricia Hewitt, trade and industry secretary at the time the contract was being negotiated, declined to intervene because it was "a competitive tender between two commercial companies". How very upright of Ms Hewitt not to let security interfere with competition.
But put those cock-ups aside. For current purposes, consider instead the following.

Rt Hon Francis Maude MP is the Cabinet Office Minister and according to his entry on the Cabinet Office website:
He leads on:

• Public Sector Efficiency and Reform
• UK Statistics
• Civil Service issues
• Government transparency
• Civil Contingencies
• Cyber security
• Overall responsibility for Cabinet Office policy and the Department
With his cyber security hat on, Mr Maude disposes of a budget of £650 million. Much-needed, judging by the success of GCHQ and BAE's attempts to fend off the Chinese.

With his public sector efficiency and reform hat on, Mr Maude wants to put Whitehall on the web. That's what "digital by default " means and that requires him to ignore his cyber security hat.

But it's worse than that. Digital by default requires something called identity assurance, a service which doesn't exist yet but is supposed one day to allow us all to prove who we are, over the web, while we're busy communicating with the government. The development of this service was unfunded until 31 October 2011 when Mr Maude announced that he'd found £10 million of public money to give it.

And where did he get this cyber security-busting £10 million from?

You can have 650 million guesses.

----------

Updated 23.6.14

Whitehall considers security shake-up

The government is understood to be carrying out a review of Whitehall organisations with a remit for electronic and computer security to determine any possibility of consolidation.

Informed sources say that one of the suggestions being considered is that CESG, the government's National Technical Authority for information assurance, should be separated from GCHQ, the signals intelligence agency.

That could mean the Cabinet Office taking over responsibility for CESG, with whom it has an ongoing relationship.
 "That could mean the Cabinet Office taking over responsibility for CESG". Oh God.

    Cabinet Office using cyber security budget to increase risks to the public

    Can someone advise, please, is there a polite way of asking can any British government tell its arse from its elbow?

    Friday 9 March 2012

    You know you've arrived when ...

    Towards the end of a long and illustrious career, already garlanded in the seats of power the world over, what bauble could possibly further crown his achievement? This was the conundrum perplexing DMossEsq.

    The Governership of Hong Kong? Too late.

    The Order of the Garter? All things considered, no.

    Could he be the next Pope? His lips are sealed.

    The answer recently came to him. At last. As so often in today's global world, it was thanks to Google.

    Enter "david moss" "cabinet office" into Google, go down to the bottom of the page, click on 3 or above and, when the page has refreshed, towards the bottom of the page you will see:
    In response to a legal request submitted to Google, we have removed 1 result(s) from this page. If you wish, you may read more about the request at ChillingEffects.org.
    One hit has been removed from Google's list. Which one? You want to know. You click on the read-all-about-it link and you get:
    Notice Unavailable

    Defamation Complaint to Google
    Sent by: [individual]
    To: Google

    The cease-and-desist or legal threat you requested is not yet available.

    Chilling Effects will post the notice after we process it.
    Defamation? What defamation? This could be fruity. Who is the individual who complained? There is a certain dignity in these matters. Pray God it's not someone dull.

    ChillingEffects.org? No, me neither.

    Some sort of a kangaroo court? No. According to their website, Chilling Effects is:
    A joint project of the Electronic Frontier Foundation and Harvard, Stanford, Berkeley, University of San Francisco, University of Maine, George Washington School of Law, and Santa Clara University School of Law clinics ...

    Chilling Effects aims to help you understand the protections that the First Amendment and intellectual property laws give to your online activities. We are excited about the new opportunities the Internet offers individuals to express their views, parody politicians, celebrate their favorite movie stars, or criticize businesses. But we've noticed that not everyone feels the same way. Anecdotal evidence suggests that some individuals and corporations are using intellectual property and other laws to silence other online users. Chilling Effects encourages respect for intellectual property law, while frowning on its misuse to "chill" legitimate activity.
    Mystifying. Has DMossEsq defamed someone? Allegedly. Has someone allegedly defamed DMossEsq? Who knows? It's not clear. Let's hope that Chilling Effects hurry up and process the "cease-and-desist or legal threat" submission. The suspense waiting for them to post their notice will be hard to bear. Is DMossEsq at last the subject, or even the object, of that must-have for a career to be complete, a superinjunction?

    You know you've arrived when ...

    Towards the end of a long and illustrious career, already garlanded in the seats of power the world over, what bauble could possibly further crown his achievement? This was the conundrum perplexing DMossEsq.

    The Governership of Hong Kong? Too late.

    The Order of the Garter? All things considered, no.

    Could he be the next Pope? His lips are sealed.

    The answer recently came to him. At last. As so often in today's global world, it was thanks to Google.

    Wednesday 7 March 2012

    The behaviour of the Cabinet Office is infantile

    The Government Digital Service operate a blog so that we can all see what they're up to.

    GDS is part of the Cabinet Office and what they're meant to be up to is making public services more efficient.

    On 6 March 2012, one Bob Kamall published a post on the GDS blog called Engaging With The Hard To Reach. It's all about his visit to a charity in Southwark, St Mungo's, which provides care for the homeless.

    You can read Mr Kamall's post. But you won't believe it.

    The following comment has been submitted in response. Will it be published? Will the Cabinet Office pay any attention?
    Mr Kamall

    In the circumstances, the Riot Act will now be read.

    You say:
    We recognise that if we are to succeed in driving channel shift to digital then services and transactions need to be developed with a relentless focus on users. We want to make use of the most innovative and versatile technology to deliver products that match industry leaders while ensuring that no-one is left behind.
    You mean:
    We recognise that if we are to focus relentlessly on users then concentrating on driving channel shift to digital is to miss the point. In public services we are the industry leaders and there is no comparison with the Facebooks and Amazons of this world – they can leave people behind, we can’t. Our job cannot be achieved by the use of innovative and versatile technology. That is for children. We are grown up and responsible. People depend on our services and we know it.
    You say that you want to show how GDS can engage with the hard to reach. There are nine or ten million of them, Bob. All that you actually offer in your post is oiling bicycle chains in the basement of St Mungo's.

    In 18 months time DWP's Universal Credit goes live. When the public realises that nine or ten million people have been excluded from the universe by default there will be fury in the land. DWP will be blamed. And DWP will blame GDS, pointing to ex-Guardian man Mike Bracken's post Identity: One small step for all of Government in which he unwisely pretends to have control over DWP.

    The Cabinet Office will then look like a branch of St Mungo's in Whitehall, a junior school feeding the main one in Southwark. A junior school housing a roster of unfortunate derelicts incapable of dealing with reality. Derelicts in need of care, expensively provided by taxpayers whose patience has run out.

    People will re-read Paul Downey's Blurring Boundaries post:
    I joined GDS because there's nothing cooler than working on something that touches so many peoples lives ... sitting on one part of the floor can feel a little like being in a bouncy castle. There's a nice kitchen that's only missing one essential bit of kit: we could really do with a dishwasher! ... Rather impressively by lunchtime of my first day I'd been given a Cabinet Office Email address (accessible using Google Apps for Business), a laptop (a security hardened 13" MacBook Air) ... Just before heading home we decided to create a commemorative Valentine's Day homepage for GOV.UK. A Kanban card was added to the sprint wall and Ben quickly came up with a design. I sat with James Weiner and Dafydd Vaughan whilst we built, tested and deployed the new ‘heart-shaped wood’ homepage, meaning I witnessed concept to delivery all in the space of half an hour.
    And through the blur they will see an expensive Eton in SW1 housing the Potemkin equivalent of the privileged children of the aristocracy, but without Eton's success rate, more like the op-ed team of the Guardian, forever insulated from reality, or at least until the money runs out, also in 18 months time:
    On my first day I hung my satchel on a peg with my name on it. Me and Pete did a potato print of a flower. It was cool.
    No wonder Universal Credit didn't work, people will say, looking back in 18 months time. And even if the front end had been delivered it couldn't have worked because some hippy teaching assistant in the second form had switched off the Government Gateway, promising to replace it with a cloud, the answer is blowing in the wind, man.

    And even before that, before October 2013 – which to us old people by the way is just around the corner, like tomorrow – GDS and DWP are promising to have provided 21 million Brits with an electronic identity by the Spring of 2013. That's what it says in the OJEU ITT. What drugs are you dealing in that bouncy castle? After eight years of unstinting political support and an unlimited budget IPS had issued just 4,000 ID cards. And GDS think they can equip 21 million people with working accounts six months after awarding the IdA contract, do they? Including nine or ten million who have never used the web? On which planet?

    And who is the contract going to be awarded to? Not the chicklets in the Technology Strategy Board incubator. They haven't got the scale. Not the banks. Why would they want their brands destroyed by confessing to any connection with this train crash? Who does that leave?

    Facebook and Google. Take a look at ex-Guardian man Mike Bracken's asinine what-I-did-on-my-holidays post, Thoughts on my recent trip to the West Coast with Francis Maude, Minister for the Cabinet Office:
    Andrew Nash, Google's Director of Identity, ran us through the current issues facing identity.He explained how Google aim to grow and be part of an ecosystem of identify providers, and encouraged the UK Government to play its part in a federated system. The UK ID Assurance team and Google agreed to work more closely to define our strategy – so look out for future announcements. Andrew also took the opportunity to walk the Minister through the Identity ecosystem.
    There is no trust in Google. Or Facebook. GDS's claims that they can create trust are laughable, like the magician at a children's party who claims to have pulled a white rabbit out of an empty top hat. GDS can't create trust at the throw of a switch. They can't create a market where there is none. They can't create an ecosystem.

    Do you have any idea what these infantile delusions look like to the grown-ups not yet in St Mungo's? Can you imagine what they make of it in Brazil? Or the US? Or Russia or China?

    They must look on amazed that a once-adult country has entrusted its public services to a group of imbeciles in a nursery school chanting the word "agile".

    What does Ian Watmore think he's doing?

    Why does Francis Maude put up with it?

    If I don't tell you, someone else will. You're making fools of yourselves. At public expense. There will be tears before teatime, Bob. You're facing disaster and public humiliation, quite properly, unless you guys wake up quickly, come out of your privileged little bubble, sort yourselves out and shape up.
    Cribsheet:
    • The Cabinet Office have failed before with this plan. It was called "transformational government" then. Only the name has changed. There is no reason to believe they can succeed this time.
    • As the name suggests, the Government Gateway is the computer system that many adept individuals and organisations in the UK currently use to communicate with the government. Unlike the "open source" code on which GDS's dreams depend, the Gateway actually exists. GDS want to throw it away and replace it with a government cloud, G-Cloud, that will look more like their juvenile heroes' websites – Amazon and eBay and Google and Facebook – replete with an ad server (see p.9) so that we can all book a holiday while submitting our tax returns.
    • GDS are acting under the influence of Martha Lane Fox's "digital by default" initiative. All public services are to be delivered over the web and only over the web. They ignore the problems of cyber security. And they ignore the fact that between nine and ten million people in the UK have never used the web and will be excluded by default.
    • GDS depend on IdA, a putative identity assurance service somewhere in the currently non-existent G-Cloud, a sort of private sector ID card scheme without the cards. IdA doesn't exist. There is no such thing as IdA. Another hole at the heart of their plans, along with security, and accessibility by their parishioners.
    • Any lawyers present might like to consider whether IdA requires primary legislation. There isn't any and there's no time left before the IdA contracts are to be awarded in the Summer of 2012 to fill the hole.
    • The problems of large computer systems persist. GDS's modish references to "cloud computing" and "agile" systems development methodologies have not made them go away.
    • Anyone with any energy left after getting to grips with the Cabinet Office and DWP could use it up looking at the related Department of Business Innovation and Skills midata project.
    • As for the Guardian, on 8 August 2011 they wrote in their own paper: "Andrew Miller, the GMG [Guardian Media Group] chief executive, has warned that the group could run out of cash in three to five years if the business operations did not change, adding that the newspapers would aim to save £25m over the next five years, releasing funds to be reinvested in other activities". The Daily Telegraph's 16 December 2011 article reported the closure of some Guardian supplements, the curtailment of others, several hundred redundancies and a so far unimplemented plan for the Guardian to get out of printing paper altogether.
    ----------

    Updated 22 November 2013:

    Ex-Guardian man Mike Bracken made a speech on 16 October 2013, Redesigning Government, in which he argues, among other things, that you've got to have fun at work. No argument with that.

    But what do you call fun?

    The clip below, from his speech beginning at 26'17", suggests that it's a pretty infantile idea of fun at GDS and confirms that the infantilism identified in the post above was built in to the human resources management policy right from the start:


    How do you motivate adults? The finest minds in digital? This generation? The GDS answer is apparently bunting, stickers, fluffy mascots, animal costumes and cake.


    Updated 29.4.15

    It's over three years since the post above was published. DMossEsq had forgotten about it. Then it was cited linked to in an ElReg special report yesterday, The Government Digital Service: The Happiest Place on Earth.

    It's over 18 months since DMossEsq added the update immediately above, dated 22 November 2013, with its reference to GDS's human resources management policy.

    Then lo.

    And behold.

    ElReg's special report quotes extensively from an external consultancy report on GDS's human resources management policy commissioned to "examine staff morale and high turnover at the Government Digital Service". The special report includes the following and three more pages like it:
    The most scathing findings are reserved for the top management, who GDS' own staff say created a “chumocracy”. This would have consequences for morale, contributing to a high turnover of staff.
    Far from being the happiest place on earth, GDS bears an uncanny resemblance to the island in Lord of the Flies, if the external consultants are to be believed. The Northcote-Trevelyan principles which have governed Whitehall for 161 years now seem to have been ignored when GDS was established and in its operation thereafter.

    The consultancy in question is The Art of Work and they have a spectacular client list. There's no reason not to believe their report and there has been no rebuttal from GDS.

    GDS are meant to tell the rest of Whitehall how to organise their IT. There are suggestions that they should in future also have the right to tell local government how to do its IT job. GDS's instructions may henceforth carry a little less weight.

    The attractions for respectable organisations to risk their brand by becoming associated with GDS's GOV.UK Verify (RIP) may similarly be reduced.


    Update 30.4.15

    A number of people are doing their best to be fair, in light of the criticism GDS are currently facing, particularly this report on staff unrest. Quite right too, of course.

    GDS can't respond themselves. They are currently in purdah. True. But they haven't responded to criticism in the three or four years of their existence. Nothing new there. And that's one of the observations of the report, an institutional inability to imagine that GDS is ever wrong.

    GDS is constrained by civil service pay scales. True. But many people work for less. And perhaps part of the need for GDS to "transform government" arises from the fact that the rest of the civil service is also constrained by civil service pay scales.

    Purdah, the dangers of groupthink and the problems of a limited budget affect the whole civil service. GDS are being accused of something special:
    Last year, the UK's Cabinet Office asked an external management consultancy to examine staff morale and high turnover at the Government Digital Service. After interviewing more than 100 civil servants, its scathing confidential analysis described an organisation beset by low morale and run by a “cabal” management of old friends, who bypassed talent in favour of recruiting former associates – while Whitehall viewed GDS as “smug” and “arrogant”.
    No-one is going to try to defend GDS if they really are operating an unmeritocratic old boys' network. Not even the esteemed editor of Computer Weekly, Bryan Glick, who yesterday published If not GDS, then what?, where he is clearly playing devil's advocate.

    Mr Glick quotes extensively from a paper written by Alan Mather in 2003 predicting that the attempt to transform government will always meet an aggressive response. True.

    Many people will know, from his Tweeting if nothing else, that Mr Mather is an exceptionally pleasant person. Others will know how modest he is and how very effective he was in making the Government Gateway a reality.

    The Gateway has provided a way for individuals and companies to transact with the government on-line for the best part of 15 years now. It continues to operate despite being starved of resources. Its replacement, promised by GDS, is nowhere to be seen.

    No-one could imagine Mr Mather operating a cabal of old friends, mushroom-managing the rest of the staff and strutting around the world sneering at his Whitehall peers. The special merit of Mr Glick's article is that he provides an answer. There is an alternative:
    Q. If not GDS, then what?
    A. Alan Mather.


    The behaviour of the Cabinet Office is infantile

    The Government Digital Service operate a blog so that we can all see what they're up to.

    GDS is part of the Cabinet Office and what they're meant to be up to is making public services more efficient.

    On 6 March 2012, one Bob Kamall published a post on the GDS blog called Engaging With The Hard To Reach. It's all about his visit to a charity in Southwark, St Mungo's, which provides care for the homeless.

    You can read Mr Kamall's post. But you won't believe it.

    Tuesday 6 March 2012

    Always ahead of the game, the Daily Telegraph gets its April Fool's Day story in early

    The Whitehall efficiency drive that increased costs

    A seven-year government efficiency programme has backfired and increased costs for the taxpayer by hundreds of millions of pounds, a public spending watchdog said.

    10:00PM GMT 06 Mar 2012
    Whitehall departments have spent £1.4 billion in an attempt to save £159  million by sharing “back-office’’ functions such as personnel and procurement ...

    The [National Audit Office] discovered that the Department for Transport system had so far cost £129 million more to set up and run than it had saved ...

    Another unit, set up by Research Councils UK, has recorded a net cost to the taxpayer so far of £126 million ...
    See also Shared services disaster: a gain for some officials and ERP suppliers?

    Always ahead of the game, the Daily Telegraph gets its April Fool's Day story in early

    The Whitehall efficiency drive that increased costs

    A seven-year government efficiency programme has backfired and increased costs for the taxpayer by hundreds of millions of pounds, a public spending watchdog said.

    10:00PM GMT 06 Mar 2012
    Whitehall departments have spent £1.4 billion in an attempt to save £159  million by sharing “back-office’’ functions such as personnel and procurement ...

    The [National Audit Office] discovered that the Department for Transport system had so far cost £129 million more to set up and run than it had saved ...

    Another unit, set up by Research Councils UK, has recorded a net cost to the taxpayer so far of £126 million ...
    See also Shared services disaster: a gain for some officials and ERP suppliers?