DMossEsq

Saturday 8 September 2012

midata, the loneliest initiative in Whitehall – 11

Unable to make its case,
BIS's response
– to legislate to make midata compulsory –
is unprincipled.

Lonely old midata, not a single organisation is known to have hitched their wagon to it since 3 November 2011.

Extracts from the midata company briefing pack
July 2012

p.4:

This data enabled world has been referred¹ to as the third industrial revolution – where the size of the IT industry will be increasingly dwarfed by complementary information-enabled innovations throughout the economy. A recent report has estimated the size of the UK market for personal information at £20bn by 2020² ...

----------
1 MIT economist Erik Brynjolfsson
2 The new Personal Communication model: The rise of Volunteered Personal Information, Ctrl-Shift

p.6:

In the UK, the Information Commissioner stated in January 2011 that 80% of individuals are now concerned about protecting their personal data online,⁶ and research from Mydex showed that 76% believe their personal information has significant commercial value.⁷ ...

----------
6 http://www.ico.gov.uk/~/...
7 Available from Mydex to project sponsors.

p.10:

Under this 'subscribe to me' approach to My Details⁹, the benefits to both sides multiply greatly. Individuals have a single convenient 'dashboard', which remains under their own control, where they can undertake core relationship management tasks quickly and simply ...

----------
9 A working prototype of a personal data store-based ‘subscribe to me’ service was tested in the Mydex Community Prototype in early 2011

p.28:

The EU is working on a commitment to equip Europeans with secure online access to their medical data.¹⁵ The House of Commons Public Administration Select Committee is endorsing the need to experiment with services that help “citizens maintain their own personal data”.¹⁶ The Cabinet Office is working on an ID Assurance framework for the UK¹⁷ ...

Empowering individuals to control and manage their own data is changing the consumer /personal data environment in two important ways. Firstly, it is creating what the World Economic Forum is calling a 'new asset class': "a valuable resource for the 21st century that will touch all aspects of society".²⁰ Secondly, it is creating opportunities for 'win-win' trust-based information-sharing relationships between organisations and customers, where the routine sharing of structured information between the two parties becomes the norm. This information sharing may include previously untapped dimensions of personal data such as 'changes to my circumstances', 'my current priorities and preferences', and 'my future plans'²¹ ...

----------
15 http://ec.europa.eu/information_society/newsroom/cf/fiche-dae.cfm?action_id=233
16 “Moving to a model where the citizen maintains their own personal data with an independent, trusted provider and then can choose whether to authorise the sharing of that information with other organisations is an ambitious vision that will need to be trialled extensively.” House of Commons Public Administration Select Committee’s report on Government’s use of IT
17 http://ctrl-shift.co.uk/shop/product/55
20 World Economic Forum, 2011 Personal Data: The Emergence of a New Asset Class
21 Mydex, 2010 The Case for Personal Information Empowerment

p.39:

How big is this market for personal information management services (PIMS)?
It could be huge²⁷ ...

----------
27 According to Ctrl-Shift’s research, the market for Volunteered Personal Information (VPI)
will be worth £20bn in the UK by 2020. The World Economic Forum’s report 'Personal Data – The Emergence of a New Asset Class' describes personal data as 'the new oil', a key resource for 21^st economies.

If you are a supplier of goods or services and if you hitch your wagon to midata, the Department for Business Innovation and Skills (BIS) will send you a copy of the midata company briefing pack, wherein you will read about the exciting new "data-enabled" world, please see extracts opposite.

Wagon-hitching requires a convincing argument with independent supporting evidence and a measure of openness.

The evidence in support of midata comes, in many cases, from Mydex and Ctrl-Shift:

BIS is a fee-paying client of Ctrl-Shift
Ctrl-Shift has one shared director with Mydex and has had two
Ctrl-Shift recommends the products of Mydex
Mydex is partly funded by the Technology Strategy Board and as they tell us on their website "the activities of the Technology Strategy Board are jointly supported and funded by BIS and other government departments ..."
and the chairman of Mydex sits on the midata strategy board at BIS.

BIS is paying a consultancy to say something and then presenting it as independent advice. It's incestuous and circular.

There is a lack of independence here and a lack of openness. Ctrl-Shift do not acknowledge in their reports that they share directors with Mydex and BIS do not acknowledge either that, or the fact that they, too, share directors with Mydex.

Perhaps more companies would join BIS's midata initiative if there were better arguments in favour of personal information management systems like Mydex, if there was some independent research and if BIS and its minions were more open about their cross-pollination.

Absent that, it seems commercially prudent for suppliers to avoid midata. And they have.

Unable to make its case and get suppliers to sign up voluntarily, BIS's response – to legislate to make midata compulsory – is unprincipled.

midata, the loneliest initiative in Whitehall – 11

Unable to make its case,
BIS's response
– to legislate to make midata compulsory –
is unprincipled.

Lonely old midata, not a single organisation is known to have hitched their wagon to it since 3 November 2011.

more ►

Thursday 6 September 2012

Probably not the last victim of Sir David Normington's success

Sometimes it seems as if half the senior decision-makers in Whitehall are former Accenture partners.

But no-one writes "there must be something rotten at Accenture, when so many of their partners are on a veritable stampede for the exit".

Unlike Accenture, the UK public sector employs about six million people. (Six million!) But when one of them announced her departure last month, Dame Helen Ghosh, permanent secretary at the Home Office, what did Sue Cameron write in the Telegraph?

Why are Whitehall's top mandarins running for the exit?
There must be something rotten in the Coalition, when so many of our top civil servants are on a veritable stampede for the exit. Right across government the mandarins are shaking the dust of Whitehall from their feet and moving on to bigger, better jobs elsewhere. They include senior officials at Education, the Cabinet Office, the Ministry of Justice, International Development, Energy, and the Home Office ...

The BBC profile of her reminds listeners of the time when Dame Helen was called before the Public Accounts Committee (PAC) to explain various mishaps that took place at DEFRA while she was permanent secretary there. With "the public interest" striped into her very bones like a stick of seaside rock, Dame Helen refused to attend and had to be ordered.

She was there again yesterday, up in front of the beak, Margaret Hodge, trying to explain why she had had to hire back UK Border Agency staff and UK Border Force staff who had been previously laid off with tens of thousands of pounds in severance pay in the name of government cuts. According to Martin Beckford in the Telegraph:

Dame Helen ... defended the arrangements by saying that all of the returnees had to wait at least six months before going back to work, otherwise they would have had to repay the lump sums.

Simon Jenkins isn't going to put up with a non sequitur like that when Dame Helen is working for the real National Trust and apparently the PAC wasn't having any truck with it either:

She did however admit that the Border Agency – which has faced repeated criticism for losing track of illegal immigrants, allowing in bogus students and causing delays at airports – had got rid of too many people too quickly since the election as it tried to cut costs.

Maybe the Home Office will survive her loss after all. There could even be an article in it for Sue Cameron. And this time maybe she'll pay a bit of attention to Sir David Normington.

----------

Televised proceedings of yesterday's PAC:

See also:
Nicholas Watt, 6 March 2011, The Guardian, David Cameron calls civil servants 'enemies of enterprise'
Jill Sherman and Richard Ford, 15 November 2011, The Times, Borders row blocks first woman from top Civil Service job
Editorial, 15 March 2012, The Guardian, Civil servants and MPs: settling accounts
Patrick Wintour, 13 April 2012, The Guardian, Civil service exodus sees one third of senior officials leave
Christopher Hope, 13 April 2012, The Telegraph, A quarter of senior civil servants quit Whitehall under Coalition
Jill Sherman, 18 June 2012, The Times, Ministers demand right to sack Whitehall mandarins

Probably not the last victim of Sir David Normington's success

more ►

midata, the loneliest initiative in Whitehall – 10

Governing people is difficult. Too difficult.

Whitehall have given up.

midata is part of their alternative plan.

Governing personal data stores will be much easier.

--- o O o ---

Why is billmonitor called "billmonitor"?

billmonitor, if you remember, is a service which advises consumers what the best mobile phone tariff is for them to be on. The company behind this service is a keen supporter of midata, the Department for Business Innovation and Skills initiative, and is "Part of the government Midata board". midata is dedicated to getting the best deal for consumers, whether we're talking about mobile phone contracts or choosing the right gas and electricity suppliers or any other decision including health, education and employment decisions.

It all seems to make sense.

Until you notice that billmonitor has been in business for seven years or so and seems to have survived and maybe even thrived for all that time without needing midata.

Let's leave that for the moment, and try another question.

BIS are currently conducting a consultation on midata. They're interested in our answers to 22 questions. Questions 7, 8 and 9 are as follows:

Question 7: Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?

Question 8: Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?

Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?

Third parties? Secondary users? What on earth are they talking about?

And another thing. Who do you think wrote the following?

Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. Are you confident that your cyber security governance regime minimises the risks of this happening to your business? My experience suggests that in practice, few companies have got this right.

Answer – Iain Lobban, the Director of GCHQ, in the Foreword to 10 steps to cyber security, one of the documents referred to in yesterday's 5 September 2012 press release issued by BIS, Business leaders urged to step up response to cyber threats, in which Vince Cable, Secretary of State at BIS, announces a new initiative to get business leaders to take the threat of cyber attacks seriously.

Few companies have got cyber security right, according to GCHQ, and yet there's the same Secretary of State, Vince Cable, promoting midata and urging us all to store our personal data on the web. It seems confused. Schizophrenic even. What's going on?

Last question. Professor Shadbolt was on You and Yours yesterday, the BBC Radio 4 consumer affairs programme (16'21" to 22'35"), chatting amiably about midata, the benefits of which would be legion but he couldn't name any. He's an intelligent man. What's he doing giving such a vapid interview?

billmonitor is called "billmonitor" because it monitors your bills. You don't just hand over your last few months' mobile phone bills, once-off, billmonitor recommends that you switch from tariff X to tariff Y and that's the end of the relationship. No, you hand over your mobile phone no., your user ID and your password, and billmonitor logs on to your phone company and sits there monitoring your phone usage until Doomsday, occasionally issuing recommendations to switch from this contract to that.

billmonitor is one of these "third parties" referred to in the BIS consultation whom you authorise to access data from your suppliers. And when billmonitor processes your mobile phone consumption data they become, in the terminology of BIS's consultation, "secondary users" of the data.

You the consumer have to be very trusting to give a stranger, billmonitor, access to your phone account. Particularly in light of GCHQ's claim that most companies have faulty cyber security, including perhaps billmonitor and all the telcos they are logged in to.

BIS want us all to take that risk. For midata. There must be something in midata that BIS prize so highly, they are even prepared to recommend that we run the associated risks of cyber-crime, the financial risks and the loss of privacy.

Whatever that something is, that BIS prize so highly, it's too embarrassing for Professor Shadbolt to tell us what it is.

So it's a good job that William Heath now has told us.

William Heath, remember, is the Mydex and Ctrl-Shift man, and a few hours ago he published To understand BIS’ midata proposal it helps to understand Mydex on the Mydex blog:

The Government’s midata consultation to give consumers a statutory right to their data in electronic format affects every individual, and every major company holding customer data in the UK. But it cannot be properly understood in isolation of wider imminent changes in how personal data is managed, shared, controlled and valued.

Mydex is all about that bigger picture. So we’ve drafted a briefing note particularly for organisations responding to the midata consultation.

We support midata. It will empower individuals and at last give real teeth to the good intentions behind the Data Protection Act subject access request. It goes hand in hand with the new UK and US approaches to ID assurance [emphasis added], which we also support. We think midata needs to apply also to other UK public services including health, education and job-seeking.

The Mydex "briefing note" referred to above, Making midata work for you, explains the benefits of a Mydex PDS (personal data store). Among others:

Digital by default. If the individual agrees, organisations can establish live, permanent links to key fields (such as home address and contact details) in the individual’s data store, receiving live status updates ...

Empowering. Mydex has a distributed cloudbased [oh good] hyper-secure [see GCHQ above] architecture ...

billmonitor just collects data from your suppliers. Mydex goes one step further – after collecting the data, Mydex distributes updates from one supplier to all the other suppliers who might need to know what's changed.

Having once given your permission, you're no longer involved. You're no longer needed. "Empowered" by midata, in "control" of your data, you've become digital by default.

Which is lucky, because the government wants all public services to become digital by default, too.

And with the identity assurance provided by Mydex, they can. If everyone has a PDS and if the PDS is a requirement of every transaction, then Government can at last be transformed.

As the BBC tell us, a few clauses in the Enterprise and Regulatory Reform Bill so worthy and dull that it won't be scrutinised by many people will arm BIS with order-making powers. Thereafter, statutory instruments can be quietly laid down, unscrutinised by anyone, and midata will have all the powers of identity assurance that the Government Digital Service could wish for.

Governing people is difficult. Too difficult. Whitehall have given up. midata is part of their alternative plan. That's what the bashful Professor Shadbolt didn't want to say. Governing PDSs will be much easier.

midata, the loneliest initiative in Whitehall – 10

Governing people is difficult. Too difficult.

Whitehall have given up.

midata is part of their alternative plan.

Governing personal data stores will be much easier.

--- o O o ---

more ►

Wednesday 5 September 2012

GreenInk 9 – Vince Cable and the re-shuffle

Let's see if the Telegraph publish this letter:

From: David Moss
Sent: 05 September 2012 11:34
To: 'dtletters@telegraph.co.uk'
Subject: James Kirkup, 04 Sep 2012, 'Free-market Tories arrive to reel in Vince Cable'

http://www.telegraph.co.uk/news/politics/9521389/Free-market-Tories-arrive-to-reel-in-Vince-Cable.html

Sir

In many cases "free-market Tories" will find it difficult to "reel in Vince Cable" at the Department for Business Innovation and Skills but there is one simple step forward they can take quickly – cancel BIS's confused 'midata' initiative.

Three examples of confusion. 1. BIS wish to take order-making powers to implement 'midata'. They describe this increase in regulation as having a de-regulatory effect. 2. 'midata' is meant to expand the UK economy but BIS agree that it is impossible to predict its macroeconomic effect, which could well be negative. 3. midata is meant to empower consumers. BIS want us consumers to store all our personal data on the web which, far from empowering us, will lay us open to mass identity theft.

If the free-market Tories can stop officials wasting their time and our money on 'midata', that will be a valuable first day's work at BIS.

Yours
David Moss

GreenInk 9 – Vince Cable and the re-shuffle

Let's see if the Telegraph publish this letter:

From: David Moss
Sent: 05 September 2012 11:34
To: 'dtletters@telegraph.co.uk'
Subject: James Kirkup, 04 Sep 2012, 'Free-market Tories arrive to reel in Vince Cable'

http://www.telegraph.co.uk/news/politics/9521389/Free-market-Tories-arrive-to-reel-in-Vince-Cable.html

Sir

In many cases "free-market Tories" will find it difficult to "reel in Vince Cable" at the Department for Business Innovation and Skills but there is one simple step forward they can take quickly – cancel BIS's confused 'midata' initiative.

Three examples of confusion. 1. BIS wish to take order-making powers to implement 'midata'. They describe this increase in regulation as having a de-regulatory effect. 2. 'midata' is meant to expand the UK economy but BIS agree that it is impossible to predict its macroeconomic effect, which could well be negative. 3. midata is meant to empower consumers. BIS want us consumers to store all our personal data on the web which, far from empowering us, will lay us open to mass identity theft.

If the free-market Tories can stop officials wasting their time and our money on 'midata', that will be a valuable first day's work at BIS.

Yours
David Moss

Tuesday 4 September 2012

midata, the loneliest initiative in Whitehall – 9

BIS prove that midata is unnecessary.
Would you give a complete list of your acquaintance to a stranger?
Do you believe there is such a thing as a secure website?
Why keep a regulator and bark yourself?

--- o O o ---

Talk about lonely.

On 3 November 2011, Ed Davey MP posted 'Giving consumers the midata touch' on the the Department for Business Innovation and Skills blog and that was it – for 305 days, Mr Davey's post sat there all on its own.

Then yesterday, 3 September 2012, a second post was delivered, 'Why my data is important data', written by Stelios Koundouros, the "founder and director of billmonitor.com".

Mr Koundouros describes a number of his company's achievements, helping people since 2005 to choose the right mobile phone tariff. These successes have been achieved without there being any midata. They have been achieved using the mobile phone operators' tariffs and people's mobile phone consumption data both of which are released by the Telcos without there being any midata.

billmonitor.com's success is the neatest proof BIS could possibly have offered that midata is unnecessary.

So why does Mr Koundouros write the following, given that his story proves the exact opposite?

The implementation of the ‘midata’ vision is without doubt a prerequisite for ending confusion facing UK consumers about how much they pay for goods and services.

We are told that:

Stelios Koundouros is founder and director of billmonitor.com, and has led the company’s efforts since 2005. He holds a PhD in mathematics from Cambridge University and has carried out research at the Mathematical Institute at Oxford.

We are not told – but it is the case – that billmonitor.com is one of the 19 companies which initially expressed interest in midata, and that it is "Part of the government Midata board", according to the billmonitor.com home page. Perhaps that is why Mr Koundouros writes as he does.

There's nothing wrong with Mr Koundouros expressing his support for midata, even if he does undermine his own case. Just don't let BIS give you the impression that his is independent support.

The billmonitor.com website says:

Only you can make spending decisions
Bank level data encryption

Why this level of security?

Because, remember, in order to use the billmonitor.com service, you have to give them months and months of your detailed phone bills, they will know who you call, how often, for how long, and who you text. That personal data needs to be protected, and thus the "bank level data encryption".

Do you mind telling a total stranger as a result, who your friends and colleagues are? The people you call? Might they mind?

Do you trust Mr Koundouros's security measures?

The US Government trusted HBGary Federal's security, and just look what happened when the hackers decided to drive a coach and horses through it:

... A second example is Anonymous’ perhaps most striking operation, a devastating assault on HBGary Federal, a technology security company. HBGary’s clients included the US government and companies like McAfee.

The firm with the tag-line detecting tomorrow’s malware today had analyzed GhostNet and Aurora, two of the most sophisticated known threats. In early February 2011, Aaron Barr, then its chief executive officer (CEO), wanted more public visibility and announced that his company had infiltrated Anonymous and planned to disclose details soon.

In reaction, Anonymous hackers:
infiltrated HBGary’s servers,
erased data,
defaced its website with a letter ridiculing the firm ...
... with a download link to a leak of more than 40,000 of its emails to The Pirate Bay,
took down the company’s phone system,
usurped the CEO’s twitter stream,
posted his social security number,
and clogged up fax machines.
Anonymous activists had used a number of methods, including SQL injection, a code injection technique that exploits faulty database requests. ‘You brought this upon yourself. You’ve tried to bite the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face’, said the letter posted on the firm’s website.

The attack badly pummeled the security company’s reputation.

Stories like that are two-a-penny and you can read about 25 penceworth here. After which, you may wonder how secure billmonitor.com or any other website is.

Iran, which has suffered a number of cyber-attacks, has given up the ghost and decided to "move key ministries and state bodies off the worldwide internet". Meanwhile, in the name of midata, here's BIS luring you into storing your personal data in the custody of complete strangers on servers which could be anywhere in the world, much of which is beyond the jurisdiction of English law and emphatically out of your control.

The billmonitor.com website also says:

billmonitor was the first mobile comparison site approved by Ofcom in 2009

No doubt it was. It is Ofcom's job to regulate the Telcos. Why do we need billmonitor.com as well? And midata? If Ofcom can't do the job, why should midata be able to? Why keep a regulator and bark yourself? Surely the public interest is served by having the regulator do its job properly, and not by expensively doubling up on regulation.

midata, the loneliest initiative in Whitehall – 9

more ►