DMossEsq

Thursday 4 October 2012

GDS get off to a bad start, and it's only going to get worse

GDS have broken cover.

GDS is the Government Digital Service and they are responsible for a government project called "identity assurance" (IdA). They were due to announce the winners of the tender to provide identity assurance services in the UK by 30 September 2012. They missed the deadline but three articles appeared in the British press today:

Guardian: Twitter and Facebook to be used for benefit applications
Telegraph: Facebook log-ins 'to be used to access Government services'
Independent: National 'virtual ID card' scheme set for launch (Is there anything that could possibly go wrong?)

All the nonsense that DMossEsq has been blogging about has been confirmed in those articles as government policy. And not just the UK government. The US as well – cloud computing, midata, Skyscape, Universal Credit, Facebok, Google, PayPal, Twitter, GOV.UK, OIX, ...

It will take a long time to unravel. A start has been made by posting the following comment on the GDS blog:

Dear Mr Wreyford

Judging by the Guardian, Independent and Telegraph articles, we are in for a long haul. It will be some time before the Cabinet Office and the US administration abandon their plans for IdA, identity assurance.

Let's make a gentle start.

Question 1. As you say, it's more about trust than identity. The idea is to host GOV.UK on servers operated by Skyscape Cloud Services Ltd. Skyscape has yet to submit any accounts to Companies House. The company has just one director and he owns 100% of the paid-up share capital, which is only £1,000. Why do you trust Skyscape and why should anyone else?

The comment will only appear on their blog if and when GDS allow it to after moderation.

[Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

GDS get off to a bad start, and it's only going to get worse

Guardian: Twitter and Facebook to be used for benefit applications
Telegraph: Facebook log-ins 'to be used to access Government services'
Independent: National 'virtual ID card' scheme set for launch (Is there anything that could possibly go wrong?)

more ►

Wednesday 3 October 2012

Skyscape, Whitehall have no excuse, the contracts must be unwound

... irresponsible, unwise, imprudent, disgraceful ...

indefensible ...

misfeasance in public office ...

5 questions were posed to the G-Cloud team and the Government Digital Service (GDS). These questions concern Skyscape Cloud Services Ltd.

Skyscape is a new company with just £1,000 of paid up share capital and just one director, who also happens to be the only shareholder.

[Skyscape has subsequently changed its name to UKCloud: "London – August 1, 2016 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today renamed and relaunched as UKCloud Ltd (www.ukcloud.com), to reinforce the company’s exclusive focus on supporting the UK public sector in the digital transformation of services".]

You can't get much smaller than Skyscape and yet the company's wares are listed on the G-Cloud on-line shop, CloudStore. You can't get much smaller, and yet GDS have contracted with Skyscape to host GOV.UK, the new central government website. And HMRC have contracted with this one-man company to store the data currently held at local HMRC offices.

All the normal rules are broken by these baffling decisions. National assets are being entrusted to the care of what looks like a tiny, new company. Thus the five questions.

GDS have posted the questions in full on their blog but not answered them yet.

The G-Cloud team have posted an edited version of the questions on their blog and Eleanor Stewart has kindly answered three of them.

Her first answer contains an important lesson for central and local government. They cannot assume just because a company is listed on CloudStore that it is up to the job, it's up to them to satisfy themselves as to the company's strengths:

... as with everything on the G-Cloud framework the customer can determine whether they are happy with any associated risk at the point of selection

Her third answer provides another lesson. Cloud computing is commonly touted as offering all the flexibility that old-fashioned IT lacks. Ms Stewart makes it clear that there are limits to this flexibility:

Your description is a very reduced version of how some quite complex technology works ... technically correct but missing out any subtlety about the processes involved in each action. Cloud Services do indeed allow the movement of data between servers more easily than other technologies ... it can be diverted and moved anywhere within the grid (or cloud), safely and securely as long as the integrity of the data, it’s security and the processes involved are maintained.

Cloud computing is beginning to look a little less magic than is sometimes suggested by its advocates. No surprise there, we could all have guessed that but what we want to know in this case is what GDS are doing hosting GOV.UK on the servers of a tiny new company and what HMRC are up to relying on Skyscape for the safe storage of local offices' data and reliable acces to it.

Ms Stewart's second answer disappoints. We are none the wiser after reading it than before:

To purchase from G-Cloud GDS and HMRC have gone through a detailed selection process looking their requirements and the options available to them and have concluded that the Skyscape services will best met their needs and that of UK citizens.

The unbusinesslike decisions of the G-Cloud team to list Skyscape on CloudStore and of GDS and HMRC to contract with the company continue to look irresponsible, unwise, imprudent, disgraceful and indefensible. They look like misfeasance in public office.

Skyscape, Whitehall have no excuse, the contracts must be unwound

... irresponsible, unwise, imprudent, disgraceful ...

indefensible ...

misfeasance in public office ...

more ►

Monday 1 October 2012

What are GDS doing while DWP wait for an identity assurance service they can use for Universal Credit?

OIX provides a means of engaging with partners to structure alpha projects that experiment with solutions to real-world problems. These projects will morph and scale into production solutions ...

No?

Me neither.

The wordage above was assembled by Don Thibeau, the Chairman and At-large Director of OIX.

You may not remember, but you've read about OIX here on DMossEsq before. When the Government Digital Service (GDS) had their boondoggle to the White House, they rounded it off with a visit to the Open Identity Exchange.

You may have wondered at the time what OIX is. Well now you know, thanks to its At-large Director.

The GDS visit went off so well that the Cabinet Office joined OIX. An OIX Working Group was set up, devoted to the UK's identity assurance programme. And that was the occasion for Mr Thibeau's battle with natural language, Easier done than said: The challenge of third-party digital identity credentials:

How does HMG's Cabinet Office in the context of an working group encourage what they say they want, or prevent what they don’t we want, from occurring?

Good question. Mr Thibeau should take his ideas to the top. History could be made when he tells Francis Maude face to face that:

Instead of dealing with the technologically straightforward problem of the provenance of personal data and identifiers, the identity community has tried to re-architect the very way that parties transact. We've tied technical capabilities into intractable legal knots. When most business today involves bilateral arrangements, and it’s common for the RP to be the IdP, the OIX UK IDAP Working Group will take a very radical step to move to multilateral schemes and trust frameworks that embrace both legacy business models and new requirements.

That will put the carping of the legacy trolls at DWP into its proper context.

OK, GDS said it was in charge of identity assurance. And OK, GDS said that it aimed to announce which companies would be the UK's identity providers (IdPs) by the end of September. Yesterday. Which it didn't. And OK, so DWP are waiting for the Identity Assurance Programme (IDAP) to function so that they can get their technologically straightforward Universal Credit system up and running.

But you can't rush these things. Here in the real-world, it takes time for partners to engage, to experiment and to structure an alpha project before it can morph or scale into a tractable production solution operating within a multilateral trust framework, and DWP will just have to wait.

What are GDS doing while DWP wait for an identity assurance service they can use for Universal Credit?

OIX provides a means of engaging with partners to structure alpha projects that experiment with solutions to real-world problems. These projects will morph and scale into production solutions ...

No?

Me neither.

The wordage above was assembled by Don Thibeau, the Chairman and At-large Director of OIX.

more ►

Cloud computing and the Gadarene lemmings of Whitehall

It happens sometimes. You sit down to write a post and find you've already written it. In this case three months ago, HMG's cloud computing strategy – there isn't one.

In brief, Chris Chant identified 23 problems with Government IT and claimed that the solution is cloud computing and agile software engineering methods. He never stated how these remedies would solve the 23 problems and neither has anyone else.

Another way of putting which is to say that there is no Whitehall IT strategy for cloud computing. They can't give any examples of how cloud computing will help. They have no reason for creating CloudStores and contracting with a one-man band to host GOV.UK and HMRC's local office records in the cloud. They're just doing it. Because everyone else is. Allegedly.

Allegedly. The qualification has to be added because DMossEsq asked a very senior partner of a major global firm of lawyers if his firm uses the cloud and, in the politest way, he tried not to look as though he was dealing with a lunatic.

It's a breach of confidence to hand over client documents to a third party, a third party who may be anywhere in the world. The message was that his firm prefers to keep control of its data. It prefers to stay in business. The two are linked.

If Whitehall stick all our records in the cloud, they lose control of them. They lose control of their IT costs (our IT costs), the computers, the location of the computers and the staff who operate them, and they lose control of the data stored and processed on them.

Can anyone remember why Whitehall want cloud computing? Why they don't want to use their own data centres? What the return is meant to be? Why they're taking the risk?

Why are they wasting their time and our money? Why are they so intent on losing control? Is government too difficult for them? Have they given up?

Is there any sense in which Whitehall's behaviour is in the public interest? Any sense in which it's businesslike, professional, responsible, logical or dignified?

No. None.

Whitehall are behaving like a herd of adolescent fashion-driven Gadarene lemmings.

Someone wants to say that Whitehall are wasting our money with impunity and that the state of public administration in the UK is disgraceful. Or has he already said that?

Cloud computing and the Gadarene lemmings of Whitehall

It happens sometimes. You sit down to write a post and find you've already written it. In this case three months ago, HMG's cloud computing strategy – there isn't one.

more ►

Sunday 30 September 2012

30 September 2012, a big day – Dame Helen Ghosh and ex-Guardian man Mike Bracken

30 September 2012. It's a big day today. Dame Helen Ghosh's last day as permanent secretary at the Home Office. What will change when she's gone?

Will Sarah Rapson, chief executive at the Identity & Passport Service (IPS), be allowed to carry on over-charging us Brits for passports to the tune of £300 million a year?
IPS has never recovered from its failure under Sir David Normington and James Hall to implement government-issue ID cards. They suffered something like a corporate nervous breakdown. Isn't it time now at last for a new name and a re-launch?
Will Jackie Keane be able to carry on spending money like water on IABS, the Immigration and Asylum Biometric System?
Will assistant commissioner Mark Rowley at the National Policing Improvement Agency stop wasting money on mobile fingerprint equipment?
Will Rob Whiteman, chief executive of the UK Border Agency (UKBA), be able to maintain the high standards and success rates of that organisation?
Will Brian Moore's successor as chief executive of the UK Border Force ditto?
Isn't it time now to stop hosing money at CSC and VF Worldwide Holdings for their biometrics-based visa application work abroad?
Will IBM be allowed to stop bashing its head against the brick wall that is eBorders?
Is Alex Lahood (the Director of Identity Management, no less, at UKBA, please see p.9) still testing biometrics in Croydon? If so, why?
Is Marek Rejman-Greene still Senior Biometrics Advisor at the Home Office Scientific Development Branch? Ditto.

These are just some of the questions for Dame Helen's successor to ponder.

Today is also the last day for the Government Digital Service (GDS) to announce the approved suppliers of the UK's much-touted Identity Assurance Service (IAS). It really is a big day.

Will GDS meet the deadline? (Six hours to go ...)
Will they dare appoint Google and Facebook as "identity providers" to the UK?
If not, will the NSTIC folk in the US cross them off the Christmas card list?
Will Martha Lane Fox ditto?
When Universal Credit fails, will DWP get the blame or GDS?
Will the Department for Business Innovation and Skills stop pretending to want midata?
If ex-Guardian man Mike Bracken (executive director of government digital services and senior responsible ~~officer~~ owner for the identity assurance programme) can't make Estonia come to the UK, will he go there?
Will GDS's dream of inserting GOV.UK into our national payment systems come true? If so, how many weeks before we are reduced to a barter economy? Two? Or one?
Will GOV.UK replace the Government Gateway?
Will GDS's IAS succeed where James Hall's ID cards failed?
Can GOV.UK operate successfully on a cloud service operated by Skyscape, the one-man company?