What are the policy objectives and the intended effects? Giving consumers access to their transaction data will enable consumers to make better informed decisions and choose products which offer them the best value. This in turn will reward firms offering the best value because they will be able to win more customers, increasing competition and leading to lower prices, improved efficiency and greater innovation. It will allow consumers to analyse and then improve their consumption patterns, particularly by enabling third party ‘choice engines’ to process transactional data on behalf of consumers and advise them on their consumption habits and potential switching options. We expect the release of information to stimulate innovation in and expansion of third party choice engines.
"Choice engines". What a phrase. Who won the office sweepstake last week for that one?*
The idea behind midata is that you should store all your transaction data in a personal data store (PDS) hosted in the cloud, on the web, by a trusted third party like, say, Mydex. Some innovative juvenile writes an app which, given the evidence of your consumption patterns, recommends the best play to go to see in London. You give Mydex permission to share your data with WhatsOnApp® and a stream of unwanted phone calls ensues, trying to get you to see Chicago. Ditto health apps – eat more broccoli. And financial apps – earn more interest, save with Bear Sterns.
You've got to be a bit stupid anyway to open a midata account in the first place and store all your personal data in the worldwide wild West of the web with a third party you've never met and have no reason to trust. Even more stupid to go on to share your personal data with unknown third party apps.
Advocates of midata are forever promising an "ecosystem" of apps developers. That's not the answer to the question. They're more likely to create a natural habitat of the stupid.
The choices made, the preferences expressed, are a function of my personality, if you like, of my character. That's using your language. In my language, personality or character is a choice engine. And choices are made to maximise rewards.
What are the policy objectives and the intended effects?
Giving consumers access to their transaction data will enable consumers to make better informed decisions and choose products which offer them the best value. This in turn will reward firms offering the best value because they will be able to win more customers, increasing competition and leading to lower prices, improved efficiency and greater innovation. It will allow consumers to analyse and then improve their consumption patterns, particularly by enabling third party ‘choice engines’ to process transactional data on behalf of consumers and advise them on their consumption habits and potential switching options. We expect the release of information to stimulate innovation in and expansion of third party choice engines.
"Choice engines". What a phrase. Who won the office sweepstake last week for that one?*
13 November 2012 – Providers announced for online identity scheme
The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon are the successful providers chosen to design and deliver a secure online identity registration service for the Department for Work and Pensions.
The identity registration service will enable benefit claimants to choose who will validate their identity by automatically checking their authenticity with the provider before processing online benefit claims.
The Minister for Welfare Reform Lord Freud said:
"We are working with cyber security experts to ensure we are clear about the threats to the online process and we are confident that the providers announced today will offer an effective, safe and free to use identity service for future online benefit claims."
As well as offering a safe and secure system, providers will be required to offer a simplified registration process, minimise the number of usernames and passwords a customer will need to remember and reduce the costs incurred across Government for the management of Identity Assurance.
The online Identity Assurance model will be incorporated into Universal Credit as it’s developed and rolled-out. Over time Identity Assurance will become available to all UK citizens who need to access online public services.
"... providers will be required to ... minimise the number of usernames and passwords a customer will need to remember ..." – what's that all about?
At the moment, you have to know separate user IDs and passwords for logging onto Facebook, for example, Twitter, Amazon, eBay, PayPal, your bank, HMRC (self-assessment), HMRC (VAT returns), etc ... That is very inconvenient.
GDS, the Government Digital Service, the people behind identity assurance – remember, ex-Guardian man Mike Bracken is not only chief executive of GDS but also the senior responsible officer owner for the government's identity assurance programme – want to make your life more convenient.
So what they propose is that you give all those user IDs and passwords to your chosen IDP and let them log on for you. You still have to remember the user ID and password you use to log onto your IDP. But as long as you can do that, you're fine, your IDP will remember all other user IDs and passwords and log on for you.
That's obviously convenient. But is it wise?
Take a look at the seven IDPs. Which one would you trust with the user ID and password for your bank accounts? And why? You've never heard of them, have you? Apart from the Post Office. They may all be eminently trustworthy. But suppose some ne'er-do-well teenager with Asperger's hacks into them and just steals all the user IDs and passwords?
Remembering all those user IDs and passwords ourselves may be unavoidable. It may be the price we pay for security. It might be convenient to have someone do our remembering for us but, if we lose our security as a result, it wouldn't be wise.
Have DWP and GDS taken leave of their senses suggesting that we should trust unknown third parties with our user IDs and passwords?
Your only option is to minimise your inevitable losses. Make sure that if one set of defences is breached they aren't all breached. Maintain distinct logon ID-and-password combinations for each on-line service you use.
The Government Digital Service continue to try to breathe life into the corpse of their Identity Assurance programme (IDA). The service is now known as "GOV.UK Verify". GDS continue to ask us to believe against all the evidence that it is secure.
And they continue to advocate having as few logon ID-password combinations as possible on the grounds that that is convenient and the Devil take the risks. No bank would recommend that. But then the banks are liable to compensate you if your bank account is emptied by hackers. GDS aren't. If you're hacked as a result of using GOV.UK Verify, you pay.
The BBC have been drafted in to promote GOV.UK Verify. Here's an extract from BBC Radio 4's World At One news programme, 23 January 2015:
David Alexander, the CEO of Mydex, is interviewed. Mydex is one of the five "identity providers" left at GDS's identity assurance funeral. Use a Mydex personal data store (PDS), says Mr Alexander towards the end of the extract, and let that log on to all your other services for you. That will be much more convenient.
Take him, for example. Currently, he says, he has 705 logon ID-password combinations for on-line services he uses. That's awfully inconvenient. How much better to store them all in his PDS and let Mydex log on to these 705 services for him.
But hang on a minute. If one of those 705 services is hacked at the moment, he's left with 704 services that haven't been hacked. Follow his recommendation, use a Mydex PDS, and one security breach opens the door to all 705 services.
You don't need to be a genius at risk assessment to recognise the disproportionate danger of the PDS idea.
Mr Alexander is in 705 times more danger if he uses GDS's GOV.UK Verify than if he doesn't.
If someone offers you the convenience of a single logon ID-password combination, run a mile.
13 November 2012 – Providers announced for online identity scheme
The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon are the successful providers chosen to design and deliver a secure online identity registration service for the Department for Work and Pensions.
The identity registration service will enable benefit claimants to choose who will validate their identity by automatically checking their authenticity with the provider before processing online benefit claims.
The Minister for Welfare Reform Lord Freud said:
"We are working with cyber security experts to ensure we are clear about the threats to the online process and we are confident that the providers announced today will offer an effective, safe and free to use identity service for future online benefit claims."
As well as offering a safe and secure system, providers will be required to offer a simplified registration process, minimise the number of usernames and passwords a customer will need to remember and reduce the costs incurred across Government for the management of Identity Assurance.
The online Identity Assurance model will be incorporated into Universal Credit as it’s developed and rolled-out. Over time Identity Assurance will become available to all UK citizens who need to access online public services.
"... providers will be required to ... minimise the number of usernames and passwords a customer will need to remember ..." – what's that all about?
Cybercrime The magnificent power of the web is a double-edged sword. It makes it easy for us all to do our banking on-line. And it makes it easy for cybercriminals to defraud us. Huge brains are working on the side of law-abiding web users and they're holding the line. Thanks to them, fraud is held down, just, to acceptable levels. That could change. Huge brains are working on committing fraud and if they make any serious progress, eBanking and eCommerce in general could have to stop – there is no law of nature that says that eCommerce must be feasible. The web is a dangerous place to do business.
midata Nevertheless, the Department for Business Innovation and Skills (BIS) want to "empower" consumers by getting us all to store all our transactions on-line, on the web, in the cloud, on the servers of unknown so-called "trusted" third parties or their sub-contractors. Is that a good idea? Given the incidence of cybercrime, aren't BIS behaving irresponsibly? With midata, they're inciting their parishioners to take serious and unnecessary risks. They're trying to take powers to force banks, phone companies, energy companies, retailers and others to put all our transaction data on the web.
"Oi, you two, Tesco, Sainsbury's, get over 'ere",
BIS are effectively saying, pointing at the flames,
"and bring the petrol".
Impact assessment Luckily, this proposed legislation requires an impact assessment, listing the putative benefits and the associated risks, please see Impact Assessment for midata – in case of any enquiries, ring Craig Belsham or David Miller.
You remember David Miller. He's the BIS economist who said at the 9 August 2012 open forum that it's very difficult to say if midata would boost the economy. It might. It might not.
Anyway, they're onto it. Under Key assumptions/sensitivities/risks on p.4 it says:
Consumer transaction data held by firms can be valuable commercial information. There is a risk that the existence of a power to compel firms to release this data to consumers may reduce their incentive to collect the information. To minimise this risk the power will only refer to ‘raw’ factual information. Any extension of the sectors beyond energy, mobile telecoms and personal banking/ credit cards will be subject to criteria aimed at promoting price transparency. Consumers will have more of their information in an easily accessible format this could pose a risk of an increase in identity theft or fraud.
"Consumers will have more of their information in an easily accessible format this could pose a risk of an increase in identity theft or fraud" – quite. So, is midata off the menu? Too risky?
Not a bit of it.
Solved Turn to para.123 on p.48:
123. Consumers will increasingly have more of their information in an easily accessible format. With increasing amounts of this data held on home computers or with third party intermediaries, it may increase the likelihood of identity theft or fraud. This may lead to consumers increasing their own cyber security to mitigate this risk. The Government and members of the midata Interoperability Board are undertaking a programme of work to identify and address these issues, which will conclude before any secondary legislation is brought forward.
"The Government and members of the midata Interoperability Board are undertaking a programme of work to identify and address these issues" – sorted. It's hard to think of any sizeable organisation in the world from the Pentagon on down who won't be ringing Craig and David.
Cybercrime
The magnificent power of the web is a double-edged sword. It makes it easy for us all to do our banking on-line. And it makes it easy for cybercriminals to defraud us. Huge brains are working on the side of law-abiding web users and they're holding the line. Thanks to them, fraud is held down, just, to acceptable levels. That could change. Huge brains are working on committing fraud and if they make any serious progress, eBanking and eCommerce in general could have to stop – there is no law of nature that says that eCommerce must be feasible. The web is a dangerous place to do business.
midata
Nevertheless, the Department for Business Innovation and Skills (BIS) want to "empower" consumers by getting us all to store all our transactions on-line, on the web, in the cloud, on the servers of unknown so-called "trusted" third parties or their sub-contractors. Is that a good idea? Given the incidence of cybercrime, aren't BIS behaving irresponsibly? With midata, they're inciting their parishioners to take serious and unnecessary risks. They're trying to take powers to force banks, phone companies, energy companies, retailers and others to put all our transaction data on the web.
"Oi, you two, Tesco, Sainsbury's, get over 'ere",
BIS are effectively saying, pointing at the flames,
When midata was announced a year ago Rory Cellan-Jones, the BBC’s Technology Correspondent, asked “what's the catch for consumers and why is the government getting involved”? Good questions.
Lifestyle choices
... individual users were not yet being allowed to exploit all the information relating to them to make their lives easier. Armed with the information that social networks and other web giants hold about us, he said, computers will be able to "help me run my life, to guess what I need next, to guess what I should read in the morning, because it will know not only what's happening out there but also what I've read already, and also what my mood is, and who I'm meeting later on".
Thus Tim Berners-Lee, inventor of the web, interviewed by the Guardian in April.
Slightly dotty, of course – your computer will know what mood you’re in? But the Department for Business Innovation and Skills (BIS) are trying to promote their midata initiative and it suits their purpose to say, in a press release the other day, that midata will allow consumers to “make better lifestyle choices”.
Even if it was true, what business would it be of the government’s?
None. If there’s a demand for lifestyle software, let the private sector provide it.
Economic growth
BIS also claim that midata would be “good for growth in the economy”. Strange, because at the 9 August 2012 midata open forum David Miller, a BIS economist, was asked how much midata would make the economy grow by and answered, it’s very difficult to say what the macro-economic effects of midata would be.
Banks, phone companies and energy companies already provide us with detailed statements, on-line and on paper, they have done for decades, and the economy isn’t growing. So what’s new about midata?
Personal data stores (PDSs)
Answer – PDSs, please see para.2.19, p.24 of BIS's midata 2012 review and consultation. BIS want us all to have PDSs, databases storing all of our transaction data, which can be processed to make our lifestyle choices for us and which identify us uniquely.
We wouldn’t be expected to maintain the PDSs ourselves. That would be the job of so-called “trusted third parties”, who would store all our personal data on the web, where it would be continuously updated by permanent links with all our suppliers.
What personal data? The BIS press release refers us to a document of theirs, A midata future: 10 ways it could shape your choices. The answer seems to be any contracts you have entered into, any warranties you have taken out, your driving licence, your educational qualifications, your CRB report, your bank accounts, the clothes you buy, your gas and electricity usage and your neighbours’ usage, too, your health records, entertainment preferences and favourite restaurants.
It’s an extensive set of data about you. midata may not help the economy to grow but, in the PDSs which it relies on, it would provide you with an on-line ID card.
Trusted third parties
Who are the third parties you’re meant to trust with all this personal data? Only one is regularly mentioned and most people will never have heard of it – Mydex – so what reason is there to trust it?
Actually, you may have heard of Mydex. You may have read the Department for Work and Pensions (DWP) press release about the Identity Assurance Programme last week, Providers announced for online identity scheme. Mydex is one of the seven “identity providers” appointed for the UK last week by DWP. The idea is that in Whitehall’s new digital-by-default world, if you want to register for benefits, you need an identity provider to vouch for you, to say that you are you – a PDS is an ID card.
----------
They couldn’t answer them last year. Let’s see if BIS can answer Mr Cellan-Jones’s questions now.
About David Moss David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.
When midata was announced a
year ago Rory
Cellan-Jones, the BBC’s Technology Correspondent, asked “what's
the catch for consumers and why is the government getting involved”? Good
questions.
For some time now, the Government Digital Service (GDS) have made the meaning of their digital-by-default agenda clear – they want the UK to be like Estonia. It is thanks to the fact that practically every service in Estonia is delivered over the web that, back in 2007, Russia was able to bring the country to its knees in a matter of days. If GDS succeed with their "modernisation" plans, there will be nothing to stop that happening here in the UK. GDS are in awe of the financial success and popularity of Apple, Amazon, eBay/PayPal, Google and Facebook. With no experience of government behind them, the over-promoted software engineers at the head of GDS want to bring their heroes' tricks to the delivery of public services in the UK. Sensible people will see Facebook et al as latter-day Pied Pipers of Hamelin – sensible people, including the tens of thousands of public servants who will be laid off and replaced by GDS's computers when government is, as they say, "transformed". Many of these organisations are famous for avoiding tax on their UK profits and for using their near-monopolies to tyrannise their suppliers and to milk their customers. But GDS somehow maintain their naïve veneration and on 6 November 2012 they published their Government Digital Strategy. This fantasy strategy is an elaboration of Martha Lane Fox's ideas, set out in her October 2010 letter to Francis Maude, Directgov 2010 and beyond: revolution not evolution. Ms Lane Fox is the Prime Minister's digital champion, she's a historian, and when she says "revolution" she means it. Her revolutionary fervour is carried over into last week's GDS strategy, which Sir Bob Kerslake – head of the home civil service, permanent secretary at the Department for Communities and Local Government (DCLG) and previously the chief executive of first the London Borough of Hounslow and then Sheffield City Council – has greeted with a post on GDS's blog, Welcoming the Digital Strategy:
Our reform plan also made a clear commitment to improve the quality of the government’s digital services, and to do this by publishing a Government Digital Strategy setting out how we would support the transformation of digital services [how does publishing a wishlist improve the quality of public services?]. We fulfilled that commitment yesterday with the launch of the Government Digital Strategy, Digital Efficiency Report and Digital Landscape Report and I very much welcome their publication.
But why? Why does Sir Bob "welcome" this emmental cheese of a strategy? It's full of holes. Consider cutting costs/making savings for example.
Let's get our duck in a row.
Martha Lane Fox says:
Shifting 30% of government service delivery contacts to digital channels would deliver gross annual savings of more than £1.3 billion, rising to £2.2 billion if 50% of contacts shifted to digital. I strongly suggest that the core Directgov team concentrates on service quality and that it should be the "citizens' champion with sharp teeth" for transactional service delivery ...
The savings from a reduction in duplication are significant, but will take time to realise. The Government recently announced a 75% rationalisation of Government websites. It is estimated this should reduce overall Government web expenditure from around £560 million to about £200 million a year. I think there is agreement that Government can go much further than this, perhaps over time reducing overall expenditure to less than £100 million a year (and some think much less than this though I think we should be careful to manage expectations at this stage) ...
I recommend that any savings from the reduction in duplication should remain in departments, once transition costs and ongoing funding for the new central team have been taken into account.
How are we doing with managing expectations?
In his Foreword to the Government Digital Strategy Francis Maude, Cabinet Office Minister, waves a couple of high-sounding numbers around without asserting anything, the statement is short and conditional:
By going digital by default, the government could save between £1.7 and £1.8 billion each year.
The main body of the document is even more non-committal:
On the basis of historical savings achieved by existing digital services we estimate that £1.7 to £1.8 billion of total annual savings could be made by shifting the transactional services offered by central government departments from offline to digital channels. Of this, £1.1 to £1.3 billion will be saved directly by the government, with the rest passed on to service users through lower prices. These figures do not include the potential costs of a transition to digital [potCosts], but also do not include the additional savings [addSav] that could be gained from fundamental service redesign or back-end technology changes ...
Our estimates suggest that an hour spent interacting with government costs the average citizen £14.70. If just half an hour were saved by digitising every transaction currently completed offline, the total savings to the economy could therefore be around £1.8 billion. Furthermore, many public services are run by agencies that recover their costs directly through user charges, so reducing costs provides the potential for savings to be passed on to users.
Not quite an equation, we have an approximation here:
Savings p.a. ≈ £1.7 billion - potCosts + addSav
We don't have even an approximation of the values of potCosts and addSav.
But we do have the thumbs up. Digital-by-default has been given the go-ahead.
How much will it cost? We don't know.
How much will it save? We don't know.
If it saves anything, will the public be allowed to keep their own money? No, Martha Lane Fox recommends that Whitehall departments should keep it. For whose benefit is this project being conducted?
What are these savings we're talking about? Lay-offs. Lay-offs of public servants no longer needed. Replaced by computers. How many of them? When? Which ones?
What are the chances of digital-by-default working? And when – how long will it take?
How much advertising revenue could GOV.UK raise? Will GDS follow its heroes Google, Facebook et al into this – into advertising – as they have done into everything else?
Where there should be answers to these questions in the Government Digital Strategy there are just holes. Revolution is proposed with no justification. And yet Sir Bob, the head of the home civil service, welcomes this fantasy.
For some time now, the Government Digital Service (GDS) have made the meaning of their digital-by-default agenda clear – they want the UK to be like Estonia. It is thanks to the fact that practically every service in Estonia is delivered over the web that, back in 2007, Russia was able to bring the country to its knees in a matter of days. If GDS succeed with their "modernisation" plans, there will be nothing to stop that happening here in the UK. GDS are in awe of the financial success and popularity of Apple, Amazon, eBay/PayPal, Google and Facebook. With no experience of government behind them, the over-promoted software engineers at the head of GDS want to bring their heroes' tricks to the delivery of public services in the UK. Sensible people will see Facebook et al as latter-day Pied Pipers of Hamelin – sensible people, including the tens of thousands of public servants who will be laid off and replaced by GDS's computers when government is, as they say, "transformed". Many of these organisations are famous for avoiding tax on their UK profits and for using their near-monopolies to tyrannise their suppliers and to milk their customers. But GDS somehow maintain their naïve veneration and on 6 November 2012 they published their Government Digital Strategy. This fantasy strategy is an elaboration of Martha Lane Fox's ideas, set out in her October 2010 letter to Francis Maude, Directgov 2010 and beyond: revolution not evolution. Ms Lane Fox is the Prime Minister's digital champion, she's a historian, and when she says "revolution" she means it. Her revolutionary fervour is carried over into last week's GDS strategy, which Sir Bob Kerslake – head of the home civil service, permanent secretary at the Department for Communities and Local Government (DCLG) and previously the chief executive of first the London Borough of Hounslow and then Sheffield City Council – has greeted with a post on GDS's blog, Welcoming the Digital Strategy:
Our reform plan also made a clear commitment to improve the quality of the government’s digital services, and to do this by publishing a Government Digital Strategy setting out how we would support the transformation of digital services [how does publishing a wishlist improve the quality of public services?]. We fulfilled that commitment yesterday with the launch of the Government Digital Strategy, Digital Efficiency Report and Digital Landscape Report and I very much welcome their publication.
But why? Why does Sir Bob "welcome" this emmental cheese of a strategy? It's full of holes. Consider cutting costs/making savings for example.
