GDS's misplaced faith and the governance of Whitehall

Today we announced some small but important changes in governance. The detail is here but the upshot is: we won’t have a cross-government Chief Information Officer (CIO) any more, nor a Head of Profession for Information and Communications Technology (ICT). We are moving responsibility for these capabilities to the Government Digital Service and we are closing some cross-government boards in various technology areas and reviewing the rest in order to make sure we are set up as efficiently as possible.

Thus ex-Guardian man Mike Bracken writing today in a post on the Government Digital Service (GDS) blog, Of the web, not on the web. He's the executive director of GDS and the senior responsible officer owner for the pan-government identity assurance programme (IDAP, failed).

Take a look at the quotation above:

• We won't have either a cross-government CIO or a head of the ICT profession any more, he says. False, because he goes on to say that responsibility for these capabilities is moving to GDS. So we will have a cross-government CIO and a head of the ICT profession and they will both be GDS.
• Some cross-government technology boards are already being closed down, he says, and the future of others is being reviewed. GDS looks like having more and more of the field to itself, the competition is being wiped out.
• These changes in governance are described by the ex-Guardian man as small. Clearly false. Healthy plurality is dwindling. More and more power is being centralised in GDS. That is a big change.

It's unfortunate timing, given that the death of IDAP was announced on the same day, RIP – "the challenge now is not about information technology, but about designing, developing and delivering great, user-centred digital services", a challenge which GDS could not rise to.

Alarm bells may ring. Is GDS the right place to centralise power?

They may ring even harder when you read this:

... the people and organisations with which we work must be imbued by the culture and ethos of the web generation. ... we have to put digital leaders and Chief Operating Officers (COOs) in the driving seat across government. ... we are not just on the web, but of the web. And our culture and governance must reflect that.

This quasi-religious worship of the web is a recurring theme. Think back to 17 October 2012 when the ex-Guardian man published Why GOV.UK matters: A platform for a digital Government including his meaningless bon mot:

GOV.UK is not Government on the Internet, but of the Internet.

GOV.UK is neither government on the internet nor government of the internet. GOV.UK is a website. And nothing more.

This GDS religion/culture/ethos with its digital leader apostles and its veneration of Lady Lane Fox has already failed. Despite the blessing given by Tim O'Reilly, it has failed to provide the identity assurance service that was needed to support digital by default.

Since that was its only job we had better look elsewhere for salvation.

GDS's misplaced faith and the governance of Whitehall

Today we announced some small but important changes in governance. The detail is here but the upshot is: we won’t have a cross-government Chief Information Officer (CIO) any more, nor a Head of Profession for Information and Communications Technology (ICT). We are moving responsibility for these capabilities to the Government Digital Service and we are closing some cross-government boards in various technology areas and reviewing the rest in order to make sure we are set up as efficiently as possible.

Thus ex-Guardian man Mike Bracken writing today in a post on the Government Digital Service (GDS) blog, Of the web, not on the web. He's the executive director of GDS and the senior responsible officer owner for the pan-government identity assurance programme (IDAP, failed).

GDS's Identity Assurance Programme goes up in smoke

Computer Weekly, 14 March 2013:

IDA services put on ice for Universal Credit delivery

Only the other day there we were, weren't we, asking if the Government Digital Service's pan-government Identity Assurance service is up and running yet. They had promised that it would be "fully operational" for 21 million Department for Work and Pensions claimants "by March 2013".

Well now, thanks to Computer Weekly, we know the answer.

No mention was made of the use of IDA in the DWP’s Local Support Services Framework ... Instead, the paper referenced the issuing of PIN numbers to users for their online accounts ...

GDS talked a good game once. Is there any hope now for IDA?

No. Judging by this 12 March 2013 post on their blog, Identity Alphas, GDS are innocents abroad in the world of identity management.

"Where did it all go wrong?" You may well ask.

GDS's Identity Assurance Programme goes up in smoke

Computer Weekly, 14 March 2013:

IDA services put on ice for Universal Credit delivery

Only the other day there we were, weren't we, asking if the Government Digital Service's pan-government Identity Assurance service is up and running yet. They had promised that it would be "fully operational" for 21 million Department for Work and Pensions claimants "by March 2013".

Well now, thanks to Computer Weekly, we know the answer.

No mention was made of the use of IDA in the DWP’s Local Support Services Framework ... Instead, the paper referenced the issuing of PIN numbers to users for their online accounts ...

GDS talked a good game once. Is there any hope now for IDA?

No. Judging by this 12 March 2013 post on their blog, Identity Alphas, GDS are innocents abroad in the world of identity management.

"Where did it all go wrong?" You may well ask.

The Identity & Passport Service, biometrics and your money

Roll up, roll up

and watch a collection of goldfish

set light to a £15 million pile of notes

and reduce it to ashes.

The Identity & Passport Service (IPS) is an executive agency of the Home Office.

IPS were meant to issue us all with ID cards.

ID cards were meant to solve all our problems. Terrorism, crime, border control, you name it, think of a problem, ID cards would solve it.

And they were meant to make our lives easier. With ID cards, so it was said, it would be easier to open a bank account, easier to get a job, easier to prove your right to state benefits, easier to travel domestically and abroad, you name it, think of any transaction, ID cards would make it easier.

The UK ID card scheme had unstinting political support from July 2002 onwards from two prime ministers (Blair and Brown), five home secretaries (Blunkett, Clarke, Reid, Smith, Johnson) and the whole of Whitehall. The scheme had unstinting assistance from the best management consultants and contractors. Asked at one stage whether the budget had been exceeded, the Home Office said no, it couldn't be, there wasn't a budget. The media were largely in favour and, to start with, so were the public.

And yet it failed. By December 2010 when the Identity Cards Act 2006 was repealed, IPS had to admit that there was nothing to show for £292 million of public expenditure. Nothing. Absolutely nothing.

The effect of complete failure on IPS was traumatic:

• Their chief executive retired and four other members of the board were dispensed with.
• IPS departed its smart new offices at Globe House and moved back home to Marsham St.
• When the Cabinet Office launched its new identity assurance programme, contractors went out of their way to say explicitly that they couldn't be associated with it if IPS were seen to be involved.
• And not just the contractors. The Department for Work and Pensions, IPS's own peers, denounced them.
• Asked why IPS – the Identity & Passport Service – were excluded from the identity assurance programme, the Cabinet Office said simply that they were "still reeling".

When a laboratory rat presses button B and gets an electric shock, he stops pressing button B. Not so the goldfish of IPS. Each time they swim round the bowl it comes as a surprise to them, oh look, there's a castle.

The distinguishing feature of IPS's ID card scheme was biometrics. Biometrics would allow people to be identified uniquely. Biometrics would allow people to have their identity verified. The scheme depended on biometrics being reliable. They're not. That's one reason why it failed.

You'd think they'd learn. But no. Here they come round the bowl again and what's this? A castle? No. Face recognition biometrics. Just what we need.

Hat tip to Toby Stevens, IPS today issued an invitation to tender (ITT) for a face recognition system:

II.1.5) Short description of the contract or purchase(s) The Identity and Passport Service (IPS) requires a Facial Recognition System (FRS) to help determine an applicants entitlement to and eligibility for a British Passport. The Authority intends to deliver capability to undertake Biometric Verification and Biometric Identification (including searching against a second instance referred to as a watchlist (WL)) checks on all passport applications. The architecture will comprise a Facial Recognition Engine, and a Facial Recognition Workflow capability which includes business rules, management information, audit and a data interface from an existing application system. The solution will use existing IPS biographic and biometric information as part of the FR checks, with appropriate data stored with each check ...

They're offering a five-year contract worth between £6 million and £15 million to the lucky winners. Excluding VAT.

The ITT stipulates a number of throughput conditions that have to be met, e.g. the face recognition system has to be able to:

o Return a result from a Biometric Verification in under 10 seconds on 99.5% of searches. o Return a result from a Biometric Identification search under 60 seconds on 99.5% of searches. o Return a result from a Biometric Verification (WL) search in under 20 seconds on 99.5% of searches.

but there is no stated requirement for the system to be reliable. Which is lucky for the contractors. Because all the published tests of mass consumer face recognition suggest that IPS would be better off tossing a coin than using this flaky technology.

What IPS do insist on in the ITT is:

the capability to adjust the threshold for matching based on business drivers e.g. demand levels.

If IPS have a lot of staff on one day, then they might turn the dial up and make it a bit harder for your face to match the photograph stored on their register. If on the other hand there's a bit of a staff shortage, then they can turn the dial down and just let everyone match. Which rather gives the lie, doesn't it, to the suggestion that this charade has got anything to do with your identity, which doesn't vary with demand levels.

Most likely, IPS will lay off a lot of staff and then, like the UK Border Agency, re-recruit them when they re-discover that the technology that was meant to replace them doesn't work.

Lessons learnt? None. Roll up, roll up and watch a collection of goldfish set light to a £15 million pile of notes and reduce it to ashes.

The Identity & Passport Service, biometrics and your money

Roll up, roll up

and watch a collection of goldfish

set light to a £15 million pile of notes

and reduce it to ashes.

The Identity & Passport Service (IPS) is an executive agency of the Home Office.

IPS were meant to issue us all with ID cards.

ID cards were meant to solve all our problems. Terrorism, crime, border control, you name it, think of a problem, ID cards would solve it.

And they were meant to make our lives easier. With ID cards, so it was said, it would be easier to open a bank account, easier to get a job, easier to prove your right to state benefits, easier to travel domestically and abroad, you name it, think of any transaction, ID cards would make it easier.

The UK ID card scheme had unstinting political support from July 2002 onwards from two prime ministers (Blair and Brown), five home secretaries (Blunkett, Clarke, Reid, Smith, Johnson) and the whole of Whitehall. The scheme had unstinting assistance from the best management consultants and contractors. Asked at one stage whether the budget had been exceeded, the Home Office said no, it couldn't be, there wasn't a budget. The media were largely in favour and, to start with, so were the public.

And yet it failed. By December 2010 when the Identity Cards Act 2006 was repealed, IPS had to admit that there was nothing to show for £292 million of public expenditure. Nothing. Absolutely nothing.

Universal Credit – a tricky confinement

Universal Credit – a tricky confinement

Full marks to midata

You have zero privacy anyway.
Get over it.
Scott McNealy, CEO Sun Microsystems
January 1999

25 years he's been a privacy campaigner. Simon Davies knows what he's talking about.

In August 2012 he issued a questionnaire to find out what practitioners around the world were talking about.

And in January this year he published his findings, Predictions for Privacy, based on 181 responses.
It looks as though 13 issues will be on the agenda in 2013. They are all explained concisely on pp.11-14 of Mr Davies's report :

1. Mobile apps
2. Mobile geo-location
3. Data aggregation
4. Online advertising
5. Data protection reform
6. Big Data
7. Face recognition systems
8. Government surveillance systems
9. Health data for private sector us
10. Compulsory website ownership registration and verification
11. Ambient intelligence and the “Internet of Things”
12. Identity architectures
13. Export of surveillance technologies to non-democratic regimes

His report rejects the McNealy doctrine, the defeatist belief that it's all over for privacy in the modern world.

So?

So look again at the Department for Business Innovation and Skills (BIS) midata initiative. It's a false prospectus. It masquerades as a protector of privacy while ticking nearly every one of Mr Davies's 13 boxes. It's almost full marks to midata.

Re item #3 above, for example, midata asks us all to use Personal Data Stores. "Do your own data aggregation", BIS are effectively saying, "and save us the trouble".

Re item #6 above, the UK's "big data" project is headed by Professor Nigel Shadbolt. It's his job to promote the analysis of government data to improve public administration. He's also the chairman of the midata programme, where he seems to want to expose personal data in the same way. It's as though he doesn't see the distinction between public and private.

Mr Davies's respondents predict that Google and Facebook will catch most of the flak in 2013. They are the obvious latter-day pied pipers of Hamelin. midata threatens to become a similarly malign force.

Full marks to midata

You have zero privacy anyway.
Get over it.
Scott McNealy, CEO Sun Microsystems
January 1999

25 years he's been a privacy campaigner. Simon Davies knows what he's talking about.

In August 2012 he issued a questionnaire to find out what practitioners around the world were talking about.

And in January this year he published his findings, Predictions for Privacy, based on 181 responses.
It looks as though 13 issues will be on the agenda in 2013. They are all explained concisely on pp.11-14 of Mr Davies's report :

1. Mobile apps
2. Mobile geo-location
3. Data aggregation
4. Online advertising
5. Data protection reform
6. Big Data
7. Face recognition systems
8. Government surveillance systems
9. Health data for private sector us
10. Compulsory website ownership registration and verification
11. Ambient intelligence and the “Internet of Things”
12. Identity architectures
13. Export of surveillance technologies to non-democratic regimes

His report rejects the McNealy doctrine, the defeatist belief that it's all over for privacy in the modern world.

So?